aboutsummaryrefslogtreecommitdiffstats
path: root/net-mgmt
diff options
context:
space:
mode:
authoredwin <edwin@FreeBSD.org>2007-09-23 14:39:06 +0800
committeredwin <edwin@FreeBSD.org>2007-09-23 14:39:06 +0800
commit5525f355262c0bd350778268b6ced2ff6ec97f89 (patch)
tree0449e95f981d5cee0df21564a993932885ea6bec /net-mgmt
parent6fe097783cc9835daad3e7019f72349e4ec32aee (diff)
downloadfreebsd-ports-gnome-5525f355262c0bd350778268b6ced2ff6ec97f89.tar.gz
freebsd-ports-gnome-5525f355262c0bd350778268b6ced2ff6ec97f89.tar.zst
freebsd-ports-gnome-5525f355262c0bd350778268b6ced2ff6ec97f89.zip
[NEW PORT] net-mgmt/send: Secure Neighbor Discovery implementation for IPv6
DoCoMo's Open Source SEND project provides an implementation of RFC3971 Secure Neighbor Discovery (SEND). SEND cryptographically secures the IPv6 neighbor discovery protocol, countering the threats discussed in RFC3756 (IPv6 Neighbor Discovery (ND) Trust Models and Threats). DoCoMo's SEND is implemented completely in user space, so it is portable and lends itself to experimentation. It currently runs on Linux (tested on 2.6 kernels) and FreeBSD (tested on 5.4). Also included in the distribution are implementations of RFC3972 Cryptographically Generated Addresses (CGAs) and RFC3779 X.509 Extensions for IP Addresses and AS Identifiers. WWW: http://www.docomolabs-usa.com/lab_osrc_guide.html Doesn't work on FreeBSD > 6.x though. Hopefully the submitter will submit patches for it now it is commited. PR: ports/116540 Submitted by: Janos Mohacsi <janos.mohacsi@bsd.hu>
Diffstat (limited to 'net-mgmt')
-rw-r--r--net-mgmt/Makefile1
-rw-r--r--net-mgmt/send/Makefile59
-rw-r--r--net-mgmt/send/distinfo3
-rw-r--r--net-mgmt/send/files/patch-Makefile.config25
-rw-r--r--net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf16
-rw-r--r--net-mgmt/send/files/patch-examples_params.conf35
-rw-r--r--net-mgmt/send/files/patch-examples_sendd.conf23
-rw-r--r--net-mgmt/send/files/patch-include_pkixip__ext__asn.h45
-rw-r--r--net-mgmt/send/files/patch-sendd_os-freebsd_Makefile22
-rw-r--r--net-mgmt/send/files/patch-sendd_os-freebsd_sendd16
-rw-r--r--net-mgmt/send/files/patch-sendd_sendd__local.h14
-rw-r--r--net-mgmt/send/files/pkg-message.in9
-rw-r--r--net-mgmt/send/pkg-descr15
-rw-r--r--net-mgmt/send/pkg-plist8
14 files changed, 291 insertions, 0 deletions
diff --git a/net-mgmt/Makefile b/net-mgmt/Makefile
index 8be815d7cd11..24e8c4bd6a8f 100644
--- a/net-mgmt/Makefile
+++ b/net-mgmt/Makefile
@@ -211,6 +211,7 @@
SUBDIR += scli
SUBDIR += scotty3
SUBDIR += sdig
+ SUBDIR += send
SUBDIR += sendip
SUBDIR += sing
SUBDIR += sipcalc
diff --git a/net-mgmt/send/Makefile b/net-mgmt/send/Makefile
new file mode 100644
index 000000000000..23ee218fc886
--- /dev/null
+++ b/net-mgmt/send/Makefile
@@ -0,0 +1,59 @@
+# New ports collection makefile for: send
+# Date created: 19.09.2007
+# Whom: Janos Mohacsi <mohacsi@niif.hu>
+#
+# $FreeBSD$
+
+PORTNAME= send
+PORTVERSION= 0.2
+CATEGORIES= net-mgmt ipv6
+MASTER_SITES= #http://www.docomolabs-usa.com/lab_osrc_guide.html
+DISTNAME= ${PORTNAME}_${PORTVERSION}
+
+MAINTAINER= janos.mohacsi@bsd.hu
+COMMENT= Secure Neighbor Discovery implementation for IPv6
+
+LIB_DEPENDS= dnet.1:${PORTSDIR}/net/libdnet
+
+RESTRICTED= not redistributable, license agreement required
+
+USE_ZIP= yes
+USE_GMAKE= yes
+SUB_FILES= pkg-message
+
+PORTDOCS= UserGuide.pdf
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} > 600000
+BROKEN= doesn't compile in FreeBSD > 6.0
+.endif
+
+.if !exists(${DISTDIR}/${DISTNAME}${EXTRACT_SUFX})
+IGNORE= needs you to sign the agreement on "http://www.docomolabs-usa.com/lab_osrc_downl.html", download it manually, place in ${DISTDIR} and then restart this build
+.endif
+
+post-patch:
+ @${REINPLACE_CMD} -e "s|%%PREFIX%%|${PREFIX}|" -e "s|%%LOCALBASE%%|${LOCALBASE}|" \
+ ${WRKSRC}/Makefile.config \
+ ${WRKSRC}/sendd/sendd_local.h \
+ ${WRKSRC}/sendd/os-freebsd/Makefile \
+ ${WRKSRC}/sendd/os-freebsd/sendd \
+ ${WRKSRC}/examples/sendd.conf \
+ ${WRKSRC}/examples/params.conf \
+ ${WRKSRC}/examples/ipext/ipext_verify.conf
+
+post-install:
+ ${MKDIR} ${PREFIX}/etc/sendd/
+ ${INSTALL_DATA} ${WRKSRC}/examples/sendd.conf ${PREFIX}/etc/sendd/sendd.conf-dist
+ ${INSTALL_DATA} ${WRKSRC}/examples/params.conf ${PREFIX}/etc/sendd/params.conf-dist
+ ${INSTALL_DATA} ${WRKSRC}/examples/ipext/ipext_verify.conf ${PREFIX}/etc/sendd/ipext.conf-dist
+ @${CAT} ${PKGMESSAGE}
+.ifndef(NOPORTDOCS)
+ ${MKDIR} ${DOCSDIR}
+. for doc in ${PORTDOCS}
+ ${INSTALL_DATA} ${WRKSRC}/docs/${doc} ${DOCSDIR}
+. endfor
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/net-mgmt/send/distinfo b/net-mgmt/send/distinfo
new file mode 100644
index 000000000000..b489a933e39a
--- /dev/null
+++ b/net-mgmt/send/distinfo
@@ -0,0 +1,3 @@
+MD5 (send_0.2.zip) = 292c8b861b7799aeb1b0166f97c12f08
+SHA256 (send_0.2.zip) = 3fc9be6d55a2cc7d0f40249351c29ef6c605ea6d77d8f3654785a744ea64c0b7
+SIZE (send_0.2.zip) = 387834
diff --git a/net-mgmt/send/files/patch-Makefile.config b/net-mgmt/send/files/patch-Makefile.config
new file mode 100644
index 000000000000..98912bf31b40
--- /dev/null
+++ b/net-mgmt/send/files/patch-Makefile.config
@@ -0,0 +1,25 @@
+
+$FreeBSD$
+
+--- Makefile.config.orig
++++ Makefile.config
+@@ -4,8 +4,8 @@
+ #
+
+ # Uncomment the line for your OS
+-OS=linux
+-#OS=freebsd
++#OS=linux
++OS=freebsd
+
+ # Linux only: Where is your linux kernel source?
+ # Ignored for non-Linux
+@@ -19,7 +19,7 @@
+ #CC=gcc-4.0
+
+ # Where to install
+-prefix=/usr
++prefix=%%PREFIX%%
+
+ # Set to "y" to build MT versions of sendd and cgatool
+ USE_THREADS=n
diff --git a/net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf b/net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf
new file mode 100644
index 000000000000..d2fe9ebf5b0f
--- /dev/null
+++ b/net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf
@@ -0,0 +1,16 @@
+
+$FreeBSD$
+
+--- examples/ipext/ipext_verify.conf.orig
++++ examples/ipext/ipext_verify.conf
+@@ -5,7 +5,7 @@
+ }
+ }
+ files {
+- trustedcert /usr/src/send_0.1/examples/ipext/ca/cert_ipext.pem;
+- trustedcert /usr/src/send_0.1/examples/ipext/lvl1/cert_ipext.pem;
+- certfile /usr/src/send_0.1/examples/ipext/ar1/cert_ipext.pem;
++ trustedcert %%PREFIX%%/etc/sendd/ca/cert_ipext.pem;
++ trustedcert %%PREFIX%%/etc/sendd/lvl1/cert_ipext.pem;
++ certfile %%PREFIX%%/etc/sendd/ar1/cert_ipext.pem;
+ }
diff --git a/net-mgmt/send/files/patch-examples_params.conf b/net-mgmt/send/files/patch-examples_params.conf
new file mode 100644
index 000000000000..0636f3378479
--- /dev/null
+++ b/net-mgmt/send/files/patch-examples_params.conf
@@ -0,0 +1,35 @@
+
+$FreeBSD$
+
+--- examples/params.conf.orig
++++ examples/params.conf
+@@ -2,8 +2,8 @@
+ # Some (somewhat nonsensical) examples
+
+ named default {
+- snd_cga_params /etc/sendd/cga.params;
+- snd_cga_priv /etc/sendd/key.pem;
++ snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
++ snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
+ snd_cga_sec 1;
+ }
+
+@@ -20,14 +20,14 @@
+ }
+
+ named foo {
+- snd_cga_params /etc/sendd/cga.params;
+- snd_cga_priv /etc/sendd/key.pem;
++ snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
++ snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
+ snd_cga_sec 1;
+ }
+
+ address fe80::2421:cd21:6930:22fb {
+- snd_cga_params /etc/sendd/cga.params;
+- snd_cga_priv /etc/sendd/key.pem;
++ snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
++ snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
+ snd_cga_sec 1;
+ interface eth0;
+ }
diff --git a/net-mgmt/send/files/patch-examples_sendd.conf b/net-mgmt/send/files/patch-examples_sendd.conf
new file mode 100644
index 000000000000..93e4519c9627
--- /dev/null
+++ b/net-mgmt/send/files/patch-examples_sendd.conf
@@ -0,0 +1,23 @@
+
+$FreeBSD$
+
+--- examples/sendd.conf.orig
++++ examples/sendd.conf
+@@ -6,7 +6,7 @@
+ # The path of the file containing this host's CGA parameters
+ # configuration file
+ # <no default>
+-snd_cga_params=/etc/sendd/params.conf
++snd_cga_params=%%PREFIX%%/etc/sendd/params.conf
+
+ #
+ # Optional
+@@ -16,7 +16,7 @@
+ # or a router) you must set this to the file containing certificate
+ # information.
+ # <no default>
+-# snd_pkixip_conf=/etc/sendd/ipext.conf
++# snd_pkixip_conf=%%PREFIX%%/etc/sendd/ipext.conf
+
+ # Accept secured RAs without PKIX IP extensions
+ # <default = no>
diff --git a/net-mgmt/send/files/patch-include_pkixip__ext__asn.h b/net-mgmt/send/files/patch-include_pkixip__ext__asn.h
new file mode 100644
index 000000000000..f5d17825e98d
--- /dev/null
+++ b/net-mgmt/send/files/patch-include_pkixip__ext__asn.h
@@ -0,0 +1,45 @@
+
+$FreeBSD$
+
+--- include/pkixip_ext_asn.h.orig
++++ include/pkixip_ext_asn.h
+@@ -45,6 +45,7 @@
+ #define IANA_SAFI_BOTH 3
+ #define IANA_SAFI_MPLS 4
+
++/*
+ typedef struct IPAddressRange_st {
+ ASN1_BIT_STRING *min;
+ ASN1_BIT_STRING *max;
+@@ -52,9 +53,6 @@
+
+ typedef struct IPAddressOrRange_st {
+
+-#define IP_AOR_PREFIX 0
+-#define IP_AOR_RANGE 1
+-
+ int type;
+ union {
+ ASN1_BIT_STRING *addressPrefix;
+@@ -64,8 +62,6 @@
+
+ typedef struct IPAddressChoice_st {
+
+-#define IPA_CHOICE_INHERIT 0
+-#define IPA_CHOICE_AOR 1
+
+ int type;
+ union {
+@@ -78,6 +74,12 @@
+ ASN1_OCTET_STRING *addressFamily;
+ IPAddressChoice *ipAddressChoice;
+ } IPAddressFamily;
++*/
++
++#define IP_AOR_PREFIX 0
++#define IP_AOR_RANGE 1
++#define IPA_CHOICE_INHERIT 0
++#define IPA_CHOICE_AOR 1
+
+ typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
+
diff --git a/net-mgmt/send/files/patch-sendd_os-freebsd_Makefile b/net-mgmt/send/files/patch-sendd_os-freebsd_Makefile
new file mode 100644
index 000000000000..ef5130cb8253
--- /dev/null
+++ b/net-mgmt/send/files/patch-sendd_os-freebsd_Makefile
@@ -0,0 +1,22 @@
+
+$FreeBSD$
+
+--- sendd/os-freebsd/Makefile.orig
++++ sendd/os-freebsd/Makefile
+@@ -1,12 +1,13 @@
+
+ OBJS += os/addr.o os/snd_freebsd.o os/netgraph.o os-linux/rand.o
++CPPFLAGS += -I%%LOCALBASE%%/include
+
+-OSLIBS= -lnetgraph -l$(DNET)
++OSLIBS= -lnetgraph -L%%LOCALBASE%%/lib -l$(DNET)
+
+ OSEXTRA= os/sendd
+-EXTRAINSTALL= /etc/rc.d/sendd
++EXTRAINSTALL= %%PREFIX%%/etc/rc.d/sendd
+ EXTRAUNINSTALL=$(EXTRAINSTALL)
+
+-/etc/rc.d/%: os/%
++%%PREFIX%%/etc/rc.d/%: os/%
+ install $< $@
+
diff --git a/net-mgmt/send/files/patch-sendd_os-freebsd_sendd b/net-mgmt/send/files/patch-sendd_os-freebsd_sendd
new file mode 100644
index 000000000000..0d3700bff16d
--- /dev/null
+++ b/net-mgmt/send/files/patch-sendd_os-freebsd_sendd
@@ -0,0 +1,16 @@
+
+$FreeBSD$
+
+--- sendd/os-freebsd/sendd.orig
++++ sendd/os-freebsd/sendd
+@@ -37,8 +37,8 @@
+
+ name="sendd"
+ rcvar=`set_rcvar`
+-command="/usr/sbin/${name}"
+-required_files="/etc/${name}.conf"
++command="%%PREFIX%%/sbin/${name}"
++required_files="%%PREFIX%%/etc/${name}.conf"
+
+ load_rc_config $name
+ run_rc_command "$1"
diff --git a/net-mgmt/send/files/patch-sendd_sendd__local.h b/net-mgmt/send/files/patch-sendd_sendd__local.h
new file mode 100644
index 000000000000..4ad425c6d32b
--- /dev/null
+++ b/net-mgmt/send/files/patch-sendd_sendd__local.h
@@ -0,0 +1,14 @@
+
+$FreeBSD$
+
+--- sendd/sendd_local.h.orig
++++ sendd/sendd_local.h
+@@ -41,7 +41,7 @@
+ #include <openssl/sha.h>
+
+ #define SENDD_NAME "sendd"
+-#define SNDD_CONF_FILE "/etc/sendd.conf"
++#define SNDD_CONF_FILE "%%PREFIX%%/etc/sendd/sendd.conf"
+
+ #define SND_HASH_SZ 7
+
diff --git a/net-mgmt/send/files/pkg-message.in b/net-mgmt/send/files/pkg-message.in
new file mode 100644
index 000000000000..d00d51897c79
--- /dev/null
+++ b/net-mgmt/send/files/pkg-message.in
@@ -0,0 +1,9 @@
+-------------------------------------------------------------------------------
+To run sendd from startup, add sendd_enable="YES"
+in your /etc/rc.conf.
+Configiration options can be found in %%PREFIX%%/etc/sendd
+-------------------------------------------------------------------------------
+In order to proper working of Secure Neighbor Discovery Daemon
+enable following kernel options:
+NETGRAPH, NETGRAPH_BPF, NETGRAPH_ETHER, NETGRAPH_SOCKET
+-------------------------------------------------------------------------------
diff --git a/net-mgmt/send/pkg-descr b/net-mgmt/send/pkg-descr
new file mode 100644
index 000000000000..9fe8e3af3e57
--- /dev/null
+++ b/net-mgmt/send/pkg-descr
@@ -0,0 +1,15 @@
+DoCoMo's Open Source SEND project provides an implementation of
+RFC3971 Secure Neighbor Discovery (SEND). SEND cryptographically
+secures the IPv6 neighbor discovery protocol, countering the threats
+discussed in RFC3756 (IPv6 Neighbor Discovery (ND) Trust Models and
+Threats).
+
+DoCoMo's SEND is implemented completely in user space, so it is
+portable and lends itself to experimentation. It currently runs on
+Linux (tested on 2.6 kernels) and FreeBSD (tested on 5.4).
+
+Also included in the distribution are implementations of RFC3972
+Cryptographically Generated Addresses (CGAs) and RFC3779 X.509
+Extensions for IP Addresses and AS Identifiers.
+
+WWW: http://www.docomolabs-usa.com/lab_osrc_guide.html
diff --git a/net-mgmt/send/pkg-plist b/net-mgmt/send/pkg-plist
new file mode 100644
index 000000000000..79eb1557a809
--- /dev/null
+++ b/net-mgmt/send/pkg-plist
@@ -0,0 +1,8 @@
+sbin/cgatool
+sbin/ipexttool
+sbin/sendd
+etc/rc.d/sendd
+etc/sendd/sendd.conf-dist
+etc/sendd/params.conf-dist
+etc/sendd/ipext.conf-dist
+@dirrmtry etc/sendd