diff options
author | Edwin Groothuis <edwin@FreeBSD.org> | 2007-09-07 07:47:07 +0000 |
---|---|---|
committer | Edwin Groothuis <edwin@FreeBSD.org> | 2007-09-07 07:47:07 +0000 |
commit | 934dc5b8166074365a934c04abe6fe97e3675ecb (patch) | |
tree | 442bef8d1bd8195976ced1a0e5e68e19f7079e05 /security/hamachi | |
parent | d1af5920d92ce511b046bf999dcb6aaff97b863a (diff) | |
download | ports-934dc5b8166074365a934c04abe6fe97e3675ecb.tar.gz ports-934dc5b8166074365a934c04abe6fe97e3675ecb.zip |
new port: security/hamachi (supersedes ports/110850)
New port of Hamachi VPN, using Linux official binary and a
patch on tuncfg.c based on the official OSX release.
Hamachi is a software that eases the creation of secure
VPNs even between nodes that would not be able to connect
to each other (server-assisted connection can be established
from two NATted client, if at least one of the two NAT
associates the port to the client not checking remote host).
UPX port is required in order to decompress the linux binary
and avoid run-time dependency on /proc.
PR: ports/112982
Submitted by: Lapo Luchini <lapo@lapo.it>
Notes
Notes:
svn path=/head/; revision=199005
Diffstat (limited to 'security/hamachi')
-rw-r--r-- | security/hamachi/Makefile | 39 | ||||
-rw-r--r-- | security/hamachi/distinfo | 3 | ||||
-rw-r--r-- | security/hamachi/files/hamachi.sh.in | 65 | ||||
-rw-r--r-- | security/hamachi/files/patch-Makefile | 26 | ||||
-rw-r--r-- | security/hamachi/files/patch-tuncfg_tuncfg.c | 240 | ||||
-rw-r--r-- | security/hamachi/pkg-descr | 3 |
6 files changed, 376 insertions, 0 deletions
diff --git a/security/hamachi/Makefile b/security/hamachi/Makefile new file mode 100644 index 000000000000..5d771f47d9ee --- /dev/null +++ b/security/hamachi/Makefile @@ -0,0 +1,39 @@ +# New ports collection makefile for: hamachi +# Date created: 2006-11-17 +# Whom: Lapo Luchini <lapo@lapo.it> +# +# $FreeBSD$ +# + +PORTNAME= hamachi +DISTVERSION= 0.9.9.9-20 +DISTVERSIONSUFFIX= -lnx +CATEGORIES= security linux +MASTER_SITES= http://files.hamachi.cc/linux/ +PKGNAMEPREFIX= linux- + +MAINTAINER= lapo@lapo.it +COMMENT= Fast, secure, simple VPN software with NAT-traversal + +PATCH_DEPENDS= upx:${PORTSDIR}/archivers/upx + +NO_BUILD= yes +ONLY_FOR_ARCHS= i386 amd64 +USE_LINUX= yes + +USE_RC_SUBR= hamachi.sh +PLIST_FILES= bin/hamachi bin/hamachi-init sbin/hamachi-tuncfg +PORTDOCS= README CHANGES + +post-patch: + ${RM} -f ${WRKSRC}/tuncfg/tuncfg + ${CC} ${CFLAGS} -o ${WRKSRC}/tuncfg/tuncfg ${WRKSRC}/tuncfg/tuncfg.c + upx -d ${WRKSRC}/hamachi + +post-install: +.if !defined(NOPORTDOCS) + ${MKDIR} ${DOCSDIR} + cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR} +.endif + +.include <bsd.port.mk> diff --git a/security/hamachi/distinfo b/security/hamachi/distinfo new file mode 100644 index 000000000000..93e95ca382ac --- /dev/null +++ b/security/hamachi/distinfo @@ -0,0 +1,3 @@ +MD5 (hamachi-0.9.9.9-20-lnx.tar.gz) = 27e4c926d0aa03de3573c0b7acf032a6 +SHA256 (hamachi-0.9.9.9-20-lnx.tar.gz) = 9e4b733558377d0c971ee2a19e04c0f5956e069033e8d13865f7c4dcb6d7f31b +SIZE (hamachi-0.9.9.9-20-lnx.tar.gz) = 344866 diff --git a/security/hamachi/files/hamachi.sh.in b/security/hamachi/files/hamachi.sh.in new file mode 100644 index 000000000000..49ebf427d8a6 --- /dev/null +++ b/security/hamachi/files/hamachi.sh.in @@ -0,0 +1,65 @@ +#!/bin/sh +# +# hamachi.sh - load tap driver and start Hamachi's tuncfg daemon +# +# (C) Copyright 2007 by Lapo Luchini +# (loosely based on ports/security/openvpn/files/openvpn.sh.in 1.9 by Matthias Andree) +# +# $FreeBSD$ +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +# Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# PROVIDE: hamachi +# REQUIRE: DAEMON +# KEYWORD: shutdown + +#TODO: serve la KEYWORD:shutdown? che fa? + +# Note that we deliberately refrain from unloading drivers. + +. %%RC_SUBR%% + +name="hamachi" +rcvar=`set_rcvar` + +load_rc_config $name + +: ${hamachi_enable="NO"} + +command="%%PREFIX%%/sbin/hamachi-tuncfg" +start_precmd="hamachi_precmd" + +hamachi_precmd() { + # FreeBSD <= 5.4 does not know kldstat's -m option + # FreeBSD >= 6.0 does not add debug.* sysctl information + # in the default build - we check both to keep things simple + if ! sysctl debug.if_tap_debug >/dev/null 2>&1 \ + && ! kldstat -m if_tap >/dev/null 2>&1 ; then + if ! kldload if_tap ; then + warn "Could not load tap module." + return 1 + fi + fi + if ! sysctl compat.linux >/dev/null 2>&1 \ + && ! kldstat -m linuxelf >/dev/null 2>&1 ; then + if ! kldload linux ; then + warn "Could not load linux module." + return 1 + fi + fi + return 0 +} + +run_rc_command "$1" diff --git a/security/hamachi/files/patch-Makefile b/security/hamachi/files/patch-Makefile new file mode 100644 index 000000000000..6da80a312e15 --- /dev/null +++ b/security/hamachi/files/patch-Makefile @@ -0,0 +1,26 @@ +--- Makefile.orig Tue Jun 20 21:47:28 2006 ++++ Makefile Thu Mar 22 14:02:01 2007 +@@ -2,12 +2,12 @@ + # + # Where hamachi and its symbolic link hamachi-init goes + # +-HAMACHI_DST ?= /usr/bin ++HAMACHI_DST ?= /usr/local/bin + + # + # Where root-level tunnel device configuration daemon tuncfg goes + # +-TUNCFG_DST ?= /sbin ++TUNCFG_DST ?= /usr/local/sbin + + .phony: install + +@@ -26,7 +26,7 @@ + fi; + + @echo Copying tuncfg into $(TUNCFG_DST) .. +- @install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST) ++ @install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST)/hamachi-tuncfg + + @echo + @echo "Hamachi is installed. See README for what to do next." diff --git a/security/hamachi/files/patch-tuncfg_tuncfg.c b/security/hamachi/files/patch-tuncfg_tuncfg.c new file mode 100644 index 000000000000..cdde008bc9c9 --- /dev/null +++ b/security/hamachi/files/patch-tuncfg_tuncfg.c @@ -0,0 +1,240 @@ +--- tuncfg/tuncfg.c.orig Tue Jun 20 21:47:28 2006 ++++ tuncfg/tuncfg.c Fri Nov 17 11:14:51 2006 +@@ -20,7 +20,7 @@ + * normally required by a private networking software. Namely - + * + * * creation of tunneling devices; this requires an access to +- * /dev/net/tun file, which _usually_ has 700 access mask ++ * /dev/tapXX files, which _usually_ has 700 access mask + * + * * configuration of the tunneling device using ifconfig, which is + * always a root-level operation +@@ -29,7 +29,7 @@ + * open a listening domain socket /var/run/tuncfg.sock. + * + * Upon accepting the connection on this socket, it will issue an open() +- * call for /dev/net/tun file (thus instantiating the tunneling device) ++ * call for /dev/tapXX file (iterating over first 16 XX values) + * and pass obtained FD to the peer process. It will also query and pass + * the MAC address of the device to the peer process. + * +@@ -48,10 +48,12 @@ + #include <sys/un.h> + #include <sys/ioctl.h> + #include <sys/stat.h> ++#include <sys/sysctl.h> + #include <arpa/inet.h> + +-#include <linux/if.h> +-#include <linux/if_tun.h> ++#include <net/if.h> ++#include <net/if_dl.h> ++#include <netinet/in.h> + + #include <unistd.h> + #include <errno.h> +@@ -59,6 +61,7 @@ + #include <fcntl.h> + #include <stdarg.h> + #include <stdlib.h> ++#include <string.h> + + /* + * +@@ -68,7 +71,7 @@ + + #define TUNTAP_URL "http://www.hamachi.cc/tuntap" + +-#define MAX_CLIENTS 64 ++#define MAX_CLIENTS 16 + + struct context + { +@@ -90,6 +93,7 @@ + struct stat st; + pid_t pid; + int fd, r, i; ++ int debug = 0; + + struct context ctx[MAX_CLIENTS]; + int ctx_n = 0; +@@ -98,18 +102,28 @@ + if (getuid() != 0) + errorf("tuncfg: must be run with superuser permissions\n"); + +- // lcok +- fd = open(LOCK_PATH, O_CREAT); ++ // ++ if (argc > 1) ++ { ++ debug = (strcmp(argv[1], "-d") == 0); ++ } ++ ++ // lock ++ fd = open(LOCK_PATH, O_CREAT | O_RDWR); + if (fd < 0) + errorf("tuncfg: cannot open lock file %s -- %s\n", + LOCK_PATH, strerror(errno)); + ++ // + if (flock(fd, LOCK_EX | LOCK_NB) < 0) +- errorf("tuncfg: already running\n"); ++ { ++ errorf("tuncfg: already running, " ++ "use 'killall tuncfg; tuncfg' to restart it\n"); ++ } + + // check there's /dev/net/tun +- if (stat("/dev/net/tun", &st) < 0) +- errorf("tuncfg: cannot stat() /dev/net/tun -- %s\n" ++ if (stat("/dev/tap0", &st) < 0) ++ errorf("tuncfg: cannot stat() /dev/tap0 -- %s\n" + "tuncfg: visit %s for more information\n", + strerror(errno), TUNTAP_URL); + +@@ -143,7 +157,7 @@ + SOCK_PATH, strerror(errno)); + + // daemonize +- if (argc < 2 || strcmp(argv[1], "-d")) ++ if (! debug) + { + chdir("/"); + +@@ -196,8 +210,13 @@ + if (FD_ISSET(fd, &fdr)) + { + struct context * p; +- struct ifreq ifr; + char buf[4+6]; ++ int mib[6]; ++ size_t len; ++ struct if_msghdr * msg = NULL; ++ struct sockaddr_dl * sa; ++ char dev_name[32]; ++ int i; + int cli, dev = -1, tmp = -1; + + cli = accept(fd, (void*)&addr, &alen); +@@ -213,48 +232,64 @@ + goto done; + } + +- // open tap device +- dev = open("/dev/net/tun", O_RDWR); +- printf("tuncfg: open() %d %d\n", dev, errno); ++ // open first available tap device ++ for (i=0; i<MAX_CLIENTS; i++) ++ { ++ snprintf(dev_name, sizeof(dev_name), ++ "/dev/tap%d", i); ++ ++ dev = open(dev_name, O_RDWR); ++ printf("tuncfg: open(%s) %d %d\n", ++ dev_name, dev, errno); ++ if (dev >= 0) ++ break; ++ } + if (dev < 0) + { +- r = (0x02 << 24) | errno; ++ r = (0x02 << 24); + goto done; + } + +- // bring it up +- strcpy(ifr.ifr_name, "ham%d"); +- ifr.ifr_flags = IFF_TAP | IFF_NO_PI; +- if (ioctl(dev, TUNSETIFF, (ulong)&ifr) < 0) ++ // query mac ++ mib[0] = CTL_NET; ++ mib[1] = AF_ROUTE; ++ mib[2] = 0; ++ mib[3] = AF_LINK; ++ mib[4] = NET_RT_IFLIST; ++ mib[5] = if_nametoindex("tap0"); ++ ++ if (! mib[5]) + { +- printf("tuncfg: ioctl() -1 %d\n", errno); + r = (0x03 << 24) | errno; + goto done; + } +- printf("tuncfg: ioctl() 0 %s\n", ifr.ifr_name); + +- // query mac +- tmp = socket(AF_INET, SOCK_DGRAM, 0); +- if (tmp < 0) ++ if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) + { +- printf("tuncfg: socket(mac) %d\n", errno); + r = (0x04 << 24) | errno; + goto done; + } +- +- if (ioctl(tmp, SIOCGIFHWADDR, (ulong)&ifr) < 0) ++ ++ msg = malloc(len); ++ if (! msg) ++ { ++ r = (0x05 << 24) | errno; ++ goto done; ++ } ++ ++ if (sysctl(mib, 6, msg, &len, NULL, 0) < 0) + { +- printf("tuncfg: ioctl(mac) %d\n", errno); + r = (0x05 << 24) | errno; + goto done; + } + +- memcpy(buf+4, &ifr.ifr_hwaddr.sa_data, 6); ++ sa = (void*)(msg + 1); ++ memcpy(buf+4, LLADDR(sa), 6); + + // remember + p = &ctx[ctx_n++]; + p->fd = cli; +- strncpy(p->dev, ifr.ifr_name, sizeof(p->dev)); ++ strncpy(p->dev, dev_name+5, 5); + + r = 0; + done: +@@ -264,6 +299,7 @@ + send_with_fd(cli, buf, sizeof(buf), dev); + } + ++ free(msg); + if (tmp != -1) close(tmp); + if (dev != -1) close(dev); + if (r != 0) close(cli); +@@ -295,7 +331,7 @@ + goto ack; + } + +- /* v[0] = ham<n>, v[1] = ip, v[2] = mask */ ++ /* v[0] = ip, v[1] = mask */ + if ( (v[0] & 0xff000000) != 0x05000000 || + (v[1] & 0xff000000) != 0xff000000 ) + { +@@ -324,9 +360,13 @@ + + r = system(cmd); + printf("tuncfg: system(%s) %d %d\n", cmd, r, errno); +- ++ if (r != 0) ++ { ++ r = (0x08 << 24) | (r & 0x00ffffff); ++ goto ack; ++ } + ack: +- printf("tuncfg: config() %08x", r); ++ printf("tuncfg: config() %08x\n", r); + send_with_fd(ctx[i].fd, &r, sizeof(r), -1); + } + } +@@ -360,4 +400,3 @@ + + return sendmsg(fd, &msg, 0); + } +- diff --git a/security/hamachi/pkg-descr b/security/hamachi/pkg-descr new file mode 100644 index 000000000000..081f8fb8403b --- /dev/null +++ b/security/hamachi/pkg-descr @@ -0,0 +1,3 @@ +Hamachi is a zero-configuration virtual private networking tool. + +WWW: http://hamachi.cc/ |