net/containernetworking-plugins: new port

CNI plugins for container networking support

PR:		267184
Reviewed by:	arrowd
Reviewed by:	dch
Sponsored by:	SkunkWerks, GmbH
Differential Revision:	https://reviews.freebsd.org/D37324

7 files changed, 59 insertions, 0 deletions

diff --git a/net/Makefile b/net/Makefile
index b5af4861faa8..d4b8d07ce39a 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -87,6 +87,7 @@
     SUBDIR += clusterit
     SUBDIR += cnd
     SUBDIR += concourse-fly
+    SUBDIR += containernetworking-plugins
     SUBDIR += corkscrew
     SUBDIR += corosync2
     SUBDIR += corosync3
diff --git a/net/containernetworking-plugins/Makefile b/net/containernetworking-plugins/Makefile
new file mode 100644
index 000000000000..f0e11c9ead4f
--- /dev/null
+++ b/net/containernetworking-plugins/Makefile
@@ -0,0 +1,28 @@
+PORTNAME=	containernetworking-plugins
+DISTVERSION=	0.1
+CATEGORIES=	net
+
+MAINTAINER=	dfr@FreeBSD.org
+COMMENT=	Networking plugins for container networking support
+WWW=		https://www.cni.dev/
+
+LICENSE=	GPLv2
+
+USES=		go:no_targets
+BUILD_DEPENDS=	bash:shells/bash
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	dfr
+GH_PROJECT=	plugins
+GH_TAGNAME=	60b0a2b
+
+do-build:
+	cd ${WRKSRC} && ${SETENV} XDG_CACHE_HOME=${WRKDIR}/.cache GO=${GO_CMD} ./build_freebsd.sh
+
+do-install:
+	${MKDIR} ${STAGEDIR}${PREFIX}/libexec/cni
+	${MKDIR} ${STAGEDIR}${PREFIX}/etc/containers
+	cd ${WRKSRC} && ${INSTALL_PROGRAM} bin/* ${STAGEDIR}${PREFIX}/libexec/cni
+	${INSTALL_DATA} files/pf.conf.sample ${STAGEDIR}${PREFIX}/etc/containers
+
+.include <bsd.port.mk>
diff --git a/net/containernetworking-plugins/distinfo b/net/containernetworking-plugins/distinfo
new file mode 100644
index 000000000000..2e328f4fd663
--- /dev/null
+++ b/net/containernetworking-plugins/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1667064085
+SHA256 (dfr-plugins-0.1-60b0a2b_GH0.tar.gz) = e2eb2a6ec6209b4cd08ebd53b104fe1d0edafb3d3473c8450e60a69e3c509399
+SIZE (dfr-plugins-0.1-60b0a2b_GH0.tar.gz) = 4197131
diff --git a/net/containernetworking-plugins/files/pf.conf.sample b/net/containernetworking-plugins/files/pf.conf.sample
new file mode 100644
index 000000000000..9d4ec5e2b414
--- /dev/null
+++ b/net/containernetworking-plugins/files/pf.conf.sample
@@ -0,0 +1,8 @@
+# Change this to the interface with the default route
+egress_if = "ix0"
+
+nat on $egress_if inet from <cni-nat> to any -> ($egress_if)
+nat on $egress_if inet6 from <cni-nat> to !ff00::/8 -> ($egress_if)
+
+rdr-anchor "cni-rdr/*"
+table <cni-nat>
diff --git a/net/containernetworking-plugins/pkg-descr b/net/containernetworking-plugins/pkg-descr
new file mode 100644
index 000000000000..cc57e1bcaf5c
--- /dev/null
+++ b/net/containernetworking-plugins/pkg-descr
@@ -0,0 +1,3 @@
+CNI plugins for container networking support. This is used by
+container engines such as podman and buildah to setup and teardown
+network access for containers.
diff --git a/net/containernetworking-plugins/pkg-message b/net/containernetworking-plugins/pkg-message
new file mode 100644
index 000000000000..55be0dfff490
--- /dev/null
+++ b/net/containernetworking-plugins/pkg-message
@@ -0,0 +1,8 @@
+Container networking relies on NAT to allow container network packets
+out to the host's network. This requires a PF firewall to perform the
+translation. A simple example is included - to use it:
+
+# cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf
+... edit /etc/pf.conf and set egress_if to your network interface ...
+# sysrc pf_enable=YES
+# service pf start
diff --git a/net/containernetworking-plugins/pkg-plist b/net/containernetworking-plugins/pkg-plist
new file mode 100644
index 000000000000..2add69f1465e
--- /dev/null
+++ b/net/containernetworking-plugins/pkg-plist
@@ -0,0 +1,8 @@
+etc/containers/pf.conf.sample
+libexec/cni/bridge
+libexec/cni/firewall
+libexec/cni/host-local
+libexec/cni/loopback
+libexec/cni/portmap
+libexec/cni/static
+libexec/cni/tuning