5 files changed, 265 insertions, 0 deletions

diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile
new file mode 100644
index 000000000000..756d8a61cd44
--- /dev/null
+++ b/security/strongswan/Makefile
@@ -0,0 +1,47 @@
+# New ports collection makefile for:	strongswan
+# Date created:				30 May 2010
+# Whom:					<riaank@gmail.com>
+#
+# $FreeBSD$
+
+PORTNAME=	strongswan
+PORTVERSION=	4.4.0
+CATEGORIES=	security
+MASTER_SITES=	http://download.strongswan.org/ \
+		http://download2.strongswan.org/
+
+MAINTAINER=	riaank@gmail.com
+COMMENT=	Open Source IPSec-based VPN solution
+
+LIB_DEPENDS=	vstr:${PORTSDIR}/devel/vstr \
+		gmp.10:${PORTSDIR}/math/gmp
+
+USE_BZIP2=	yes
+
+USE_AUTOTOOLS=	libtool:22
+GNU_CONFIGURE=	yes
+USE_LDCONFIG=	yes
+CONFIGURE_ARGS=	--enable-kernel-pfkey \
+		--enable-kernel-pfroute  \
+		--disable-kernel-netlink  \
+		--enable-vstr  \
+		--disable-tools  \
+		--disable-scripts  \
+		--disable-pluto  \
+		--with-group=wheel  \
+		--with-lib-prefix=${PREFIX}
+
+MAN3=		anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 \
+		initaddr.3 initsubnet.3 keyblobtoid.3 portof.3 prng.3 \
+		rangetosubnet.3 sameaddr.3 subnetof.3 ttoaddr.3 ttodata.3 \
+		ttosa.3 ttoul.3
+MAN5=		ipsec.conf.5
+MAN8=		ipsec.8 starter.8 _copyright.8 _updown.8 _updown_espmark.8
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 800000
+IGNORE=		requires at least FreeBSD 8.X
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/security/strongswan/distinfo b/security/strongswan/distinfo
new file mode 100644
index 000000000000..58dd23cd24ca
--- /dev/null
+++ b/security/strongswan/distinfo
@@ -0,0 +1,3 @@
+MD5 (strongswan-4.4.0.tar.bz2) = bfb0f1c8ef1344e1ae8157bdde060fed
+SHA256 (strongswan-4.4.0.tar.bz2) = df40d9daf963ce4f4bef4177ed02d68c083521b307f52bebb1872c2ded4b2718
+SIZE (strongswan-4.4.0.tar.bz2) = 2863754
diff --git a/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c b/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c
new file mode 100644
index 000000000000..a71cd11c0a39
--- /dev/null
+++ b/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c
@@ -0,0 +1,102 @@
+diff -u -r srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+--- srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c	2010-03-19 17:56:54.000000000 +0200
++++ src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c	2010-05-28 15:58:12.000000000 +0200
+@@ -600,17 +600,43 @@
+ }
+ 
+ /**
+- * add a host behind a sadb_address extension
++ * Copy a host_t as sockaddr_t to the given memory location. Ports are
++ * reset to zero as per RFC 2367.
++ * @returns		the number of bytes copied
+  */
+-static void host2ext(host_t *host, struct sadb_address *ext)
++static size_t hostcpy(void *dest, host_t *host)
+ {
+-	sockaddr_t *host_addr = host->get_sockaddr(host);
++	sockaddr_t *addr = host->get_sockaddr(host), *dest_addr = dest;
+ 	socklen_t *len = host->get_sockaddr_len(host);
++	memcpy(dest, addr, *len);
+ #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+-	host_addr->sa_len = *len;
++	dest_addr->sa_len = *len;
+ #endif
+-	memcpy((char*)(ext + 1), host_addr, *len);
+-	ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + *len);
++	switch (dest_addr->sa_family)
++	{
++		case AF_INET:
++		{
++			struct sockaddr_in *sin = dest;
++			sin->sin_port = 0;
++			break;
++		}
++		case AF_INET6:
++		{
++			struct sockaddr_in6 *sin6 = dest;
++			sin6->sin6_port = 0;
++			break;
++		}
++	}
++	return *len;
++}
++
++/**
++ * add a host behind an sadb_address extension
++ */
++static void host2ext(host_t *host, struct sadb_address *ext)
++{
++	size_t len = hostcpy(ext + 1, host);
++	ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + len);
+ }
+ 
+ /**
+@@ -1019,6 +1045,7 @@
+ }
+ #endif /*SADB_X_MIGRATE*/
+ 
++#ifndef __FreeBSD__
+ #ifdef HAVE_NATT
+ /**
+  * Process a SADB_X_NAT_T_NEW_MAPPING message from the kernel
+@@ -1076,6 +1103,7 @@
+ 	}
+ }
+ #endif /*HAVE_NATT*/
++#endif /*__FreeBSD__*/
+ 
+ /**
+  * Receives events from kernel
+@@ -1137,11 +1165,13 @@
+ 			process_migrate(this, msg);
+ 			break;
+ #endif /*SADB_X_MIGRATE*/
++#ifndef __FreeBSD__
+ #ifdef HAVE_NATT
+ 		case SADB_X_NAT_T_NEW_MAPPING:
+ 			process_mapping(this, msg);
+ 			break;
+ #endif /*HAVE_NATT*/
++#endif /*__FreeBSD__*/
+ 		default:
+ 			break;
+ 	}
+@@ -1679,14 +1709,10 @@
+ 	req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
+ 	if (mode == MODE_TUNNEL)
+ 	{
+-		sockaddr_t *sa;
+-		socklen_t sl;
+-		sa = src->get_sockaddr(src);
+-		sl = *src->get_sockaddr_len(src);
+-		memcpy(req + 1, sa, sl);
+-		sa = dst->get_sockaddr(dst);
+-		memcpy((u_int8_t*)(req + 1) + sl, sa, sl);
+-		req->sadb_x_ipsecrequest_len += sl * 2;
++		len = hostcpy(req + 1, src);
++		req->sadb_x_ipsecrequest_len += len;
++		len = hostcpy((char*)(req + 1) + len, dst);
++		req->sadb_x_ipsecrequest_len += len;
+ 	}
+ 
+ 	pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len);
diff --git a/security/strongswan/pkg-descr b/security/strongswan/pkg-descr
new file mode 100644
index 000000000000..9cade44ddfa3
--- /dev/null
+++ b/security/strongswan/pkg-descr
@@ -0,0 +1,4 @@
+Strongswan is an open source IPsec-based VPN solution.
+Strongswan for FreeBSD supports IKEv2 but NOT IKEv1.
+
+WWW: http://www.strongswan.org
diff --git a/security/strongswan/pkg-plist b/security/strongswan/pkg-plist
new file mode 100644
index 000000000000..7c1e8216ec6a
--- /dev/null
+++ b/security/strongswan/pkg-plist
@@ -0,0 +1,109 @@
+etc/ipsec.conf
+%%ETCDIR%%.conf
+lib/libcharon.a
+lib/libcharon.la
+lib/libcharon.so
+lib/libcharon.so.0
+lib/libhydra.a
+lib/libhydra.la
+lib/libhydra.so
+lib/libhydra.so.0
+lib/libstrongswan.a
+lib/libstrongswan.la
+lib/libstrongswan.so
+lib/libstrongswan.so.0
+libexec/ipsec/_copyright
+libexec/ipsec/_updown
+libexec/ipsec/_updown_espmark
+libexec/ipsec/charon
+libexec/ipsec/plugins/libstrongswan-aes.a
+libexec/ipsec/plugins/libstrongswan-aes.la
+libexec/ipsec/plugins/libstrongswan-aes.so
+libexec/ipsec/plugins/libstrongswan-attr.a
+libexec/ipsec/plugins/libstrongswan-attr.la
+libexec/ipsec/plugins/libstrongswan-attr.so
+libexec/ipsec/plugins/libstrongswan-des.a
+libexec/ipsec/plugins/libstrongswan-des.la
+libexec/ipsec/plugins/libstrongswan-des.so
+libexec/ipsec/plugins/libstrongswan-dnskey.a
+libexec/ipsec/plugins/libstrongswan-dnskey.la
+libexec/ipsec/plugins/libstrongswan-dnskey.so
+libexec/ipsec/plugins/libstrongswan-fips-prf.a
+libexec/ipsec/plugins/libstrongswan-fips-prf.la
+libexec/ipsec/plugins/libstrongswan-fips-prf.so
+libexec/ipsec/plugins/libstrongswan-gmp.a
+libexec/ipsec/plugins/libstrongswan-gmp.la
+libexec/ipsec/plugins/libstrongswan-gmp.so
+libexec/ipsec/plugins/libstrongswan-hmac.a
+libexec/ipsec/plugins/libstrongswan-hmac.la
+libexec/ipsec/plugins/libstrongswan-hmac.so
+libexec/ipsec/plugins/libstrongswan-kernel-pfkey.a
+libexec/ipsec/plugins/libstrongswan-kernel-pfkey.la
+libexec/ipsec/plugins/libstrongswan-kernel-pfkey.so
+libexec/ipsec/plugins/libstrongswan-kernel-pfroute.a
+libexec/ipsec/plugins/libstrongswan-kernel-pfroute.la
+libexec/ipsec/plugins/libstrongswan-kernel-pfroute.so
+libexec/ipsec/plugins/libstrongswan-md5.a
+libexec/ipsec/plugins/libstrongswan-md5.la
+libexec/ipsec/plugins/libstrongswan-md5.so
+libexec/ipsec/plugins/libstrongswan-pem.a
+libexec/ipsec/plugins/libstrongswan-pem.la
+libexec/ipsec/plugins/libstrongswan-pem.so
+libexec/ipsec/plugins/libstrongswan-pgp.a
+libexec/ipsec/plugins/libstrongswan-pgp.la
+libexec/ipsec/plugins/libstrongswan-pgp.so
+libexec/ipsec/plugins/libstrongswan-pkcs1.a
+libexec/ipsec/plugins/libstrongswan-pkcs1.la
+libexec/ipsec/plugins/libstrongswan-pkcs1.so
+libexec/ipsec/plugins/libstrongswan-pubkey.a
+libexec/ipsec/plugins/libstrongswan-pubkey.la
+libexec/ipsec/plugins/libstrongswan-pubkey.so
+libexec/ipsec/plugins/libstrongswan-random.a
+libexec/ipsec/plugins/libstrongswan-random.la
+libexec/ipsec/plugins/libstrongswan-random.so
+libexec/ipsec/plugins/libstrongswan-resolve.a
+libexec/ipsec/plugins/libstrongswan-resolve.la
+libexec/ipsec/plugins/libstrongswan-resolve.so
+libexec/ipsec/plugins/libstrongswan-sha1.a
+libexec/ipsec/plugins/libstrongswan-sha1.la
+libexec/ipsec/plugins/libstrongswan-sha1.so
+libexec/ipsec/plugins/libstrongswan-sha2.a
+libexec/ipsec/plugins/libstrongswan-sha2.la
+libexec/ipsec/plugins/libstrongswan-sha2.so
+libexec/ipsec/plugins/libstrongswan-socket-default.a
+libexec/ipsec/plugins/libstrongswan-socket-default.la
+libexec/ipsec/plugins/libstrongswan-socket-default.so
+libexec/ipsec/plugins/libstrongswan-stroke.a
+libexec/ipsec/plugins/libstrongswan-stroke.la
+libexec/ipsec/plugins/libstrongswan-stroke.so
+libexec/ipsec/plugins/libstrongswan-updown.a
+libexec/ipsec/plugins/libstrongswan-updown.la
+libexec/ipsec/plugins/libstrongswan-updown.so
+libexec/ipsec/plugins/libstrongswan-x509.a
+libexec/ipsec/plugins/libstrongswan-x509.la
+libexec/ipsec/plugins/libstrongswan-x509.so
+libexec/ipsec/plugins/libstrongswan-xcbc.a
+libexec/ipsec/plugins/libstrongswan-xcbc.la
+libexec/ipsec/plugins/libstrongswan-xcbc.so
+libexec/ipsec/starter
+libexec/ipsec/stroke
+sbin/ipsec
+@dirrm libexec/ipsec/plugins
+@dirrm libexec/ipsec
+@dirrm etc/ipsec.d/reqs
+@dirrm etc/ipsec.d/private
+@dirrm etc/ipsec.d/ocspcerts
+@dirrm etc/ipsec.d/crls
+@dirrm etc/ipsec.d/certs
+@dirrm etc/ipsec.d/cacerts
+@dirrm etc/ipsec.d/acerts
+@dirrm etc/ipsec.d/aacerts
+@dirrm etc/ipsec.d
+@exec mkdir -p %D/etc/ipsec.d/reqs
+@exec mkdir -p %D/etc/ipsec.d/private
+@exec mkdir -p %D/etc/ipsec.d/ocspcerts
+@exec mkdir -p %D/etc/ipsec.d/crls
+@exec mkdir -p %D/etc/ipsec.d/certs
+@exec mkdir -p %D/etc/ipsec.d/cacerts
+@exec mkdir -p %D/etc/ipsec.d/acerts
+@exec mkdir -p %D/etc/ipsec.d/aacerts