ports/147431: [NEW PORT] security/strongswan - Open Source IPsec-based VPN solution

Riaan Kruger riaank at gmail.com
Thu Jun 3 12:40:03 UTC 2010 

>Number:         147431
>Category:       ports
>Synopsis:       [NEW PORT] security/strongswan - Open Source IPsec-based VPN solution
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 03 12:40:03 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Riaan Kruger
>Release:        FreeBSD 8.0-RELEASE-p2
>Organization:
>Environment:
FreeBSD hostname 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Jan  5 16:02:27 UTC 2010     root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
Strongswan is an open source IPsec-based VPN solution. 

WWW: http://www.strongswan.org 
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	/usr/ports/security/strongswan/
#	/usr/ports/security/strongswan/files
#	/usr/ports/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c
#	/usr/ports/security/strongswan/distinfo
#	/usr/ports/security/strongswan/pkg-descr
#	/usr/ports/security/strongswan/pkg-plist
#	/usr/ports/security/strongswan/Makefile
#
echo c - /usr/ports/security/strongswan/
mkdir -p /usr/ports/security/strongswan/ > /dev/null 2>&1
echo c - /usr/ports/security/strongswan/files
mkdir -p /usr/ports/security/strongswan/files > /dev/null 2>&1
echo x - /usr/ports/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c
sed 's/^X//' >/usr/ports/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c << 'd746b2299214dda4208929a3abd0e063'
Xdiff -u -r srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
X--- srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c	2010-03-19 17:56:54.000000000 +0200
X+++ src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c	2010-05-28 15:58:12.000000000 +0200
X@@ -600,17 +600,43 @@
X }
X 
X /**
X- * add a host behind a sadb_address extension
X+ * Copy a host_t as sockaddr_t to the given memory location. Ports are
X+ * reset to zero as per RFC 2367.
X+ * @returns		the number of bytes copied
X  */
X-static void host2ext(host_t *host, struct sadb_address *ext)
X+static size_t hostcpy(void *dest, host_t *host)
X {
X-	sockaddr_t *host_addr = host->get_sockaddr(host);
X+	sockaddr_t *addr = host->get_sockaddr(host), *dest_addr = dest;
X 	socklen_t *len = host->get_sockaddr_len(host);
X+	memcpy(dest, addr, *len);
X #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
X-	host_addr->sa_len = *len;
X+	dest_addr->sa_len = *len;
X #endif
X-	memcpy((char*)(ext + 1), host_addr, *len);
X-	ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + *len);
X+	switch (dest_addr->sa_family)
X+	{
X+		case AF_INET:
X+		{
X+			struct sockaddr_in *sin = dest;
X+			sin->sin_port = 0;
X+			break;
X+		}
X+		case AF_INET6:
X+		{
X+			struct sockaddr_in6 *sin6 = dest;
X+			sin6->sin6_port = 0;
X+			break;
X+		}
X+	}
X+	return *len;
X+}
X+
X+/**
X+ * add a host behind an sadb_address extension
X+ */
X+static void host2ext(host_t *host, struct sadb_address *ext)
X+{
X+	size_t len = hostcpy(ext + 1, host);
X+	ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + len);
X }
X 
X /**
X@@ -1019,6 +1045,7 @@
X }
X #endif /*SADB_X_MIGRATE*/
X 
X+#ifndef __FreeBSD__
X #ifdef HAVE_NATT
X /**
X  * Process a SADB_X_NAT_T_NEW_MAPPING message from the kernel
X@@ -1076,6 +1103,7 @@
X 	}
X }
X #endif /*HAVE_NATT*/
X+#endif /*__FreeBSD__*/
X 
X /**
X  * Receives events from kernel
X@@ -1137,11 +1165,13 @@
X 			process_migrate(this, msg);
X 			break;
X #endif /*SADB_X_MIGRATE*/
X+#ifndef __FreeBSD__
X #ifdef HAVE_NATT
X 		case SADB_X_NAT_T_NEW_MAPPING:
X 			process_mapping(this, msg);
X 			break;
X #endif /*HAVE_NATT*/
X+#endif /*__FreeBSD__*/
X 		default:
X 			break;
X 	}
X@@ -1679,14 +1709,10 @@
X 	req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
X 	if (mode == MODE_TUNNEL)
X 	{
X-		sockaddr_t *sa;
X-		socklen_t sl;
X-		sa = src->get_sockaddr(src);
X-		sl = *src->get_sockaddr_len(src);
X-		memcpy(req + 1, sa, sl);
X-		sa = dst->get_sockaddr(dst);
X-		memcpy((u_int8_t*)(req + 1) + sl, sa, sl);
X-		req->sadb_x_ipsecrequest_len += sl * 2;
X+		len = hostcpy(req + 1, src);
X+		req->sadb_x_ipsecrequest_len += len;
X+		len = hostcpy((char*)(req + 1) + len, dst);
X+		req->sadb_x_ipsecrequest_len += len;
X 	}
X 
X 	pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len);
d746b2299214dda4208929a3abd0e063
echo x - /usr/ports/security/strongswan/distinfo
sed 's/^X//' >/usr/ports/security/strongswan/distinfo << '9127200bde3fcbe921232c9becde9a0a'
XMD5 (strongswan-4.4.0.tar.bz2) = bfb0f1c8ef1344e1ae8157bdde060fed
XSHA256 (strongswan-4.4.0.tar.bz2) = df40d9daf963ce4f4bef4177ed02d68c083521b307f52bebb1872c2ded4b2718
XSIZE (strongswan-4.4.0.tar.bz2) = 2863754
9127200bde3fcbe921232c9becde9a0a
echo x - /usr/ports/security/strongswan/pkg-descr
sed 's/^X//' >/usr/ports/security/strongswan/pkg-descr << '229658a306df519cf515176f3b9a6e48'
XStrongswan is an open source IPsec-based VPN solution. 
X
XWWW: http://www.strongswan.org
229658a306df519cf515176f3b9a6e48
echo x - /usr/ports/security/strongswan/pkg-plist
sed 's/^X//' >/usr/ports/security/strongswan/pkg-plist << 'b13d9de1e2dd08108c3b33a7aaa4329a'
Xetc/ipsec.conf
X%%ETCDIR%%.conf
Xlib/libcharon.a
Xlib/libcharon.la
Xlib/libcharon.so
Xlib/libcharon.so.0
Xlib/libhydra.a
Xlib/libhydra.la
Xlib/libhydra.so
Xlib/libhydra.so.0
Xlib/libstrongswan.a
Xlib/libstrongswan.la
Xlib/libstrongswan.so
Xlib/libstrongswan.so.0
Xlibexec/ipsec/_copyright
Xlibexec/ipsec/_updown
Xlibexec/ipsec/_updown_espmark
Xlibexec/ipsec/charon
Xlibexec/ipsec/plugins/libstrongswan-aes.a
Xlibexec/ipsec/plugins/libstrongswan-aes.la
Xlibexec/ipsec/plugins/libstrongswan-aes.so
Xlibexec/ipsec/plugins/libstrongswan-attr.a
Xlibexec/ipsec/plugins/libstrongswan-attr.la
Xlibexec/ipsec/plugins/libstrongswan-attr.so
Xlibexec/ipsec/plugins/libstrongswan-des.a
Xlibexec/ipsec/plugins/libstrongswan-des.la
Xlibexec/ipsec/plugins/libstrongswan-des.so
Xlibexec/ipsec/plugins/libstrongswan-dnskey.a
Xlibexec/ipsec/plugins/libstrongswan-dnskey.la
Xlibexec/ipsec/plugins/libstrongswan-dnskey.so
Xlibexec/ipsec/plugins/libstrongswan-fips-prf.a
Xlibexec/ipsec/plugins/libstrongswan-fips-prf.la
Xlibexec/ipsec/plugins/libstrongswan-fips-prf.so
Xlibexec/ipsec/plugins/libstrongswan-gmp.a
Xlibexec/ipsec/plugins/libstrongswan-gmp.la
Xlibexec/ipsec/plugins/libstrongswan-gmp.so
Xlibexec/ipsec/plugins/libstrongswan-hmac.a
Xlibexec/ipsec/plugins/libstrongswan-hmac.la
Xlibexec/ipsec/plugins/libstrongswan-hmac.so
Xlibexec/ipsec/plugins/libstrongswan-kernel-pfkey.a
Xlibexec/ipsec/plugins/libstrongswan-kernel-pfkey.la
Xlibexec/ipsec/plugins/libstrongswan-kernel-pfkey.so
Xlibexec/ipsec/plugins/libstrongswan-kernel-pfroute.a
Xlibexec/ipsec/plugins/libstrongswan-kernel-pfroute.la
Xlibexec/ipsec/plugins/libstrongswan-kernel-pfroute.so
Xlibexec/ipsec/plugins/libstrongswan-md5.a
Xlibexec/ipsec/plugins/libstrongswan-md5.la
Xlibexec/ipsec/plugins/libstrongswan-md5.so
Xlibexec/ipsec/plugins/libstrongswan-pem.a
Xlibexec/ipsec/plugins/libstrongswan-pem.la
Xlibexec/ipsec/plugins/libstrongswan-pem.so
Xlibexec/ipsec/plugins/libstrongswan-pgp.a
Xlibexec/ipsec/plugins/libstrongswan-pgp.la
Xlibexec/ipsec/plugins/libstrongswan-pgp.so
Xlibexec/ipsec/plugins/libstrongswan-pkcs1.a
Xlibexec/ipsec/plugins/libstrongswan-pkcs1.la
Xlibexec/ipsec/plugins/libstrongswan-pkcs1.so
Xlibexec/ipsec/plugins/libstrongswan-pubkey.a
Xlibexec/ipsec/plugins/libstrongswan-pubkey.la
Xlibexec/ipsec/plugins/libstrongswan-pubkey.so
Xlibexec/ipsec/plugins/libstrongswan-random.a
Xlibexec/ipsec/plugins/libstrongswan-random.la
Xlibexec/ipsec/plugins/libstrongswan-random.so
Xlibexec/ipsec/plugins/libstrongswan-resolve.a
Xlibexec/ipsec/plugins/libstrongswan-resolve.la
Xlibexec/ipsec/plugins/libstrongswan-resolve.so
Xlibexec/ipsec/plugins/libstrongswan-sha1.a
Xlibexec/ipsec/plugins/libstrongswan-sha1.la
Xlibexec/ipsec/plugins/libstrongswan-sha1.so
Xlibexec/ipsec/plugins/libstrongswan-sha2.a
Xlibexec/ipsec/plugins/libstrongswan-sha2.la
Xlibexec/ipsec/plugins/libstrongswan-sha2.so
Xlibexec/ipsec/plugins/libstrongswan-socket-default.a
Xlibexec/ipsec/plugins/libstrongswan-socket-default.la
Xlibexec/ipsec/plugins/libstrongswan-socket-default.so
Xlibexec/ipsec/plugins/libstrongswan-stroke.a
Xlibexec/ipsec/plugins/libstrongswan-stroke.la
Xlibexec/ipsec/plugins/libstrongswan-stroke.so
Xlibexec/ipsec/plugins/libstrongswan-updown.a
Xlibexec/ipsec/plugins/libstrongswan-updown.la
Xlibexec/ipsec/plugins/libstrongswan-updown.so
Xlibexec/ipsec/plugins/libstrongswan-x509.a
Xlibexec/ipsec/plugins/libstrongswan-x509.la
Xlibexec/ipsec/plugins/libstrongswan-x509.so
Xlibexec/ipsec/plugins/libstrongswan-xcbc.a
Xlibexec/ipsec/plugins/libstrongswan-xcbc.la
Xlibexec/ipsec/plugins/libstrongswan-xcbc.so
Xlibexec/ipsec/starter
Xlibexec/ipsec/stroke
Xsbin/ipsec
X at dirrm libexec/ipsec/plugins
X at dirrm libexec/ipsec
X at dirrm etc/ipsec.d/reqs
X at dirrm etc/ipsec.d/private
X at dirrm etc/ipsec.d/ocspcerts
X at dirrm etc/ipsec.d/crls
X at dirrm etc/ipsec.d/certs
X at dirrm etc/ipsec.d/cacerts
X at dirrm etc/ipsec.d/acerts
X at dirrm etc/ipsec.d/aacerts
X at dirrm etc/ipsec.d
X at exec mkdir -p %D/etc/ipsec.d/reqs
X at exec mkdir -p %D/etc/ipsec.d/private
X at exec mkdir -p %D/etc/ipsec.d/ocspcerts
X at exec mkdir -p %D/etc/ipsec.d/crls
X at exec mkdir -p %D/etc/ipsec.d/certs
X at exec mkdir -p %D/etc/ipsec.d/cacerts
X at exec mkdir -p %D/etc/ipsec.d/acerts
X at exec mkdir -p %D/etc/ipsec.d/aacerts
b13d9de1e2dd08108c3b33a7aaa4329a
echo x - /usr/ports/security/strongswan/Makefile
sed 's/^X//' >/usr/ports/security/strongswan/Makefile << 'c9ffd13c0567760030aa133e15a5f480'
X# New ports collection makefile for:    strongswan
X# Date created:         30 May 2010
X# Whom:                 riaank
X# $FreeBSD$
X
X# TODO: 
X# 1. At present there should be no CONFLICTS because this is the first version of the strongswan port. But in future this should be filled in.
X# 2. The port needs the standard startup scripts.
X# 3. The port needs some documentation on which parts/functinalities of Strongswan is supported on FreeBSD; this might be outside the scope of the port
X# 4. Currently the port requires a minimum version of FreeBSD 8 and this should be set somehow in this Makefile.
X# 5. The PORTDOCS section/values need to be defined.
X
XPORTNAME=	strongswan
XPORTVERSION=	4.4.0
XCATEGORIES=	security
XMASTER_SITES=	http://download.strongswan.org/ \
X		http://download2.strongswan.org/
X
XMAINTAINER=	riaank at gmail.com
X
XCOMMENT=	Open Source IPSec-based VPN solution.
X
XLIB_DEPENDS+=	vstr:${PORTSDIR}/devel/vstr
XLIB_DEPENDS+=	gmp.8:${PORTSDIR}/math/libgmp4
X
XUSE_BZIP2=	yes
X
XUSE_AUTOTOOLS=	libtool:22
XGNU_CONFIGURE=	yes
XUSE_LDCONFIG=	yes
XCONFIGURE_ARGS=	-enable-kernel-pfkey \
X		--enable-kernel-pfroute  \
X		--disable-kernel-netlink  \
X		--enable-vstr  \
X		--disable-tools  \
X		--disable-scripts  \
X		--disable-pluto  \
X		--with-group=wheel  \
X		--with-lib-prefix=${PREFIX}
X
XMAN5=		ipsec.conf.5
XMAN8=		ipsec.8 starter.8 _copyright.8 _updown.8 _updown_espmark.8
X
X.include <bsd.port.mk>
c9ffd13c0567760030aa133e15a5f480
exit



>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list