new port: security/hamachi (supersedes ports/110850)

New port of Hamachi VPN, using Linux official binary and a
	patch on tuncfg.c based on the official OSX release.

	Hamachi is a software that eases the creation of secure
	VPNs even between nodes that would not be able to connect
	to each other (server-assisted connection can be established
	from two NATted client, if at least one of the two NAT
	associates the port to the client not checking remote host).

	UPX port is required in order to decompress the linux binary
	and avoid run-time dependency on /proc.

PR:		ports/112982
Submitted by:	Lapo Luchini <lapo@lapo.it>
This commit is contained in:
Edwin Groothuis 2007-09-07 07:47:07 +00:00
parent d1af5920d9
commit 934dc5b816
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=199005
7 changed files with 377 additions and 0 deletions

View file

@ -179,6 +179,7 @@
SUBDIR += gwee
SUBDIR += hackbot
SUBDIR += hafiye
SUBDIR += hamachi
SUBDIR += hashish
SUBDIR += heimdal
SUBDIR += hlfl

39
security/hamachi/Makefile Normal file
View file

@ -0,0 +1,39 @@
# New ports collection makefile for: hamachi
# Date created: 2006-11-17
# Whom: Lapo Luchini <lapo@lapo.it>
#
# $FreeBSD$
#
PORTNAME= hamachi
DISTVERSION= 0.9.9.9-20
DISTVERSIONSUFFIX= -lnx
CATEGORIES= security linux
MASTER_SITES= http://files.hamachi.cc/linux/
PKGNAMEPREFIX= linux-
MAINTAINER= lapo@lapo.it
COMMENT= Fast, secure, simple VPN software with NAT-traversal
PATCH_DEPENDS= upx:${PORTSDIR}/archivers/upx
NO_BUILD= yes
ONLY_FOR_ARCHS= i386 amd64
USE_LINUX= yes
USE_RC_SUBR= hamachi.sh
PLIST_FILES= bin/hamachi bin/hamachi-init sbin/hamachi-tuncfg
PORTDOCS= README CHANGES
post-patch:
${RM} -f ${WRKSRC}/tuncfg/tuncfg
${CC} ${CFLAGS} -o ${WRKSRC}/tuncfg/tuncfg ${WRKSRC}/tuncfg/tuncfg.c
upx -d ${WRKSRC}/hamachi
post-install:
.if !defined(NOPORTDOCS)
${MKDIR} ${DOCSDIR}
cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
.endif
.include <bsd.port.mk>

View file

@ -0,0 +1,3 @@
MD5 (hamachi-0.9.9.9-20-lnx.tar.gz) = 27e4c926d0aa03de3573c0b7acf032a6
SHA256 (hamachi-0.9.9.9-20-lnx.tar.gz) = 9e4b733558377d0c971ee2a19e04c0f5956e069033e8d13865f7c4dcb6d7f31b
SIZE (hamachi-0.9.9.9-20-lnx.tar.gz) = 344866

View file

@ -0,0 +1,65 @@
#!/bin/sh
#
# hamachi.sh - load tap driver and start Hamachi's tuncfg daemon
#
# (C) Copyright 2007 by Lapo Luchini
# (loosely based on ports/security/openvpn/files/openvpn.sh.in 1.9 by Matthias Andree)
#
# $FreeBSD$
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
# Street, Fifth Floor, Boston, MA 02110-1301, USA.
# PROVIDE: hamachi
# REQUIRE: DAEMON
# KEYWORD: shutdown
#TODO: serve la KEYWORD:shutdown? che fa?
# Note that we deliberately refrain from unloading drivers.
. %%RC_SUBR%%
name="hamachi"
rcvar=`set_rcvar`
load_rc_config $name
: ${hamachi_enable="NO"}
command="%%PREFIX%%/sbin/hamachi-tuncfg"
start_precmd="hamachi_precmd"
hamachi_precmd() {
# FreeBSD <= 5.4 does not know kldstat's -m option
# FreeBSD >= 6.0 does not add debug.* sysctl information
# in the default build - we check both to keep things simple
if ! sysctl debug.if_tap_debug >/dev/null 2>&1 \
&& ! kldstat -m if_tap >/dev/null 2>&1 ; then
if ! kldload if_tap ; then
warn "Could not load tap module."
return 1
fi
fi
if ! sysctl compat.linux >/dev/null 2>&1 \
&& ! kldstat -m linuxelf >/dev/null 2>&1 ; then
if ! kldload linux ; then
warn "Could not load linux module."
return 1
fi
fi
return 0
}
run_rc_command "$1"

View file

@ -0,0 +1,26 @@
--- Makefile.orig Tue Jun 20 21:47:28 2006
+++ Makefile Thu Mar 22 14:02:01 2007
@@ -2,12 +2,12 @@
#
# Where hamachi and its symbolic link hamachi-init goes
#
-HAMACHI_DST ?= /usr/bin
+HAMACHI_DST ?= /usr/local/bin
#
# Where root-level tunnel device configuration daemon tuncfg goes
#
-TUNCFG_DST ?= /sbin
+TUNCFG_DST ?= /usr/local/sbin
.phony: install
@@ -26,7 +26,7 @@
fi;
@echo Copying tuncfg into $(TUNCFG_DST) ..
- @install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST)
+ @install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST)/hamachi-tuncfg
@echo
@echo "Hamachi is installed. See README for what to do next."

View file

@ -0,0 +1,240 @@
--- tuncfg/tuncfg.c.orig Tue Jun 20 21:47:28 2006
+++ tuncfg/tuncfg.c Fri Nov 17 11:14:51 2006
@@ -20,7 +20,7 @@
* normally required by a private networking software. Namely -
*
* * creation of tunneling devices; this requires an access to
- * /dev/net/tun file, which _usually_ has 700 access mask
+ * /dev/tapXX files, which _usually_ has 700 access mask
*
* * configuration of the tunneling device using ifconfig, which is
* always a root-level operation
@@ -29,7 +29,7 @@
* open a listening domain socket /var/run/tuncfg.sock.
*
* Upon accepting the connection on this socket, it will issue an open()
- * call for /dev/net/tun file (thus instantiating the tunneling device)
+ * call for /dev/tapXX file (iterating over first 16 XX values)
* and pass obtained FD to the peer process. It will also query and pass
* the MAC address of the device to the peer process.
*
@@ -48,10 +48,12 @@
#include <sys/un.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
+#include <sys/sysctl.h>
#include <arpa/inet.h>
-#include <linux/if.h>
-#include <linux/if_tun.h>
+#include <net/if.h>
+#include <net/if_dl.h>
+#include <netinet/in.h>
#include <unistd.h>
#include <errno.h>
@@ -59,6 +61,7 @@
#include <fcntl.h>
#include <stdarg.h>
#include <stdlib.h>
+#include <string.h>
/*
*
@@ -68,7 +71,7 @@
#define TUNTAP_URL "http://www.hamachi.cc/tuntap"
-#define MAX_CLIENTS 64
+#define MAX_CLIENTS 16
struct context
{
@@ -90,6 +93,7 @@
struct stat st;
pid_t pid;
int fd, r, i;
+ int debug = 0;
struct context ctx[MAX_CLIENTS];
int ctx_n = 0;
@@ -98,18 +102,28 @@
if (getuid() != 0)
errorf("tuncfg: must be run with superuser permissions\n");
- // lcok
- fd = open(LOCK_PATH, O_CREAT);
+ //
+ if (argc > 1)
+ {
+ debug = (strcmp(argv[1], "-d") == 0);
+ }
+
+ // lock
+ fd = open(LOCK_PATH, O_CREAT | O_RDWR);
if (fd < 0)
errorf("tuncfg: cannot open lock file %s -- %s\n",
LOCK_PATH, strerror(errno));
+ //
if (flock(fd, LOCK_EX | LOCK_NB) < 0)
- errorf("tuncfg: already running\n");
+ {
+ errorf("tuncfg: already running, "
+ "use 'killall tuncfg; tuncfg' to restart it\n");
+ }
// check there's /dev/net/tun
- if (stat("/dev/net/tun", &st) < 0)
- errorf("tuncfg: cannot stat() /dev/net/tun -- %s\n"
+ if (stat("/dev/tap0", &st) < 0)
+ errorf("tuncfg: cannot stat() /dev/tap0 -- %s\n"
"tuncfg: visit %s for more information\n",
strerror(errno), TUNTAP_URL);
@@ -143,7 +157,7 @@
SOCK_PATH, strerror(errno));
// daemonize
- if (argc < 2 || strcmp(argv[1], "-d"))
+ if (! debug)
{
chdir("/");
@@ -196,8 +210,13 @@
if (FD_ISSET(fd, &fdr))
{
struct context * p;
- struct ifreq ifr;
char buf[4+6];
+ int mib[6];
+ size_t len;
+ struct if_msghdr * msg = NULL;
+ struct sockaddr_dl * sa;
+ char dev_name[32];
+ int i;
int cli, dev = -1, tmp = -1;
cli = accept(fd, (void*)&addr, &alen);
@@ -213,48 +232,64 @@
goto done;
}
- // open tap device
- dev = open("/dev/net/tun", O_RDWR);
- printf("tuncfg: open() %d %d\n", dev, errno);
+ // open first available tap device
+ for (i=0; i<MAX_CLIENTS; i++)
+ {
+ snprintf(dev_name, sizeof(dev_name),
+ "/dev/tap%d", i);
+
+ dev = open(dev_name, O_RDWR);
+ printf("tuncfg: open(%s) %d %d\n",
+ dev_name, dev, errno);
+ if (dev >= 0)
+ break;
+ }
if (dev < 0)
{
- r = (0x02 << 24) | errno;
+ r = (0x02 << 24);
goto done;
}
- // bring it up
- strcpy(ifr.ifr_name, "ham%d");
- ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
- if (ioctl(dev, TUNSETIFF, (ulong)&ifr) < 0)
+ // query mac
+ mib[0] = CTL_NET;
+ mib[1] = AF_ROUTE;
+ mib[2] = 0;
+ mib[3] = AF_LINK;
+ mib[4] = NET_RT_IFLIST;
+ mib[5] = if_nametoindex("tap0");
+
+ if (! mib[5])
{
- printf("tuncfg: ioctl() -1 %d\n", errno);
r = (0x03 << 24) | errno;
goto done;
}
- printf("tuncfg: ioctl() 0 %s\n", ifr.ifr_name);
- // query mac
- tmp = socket(AF_INET, SOCK_DGRAM, 0);
- if (tmp < 0)
+ if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0)
{
- printf("tuncfg: socket(mac) %d\n", errno);
r = (0x04 << 24) | errno;
goto done;
}
-
- if (ioctl(tmp, SIOCGIFHWADDR, (ulong)&ifr) < 0)
+
+ msg = malloc(len);
+ if (! msg)
+ {
+ r = (0x05 << 24) | errno;
+ goto done;
+ }
+
+ if (sysctl(mib, 6, msg, &len, NULL, 0) < 0)
{
- printf("tuncfg: ioctl(mac) %d\n", errno);
r = (0x05 << 24) | errno;
goto done;
}
- memcpy(buf+4, &ifr.ifr_hwaddr.sa_data, 6);
+ sa = (void*)(msg + 1);
+ memcpy(buf+4, LLADDR(sa), 6);
// remember
p = &ctx[ctx_n++];
p->fd = cli;
- strncpy(p->dev, ifr.ifr_name, sizeof(p->dev));
+ strncpy(p->dev, dev_name+5, 5);
r = 0;
done:
@@ -264,6 +299,7 @@
send_with_fd(cli, buf, sizeof(buf), dev);
}
+ free(msg);
if (tmp != -1) close(tmp);
if (dev != -1) close(dev);
if (r != 0) close(cli);
@@ -295,7 +331,7 @@
goto ack;
}
- /* v[0] = ham<n>, v[1] = ip, v[2] = mask */
+ /* v[0] = ip, v[1] = mask */
if ( (v[0] & 0xff000000) != 0x05000000 ||
(v[1] & 0xff000000) != 0xff000000 )
{
@@ -324,9 +360,13 @@
r = system(cmd);
printf("tuncfg: system(%s) %d %d\n", cmd, r, errno);
-
+ if (r != 0)
+ {
+ r = (0x08 << 24) | (r & 0x00ffffff);
+ goto ack;
+ }
ack:
- printf("tuncfg: config() %08x", r);
+ printf("tuncfg: config() %08x\n", r);
send_with_fd(ctx[i].fd, &r, sizeof(r), -1);
}
}
@@ -360,4 +400,3 @@
return sendmsg(fd, &msg, 0);
}
-

View file

@ -0,0 +1,3 @@
Hamachi is a zero-configuration virtual private networking tool.
WWW: http://hamachi.cc/