diff --git a/net/obnc/Makefile b/net/obnc/Makefile index 234821b21d66..5374e6269439 100644 --- a/net/obnc/Makefile +++ b/net/obnc/Makefile @@ -7,6 +7,7 @@ PORTNAME= obnc PORTVERSION= 20010703 +PORTREVISION= 1 CATEGORIES= net ipv6 MASTER_SITES= ${MASTER_SITE_LOCAL} \ http://www.unixfreak.org/~dima/distfiles/ @@ -18,6 +19,9 @@ MANSECTS= 1 MAN1= nc.1 MANCOMPRESSED= maybe +CFLAGS+= -DIPSEC +MAKE_ENV= LDADD="${LDADD} -lipsec" + # MAN page COMPression SUFFIX .if !defined(NOMANCOMPRESS) MANCOMPSUFFIX= .gz diff --git a/net/obnc/files/patch-nc.1 b/net/obnc/files/patch-nc.1 new file mode 100644 index 000000000000..9093eed76497 --- /dev/null +++ b/net/obnc/files/patch-nc.1 @@ -0,0 +1,36 @@ +--- nc.1.orig Fri Oct 19 07:42:18 2001 ++++ nc.1 Fri Oct 19 07:52:16 2001 +@@ -33,7 +33,8 @@ + .Nd "arbitrary TCP and UDP connections and listens" + .Sh SYNOPSIS + .Nm nc +-.Op Fl 46hklnrtuvz ++.Op Fl 46Ehklnrtuvz ++.Op Fl e Ar IPsec policy + .Op Fl i Ar interval + .Op Fl p Ar source port + .Op Fl s Ar source ip address +@@ -90,6 +91,12 @@ + Prints out + .Nm + help. ++.It Fl E ++Shortcut for "-e 'in ipsec esp/transport//require' -e 'out ipsec esp/transport//require'", which enables IPsec ESP transport mode in both directions. ++.It Fl e ++If IPsec support is available, then one can specify the IPsec policies to be used using the syntax described in ++.Xr ipsec_set_policy 3 . ++This flag can be specified up to two times, as typically one policy for each direction is needed. + .It Fl i Ar interval + Specifies a delay time interval between lines of text sent and received. + Also causes a delay time between connections to multiple ports. +@@ -149,6 +156,10 @@ + .It Li "nc -s 10.1.2.3 example.host 42" + Open a TCP connection to port 42 of example.host using 10.1.2.3 as the + IP for the local end of the connection. ++.It Li "nc -E example.host 42" ++Open a TCP connection to port 42 of example.host using IPsec ESP for incoming and outgoing traffic. ++.It Li "nc -e 'out ipsec esp/transport//require' example.host 42" ++Open a TCP connection to port 42 of example.host using IPsec ESP for outgoing traffic only. + .It Li "nc -v hostname 42" + Open a TCP connection to port 42 of hostname, displaying some + diagnostic messages on stderr. diff --git a/net/obnc/files/patch-netcat.c b/net/obnc/files/patch-netcat.c new file mode 100644 index 000000000000..666e2aeb2809 --- /dev/null +++ b/net/obnc/files/patch-netcat.c @@ -0,0 +1,162 @@ +--- netcat.c.orig Wed Jun 27 02:23:58 2001 ++++ netcat.c Fri Oct 19 07:31:54 2001 +@@ -36,6 +36,9 @@ + #include + + #include ++#ifdef IPSEC ++#include ++#endif + #include + + #include +@@ -51,6 +54,7 @@ + #define PORT_MAX 65535 + + /* Command Line Options */ ++int Eflag; /* Use IPsec ESP */ + int iflag; /* Interval Flag */ + int kflag; /* More than one connect */ + int lflag; /* Bind to local port */ +@@ -77,12 +81,18 @@ + int udptest __P((int)); + void usage __P((int)); + ++#ifdef IPSEC ++void add_ipsec_policy __P((int, const char *)); ++ ++char *ipsec_policy[2]; ++#endif ++ + int + main(argc, argv) + int argc; + char *argv[]; + { +- int ch, s, ret; ++ int ch, s, ret, ipsec_count; + char *host, *uport, *endp; + struct addrinfo hints; + struct servent *sv; +@@ -91,12 +101,13 @@ + + ret = 1; + s = 0; ++ ipsec_count = 0; + host = NULL; + uport = NULL; + endp = NULL; + sv = NULL; + +- while ((ch = getopt(argc, argv, "46hi:klnp:rs:tuvw:z")) != -1) { ++ while ((ch = getopt(argc, argv, "46e:Ehi:klnp:rs:tuvw:z")) != -1) { + switch (ch) { + case '4': + family = AF_INET; +@@ -104,6 +115,21 @@ + case '6': + family = AF_INET6; + break; ++ case 'e': ++#ifdef IPSEC ++ ipsec_policy[ipsec_count++ % 2] = optarg; ++#else ++ errx(1, "IPsec support unavailable."); ++#endif ++ break; ++ case 'E': ++#ifdef IPSEC ++ ipsec_policy[0] = "in ipsec esp/transport//require"; ++ ipsec_policy[1] = "out ipsec esp/transport//require"; ++#else ++ errx(1, "IPsec support unavailable."); ++#endif ++ break; + case 'h': + help(); + break; +@@ -295,6 +321,12 @@ + if ((s = socket(res0->ai_family, res0->ai_socktype, + res0->ai_protocol)) < 0) + continue; ++#ifdef IPSEC ++ if (ipsec_policy[0] != NULL) ++ add_ipsec_policy(s, ipsec_policy[0]); ++ if (ipsec_policy[1] != NULL) ++ add_ipsec_policy(s, ipsec_policy[1]); ++#endif + + /* Bind to a local port or source address if specified */ + if (sflag || pflag) { +@@ -372,6 +404,12 @@ + ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); + if (ret == -1) + err(1, NULL); ++#ifdef IPSEC ++ if (ipsec_policy[0] != NULL) ++ add_ipsec_policy(s, ipsec_policy[0]); ++ if (ipsec_policy[1] != NULL) ++ add_ipsec_policy(s, ipsec_policy[1]); ++#endif + + if (bind(s, (struct sockaddr *)res0->ai_addr, + res0->ai_addrlen) == 0) +@@ -571,7 +609,13 @@ + usage(0); + fprintf(stderr, "\tCommand Summary:\n\ + \t-4 Use IPv4\n\ +- \t-6 Use IPv6\n\ ++ \t-6 Use IPv6\n"); ++#ifdef IPSEC ++ fprintf(stderr, "\ ++ \t-e policy Use specified IPsec policy\n\ ++ \t-E Use IPsec ESP\n"); ++#endif ++ fprintf(stderr, "\ + \t-h This help text\n\ + \t-i secs\t Delay interval for lines sent, ports scanned\n\ + \t-k Keep inbound sockets open for multiple connects\n\ +@@ -586,14 +630,43 @@ + \t-w secs\t Timeout for connects and final net reads\n\ + \t-z Zero-I/O mode [used for scanning]\n\ + Port numbers can be individual or ranges: lo-hi [inclusive]\n"); ++#ifdef IPSEC ++ fprintf(stderr, "See ipsec_set_policy(3) for -e argument format\n"); ++#endif + exit(1); + } + ++#ifdef IPSEC ++void ++add_ipsec_policy(int s, const char *policy) ++{ ++ char *raw; ++ int e; ++ ++ raw = ipsec_set_policy(policy, strlen(policy)); ++ if (raw == NULL) ++ errx(1, "ipsec_set_policy `%s': %s", policy, ++ ipsec_strerror()); ++ e = setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, raw, ++ ipsec_get_policylen(raw)); ++ if (e < 0) ++ err(1, "ipsec policy cannot be configured"); ++ free(raw); ++ if (vflag) ++ fprintf(stderr, "ipsec policy configured: `%s'\n", policy); ++ return; ++} ++#endif /* IPSEC */ ++ + void + usage(ret) + int ret; + { ++#ifdef IPSEC ++ fprintf(stderr, "usage: nc [-46Ehklnrtuvz] [-e policy] [-i interval] [-p source port]\n"); ++#else + fprintf(stderr, "usage: nc [-46hklnrtuvz] [-i interval] [-p source port]\n"); ++#endif + fprintf(stderr, "\t [-s ip address] [-w timeout] [hostname] [port[s...]]\n"); + if (ret) + exit(1);