7 files changed, 161 insertions, 0 deletions

diff --git a/net/fastd/DESCR b/net/fastd/DESCR
new file mode 100644
index 00000000000..b8ee0f8edb1
--- /dev/null
+++ b/net/fastd/DESCR
@@ -0,0 +1,3 @@
+fastd is a very small VPN daemon which tunnels IP packets and Ethernet frames
+over UDP. It supports various modern encryption and authentication schemes
+and can be used in many different network topologies (1:1, 1:n, meshed).
diff --git a/net/fastd/Makefile b/net/fastd/Makefile
new file mode 100644
index 00000000000..4864f8df106
--- /dev/null
+++ b/net/fastd/Makefile
@@ -0,0 +1,76 @@
+# $NetBSD: Makefile,v 1.1 2021/06/24 14:01:31 nia Exp $
+
+DISTNAME=	fastd-21
+CATEGORIES=	net
+MASTER_SITES=	${MASTER_SITE_GITHUB:=NeoRaider/}
+GITHUB_TAG=	v${PKGVERSION_NOREV}
+
+MAINTAINER=	pkgsrc-users@NetBSD.org
+HOMEPAGE=	https://github.com/NeoRaider/fastd
+COMMENT=	Fast and small VPN tunnelling daemon
+LICENSE=	modified-bsd
+
+USE_TOOLS+=	bison pkg-config
+
+MESON_ARGS+=	-Dsystemd=disabled
+
+# breaks compatibility with older and embedded x86
+MESON_ARGS+=	-Dmac_ghash_pclmulqdq=disabled
+MESON_ARGS+=	-Dcipher_salsa20_xmm=disabled
+MESON_ARGS+=	-Dcipher_salsa2012_xmm=disabled
+
+MESON_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR:Q}
+
+RCD_SCRIPTS=	fastd
+
+PYTHON_FOR_BUILD_ONLY=	tool
+
+EGDIR=			share/examples/fastd
+
+INSTALLATION_DIRS+=	${PKGMANDIR}/man1
+INSTALLATION_DIRS+=	${EGDIR}
+
+BUILD_DEFS+=		VARBASE
+
+.include "../../mk/bsd.prefs.mk"
+
+PKG_SYSCONFSUBDIR=	fastd
+
+CONF_FILES+=		${PREFIX}/${EGDIR}/fastd.conf \
+			${PKG_SYSCONFDIR}/fastd.conf
+
+FASTD_USER?=		fastd
+FASTD_GROUP?=		fastd
+PKG_GROUPS=		${FASTD_GROUP}
+PKG_USERS=		${FASTD_USER}:${FASTD_GROUP}
+PKG_GROUPS_VARS=	FASTD_USER
+PKG_USERS_VARS=		FASTD_GROUP
+
+OWN_DIRS+=		${PKG_SYSCONFDIR}/peers
+OWN_DIRS_PERMS+=	${VARBASE}/run/fastd \
+			${FASTD_USER} ${FASTD_GROUP} 0755
+
+SUBST_CLASSES+=		paths
+SUBST_STAGE.paths=	pre-configure
+SUBST_MESSAGE.paths=	Fixing absolute paths.
+SUBST_FILES.paths=	fastd.conf
+SUBST_VARS.paths=	PREFIX VARBASE PKG_SYSCONFDIR
+SUBST_VARS.paths+=	FASTD_USER FASTD_GROUP
+
+FILES_SUBST+=		PKG_SYSCONFDIR=${PKG_SYSCONFDIR:Q}
+
+post-extract:
+	${CP} ${FILESDIR}/fastd.conf ${WRKSRC}/fastd.conf
+
+post-install:
+	${INSTALL_MAN} ${WRKSRC}/doc/fastd.1 \
+	    ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/fastd.1
+	${INSTALL_MAN} ${WRKSRC}/fastd.conf \
+	    ${DESTDIR}${PREFIX}/${EGDIR}/fastd.conf
+
+.include "../../devel/meson/build.mk"
+.include "../../security/libsodium/buildlink3.mk"
+.include "../../security/libuecc/buildlink3.mk"
+.include "../../security/openssl/buildlink3.mk"
+.include "../../textproc/json-c/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/net/fastd/PLIST b/net/fastd/PLIST
new file mode 100644
index 00000000000..7e8edc63f95
--- /dev/null
+++ b/net/fastd/PLIST
@@ -0,0 +1,4 @@
+@comment $NetBSD: PLIST,v 1.1 2021/06/24 14:01:31 nia Exp $
+bin/fastd
+man/man1/fastd.1
+share/examples/fastd/fastd.conf
diff --git a/net/fastd/distinfo b/net/fastd/distinfo
new file mode 100644
index 00000000000..aff3c5d057e
--- /dev/null
+++ b/net/fastd/distinfo
@@ -0,0 +1,7 @@
+$NetBSD: distinfo,v 1.1 2021/06/24 14:01:31 nia Exp $
+
+SHA1 (fastd-21.tar.gz) = 07b29afc9cca65c94da123a854798eeccf7f4235
+RMD160 (fastd-21.tar.gz) = 4b9f3cc72981c70b37d20d3908d06abacf88ee83
+SHA512 (fastd-21.tar.gz) = 5ddd843ece8af7fe20633c1c205a5c55b5394bcc758618143b002bfdd5e927d9183a57915d9ce59131bd161e0f77986cbe6ad78e1b8f25a28239ad96340bc6fd
+Size (fastd-21.tar.gz) = 211874 bytes
+SHA1 (patch-src_iface.c) = 0a8465db5de2eb1151ecac6611395fb77a61dba8
diff --git a/net/fastd/files/fastd.conf b/net/fastd/files/fastd.conf
new file mode 100644
index 00000000000..9ff7dbcd412
--- /dev/null
+++ b/net/fastd/files/fastd.conf
@@ -0,0 +1,36 @@
+# $NetBSD: fastd.conf,v 1.1 2021/06/24 14:01:31 nia Exp $
+
+# Log warnings and errors to stderr
+log level warn;
+
+# Log everything to syslog
+log to syslog level debug;
+
+# Drop privileges and run as the fastd user
+drop capabilities yes;
+user "@FASTD_USER@";
+group "@FASTD_GROUP@";
+
+# Create a status socket
+status socket "@VARBASE@/run/fastd/fastd.sock";
+
+# Set the interface name
+mode tap;
+interface "tap0";
+
+# Support salsa2012+umac and null methods, prefer salsa2012+umac
+method "salsa2012+umac";
+method "null";
+
+# Bind to a fixed port, IPv4 only
+bind 0.0.0.0:10000;
+
+# Generate a secret key with `fastd --generate-key`
+secret "CHANGE_ME";
+
+# Set the interface MTU for TAP mode with xsalsa20/aes128 over IPv4 with a base MTU of 1492 (PPPoE)
+# (see MTU selection documentation)
+mtu 1426;
+
+# Include peers from the directory 'peers'
+include peers from "peers";
diff --git a/net/fastd/files/fastd.sh b/net/fastd/files/fastd.sh
new file mode 100644
index 00000000000..ca3416f618c
--- /dev/null
+++ b/net/fastd/files/fastd.sh
@@ -0,0 +1,20 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: fastd.sh,v 1.1 2021/06/24 14:01:31 nia Exp $
+#
+# PROVIDE: fastd 
+# REQUIRE: DAEMON
+
+. /etc/rc.subr
+
+name="fastd"
+rcvar=${name}
+required_files="@PKG_SYSCONFDIR@/fastd.conf"
+pidfile="@VARBASE@/run/fastd/${name}.pid"
+command="@PREFIX@/bin/fastd"
+command_args="--daemon"
+command_args="${command_args} --pid-file ${pidfile}"
+command_args="${command_args} --config @PKG_SYSCONFDIR@/fastd.conf"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/net/fastd/patches/patch-src_iface.c b/net/fastd/patches/patch-src_iface.c
new file mode 100644
index 00000000000..a38303a590e
--- /dev/null
+++ b/net/fastd/patches/patch-src_iface.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-src_iface.c,v 1.1 2021/06/24 14:01:31 nia Exp $
+
+Add support for NetBSD.
+
+--- src/iface.c.orig	2020-10-19 19:24:26.000000000 +0000
++++ src/iface.c
+@@ -338,7 +338,7 @@ static void cleanup_iface(UNUSED fastd_i
+ 
+ #endif
+ 
+-#elif __APPLE__
++#elif defined(__APPLE__) || defined(__NetBSD__)
+ 
+ /** Opens the TUN/TAP device */
+ static bool open_iface(fastd_iface_t *iface, const char *ifname, uint16_t mtu) {