summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-misc/stone
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-misc/stone')
-rw-r--r--net-misc/stone/Manifest1
-rw-r--r--net-misc/stone/files/stone-2.3e-makefile.patch20
-rw-r--r--net-misc/stone/files/stone.man464
-rw-r--r--net-misc/stone/metadata.xml8
-rw-r--r--net-misc/stone/stone-2.3e-r1.ebuild47
5 files changed, 540 insertions, 0 deletions
diff --git a/net-misc/stone/Manifest b/net-misc/stone/Manifest
new file mode 100644
index 000000000000..c68c8389fa10
--- /dev/null
+++ b/net-misc/stone/Manifest
@@ -0,0 +1 @@
+DIST stone-2.3e.tar.gz 92587 SHA256 b2b664ee6771847672e078e7870e56b886be70d9ff3d7b20d0b3d26ee950c670 SHA512 a0cccc123222c4fb4c1b2f031fc4d039f39e77691adc9f1df367d99bef8524738265350d1056c926c5f216236d2db25f31d14e9bec297b1bb4ea17e217c4983b WHIRLPOOL f73f5dd7d91f0d0e68065b0dd20adf50865c5081f1628154d9bf4b5c8c11fe9aa2355e7cc4dc6409f241325f509af4e5f1dd7eaf690eecca794c191dfa72028a
diff --git a/net-misc/stone/files/stone-2.3e-makefile.patch b/net-misc/stone/files/stone-2.3e-makefile.patch
new file mode 100644
index 000000000000..5df2b6868a24
--- /dev/null
+++ b/net-misc/stone/files/stone-2.3e-makefile.patch
@@ -0,0 +1,20 @@
+--- Makefile.orig 2013-02-20 17:45:36.000000000 +0400
++++ Makefile 2013-02-20 17:47:19.323650328 +0400
+@@ -19,8 +19,6 @@
+ # -DWINDOWS Windows95/98/NT
+ # -DNT_SERVICE WindowsNT/2000 native service
+
+-CFLAGS= # -g
+-
+ SSL= /usr/local/ssl
+ SSL_FLAGS= -DUSE_SSL
+ SSL_LIBS= -lssl -lcrypto
+@@ -60,7 +58,7 @@
+ @echo "*** md5c.c is contained in RFC1321"
+
+ stone: stone.c
+- $(CC) $(CFLAGS) $(FLAGS) -o $@ $? $(LIBS)
++ $(CC) $(CFLAGS) $(FLAGS) ${LDFLAGS} -o $@ $? $(LIBS)
+
+ pop_stone: $(POP_LIBS)
+ $(MAKE) FLAGS="$(POP_FLAGS)" LIBS="$(POP_LIBS)" $(TARGET)
diff --git a/net-misc/stone/files/stone.man b/net-misc/stone/files/stone.man
new file mode 100644
index 000000000000..fa10c6eef18f
--- /dev/null
+++ b/net-misc/stone/files/stone.man
@@ -0,0 +1,464 @@
+.\" Roff format skeleton provided by Taketo Kabe <kabe@sra-tohoku.co.jp>
+.TH stone 1 "version 2.3"
+.
+.SH NAME
+stone \- Simple Repeater
+.
+.SH SYNOPSIS
+.B "stone [-C \fIfile\fP] [-P \fIcommand\fP] [-Q \fIoptions\fP] [-N] [-d] [-p] [-n]"
+.br
+.B " [-u \fImax\fP] [-f \fIn\fP] [-l] [-L \fIfile\fP] [-a \fIfile\fP] [-i \fIfile\fP]"
+.br
+.B " [-X \fIn\fP] [-T \fIn\fP] [-r]"
+.br
+.B " [-x \fIport\fP[,\fIport\fP][-\fIport\fP]... \fIxhost\fP... --]"
+.br
+.B " [-s \fIsend\fP \fIexpect\fP... --]"
+.br
+.B " [-b [\fIvar\fP=\fIval\fP]... \fIn\fP \fImaster\fP:\fIport\fP \fIbackup\fP:\fIport\fP]"
+.br
+.B " [-B \fIhost\fP:\fIport\fP \fIhost1\fP:\fIport1\fP... --]"
+.br
+.B " [-I \fIhost\fP]"
+.br
+.B " [-o \fIn\fP] [-g \fIn\fP] [-t \fIdir\fP] [-D] [-c \fIdir\fP]"
+.br
+.B " [-q \fISSL\fP] [-z \fISSL\fP]"
+.br
+.B " [-M install \fIname\fP] [-M remove \fIname\fP]"
+.br
+.B " \fIst\fP [-- \fIst\fP]..."
+.
+.SH DESCRIPTION
+\fBStone\fP is a TCP & UDP repeater in the application layer. It repeats TCP
+and UDP from inside to outside of a firewall, or from outside to inside.
+.P
+\fBStone\fP has following features:
+.
+.TP
+.B 1. Stone supports Win32.
+Formerly, UNIX machines are used as firewalls, but recently
+WindowsNT machines are used, too. You can easily run \fBstone\fP on
+WindowsNT and Windows95. Of course, available on Linux,
+FreeBSD, BSD/OS, SunOS, Solaris, HP-UX and so on.
+.
+.TP
+.B 2. Simple.
+\fBStone\fP's source code is only 8000 lines long (written in C
+language), so you can minimize the risk of security
+holes.
+.
+.TP
+.B 3. Stone supports SSL.
+Using OpenSSL (\fIhttp://www.openssl.org/\fP), \fBstone\fP can
+encrypt/decrypt. Client verifications, and server verifications
+are also supported. \fBStone\fP can send a substring of the subject
+of the certificate to the destination.
+.
+.TP
+.B 4. Stone is a http proxy.
+\fBStone\fP can also be a tiny http proxy.
+.
+.TP
+.B 5. POP -> APOP conversion.
+With \fBstone\fP and a mailer that does not support APOP, you can
+access to an APOP server.
+.
+.TP
+.B 6. Stone supports IPv6.
+\fBStone\fP can convert IP and IPv6 each other. With \fBstone\fP, you can
+use IP-only software on IPv6 network.
+.
+.SH OPTIONS
+If the \fB-C\fP \fIfile\fP flag is used, the program read these
+options and \fIst\fPs from the configuration file \fIfile\fP.
+If the \fB-P\fP \fIcommand\fP flag is used, the program executes
+specified pre-processor to read the configuration file. \fB-Q\fP \fIoptions\fP
+can be used to pass options to the pre-processor. If the \fB-N\fP
+flag is used, \fBstone\fP will terminate after parsing options
+and configuration file without opening the ports.
+.P
+If the \fB-d\fP flag is used, then increase the debug level. If
+the \fB-p\fP flag is used, data repeated by \fBstone\fP are dumped. If
+the \fB-n\fP is used, IP addresses and service port numbers are
+shown instead of host names and service names.
+.P
+If the \fB-u\fP \fImax\fP flag (\fImax\fP is integer) is used, the
+program memorize \fImax\fP UDP sources simultaneously. The default value
+is 100. If the
+\fB-f\fP \fIn\fP flag (\fIn\fP is integer) is used, the program spawn
+\fIn\fP child processes. The default behavior is not to spawn any child processes.
+.P
+If the \fB-l\fP flag is used, the program sends error messages to
+the syslog instead of stderr. If the \fB-L\fP \fIfile\fP (\fIfile\fP
+is a file name) flag is used, the program writes error messages
+to the file. If the \fB-a\fP \fIfile\fP flag is used, the program
+writes accounting to the file. If the \fB-i\fP \fIfile\fP flag is
+used, the program writes its process ID to the file.
+.P
+The \fB-X\fP \fIn\fP flag alters the buffer size of the repeater.
+The default value is 1000 bytes. If
+the \fB-T\fP \fIn\fP is used, the timeout of TCP sessions can be
+specified to \fIn\fP sec. Default: 600 (10 min). The \fB-r\fP flag is
+used, SO_REUSEADDR is set on the socket of \fIst\fP .
+.P
+Using the \fB-x\fP \fIport\fP[,\fIport\fP][-\fIport\fP]... \fIxhost\fP... \fB--\FP flag,
+the http proxy (described later) can only connect to
+\fIxhost\fP:\fIport\fP. If more than one \fB-x\fP ... \fB--\fI flags are
+designated, the posterior one whose \fIport\fP list matches the
+connecting port. If the \fB-x\fP \fB--\fP is used, prior \fB-x\fP flags
+are ignored.
+.P
+The \fB-b\fP \fIn\fP \fImaster\fP:\fIport\fP \fIbackup\fP:\fIport\fP flag designates
+the backup destination for \fImaster\fP:\fIport\fP. The program checks
+every \fIn\fP seconds whether \fImaster\fP:\fIport\fP is connectable, using
+the health check script defined by \fB-s\fP flag described below.
+If not, the backup is used instead. Alternative \fIhost\fP can be
+checked, using host=\fIhost\fP and alternative \fIport\fP, using
+port=\fIport\fP.
+.P
+The \fB-s\fP \fIsend\fP \fIexpect\fP... \fB--\fP flag defines the health check
+script. Sending \fIsend\fP, then checks whether the response match
+the regular expression \fIexpect\fP.
+.P
+The \fB-B\fP \fIhost\fP:\fIport\fP \fIhost1\fP:\fIport1\fP... \fB--\fP is for the
+destination group. If the destination of \fIst\fP is \fIhost\fP:\fIport\fP,
+the program chooses a destination randomly from the group. The
+destination \fIhost\fP:\fIport\fP that is designated by \fB-b\fP flag and
+turned out unhealthy, is excluded from the group.
+.P
+The \fB-I\fP \fIhost\fP designates the interface used as the source
+address of the connection to the desctination.
+.P
+If the \fB-o\fP \fIn\fP or \fB-g\fP \fIn\fP flag is used, the program set
+its uid or gid to \fIn\fP respectively. If the \fB-t\fP \fIdir\fP
+flag (\fIdir\fP is a directory) is used, the program change its
+root to the directory. If the \fB-D\fP flas is used, \fBstone\fP runs
+as a daemon. The \fB-c\fP \fIdir\fP flag designates the
+directory for core dump.
+.P
+The \fB-M\fP install \fIname\fP and the \fB-M\fP remove \fIname\fP flags are
+for NT service. \fIname\fP is the service name. Start the
+service using the command: net start \fIname\fP. To install \fBstone\fP
+service as the name \fIrepeater\fP, for example:
+.P
+.RS
+C:\\>\fBstone -M install \fIrepeater\fB -C \fIC:\\stone.cfg\fR
+.br
+C:\\>\fBnet start \fIrepeater\fR
+.RE
+.P
+The \fB-q\fP \FISSL\FP and the \fB-z\fP \FISSL\FP flags are for SSL
+encryption. The \fB-q\fP \FISSL\FP is for the client mode, that is,
+when \fBstone\fP connects to the other SSL server as a SSL client.
+The \fB-z\fP \FISSL\FP if for the server mode, that is, when other SSL
+clients connect to the \fBstone\fP.
+.P
+\FISSL\FP is one of the following.
+.P
+.PD 0
+.IP default 15
+reset SSL options to the default.
+Using multiple \fIst\fP, different SSL options can
+be designated for each \fIst\fP.
+.IP verbose
+verbose mode.
+.IP verify
+require SSL certificate to the peer.
+.IP verify,once
+request a client certificate on the initial TLS/SSL
+handshake. (\fB-z\fP only)
+.IP verify,ifany
+The certificate returned (if any) is checked. (\fB-z\fP only)
+.IP verify,none
+never request SSL certificate to the peer.
+.IP crl_check
+lookup CRLs.
+.IP crl_check_all
+lookup CRLs for whole chain.
+.IP uniq
+if the serial number of peer's SSL certificate
+is different from the previous session, deny it.
+.IP re\fIn\fP=\fIregex\fP
+The certificate of the peer must satisfy the
+\fIregex\fP. \fIn\fP is the depth. re0 means the subject
+of the certificate, and re1 means the issure.
+The maximum of \fIn\fP is 9.
+.IP depth=\fIn\fP
+The maximum of the certificate chain.
+If the peer's certificate exceeds \fIn\fP, the
+verification fails. The maximum of \fIn\fP is 9.
+.IP tls1
+Just use TLSv1 protocol.
+.IP ssl3
+Just use SSLv3 protocol.
+.IP ssl2
+Just use SSLv2 protocol.
+.IP no_tls1
+Turn off TLSv1 protocol.
+.IP no_ssl3
+Turn off SSLv3 protocol.
+.IP no_ssl2
+Turn off SSLv2 protocol.
+.IP bugs
+Switch on all SSL implementation bug workarounds.
+.IP serverpref
+Use server's cipher preferences (only SSLv2).
+.IP sid_ctx=\fIstr\fP
+Set session ID context.
+.IP passfile=\fIfile\fP
+The filename of the file containing password of the key
+.IP key=\fIfile\fP
+The filename of the secret key of the certificate.
+.IP cert=\fIfile\fP
+The filename of the certificate.
+.IP CAfile=\fIfile\fP
+The filename of the certificate of the CA.
+.IP CApath=\fIdir\fP
+The directory of the certificate files.
+.IP pfx=\fIfile\fP
+The filename of the PKCS#12 bag.
+.IP cipher=\fIlist\fP
+The list of ciphers.
+.IP lb\fIn\fP=\fIm\fP
+change the destination according to the
+certificate of the peer. The number calculated
+from the matched string to the \fIn\fPth ( ... ) in
+the ``regex'' of SSL options (mod \fIm\fP) is used
+to select the destination from the destination
+group defined by \fB-B\fP flag.
+.PD
+.P
+\fIst\fP is one of the following. Multiple \fIst\fP can be
+designated, separated by \fB--\fP.
+.P
+.PD 0
+.IP (1)
+\fIhost\fP:\fIport\fP \fIsport\fP [\fIxhost\fP...]
+.IP (2)
+\fIhost\fP:\fIport\fP \fIshost\fP:\fIsport\fP [\fIxhost\fP...]
+.IP (3)
+proxy \fIsport\fP [\fIxhost\fP...]
+.IP (4)
+\fIhost\fP:\fIport\fP/http \fIrequest\fP [\fIxhost\fP...]
+.IP (5)
+\fIhost\fP:\fIport\fP/proxy \fIheader\fP [\fIxhost\fP...]
+.IP (6)
+health \fIsport\fP [\fIxhost\fP...]
+.PD
+.P
+The program repeats the connection on port \fIsport\fP to the
+other machine \fIhost\fP port \fIport\fP. If the machine, on
+which the program runs, has two or more interfaces, type (2) can
+be used to repeat the connection on the specified interface
+\fIshost\fP. You can also specify path name that begins with
+``/'' or ``./'', instead of \fIhost\fP:\fIport\fP so that the
+program handles a unix domain socket.
+.P
+Type (3) is a http proxy. Specify the machine, on which the
+program runs, and port \fIsport\fP in the http proxy settings of
+your WWW browser.
+Extentions can be added to the ``proxy'' like \fIxhost\fP/\fIext\fP.
+\fIext\fP is:
+.P
+.IP v4only
+limit the destination within IP addresses.
+.IP v6only
+limit the destination within IPv6 addresses.
+.P
+Type (4) relays stream over http request. \fIrequest\fP is the
+request specified in HTTP 1.0. In the \fIrequest\fP, \ is
+the escape character, and the following substitution occurs.
+.PP
+.RS 8
+.PD 0
+.IP \\\\n 8
+newline (0x0A)
+.IP \\\\r
+return (0x0D)
+.IP \\\\t
+tab (0x09)
+.IP \\\\\\\\
+\ itself (0x5C)
+.IP \\\\a
+the IP address of the client connecting to the \fBstone\fP.
+.IP \\\\A
+\fIIP address of the client\fP:\fIport number\fP
+.IP \\\\0
+the serial number of peer's SSL certificate.
+.IP "\\\\1 - \\\\9"
+the matched string in the ``regex'' of SSL options.
+.IP \\\\?1\fIthen\fP\\\\:\fIelse\fP\\\\/
+if \1 (\2 - \9 in a similar way) is not null,
+\fIthen\fP, otherwise \fIelse\fP.
+.PD
+.RE
+.P
+Type (5) repeats http request with \fIheader\fP in the top of
+request headers. The above escapes can be also used.
+.P
+Type (6) designates the port that other programs can check
+whether the \fBstone\fP runs `healthy' or not. Following commands are
+available to check the \fBstone\fP.
+.P
+.RS 8
+.PD 0
+.IP "HELO \fIany string\fP" 24
+returns the status of the \fBstone\fP
+.IP "LIMIT \fIvar\fP \fIn\fP"
+check the value of \fIvar\fP is
+less than \fIn\fP
+.PD
+.RE
+.P
+\fIvar\fP is one of the following:
+.P
+.RS 8
+.PD 0
+.IP PAIR 16
+the number of ``pair''
+.IP CONN
+the number of ``conn''
+.IP ESTABLISHED
+seconds passed since the last conn established
+.IP READWRITE
+seconds passed since the last read/write
+.IP ASYNC
+the number of threads
+.PD
+.RE
+.P
+The response of the \fBstone\fP is 2xx when normal, or 5xx when
+abnormal on the top of line.
+.P
+If the \fIxhost\fP are used, only machines or its IP addresses
+listed in \fIxhost\fP separated by space character can
+connect to the program and to be repeated.
+.P
+Extentions can be added to the \fIxhost\fP like
+\fIxhost\fP/\fIex\fP,\fIex\fP.... \fIex\fP is:
+.IP \fIm\fP
+You can designate the length of prefix bits of the
+netmask, so that only machines on specified. In the
+case of class C network 192.168.1.0, for example, use
+``192.168.1.0/24''.
+.IP v4
+\fIxhost\fP is resolved as the IP address.
+.IP v6
+\fIxhost\fP is resolved as the IPv6 address.
+.IP p\fIm\fP
+the data repeated by the program are dumped, only if it
+was connected by the machines specified by \fIxhost\fP. \fIm\fP
+is the dump mode, equivalent to the number of \fB-p\fP
+options.
+.P
+Use ``!'' instead of ``\fIxhost\fP'', to deny machines by following
+\fIxhost\fP.
+.P
+Extentions can be added to the \fIport\fP like
+\fIport\fP/\fIext\fP,\fIext\fP.... \fIext\fP is:
+.IP udp
+repeats UDP instead of TCP.
+.IP ssl
+forwards with encryption.
+.IP v6
+connects to the destination using IPv6.
+.IP base
+forwards with MIME base64 encoding.
+.P
+Extentions can be added to the \fIsport\fP like
+\fIsport\fP/\fIext\fP,\fIext\fP.... \fIext\fP is:
+.IP udp
+repeats UDP instead of TCP.
+.IP apop
+converts POP to APOP. The conversion is derived from
+the RSA Data Security, Inc. MD5 Message-Digest Algorithm.
+.IP ssl
+forwards with decryption.
+.IP v6
+accepts connection using IPv6. If \fIshost\fP is omitted
+like (1), IP is also acceptable.
+.IP v6only
+accepts connection using IPv6 only. Even if \fIshost\fP is
+omitted like (1), IP is not acceptable.
+.IP base
+forwards with MIME base64 decoding.
+.IP http
+relays stream over http.
+.IP ident
+identifies the owner of the incoming connection
+on the peer using ident protocol (RFC1413).
+.SH EXAMPLES
+.PD 0
+.IP \fIouter\fP\^:
+a machine in the outside of the firewall
+.IP \fIinner\fP\^:
+a machine in the inside of the firewall
+.IP \fIfwall\fP\^:
+the firewall on which the \fBstone\fP is executed
+.PD
+.TP
+\fBstone \fIouter\fB:telnet 10023\fR
+Repeats the telnet protocol to \fIouter\fP.
+Run telnet fwall 10023 on \fIinner\fR.
+.TP
+\fBstone \fIouter\fB:domain/udp domain/udp\fR
+Repeats the DNS query to \fIouter\fP.
+Run \fBnslookup -\fP \fIfwall\fP on \fIinner\fP.
+.TP
+\fBstone \fIouter\fB:ntp/udp ntp/udp\fR
+Repeats the NTP to \fIouter\fP.
+Run \fBntpdate \fIfwall\fR on \fIinner\fP.
+.TP
+\fBstone localhost:http 443/ssl\fR
+Make WWW server that supports https.
+Access \fBhttps://\fIfwall\fB/\fR using a WWW browser.
+.TP
+\fBstone localhost:telnet 10023/ssl\fR
+Make telnet server that supports SSL.
+Run \fBSSLtelnet -z ssl \fIfwall\fB 10023\fR on \fIinner\fP.
+.TP
+\fBstone proxy 8080\fR
+http proxy
+.TP
+\fBstone\fP \fIouter\fB:110/apop 110\fR
+connect to \fIinner\fP:pop using a mailer that does not
+support APOP.
+.PP
+Where \fIfwall\fP is a http proxy (port 8080):
+.TP
+\fBstone \fIfwall\fB:8080/http 10023 'POST http://\fIouter\fB:8023 HTTP/1.0'\fR
+.br
+.ns
+.TP
+\fBstone localhost:telnet 8023/http
+.nf
+Run \fBstone\fPs on \fIinner\fP and \fIouter\fP respectively.
+Relays stream over http.
+.TP
+\fBstone \fIfwall\fB:8080/proxy 9080 \'Proxy-Authorization: Basic \fIc2VuZ29rdTpoaXJvYWtp\fB\'\fR
+for browser that does not support proxy authorization.
+.fi
+.
+.SH HOMEPAGE
+The official homepage of \fBstone\fP is:
+.br
+\fIhttp://www.gcd.org/sengoku/stone/\fP
+.
+.SH COPYRIGHT
+All rights about this program \fBstone\fP are reserved by the
+original author, Hiroaki Sengoku. The program is free software;
+you can redistribute it and/or modify it under the terms of the
+\fIGNU IGeneral Public License (GPL)\fP. Furthermore you can link it
+with openssl.
+.
+.SH NO WARRANTY
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY.
+.
+.SH AUTHOR
+.nf
+Hiroaki Sengoku
+sengoku@gcd.org
+http://www.gcd.org/sengoku/
+.fi
diff --git a/net-misc/stone/metadata.xml b/net-misc/stone/metadata.xml
new file mode 100644
index 000000000000..a335687d5a3e
--- /dev/null
+++ b/net-misc/stone/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+<email>maintainer-needed@gentoo.org</email>
+</maintainer>
+<longdescription>Stone is a TCP/IP packet repeater in the application layer. It repeats TCP and UDP packets from inside to outside of a firewall, or from outside to inside.</longdescription>
+</pkgmetadata>
diff --git a/net-misc/stone/stone-2.3e-r1.ebuild b/net-misc/stone/stone-2.3e-r1.ebuild
new file mode 100644
index 000000000000..27d02fce8bcc
--- /dev/null
+++ b/net-misc/stone/stone-2.3e-r1.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="A simple TCP/IP packet repeater"
+HOMEPAGE="http://www.gcd.org/sengoku/stone/"
+SRC_URI="http://www.gcd.org/sengoku/stone/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ppc ~sparc x86"
+IUSE="ssl"
+
+DEPEND="ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}/${PN}-2.3d-2.3.2.7"
+
+PATCHES=( "${FILESDIR}/${P}-makefile.patch" ) # bug #337879
+
+src_prepare() {
+ tc-export CC
+ append-cflags "-D_GNU_SOURCE"
+
+ epatch ${PATCHES[@]}
+ epatch_user
+}
+
+src_compile() {
+ local myargs
+ if use ssl ; then
+ myargs="SSL=/usr linux-ssl"
+ else
+ myargs="linux"
+ fi
+ emake ${myargs}
+}
+
+src_install() {
+ dobin stone
+ newman "${FILESDIR}/${PN}.man" "${PN}.1"
+ dodoc README*
+}