[NEW PORT] net-mgmt/send: Secure Neighbor Discovery implementation for IPv6

	DoCoMo's Open Source SEND project provides an implementation of
	RFC3971 Secure Neighbor Discovery (SEND). SEND cryptographically
	secures the IPv6 neighbor discovery protocol, countering the threats
	discussed in RFC3756 (IPv6 Neighbor Discovery (ND) Trust Models and
	Threats).

	DoCoMo's SEND is implemented completely in user space, so it is
	portable and lends itself to experimentation. It currently runs on
	Linux (tested on 2.6 kernels) and FreeBSD (tested on 5.4).

	Also included in the distribution are implementations of RFC3972
	Cryptographically Generated Addresses (CGAs) and RFC3779 X.509
	Extensions for IP Addresses and AS Identifiers.

	WWW: http://www.docomolabs-usa.com/lab_osrc_guide.html

Doesn't work on FreeBSD > 6.x though. Hopefully the submitter will
submit patches for it now it is commited.

PR:		ports/116540
Submitted by:	Janos Mohacsi <janos.mohacsi@bsd.hu>

13 files changed, 290 insertions, 0 deletions

diff --git a/net-mgmt/send/Makefile b/net-mgmt/send/Makefile
new file mode 100644
index 000000000000..23ee218fc886
--- /dev/null
+++ b/net-mgmt/send/Makefile
@@ -0,0 +1,59 @@
+# New ports collection makefile for:    send
+# Date created:         19.09.2007
+# Whom: Janos Mohacsi <mohacsi@niif.hu>
+#
+# $FreeBSD$
+
+PORTNAME=	send
+PORTVERSION=	0.2
+CATEGORIES=	net-mgmt ipv6
+MASTER_SITES=	#http://www.docomolabs-usa.com/lab_osrc_guide.html
+DISTNAME=	${PORTNAME}_${PORTVERSION}
+
+MAINTAINER=	janos.mohacsi@bsd.hu
+COMMENT=	Secure Neighbor Discovery implementation for IPv6
+
+LIB_DEPENDS=	dnet.1:${PORTSDIR}/net/libdnet
+
+RESTRICTED=	not redistributable, license agreement required
+
+USE_ZIP=	yes
+USE_GMAKE=	yes
+SUB_FILES=	pkg-message
+
+PORTDOCS=	UserGuide.pdf
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} > 600000
+BROKEN=		doesn't compile in FreeBSD > 6.0
+.endif
+
+.if !exists(${DISTDIR}/${DISTNAME}${EXTRACT_SUFX})
+IGNORE=		needs you to sign the agreement on "http://www.docomolabs-usa.com/lab_osrc_downl.html", download it manually, place in ${DISTDIR} and then restart this build
+.endif
+
+post-patch:
+	@${REINPLACE_CMD} -e "s|%%PREFIX%%|${PREFIX}|" -e "s|%%LOCALBASE%%|${LOCALBASE}|" \
+		${WRKSRC}/Makefile.config \
+		${WRKSRC}/sendd/sendd_local.h \
+		${WRKSRC}/sendd/os-freebsd/Makefile \
+		${WRKSRC}/sendd/os-freebsd/sendd \
+		${WRKSRC}/examples/sendd.conf \
+		${WRKSRC}/examples/params.conf \
+		${WRKSRC}/examples/ipext/ipext_verify.conf
+
+post-install:
+	${MKDIR} ${PREFIX}/etc/sendd/
+	${INSTALL_DATA} ${WRKSRC}/examples/sendd.conf ${PREFIX}/etc/sendd/sendd.conf-dist
+	${INSTALL_DATA} ${WRKSRC}/examples/params.conf ${PREFIX}/etc/sendd/params.conf-dist
+	${INSTALL_DATA} ${WRKSRC}/examples/ipext/ipext_verify.conf ${PREFIX}/etc/sendd/ipext.conf-dist
+	@${CAT} ${PKGMESSAGE}
+.ifndef(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+. for doc in ${PORTDOCS}
+	${INSTALL_DATA} ${WRKSRC}/docs/${doc} ${DOCSDIR}
+. endfor
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/net-mgmt/send/distinfo b/net-mgmt/send/distinfo
new file mode 100644
index 000000000000..b489a933e39a
--- /dev/null
+++ b/net-mgmt/send/distinfo
@@ -0,0 +1,3 @@
+MD5 (send_0.2.zip) = 292c8b861b7799aeb1b0166f97c12f08
+SHA256 (send_0.2.zip) = 3fc9be6d55a2cc7d0f40249351c29ef6c605ea6d77d8f3654785a744ea64c0b7
+SIZE (send_0.2.zip) = 387834
diff --git a/net-mgmt/send/files/patch-Makefile.config b/net-mgmt/send/files/patch-Makefile.config
new file mode 100644
index 000000000000..98912bf31b40
--- /dev/null
+++ b/net-mgmt/send/files/patch-Makefile.config
@@ -0,0 +1,25 @@
+
+$FreeBSD$
+
+--- Makefile.config.orig
++++ Makefile.config
+@@ -4,8 +4,8 @@
+ #
+ 
+ # Uncomment the line for your OS
+-OS=linux
+-#OS=freebsd
++#OS=linux
++OS=freebsd
+ 
+ # Linux only: Where is your linux kernel source?
+ # Ignored for non-Linux
+@@ -19,7 +19,7 @@
+ #CC=gcc-4.0
+ 
+ # Where to install
+-prefix=/usr
++prefix=%%PREFIX%%
+ 
+ # Set to "y" to build MT versions of sendd and cgatool
+ USE_THREADS=n
diff --git a/net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf b/net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf
new file mode 100644
index 000000000000..d2fe9ebf5b0f
--- /dev/null
+++ b/net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf
@@ -0,0 +1,16 @@
+
+$FreeBSD$
+
+--- examples/ipext/ipext_verify.conf.orig
++++ examples/ipext/ipext_verify.conf
+@@ -5,7 +5,7 @@
+   }
+ }
+ files {
+-  trustedcert /usr/src/send_0.1/examples/ipext/ca/cert_ipext.pem;
+-  trustedcert /usr/src/send_0.1/examples/ipext/lvl1/cert_ipext.pem;
+-  certfile /usr/src/send_0.1/examples/ipext/ar1/cert_ipext.pem;
++  trustedcert %%PREFIX%%/etc/sendd/ca/cert_ipext.pem;
++  trustedcert %%PREFIX%%/etc/sendd/lvl1/cert_ipext.pem;
++  certfile %%PREFIX%%/etc/sendd/ar1/cert_ipext.pem;
+ }
diff --git a/net-mgmt/send/files/patch-examples_params.conf b/net-mgmt/send/files/patch-examples_params.conf
new file mode 100644
index 000000000000..0636f3378479
--- /dev/null
+++ b/net-mgmt/send/files/patch-examples_params.conf
@@ -0,0 +1,35 @@
+
+$FreeBSD$
+
+--- examples/params.conf.orig
++++ examples/params.conf
+@@ -2,8 +2,8 @@
+ # Some (somewhat nonsensical) examples
+ 
+ named default {
+-	snd_cga_params /etc/sendd/cga.params;
+-	snd_cga_priv /etc/sendd/key.pem;
++	snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
++	snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
+ 	snd_cga_sec 1;
+ }
+ 
+@@ -20,14 +20,14 @@
+ }
+ 
+ named foo {
+-	snd_cga_params /etc/sendd/cga.params;
+-	snd_cga_priv /etc/sendd/key.pem;
++	snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
++	snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
+ 	snd_cga_sec 1;
+ }
+ 
+ address fe80::2421:cd21:6930:22fb {
+-	snd_cga_params /etc/sendd/cga.params;
+-	snd_cga_priv /etc/sendd/key.pem;
++	snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
++	snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
+ 	snd_cga_sec 1;
+ 	interface eth0;
+ }
diff --git a/net-mgmt/send/files/patch-examples_sendd.conf b/net-mgmt/send/files/patch-examples_sendd.conf
new file mode 100644
index 000000000000..93e4519c9627
--- /dev/null
+++ b/net-mgmt/send/files/patch-examples_sendd.conf
@@ -0,0 +1,23 @@
+
+$FreeBSD$
+
+--- examples/sendd.conf.orig
++++ examples/sendd.conf
+@@ -6,7 +6,7 @@
+ # The path of the file containing this host's CGA parameters
+ # configuration file
+ # <no default>
+-snd_cga_params=/etc/sendd/params.conf
++snd_cga_params=%%PREFIX%%/etc/sendd/params.conf
+ 
+ #
+ # Optional
+@@ -16,7 +16,7 @@
+ # or a router) you must set this to the file containing certificate
+ # information.
+ # <no default>
+-# snd_pkixip_conf=/etc/sendd/ipext.conf
++# snd_pkixip_conf=%%PREFIX%%/etc/sendd/ipext.conf
+ 
+ # Accept secured RAs without PKIX IP extensions
+ # <default = no>
diff --git a/net-mgmt/send/files/patch-include_pkixip__ext__asn.h b/net-mgmt/send/files/patch-include_pkixip__ext__asn.h
new file mode 100644
index 000000000000..f5d17825e98d
--- /dev/null
+++ b/net-mgmt/send/files/patch-include_pkixip__ext__asn.h
@@ -0,0 +1,45 @@
+
+$FreeBSD$
+
+--- include/pkixip_ext_asn.h.orig
++++ include/pkixip_ext_asn.h
+@@ -45,6 +45,7 @@
+ #define	IANA_SAFI_BOTH		3
+ #define	IANA_SAFI_MPLS		4
+ 
++/*
+ typedef struct IPAddressRange_st {
+ 	ASN1_BIT_STRING		*min;
+ 	ASN1_BIT_STRING		*max;
+@@ -52,9 +53,6 @@
+ 
+ typedef struct IPAddressOrRange_st {
+ 
+-#define	IP_AOR_PREFIX		0
+-#define	IP_AOR_RANGE		1
+-
+ 	int 			type;
+ 	union {
+ 		ASN1_BIT_STRING	*addressPrefix;
+@@ -64,8 +62,6 @@
+ 
+ typedef struct IPAddressChoice_st {
+ 
+-#define	IPA_CHOICE_INHERIT	0
+-#define	IPA_CHOICE_AOR		1
+ 
+ 	int 			type;
+ 	union {
+@@ -78,6 +74,12 @@
+ 	ASN1_OCTET_STRING	*addressFamily;
+ 	IPAddressChoice		*ipAddressChoice;
+ } IPAddressFamily;
++*/
++
++#define	IP_AOR_PREFIX		0
++#define	IP_AOR_RANGE		1
++#define	IPA_CHOICE_INHERIT	0
++#define	IPA_CHOICE_AOR		1
+ 
+ typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
+ 
diff --git a/net-mgmt/send/files/patch-sendd_os-freebsd_Makefile b/net-mgmt/send/files/patch-sendd_os-freebsd_Makefile
new file mode 100644
index 000000000000..ef5130cb8253
--- /dev/null
+++ b/net-mgmt/send/files/patch-sendd_os-freebsd_Makefile
@@ -0,0 +1,22 @@
+
+$FreeBSD$
+
+--- sendd/os-freebsd/Makefile.orig
++++ sendd/os-freebsd/Makefile
+@@ -1,12 +1,13 @@
+ 
+ OBJS += os/addr.o os/snd_freebsd.o os/netgraph.o os-linux/rand.o
++CPPFLAGS +=	-I%%LOCALBASE%%/include
+ 
+-OSLIBS= -lnetgraph -l$(DNET)
++OSLIBS= -lnetgraph -L%%LOCALBASE%%/lib -l$(DNET)
+ 
+ OSEXTRA= os/sendd
+-EXTRAINSTALL= /etc/rc.d/sendd
++EXTRAINSTALL= %%PREFIX%%/etc/rc.d/sendd
+ EXTRAUNINSTALL=$(EXTRAINSTALL)
+ 
+-/etc/rc.d/%: os/%
++%%PREFIX%%/etc/rc.d/%: os/%
+ 	install $< $@
+ 
diff --git a/net-mgmt/send/files/patch-sendd_os-freebsd_sendd b/net-mgmt/send/files/patch-sendd_os-freebsd_sendd
new file mode 100644
index 000000000000..0d3700bff16d
--- /dev/null
+++ b/net-mgmt/send/files/patch-sendd_os-freebsd_sendd
@@ -0,0 +1,16 @@
+
+$FreeBSD$
+
+--- sendd/os-freebsd/sendd.orig
++++ sendd/os-freebsd/sendd
+@@ -37,8 +37,8 @@
+ 
+ name="sendd"
+ rcvar=`set_rcvar`
+-command="/usr/sbin/${name}"
+-required_files="/etc/${name}.conf"
++command="%%PREFIX%%/sbin/${name}"
++required_files="%%PREFIX%%/etc/${name}.conf"
+ 
+ load_rc_config $name
+ run_rc_command "$1"
diff --git a/net-mgmt/send/files/patch-sendd_sendd__local.h b/net-mgmt/send/files/patch-sendd_sendd__local.h
new file mode 100644
index 000000000000..4ad425c6d32b
--- /dev/null
+++ b/net-mgmt/send/files/patch-sendd_sendd__local.h
@@ -0,0 +1,14 @@
+
+$FreeBSD$
+
+--- sendd/sendd_local.h.orig
++++ sendd/sendd_local.h
+@@ -41,7 +41,7 @@
+ #include <openssl/sha.h>
+ 
+ #define	SENDD_NAME	"sendd"
+-#define	SNDD_CONF_FILE	"/etc/sendd.conf"
++#define	SNDD_CONF_FILE	"%%PREFIX%%/etc/sendd/sendd.conf"
+ 
+ #define	SND_HASH_SZ	7
+ 
diff --git a/net-mgmt/send/files/pkg-message.in b/net-mgmt/send/files/pkg-message.in
new file mode 100644
index 000000000000..d00d51897c79
--- /dev/null
+++ b/net-mgmt/send/files/pkg-message.in
@@ -0,0 +1,9 @@
+-------------------------------------------------------------------------------
+To run sendd from startup, add sendd_enable="YES"
+in your /etc/rc.conf.
+Configiration options can be found in %%PREFIX%%/etc/sendd
+-------------------------------------------------------------------------------
+In order to proper working of Secure Neighbor Discovery Daemon
+enable following kernel options:
+NETGRAPH, NETGRAPH_BPF, NETGRAPH_ETHER, NETGRAPH_SOCKET
+-------------------------------------------------------------------------------
diff --git a/net-mgmt/send/pkg-descr b/net-mgmt/send/pkg-descr
new file mode 100644
index 000000000000..9fe8e3af3e57
--- /dev/null
+++ b/net-mgmt/send/pkg-descr
@@ -0,0 +1,15 @@
+DoCoMo's Open Source SEND project provides an implementation of
+RFC3971 Secure Neighbor Discovery (SEND). SEND cryptographically
+secures the IPv6 neighbor discovery protocol, countering the threats
+discussed in RFC3756 (IPv6 Neighbor Discovery (ND) Trust Models and
+Threats).
+
+DoCoMo's SEND is implemented completely in user space, so it is
+portable and lends itself to experimentation. It currently runs on
+Linux (tested on 2.6 kernels) and FreeBSD (tested on 5.4).
+
+Also included in the distribution are implementations of RFC3972
+Cryptographically Generated Addresses (CGAs) and RFC3779 X.509
+Extensions for IP Addresses and AS Identifiers.
+
+WWW: http://www.docomolabs-usa.com/lab_osrc_guide.html
diff --git a/net-mgmt/send/pkg-plist b/net-mgmt/send/pkg-plist
new file mode 100644
index 000000000000..79eb1557a809
--- /dev/null
+++ b/net-mgmt/send/pkg-plist
@@ -0,0 +1,8 @@
+sbin/cgatool
+sbin/ipexttool
+sbin/sendd
+etc/rc.d/sendd
+etc/sendd/sendd.conf-dist
+etc/sendd/params.conf-dist
+etc/sendd/ipext.conf-dist
+@dirrmtry etc/sendd