diff options
Diffstat (limited to 'security/strongswan')
-rw-r--r-- | security/strongswan/Makefile | 47 | ||||
-rw-r--r-- | security/strongswan/distinfo | 3 | ||||
-rw-r--r-- | security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c | 102 | ||||
-rw-r--r-- | security/strongswan/pkg-descr | 4 | ||||
-rw-r--r-- | security/strongswan/pkg-plist | 109 |
5 files changed, 265 insertions, 0 deletions
diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile new file mode 100644 index 000000000000..756d8a61cd44 --- /dev/null +++ b/security/strongswan/Makefile @@ -0,0 +1,47 @@ +# New ports collection makefile for: strongswan +# Date created: 30 May 2010 +# Whom: <riaank@gmail.com> +# +# $FreeBSD$ + +PORTNAME= strongswan +PORTVERSION= 4.4.0 +CATEGORIES= security +MASTER_SITES= http://download.strongswan.org/ \ + http://download2.strongswan.org/ + +MAINTAINER= riaank@gmail.com +COMMENT= Open Source IPSec-based VPN solution + +LIB_DEPENDS= vstr:${PORTSDIR}/devel/vstr \ + gmp.10:${PORTSDIR}/math/gmp + +USE_BZIP2= yes + +USE_AUTOTOOLS= libtool:22 +GNU_CONFIGURE= yes +USE_LDCONFIG= yes +CONFIGURE_ARGS= --enable-kernel-pfkey \ + --enable-kernel-pfroute \ + --disable-kernel-netlink \ + --enable-vstr \ + --disable-tools \ + --disable-scripts \ + --disable-pluto \ + --with-group=wheel \ + --with-lib-prefix=${PREFIX} + +MAN3= anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 \ + initaddr.3 initsubnet.3 keyblobtoid.3 portof.3 prng.3 \ + rangetosubnet.3 sameaddr.3 subnetof.3 ttoaddr.3 ttodata.3 \ + ttosa.3 ttoul.3 +MAN5= ipsec.conf.5 +MAN8= ipsec.8 starter.8 _copyright.8 _updown.8 _updown_espmark.8 + +.include <bsd.port.pre.mk> + +.if ${OSVERSION} < 800000 +IGNORE= requires at least FreeBSD 8.X +.endif + +.include <bsd.port.post.mk> diff --git a/security/strongswan/distinfo b/security/strongswan/distinfo new file mode 100644 index 000000000000..58dd23cd24ca --- /dev/null +++ b/security/strongswan/distinfo @@ -0,0 +1,3 @@ +MD5 (strongswan-4.4.0.tar.bz2) = bfb0f1c8ef1344e1ae8157bdde060fed +SHA256 (strongswan-4.4.0.tar.bz2) = df40d9daf963ce4f4bef4177ed02d68c083521b307f52bebb1872c2ded4b2718 +SIZE (strongswan-4.4.0.tar.bz2) = 2863754 diff --git a/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c b/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c new file mode 100644 index 000000000000..a71cd11c0a39 --- /dev/null +++ b/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c @@ -0,0 +1,102 @@ +diff -u -r srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +--- srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2010-03-19 17:56:54.000000000 +0200 ++++ src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2010-05-28 15:58:12.000000000 +0200 +@@ -600,17 +600,43 @@ + } + + /** +- * add a host behind a sadb_address extension ++ * Copy a host_t as sockaddr_t to the given memory location. Ports are ++ * reset to zero as per RFC 2367. ++ * @returns the number of bytes copied + */ +-static void host2ext(host_t *host, struct sadb_address *ext) ++static size_t hostcpy(void *dest, host_t *host) + { +- sockaddr_t *host_addr = host->get_sockaddr(host); ++ sockaddr_t *addr = host->get_sockaddr(host), *dest_addr = dest; + socklen_t *len = host->get_sockaddr_len(host); ++ memcpy(dest, addr, *len); + #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN +- host_addr->sa_len = *len; ++ dest_addr->sa_len = *len; + #endif +- memcpy((char*)(ext + 1), host_addr, *len); +- ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + *len); ++ switch (dest_addr->sa_family) ++ { ++ case AF_INET: ++ { ++ struct sockaddr_in *sin = dest; ++ sin->sin_port = 0; ++ break; ++ } ++ case AF_INET6: ++ { ++ struct sockaddr_in6 *sin6 = dest; ++ sin6->sin6_port = 0; ++ break; ++ } ++ } ++ return *len; ++} ++ ++/** ++ * add a host behind an sadb_address extension ++ */ ++static void host2ext(host_t *host, struct sadb_address *ext) ++{ ++ size_t len = hostcpy(ext + 1, host); ++ ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + len); + } + + /** +@@ -1019,6 +1045,7 @@ + } + #endif /*SADB_X_MIGRATE*/ + ++#ifndef __FreeBSD__ + #ifdef HAVE_NATT + /** + * Process a SADB_X_NAT_T_NEW_MAPPING message from the kernel +@@ -1076,6 +1103,7 @@ + } + } + #endif /*HAVE_NATT*/ ++#endif /*__FreeBSD__*/ + + /** + * Receives events from kernel +@@ -1137,11 +1165,13 @@ + process_migrate(this, msg); + break; + #endif /*SADB_X_MIGRATE*/ ++#ifndef __FreeBSD__ + #ifdef HAVE_NATT + case SADB_X_NAT_T_NEW_MAPPING: + process_mapping(this, msg); + break; + #endif /*HAVE_NATT*/ ++#endif /*__FreeBSD__*/ + default: + break; + } +@@ -1679,14 +1709,10 @@ + req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; + if (mode == MODE_TUNNEL) + { +- sockaddr_t *sa; +- socklen_t sl; +- sa = src->get_sockaddr(src); +- sl = *src->get_sockaddr_len(src); +- memcpy(req + 1, sa, sl); +- sa = dst->get_sockaddr(dst); +- memcpy((u_int8_t*)(req + 1) + sl, sa, sl); +- req->sadb_x_ipsecrequest_len += sl * 2; ++ len = hostcpy(req + 1, src); ++ req->sadb_x_ipsecrequest_len += len; ++ len = hostcpy((char*)(req + 1) + len, dst); ++ req->sadb_x_ipsecrequest_len += len; + } + + pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); diff --git a/security/strongswan/pkg-descr b/security/strongswan/pkg-descr new file mode 100644 index 000000000000..9cade44ddfa3 --- /dev/null +++ b/security/strongswan/pkg-descr @@ -0,0 +1,4 @@ +Strongswan is an open source IPsec-based VPN solution. +Strongswan for FreeBSD supports IKEv2 but NOT IKEv1. + +WWW: http://www.strongswan.org diff --git a/security/strongswan/pkg-plist b/security/strongswan/pkg-plist new file mode 100644 index 000000000000..7c1e8216ec6a --- /dev/null +++ b/security/strongswan/pkg-plist @@ -0,0 +1,109 @@ +etc/ipsec.conf +%%ETCDIR%%.conf +lib/libcharon.a +lib/libcharon.la +lib/libcharon.so +lib/libcharon.so.0 +lib/libhydra.a +lib/libhydra.la +lib/libhydra.so +lib/libhydra.so.0 +lib/libstrongswan.a +lib/libstrongswan.la +lib/libstrongswan.so +lib/libstrongswan.so.0 +libexec/ipsec/_copyright +libexec/ipsec/_updown +libexec/ipsec/_updown_espmark +libexec/ipsec/charon +libexec/ipsec/plugins/libstrongswan-aes.a +libexec/ipsec/plugins/libstrongswan-aes.la +libexec/ipsec/plugins/libstrongswan-aes.so +libexec/ipsec/plugins/libstrongswan-attr.a +libexec/ipsec/plugins/libstrongswan-attr.la +libexec/ipsec/plugins/libstrongswan-attr.so +libexec/ipsec/plugins/libstrongswan-des.a +libexec/ipsec/plugins/libstrongswan-des.la +libexec/ipsec/plugins/libstrongswan-des.so +libexec/ipsec/plugins/libstrongswan-dnskey.a +libexec/ipsec/plugins/libstrongswan-dnskey.la +libexec/ipsec/plugins/libstrongswan-dnskey.so +libexec/ipsec/plugins/libstrongswan-fips-prf.a +libexec/ipsec/plugins/libstrongswan-fips-prf.la +libexec/ipsec/plugins/libstrongswan-fips-prf.so +libexec/ipsec/plugins/libstrongswan-gmp.a +libexec/ipsec/plugins/libstrongswan-gmp.la +libexec/ipsec/plugins/libstrongswan-gmp.so +libexec/ipsec/plugins/libstrongswan-hmac.a +libexec/ipsec/plugins/libstrongswan-hmac.la +libexec/ipsec/plugins/libstrongswan-hmac.so +libexec/ipsec/plugins/libstrongswan-kernel-pfkey.a +libexec/ipsec/plugins/libstrongswan-kernel-pfkey.la +libexec/ipsec/plugins/libstrongswan-kernel-pfkey.so +libexec/ipsec/plugins/libstrongswan-kernel-pfroute.a +libexec/ipsec/plugins/libstrongswan-kernel-pfroute.la +libexec/ipsec/plugins/libstrongswan-kernel-pfroute.so +libexec/ipsec/plugins/libstrongswan-md5.a +libexec/ipsec/plugins/libstrongswan-md5.la +libexec/ipsec/plugins/libstrongswan-md5.so +libexec/ipsec/plugins/libstrongswan-pem.a +libexec/ipsec/plugins/libstrongswan-pem.la +libexec/ipsec/plugins/libstrongswan-pem.so +libexec/ipsec/plugins/libstrongswan-pgp.a +libexec/ipsec/plugins/libstrongswan-pgp.la +libexec/ipsec/plugins/libstrongswan-pgp.so +libexec/ipsec/plugins/libstrongswan-pkcs1.a +libexec/ipsec/plugins/libstrongswan-pkcs1.la +libexec/ipsec/plugins/libstrongswan-pkcs1.so +libexec/ipsec/plugins/libstrongswan-pubkey.a +libexec/ipsec/plugins/libstrongswan-pubkey.la +libexec/ipsec/plugins/libstrongswan-pubkey.so +libexec/ipsec/plugins/libstrongswan-random.a +libexec/ipsec/plugins/libstrongswan-random.la +libexec/ipsec/plugins/libstrongswan-random.so +libexec/ipsec/plugins/libstrongswan-resolve.a +libexec/ipsec/plugins/libstrongswan-resolve.la +libexec/ipsec/plugins/libstrongswan-resolve.so +libexec/ipsec/plugins/libstrongswan-sha1.a +libexec/ipsec/plugins/libstrongswan-sha1.la +libexec/ipsec/plugins/libstrongswan-sha1.so +libexec/ipsec/plugins/libstrongswan-sha2.a +libexec/ipsec/plugins/libstrongswan-sha2.la +libexec/ipsec/plugins/libstrongswan-sha2.so +libexec/ipsec/plugins/libstrongswan-socket-default.a +libexec/ipsec/plugins/libstrongswan-socket-default.la +libexec/ipsec/plugins/libstrongswan-socket-default.so +libexec/ipsec/plugins/libstrongswan-stroke.a +libexec/ipsec/plugins/libstrongswan-stroke.la +libexec/ipsec/plugins/libstrongswan-stroke.so +libexec/ipsec/plugins/libstrongswan-updown.a +libexec/ipsec/plugins/libstrongswan-updown.la +libexec/ipsec/plugins/libstrongswan-updown.so +libexec/ipsec/plugins/libstrongswan-x509.a +libexec/ipsec/plugins/libstrongswan-x509.la +libexec/ipsec/plugins/libstrongswan-x509.so +libexec/ipsec/plugins/libstrongswan-xcbc.a +libexec/ipsec/plugins/libstrongswan-xcbc.la +libexec/ipsec/plugins/libstrongswan-xcbc.so +libexec/ipsec/starter +libexec/ipsec/stroke +sbin/ipsec +@dirrm libexec/ipsec/plugins +@dirrm libexec/ipsec +@dirrm etc/ipsec.d/reqs +@dirrm etc/ipsec.d/private +@dirrm etc/ipsec.d/ocspcerts +@dirrm etc/ipsec.d/crls +@dirrm etc/ipsec.d/certs +@dirrm etc/ipsec.d/cacerts +@dirrm etc/ipsec.d/acerts +@dirrm etc/ipsec.d/aacerts +@dirrm etc/ipsec.d +@exec mkdir -p %D/etc/ipsec.d/reqs +@exec mkdir -p %D/etc/ipsec.d/private +@exec mkdir -p %D/etc/ipsec.d/ocspcerts +@exec mkdir -p %D/etc/ipsec.d/crls +@exec mkdir -p %D/etc/ipsec.d/certs +@exec mkdir -p %D/etc/ipsec.d/cacerts +@exec mkdir -p %D/etc/ipsec.d/acerts +@exec mkdir -p %D/etc/ipsec.d/aacerts |