new port: security/hamachi (supersedes ports/110850)
New port of Hamachi VPN, using Linux official binary and a patch on tuncfg.c based on the official OSX release. Hamachi is a software that eases the creation of secure VPNs even between nodes that would not be able to connect to each other (server-assisted connection can be established from two NATted client, if at least one of the two NAT associates the port to the client not checking remote host). UPX port is required in order to decompress the linux binary and avoid run-time dependency on /proc. PR: ports/112982 Submitted by: Lapo Luchini <lapo@lapo.it>
This commit is contained in:
parent
d1af5920d9
commit
934dc5b816
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=199005
7 changed files with 377 additions and 0 deletions
|
@ -179,6 +179,7 @@
|
|||
SUBDIR += gwee
|
||||
SUBDIR += hackbot
|
||||
SUBDIR += hafiye
|
||||
SUBDIR += hamachi
|
||||
SUBDIR += hashish
|
||||
SUBDIR += heimdal
|
||||
SUBDIR += hlfl
|
||||
|
|
39
security/hamachi/Makefile
Normal file
39
security/hamachi/Makefile
Normal file
|
@ -0,0 +1,39 @@
|
|||
# New ports collection makefile for: hamachi
|
||||
# Date created: 2006-11-17
|
||||
# Whom: Lapo Luchini <lapo@lapo.it>
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= hamachi
|
||||
DISTVERSION= 0.9.9.9-20
|
||||
DISTVERSIONSUFFIX= -lnx
|
||||
CATEGORIES= security linux
|
||||
MASTER_SITES= http://files.hamachi.cc/linux/
|
||||
PKGNAMEPREFIX= linux-
|
||||
|
||||
MAINTAINER= lapo@lapo.it
|
||||
COMMENT= Fast, secure, simple VPN software with NAT-traversal
|
||||
|
||||
PATCH_DEPENDS= upx:${PORTSDIR}/archivers/upx
|
||||
|
||||
NO_BUILD= yes
|
||||
ONLY_FOR_ARCHS= i386 amd64
|
||||
USE_LINUX= yes
|
||||
|
||||
USE_RC_SUBR= hamachi.sh
|
||||
PLIST_FILES= bin/hamachi bin/hamachi-init sbin/hamachi-tuncfg
|
||||
PORTDOCS= README CHANGES
|
||||
|
||||
post-patch:
|
||||
${RM} -f ${WRKSRC}/tuncfg/tuncfg
|
||||
${CC} ${CFLAGS} -o ${WRKSRC}/tuncfg/tuncfg ${WRKSRC}/tuncfg/tuncfg.c
|
||||
upx -d ${WRKSRC}/hamachi
|
||||
|
||||
post-install:
|
||||
.if !defined(NOPORTDOCS)
|
||||
${MKDIR} ${DOCSDIR}
|
||||
cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
|
||||
.endif
|
||||
|
||||
.include <bsd.port.mk>
|
3
security/hamachi/distinfo
Normal file
3
security/hamachi/distinfo
Normal file
|
@ -0,0 +1,3 @@
|
|||
MD5 (hamachi-0.9.9.9-20-lnx.tar.gz) = 27e4c926d0aa03de3573c0b7acf032a6
|
||||
SHA256 (hamachi-0.9.9.9-20-lnx.tar.gz) = 9e4b733558377d0c971ee2a19e04c0f5956e069033e8d13865f7c4dcb6d7f31b
|
||||
SIZE (hamachi-0.9.9.9-20-lnx.tar.gz) = 344866
|
65
security/hamachi/files/hamachi.sh.in
Normal file
65
security/hamachi/files/hamachi.sh.in
Normal file
|
@ -0,0 +1,65 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# hamachi.sh - load tap driver and start Hamachi's tuncfg daemon
|
||||
#
|
||||
# (C) Copyright 2007 by Lapo Luchini
|
||||
# (loosely based on ports/security/openvpn/files/openvpn.sh.in 1.9 by Matthias Andree)
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify it under
|
||||
# the terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation; either version 2 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
# details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
|
||||
# Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
# PROVIDE: hamachi
|
||||
# REQUIRE: DAEMON
|
||||
# KEYWORD: shutdown
|
||||
|
||||
#TODO: serve la KEYWORD:shutdown? che fa?
|
||||
|
||||
# Note that we deliberately refrain from unloading drivers.
|
||||
|
||||
. %%RC_SUBR%%
|
||||
|
||||
name="hamachi"
|
||||
rcvar=`set_rcvar`
|
||||
|
||||
load_rc_config $name
|
||||
|
||||
: ${hamachi_enable="NO"}
|
||||
|
||||
command="%%PREFIX%%/sbin/hamachi-tuncfg"
|
||||
start_precmd="hamachi_precmd"
|
||||
|
||||
hamachi_precmd() {
|
||||
# FreeBSD <= 5.4 does not know kldstat's -m option
|
||||
# FreeBSD >= 6.0 does not add debug.* sysctl information
|
||||
# in the default build - we check both to keep things simple
|
||||
if ! sysctl debug.if_tap_debug >/dev/null 2>&1 \
|
||||
&& ! kldstat -m if_tap >/dev/null 2>&1 ; then
|
||||
if ! kldload if_tap ; then
|
||||
warn "Could not load tap module."
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
if ! sysctl compat.linux >/dev/null 2>&1 \
|
||||
&& ! kldstat -m linuxelf >/dev/null 2>&1 ; then
|
||||
if ! kldload linux ; then
|
||||
warn "Could not load linux module."
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
run_rc_command "$1"
|
26
security/hamachi/files/patch-Makefile
Normal file
26
security/hamachi/files/patch-Makefile
Normal file
|
@ -0,0 +1,26 @@
|
|||
--- Makefile.orig Tue Jun 20 21:47:28 2006
|
||||
+++ Makefile Thu Mar 22 14:02:01 2007
|
||||
@@ -2,12 +2,12 @@
|
||||
#
|
||||
# Where hamachi and its symbolic link hamachi-init goes
|
||||
#
|
||||
-HAMACHI_DST ?= /usr/bin
|
||||
+HAMACHI_DST ?= /usr/local/bin
|
||||
|
||||
#
|
||||
# Where root-level tunnel device configuration daemon tuncfg goes
|
||||
#
|
||||
-TUNCFG_DST ?= /sbin
|
||||
+TUNCFG_DST ?= /usr/local/sbin
|
||||
|
||||
.phony: install
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
fi;
|
||||
|
||||
@echo Copying tuncfg into $(TUNCFG_DST) ..
|
||||
- @install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST)
|
||||
+ @install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST)/hamachi-tuncfg
|
||||
|
||||
@echo
|
||||
@echo "Hamachi is installed. See README for what to do next."
|
240
security/hamachi/files/patch-tuncfg_tuncfg.c
Normal file
240
security/hamachi/files/patch-tuncfg_tuncfg.c
Normal file
|
@ -0,0 +1,240 @@
|
|||
--- tuncfg/tuncfg.c.orig Tue Jun 20 21:47:28 2006
|
||||
+++ tuncfg/tuncfg.c Fri Nov 17 11:14:51 2006
|
||||
@@ -20,7 +20,7 @@
|
||||
* normally required by a private networking software. Namely -
|
||||
*
|
||||
* * creation of tunneling devices; this requires an access to
|
||||
- * /dev/net/tun file, which _usually_ has 700 access mask
|
||||
+ * /dev/tapXX files, which _usually_ has 700 access mask
|
||||
*
|
||||
* * configuration of the tunneling device using ifconfig, which is
|
||||
* always a root-level operation
|
||||
@@ -29,7 +29,7 @@
|
||||
* open a listening domain socket /var/run/tuncfg.sock.
|
||||
*
|
||||
* Upon accepting the connection on this socket, it will issue an open()
|
||||
- * call for /dev/net/tun file (thus instantiating the tunneling device)
|
||||
+ * call for /dev/tapXX file (iterating over first 16 XX values)
|
||||
* and pass obtained FD to the peer process. It will also query and pass
|
||||
* the MAC address of the device to the peer process.
|
||||
*
|
||||
@@ -48,10 +48,12 @@
|
||||
#include <sys/un.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/stat.h>
|
||||
+#include <sys/sysctl.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
-#include <linux/if.h>
|
||||
-#include <linux/if_tun.h>
|
||||
+#include <net/if.h>
|
||||
+#include <net/if_dl.h>
|
||||
+#include <netinet/in.h>
|
||||
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
@@ -59,6 +61,7 @@
|
||||
#include <fcntl.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdlib.h>
|
||||
+#include <string.h>
|
||||
|
||||
/*
|
||||
*
|
||||
@@ -68,7 +71,7 @@
|
||||
|
||||
#define TUNTAP_URL "http://www.hamachi.cc/tuntap"
|
||||
|
||||
-#define MAX_CLIENTS 64
|
||||
+#define MAX_CLIENTS 16
|
||||
|
||||
struct context
|
||||
{
|
||||
@@ -90,6 +93,7 @@
|
||||
struct stat st;
|
||||
pid_t pid;
|
||||
int fd, r, i;
|
||||
+ int debug = 0;
|
||||
|
||||
struct context ctx[MAX_CLIENTS];
|
||||
int ctx_n = 0;
|
||||
@@ -98,18 +102,28 @@
|
||||
if (getuid() != 0)
|
||||
errorf("tuncfg: must be run with superuser permissions\n");
|
||||
|
||||
- // lcok
|
||||
- fd = open(LOCK_PATH, O_CREAT);
|
||||
+ //
|
||||
+ if (argc > 1)
|
||||
+ {
|
||||
+ debug = (strcmp(argv[1], "-d") == 0);
|
||||
+ }
|
||||
+
|
||||
+ // lock
|
||||
+ fd = open(LOCK_PATH, O_CREAT | O_RDWR);
|
||||
if (fd < 0)
|
||||
errorf("tuncfg: cannot open lock file %s -- %s\n",
|
||||
LOCK_PATH, strerror(errno));
|
||||
|
||||
+ //
|
||||
if (flock(fd, LOCK_EX | LOCK_NB) < 0)
|
||||
- errorf("tuncfg: already running\n");
|
||||
+ {
|
||||
+ errorf("tuncfg: already running, "
|
||||
+ "use 'killall tuncfg; tuncfg' to restart it\n");
|
||||
+ }
|
||||
|
||||
// check there's /dev/net/tun
|
||||
- if (stat("/dev/net/tun", &st) < 0)
|
||||
- errorf("tuncfg: cannot stat() /dev/net/tun -- %s\n"
|
||||
+ if (stat("/dev/tap0", &st) < 0)
|
||||
+ errorf("tuncfg: cannot stat() /dev/tap0 -- %s\n"
|
||||
"tuncfg: visit %s for more information\n",
|
||||
strerror(errno), TUNTAP_URL);
|
||||
|
||||
@@ -143,7 +157,7 @@
|
||||
SOCK_PATH, strerror(errno));
|
||||
|
||||
// daemonize
|
||||
- if (argc < 2 || strcmp(argv[1], "-d"))
|
||||
+ if (! debug)
|
||||
{
|
||||
chdir("/");
|
||||
|
||||
@@ -196,8 +210,13 @@
|
||||
if (FD_ISSET(fd, &fdr))
|
||||
{
|
||||
struct context * p;
|
||||
- struct ifreq ifr;
|
||||
char buf[4+6];
|
||||
+ int mib[6];
|
||||
+ size_t len;
|
||||
+ struct if_msghdr * msg = NULL;
|
||||
+ struct sockaddr_dl * sa;
|
||||
+ char dev_name[32];
|
||||
+ int i;
|
||||
int cli, dev = -1, tmp = -1;
|
||||
|
||||
cli = accept(fd, (void*)&addr, &alen);
|
||||
@@ -213,48 +232,64 @@
|
||||
goto done;
|
||||
}
|
||||
|
||||
- // open tap device
|
||||
- dev = open("/dev/net/tun", O_RDWR);
|
||||
- printf("tuncfg: open() %d %d\n", dev, errno);
|
||||
+ // open first available tap device
|
||||
+ for (i=0; i<MAX_CLIENTS; i++)
|
||||
+ {
|
||||
+ snprintf(dev_name, sizeof(dev_name),
|
||||
+ "/dev/tap%d", i);
|
||||
+
|
||||
+ dev = open(dev_name, O_RDWR);
|
||||
+ printf("tuncfg: open(%s) %d %d\n",
|
||||
+ dev_name, dev, errno);
|
||||
+ if (dev >= 0)
|
||||
+ break;
|
||||
+ }
|
||||
if (dev < 0)
|
||||
{
|
||||
- r = (0x02 << 24) | errno;
|
||||
+ r = (0x02 << 24);
|
||||
goto done;
|
||||
}
|
||||
|
||||
- // bring it up
|
||||
- strcpy(ifr.ifr_name, "ham%d");
|
||||
- ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
|
||||
- if (ioctl(dev, TUNSETIFF, (ulong)&ifr) < 0)
|
||||
+ // query mac
|
||||
+ mib[0] = CTL_NET;
|
||||
+ mib[1] = AF_ROUTE;
|
||||
+ mib[2] = 0;
|
||||
+ mib[3] = AF_LINK;
|
||||
+ mib[4] = NET_RT_IFLIST;
|
||||
+ mib[5] = if_nametoindex("tap0");
|
||||
+
|
||||
+ if (! mib[5])
|
||||
{
|
||||
- printf("tuncfg: ioctl() -1 %d\n", errno);
|
||||
r = (0x03 << 24) | errno;
|
||||
goto done;
|
||||
}
|
||||
- printf("tuncfg: ioctl() 0 %s\n", ifr.ifr_name);
|
||||
|
||||
- // query mac
|
||||
- tmp = socket(AF_INET, SOCK_DGRAM, 0);
|
||||
- if (tmp < 0)
|
||||
+ if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0)
|
||||
{
|
||||
- printf("tuncfg: socket(mac) %d\n", errno);
|
||||
r = (0x04 << 24) | errno;
|
||||
goto done;
|
||||
}
|
||||
-
|
||||
- if (ioctl(tmp, SIOCGIFHWADDR, (ulong)&ifr) < 0)
|
||||
+
|
||||
+ msg = malloc(len);
|
||||
+ if (! msg)
|
||||
+ {
|
||||
+ r = (0x05 << 24) | errno;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ if (sysctl(mib, 6, msg, &len, NULL, 0) < 0)
|
||||
{
|
||||
- printf("tuncfg: ioctl(mac) %d\n", errno);
|
||||
r = (0x05 << 24) | errno;
|
||||
goto done;
|
||||
}
|
||||
|
||||
- memcpy(buf+4, &ifr.ifr_hwaddr.sa_data, 6);
|
||||
+ sa = (void*)(msg + 1);
|
||||
+ memcpy(buf+4, LLADDR(sa), 6);
|
||||
|
||||
// remember
|
||||
p = &ctx[ctx_n++];
|
||||
p->fd = cli;
|
||||
- strncpy(p->dev, ifr.ifr_name, sizeof(p->dev));
|
||||
+ strncpy(p->dev, dev_name+5, 5);
|
||||
|
||||
r = 0;
|
||||
done:
|
||||
@@ -264,6 +299,7 @@
|
||||
send_with_fd(cli, buf, sizeof(buf), dev);
|
||||
}
|
||||
|
||||
+ free(msg);
|
||||
if (tmp != -1) close(tmp);
|
||||
if (dev != -1) close(dev);
|
||||
if (r != 0) close(cli);
|
||||
@@ -295,7 +331,7 @@
|
||||
goto ack;
|
||||
}
|
||||
|
||||
- /* v[0] = ham<n>, v[1] = ip, v[2] = mask */
|
||||
+ /* v[0] = ip, v[1] = mask */
|
||||
if ( (v[0] & 0xff000000) != 0x05000000 ||
|
||||
(v[1] & 0xff000000) != 0xff000000 )
|
||||
{
|
||||
@@ -324,9 +360,13 @@
|
||||
|
||||
r = system(cmd);
|
||||
printf("tuncfg: system(%s) %d %d\n", cmd, r, errno);
|
||||
-
|
||||
+ if (r != 0)
|
||||
+ {
|
||||
+ r = (0x08 << 24) | (r & 0x00ffffff);
|
||||
+ goto ack;
|
||||
+ }
|
||||
ack:
|
||||
- printf("tuncfg: config() %08x", r);
|
||||
+ printf("tuncfg: config() %08x\n", r);
|
||||
send_with_fd(ctx[i].fd, &r, sizeof(r), -1);
|
||||
}
|
||||
}
|
||||
@@ -360,4 +400,3 @@
|
||||
|
||||
return sendmsg(fd, &msg, 0);
|
||||
}
|
||||
-
|
3
security/hamachi/pkg-descr
Normal file
3
security/hamachi/pkg-descr
Normal file
|
@ -0,0 +1,3 @@
|
|||
Hamachi is a zero-configuration virtual private networking tool.
|
||||
|
||||
WWW: http://hamachi.cc/
|
Loading…
Reference in a new issue