Date: 25 May 2007 08:10:03 -0000 From: Lapo Luchini <lapo@lapo.it> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Lapo Luchini <lapo@lapo.it> Subject: ports/112982: new port: security/hamachi (supersedes ports/110850) Message-ID: <20070525081003.55866.qmail@mail.lapo.it> Resent-Message-ID: <200705250820.l4P8K4GH014755@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 112982 >Category: ports >Synopsis: new port: security/hamachi (supersedes ports/110850) >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri May 25 08:20:04 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Lapo Luchini >Release: FreeBSD 6.2-STABLE amd64 >Organization: >Environment: System: FreeBSD motoko.lapo.it 6.2-STABLE FreeBSD 6.2-STABLE #6: Fri Apr 27 14:58:35 CEST 2007 root@motoko.lapo.it:/usr/obj/usr/src/sys/MOTOKO amd64 New port of Hamachi VPN, using Linux official binary and a patch on tuncfg.c based on the official OSX release. Hamachi is a software that eases the creation of secure VPNs even between nodes that would not be able to connect to each other (server-assisted connection can be established from two NATted client, if at least one of the two NAT associates the port to the client not checking remote host). UPX port is required in order to decompress the linux binary and avoid run-time dependency on /proc. >Description: >How-To-Repeat: >Fix: Please note that this SHAR supersedes ports/110850. --- pr-hamachi2 begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # hamachi # hamachi/files # hamachi/files/patch-Makefile # hamachi/files/patch-tuncfg_tuncfg.c # hamachi/files/hamachi.sh.in # hamachi/pkg-descr # hamachi/Makefile # hamachi/distinfo # echo c - hamachi mkdir -p hamachi > /dev/null 2>&1 echo c - hamachi/files mkdir -p hamachi/files > /dev/null 2>&1 echo x - hamachi/files/patch-Makefile sed 's/^X//' >hamachi/files/patch-Makefile << 'END-of-hamachi/files/patch-Makefile' X--- Makefile.orig Tue Jun 20 21:47:28 2006 X+++ Makefile Thu Mar 22 14:02:01 2007 X@@ -2,12 +2,12 @@ X # X # Where hamachi and its symbolic link hamachi-init goes X # X-HAMACHI_DST ?= /usr/bin X+HAMACHI_DST ?= /usr/local/bin X X # X # Where root-level tunnel device configuration daemon tuncfg goes X # X-TUNCFG_DST ?= /sbin X+TUNCFG_DST ?= /usr/local/sbin X X .phony: install X X@@ -26,7 +26,7 @@ X fi; X X @echo Copying tuncfg into $(TUNCFG_DST) .. X- @install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST) X+ @install -s -m 700 tuncfg/tuncfg $(TUNCFG_DST)/hamachi-tuncfg X X @echo X @echo "Hamachi is installed. See README for what to do next." END-of-hamachi/files/patch-Makefile echo x - hamachi/files/patch-tuncfg_tuncfg.c sed 's/^X//' >hamachi/files/patch-tuncfg_tuncfg.c << 'END-of-hamachi/files/patch-tuncfg_tuncfg.c' X--- tuncfg/tuncfg.c.orig Tue Jun 20 21:47:28 2006 X+++ tuncfg/tuncfg.c Fri Nov 17 11:14:51 2006 X@@ -20,7 +20,7 @@ X * normally required by a private networking software. Namely - X * X * * creation of tunneling devices; this requires an access to X- * /dev/net/tun file, which _usually_ has 700 access mask X+ * /dev/tapXX files, which _usually_ has 700 access mask X * X * * configuration of the tunneling device using ifconfig, which is X * always a root-level operation X@@ -29,7 +29,7 @@ X * open a listening domain socket /var/run/tuncfg.sock. X * X * Upon accepting the connection on this socket, it will issue an open() X- * call for /dev/net/tun file (thus instantiating the tunneling device) X+ * call for /dev/tapXX file (iterating over first 16 XX values) X * and pass obtained FD to the peer process. It will also query and pass X * the MAC address of the device to the peer process. X * X@@ -48,10 +48,12 @@ X #include <sys/un.h> X #include <sys/ioctl.h> X #include <sys/stat.h> X+#include <sys/sysctl.h> X #include <arpa/inet.h> X X-#include <linux/if.h> X-#include <linux/if_tun.h> X+#include <net/if.h> X+#include <net/if_dl.h> X+#include <netinet/in.h> X X #include <unistd.h> X #include <errno.h> X@@ -59,6 +61,7 @@ X #include <fcntl.h> X #include <stdarg.h> X #include <stdlib.h> X+#include <string.h> X X /* X * X@@ -68,7 +71,7 @@ X X #define TUNTAP_URL "http://www.hamachi.cc/tuntap" X X-#define MAX_CLIENTS 64 X+#define MAX_CLIENTS 16 X X struct context X { X@@ -90,6 +93,7 @@ X struct stat st; X pid_t pid; X int fd, r, i; X+ int debug = 0; X X struct context ctx[MAX_CLIENTS]; X int ctx_n = 0; X@@ -98,18 +102,28 @@ X if (getuid() != 0) X errorf("tuncfg: must be run with superuser permissions\n"); X X- // lcok X- fd = open(LOCK_PATH, O_CREAT); X+ // X+ if (argc > 1) X+ { X+ debug = (strcmp(argv[1], "-d") == 0); X+ } X+ X+ // lock X+ fd = open(LOCK_PATH, O_CREAT | O_RDWR); X if (fd < 0) X errorf("tuncfg: cannot open lock file %s -- %s\n", X LOCK_PATH, strerror(errno)); X X+ // X if (flock(fd, LOCK_EX | LOCK_NB) < 0) X- errorf("tuncfg: already running\n"); X+ { X+ errorf("tuncfg: already running, " X+ "use 'killall tuncfg; tuncfg' to restart it\n"); X+ } X X // check there's /dev/net/tun X- if (stat("/dev/net/tun", &st) < 0) X- errorf("tuncfg: cannot stat() /dev/net/tun -- %s\n" X+ if (stat("/dev/tap0", &st) < 0) X+ errorf("tuncfg: cannot stat() /dev/tap0 -- %s\n" X "tuncfg: visit %s for more information\n", X strerror(errno), TUNTAP_URL); X X@@ -143,7 +157,7 @@ X SOCK_PATH, strerror(errno)); X X // daemonize X- if (argc < 2 || strcmp(argv[1], "-d")) X+ if (! debug) X { X chdir("/"); X X@@ -196,8 +210,13 @@ X if (FD_ISSET(fd, &fdr)) X { X struct context * p; X- struct ifreq ifr; X char buf[4+6]; X+ int mib[6]; X+ size_t len; X+ struct if_msghdr * msg = NULL; X+ struct sockaddr_dl * sa; X+ char dev_name[32]; X+ int i; X int cli, dev = -1, tmp = -1; X X cli = accept(fd, (void*)&addr, &alen); X@@ -213,48 +232,64 @@ X goto done; X } X X- // open tap device X- dev = open("/dev/net/tun", O_RDWR); X- printf("tuncfg: open() %d %d\n", dev, errno); X+ // open first available tap device X+ for (i=0; i<MAX_CLIENTS; i++) X+ { X+ snprintf(dev_name, sizeof(dev_name), X+ "/dev/tap%d", i); X+ X+ dev = open(dev_name, O_RDWR); X+ printf("tuncfg: open(%s) %d %d\n", X+ dev_name, dev, errno); X+ if (dev >= 0) X+ break; X+ } X if (dev < 0) X { X- r = (0x02 << 24) | errno; X+ r = (0x02 << 24); X goto done; X } X X- // bring it up X- strcpy(ifr.ifr_name, "ham%d"); X- ifr.ifr_flags = IFF_TAP | IFF_NO_PI; X- if (ioctl(dev, TUNSETIFF, (ulong)&ifr) < 0) X+ // query mac X+ mib[0] = CTL_NET; X+ mib[1] = AF_ROUTE; X+ mib[2] = 0; X+ mib[3] = AF_LINK; X+ mib[4] = NET_RT_IFLIST; X+ mib[5] = if_nametoindex("tap0"); X+ X+ if (! mib[5]) X { X- printf("tuncfg: ioctl() -1 %d\n", errno); X r = (0x03 << 24) | errno; X goto done; X } X- printf("tuncfg: ioctl() 0 %s\n", ifr.ifr_name); X X- // query mac X- tmp = socket(AF_INET, SOCK_DGRAM, 0); X- if (tmp < 0) X+ if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) X { X- printf("tuncfg: socket(mac) %d\n", errno); X r = (0x04 << 24) | errno; X goto done; X } X- X- if (ioctl(tmp, SIOCGIFHWADDR, (ulong)&ifr) < 0) X+ X+ msg = malloc(len); X+ if (! msg) X+ { X+ r = (0x05 << 24) | errno; X+ goto done; X+ } X+ X+ if (sysctl(mib, 6, msg, &len, NULL, 0) < 0) X { X- printf("tuncfg: ioctl(mac) %d\n", errno); X r = (0x05 << 24) | errno; X goto done; X } X X- memcpy(buf+4, &ifr.ifr_hwaddr.sa_data, 6); X+ sa = (void*)(msg + 1); X+ memcpy(buf+4, LLADDR(sa), 6); X X // remember X p = &ctx[ctx_n++]; X p->fd = cli; X- strncpy(p->dev, ifr.ifr_name, sizeof(p->dev)); X+ strncpy(p->dev, dev_name+5, 5); X X r = 0; X done: X@@ -264,6 +299,7 @@ X send_with_fd(cli, buf, sizeof(buf), dev); X } X X+ free(msg); X if (tmp != -1) close(tmp); X if (dev != -1) close(dev); X if (r != 0) close(cli); X@@ -295,7 +331,7 @@ X goto ack; X } X X- /* v[0] = ham<n>, v[1] = ip, v[2] = mask */ X+ /* v[0] = ip, v[1] = mask */ X if ( (v[0] & 0xff000000) != 0x05000000 || X (v[1] & 0xff000000) != 0xff000000 ) X { X@@ -324,9 +360,13 @@ X X r = system(cmd); X printf("tuncfg: system(%s) %d %d\n", cmd, r, errno); X- X+ if (r != 0) X+ { X+ r = (0x08 << 24) | (r & 0x00ffffff); X+ goto ack; X+ } X ack: X- printf("tuncfg: config() %08x", r); X+ printf("tuncfg: config() %08x\n", r); X send_with_fd(ctx[i].fd, &r, sizeof(r), -1); X } X } X@@ -360,4 +400,3 @@ X X return sendmsg(fd, &msg, 0); X } X- END-of-hamachi/files/patch-tuncfg_tuncfg.c echo x - hamachi/files/hamachi.sh.in sed 's/^X//' >hamachi/files/hamachi.sh.in << 'END-of-hamachi/files/hamachi.sh.in' X#!/bin/sh X# X# hamachi.sh - load tap driver and start Hamachi's tuncfg daemon X# X# (C) Copyright 2007 by Lapo Luchini X# (loosely based on ports/security/openvpn/files/openvpn.sh.in 1.9 by Matthias Andree) X# X# $FreeBSD$ X# X# This program is free software; you can redistribute it and/or modify it under X# the terms of the GNU General Public License as published by the Free Software X# Foundation; either version 2 of the License, or (at your option) any later X# version. X# X# This program is distributed in the hope that it will be useful, but WITHOUT X# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS X# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more X# details. X# X# You should have received a copy of the GNU General Public License along with X# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin X# Street, Fifth Floor, Boston, MA 02110-1301, USA. X X# PROVIDE: hamachi X# REQUIRE: DAEMON X# KEYWORD: shutdown X X#TODO: serve la KEYWORD:shutdown? che fa? X X# Note that we deliberately refrain from unloading drivers. X X. %%RC_SUBR%% X Xname="hamachi" Xrcvar=`set_rcvar` X Xload_rc_config $name X X: ${hamachi_enable="NO"} X Xcommand="%%PREFIX%%/sbin/hamachi-tuncfg" Xstart_precmd="hamachi_precmd" X Xhamachi_precmd() { X # FreeBSD <= 5.4 does not know kldstat's -m option X # FreeBSD >= 6.0 does not add debug.* sysctl information X # in the default build - we check both to keep things simple X if ! sysctl debug.if_tap_debug >/dev/null 2>&1 \ X && ! kldstat -m if_tap >/dev/null 2>&1 ; then X if ! kldload if_tap ; then X warn "Could not load tap module." X return 1 X fi X fi X if ! sysctl compat.linux >/dev/null 2>&1 \ X && ! kldstat -m linuxelf >/dev/null 2>&1 ; then X if ! kldload linux ; then X warn "Could not load linux module." X return 1 X fi X fi X return 0 X} X Xrun_rc_command "$1" END-of-hamachi/files/hamachi.sh.in echo x - hamachi/pkg-descr sed 's/^X//' >hamachi/pkg-descr << 'END-of-hamachi/pkg-descr' XHamachi is a zero-configuration virtual private networking tool. X XWWW: http://hamachi.cc/ END-of-hamachi/pkg-descr echo x - hamachi/Makefile sed 's/^X//' >hamachi/Makefile << 'END-of-hamachi/Makefile' X# New ports collection makefile for: hamachi X# Date created: 2006-11-17 X# Whom: Lapo Luchini <lapo@lapo.it> X# X# $FreeBSD$ X# X XPORTNAME= hamachi XDISTVERSION= 0.9.9.9-20 XDISTVERSIONSUFFIX= -lnx XCATEGORIES= security linux XMASTER_SITES= http://files.hamachi.cc/linux/ XPKGNAMEPREFIX= linux- X XMAINTAINER= lapo@lapo.it XCOMMENT= Fast, secure, simple VPN software with NAT-traversal X XPATCH_DEPENDS= upx:${PORTSDIR}/archivers/upx X XNO_BUILD= yes XONLY_FOR_ARCHS= i386 amd64 XUSE_LINUX= yes X XUSE_RC_SUBR= hamachi.sh XPLIST_FILES= bin/hamachi bin/hamachi-init sbin/hamachi-tuncfg XPORTDOCS= README CHANGES X Xpost-patch: X ${RM} -f ${WRKSRC}/tuncfg/tuncfg X ${CC} ${CFLAGS} -o ${WRKSRC}/tuncfg/tuncfg ${WRKSRC}/tuncfg/tuncfg.c X upx -d ${WRKSRC}/hamachi X Xpost-install: X.if !defined(NOPORTDOCS) X ${MKDIR} ${DOCSDIR} X cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR} X.endif X X.include <bsd.port.mk> END-of-hamachi/Makefile echo x - hamachi/distinfo sed 's/^X//' >hamachi/distinfo << 'END-of-hamachi/distinfo' XMD5 (hamachi-0.9.9.9-20-lnx.tar.gz) = 27e4c926d0aa03de3573c0b7acf032a6 XSHA256 (hamachi-0.9.9.9-20-lnx.tar.gz) = 9e4b733558377d0c971ee2a19e04c0f5956e069033e8d13865f7c4dcb6d7f31b XSIZE (hamachi-0.9.9.9-20-lnx.tar.gz) = 344866 END-of-hamachi/distinfo exit --- pr-hamachi2 ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070525081003.55866.qmail>