gvpe/configure.ac

dnl Process this file with autoconf to produce a configure script.

AC_PREREQ(2.69)
AC_INIT
AC_CONFIG_SRCDIR([src/gvpe.C])
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE(gvpe, 3.1)
AC_CONFIG_HEADERS([config.h])
AM_MAINTAINER_MODE

AH_TOP([
#ifndef CONFIG_H__
#define CONFIG_H__

#ifdef __cplusplus
   using namespace std;
#endif

])

AH_BOTTOM([
typedef unsigned char u8;
typedef signed char s8;

#if __CYGWIN__

typedef unsigned short u16;
typedef unsigned int u32;
typedef signed short s16;
typedef signed int s32;

#else
#include <inttypes.h>

/* old modula-2 habits */
typedef uint16_t u16;
typedef uint32_t u32;
typedef int16_t s16;
typedef int32_t s32;
#endif

#endif

#if HAVE_CLOCALE
# define CLOCALE <clocale>
#else
# define CLOCALE <locale.h>
#endif
])

AM_GNU_GETTEXT([external])
AM_GNU_GETTEXT_VERSION(0.11.5)

# Enable GNU extensions.
# Define this here, not in acconfig's @TOP@ section, since definitions
# in the latter don't make it into the configure-time tests.
AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extensions])

# do NOT define POSIX_SOURCE, sicne this clashes with many BSDs
dnl AC_DEFINE([_POSIX_SOURCE], 1, [Enable POSIX 1003.1 extensions])
dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions])

ALL_LINGUAS=""

dnl Checks for programs.
AC_PROG_CPP
AC_PROG_CXX
AC_PROG_GCC_TRADITIONAL
AC_PROG_AWK
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PROG_RANLIB

AC_ARG_ENABLE(iftype,
  [AS_HELP_STRING(--enable-iftype=TYPE/SUBTYPE,
     Use kernel/net device interface TYPE/SUBTYPE.
     Working combinations are (see doc/gvpe.osdep.5.pod):
        "native/linux"
        "tincd/linux"
        "tincd/netbsd"
        "tincd/freebsd"
        "tincd/openbsd"
        "native/darwin"
        "tincd/darwin"
        "native/cygwin";
     Untested combinations are:
        "tincd/bsd"
        "tincd/solaris"
        "tincd/mingw"
        "tincd/raw_socket"
        "tincd/uml_socket";
     Broken combinations are:
        "tincd/cygwin";
     The default is to autodetect.
  )],
  [
    IFTYPE=`echo $enableval | sed s%/.*%%`
    IFSUBTYPE=`echo $enableval | sed s%.*/%%`
  ]
)

dnl Check and set OS
AC_MSG_CHECKING(for kernel networking interface type)

if test "x$IFTYPE" = "x"; then
   case $target_os in
     *linux*)
       IFTYPE=native
       IFSUBTYPE=linux
       AC_DEFINE(HAVE_LINUX, 1, [Linux])
     ;;
     *freebsd*)
       IFTYPE=tincd
       IFSUBTYPE=freebsd
       AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD])
     ;;
     *darwin*)
       IFTYPE=native
       IFSUBTYPE=darwin
       AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)])
     ;;
     *solaris*)
       IFTYPE=tincd
       IFSUBTYPE=solaris
       AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS])
     ;;
     *openbsd*)
       IFTYPE=tincd
       IFSUBTYPE=openbsd
       AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD])
     ;;
     *netbsd*)
       IFTYPE=tincd
       IFSUBTYPE=netbsd
       AC_DEFINE(HAVE_NETBSD, 1, [NetBSD])
     ;;
     *cygwin*)
       IFTYPE=native
       IFSUBTYPE=cygwin
       AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin])
     ;;
     *)
       AC_MSG_ERROR("Unknown operating system.")
     ;;
   esac
fi
AC_MSG_RESULT($IFTYPE/$IFSUBTYPE)
AC_SUBST(IFTYPE,$IFTYPE)
AC_SUBST(IFSUBTYPE,$IFSUBTYPE)
AC_DEFINE_UNQUOTED(IFTYPE,"$IFTYPE",[kernel interface type])
AC_DEFINE_UNQUOTED(IFSUBTYPE,"$IFSUBTYPE",[kernel interface subtype])

AC_CACHE_SAVE

dnl Checks for libraries.

AC_LANG(C++)
AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale)

dnl Checks for header files.
AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \
        sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \
        sys/mman.h netinet/in.h])
AC_CHECK_HEADERS([arpa/inet.h net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h netinet/in_systm.h], [], [],
[
#include <sys/types.h>
#include <sys/socket.h>
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#endif
#ifdef HAVE_NETINET_IN_SYSTM_H
# include <netinet/in_systm.h>
#endif
])

dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_HEADER_TIME
AC_STRUCT_TM

AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
[
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
  #include <sys/socket.h>]], [[socklen_t len = 42; return len;]])],[ac_cv_type_socklen_t=yes],[ac_cv_type_socklen_t=no])
])
if test $ac_cv_type_socklen_t = yes; then
  AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available])
fi

AC_CACHE_CHECK([for struct addrinfo], ac_cv_struct_addrinfo,
[
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
  #include <sys/socket.h>
  #include <netdb.h>]], [[struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;]])],[ac_cv_struct_addrinfo=yes],[ac_cv_struct_addrinfo=no])
])
if test $ac_cv_struct_addrinfo = yes; then
  AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
fi

dnl Checks for library functions.
AC_TYPE_SIGNAL

AC_LANG_PUSH(C)

AC_HEADER_STDC

dnl argl, could somebody catapult darwin into the 21st century???
AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)

AC_FUNC_ALLOCA

dnl Support for SunOS

AC_CHECK_FUNC(socket, [], [
  AC_CHECK_LIB(socket, connect)
])
AC_CHECK_FUNC(gethostbyname, [], [
  AC_CHECK_LIB(nsl, gethostbyname)
])

dnl libev support
m4_include([libev/libev.m4])

AC_LANG_POP

dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo])

AC_CACHE_SAVE

dnl These are defined in files in m4/
tinc_TUNTAP

PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])

AC_ARG_ENABLE(threads,
  [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
  [try_threads=$enableval],
  [try_threads=yes]
)

if test "x$try_threads" = xyes; then
   AC_CHECK_HEADER(pthread.h,[
      LIBS="$LIBS -lpthread"
      AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
         [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
      )
   ])
fi

AC_ARG_ENABLE(static-daemon,
  [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
  [LDFLAGS_DAEMON=-static]
)
AC_SUBST(LDFLAGS_DAEMON)

dnl AC_ARG_ENABLE(rohc,
dnl   [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)],
dnl   [
dnl   echo
dnl   echo "**********************************************************************"
dnl   echo "**********************************************************************"
dnl   echo "**** --enable-rohc is highly experimental, do not use ****************"
dnl   echo "**********************************************************************"
dnl   echo "**********************************************************************"
dnl   echo
dnl   rohc=true
dnl   AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support])
dnl   ]
dnl )

AM_CONDITIONAL(ROHC, test x$rohc = xtrue)

dnl AC_ARG_ENABLE(bridging,
dnl   [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)],
dnl   AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.])
dnl )

ICMP=1
AC_ARG_ENABLE(icmp,
  [AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)],
  if test "x$enableval" = xno; then
     ICMP=0
  fi
)
if test "x$ICMP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.])
fi

TCP=1
AC_ARG_ENABLE(tcp,
  [AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)],
  if test "x$enableval" = xno; then
     TCP=0
  fi
)
if test "x$TCP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.])
fi

HTTP=1
AC_ARG_ENABLE(http-proxy,
  [AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)],
  if test "x$enableval" = xno; then
     HTTP=0
  fi
)
if test "x$HTTP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.])
fi

AC_ARG_ENABLE(dns,
  [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)],
  [
    AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])])
    AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])])

    AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
  ]
)

RSA=3072
AC_ARG_ENABLE(rsa-length,
  [AS_HELP_STRING(--enable-rsa-length=BITS,[
      use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
  RSA=$enableval
)
AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])

HMACSIZE=12
AC_ARG_ENABLE(hmac-length,
  [AS_HELP_STRING(--enable-hmac-length=BYTES,[
      use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
  HMACSIZE=$enableval
)
AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])

MTU=1500
AC_ARG_ENABLE(max-mtu,
  [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
  MTU=$enableval
)
AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])

COMPRESS=1
AC_ARG_ENABLE(compression,
  [AS_HELP_STRING(--disable-compression,Disable compression support.)],
  if test "x$enableval" = xno; then
     COMPRESS=0
  fi
)
AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])

CIPHER=aes_128_ctr
AC_ARG_ENABLE(cipher,
  [AS_HELP_STRING(--enable-cipher=CIPHER,[
      Select the symmetric cipher (default "aes-128").
      Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
  #if test "x$enableval" = xbf          ; then CIPHER=bf_ctr          ; fi
  if test "x$enableval" = xaes-128     ; then CIPHER=aes_128_ctr     ; fi
  if test "x$enableval" = xaes-192     ; then CIPHER=aes_192_ctr     ; fi
  if test "x$enableval" = xaes-256     ; then CIPHER=aes_256_ctr     ; fi
  #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
  #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
)
AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])

HMAC=sha1
AC_ARG_ENABLE(hmac-digest,
  [AS_HELP_STRING(--enable-hmac-digest=HMAC,[
      Select the HMAC digest algorithm to use (default "sha1"). Must be one of
      "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
  if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
  if test "x$enableval" = xsha512   ; then HMAC=sha512   ; fi
  if test "x$enableval" = xsha256   ; then HMAC=sha256   ; fi
  if test "x$enableval" = xsha1     ; then HMAC=sha1     ; fi
  if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
)
AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])

AUTH=sha512
AC_ARG_ENABLE(auth-digest,
  [AS_HELP_STRING(--enable-auth-digest=DIGEST,[
      Select the hmac algorithm to use (default "sha512"). Must be one of
      "sha512", "sha256", "whirlpool".])],
  if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
  if test "x$enableval" = xsha512   ; then AUTH=sha512   ; fi
  if test "x$enableval" = xsha256   ; then AUTH=sha256   ; fi
)
AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])

if $CXX -v --help 2>&1 | grep -q fno-rtti; then
   CXXFLAGS="$CXXFLAGS -fno-rtti"
fi

#if $CXX -v --help 2>&1 | grep -q fexceptions; then
#   CXXFLAGS="$CXXFLAGS -fno-exceptions"
#fi

LIBS="$EXTRA_LIBS $LIBS"

dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
dnl    CXXFLAGS="$CXXFLAGS -ffunction-sections"
dnl fi
dnl
dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
dnl    LDFLAGS="$LDFLAGS -Wl,--gc-sections"
dnl fi

AC_SUBST(INCLUDES)

AC_CONFIG_FILES([Makefile po/Makefile.in
src/Makefile
doc/Makefile
lib/Makefile
m4/Makefile
])
AC_OUTPUT

echo
echo "***"
echo "*** Configuration Summary"
echo "***"
echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
echo "*** RSA size:     $RSA"
echo "*** Cipher used:  $CIPHER"
echo "*** Digest used:  $DIGEST"
echo "*** Authdigest:   $AUTH"
echo "*** HMAC length:  $HMAC"
echo "*** Max. MTU:     $MTU"

echo "***"
echo "*** Enable options:"
grep ENABLE_ config.h | sed -e 's/^/*** /'

if test "$HMACSIZE" -lt 12; then
echo "***"
echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
fi

echo "***"
echo

if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
   cat <<EOF
@<:@33m
***
*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
***
*** You seem to configure gvpe with OpenSSL 1.1 or newer.
*** While this probably compiles, please note that this is not only
*** unsupported, but also discouraged.
***
*** It is recommended to use either OpenSSL 1.0, as long as that is still
*** supported, or LibreSSL (https://www.libressl.org/).
***
*** This is not a political issue - while porting GVPE to the newer
*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
*** not documented, were not caught while compiling but caused security
*** issues. When reported, the reaction of the OpenSSL developers was to
*** update the documentation.
***
*** As a result, I lost all confidence in the ability and desire of
*** OpenSSL developers to create a safe API, and would highly recommend
*** switching to LibreSSL which explicitly avoids such braking changes.
***
*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
***
*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
*** You have been warned, but your choice is respected.
***
@<:@0m

EOF
fi


Revision:	1.66
Committed:	Thu Oct 25 04:32:26 2018 UTC (5 years, 6 months ago) by root
Branch:	MAIN
Changes since 1.65:	+35 -6 lines
Log Message:	3.1
#	User	Rev	Content
1	pcg	1.1	dnl Process this file with autoconf to produce a configure script.
2
3	root	1.60	AC_PREREQ(2.69)
4	pcg	1.28	AC_INIT
5	pcg	1.37	AC_CONFIG_SRCDIR([src/gvpe.C])
6	pcg	1.1	AC_CANONICAL_TARGET
7	root	1.66	AM_INIT_AUTOMAKE(gvpe, 3.1)
8	pcg	1.28	AC_CONFIG_HEADERS([config.h])
9	pcg	1.1	AM_MAINTAINER_MODE
10
11			AH_TOP([
12			#ifndef CONFIG_H__
13			#define CONFIG_H__
14
15			#ifdef __cplusplus
16			using namespace std;
17			#endif
18
19			])
20
21			AH_BOTTOM([
22	pcg	1.33	typedef unsigned char u8;
23			typedef signed char s8;
24
25	pcg	1.1	#if __CYGWIN__
26
27			typedef unsigned short u16;
28			typedef unsigned int u32;
29	pcg	1.33	typedef signed short s16;
30			typedef signed int s32;
31	pcg	1.1
32			#else
33			#include <inttypes.h>
34
35			/* old modula-2 habits */
36			typedef uint16_t u16;
37			typedef uint32_t u32;
38	pcg	1.33	typedef int16_t s16;
39			typedef int32_t s32;
40	pcg	1.1	#endif
41
42			#endif
43	pcg	1.37
44	pcg	1.38	#if HAVE_CLOCALE
45			# define CLOCALE <clocale>
46	pcg	1.37	#else
47	pcg	1.38	# define CLOCALE <locale.h>
48	pcg	1.37	#endif
49	pcg	1.1	])
50
51			AM_GNU_GETTEXT([external])
52			AM_GNU_GETTEXT_VERSION(0.11.5)
53
54			# Enable GNU extensions.
55			# Define this here, not in acconfig's @TOP@ section, since definitions
56			# in the latter don't make it into the configure-time tests.
57	pcg	1.42	AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extensions])
58	pcg	1.22
59			# do NOT define POSIX_SOURCE, sicne this clashes with many BSDs
60			dnl AC_DEFINE([_POSIX_SOURCE], 1, [Enable POSIX 1003.1 extensions])
61			dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions])
62	pcg	1.1
63			ALL_LINGUAS=""
64
65			dnl Checks for programs.
66			AC_PROG_CPP
67			AC_PROG_CXX
68			AC_PROG_GCC_TRADITIONAL
69			AC_PROG_AWK
70			AC_PROG_INSTALL
71			AC_PROG_LN_S
72			AC_PROG_MAKE_SET
73			AC_PROG_RANLIB
74
75	pcg	1.8	AC_ARG_ENABLE(iftype,
76	pcg	1.28	[AS_HELP_STRING(--enable-iftype=TYPE/SUBTYPE,
77	pcg	1.8	Use kernel/net device interface TYPE/SUBTYPE.
78	pcg	1.40	Working combinations are (see doc/gvpe.osdep.5.pod):
79	pcg	1.14	"native/linux"
80			"tincd/linux"
81	pcg	1.40	"tincd/netbsd"
82	pcg	1.16	"tincd/freebsd"
83	pcg	1.17	"tincd/openbsd"
84	pcg	1.40	"native/darwin"
85	pcg	1.18	"tincd/darwin"
86	pcg	1.16	"native/cygwin";
87	pcg	1.8	Untested combinations are:
88	pcg	1.41	"tincd/bsd"
89	pcg	1.14	"tincd/solaris"
90	pcg	1.36	"tincd/mingw"
91			"tincd/raw_socket"
92			"tincd/uml_socket";
93	pcg	1.8	Broken combinations are:
94	pcg	1.14	"tincd/cygwin";
95	pcg	1.9	The default is to autodetect.
96	pcg	1.28	)],
97	pcg	1.8	[
98			IFTYPE=`echo $enableval \| sed s%/.*%%`
99			IFSUBTYPE=`echo $enableval \| sed s%.*/%%`
100			]
101			)
102
103	pcg	1.1	dnl Check and set OS
104	pcg	1.8	AC_MSG_CHECKING(for kernel networking interface type)
105	pcg	1.1
106	pcg	1.8	if test "x$IFTYPE" = "x"; then
107			case $target_os in
108			linux)
109			IFTYPE=native
110			IFSUBTYPE=linux
111			AC_DEFINE(HAVE_LINUX, 1, [Linux])
112			;;
113			freebsd)
114			IFTYPE=tincd
115			IFSUBTYPE=freebsd
116			AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD])
117			;;
118			darwin)
119	pcg	1.39	IFTYPE=native
120	pcg	1.8	IFSUBTYPE=darwin
121			AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)])
122			;;
123			solaris)
124			IFTYPE=tincd
125			IFSUBTYPE=solaris
126			AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS])
127			;;
128			openbsd)
129			IFTYPE=tincd
130			IFSUBTYPE=openbsd
131			AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD])
132			;;
133			netbsd)
134			IFTYPE=tincd
135			IFSUBTYPE=netbsd
136			AC_DEFINE(HAVE_NETBSD, 1, [NetBSD])
137			;;
138			cygwin)
139	pcg	1.15	IFTYPE=native
140	pcg	1.8	IFSUBTYPE=cygwin
141			AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin])
142			;;
143			*)
144			AC_MSG_ERROR("Unknown operating system.")
145			;;
146			esac
147			fi
148			AC_MSG_RESULT($IFTYPE/$IFSUBTYPE)
149			AC_SUBST(IFTYPE,$IFTYPE)
150			AC_SUBST(IFSUBTYPE,$IFSUBTYPE)
151	pcg	1.19	AC_DEFINE_UNQUOTED(IFTYPE,"$IFTYPE",[kernel interface type])
152			AC_DEFINE_UNQUOTED(IFSUBTYPE,"$IFSUBTYPE",[kernel interface subtype])
153	pcg	1.1
154			AC_CACHE_SAVE
155
156			dnl Checks for libraries.
157
158			AC_LANG(C++)
159	pcg	1.48	AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale)
160	pcg	1.1
161			dnl Checks for header files.
162			AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \
163	pcg	1.22	sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \
164	pcg	1.21	sys/mman.h netinet/in.h])
165	pcg	1.22	AC_CHECK_HEADERS([arpa/inet.h net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h netinet/in_systm.h], [], [],
166	pcg	1.8	[
167			#include <sys/types.h>
168			#include <sys/socket.h>
169			#ifdef HAVE_NETINET_IN_H
170			# include <netinet/in.h>
171			#endif
172			#ifdef HAVE_ARPA_INET_H
173			# include <arpa/inet.h>
174			#endif
175			#ifdef HAVE_NETINET_IN_SYSTM_H
176			# include <netinet/in_systm.h>
177			#endif
178			])
179	pcg	1.1
180			dnl Checks for typedefs, structures, and compiler characteristics.
181			AC_C_CONST
182			AC_TYPE_PID_T
183			AC_TYPE_SIZE_T
184			AC_HEADER_TIME
185			AC_STRUCT_TM
186	pcg	1.10
187	pcg	1.1	AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
188			[
189	pcg	1.28	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
190			#include <sys/socket.h>]], [[socklen_t len = 42; return len;]])],[ac_cv_type_socklen_t=yes],[ac_cv_type_socklen_t=no])
191	pcg	1.1	])
192			if test $ac_cv_type_socklen_t = yes; then
193			AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available])
194			fi
195
196			AC_CACHE_CHECK([for struct addrinfo], ac_cv_struct_addrinfo,
197			[
198	pcg	1.28	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
199	pcg	1.1	#include <sys/socket.h>
200	pcg	1.28	#include <netdb.h>]], [[struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;]])],[ac_cv_struct_addrinfo=yes],[ac_cv_struct_addrinfo=no])
201	pcg	1.1	])
202			if test $ac_cv_struct_addrinfo = yes; then
203			AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
204			fi
205
206			dnl Checks for library functions.
207			AC_TYPE_SIGNAL
208
209			AC_LANG_PUSH(C)
210
211			AC_HEADER_STDC
212
213	pcg	1.11	dnl argl, could somebody catapult darwin into the 21st century???
214	pcg	1.21	AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)
215	pcg	1.1
216			AC_FUNC_ALLOCA
217
218			dnl Support for SunOS
219
220			AC_CHECK_FUNC(socket, [], [
221			AC_CHECK_LIB(socket, connect)
222			])
223			AC_CHECK_FUNC(gethostbyname, [], [
224			AC_CHECK_LIB(nsl, gethostbyname)
225			])
226
227	pcg	1.46	dnl libev support
228	pcg	1.47	m4_include([libev/libev.m4])
229	pcg	1.46
230	pcg	1.1	AC_LANG_POP
231
232			dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo])
233
234			AC_CACHE_SAVE
235
236			dnl These are defined in files in m4/
237			tinc_TUNTAP
238	pcg	1.15
239	root	1.66	PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
240	pcg	1.1
241	root	1.58	AC_ARG_ENABLE(threads,
242			[AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
243			[try_threads=$enableval],
244			[try_threads=yes]
245			)
246
247			if test "x$try_threads" = xyes; then
248			AC_CHECK_HEADER(pthread.h,[
249			LIBS="$LIBS -lpthread"
250			AC_COMPILE_IFELSE(
251			[AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
252			[AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
253			)
254			])
255			fi
256
257	pcg	1.30	AC_ARG_ENABLE(static-daemon,
258			[AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
259			[LDFLAGS_DAEMON=-static]
260			)
261			AC_SUBST(LDFLAGS_DAEMON)
262
263	pcg	1.50	dnl AC_ARG_ENABLE(rohc,
264			dnl [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)],
265			dnl [
266			dnl echo
267			dnl echo "**********************************************************************"
268			dnl echo "**********************************************************************"
269			dnl echo "** --enable-rohc is highly experimental, do not use **************"
270			dnl echo "**********************************************************************"
271			dnl echo "**********************************************************************"
272			dnl echo
273			dnl rohc=true
274			dnl AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support])
275			dnl ]
276			dnl )
277	pcg	1.5
278	pcg	1.25	AM_CONDITIONAL(ROHC, test x$rohc = xtrue)
279
280	pcg	1.42	dnl AC_ARG_ENABLE(bridging,
281			dnl [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)],
282			dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.])
283			dnl )
284
285	pcg	1.52	ICMP=1
286	pcg	1.4	AC_ARG_ENABLE(icmp,
287	pcg	1.52	[AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)],
288			if test "x$enableval" = xno; then
289			ICMP=0
290			fi
291			)
292			if test "x$ICMP" = x1; then
293	pcg	1.4	AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.])
294	pcg	1.52	fi
295	pcg	1.4
296	pcg	1.52	TCP=1
297	pcg	1.2	AC_ARG_ENABLE(tcp,
298	pcg	1.52	[AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)],
299			if test "x$enableval" = xno; then
300			TCP=0
301			fi
302			)
303			if test "x$TCP" = x1; then
304	pcg	1.2	AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.])
305	pcg	1.52	fi
306
307			HTTP=1
308			AC_ARG_ENABLE(http-proxy,
309			[AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)],
310			if test "x$enableval" = xno; then
311			HTTP=0
312			fi
313	pcg	1.2	)
314	pcg	1.52	if test "x$HTTP" = x1; then
315			AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.])
316			fi
317	pcg	1.2
318	pcg	1.26	AC_ARG_ENABLE(dns,
319	pcg	1.52	[AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)],
320	pcg	1.34	[
321			AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])])
322			AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])])
323
324			AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
325			]
326	pcg	1.26	)
327
328	root	1.62	RSA=3072
329			AC_ARG_ENABLE(rsa-length,
330			[AS_HELP_STRING(--enable-rsa-length=BITS,[
331			use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
332			RSA=$enableval
333			)
334			AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])
335
336	root	1.63	HMACSIZE=12
337	pcg	1.1	AC_ARG_ENABLE(hmac-length,
338	pcg	1.30	[AS_HELP_STRING(--enable-hmac-length=BYTES,[
339			use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
340	root	1.63	HMACSIZE=$enableval
341	pcg	1.1	)
342	root	1.63	AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
343	pcg	1.1
344	pcg	1.30	MTU=1500
345	pcg	1.56	AC_ARG_ENABLE(max-mtu,
346	pcg	1.28	[AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
347	pcg	1.1	MTU=$enableval
348			)
349	root	1.59	AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])
350	pcg	1.1
351			COMPRESS=1
352			AC_ARG_ENABLE(compression,
353	pcg	1.28	[AS_HELP_STRING(--disable-compression,Disable compression support.)],
354	pcg	1.1	if test "x$enableval" = xno; then
355			COMPRESS=0
356			fi
357			)
358			AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
359
360	root	1.64	CIPHER=aes_128_ctr
361	pcg	1.1	AC_ARG_ENABLE(cipher,
362	pcg	1.52	[AS_HELP_STRING(--enable-cipher=CIPHER,[
363	pcg	1.42	Select the symmetric cipher (default "aes-128").
364	root	1.64	Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
365			#if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
366			if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
367			if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
368			if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
369			#if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
370			#if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
371	pcg	1.1	)
372			AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
373
374	root	1.63	HMAC=sha1
375			AC_ARG_ENABLE(hmac-digest,
376			[AS_HELP_STRING(--enable-hmac-digest=HMAC,[
377			Select the HMAC digest algorithm to use (default "sha1"). Must be one of
378	root	1.62	"sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
379	root	1.63	if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
380			if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi
381			if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi
382			if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi
383			if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
384	pcg	1.1	)
385	root	1.63	AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])
386	pcg	1.1
387	root	1.62	AUTH=sha512
388			AC_ARG_ENABLE(auth-digest,
389			[AS_HELP_STRING(--enable-auth-digest=DIGEST,[
390			Select the hmac algorithm to use (default "sha512"). Must be one of
391			"sha512", "sha256", "whirlpool".])],
392			if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
393			if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi
394			if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi
395			)
396			AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])
397
398	pcg	1.1	if $CXX -v --help 2>&1 \| grep -q fno-rtti; then
399			CXXFLAGS="$CXXFLAGS -fno-rtti"
400			fi
401
402	pcg	1.49	#if $CXX -v --help 2>&1 \| grep -q fexceptions; then
403			# CXXFLAGS="$CXXFLAGS -fno-exceptions"
404			#fi
405	pcg	1.1
406	pcg	1.47	LIBS="$EXTRA_LIBS $LIBS"
407
408	pcg	1.20	dnl if $CXX -v --help 2>&1 \| grep -q ffunction-sections; then
409			dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
410			dnl fi
411	root	1.64	dnl
412	pcg	1.20	dnl if $LD -v --help 2>&1 \| grep -q gc-sections; then
413			dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
414			dnl fi
415	pcg	1.1
416	pcg	1.42	AC_SUBST(INCLUDES)
417
418			AC_CONFIG_FILES([Makefile po/Makefile.in
419			src/Makefile
420			doc/Makefile
421			lib/Makefile
422			m4/Makefile
423			])
424			AC_OUTPUT
425	pcg	1.1
426			echo
427			echo "***"
428			echo "*** Configuration Summary"
429			echo "***"
430	pcg	1.8	echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
431	root	1.62	echo "*** RSA size: $RSA"
432	pcg	1.1	echo "*** Cipher used: $CIPHER"
433			echo "*** Digest used: $DIGEST"
434	root	1.62	echo "*** Authdigest: $AUTH"
435	pcg	1.1	echo "*** HMAC length: $HMAC"
436			echo "*** Max. MTU: $MTU"
437	pcg	1.42
438			echo "***"
439			echo "*** Enable options:"
440			grep ENABLE_ config.h \| sed -e 's/^/*** /'
441	pcg	1.24
442	root	1.63	if test "$HMACSIZE" -lt 12; then
443	pcg	1.24	echo "***"
444	root	1.63	echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
445	pcg	1.24	fi
446
447			echo "***"
448	pcg	1.1	echo
449
450	root	1.66	if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
451			cat <<EOF
452			@<:@33m
453			***
454			*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
455			***
456			*** You seem to configure gvpe with OpenSSL 1.1 or newer.
457			*** While this probably compiles, please note that this is not only
458			*** unsupported, but also discouraged.
459			***
460			*** It is recommended to use either OpenSSL 1.0, as long as that is still
461			*** supported, or LibreSSL (https://www.libressl.org/).
462			***
463			*** This is not a political issue - while porting GVPE to the newer
464			*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
465			*** not documented, were not caught while compiling but caused security
466			*** issues. When reported, the reaction of the OpenSSL developers was to
467			*** update the documentation.
468			***
469			*** As a result, I lost all confidence in the ability and desire of
470			*** OpenSSL developers to create a safe API, and would highly recommend
471			*** switching to LibreSSL which explicitly avoids such braking changes.
472			***
473			*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
474			***
475			*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
476			*** You have been warned, but your choice is respected.
477			***
478			@<:@0m
479
480			EOF
481			fi
482
483	pcg	1.1