diff options
author | edwin <edwin@FreeBSD.org> | 2007-09-23 14:39:06 +0800 |
---|---|---|
committer | edwin <edwin@FreeBSD.org> | 2007-09-23 14:39:06 +0800 |
commit | 5525f355262c0bd350778268b6ced2ff6ec97f89 (patch) | |
tree | 0449e95f981d5cee0df21564a993932885ea6bec /net-mgmt | |
parent | 6fe097783cc9835daad3e7019f72349e4ec32aee (diff) | |
download | freebsd-ports-gnome-5525f355262c0bd350778268b6ced2ff6ec97f89.tar.gz freebsd-ports-gnome-5525f355262c0bd350778268b6ced2ff6ec97f89.tar.zst freebsd-ports-gnome-5525f355262c0bd350778268b6ced2ff6ec97f89.zip |
[NEW PORT] net-mgmt/send: Secure Neighbor Discovery implementation for IPv6
DoCoMo's Open Source SEND project provides an implementation of
RFC3971 Secure Neighbor Discovery (SEND). SEND cryptographically
secures the IPv6 neighbor discovery protocol, countering the threats
discussed in RFC3756 (IPv6 Neighbor Discovery (ND) Trust Models and
Threats).
DoCoMo's SEND is implemented completely in user space, so it is
portable and lends itself to experimentation. It currently runs on
Linux (tested on 2.6 kernels) and FreeBSD (tested on 5.4).
Also included in the distribution are implementations of RFC3972
Cryptographically Generated Addresses (CGAs) and RFC3779 X.509
Extensions for IP Addresses and AS Identifiers.
WWW: http://www.docomolabs-usa.com/lab_osrc_guide.html
Doesn't work on FreeBSD > 6.x though. Hopefully the submitter will
submit patches for it now it is commited.
PR: ports/116540
Submitted by: Janos Mohacsi <janos.mohacsi@bsd.hu>
Diffstat (limited to 'net-mgmt')
-rw-r--r-- | net-mgmt/Makefile | 1 | ||||
-rw-r--r-- | net-mgmt/send/Makefile | 59 | ||||
-rw-r--r-- | net-mgmt/send/distinfo | 3 | ||||
-rw-r--r-- | net-mgmt/send/files/patch-Makefile.config | 25 | ||||
-rw-r--r-- | net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf | 16 | ||||
-rw-r--r-- | net-mgmt/send/files/patch-examples_params.conf | 35 | ||||
-rw-r--r-- | net-mgmt/send/files/patch-examples_sendd.conf | 23 | ||||
-rw-r--r-- | net-mgmt/send/files/patch-include_pkixip__ext__asn.h | 45 | ||||
-rw-r--r-- | net-mgmt/send/files/patch-sendd_os-freebsd_Makefile | 22 | ||||
-rw-r--r-- | net-mgmt/send/files/patch-sendd_os-freebsd_sendd | 16 | ||||
-rw-r--r-- | net-mgmt/send/files/patch-sendd_sendd__local.h | 14 | ||||
-rw-r--r-- | net-mgmt/send/files/pkg-message.in | 9 | ||||
-rw-r--r-- | net-mgmt/send/pkg-descr | 15 | ||||
-rw-r--r-- | net-mgmt/send/pkg-plist | 8 |
14 files changed, 291 insertions, 0 deletions
diff --git a/net-mgmt/Makefile b/net-mgmt/Makefile index 8be815d7cd11..24e8c4bd6a8f 100644 --- a/net-mgmt/Makefile +++ b/net-mgmt/Makefile @@ -211,6 +211,7 @@ SUBDIR += scli SUBDIR += scotty3 SUBDIR += sdig + SUBDIR += send SUBDIR += sendip SUBDIR += sing SUBDIR += sipcalc diff --git a/net-mgmt/send/Makefile b/net-mgmt/send/Makefile new file mode 100644 index 000000000000..23ee218fc886 --- /dev/null +++ b/net-mgmt/send/Makefile @@ -0,0 +1,59 @@ +# New ports collection makefile for: send +# Date created: 19.09.2007 +# Whom: Janos Mohacsi <mohacsi@niif.hu> +# +# $FreeBSD$ + +PORTNAME= send +PORTVERSION= 0.2 +CATEGORIES= net-mgmt ipv6 +MASTER_SITES= #http://www.docomolabs-usa.com/lab_osrc_guide.html +DISTNAME= ${PORTNAME}_${PORTVERSION} + +MAINTAINER= janos.mohacsi@bsd.hu +COMMENT= Secure Neighbor Discovery implementation for IPv6 + +LIB_DEPENDS= dnet.1:${PORTSDIR}/net/libdnet + +RESTRICTED= not redistributable, license agreement required + +USE_ZIP= yes +USE_GMAKE= yes +SUB_FILES= pkg-message + +PORTDOCS= UserGuide.pdf + +.include <bsd.port.pre.mk> + +.if ${OSVERSION} > 600000 +BROKEN= doesn't compile in FreeBSD > 6.0 +.endif + +.if !exists(${DISTDIR}/${DISTNAME}${EXTRACT_SUFX}) +IGNORE= needs you to sign the agreement on "http://www.docomolabs-usa.com/lab_osrc_downl.html", download it manually, place in ${DISTDIR} and then restart this build +.endif + +post-patch: + @${REINPLACE_CMD} -e "s|%%PREFIX%%|${PREFIX}|" -e "s|%%LOCALBASE%%|${LOCALBASE}|" \ + ${WRKSRC}/Makefile.config \ + ${WRKSRC}/sendd/sendd_local.h \ + ${WRKSRC}/sendd/os-freebsd/Makefile \ + ${WRKSRC}/sendd/os-freebsd/sendd \ + ${WRKSRC}/examples/sendd.conf \ + ${WRKSRC}/examples/params.conf \ + ${WRKSRC}/examples/ipext/ipext_verify.conf + +post-install: + ${MKDIR} ${PREFIX}/etc/sendd/ + ${INSTALL_DATA} ${WRKSRC}/examples/sendd.conf ${PREFIX}/etc/sendd/sendd.conf-dist + ${INSTALL_DATA} ${WRKSRC}/examples/params.conf ${PREFIX}/etc/sendd/params.conf-dist + ${INSTALL_DATA} ${WRKSRC}/examples/ipext/ipext_verify.conf ${PREFIX}/etc/sendd/ipext.conf-dist + @${CAT} ${PKGMESSAGE} +.ifndef(NOPORTDOCS) + ${MKDIR} ${DOCSDIR} +. for doc in ${PORTDOCS} + ${INSTALL_DATA} ${WRKSRC}/docs/${doc} ${DOCSDIR} +. endfor +.endif + +.include <bsd.port.post.mk> diff --git a/net-mgmt/send/distinfo b/net-mgmt/send/distinfo new file mode 100644 index 000000000000..b489a933e39a --- /dev/null +++ b/net-mgmt/send/distinfo @@ -0,0 +1,3 @@ +MD5 (send_0.2.zip) = 292c8b861b7799aeb1b0166f97c12f08 +SHA256 (send_0.2.zip) = 3fc9be6d55a2cc7d0f40249351c29ef6c605ea6d77d8f3654785a744ea64c0b7 +SIZE (send_0.2.zip) = 387834 diff --git a/net-mgmt/send/files/patch-Makefile.config b/net-mgmt/send/files/patch-Makefile.config new file mode 100644 index 000000000000..98912bf31b40 --- /dev/null +++ b/net-mgmt/send/files/patch-Makefile.config @@ -0,0 +1,25 @@ + +$FreeBSD$ + +--- Makefile.config.orig ++++ Makefile.config +@@ -4,8 +4,8 @@ + # + + # Uncomment the line for your OS +-OS=linux +-#OS=freebsd ++#OS=linux ++OS=freebsd + + # Linux only: Where is your linux kernel source? + # Ignored for non-Linux +@@ -19,7 +19,7 @@ + #CC=gcc-4.0 + + # Where to install +-prefix=/usr ++prefix=%%PREFIX%% + + # Set to "y" to build MT versions of sendd and cgatool + USE_THREADS=n diff --git a/net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf b/net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf new file mode 100644 index 000000000000..d2fe9ebf5b0f --- /dev/null +++ b/net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf @@ -0,0 +1,16 @@ + +$FreeBSD$ + +--- examples/ipext/ipext_verify.conf.orig ++++ examples/ipext/ipext_verify.conf +@@ -5,7 +5,7 @@ + } + } + files { +- trustedcert /usr/src/send_0.1/examples/ipext/ca/cert_ipext.pem; +- trustedcert /usr/src/send_0.1/examples/ipext/lvl1/cert_ipext.pem; +- certfile /usr/src/send_0.1/examples/ipext/ar1/cert_ipext.pem; ++ trustedcert %%PREFIX%%/etc/sendd/ca/cert_ipext.pem; ++ trustedcert %%PREFIX%%/etc/sendd/lvl1/cert_ipext.pem; ++ certfile %%PREFIX%%/etc/sendd/ar1/cert_ipext.pem; + } diff --git a/net-mgmt/send/files/patch-examples_params.conf b/net-mgmt/send/files/patch-examples_params.conf new file mode 100644 index 000000000000..0636f3378479 --- /dev/null +++ b/net-mgmt/send/files/patch-examples_params.conf @@ -0,0 +1,35 @@ + +$FreeBSD$ + +--- examples/params.conf.orig ++++ examples/params.conf +@@ -2,8 +2,8 @@ + # Some (somewhat nonsensical) examples + + named default { +- snd_cga_params /etc/sendd/cga.params; +- snd_cga_priv /etc/sendd/key.pem; ++ snd_cga_params %%PREFIX%%/etc/sendd/cga.params; ++ snd_cga_priv %%PREFIX%%/etc/sendd/key.pem; + snd_cga_sec 1; + } + +@@ -20,14 +20,14 @@ + } + + named foo { +- snd_cga_params /etc/sendd/cga.params; +- snd_cga_priv /etc/sendd/key.pem; ++ snd_cga_params %%PREFIX%%/etc/sendd/cga.params; ++ snd_cga_priv %%PREFIX%%/etc/sendd/key.pem; + snd_cga_sec 1; + } + + address fe80::2421:cd21:6930:22fb { +- snd_cga_params /etc/sendd/cga.params; +- snd_cga_priv /etc/sendd/key.pem; ++ snd_cga_params %%PREFIX%%/etc/sendd/cga.params; ++ snd_cga_priv %%PREFIX%%/etc/sendd/key.pem; + snd_cga_sec 1; + interface eth0; + } diff --git a/net-mgmt/send/files/patch-examples_sendd.conf b/net-mgmt/send/files/patch-examples_sendd.conf new file mode 100644 index 000000000000..93e4519c9627 --- /dev/null +++ b/net-mgmt/send/files/patch-examples_sendd.conf @@ -0,0 +1,23 @@ + +$FreeBSD$ + +--- examples/sendd.conf.orig ++++ examples/sendd.conf +@@ -6,7 +6,7 @@ + # The path of the file containing this host's CGA parameters + # configuration file + # <no default> +-snd_cga_params=/etc/sendd/params.conf ++snd_cga_params=%%PREFIX%%/etc/sendd/params.conf + + # + # Optional +@@ -16,7 +16,7 @@ + # or a router) you must set this to the file containing certificate + # information. + # <no default> +-# snd_pkixip_conf=/etc/sendd/ipext.conf ++# snd_pkixip_conf=%%PREFIX%%/etc/sendd/ipext.conf + + # Accept secured RAs without PKIX IP extensions + # <default = no> diff --git a/net-mgmt/send/files/patch-include_pkixip__ext__asn.h b/net-mgmt/send/files/patch-include_pkixip__ext__asn.h new file mode 100644 index 000000000000..f5d17825e98d --- /dev/null +++ b/net-mgmt/send/files/patch-include_pkixip__ext__asn.h @@ -0,0 +1,45 @@ + +$FreeBSD$ + +--- include/pkixip_ext_asn.h.orig ++++ include/pkixip_ext_asn.h +@@ -45,6 +45,7 @@ + #define IANA_SAFI_BOTH 3 + #define IANA_SAFI_MPLS 4 + ++/* + typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min; + ASN1_BIT_STRING *max; +@@ -52,9 +53,6 @@ + + typedef struct IPAddressOrRange_st { + +-#define IP_AOR_PREFIX 0 +-#define IP_AOR_RANGE 1 +- + int type; + union { + ASN1_BIT_STRING *addressPrefix; +@@ -64,8 +62,6 @@ + + typedef struct IPAddressChoice_st { + +-#define IPA_CHOICE_INHERIT 0 +-#define IPA_CHOICE_AOR 1 + + int type; + union { +@@ -78,6 +74,12 @@ + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; + } IPAddressFamily; ++*/ ++ ++#define IP_AOR_PREFIX 0 ++#define IP_AOR_RANGE 1 ++#define IPA_CHOICE_INHERIT 0 ++#define IPA_CHOICE_AOR 1 + + typedef STACK_OF(IPAddressFamily) IPAddrBlocks; + diff --git a/net-mgmt/send/files/patch-sendd_os-freebsd_Makefile b/net-mgmt/send/files/patch-sendd_os-freebsd_Makefile new file mode 100644 index 000000000000..ef5130cb8253 --- /dev/null +++ b/net-mgmt/send/files/patch-sendd_os-freebsd_Makefile @@ -0,0 +1,22 @@ + +$FreeBSD$ + +--- sendd/os-freebsd/Makefile.orig ++++ sendd/os-freebsd/Makefile +@@ -1,12 +1,13 @@ + + OBJS += os/addr.o os/snd_freebsd.o os/netgraph.o os-linux/rand.o ++CPPFLAGS += -I%%LOCALBASE%%/include + +-OSLIBS= -lnetgraph -l$(DNET) ++OSLIBS= -lnetgraph -L%%LOCALBASE%%/lib -l$(DNET) + + OSEXTRA= os/sendd +-EXTRAINSTALL= /etc/rc.d/sendd ++EXTRAINSTALL= %%PREFIX%%/etc/rc.d/sendd + EXTRAUNINSTALL=$(EXTRAINSTALL) + +-/etc/rc.d/%: os/% ++%%PREFIX%%/etc/rc.d/%: os/% + install $< $@ + diff --git a/net-mgmt/send/files/patch-sendd_os-freebsd_sendd b/net-mgmt/send/files/patch-sendd_os-freebsd_sendd new file mode 100644 index 000000000000..0d3700bff16d --- /dev/null +++ b/net-mgmt/send/files/patch-sendd_os-freebsd_sendd @@ -0,0 +1,16 @@ + +$FreeBSD$ + +--- sendd/os-freebsd/sendd.orig ++++ sendd/os-freebsd/sendd +@@ -37,8 +37,8 @@ + + name="sendd" + rcvar=`set_rcvar` +-command="/usr/sbin/${name}" +-required_files="/etc/${name}.conf" ++command="%%PREFIX%%/sbin/${name}" ++required_files="%%PREFIX%%/etc/${name}.conf" + + load_rc_config $name + run_rc_command "$1" diff --git a/net-mgmt/send/files/patch-sendd_sendd__local.h b/net-mgmt/send/files/patch-sendd_sendd__local.h new file mode 100644 index 000000000000..4ad425c6d32b --- /dev/null +++ b/net-mgmt/send/files/patch-sendd_sendd__local.h @@ -0,0 +1,14 @@ + +$FreeBSD$ + +--- sendd/sendd_local.h.orig ++++ sendd/sendd_local.h +@@ -41,7 +41,7 @@ + #include <openssl/sha.h> + + #define SENDD_NAME "sendd" +-#define SNDD_CONF_FILE "/etc/sendd.conf" ++#define SNDD_CONF_FILE "%%PREFIX%%/etc/sendd/sendd.conf" + + #define SND_HASH_SZ 7 + diff --git a/net-mgmt/send/files/pkg-message.in b/net-mgmt/send/files/pkg-message.in new file mode 100644 index 000000000000..d00d51897c79 --- /dev/null +++ b/net-mgmt/send/files/pkg-message.in @@ -0,0 +1,9 @@ +------------------------------------------------------------------------------- +To run sendd from startup, add sendd_enable="YES" +in your /etc/rc.conf. +Configiration options can be found in %%PREFIX%%/etc/sendd +------------------------------------------------------------------------------- +In order to proper working of Secure Neighbor Discovery Daemon +enable following kernel options: +NETGRAPH, NETGRAPH_BPF, NETGRAPH_ETHER, NETGRAPH_SOCKET +------------------------------------------------------------------------------- diff --git a/net-mgmt/send/pkg-descr b/net-mgmt/send/pkg-descr new file mode 100644 index 000000000000..9fe8e3af3e57 --- /dev/null +++ b/net-mgmt/send/pkg-descr @@ -0,0 +1,15 @@ +DoCoMo's Open Source SEND project provides an implementation of +RFC3971 Secure Neighbor Discovery (SEND). SEND cryptographically +secures the IPv6 neighbor discovery protocol, countering the threats +discussed in RFC3756 (IPv6 Neighbor Discovery (ND) Trust Models and +Threats). + +DoCoMo's SEND is implemented completely in user space, so it is +portable and lends itself to experimentation. It currently runs on +Linux (tested on 2.6 kernels) and FreeBSD (tested on 5.4). + +Also included in the distribution are implementations of RFC3972 +Cryptographically Generated Addresses (CGAs) and RFC3779 X.509 +Extensions for IP Addresses and AS Identifiers. + +WWW: http://www.docomolabs-usa.com/lab_osrc_guide.html diff --git a/net-mgmt/send/pkg-plist b/net-mgmt/send/pkg-plist new file mode 100644 index 000000000000..79eb1557a809 --- /dev/null +++ b/net-mgmt/send/pkg-plist @@ -0,0 +1,8 @@ +sbin/cgatool +sbin/ipexttool +sbin/sendd +etc/rc.d/sendd +etc/sendd/sendd.conf-dist +etc/sendd/params.conf-dist +etc/sendd/ipext.conf-dist +@dirrmtry etc/sendd |