"racoon2" is a system to exchange and to install security parameters

for the IPsec.

Currently the system supports the following specification:

        Internet Key Exchange (IKEv2) Protocol
        draft-ietf-ipsec-ikev2-17.txt
        (The IKE daemon is not included in the current release due to IPR issue)

        Kerberized Internet Negotiation of Keys (KINK)
        draft-ietf-kink-kink-06.txt

        PF_KEY Key Management API, Version 2
        RFC2367

The following protocols will be supported soon.

        The Internet Key Exchange (IKE)
        RFC2409

WWW: http://www.kame.net/

This port was repocopied from secutiry/racoon.
PR:		ports/76814

security/Makefile

@@ -391,6 +391,7 @@
     SUBDIR += qtfw
     SUBDIR += quintuple-agent
     SUBDIR += racoon
+    SUBDIR += racoon2
     SUBDIR += radiusniff
     SUBDIR += rain
     SUBDIR += rats

security/racoon2/Makefile

@@ -1,51 +1,55 @@
-# New ports collection makefile for:	racoon
-# Date created:		4 July 2000
+# New ports collection makefile for:	racoon2
+# Date created:		4 Feb 2005
 # Whom:			sumikawa
 #
 # $FreeBSD$
 #
 
-PORTNAME=	racoon
-PORTVERSION=	20040818a
-PORTREVISION=	1
+PORTNAME=	racoon2
+PORTVERSION=	20050128b
 CATEGORIES=	security net ipv6
-MASTER_SITES=	ftp://ftp.kame.net/pub/kame/misc/
+MASTER_SITES=	ftp://ftp.kame.net/pub/racoon2/
+EXTRACT_SUFX=	.tgz
 
 MAINTAINER=	sumikawa@FreeBSD.org
-COMMENT=	KAME racoon IKE daemon
-
-.if !exists(/usr/lib/libipsec.so.1) && !exists(/lib/libipsec.so.1)
-BROKEN=		"You must upgrade the OS"
-.endif
+COMMENT=	Racoon2 IPsec daemon
 
 USE_RC_SUBR=	YES
 USE_OPENSSL=	YES
 
-WRKSRC=		${WRKDIR}/${DISTNAME}/racoon
+USE_AUTOCONF_VER=259
+CONFIGURE_TARGET=
 GNU_CONFIGURE=	yes
-CONFIGURE_ENV+=	CPPFLAGS=-I${LOCALBASE}/include CFLAGS=-I${LOCALBASE}/include
-LDFLAGS+=	-L${LOCALBASE}/lib -L${WRKSRC}/../libipsec
-CONFIGURE_ARGS+=--enable-debug
-CONFIGURE_ARGS+=--enable-ipv6
 CONFIGURE_ARGS+=--sysconfdir=${LOCALBASE}/etc
-CONFIGURE_ARGS+=--with-pkgversion=freebsd-${PORTVERSION}
 
-MAN5=		racoon.conf.5
-MAN8=		racoon.8
-
-RC_SCRIPTS_SUB=	PREFIX=${PREFIX} \
-		RC_SUBR=${RC_SUBR}
+.if !defined(NOPORTDOCS)
+PORTDOCS=	INSTALL USAGE.iked USAGE.kinkd USAGE.spmd config-usage.ja.txt
+PORTDOCS+=	draft-ietf-ipsec-ikev2-17.txt draft-ietf-kink-kink-06.txt
+PORTDOCS+=	iked-memo.ja.txt kink-spec-supplement.ja.txt
+PORTDOCS+=	kinkd-data-struct.obj kinkd-impl.ja.txt kinkd-install.ja.txt
+PORTDOCS+=	kinkd-state-txn.obj libracoon.ja.txt specification.ja.txt
+PORTDOCS+=	spmif.txt system-message.ja.txt
+.endif
 
 pre-patch:
-	${MV} ${WRKSRC}/racoon.8 ${WRKSRC}/racoon.8.in
-
-pre-configure:
-	(cd ${WRKSRC}/../libipsec; make)
+	(cd ${WRKSRC}/samples ;\
+	${MV} racoon2.conf racoon2.conf.in ;\
+	${MV} init.d-kinkd init.d-kinkd.in ;\
+	${MV} init.d-spmd init.d-spmd.in ;\
+	${MV} rc.d-kinkd rc.d-kinkd.in ;\
+	${MV} rc.d-spmd rc.d-spmd.in )
 
 post-install:
-	@${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
-		${FILESDIR}/racoon.sh > ${PREFIX}/etc/rc.d/racoon.sh
-	@${CHMOD} +x ${PREFIX}/etc/rc.d/racoon.sh
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/COPYRIGHT ${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/COPYRIGHT.jp ${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/README.iked ${DOCSDIR}
+.for FILE in ${PORTDOCS}
+	${INSTALL_DATA} ${WRKSRC}/doc/${FILE} ${DOCSDIR}
+.endfor
+.endif
 	@if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && echo ipsec` ]; then \
 	    ${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \
 	    ${ECHO_MSG} "         You must build the kernel if you want to run racoon on the host"; \

security/racoon2/distinfo

@@ -1,2 +1,2 @@
-MD5 (racoon-20040818a.tar.gz) = c983587afc2772c11e4b81c3b4b9dfc4
-SIZE (racoon-20040818a.tar.gz) = 397275
+MD5 (racoon2-20050128b.tgz) = 9c2f6365926485d47d85388a9e586cb6
+SIZE (racoon2-20050128b.tgz) = 503119

security/racoon2/files/patch-aa

@@ -1,20 +0,0 @@
---- ../libipsec/Makefile.orig	Sun Jun 11 23:54:31 2000
-+++ ../libipsec/Makefile	Tue Oct 17 01:06:10 2000
-@@ -25,12 +25,13 @@
- # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- # SUCH DAMAGE.
- 
--.if exists(${.CURDIR}/../Makefile.opsys)
--.include "${.CURDIR}/../Makefile.opsys"
--.endif
-+#.if exists(${.CURDIR}/../Makefile.opsys)
-+#.include "${.CURDIR}/../Makefile.opsys"
-+#.endif
-+OPSYS!=	uname -s
- 
- LIB=	ipsec
--CFLAGS+=-g
-+CFLAGS+=-g -I.
- .if (${OPSYS} != "NetBSD")
- CFLAGS+=-DIPSEC_DEBUG -DIPSEC -DINET6
- .else

security/racoon2/files/patch-ab

@@ -1,22 +0,0 @@
---- Makefile.in.orig	Fri Sep 27 07:04:59 2002
-+++ Makefile.in	Thu Nov 21 22:28:50 2002
-@@ -7,7 +7,7 @@
- LDFLAGS=@LDFLAGS@
- CPPFLAGS=	@CPPFLAGS@
- OPTFLAG=@OPTFLAG@
--CFLAGS=	@CFLAGS@ $(CPPFLAGS) @DEFS@ $(CPPFLAGS) $(OPTFLAG) -DIPSEC -I. -I$(srcdir) -DSYSCONFDIR=\"${sysconfdir}\"
-+CFLAGS=	@CFLAGS@ $(CPPFLAGS) @DEFS@ $(CPPFLAGS) $(OPTFLAG) -DIPSEC -I. -I$(srcdir) -DSYSCONFDIR=\"${sysconfdir}/racoon\"
- CFLAGS+=-DYY_NO_UNPUT
- CFLAGS+=-I${srcdir}/../libipsec
- LIBS=	@LIBS@
-@@ -88,10 +88,6 @@
- 	$(INSTALL) -o bin -g bin -m 444 racoon.conf.5 $(mandir)/man5
- 	-mkdir -p ${sysconfdir}/racoon
- 	for i in $(CONF); do \
--		if test ! -f ${sysconfdir}/racoon/$$i; then \
--			$(INSTALL) -o bin -g bin -m 444 samples/$$i \
--				${sysconfdir}/racoon; \
--		fi; \
- 		$(INSTALL) -o bin -g bin -m 444 samples/$$i \
- 			${sysconfdir}/racoon/$$i.dist; \
- 	done

security/racoon2/files/patch-ac

@@ -1,11 +0,0 @@
---- configure-	Wed Jul  5 16:18:19 2000
-+++ configure	Wed Jul  5 16:18:32 2000
-@@ -4021,7 +4021,7 @@
- 
- cat >> $CONFIG_STATUS <<EOF
- 
--CONFIG_FILES=\${CONFIG_FILES-"Makefile samples/psk.txt samples/racoon.conf"}
-+CONFIG_FILES=\${CONFIG_FILES-"Makefile samples/psk.txt samples/racoon.conf racoon.8"}
- EOF
- cat >> $CONFIG_STATUS <<\EOF
- for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then

security/racoon2/files/patch-ad

@@ -1,13 +0,0 @@
---- racoon.8.in.orig	Tue Jul  4 21:27:59 2000
-+++ racoon.8.in	Wed Jul  5 16:17:43 2000
-@@ -97,8 +97,8 @@
- .El
- .\" 
- .Sh FILES
--.Bl -tag -width /usr/local/v6/etc/racoon.conf -compact
--.It Pa /usr/local/v6/etc/racoon.conf
-+.Bl -tag -width @sysconfdir@/racoon/racoon.conf -compact
-+.It Pa @sysconfdir@/racoon/racoon.conf
- default configuration file.
- .It Pa /var/log/racoon.log
- default log file.

security/racoon2/files/patch-configure

@@ -0,0 +1,122 @@
+--- configure.in.orig	Thu Jan 27 00:35:13 2005
++++ configure.in	Tue Feb  1 17:51:25 2005
+@@ -43,7 +43,7 @@
+ 	dnl support before 1.5.
+ 	boot_mech_target=install-rc-d
+ 	;;
+-freebsd[5-9].*)
++freebsd*)
+ 	boot_mech_target=install-rc-d
+ 	;;
+ *)
+@@ -51,4 +51,5 @@
+ 	;;
+ esac
+ 
+-AC_OUTPUT([Makefile samples/Makefile])
++AC_OUTPUT([Makefile samples/Makefile samples/racoon2.conf])
++AC_OUTPUT([samples/init.d-kinkd samples/init.d-spmd samples/rc.d-kinkd samples/rc.d-spmd])
+diff -ur samples-/init.d-kinkd.in samples/init.d-kinkd.in
+--- samples-/init.d-kinkd.in	Tue Feb  1 17:18:58 2005
++++ samples/init.d-kinkd.in	Tue Feb  1 17:18:01 2005
+@@ -3,8 +3,11 @@
+ # kinkd start up script
+ #
+ 
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++
+ NAME=kinkd
+-DAEMON=/usr/local/racoon2/sbin/$NAME
++DAEMON=@sbindir@/$NAME
+ PIDFILE=/var/run/$NAME.pid
+ 
+ test -x $DAEMON || exit 0
+diff -ur samples-/init.d-spmd.in samples/init.d-spmd.in
+--- samples-/init.d-spmd.in	Tue Feb  1 17:18:58 2005
++++ samples/init.d-spmd.in	Tue Feb  1 17:18:01 2005
+@@ -1,7 +1,10 @@
+ #! /bin/sh
+ 
+-PATH=/usr/local/racoon2/sbin:/usr/local/racoon2/bin:$PATH
+-DAEMON=/usr/local/racoon2/sbin/spmd
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++
++PATH=@sbindir@:@bindir@:$PATH
++DAEMON=@sbindir@/spmd
+ DAEMON_OPT=""
+ NAME="spmd"
+ 
+diff -ur samples-/rc.d-kinkd.in samples/rc.d-kinkd.in
+--- samples/Makefile.in.orig	Wed Jan 26 07:43:52 2005
++++ samples/Makefile.in	Tue Feb  1 17:54:30 2005
+@@ -17,8 +17,8 @@
+ 
+ install-rc-d:
+ 	$(INSTALL) -d $(sysconfdir)/rc.d
+-	$(INSTALL) rc.d-kinkd $(sysconfdir)/rc.d/kinkd
+-	$(INSTALL) rc.d-spmd $(sysconfdir)/rc.d/spmd
++	$(INSTALL) rc.d-kinkd $(sysconfdir)/rc.d/kinkd.sh
++	$(INSTALL) rc.d-spmd $(sysconfdir)/rc.d/spmd.sh
+ 
+ install-init-d:
+ 	$(INSTALL) -d $(sysconfdir)/init.d
+@@ -32,4 +32,4 @@
+ 	-rm -f *~
+ 
+ distclean: clean
+-	-rm -f Makefile
++	-rm -f Makefile racoon2.conf init.d-kinkd init.d-spmd rc.d-kinkd rc.d-spmd
+--- samples/rc.d-spmd.in.orig	Wed Jan 26 07:43:52 2005
++++ samples/rc.d-spmd.in	Tue Feb  1 18:31:31 2005
+@@ -3,6 +3,9 @@
+ # spmd rc.d script for NetBSD
+ #
+ 
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++
+ # PROVIDE: spmd
+ # REQUIRE: isdnd ppp
+ # BEFORE:  SERVERS
+@@ -10,10 +13,10 @@
+ . /etc/rc.subr
+ 
+ name="spmd"
+-rcvar=$name
+-command="/usr/local/racoon2/sbin/${name}"
++rcvar=`set_rcvar`
++command="@sbindir@/${name}"
+ pidfile="/var/run/${name}.pid"
+-required_files="/usr/local/racoon2/etc/racoon2.conf"
++required_files="@sysconfdir@/racoon2.conf"
+ start_precmd="spmd_precmd"
+ 
+ spmd_precmd()
+--- samples/rc.d-kinkd.in.orig	Tue Jan 11 02:00:29 2005
++++ samples/rc.d-kinkd.in	Tue Feb  1 18:31:49 2005
+@@ -3,6 +3,9 @@
+ # kinkd rc.d script for NetBSD
+ #
+ 
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++
+ # PROVIDE: kink
+ # REQUIRE: isdnd kdc ppp
+ # BEFORE:  SERVERS
+@@ -11,10 +14,10 @@
+ . /etc/rc.subr
+ 
+ name="kinkd"
+-rcvar=$name
+-command="/usr/local/racoon2/sbin/${name}"
++rcvar=`set_rcvar`
++command="@sbindir@/${name}"
+ pidfile="/var/run/${name}.pid"
+-required_files="/usr/local/racoon2/etc/racoon2.conf"
++required_files="@sysconfdir@/racoon2.conf"
+ 
+ load_rc_config $name
+ run_rc_command "$1"

security/racoon2/files/patch-crypto_openssl.c

@@ -1,42 +0,0 @@
---- crypto_openssl.old.c	2004-04-09 22:25:56.000000000 +0530
-+++ crypto_openssl.c	2004-08-02 20:30:03.000000000 +0530
-@@ -1654,6 +1654,7 @@
- 
- 	HMAC_Final((HMAC_CTX *)c, res->v, &l);
- 	res->l = l;
-+	HMAC_cleanup((HMAC_CTX *)c);
- 	(void)racoon_free(c);
- 
- 	if (SHA512_DIGEST_LENGTH != res->l) {
-@@ -1710,6 +1711,7 @@
- 
- 	HMAC_Final((HMAC_CTX *)c, res->v, &l);
- 	res->l = l;
-+	HMAC_cleanup((HMAC_CTX *)c);
- 	(void)racoon_free(c);
- 
- 	if (SHA384_DIGEST_LENGTH != res->l) {
-@@ -1766,6 +1768,7 @@
- 
- 	HMAC_Final((HMAC_CTX *)c, res->v, &l);
- 	res->l = l;
-+	HMAC_cleanup((HMAC_CTX *)c);
- 	(void)racoon_free(c);
- 
- 	if (SHA256_DIGEST_LENGTH != res->l) {
-@@ -1823,6 +1826,7 @@
- 
- 	HMAC_Final((HMAC_CTX *)c, res->v, &l);
- 	res->l = l;
-+	HMAC_cleanup((HMAC_CTX *)c);
- 	(void)racoon_free(c);
- 
- 	if (SHA_DIGEST_LENGTH != res->l) {
-@@ -1879,6 +1883,7 @@
- 
- 	HMAC_Final((HMAC_CTX *)c, res->v, &l);
- 	res->l = l;
-+	HMAC_cleanup((HMAC_CTX *)c);
- 	(void)racoon_free(c);
- 
- 	if (MD5_DIGEST_LENGTH != res->l) {

security/racoon2/files/racoon.sh

@@ -1,42 +0,0 @@
-#!/bin/sh
-
-# Start or stop racoon
-# $FreeBSD$
-
-# PROVIDE: racoon
-# REQUIRE: DAEMON
-# BEFORE: LOGIN
-# KEYWORD: FreeBSD shutdown
-#
-# NOTE for FreeBSD 5.0+:
-# If you want this script to start with the base rc scripts
-# move racoon.sh to /etc/rc.d/racoon
-
-prefix=%%PREFIX%%
-
-# Define these racoon_* variables in one of these files:
-#	/etc/rc.conf
-#	/etc/rc.conf.local
-#	/etc/rc.conf.d/racoon
-#
-# DO NOT CHANGE THESE DEFAULT VALUES HERE
-#
-[ -z "$racoon_enable" ] && racoon_enable="YES"	# Enable racoon
-#racoon_program="${prefix}/sbin/racoon"		# Location of racoon
-#racoon_flags=""				# Flags to racoon program
-
-. %%RC_SUBR%%
-
-name="racoon"
-rcvar=`set_rcvar`
-command="${prefix}/sbin/racoon"
-pidfile="/var/run/racoon.pid"
-required_files="${prefix}/etc/racoon/racoon.conf"
-stop_postcmd="racoon_poststop"
-
-racoon_poststop() {
-	/bin/rm -f ${pidfile}
-}
-
-load_rc_config $name
-run_rc_command "$1"

security/racoon2/pkg-descr

@@ -1,18 +1,21 @@
-racoon speaks IKE (ISAKMP/Oakley) key management protocol, to
-establish security association with other hosts.
+"racoon2" is a system to exchange and to install security parameters
+for the IPsec.
 
-Known issues:
-- Too many use of dynamic memory allocation, which leads to memory leak.
-- Non-threaded implementation.  Simultaneous key negotiation performance
-  should be improved.
-- Cannot negotiate keys for per-socket policy.
-- Cryptic configuration syntax - blame IPsec specification too...
-- Needs more documentation.
+Currently the system supports the following specification:
 
-Design choice, not a bug:
-- racoon negotiate IPsec keys only.  It does not negotiate policy.  Policy must
-  be configured into the kernel separately from racoon.  If you want to
-  support roaming clients, you may need to have a mechanism to put policy
-  for the roaming client after phase 1 finishes.
+	Internet Key Exchange (IKEv2) Protocol
+	draft-ietf-ipsec-ikev2-17.txt
+	(The IKE daemon is not included in the current release due to IPR issue)
+
+	Kerberized Internet Negotiation of Keys (KINK)
+	draft-ietf-kink-kink-06.txt
+
+	PF_KEY Key Management API, Version 2
+	RFC2367
+	
+The following protocols will be supported soon.
+
+	The Internet Key Exchange (IKE)
+	RFC2409
 
 WWW: http://www.kame.net/

security/racoon2/pkg-plist

@@ -1,5 +1,9 @@
-sbin/racoon
-etc/racoon/psk.txt.dist
-etc/racoon/racoon.conf.dist
-etc/rc.d/racoon.sh
-@unexec rmdir %D/etc/racoon 2>/dev/null || true
+sbin/spmd
+sbin/kinkd
+etc/racoon2.conf.sample
+etc/rc.d/spmd.sh
+etc/rc.d/kinkd.sh
+%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT
+%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.jp
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/README.iked