[NEW PORT] net-mgmt/send: Secure Neighbor Discovery implementation for IPv6

DoCoMo's Open Source SEND project provides an implementation of
	RFC3971 Secure Neighbor Discovery (SEND). SEND cryptographically
	secures the IPv6 neighbor discovery protocol, countering the threats
	discussed in RFC3756 (IPv6 Neighbor Discovery (ND) Trust Models and
	Threats).

	DoCoMo's SEND is implemented completely in user space, so it is
	portable and lends itself to experimentation. It currently runs on
	Linux (tested on 2.6 kernels) and FreeBSD (tested on 5.4).

	Also included in the distribution are implementations of RFC3972
	Cryptographically Generated Addresses (CGAs) and RFC3779 X.509
	Extensions for IP Addresses and AS Identifiers.

	WWW: http://www.docomolabs-usa.com/lab_osrc_guide.html

Doesn't work on FreeBSD > 6.x though. Hopefully the submitter will
submit patches for it now it is commited.

PR:		ports/116540
Submitted by:	Janos Mohacsi <janos.mohacsi@bsd.hu>

net-mgmt/Makefile

@@ -211,6 +211,7 @@
     SUBDIR += scli
     SUBDIR += scotty3
     SUBDIR += sdig
+    SUBDIR += send
     SUBDIR += sendip
     SUBDIR += sing
     SUBDIR += sipcalc

net-mgmt/send/Makefile

@@ -0,0 +1,59 @@
+# New ports collection makefile for:    send
+# Date created:         19.09.2007
+# Whom: Janos Mohacsi <mohacsi@niif.hu>
+#
+# $FreeBSD$
+
+PORTNAME=	send
+PORTVERSION=	0.2
+CATEGORIES=	net-mgmt ipv6
+MASTER_SITES=	#http://www.docomolabs-usa.com/lab_osrc_guide.html
+DISTNAME=	${PORTNAME}_${PORTVERSION}
+
+MAINTAINER=	janos.mohacsi@bsd.hu
+COMMENT=	Secure Neighbor Discovery implementation for IPv6
+
+LIB_DEPENDS=	dnet.1:${PORTSDIR}/net/libdnet
+
+RESTRICTED=	not redistributable, license agreement required
+
+USE_ZIP=	yes
+USE_GMAKE=	yes
+SUB_FILES=	pkg-message
+
+PORTDOCS=	UserGuide.pdf
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} > 600000
+BROKEN=		doesn't compile in FreeBSD > 6.0
+.endif
+
+.if !exists(${DISTDIR}/${DISTNAME}${EXTRACT_SUFX})
+IGNORE=		needs you to sign the agreement on "http://www.docomolabs-usa.com/lab_osrc_downl.html", download it manually, place in ${DISTDIR} and then restart this build
+.endif
+
+post-patch:
+	@${REINPLACE_CMD} -e "s|%%PREFIX%%|${PREFIX}|" -e "s|%%LOCALBASE%%|${LOCALBASE}|" \
+		${WRKSRC}/Makefile.config \
+		${WRKSRC}/sendd/sendd_local.h \
+		${WRKSRC}/sendd/os-freebsd/Makefile \
+		${WRKSRC}/sendd/os-freebsd/sendd \
+		${WRKSRC}/examples/sendd.conf \
+		${WRKSRC}/examples/params.conf \
+		${WRKSRC}/examples/ipext/ipext_verify.conf
+
+post-install:
+	${MKDIR} ${PREFIX}/etc/sendd/
+	${INSTALL_DATA} ${WRKSRC}/examples/sendd.conf ${PREFIX}/etc/sendd/sendd.conf-dist
+	${INSTALL_DATA} ${WRKSRC}/examples/params.conf ${PREFIX}/etc/sendd/params.conf-dist
+	${INSTALL_DATA} ${WRKSRC}/examples/ipext/ipext_verify.conf ${PREFIX}/etc/sendd/ipext.conf-dist
+	@${CAT} ${PKGMESSAGE}
+.ifndef(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+. for doc in ${PORTDOCS}
+	${INSTALL_DATA} ${WRKSRC}/docs/${doc} ${DOCSDIR}
+. endfor
+.endif
+
+.include <bsd.port.post.mk>

net-mgmt/send/distinfo

@@ -0,0 +1,3 @@
+MD5 (send_0.2.zip) = 292c8b861b7799aeb1b0166f97c12f08
+SHA256 (send_0.2.zip) = 3fc9be6d55a2cc7d0f40249351c29ef6c605ea6d77d8f3654785a744ea64c0b7
+SIZE (send_0.2.zip) = 387834

net-mgmt/send/files/patch-Makefile.config

@@ -0,0 +1,25 @@
+
+$FreeBSD$
+
+--- Makefile.config.orig
++++ Makefile.config
+@@ -4,8 +4,8 @@
+ #
+ 
+ # Uncomment the line for your OS
+-OS=linux
+-#OS=freebsd
++#OS=linux
++OS=freebsd
+ 
+ # Linux only: Where is your linux kernel source?
+ # Ignored for non-Linux
+@@ -19,7 +19,7 @@
+ #CC=gcc-4.0
+ 
+ # Where to install
+-prefix=/usr
++prefix=%%PREFIX%%
+ 
+ # Set to "y" to build MT versions of sendd and cgatool
+ USE_THREADS=n

net-mgmt/send/files/patch-examples_ipext_ipext__verify.conf

@@ -0,0 +1,16 @@
+
+$FreeBSD$
+
+--- examples/ipext/ipext_verify.conf.orig
++++ examples/ipext/ipext_verify.conf
+@@ -5,7 +5,7 @@
+   }
+ }
+ files {
+-  trustedcert /usr/src/send_0.1/examples/ipext/ca/cert_ipext.pem;
+-  trustedcert /usr/src/send_0.1/examples/ipext/lvl1/cert_ipext.pem;
+-  certfile /usr/src/send_0.1/examples/ipext/ar1/cert_ipext.pem;
++  trustedcert %%PREFIX%%/etc/sendd/ca/cert_ipext.pem;
++  trustedcert %%PREFIX%%/etc/sendd/lvl1/cert_ipext.pem;
++  certfile %%PREFIX%%/etc/sendd/ar1/cert_ipext.pem;
+ }

net-mgmt/send/files/patch-examples_params.conf

@@ -0,0 +1,35 @@
+
+$FreeBSD$
+
+--- examples/params.conf.orig
++++ examples/params.conf
+@@ -2,8 +2,8 @@
+ # Some (somewhat nonsensical) examples
+ 
+ named default {
+-	snd_cga_params /etc/sendd/cga.params;
+-	snd_cga_priv /etc/sendd/key.pem;
++	snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
++	snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
+ 	snd_cga_sec 1;
+ }
+ 
+@@ -20,14 +20,14 @@
+ }
+ 
+ named foo {
+-	snd_cga_params /etc/sendd/cga.params;
+-	snd_cga_priv /etc/sendd/key.pem;
++	snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
++	snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
+ 	snd_cga_sec 1;
+ }
+ 
+ address fe80::2421:cd21:6930:22fb {
+-	snd_cga_params /etc/sendd/cga.params;
+-	snd_cga_priv /etc/sendd/key.pem;
++	snd_cga_params %%PREFIX%%/etc/sendd/cga.params;
++	snd_cga_priv %%PREFIX%%/etc/sendd/key.pem;
+ 	snd_cga_sec 1;
+ 	interface eth0;
+ }

net-mgmt/send/files/patch-examples_sendd.conf

@@ -0,0 +1,23 @@
+
+$FreeBSD$
+
+--- examples/sendd.conf.orig
++++ examples/sendd.conf
+@@ -6,7 +6,7 @@
+ # The path of the file containing this host's CGA parameters
+ # configuration file
+ # <no default>
+-snd_cga_params=/etc/sendd/params.conf
++snd_cga_params=%%PREFIX%%/etc/sendd/params.conf
+ 
+ #
+ # Optional
+@@ -16,7 +16,7 @@
+ # or a router) you must set this to the file containing certificate
+ # information.
+ # <no default>
+-# snd_pkixip_conf=/etc/sendd/ipext.conf
++# snd_pkixip_conf=%%PREFIX%%/etc/sendd/ipext.conf
+ 
+ # Accept secured RAs without PKIX IP extensions
+ # <default = no>

net-mgmt/send/files/patch-include_pkixip__ext__asn.h

@@ -0,0 +1,45 @@
+
+$FreeBSD$
+
+--- include/pkixip_ext_asn.h.orig
++++ include/pkixip_ext_asn.h
+@@ -45,6 +45,7 @@
+ #define	IANA_SAFI_BOTH		3
+ #define	IANA_SAFI_MPLS		4
+ 
++/*
+ typedef struct IPAddressRange_st {
+ 	ASN1_BIT_STRING		*min;
+ 	ASN1_BIT_STRING		*max;
+@@ -52,9 +53,6 @@
+ 
+ typedef struct IPAddressOrRange_st {
+ 
+-#define	IP_AOR_PREFIX		0
+-#define	IP_AOR_RANGE		1
+-
+ 	int 			type;
+ 	union {
+ 		ASN1_BIT_STRING	*addressPrefix;
+@@ -64,8 +62,6 @@
+ 
+ typedef struct IPAddressChoice_st {
+ 
+-#define	IPA_CHOICE_INHERIT	0
+-#define	IPA_CHOICE_AOR		1
+ 
+ 	int 			type;
+ 	union {
+@@ -78,6 +74,12 @@
+ 	ASN1_OCTET_STRING	*addressFamily;
+ 	IPAddressChoice		*ipAddressChoice;
+ } IPAddressFamily;
++*/
++
++#define	IP_AOR_PREFIX		0
++#define	IP_AOR_RANGE		1
++#define	IPA_CHOICE_INHERIT	0
++#define	IPA_CHOICE_AOR		1
+ 
+ typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
+ 

net-mgmt/send/files/patch-sendd_os-freebsd_Makefile

@@ -0,0 +1,22 @@
+
+$FreeBSD$
+
+--- sendd/os-freebsd/Makefile.orig
++++ sendd/os-freebsd/Makefile
+@@ -1,12 +1,13 @@
+ 
+ OBJS += os/addr.o os/snd_freebsd.o os/netgraph.o os-linux/rand.o
++CPPFLAGS +=	-I%%LOCALBASE%%/include
+ 
+-OSLIBS= -lnetgraph -l$(DNET)
++OSLIBS= -lnetgraph -L%%LOCALBASE%%/lib -l$(DNET)
+ 
+ OSEXTRA= os/sendd
+-EXTRAINSTALL= /etc/rc.d/sendd
++EXTRAINSTALL= %%PREFIX%%/etc/rc.d/sendd
+ EXTRAUNINSTALL=$(EXTRAINSTALL)
+ 
+-/etc/rc.d/%: os/%
++%%PREFIX%%/etc/rc.d/%: os/%
+ 	install $< $@
+ 

net-mgmt/send/files/patch-sendd_os-freebsd_sendd

@@ -0,0 +1,16 @@
+
+$FreeBSD$
+
+--- sendd/os-freebsd/sendd.orig
++++ sendd/os-freebsd/sendd
+@@ -37,8 +37,8 @@
+ 
+ name="sendd"
+ rcvar=`set_rcvar`
+-command="/usr/sbin/${name}"
+-required_files="/etc/${name}.conf"
++command="%%PREFIX%%/sbin/${name}"
++required_files="%%PREFIX%%/etc/${name}.conf"
+ 
+ load_rc_config $name
+ run_rc_command "$1"

net-mgmt/send/files/patch-sendd_sendd__local.h

@@ -0,0 +1,14 @@
+
+$FreeBSD$
+
+--- sendd/sendd_local.h.orig
++++ sendd/sendd_local.h
+@@ -41,7 +41,7 @@
+ #include <openssl/sha.h>
+ 
+ #define	SENDD_NAME	"sendd"
+-#define	SNDD_CONF_FILE	"/etc/sendd.conf"
++#define	SNDD_CONF_FILE	"%%PREFIX%%/etc/sendd/sendd.conf"
+ 
+ #define	SND_HASH_SZ	7
+ 

net-mgmt/send/files/pkg-message.in

@@ -0,0 +1,9 @@
+-------------------------------------------------------------------------------
+To run sendd from startup, add sendd_enable="YES"
+in your /etc/rc.conf.
+Configiration options can be found in %%PREFIX%%/etc/sendd
+-------------------------------------------------------------------------------
+In order to proper working of Secure Neighbor Discovery Daemon
+enable following kernel options:
+NETGRAPH, NETGRAPH_BPF, NETGRAPH_ETHER, NETGRAPH_SOCKET
+-------------------------------------------------------------------------------

net-mgmt/send/pkg-descr

@@ -0,0 +1,15 @@
+DoCoMo's Open Source SEND project provides an implementation of
+RFC3971 Secure Neighbor Discovery (SEND). SEND cryptographically
+secures the IPv6 neighbor discovery protocol, countering the threats
+discussed in RFC3756 (IPv6 Neighbor Discovery (ND) Trust Models and
+Threats).
+
+DoCoMo's SEND is implemented completely in user space, so it is
+portable and lends itself to experimentation. It currently runs on
+Linux (tested on 2.6 kernels) and FreeBSD (tested on 5.4).
+
+Also included in the distribution are implementations of RFC3972
+Cryptographically Generated Addresses (CGAs) and RFC3779 X.509
+Extensions for IP Addresses and AS Identifiers.
+
+WWW: http://www.docomolabs-usa.com/lab_osrc_guide.html

net-mgmt/send/pkg-plist

@@ -0,0 +1,8 @@
+sbin/cgatool
+sbin/ipexttool
+sbin/sendd
+etc/rc.d/sendd
+etc/sendd/sendd.conf-dist
+etc/sendd/params.conf-dist
+etc/sendd/ipext.conf-dist
+@dirrmtry etc/sendd