mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-22 20:41:26 +00:00
"racoon2" is a system to exchange and to install security parameters
for the IPsec. Currently the system supports the following specification: Internet Key Exchange (IKEv2) Protocol draft-ietf-ipsec-ikev2-17.txt (The IKE daemon is not included in the current release due to IPR issue) Kerberized Internet Negotiation of Keys (KINK) draft-ietf-kink-kink-06.txt PF_KEY Key Management API, Version 2 RFC2367 The following protocols will be supported soon. The Internet Key Exchange (IKE) RFC2409 WWW: http://www.kame.net/ This port was repocopied from secutiry/racoon. PR: ports/76814
This commit is contained in:
parent
a2ed2060e3
commit
62d7d46cf6
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=127868
@ -391,6 +391,7 @@
|
||||
SUBDIR += qtfw
|
||||
SUBDIR += quintuple-agent
|
||||
SUBDIR += racoon
|
||||
SUBDIR += racoon2
|
||||
SUBDIR += radiusniff
|
||||
SUBDIR += rain
|
||||
SUBDIR += rats
|
||||
|
@ -1,51 +1,55 @@
|
||||
# New ports collection makefile for: racoon
|
||||
# Date created: 4 July 2000
|
||||
# New ports collection makefile for: racoon2
|
||||
# Date created: 4 Feb 2005
|
||||
# Whom: sumikawa
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= racoon
|
||||
PORTVERSION= 20040818a
|
||||
PORTREVISION= 1
|
||||
PORTNAME= racoon2
|
||||
PORTVERSION= 20050128b
|
||||
CATEGORIES= security net ipv6
|
||||
MASTER_SITES= ftp://ftp.kame.net/pub/kame/misc/
|
||||
MASTER_SITES= ftp://ftp.kame.net/pub/racoon2/
|
||||
EXTRACT_SUFX= .tgz
|
||||
|
||||
MAINTAINER= sumikawa@FreeBSD.org
|
||||
COMMENT= KAME racoon IKE daemon
|
||||
|
||||
.if !exists(/usr/lib/libipsec.so.1) && !exists(/lib/libipsec.so.1)
|
||||
BROKEN= "You must upgrade the OS"
|
||||
.endif
|
||||
COMMENT= Racoon2 IPsec daemon
|
||||
|
||||
USE_RC_SUBR= YES
|
||||
USE_OPENSSL= YES
|
||||
|
||||
WRKSRC= ${WRKDIR}/${DISTNAME}/racoon
|
||||
USE_AUTOCONF_VER=259
|
||||
CONFIGURE_TARGET=
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ENV+= CPPFLAGS=-I${LOCALBASE}/include CFLAGS=-I${LOCALBASE}/include
|
||||
LDFLAGS+= -L${LOCALBASE}/lib -L${WRKSRC}/../libipsec
|
||||
CONFIGURE_ARGS+=--enable-debug
|
||||
CONFIGURE_ARGS+=--enable-ipv6
|
||||
CONFIGURE_ARGS+=--sysconfdir=${LOCALBASE}/etc
|
||||
CONFIGURE_ARGS+=--with-pkgversion=freebsd-${PORTVERSION}
|
||||
|
||||
MAN5= racoon.conf.5
|
||||
MAN8= racoon.8
|
||||
|
||||
RC_SCRIPTS_SUB= PREFIX=${PREFIX} \
|
||||
RC_SUBR=${RC_SUBR}
|
||||
.if !defined(NOPORTDOCS)
|
||||
PORTDOCS= INSTALL USAGE.iked USAGE.kinkd USAGE.spmd config-usage.ja.txt
|
||||
PORTDOCS+= draft-ietf-ipsec-ikev2-17.txt draft-ietf-kink-kink-06.txt
|
||||
PORTDOCS+= iked-memo.ja.txt kink-spec-supplement.ja.txt
|
||||
PORTDOCS+= kinkd-data-struct.obj kinkd-impl.ja.txt kinkd-install.ja.txt
|
||||
PORTDOCS+= kinkd-state-txn.obj libracoon.ja.txt specification.ja.txt
|
||||
PORTDOCS+= spmif.txt system-message.ja.txt
|
||||
.endif
|
||||
|
||||
pre-patch:
|
||||
${MV} ${WRKSRC}/racoon.8 ${WRKSRC}/racoon.8.in
|
||||
|
||||
pre-configure:
|
||||
(cd ${WRKSRC}/../libipsec; make)
|
||||
(cd ${WRKSRC}/samples ;\
|
||||
${MV} racoon2.conf racoon2.conf.in ;\
|
||||
${MV} init.d-kinkd init.d-kinkd.in ;\
|
||||
${MV} init.d-spmd init.d-spmd.in ;\
|
||||
${MV} rc.d-kinkd rc.d-kinkd.in ;\
|
||||
${MV} rc.d-spmd rc.d-spmd.in )
|
||||
|
||||
post-install:
|
||||
@${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
|
||||
${FILESDIR}/racoon.sh > ${PREFIX}/etc/rc.d/racoon.sh
|
||||
@${CHMOD} +x ${PREFIX}/etc/rc.d/racoon.sh
|
||||
.if !defined(NOPORTDOCS)
|
||||
${MKDIR} ${DOCSDIR}
|
||||
${INSTALL_DATA} ${WRKSRC}/COPYRIGHT ${DOCSDIR}
|
||||
${INSTALL_DATA} ${WRKSRC}/COPYRIGHT.jp ${DOCSDIR}
|
||||
${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}
|
||||
${INSTALL_DATA} ${WRKSRC}/README.iked ${DOCSDIR}
|
||||
.for FILE in ${PORTDOCS}
|
||||
${INSTALL_DATA} ${WRKSRC}/doc/${FILE} ${DOCSDIR}
|
||||
.endfor
|
||||
.endif
|
||||
@if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && echo ipsec` ]; then \
|
||||
${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \
|
||||
${ECHO_MSG} " You must build the kernel if you want to run racoon on the host"; \
|
||||
|
@ -1,2 +1,2 @@
|
||||
MD5 (racoon-20040818a.tar.gz) = c983587afc2772c11e4b81c3b4b9dfc4
|
||||
SIZE (racoon-20040818a.tar.gz) = 397275
|
||||
MD5 (racoon2-20050128b.tgz) = 9c2f6365926485d47d85388a9e586cb6
|
||||
SIZE (racoon2-20050128b.tgz) = 503119
|
||||
|
@ -1,20 +0,0 @@
|
||||
--- ../libipsec/Makefile.orig Sun Jun 11 23:54:31 2000
|
||||
+++ ../libipsec/Makefile Tue Oct 17 01:06:10 2000
|
||||
@@ -25,12 +25,13 @@
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
|
||||
-.if exists(${.CURDIR}/../Makefile.opsys)
|
||||
-.include "${.CURDIR}/../Makefile.opsys"
|
||||
-.endif
|
||||
+#.if exists(${.CURDIR}/../Makefile.opsys)
|
||||
+#.include "${.CURDIR}/../Makefile.opsys"
|
||||
+#.endif
|
||||
+OPSYS!= uname -s
|
||||
|
||||
LIB= ipsec
|
||||
-CFLAGS+=-g
|
||||
+CFLAGS+=-g -I.
|
||||
.if (${OPSYS} != "NetBSD")
|
||||
CFLAGS+=-DIPSEC_DEBUG -DIPSEC -DINET6
|
||||
.else
|
@ -1,22 +0,0 @@
|
||||
--- Makefile.in.orig Fri Sep 27 07:04:59 2002
|
||||
+++ Makefile.in Thu Nov 21 22:28:50 2002
|
||||
@@ -7,7 +7,7 @@
|
||||
LDFLAGS=@LDFLAGS@
|
||||
CPPFLAGS= @CPPFLAGS@
|
||||
OPTFLAG=@OPTFLAG@
|
||||
-CFLAGS= @CFLAGS@ $(CPPFLAGS) @DEFS@ $(CPPFLAGS) $(OPTFLAG) -DIPSEC -I. -I$(srcdir) -DSYSCONFDIR=\"${sysconfdir}\"
|
||||
+CFLAGS= @CFLAGS@ $(CPPFLAGS) @DEFS@ $(CPPFLAGS) $(OPTFLAG) -DIPSEC -I. -I$(srcdir) -DSYSCONFDIR=\"${sysconfdir}/racoon\"
|
||||
CFLAGS+=-DYY_NO_UNPUT
|
||||
CFLAGS+=-I${srcdir}/../libipsec
|
||||
LIBS= @LIBS@
|
||||
@@ -88,10 +88,6 @@
|
||||
$(INSTALL) -o bin -g bin -m 444 racoon.conf.5 $(mandir)/man5
|
||||
-mkdir -p ${sysconfdir}/racoon
|
||||
for i in $(CONF); do \
|
||||
- if test ! -f ${sysconfdir}/racoon/$$i; then \
|
||||
- $(INSTALL) -o bin -g bin -m 444 samples/$$i \
|
||||
- ${sysconfdir}/racoon; \
|
||||
- fi; \
|
||||
$(INSTALL) -o bin -g bin -m 444 samples/$$i \
|
||||
${sysconfdir}/racoon/$$i.dist; \
|
||||
done
|
@ -1,11 +0,0 @@
|
||||
--- configure- Wed Jul 5 16:18:19 2000
|
||||
+++ configure Wed Jul 5 16:18:32 2000
|
||||
@@ -4021,7 +4021,7 @@
|
||||
|
||||
cat >> $CONFIG_STATUS <<EOF
|
||||
|
||||
-CONFIG_FILES=\${CONFIG_FILES-"Makefile samples/psk.txt samples/racoon.conf"}
|
||||
+CONFIG_FILES=\${CONFIG_FILES-"Makefile samples/psk.txt samples/racoon.conf racoon.8"}
|
||||
EOF
|
||||
cat >> $CONFIG_STATUS <<\EOF
|
||||
for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
|
@ -1,13 +0,0 @@
|
||||
--- racoon.8.in.orig Tue Jul 4 21:27:59 2000
|
||||
+++ racoon.8.in Wed Jul 5 16:17:43 2000
|
||||
@@ -97,8 +97,8 @@
|
||||
.El
|
||||
.\"
|
||||
.Sh FILES
|
||||
-.Bl -tag -width /usr/local/v6/etc/racoon.conf -compact
|
||||
-.It Pa /usr/local/v6/etc/racoon.conf
|
||||
+.Bl -tag -width @sysconfdir@/racoon/racoon.conf -compact
|
||||
+.It Pa @sysconfdir@/racoon/racoon.conf
|
||||
default configuration file.
|
||||
.It Pa /var/log/racoon.log
|
||||
default log file.
|
122
security/racoon2/files/patch-configure
Normal file
122
security/racoon2/files/patch-configure
Normal file
@ -0,0 +1,122 @@
|
||||
--- configure.in.orig Thu Jan 27 00:35:13 2005
|
||||
+++ configure.in Tue Feb 1 17:51:25 2005
|
||||
@@ -43,7 +43,7 @@
|
||||
dnl support before 1.5.
|
||||
boot_mech_target=install-rc-d
|
||||
;;
|
||||
-freebsd[5-9].*)
|
||||
+freebsd*)
|
||||
boot_mech_target=install-rc-d
|
||||
;;
|
||||
*)
|
||||
@@ -51,4 +51,5 @@
|
||||
;;
|
||||
esac
|
||||
|
||||
-AC_OUTPUT([Makefile samples/Makefile])
|
||||
+AC_OUTPUT([Makefile samples/Makefile samples/racoon2.conf])
|
||||
+AC_OUTPUT([samples/init.d-kinkd samples/init.d-spmd samples/rc.d-kinkd samples/rc.d-spmd])
|
||||
diff -ur samples-/init.d-kinkd.in samples/init.d-kinkd.in
|
||||
--- samples-/init.d-kinkd.in Tue Feb 1 17:18:58 2005
|
||||
+++ samples/init.d-kinkd.in Tue Feb 1 17:18:01 2005
|
||||
@@ -3,8 +3,11 @@
|
||||
# kinkd start up script
|
||||
#
|
||||
|
||||
+prefix=@prefix@
|
||||
+exec_prefix=@exec_prefix@
|
||||
+
|
||||
NAME=kinkd
|
||||
-DAEMON=/usr/local/racoon2/sbin/$NAME
|
||||
+DAEMON=@sbindir@/$NAME
|
||||
PIDFILE=/var/run/$NAME.pid
|
||||
|
||||
test -x $DAEMON || exit 0
|
||||
diff -ur samples-/init.d-spmd.in samples/init.d-spmd.in
|
||||
--- samples-/init.d-spmd.in Tue Feb 1 17:18:58 2005
|
||||
+++ samples/init.d-spmd.in Tue Feb 1 17:18:01 2005
|
||||
@@ -1,7 +1,10 @@
|
||||
#! /bin/sh
|
||||
|
||||
-PATH=/usr/local/racoon2/sbin:/usr/local/racoon2/bin:$PATH
|
||||
-DAEMON=/usr/local/racoon2/sbin/spmd
|
||||
+prefix=@prefix@
|
||||
+exec_prefix=@exec_prefix@
|
||||
+
|
||||
+PATH=@sbindir@:@bindir@:$PATH
|
||||
+DAEMON=@sbindir@/spmd
|
||||
DAEMON_OPT=""
|
||||
NAME="spmd"
|
||||
|
||||
diff -ur samples-/rc.d-kinkd.in samples/rc.d-kinkd.in
|
||||
--- samples/Makefile.in.orig Wed Jan 26 07:43:52 2005
|
||||
+++ samples/Makefile.in Tue Feb 1 17:54:30 2005
|
||||
@@ -17,8 +17,8 @@
|
||||
|
||||
install-rc-d:
|
||||
$(INSTALL) -d $(sysconfdir)/rc.d
|
||||
- $(INSTALL) rc.d-kinkd $(sysconfdir)/rc.d/kinkd
|
||||
- $(INSTALL) rc.d-spmd $(sysconfdir)/rc.d/spmd
|
||||
+ $(INSTALL) rc.d-kinkd $(sysconfdir)/rc.d/kinkd.sh
|
||||
+ $(INSTALL) rc.d-spmd $(sysconfdir)/rc.d/spmd.sh
|
||||
|
||||
install-init-d:
|
||||
$(INSTALL) -d $(sysconfdir)/init.d
|
||||
@@ -32,4 +32,4 @@
|
||||
-rm -f *~
|
||||
|
||||
distclean: clean
|
||||
- -rm -f Makefile
|
||||
+ -rm -f Makefile racoon2.conf init.d-kinkd init.d-spmd rc.d-kinkd rc.d-spmd
|
||||
--- samples/rc.d-spmd.in.orig Wed Jan 26 07:43:52 2005
|
||||
+++ samples/rc.d-spmd.in Tue Feb 1 18:31:31 2005
|
||||
@@ -3,6 +3,9 @@
|
||||
# spmd rc.d script for NetBSD
|
||||
#
|
||||
|
||||
+prefix=@prefix@
|
||||
+exec_prefix=@exec_prefix@
|
||||
+
|
||||
# PROVIDE: spmd
|
||||
# REQUIRE: isdnd ppp
|
||||
# BEFORE: SERVERS
|
||||
@@ -10,10 +13,10 @@
|
||||
. /etc/rc.subr
|
||||
|
||||
name="spmd"
|
||||
-rcvar=$name
|
||||
-command="/usr/local/racoon2/sbin/${name}"
|
||||
+rcvar=`set_rcvar`
|
||||
+command="@sbindir@/${name}"
|
||||
pidfile="/var/run/${name}.pid"
|
||||
-required_files="/usr/local/racoon2/etc/racoon2.conf"
|
||||
+required_files="@sysconfdir@/racoon2.conf"
|
||||
start_precmd="spmd_precmd"
|
||||
|
||||
spmd_precmd()
|
||||
--- samples/rc.d-kinkd.in.orig Tue Jan 11 02:00:29 2005
|
||||
+++ samples/rc.d-kinkd.in Tue Feb 1 18:31:49 2005
|
||||
@@ -3,6 +3,9 @@
|
||||
# kinkd rc.d script for NetBSD
|
||||
#
|
||||
|
||||
+prefix=@prefix@
|
||||
+exec_prefix=@exec_prefix@
|
||||
+
|
||||
# PROVIDE: kink
|
||||
# REQUIRE: isdnd kdc ppp
|
||||
# BEFORE: SERVERS
|
||||
@@ -11,10 +14,10 @@
|
||||
. /etc/rc.subr
|
||||
|
||||
name="kinkd"
|
||||
-rcvar=$name
|
||||
-command="/usr/local/racoon2/sbin/${name}"
|
||||
+rcvar=`set_rcvar`
|
||||
+command="@sbindir@/${name}"
|
||||
pidfile="/var/run/${name}.pid"
|
||||
-required_files="/usr/local/racoon2/etc/racoon2.conf"
|
||||
+required_files="@sysconfdir@/racoon2.conf"
|
||||
|
||||
load_rc_config $name
|
||||
run_rc_command "$1"
|
@ -1,42 +0,0 @@
|
||||
--- crypto_openssl.old.c 2004-04-09 22:25:56.000000000 +0530
|
||||
+++ crypto_openssl.c 2004-08-02 20:30:03.000000000 +0530
|
||||
@@ -1654,6 +1654,7 @@
|
||||
|
||||
HMAC_Final((HMAC_CTX *)c, res->v, &l);
|
||||
res->l = l;
|
||||
+ HMAC_cleanup((HMAC_CTX *)c);
|
||||
(void)racoon_free(c);
|
||||
|
||||
if (SHA512_DIGEST_LENGTH != res->l) {
|
||||
@@ -1710,6 +1711,7 @@
|
||||
|
||||
HMAC_Final((HMAC_CTX *)c, res->v, &l);
|
||||
res->l = l;
|
||||
+ HMAC_cleanup((HMAC_CTX *)c);
|
||||
(void)racoon_free(c);
|
||||
|
||||
if (SHA384_DIGEST_LENGTH != res->l) {
|
||||
@@ -1766,6 +1768,7 @@
|
||||
|
||||
HMAC_Final((HMAC_CTX *)c, res->v, &l);
|
||||
res->l = l;
|
||||
+ HMAC_cleanup((HMAC_CTX *)c);
|
||||
(void)racoon_free(c);
|
||||
|
||||
if (SHA256_DIGEST_LENGTH != res->l) {
|
||||
@@ -1823,6 +1826,7 @@
|
||||
|
||||
HMAC_Final((HMAC_CTX *)c, res->v, &l);
|
||||
res->l = l;
|
||||
+ HMAC_cleanup((HMAC_CTX *)c);
|
||||
(void)racoon_free(c);
|
||||
|
||||
if (SHA_DIGEST_LENGTH != res->l) {
|
||||
@@ -1879,6 +1883,7 @@
|
||||
|
||||
HMAC_Final((HMAC_CTX *)c, res->v, &l);
|
||||
res->l = l;
|
||||
+ HMAC_cleanup((HMAC_CTX *)c);
|
||||
(void)racoon_free(c);
|
||||
|
||||
if (MD5_DIGEST_LENGTH != res->l) {
|
@ -1,42 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Start or stop racoon
|
||||
# $FreeBSD$
|
||||
|
||||
# PROVIDE: racoon
|
||||
# REQUIRE: DAEMON
|
||||
# BEFORE: LOGIN
|
||||
# KEYWORD: FreeBSD shutdown
|
||||
#
|
||||
# NOTE for FreeBSD 5.0+:
|
||||
# If you want this script to start with the base rc scripts
|
||||
# move racoon.sh to /etc/rc.d/racoon
|
||||
|
||||
prefix=%%PREFIX%%
|
||||
|
||||
# Define these racoon_* variables in one of these files:
|
||||
# /etc/rc.conf
|
||||
# /etc/rc.conf.local
|
||||
# /etc/rc.conf.d/racoon
|
||||
#
|
||||
# DO NOT CHANGE THESE DEFAULT VALUES HERE
|
||||
#
|
||||
[ -z "$racoon_enable" ] && racoon_enable="YES" # Enable racoon
|
||||
#racoon_program="${prefix}/sbin/racoon" # Location of racoon
|
||||
#racoon_flags="" # Flags to racoon program
|
||||
|
||||
. %%RC_SUBR%%
|
||||
|
||||
name="racoon"
|
||||
rcvar=`set_rcvar`
|
||||
command="${prefix}/sbin/racoon"
|
||||
pidfile="/var/run/racoon.pid"
|
||||
required_files="${prefix}/etc/racoon/racoon.conf"
|
||||
stop_postcmd="racoon_poststop"
|
||||
|
||||
racoon_poststop() {
|
||||
/bin/rm -f ${pidfile}
|
||||
}
|
||||
|
||||
load_rc_config $name
|
||||
run_rc_command "$1"
|
@ -1,18 +1,21 @@
|
||||
racoon speaks IKE (ISAKMP/Oakley) key management protocol, to
|
||||
establish security association with other hosts.
|
||||
"racoon2" is a system to exchange and to install security parameters
|
||||
for the IPsec.
|
||||
|
||||
Known issues:
|
||||
- Too many use of dynamic memory allocation, which leads to memory leak.
|
||||
- Non-threaded implementation. Simultaneous key negotiation performance
|
||||
should be improved.
|
||||
- Cannot negotiate keys for per-socket policy.
|
||||
- Cryptic configuration syntax - blame IPsec specification too...
|
||||
- Needs more documentation.
|
||||
Currently the system supports the following specification:
|
||||
|
||||
Design choice, not a bug:
|
||||
- racoon negotiate IPsec keys only. It does not negotiate policy. Policy must
|
||||
be configured into the kernel separately from racoon. If you want to
|
||||
support roaming clients, you may need to have a mechanism to put policy
|
||||
for the roaming client after phase 1 finishes.
|
||||
Internet Key Exchange (IKEv2) Protocol
|
||||
draft-ietf-ipsec-ikev2-17.txt
|
||||
(The IKE daemon is not included in the current release due to IPR issue)
|
||||
|
||||
Kerberized Internet Negotiation of Keys (KINK)
|
||||
draft-ietf-kink-kink-06.txt
|
||||
|
||||
PF_KEY Key Management API, Version 2
|
||||
RFC2367
|
||||
|
||||
The following protocols will be supported soon.
|
||||
|
||||
The Internet Key Exchange (IKE)
|
||||
RFC2409
|
||||
|
||||
WWW: http://www.kame.net/
|
||||
|
@ -1,5 +1,9 @@
|
||||
sbin/racoon
|
||||
etc/racoon/psk.txt.dist
|
||||
etc/racoon/racoon.conf.dist
|
||||
etc/rc.d/racoon.sh
|
||||
@unexec rmdir %D/etc/racoon 2>/dev/null || true
|
||||
sbin/spmd
|
||||
sbin/kinkd
|
||||
etc/racoon2.conf.sample
|
||||
etc/rc.d/spmd.sh
|
||||
etc/rc.d/kinkd.sh
|
||||
%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT
|
||||
%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.jp
|
||||
%%PORTDOCS%%%%DOCSDIR%%/README
|
||||
%%PORTDOCS%%%%DOCSDIR%%/README.iked
|
||||
|
Loading…
Reference in New Issue
Block a user