ports/116540: [NEW PORT] net-mgmt/send: Secure Neighbor Discovery implementation for IPv6

Sat Sep 22 08:40:02 UTC 2007

>Number:         116540
>Category:       ports
>Synopsis:       [NEW PORT] net-mgmt/send: Secure Neighbor Discovery implementation for IPv6
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 22 08:40:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Janos Mohacsi
>Release:        FreeBSD 5.5-STABLE i386
>Organization:
NIIF/HUNGARNET
>Environment:
System: FreeBSD skye.ki.iif.hu 5.5-STABLE FreeBSD 5.5-STABLE #4: Mon Aug  6 13:25:53 CEST
>Description:
DoCoMo's Open Source SEND project provides an implementation of
RFC3971 Secure Neighbor Discovery (SEND). SEND cryptographically
secures the IPv6 neighbor discovery protocol, countering the threats
discussed in RFC3756 (IPv6 Neighbor Discovery (ND) Trust Models and
Threats).

DoCoMo's SEND is implemented completely in user space, so it is
portable and lends itself to experimentation. It currently runs on
Linux (tested on 2.6 kernels) and FreeBSD (tested on 5.4).

Also included in the distribution are implementations of RFC3972
Cryptographically Generated Addresses (CGAs) and RFC3779 X.509
Extensions for IP Addresses and AS Identifiers.

WWW: http://www.docomolabs-usa.com/lab_osrc_guide.html

Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:

--- send-0.2.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	send
#	send/files
#	send/files/pkg-message.in
#	send/files/patch-sendd_sendd__local.h
#	send/files/patch-sendd_os-freebsd_sendd
#	send/files/patch-sendd_os-freebsd_Makefile
#	send/files/patch-include_pkixip__ext__asn.h
#	send/files/patch-examples_sendd.conf
#	send/files/patch-examples_params.conf
#	send/files/patch-examples_ipext_ipext__verify.conf
#	send/files/patch-Makefile.config
#	send/pkg-plist
#	send/pkg-descr
#	send/distinfo
#	send/Makefile
#
echo c - send
mkdir -p send > /dev/null 2>&1
echo c - send/files
mkdir -p send/files > /dev/null 2>&1
echo x - send/files/pkg-message.in
sed 's/^X//' >send/files/pkg-message.in << 'END-of-send/files/pkg-message.in'
X-------------------------------------------------------------------------------
XTo run sendd from startup, add sendd_enable="YES"
Xin your /etc/rc.conf.
XConfigiration options can be found in %%PREFIX%%/etc/sendd
X-------------------------------------------------------------------------------
XIn order to proper working of Secure Neighbor Discovery Daemon
Xenable following kernel options:
XNETGRAPH, NETGRAPH_BPF, NETGRAPH_ETHER, NETGRAPH_SOCKET
X-------------------------------------------------------------------------------
END-of-send/files/pkg-message.in
echo x - send/files/patch-sendd_sendd__local.h
sed 's/^X//' >send/files/patch-sendd_sendd__local.h << 'END-of-send/files/patch-sendd_sendd__local.h'
X
X$FreeBSD$
X
X--- sendd/sendd_local.h.orig
X+++ sendd/sendd_local.h
X@@ -41,7 +41,7 @@
X #include <openssl/sha.h>
X 
X #define	SENDD_NAME	"sendd"
X-#define	SNDD_CONF_FILE	"/etc/sendd.conf"
X+#define	SNDD_CONF_FILE	"%%PREFIX%%/etc/sendd/sendd.conf"
X 
X #define	SND_HASH_SZ	7
X 
END-of-send/files/patch-sendd_sendd__local.h
echo x - send/files/patch-sendd_os-freebsd_sendd
sed 's/^X//' >send/files/patch-sendd_os-freebsd_sendd << 'END-of-send/files/patch-sendd_os-freebsd_sendd'
X
X$FreeBSD$
X
X--- sendd/os-freebsd/sendd.orig
X+++ sendd/os-freebsd/sendd
X@@ -37,8 +37,8 @@
X 
X name="sendd"
X rcvar=`set_rcvar`
X-command="/usr/sbin/${name}"
X-required_files="/etc/${name}.conf"
X+command="%%PREFIX%%/sbin/${name}"
X+required_files="%%PREFIX%%/etc/${name}.conf"
X 
X load_rc_config $name
X run_rc_command "$1"
END-of-send/files/patch-sendd_os-freebsd_sendd
echo x - send/files/patch-sendd_os-freebsd_Makefile
sed 's/^X//' >send/files/patch-sendd_os-freebsd_Makefile << 'END-of-send/files/patch-sendd_os-freebsd_Makefile'
X
X$FreeBSD$
X
X--- sendd/os-freebsd/Makefile.orig
X+++ sendd/os-freebsd/Makefile
X@@ -1,12 +1,13 @@
X 
X OBJS += os/addr.o os/snd_freebsd.o os/netgraph.o os-linux/rand.o
X+CPPFLAGS +=	-I%%LOCALBASE%%/include
X 
X-OSLIBS= -lnetgraph -l$(DNET)
X+OSLIBS= -lnetgraph -L%%LOCALBASE%%/lib -l$(DNET)
X 
X OSEXTRA= os/sendd
X-EXTRAINSTALL= /etc/rc.d/sendd
X+EXTRAINSTALL= %%PREFIX%%/etc/rc.d/sendd
X EXTRAUNINSTALL=$(EXTRAINSTALL)
X 
X-/etc/rc.d/%: os/%
X+%%PREFIX%%/etc/rc.d/%: os/%
X 	install $< $@
X 
END-of-send/files/patch-sendd_os-freebsd_Makefile
echo x - send/files/patch-include_pkixip__ext__asn.h
sed 's/^X//' >send/files/patch-include_pkixip__ext__asn.h << 'END-of-send/files/patch-include_pkixip__ext__asn.h'
X
X$FreeBSD$
X
X--- include/pkixip_ext_asn.h.orig
X+++ include/pkixip_ext_asn.h
X@@ -45,6 +45,7 @@
X #define	IANA_SAFI_BOTH		3
X #define	IANA_SAFI_MPLS		4
X 
X+/*
X typedef struct IPAddressRange_st {
X 	ASN1_BIT_STRING		*min;
X 	ASN1_BIT_STRING		*max;
X@@ -52,9 +53,6 @@
X 
X typedef struct IPAddressOrRange_st {
X 
X-#define	IP_AOR_PREFIX		0
X-#define	IP_AOR_RANGE		1
X-
X 	int 			type;
X 	union {
X 		ASN1_BIT_STRING	*addressPrefix;
X@@ -64,8 +62,6 @@
X 
X typedef struct IPAddressChoice_st {
X 
X-#define	IPA_CHOICE_INHERIT	0
X-#define	IPA_CHOICE_AOR		1
X 
X 	int 			type;
X 	union {
X@@ -78,6 +74,12 @@
X 	ASN1_OCTET_STRING	*addressFamily;
X 	IPAddressChoice		*ipAddressChoice;
X } IPAddressFamily;
X+*/
X+
X+#define	IP_AOR_PREFIX		0
X+#define	IP_AOR_RANGE		1
X+#define	IPA_CHOICE_INHERIT	0
X+#define	IPA_CHOICE_AOR		1
X 
X typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
X 
END-of-send/files/patch-include_pkixip__ext__asn.h
echo x - send/files/patch-examples_sendd.conf
sed 's/^X//' >send/files/patch-examples_sendd.conf << 'END-of-send/files/patch-examples_sendd.conf'
X
X$FreeBSD$
X
X--- examples/sendd.conf.orig
X+++ examples/sendd.conf
X@@ -6,7 +6,7 @@
X # The path of the file containing this host's CGA parameters
X # configuration file
X # <no default>
X-snd_cga_params=/etc/sendd/params.conf
X+snd_cga_params=%%PREFIX%%/etc/sendd/params.conf
X 
X #
X # Optional
X@@ -16,7 +16,7 @@
X # or a router) you must set this to the file containing certificate
X # information.
X # <no default>
X-# snd_pkixip_conf=/etc/sendd/ipext.conf
X+# snd_pkixip_conf=%%PREFIX%%/etc/sendd/ipext.conf
X 
X # Accept secured RAs without PKIX IP extensions
X # <default = no>
END-of-send/files/patch-examples_sendd.conf
echo x - send/files/patch-examples_params.conf
sed 's/^X//' >send/files/patch-examples_params.conf << 'END-of-send/files/patch-examples_params.conf'
X
X$FreeBSD$
X
X--- examples/params.conf.orig
X+++ examples/params.conf
X@@ -2,8 +2,8 @@
X # Some (somewhat nonsensical) examples
X 
X named default {
X-	snd_cga_params /etc/sendd/cga.params;
X-	snd_cga_priv /etc/sendd/key.pem;
X+	snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
X+	snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
X 	snd_cga_sec 1;
X }
X 
X@@ -20,14 +20,14 @@
X }
X 
X named foo {
X-	snd_cga_params /etc/sendd/cga.params;
X-	snd_cga_priv /etc/sendd/key.pem;
X+	snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
X+	snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
X 	snd_cga_sec 1;
X }
X 
X address fe80::2421:cd21:6930:22fb {
X-	snd_cga_params /etc/sendd/cga.params;
X-	snd_cga_priv /etc/sendd/key.pem;
X+	snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
X+	snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
X 	snd_cga_sec 1;
X 	interface eth0;
X }
END-of-send/files/patch-examples_params.conf
echo x - send/files/patch-examples_ipext_ipext__verify.conf
sed 's/^X//' >send/files/patch-examples_ipext_ipext__verify.conf << 'END-of-send/files/patch-examples_ipext_ipext__verify.conf'
X
X$FreeBSD$
X
X--- examples/ipext/ipext_verify.conf.orig
X+++ examples/ipext/ipext_verify.conf
X@@ -5,7 +5,7 @@
X   }
X }
X files {
X-  trustedcert /usr/src/send_0.1/examples/ipext/ca/cert_ipext.pem;
X-  trustedcert /usr/src/send_0.1/examples/ipext/lvl1/cert_ipext.pem;
X-  certfile /usr/src/send_0.1/examples/ipext/ar1/cert_ipext.pem;
X+  trustedcert %%PREFIX%%/etc/sendd/ca/cert_ipext.pem;
X+  trustedcert %%PREFIX%%/etc/sendd/lvl1/cert_ipext.pem;
X+  certfile %%PREFIX%%/etc/sendd/ar1/cert_ipext.pem;
X }
END-of-send/files/patch-examples_ipext_ipext__verify.conf
echo x - send/files/patch-Makefile.config
sed 's/^X//' >send/files/patch-Makefile.config << 'END-of-send/files/patch-Makefile.config'
X
X$FreeBSD$
X
X--- Makefile.config.orig
X+++ Makefile.config
X@@ -4,8 +4,8 @@
X #
X 
X # Uncomment the line for your OS
X-OS=linux
X-#OS=freebsd
X+#OS=linux
X+OS=freebsd
X 
X # Linux only: Where is your linux kernel source?
X # Ignored for non-Linux
X@@ -19,7 +19,7 @@
X #CC=gcc-4.0
X 
X # Where to install
X-prefix=/usr
X+prefix=%%PREFIX%%
X 
X # Set to "y" to build MT versions of sendd and cgatool
X USE_THREADS=n
END-of-send/files/patch-Makefile.config
echo x - send/pkg-plist
sed 's/^X//' >send/pkg-plist << 'END-of-send/pkg-plist'
Xsbin/cgatool
Xsbin/ipexttool
Xsbin/sendd
Xetc/rc.d/sendd
Xetc/sendd/sendd.conf-dist
Xetc/sendd/params.conf-dist
Xetc/sendd/ipext.conf-dist
X at dirrmtry etc/sendd
END-of-send/pkg-plist
echo x - send/pkg-descr
sed 's/^X//' >send/pkg-descr << 'END-of-send/pkg-descr'
XDoCoMo's Open Source SEND project provides an implementation of
XRFC3971 Secure Neighbor Discovery (SEND). SEND cryptographically
Xsecures the IPv6 neighbor discovery protocol, countering the threats
Xdiscussed in RFC3756 (IPv6 Neighbor Discovery (ND) Trust Models and
XThreats).
X
XDoCoMo's SEND is implemented completely in user space, so it is
Xportable and lends itself to experimentation. It currently runs on
XLinux (tested on 2.6 kernels) and FreeBSD (tested on 5.4).
X
XAlso included in the distribution are implementations of RFC3972
XCryptographically Generated Addresses (CGAs) and RFC3779 X.509
XExtensions for IP Addresses and AS Identifiers.
X
XWWW: http://www.docomolabs-usa.com/lab_osrc_guide.html
END-of-send/pkg-descr
echo x - send/distinfo
sed 's/^X//' >send/distinfo << 'END-of-send/distinfo'
XMD5 (send_0.2.zip) = 292c8b861b7799aeb1b0166f97c12f08
XSHA256 (send_0.2.zip) = 3fc9be6d55a2cc7d0f40249351c29ef6c605ea6d77d8f3654785a744ea64c0b7
XSIZE (send_0.2.zip) = 387834
END-of-send/distinfo
echo x - send/Makefile
sed 's/^X//' >send/Makefile << 'END-of-send/Makefile'
X# New ports collection makefile for:    send
X# Date created:         19.09.2007
X# Whom: Janos Mohacsi <mohacsi at niif.hu>
X#
X# $FreeBSD$
X
XPORTNAME=	send
XPORTVERSION=	0.2
XCATEGORIES=	net-mgmt ipv6
XMASTER_SITES=	#http://www.docomolabs-usa.com/lab_osrc_guide.html
XDISTNAME=	${PORTNAME}_${PORTVERSION}
X
XMAINTAINER=	janos.mohacsi at bsd.hu
XCOMMENT=	Secure Neighbor Discovery implementation for IPv6
X
XLIB_DEPENDS=	dnet.1:${PORTSDIR}/net/libdnet
X
XRESTRICTED=	not redistributable, license agreement required
X
XUSE_ZIP=	yes
XUSE_GMAKE=	yes
XSUB_FILES=	pkg-message
X
XPORTDOCS=	UserGuide.pdf
X
X.include <bsd.port.pre.mk>
X
X.if !exists(${DISTDIR}/${DISTNAME}${EXTRACT_SUFX})
XIGNORE=		needs you to sign the agreement on "http://www.docomolabs-usa.com/lab_osrc_downl.html", download it manually, place in ${DISTDIR} and then restart this build
X.endif
X
Xpost-patch:
X	@${REINPLACE_CMD} -e "s|%%PREFIX%%|${PREFIX}|" -e "s|%%LOCALBASE%%|${LOCALBASE}|" \
X		${WRKSRC}/Makefile.config \
X		${WRKSRC}/sendd/sendd_local.h \
X		${WRKSRC}/sendd/os-freebsd/Makefile \
X		${WRKSRC}/sendd/os-freebsd/sendd \
X		${WRKSRC}/examples/sendd.conf \
X		${WRKSRC}/examples/params.conf \
X		${WRKSRC}/examples/ipext/ipext_verify.conf
X
Xpost-install:
X	${MKDIR} ${PREFIX}/etc/sendd/
X	${INSTALL_DATA} ${WRKSRC}/examples/sendd.conf ${PREFIX}/etc/sendd/sendd.conf-dist
X	${INSTALL_DATA} ${WRKSRC}/examples/params.conf ${PREFIX}/etc/sendd/params.conf-dist
X	${INSTALL_DATA} ${WRKSRC}/examples/ipext/ipext_verify.conf ${PREFIX}/etc/sendd/ipext.conf-dist
X	@${CAT} ${PKGMESSAGE}
X.ifndef(NOPORTDOCS)
X	${MKDIR} ${DOCSDIR}
X. for doc in ${PORTDOCS}
X	${INSTALL_DATA} ${WRKSRC}/docs/${doc} ${DOCSDIR}
X. endfor
X.endif
X
X.include <bsd.port.post.mk>
END-of-send/Makefile
exit
--- send-0.2.shar ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted: