new port: security/hamachi (supersedes ports/110850)

	New port of Hamachi VPN, using Linux official binary and a
	patch on tuncfg.c based on the official OSX release.

	Hamachi is a software that eases the creation of secure
	VPNs even between nodes that would not be able to connect
	to each other (server-assisted connection can be established
	from two NATted client, if at least one of the two NAT
	associates the port to the client not checking remote host).

	UPX port is required in order to decompress the linux binary
	and avoid run-time dependency on /proc.

PR:		ports/112982
Submitted by:	Lapo Luchini <lapo@lapo.it>

6 files changed, 376 insertions, 0 deletions

diff --git a/security/hamachi/Makefile b/security/hamachi/Makefile
new file mode 100644
index 000000000000..5d771f47d9ee
--- /dev/null
+++ b/security/hamachi/Makefile
@@ -0,0 +1,39 @@
+# New ports collection makefile for:	hamachi
+# Date created:				2006-11-17
+# Whom:					Lapo Luchini <lapo@lapo.it>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	hamachi
+DISTVERSION=	0.9.9.9-20
+DISTVERSIONSUFFIX=	-lnx
+CATEGORIES=	security linux
+MASTER_SITES=	http://files.hamachi.cc/linux/
+PKGNAMEPREFIX=	linux-
+
+MAINTAINER=	lapo@lapo.it
+COMMENT=	Fast, secure, simple VPN software with NAT-traversal
+
+PATCH_DEPENDS=	upx:${PORTSDIR}/archivers/upx
+
+NO_BUILD=	yes
+ONLY_FOR_ARCHS=	i386 amd64
+USE_LINUX=	yes
+
+USE_RC_SUBR=	hamachi.sh
+PLIST_FILES=	bin/hamachi bin/hamachi-init sbin/hamachi-tuncfg
+PORTDOCS=	README CHANGES
+
+post-patch:
+	${RM} -f ${WRKSRC}/tuncfg/tuncfg
+	${CC} ${CFLAGS} -o ${WRKSRC}/tuncfg/tuncfg ${WRKSRC}/tuncfg/tuncfg.c
+	upx -d ${WRKSRC}/hamachi
+
+post-install:
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+	cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/hamachi/distinfo b/security/hamachi/distinfo
new file mode 100644
index 000000000000..93e95ca382ac
--- /dev/null
+++ b/security/hamachi/distinfo
@@ -0,0 +1,3 @@
+MD5 (hamachi-0.9.9.9-20-lnx.tar.gz) = 27e4c926d0aa03de3573c0b7acf032a6
+SHA256 (hamachi-0.9.9.9-20-lnx.tar.gz) = 9e4b733558377d0c971ee2a19e04c0f5956e069033e8d13865f7c4dcb6d7f31b
+SIZE (hamachi-0.9.9.9-20-lnx.tar.gz) = 344866
diff --git a/security/hamachi/files/hamachi.sh.in b/security/hamachi/files/hamachi.sh.in
new file mode 100644
index 000000000000..49ebf427d8a6
--- /dev/null
+++ b/security/hamachi/files/hamachi.sh.in
@@ -0,0 +1,65 @@
+#!/bin/sh
+#
+# hamachi.sh - load tap driver and start Hamachi's tuncfg daemon
+#
+# (C) Copyright 2007 by Lapo Luchini
+# (loosely based on ports/security/openvpn/files/openvpn.sh.in 1.9 by Matthias Andree)
+#
+# $FreeBSD$
+# 
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
+# Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# PROVIDE: hamachi
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+#TODO: serve la KEYWORD:shutdown? che fa?
+
+# Note that we deliberately refrain from unloading drivers.
+
+. %%RC_SUBR%%
+
+name="hamachi"
+rcvar=`set_rcvar`
+
+load_rc_config $name
+
+: ${hamachi_enable="NO"}
+
+command="%%PREFIX%%/sbin/hamachi-tuncfg"
+start_precmd="hamachi_precmd"
+
+hamachi_precmd() {
+	# FreeBSD <= 5.4 does not know kldstat's -m option
+	# FreeBSD >= 6.0 does not add debug.* sysctl information
+	# in the default build - we check both to keep things simple
+	if ! sysctl debug.if_tap_debug >/dev/null 2>&1 \
+			&& ! kldstat -m if_tap >/dev/null 2>&1 ; then
+		if ! kldload if_tap ; then
+			warn "Could not load tap module."
+			return 1
+		fi
+	fi
+	if ! sysctl compat.linux >/dev/null 2>&1 \
+			&& ! kldstat -m linuxelf >/dev/null 2>&1 ; then
+		if ! kldload linux ; then
+			warn "Could not load linux module."
+			return 1
+		fi
+	fi
+	return 0
+}
+
+run_rc_command "$1"
diff --git a/security/hamachi/files/patch-Makefile b/security/hamachi/files/patch-Makefile
new file mode 100644
index 000000000000..6da80a312e15
--- /dev/null
+++ b/security/hamachi/files/patch-Makefile
@@ -0,0 +1,26 @@
+--- Makefile.orig	Tue Jun 20 21:47:28 2006
++++ Makefile	Thu Mar 22 14:02:01 2007
+@@ -2,12 +2,12 @@
+ #
+ #	Where hamachi and its symbolic link hamachi-init goes
+ #
+-HAMACHI_DST ?= /usr/bin
++HAMACHI_DST ?= /usr/local/bin
+ 
+ #
+ #	Where root-level tunnel device configuration daemon tuncfg goes
+ #
+-TUNCFG_DST  ?= /sbin
++TUNCFG_DST  ?= /usr/local/sbin
+ 
+ .phony: install
+ 
+@@ -26,7 +26,7 @@
+ 	fi;
+ 	
+ 	@echo Copying tuncfg into $(TUNCFG_DST) ..
+-	@install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST)
++	@install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST)/hamachi-tuncfg
+ 
+ 	@echo
+ 	@echo "Hamachi is installed. See README for what to do next." 
diff --git a/security/hamachi/files/patch-tuncfg_tuncfg.c b/security/hamachi/files/patch-tuncfg_tuncfg.c
new file mode 100644
index 000000000000..cdde008bc9c9
--- /dev/null
+++ b/security/hamachi/files/patch-tuncfg_tuncfg.c
@@ -0,0 +1,240 @@
+--- tuncfg/tuncfg.c.orig	Tue Jun 20 21:47:28 2006
++++ tuncfg/tuncfg.c	Fri Nov 17 11:14:51 2006
+@@ -20,7 +20,7 @@
+  *	normally required by a private networking software. Namely -
+  *
+  *	* creation of tunneling devices; this requires an access to 
+- *	  /dev/net/tun file, which _usually_ has 700 access mask
++ *	  /dev/tapXX files, which _usually_ has 700 access mask
+  *
+  *	* configuration of the tunneling device using ifconfig, which is
+  *	  always a root-level operation
+@@ -29,7 +29,7 @@
+  *	open a listening domain socket /var/run/tuncfg.sock.
+  *
+  *	Upon accepting the connection on this socket, it will issue an open()
+- *	call for /dev/net/tun file (thus instantiating the tunneling device) 
++ *	call for /dev/tapXX file (iterating over first 16 XX values)
+  *	and pass obtained FD to the peer process. It will also query and pass
+  *	the MAC address of the device to the peer process.
+  *
+@@ -48,10 +48,12 @@
+ #include <sys/un.h>
+ #include <sys/ioctl.h>
+ #include <sys/stat.h>
++#include <sys/sysctl.h>
+ #include <arpa/inet.h>
+ 
+-#include <linux/if.h>
+-#include <linux/if_tun.h>
++#include <net/if.h>
++#include <net/if_dl.h>
++#include <netinet/in.h>
+ 
+ #include <unistd.h>
+ #include <errno.h>
+@@ -59,6 +61,7 @@
+ #include <fcntl.h>
+ #include <stdarg.h>
+ #include <stdlib.h>
++#include <string.h>
+ 
+ /*
+  *
+@@ -68,7 +71,7 @@
+ 
+ #define TUNTAP_URL  "http://www.hamachi.cc/tuntap"
+ 
+-#define MAX_CLIENTS 64
++#define MAX_CLIENTS 16
+ 
+ struct context
+ {
+@@ -90,6 +93,7 @@
+ 	struct stat st;
+ 	pid_t pid;
+ 	int   fd, r, i;
++	int   debug = 0;
+ 
+ 	struct context ctx[MAX_CLIENTS];
+ 	int ctx_n = 0;
+@@ -98,18 +102,28 @@
+ 	if (getuid() != 0)
+ 		errorf("tuncfg: must be run with superuser permissions\n");
+ 
+-	// lcok
+-	fd = open(LOCK_PATH, O_CREAT);
++	//
++	if (argc > 1)
++	{
++		debug = (strcmp(argv[1], "-d") == 0);
++	}
++
++	// lock
++	fd = open(LOCK_PATH, O_CREAT | O_RDWR);
+ 	if (fd < 0)
+ 		errorf("tuncfg: cannot open lock file %s -- %s\n",
+ 			LOCK_PATH, strerror(errno));
+ 
++	//
+ 	if (flock(fd, LOCK_EX | LOCK_NB) < 0)
+-		errorf("tuncfg: already running\n");
++	{
++		errorf("tuncfg: already running, "
++		       "use 'killall tuncfg; tuncfg' to restart it\n");
++	}
+ 
+ 	// check there's /dev/net/tun
+-	if (stat("/dev/net/tun", &st) < 0)
+-		errorf("tuncfg: cannot stat() /dev/net/tun -- %s\n"
++	if (stat("/dev/tap0", &st) < 0)
++		errorf("tuncfg: cannot stat() /dev/tap0 -- %s\n"
+ 		       "tuncfg: visit %s for more information\n",
+ 		       strerror(errno), TUNTAP_URL);
+ 	
+@@ -143,7 +157,7 @@
+ 			SOCK_PATH, strerror(errno));
+ 
+ 	// daemonize
+-	if (argc < 2 || strcmp(argv[1], "-d"))
++	if (! debug)
+ 	{
+ 		chdir("/");
+ 
+@@ -196,8 +210,13 @@
+ 		if (FD_ISSET(fd, &fdr))
+ 		{
+ 			struct context * p;
+-			struct ifreq   ifr;
+ 			char buf[4+6];
++			int mib[6];
++			size_t len;
++			struct if_msghdr * msg = NULL;
++			struct sockaddr_dl * sa;
++			char dev_name[32];
++			int i;
+ 			int cli, dev = -1, tmp = -1;
+ 
+ 			cli = accept(fd, (void*)&addr, &alen);
+@@ -213,48 +232,64 @@
+ 				goto done;
+ 			}
+ 
+-			// open tap device
+-			dev = open("/dev/net/tun", O_RDWR);
+-			printf("tuncfg: open() %d %d\n", dev, errno);
++			// open first available tap device
++			for (i=0; i<MAX_CLIENTS; i++)
++			{
++				snprintf(dev_name, sizeof(dev_name),
++						"/dev/tap%d", i);
++
++				dev = open(dev_name, O_RDWR);
++				printf("tuncfg: open(%s) %d %d\n", 
++						dev_name, dev, errno);
++				if (dev >= 0)
++					break;
++			}
+ 			if (dev < 0)
+ 			{
+-				r = (0x02 << 24) | errno;
++				r = (0x02 << 24);
+ 				goto done;
+ 			}
+ 
+-			// bring it up
+-			strcpy(ifr.ifr_name, "ham%d");
+-			ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
+-			if (ioctl(dev, TUNSETIFF, (ulong)&ifr) < 0)
++			// query mac
++			mib[0] = CTL_NET;
++			mib[1] = AF_ROUTE;
++			mib[2] = 0;
++			mib[3] = AF_LINK;
++			mib[4] = NET_RT_IFLIST;
++			mib[5] = if_nametoindex("tap0");
++
++			if (! mib[5])
+ 			{
+-				printf("tuncfg: ioctl() -1 %d\n", errno);
+ 				r = (0x03 << 24) | errno;
+ 				goto done;
+ 			}
+-			printf("tuncfg: ioctl() 0 %s\n", ifr.ifr_name);
+ 
+-			// query mac
+-			tmp = socket(AF_INET, SOCK_DGRAM, 0);
+-			if (tmp < 0)
++			if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0)
+ 			{
+-				printf("tuncfg: socket(mac) %d\n", errno);
+ 				r = (0x04 << 24) | errno;
+ 				goto done;
+ 			}
+-			
+-			if (ioctl(tmp, SIOCGIFHWADDR, (ulong)&ifr) < 0)
++
++			msg = malloc(len);
++			if (! msg)
++			{
++				r = (0x05 << 24) | errno;
++				goto done;
++			}
++
++			if (sysctl(mib, 6, msg, &len, NULL, 0) < 0)
+ 			{
+-				printf("tuncfg: ioctl(mac) %d\n", errno);
+ 				r = (0x05 << 24) | errno;
+ 				goto done;
+ 			}
+ 
+-			memcpy(buf+4, &ifr.ifr_hwaddr.sa_data, 6);
++			sa = (void*)(msg + 1);
++			memcpy(buf+4, LLADDR(sa), 6);
+ 
+ 			// remember
+ 			p = &ctx[ctx_n++];
+ 			p->fd = cli;
+-			strncpy(p->dev, ifr.ifr_name, sizeof(p->dev));
++			strncpy(p->dev, dev_name+5, 5);
+ 
+ 			r = 0;
+ done:
+@@ -264,6 +299,7 @@
+ 				send_with_fd(cli, buf, sizeof(buf), dev); 
+ 			}
+ 
++			free(msg);
+ 			if (tmp != -1)  close(tmp);
+ 			if (dev != -1)  close(dev);
+ 			if (r != 0)     close(cli);
+@@ -295,7 +331,7 @@
+ 				goto ack;
+ 			}
+ 
+-			/* v[0] = ham<n>, v[1] = ip, v[2] = mask */
++			/* v[0] = ip, v[1] = mask */
+ 			if ( (v[0] & 0xff000000) != 0x05000000 ||
+ 			     (v[1] & 0xff000000) != 0xff000000 )
+ 			{
+@@ -324,9 +360,13 @@
+ 
+ 			r = system(cmd);
+ 			printf("tuncfg: system(%s) %d %d\n", cmd, r, errno);
+-
++			if (r != 0)
++			{
++				r = (0x08 << 24) | (r & 0x00ffffff);
++				goto ack;
++			}
+ ack:
+-			printf("tuncfg: config() %08x", r);
++			printf("tuncfg: config() %08x\n", r);
+ 			send_with_fd(ctx[i].fd, &r, sizeof(r), -1);
+ 		}
+ 	}
+@@ -360,4 +400,3 @@
+ 
+ 	return sendmsg(fd, &msg, 0);
+ }
+-
diff --git a/security/hamachi/pkg-descr b/security/hamachi/pkg-descr
new file mode 100644
index 000000000000..081f8fb8403b
--- /dev/null
+++ b/security/hamachi/pkg-descr
@@ -0,0 +1,3 @@
+Hamachi is a zero-configuration virtual private networking tool.
+
+WWW: http://hamachi.cc/