Index: GIDs =================================================================== --- GIDs +++ GIDs @@ -103,6 +103,7 @@ polipo:*:173: flowtools:*:174: twms:*:175: +mlvpn:*:176: gdnsd:*:179: rt:*:180: nagios:*:181: Index: UIDs =================================================================== --- UIDs +++ UIDs @@ -109,6 +109,7 @@ polipo:*:173:173::0:0:polipo web cache:/nonexistent:/usr/sbin/nologin flowtools:*:174:174::0:0:Flow-tools collector pseudo-user:/nonexistent:/usr/sbin/nologin twms:*:175:175::0:0:tWMS pseudo-user:/nonexistent:/usr/sbin/nologin +mlvpn:*:176:176::0:0:mlVPN pseudo-user:/var/run/mlvpn:/usr/sbin/nologin gdnsd:*:179:179::0:0:gDNSd pseudo-user:/nonexistent:/usr/sbin/nologin nagios:*:181:181::0:0:Nagios pseudo-user:/var/spool/nagios:/usr/sbin/nologin noc:*:182:182::0:0:NOC pseudo-user:/usr/local/noc:/bin/sh Index: net/mlvpn/Makefile =================================================================== --- /dev/null +++ net/mlvpn/Makefile @@ -0,0 +1,42 @@ +# $FreeBSD$ + +PORTNAME= mlvpn +PORTVERSION= 2.3.1 +CATEGORIES= net + +MAINTAINER= olivier@FreeBSD.org +COMMENT= Multi-link VPN + +LICENSE= BSD2CLAUSE +LICENSE_FILE= ${WRKSRC}/LICENCE + +LIB_DEPENDS= libev.so:devel/libev \ + libsodium.so:security/libsodium + +USE_GITHUB= yes +GH_PROJECT= MLVPN +GH_ACCOUNT= zehome + +WRKSRC= ${WRKDIR}/MLVPN-${PORTVERSION} +USES= autoreconf libtool pkgconfig localbase +GNU_CONFIGURE= yes + +USERS= mlvpn +GROUPS= mlvpn +USE_RC_SUBR= mlvpn + +OPTIONS_DEFINE= CONTROL +CONTROL_DESC= Enable UNIX socket/HTTP json remote control API + +OPTIONS_DEFAULT= CONTROL +CONTROL_CONFIGURE_OFF= --disable-control + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/src/${PORTNAME} ${STAGEDIR}${PREFIX}/sbin/ + ${INSTALL_MAN} ${WRKSRC}/man/${PORTNAME}.1 ${STAGEDIR}${PREFIX}/man/man1 + ${INSTALL_MAN} ${WRKSRC}/man/${PORTNAME}.conf.5 ${STAGEDIR}${PREFIX}/man/man5 + @${MKDIR} ${STAGEDIR}${ETCDIR} + ${INSTALL_MAN} ${WRKSRC}/doc/examples/${PORTNAME}.conf.in ${STAGEDIR}${ETCDIR}/${PORTNAME}.conf.sample + ${INSTALL_SCRIPT} ${WRKSRC}/doc/examples/mlvpn_updown.sh.in ${STAGEDIR}${ETCDIR}/mlvpn_updown.sh + +.include Index: net/mlvpn/distinfo =================================================================== --- /dev/null +++ net/mlvpn/distinfo @@ -0,0 +1,2 @@ +SHA256 (zehome-mlvpn-2.3.1_GH0.tar.gz) = 4bbe8ae10ccad4ba764d29db0293b3ab523ded5d0a0b5adbe6a8d4d839e4138e +SIZE (zehome-mlvpn-2.3.1_GH0.tar.gz) = 83817 Index: net/mlvpn/files/mlvpn.in =================================================================== --- /dev/null +++ net/mlvpn/files/mlvpn.in @@ -0,0 +1,157 @@ +#!/bin/sh +# +# mlvpn - load tun/tap driver and start mlvpn daemon +# +# (C) Copyright 2005 - 2008, 2010 by Matthias Andree +# (C) Copyright 2015 Laurent COUSTET (mlvpn modifications) +# (C) Copyright 2016 Olivier Cochard-Labbe (updating rc script) + +# based on suggestions by Matthias Grimm and Dirk Gouders +# with multi-instance contribution from Denis Shaposhnikov, Gleb Kozyrev +# and Vasil Dimov +# softrestart feature suggested by Nick Hibma +# +# $FreeBSD$ +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +# Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# PROVIDE: mlvpn +# REQUIRE: DAEMON +# KEYWORD: shutdown + +# ----------------------------------------------------------------------------- +# +# This script supports running multiple instances of mlvpn +# To run additional instances link this script to something like +# % ln -s mlvpn mlvpn_foo +# and define additional mlvpn_foo_* variables in one of +# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/mlvpn_foo +# +# Below NAME should be substituted with the name of this script. By default +# it is mlvpn, so read as mlvpn_enable. If you linked the script to +# mlvpn_foo, then read as mlvpn_foo_enable etc. +# +# The following variables are supported (defaults are shown). +# You can place them in any of +# /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/NAME +# +# NAME_enable="NO" # set to YES to enable mlvpn +# NAME_if= # driver(s) to load, set to "tun", "tap" or "tun tap" +# # it is OK to specify the if_ prefix. +# +# # optional: +# NAME_flags= # additional command line arguments +# NAME_configfile="/usr/local/etc/mlvpn/NAME.conf" # --config file +# +# Note that we deliberately refrain from unloading drivers. +# +# For further documentation, please see http://www.mlvpn.fr/ +# + +. /etc/rc.subr + +case "$0" in +/etc/rc*) + # during boot (shutdown) $0 is /etc/rc (/etc/rc.shutdown), + # so get the name of the script from $_file + name="$_file" + ;; +*) + name="$0" + ;; +esac + +name="${name##*/}" +rcvar=${name}_enable + +mlvpn_stop() +{ + if [ -f ${pidfile} ]; then + rc_pid=$(check_pidfile $pidfile ${name}) + kill -TERM $rc_pid + wait_for_pids $rc_pid + fi +} + +stop_postcmd() +{ + rm -f "$pidfile" || warn "Could not remove $pidfile." +} + +mlvpn_softrestart() +{ + rc_pid=$(check_pidfile $pidfile ${name}) + local status + + if ! status=`run_rc_command status 2>&1`; then + echo $status + return 1 + fi + echo 'Softrestarting mlvpn.' + kill -USR1 $rc_pid +} + +mlvpn_status() +{ + rc_pid=$(check_pidfile $pidfile ${name}) + + if [ -z "$rc_pid" ]; then + [ -n "$rc_fast" ] && return 0 + if [ -n "$pidfile" ]; then + echo "${name} not running? (check $pidfile)." + else + echo "${name} not running?" + fi + return 1 + fi + echo "${name} is running as pid ${rc_pid}" +} + +# reload: support SIGHUP to reparse configuration file +# softrestart: support SIGUSR1 to reconnect without superuser privileges +extra_commands="reload softrestart" +softrestart_cmd="mlvpn_softrestart" + +# pidfile +pidfile="/var/run/${name}.pid" +rc_pid=$(check_pidfile $pidfile ame) + +# command and arguments +procname="%%PREFIX%%/sbin/mlvpn" +command="/usr/sbin/daemon" + +# run this last +stop_cmd="mlvpn_stop" +stop_postcmd="stop_postcmd" +status_cmd="mlvpn_status" + +load_rc_config ${name} + +eval ": \${${name}_enable:=\"NO\"}" +eval ": \${${name}_configfile:=\"/usr/local/etc/mlvpn/${name}.conf\"}" + +configfile="$(eval echo \${${name}_configfile})" +interfaces="$(eval echo \${${name}_if})" + +required_modules= +for i in $interfaces ; do + required_modules="$required_modules${required_modules:+" "}if_${i#if_}" +done + +required_files=${configfile} + +command_args="-f -p ${pidfile} ${procname} --name ${name} --config ${configfile} --user mlvpn" + +run_rc_command "$1" Index: net/mlvpn/files/patch-src_config.c =================================================================== --- /dev/null +++ net/mlvpn/files/patch-src_config.c @@ -0,0 +1,57 @@ +--- src/config.c.orig 2015-12-28 11:20:16 UTC ++++ src/config.c +@@ -269,6 +269,7 @@ mlvpn_config(int config_file_fd, int fir + } else if (strncmp(lastSection, "filters", 7) != 0) { + char *bindaddr; + char *bindport; ++ uint32_t bindfib = 0; + char *dstaddr; + char *dstport; + uint32_t bwlimit = 0; +@@ -284,6 +285,9 @@ mlvpn_config(int config_file_fd, int fir + _conf_set_str_from_conf( + config, lastSection, "bindport", &bindport, NULL, + "bind port is mandatory in server mode.\n", 1); ++ _conf_set_uint_from_conf( ++ config, lastSection, "bindfib", &bindfib, 0, ++ NULL, 0); + _conf_set_str_from_conf( + config, lastSection, "remotehost", &dstaddr, NULL, + NULL, 0); +@@ -297,6 +301,9 @@ mlvpn_config(int config_file_fd, int fir + _conf_set_str_from_conf( + config, lastSection, "bindport", &bindport, NULL, + NULL, 0); ++ _conf_set_uint_from_conf( ++ config, lastSection, "bindfib", &bindfib, 0, ++ NULL, 0); + _conf_set_str_from_conf( + config, lastSection, "remotehost", &dstaddr, NULL, + "No remote address specified.\n", 1); +@@ -336,6 +343,7 @@ mlvpn_config(int config_file_fd, int fir + tmptun->name); + if ((! mystr_eq(tmptun->bindaddr, bindaddr)) || + (! mystr_eq(tmptun->bindport, bindport)) || ++ (tmptun->bindfib != bindfib) || + (! mystr_eq(tmptun->destaddr, dstaddr)) || + (! mystr_eq(tmptun->destport, dstport))) { + mlvpn_rtun_status_down(tmptun); +@@ -347,6 +355,9 @@ mlvpn_config(int config_file_fd, int fir + if (bindport) { + strlcpy(tmptun->bindport, bindport, sizeof(tmptun->bindport)); + } ++ if (tmptun->bindfib != bindfib) { ++ tmptun->bindfib = bindfib; ++ } + if (dstaddr) { + strlcpy(tmptun->destaddr, dstaddr, sizeof(tmptun->destaddr)); + } +@@ -380,7 +391,7 @@ mlvpn_config(int config_file_fd, int fir + { + log_info("config", "%s tunnel added", lastSection); + mlvpn_rtun_new( +- lastSection, bindaddr, bindport, dstaddr, dstport, ++ lastSection, bindaddr, bindport, bindfib, dstaddr, dstport, + default_server_mode, timeout, fallback_only, + bwlimit, loss_tolerence); + } Index: net/mlvpn/files/patch-src_mlvpn.h =================================================================== --- /dev/null +++ net/mlvpn/files/patch-src_mlvpn.h @@ -0,0 +1,19 @@ +--- src/mlvpn.h.orig 2015-12-28 11:20:16 UTC ++++ src/mlvpn.h +@@ -138,6 +138,7 @@ typedef struct mlvpn_tunnel_s + char *name; /* tunnel name */ + char bindaddr[MLVPN_MAXHNAMSTR]; /* packets source */ + char bindport[MLVPN_MAXPORTSTR]; /* packets port source (or NULL) */ ++ uint32_t bindfib; /* FIB number to use */ + char destaddr[MLVPN_MAXHNAMSTR]; /* remote server ip (can be hostname) */ + char destport[MLVPN_MAXPORTSTR]; /* remote server port */ + int fd; /* socket file descriptor */ +@@ -193,7 +194,7 @@ int mlvpn_rtun_wrr_reset(struct rtunhead + mlvpn_tunnel_t *mlvpn_rtun_wrr_choose(); + mlvpn_tunnel_t *mlvpn_rtun_choose(); + mlvpn_tunnel_t *mlvpn_rtun_new(const char *name, +- const char *bindaddr, const char *bindport, ++ const char *bindaddr, const char *bindport, uint32_t bindfib, + const char *destaddr, const char *destport, + int server_mode, uint32_t timeout, + int fallback_only, uint32_t bandwidth, Index: net/mlvpn/files/patch-src_mlvpn.c =================================================================== --- /dev/null +++ net/mlvpn/files/patch-src_mlvpn.c @@ -0,0 +1,54 @@ +--- src/mlvpn.c.orig 2015-12-28 11:20:16 UTC ++++ src/mlvpn.c +@@ -597,7 +597,7 @@ mlvpn_rtun_write(EV_P_ ev_io *w, int rev + + mlvpn_tunnel_t * + mlvpn_rtun_new(const char *name, +- const char *bindaddr, const char *bindport, ++ const char *bindaddr, const char *bindport, uint32_t bindfib, + const char *destaddr, const char *destport, + int server_mode, uint32_t timeout, + int fallback_only, uint32_t bandwidth, +@@ -653,6 +653,7 @@ mlvpn_rtun_new(const char *name, + strlcpy(new->bindaddr, bindaddr, sizeof(new->bindaddr)); + if (bindport) + strlcpy(new->bindport, bindport, sizeof(new->bindport)); ++ new->bindfib = bindfib; + if (destaddr) + strlcpy(new->destaddr, destaddr, sizeof(new->destaddr)); + if (destport) +@@ -780,6 +781,7 @@ static int + mlvpn_rtun_start(mlvpn_tunnel_t *t) + { + int ret, fd = -1; ++ int fib = 0; + char *addr, *port; + struct addrinfo hints, *res; + +@@ -788,9 +790,11 @@ mlvpn_rtun_start(mlvpn_tunnel_t *t) + { + addr = t->bindaddr; + port = t->bindport; ++ fib = t->bindfib; + } else { + addr = t->destaddr; + port = t->destport; ++ fib = t->bindfib; + } + + /* Initialize hints */ +@@ -817,6 +821,14 @@ mlvpn_rtun_start(mlvpn_tunnel_t *t) + log_warn(NULL, "%s socket creation error", + t->name); + } else { ++#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD) ++ /* Setting SO_SETFIB (fib) supported on FreeBSD and OpenBSD only */ ++ if (setsockopt(fd, SOL_SOCKET, SO_SETFIB, &fib, sizeof(fib)) < 0) ++ { ++ log_warnx(NULL, "Cannot set FIB %d for kernel socket", fib); ++ goto error; ++ } ++#endif + t->fd = fd; + break; + } Index: net/mlvpn/files/patch-src_tuntap__bsd.c =================================================================== --- /dev/null +++ net/mlvpn/files/patch-src_tuntap__bsd.c @@ -0,0 +1,11 @@ +--- src/tuntap_bsd.c.orig 2015-12-28 11:20:16 UTC ++++ src/tuntap_bsd.c +@@ -21,7 +21,7 @@ mlvpn_tuntap_read(struct tuntap_s *tunta + mlvpn_tunnel_t *rtun = NULL; + mlvpn_pkt_t *pkt; + ssize_t ret; +- u_char data[DEFAULT_MTU] ++ u_char data[DEFAULT_MTU]; + struct iovec iov[2]; + uint32_t type; + Index: net/mlvpn/pkg-descr =================================================================== --- /dev/null +++ net/mlvpn/pkg-descr @@ -0,0 +1,6 @@ +MLVPN allow to bond your internet links to increase bandwidth, secure your +internet connection by actively monitoring your links and removing the faulty +ones, without loosing your TCP connections and secure your internet connection +to the aggregation server using cryptography. + +WWW: https://zehome.github.io/MLVPN/ Index: net/mlvpn/pkg-plist =================================================================== --- /dev/null +++ net/mlvpn/pkg-plist @@ -0,0 +1,5 @@ +sbin/mlvpn +man/man1/mlvpn.1.gz +man/man5/mlvpn.conf.5.gz +@sample(,,600) %%ETCDIR%%/mlvpn.conf.sample +@(,,700) %%ETCDIR%%/mlvpn_updown.sh