gvpe/configure.ac

dnl Process this file with autoconf to produce a configure script.

AC_PREREQ([2.71])
AC_INIT([gvpe],[3.1])
AC_CONFIG_SRCDIR([src/gvpe.C])
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE
AC_CONFIG_HEADERS([config.h])
AM_MAINTAINER_MODE

AH_TOP([
#ifndef CONFIG_H__
#define CONFIG_H__

#ifdef __cplusplus
   using namespace std;
#endif

])

AH_BOTTOM([
typedef unsigned char u8;
typedef signed char s8;

#if __CYGWIN__

typedef unsigned short u16;
typedef unsigned int u32;
typedef signed short s16;
typedef signed int s32;

#else
#include <inttypes.h>

/* old modula-2 habits */
typedef uint16_t u16;
typedef uint32_t u32;
typedef int16_t s16;
typedef int32_t s32;
#endif

#endif

#if HAVE_CLOCALE
# define CLOCALE <clocale>
#else
# define CLOCALE <locale.h>
#endif
])

AM_GNU_GETTEXT([external])
AM_GNU_GETTEXT_VERSION(0.11.5)

# Enable GNU extensions.
# Define this here, not in acconfig's @TOP@ section, since definitions
# in the latter don't make it into the configure-time tests.
AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extensions])

# do NOT define POSIX_SOURCE, sicne this clashes with many BSDs
dnl AC_DEFINE([_POSIX_SOURCE], 1, [Enable POSIX 1003.1 extensions])
dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions])

ALL_LINGUAS=""

dnl Checks for programs.
AC_PROG_CPP
AC_PROG_CXX
AC_PROG_GCC_TRADITIONAL
AC_PROG_AWK
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PROG_RANLIB

AC_ARG_ENABLE(iftype,
  [AS_HELP_STRING(--enable-iftype=TYPE/SUBTYPE,
     Use kernel/net device interface TYPE/SUBTYPE.
     Working combinations are (see doc/gvpe.osdep.5.pod):
        "native/linux"
        "tincd/linux"
        "tincd/netbsd"
        "tincd/freebsd"
        "tincd/openbsd"
        "native/darwin"
        "tincd/darwin"
        "native/cygwin";
     Untested combinations are:
        "tincd/bsd"
        "tincd/solaris"
        "tincd/mingw"
        "tincd/raw_socket"
        "tincd/uml_socket";
     Broken combinations are:
        "tincd/cygwin";
     The default is to autodetect.
  )],
  [
    IFTYPE=`echo $enableval | sed s%/.*%%`
    IFSUBTYPE=`echo $enableval | sed s%.*/%%`
  ]
)

dnl Check and set OS
AC_MSG_CHECKING(for kernel networking interface type)

if test "x$IFTYPE" = "x"; then
   case $target_os in
     *linux*)
       IFTYPE=native
       IFSUBTYPE=linux
       AC_DEFINE(HAVE_LINUX, 1, [Linux])
     ;;
     *freebsd*)
       IFTYPE=tincd
       IFSUBTYPE=freebsd
       AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD])
     ;;
     *darwin*)
       IFTYPE=native
       IFSUBTYPE=darwin
       AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)])
     ;;
     *solaris*)
       IFTYPE=tincd
       IFSUBTYPE=solaris
       AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS])
     ;;
     *openbsd*)
       IFTYPE=tincd
       IFSUBTYPE=openbsd
       AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD])
     ;;
     *netbsd*)
       IFTYPE=tincd
       IFSUBTYPE=netbsd
       AC_DEFINE(HAVE_NETBSD, 1, [NetBSD])
     ;;
     *cygwin*)
       IFTYPE=native
       IFSUBTYPE=cygwin
       AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin])
     ;;
     *)
       AC_MSG_ERROR("Unknown operating system.")
     ;;
   esac
fi
AC_MSG_RESULT($IFTYPE/$IFSUBTYPE)
AC_SUBST(IFTYPE,$IFTYPE)
AC_SUBST(IFSUBTYPE,$IFSUBTYPE)
AC_DEFINE_UNQUOTED(IFTYPE,"$IFTYPE",[kernel interface type])
AC_DEFINE_UNQUOTED(IFSUBTYPE,"$IFSUBTYPE",[kernel interface subtype])

AC_CACHE_SAVE

dnl Checks for libraries.

AC_LANG(C++)
AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale)

dnl Checks for header files.
AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \
        sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \
        sys/mman.h netinet/in.h])
AC_CHECK_HEADERS([arpa/inet.h net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h netinet/in_systm.h], [], [],
[
#include <sys/types.h>
#include <sys/socket.h>
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#endif
#ifdef HAVE_NETINET_IN_SYSTM_H
# include <netinet/in_systm.h>
#endif
])

dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_CHECK_HEADERS_ONCE([sys/time.h])

AC_STRUCT_TM

AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
[
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
  #include <sys/socket.h>]], [[socklen_t len = 42; return len;]])],[ac_cv_type_socklen_t=yes],[ac_cv_type_socklen_t=no])
])
if test $ac_cv_type_socklen_t = yes; then
  AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available])
fi

AC_CACHE_CHECK([for struct addrinfo], ac_cv_struct_addrinfo,
[
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
  #include <sys/socket.h>
  #include <netdb.h>]], [[struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;]])],[ac_cv_struct_addrinfo=yes],[ac_cv_struct_addrinfo=no])
])
if test $ac_cv_struct_addrinfo = yes; then
  AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
fi

AC_LANG_PUSH(C)

dnl argl, could somebody catapult darwin into the 21st century???
AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)

AC_FUNC_ALLOCA

dnl Support for SunOS

AC_CHECK_FUNC(socket, [], [
  AC_CHECK_LIB(socket, connect)
])
AC_CHECK_FUNC(gethostbyname, [], [
  AC_CHECK_LIB(nsl, gethostbyname)
])

dnl libev support
m4_include([libev/libev.m4])

AC_LANG_POP

dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo])

AC_CACHE_SAVE

dnl These are defined in files in m4/
tinc_TUNTAP

PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])

AC_ARG_ENABLE(threads,
  [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
  [try_threads=$enableval],
  [try_threads=yes]
)

if test "x$try_threads" = xyes; then
   AC_CHECK_HEADER(pthread.h,[
      LIBS="$LIBS -lpthread"
      AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
         [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
      )
   ])
fi

AC_ARG_ENABLE(static-daemon,
  [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
  [LDFLAGS_DAEMON=-static]
)
AC_SUBST(LDFLAGS_DAEMON)

dnl AC_ARG_ENABLE(rohc,
dnl   [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)],
dnl   [
dnl   echo
dnl   echo "**********************************************************************"
dnl   echo "**********************************************************************"
dnl   echo "**** --enable-rohc is highly experimental, do not use ****************"
dnl   echo "**********************************************************************"
dnl   echo "**********************************************************************"
dnl   echo
dnl   rohc=true
dnl   AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support])
dnl   ]
dnl )

AM_CONDITIONAL(ROHC, test x$rohc = xtrue)

dnl AC_ARG_ENABLE(bridging,
dnl   [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)],
dnl   AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.])
dnl )

ICMP=1
AC_ARG_ENABLE(icmp,
  [AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)],
  if test "x$enableval" = xno; then
     ICMP=0
  fi
)
if test "x$ICMP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.])
fi

TCP=1
AC_ARG_ENABLE(tcp,
  [AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)],
  if test "x$enableval" = xno; then
     TCP=0
  fi
)
if test "x$TCP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.])
fi

HTTP=1
AC_ARG_ENABLE(http-proxy,
  [AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)],
  if test "x$enableval" = xno; then
     HTTP=0
  fi
)
if test "x$HTTP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.])
fi

AC_ARG_ENABLE(dns,
  [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)],
  [
    AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])])
    AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])])

    AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
  ]
)

RSA=3072
AC_ARG_ENABLE(rsa-length,
  [AS_HELP_STRING(--enable-rsa-length=BITS,[
      use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
  RSA=$enableval
)
AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])

HMACSIZE=12
AC_ARG_ENABLE(hmac-length,
  [AS_HELP_STRING(--enable-hmac-length=BYTES,[
      use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
  HMACSIZE=$enableval
)
AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])

MTU=1500
AC_ARG_ENABLE(max-mtu,
  [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
  MTU=$enableval
)
AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])

COMPRESS=1
AC_ARG_ENABLE(compression,
  [AS_HELP_STRING(--disable-compression,Disable compression support.)],
  if test "x$enableval" = xno; then
     COMPRESS=0
  fi
)
AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])

CIPHER=aes_128_ctr
AC_ARG_ENABLE(cipher,
  [AS_HELP_STRING(--enable-cipher=CIPHER,[
      Select the symmetric cipher (default "aes-128").
      Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
  #if test "x$enableval" = xbf          ; then CIPHER=bf_ctr          ; fi
  if test "x$enableval" = xaes-128     ; then CIPHER=aes_128_ctr     ; fi
  if test "x$enableval" = xaes-192     ; then CIPHER=aes_192_ctr     ; fi
  if test "x$enableval" = xaes-256     ; then CIPHER=aes_256_ctr     ; fi
  #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
  #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
)
AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])

HMAC=sha1
AC_ARG_ENABLE(hmac-digest,
  [AS_HELP_STRING(--enable-hmac-digest=HMAC,[
      Select the HMAC digest algorithm to use (default "sha1"). Must be one of
      "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
  if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
  if test "x$enableval" = xsha512   ; then HMAC=sha512   ; fi
  if test "x$enableval" = xsha256   ; then HMAC=sha256   ; fi
  if test "x$enableval" = xsha1     ; then HMAC=sha1     ; fi
  if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
)
AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])

AUTH=sha512
AC_ARG_ENABLE(auth-digest,
  [AS_HELP_STRING(--enable-auth-digest=DIGEST,[
      Select the hmac algorithm to use (default "sha512"). Must be one of
      "sha512", "sha256", "whirlpool".])],
  if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
  if test "x$enableval" = xsha512   ; then AUTH=sha512   ; fi
  if test "x$enableval" = xsha256   ; then AUTH=sha256   ; fi
)
AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])

if $CXX -v --help 2>&1 | grep -q fno-rtti; then
   CXXFLAGS="$CXXFLAGS -fno-rtti"
fi

#if $CXX -v --help 2>&1 | grep -q fexceptions; then
#   CXXFLAGS="$CXXFLAGS -fno-exceptions"
#fi

LIBS="$EXTRA_LIBS $LIBS"

dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
dnl    CXXFLAGS="$CXXFLAGS -ffunction-sections"
dnl fi
dnl
dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
dnl    LDFLAGS="$LDFLAGS -Wl,--gc-sections"
dnl fi

AC_SUBST(AM_CPPFLAGS)

AC_CONFIG_FILES([Makefile po/Makefile.in
src/Makefile
doc/Makefile
lib/Makefile
m4/Makefile
])
AC_OUTPUT

echo
echo "***"
echo "*** Configuration Summary"
echo "***"
echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
echo "*** RSA size:     $RSA"
echo "*** Cipher used:  $CIPHER"
echo "*** Digest used:  $DIGEST"
echo "*** Authdigest:   $AUTH"
echo "*** HMAC length:  $HMAC"
echo "*** Max. MTU:     $MTU"

echo "***"
echo "*** Enable options:"
grep ENABLE_ config.h | sed -e 's/^/*** /'

if test "$HMACSIZE" -lt 12; then
echo "***"
echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
fi

echo "***"
echo

if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
   cat <<EOF
@<:@33m
***
*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
***
*** You seem to configure gvpe with OpenSSL 1.1 or newer.
*** While this probably compiles, please note that this is not only
*** unsupported, but also discouraged.
***
*** It is recommended to use either OpenSSL 1.0, as long as that is still
*** supported, or LibreSSL (https://www.libressl.org/).
***
*** This is not a political issue - while porting GVPE to the newer
*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
*** not documented, were not caught while compiling but caused security
*** issues. When reported, the reaction of the OpenSSL developers was to
*** update the documentation.
***
*** As a result, I lost all confidence in the ability and desire of
*** OpenSSL developers to create a safe API, and would highly recommend
*** switching to LibreSSL which explicitly avoids such braking changes.
***
*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
***
*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
*** You have been warned, but your choice is respected.
***
@<:@0m

EOF
fi


Revision:	1.68
Committed:	Thu Oct 6 03:25:53 2022 UTC (19 months ago) by root
Branch:	MAIN
CVS Tags:	HEAD
Changes since 1.67:	+4 -8 lines
Log Message:	* empty log message *
#	User	Rev	Content
1	pcg	1.1	dnl Process this file with autoconf to produce a configure script.
2
3	root	1.68	AC_PREREQ([2.71])
4			AC_INIT([gvpe],[3.1])
5	pcg	1.37	AC_CONFIG_SRCDIR([src/gvpe.C])
6	pcg	1.1	AC_CANONICAL_TARGET
7	root	1.67	AM_INIT_AUTOMAKE
8	pcg	1.28	AC_CONFIG_HEADERS([config.h])
9	pcg	1.1	AM_MAINTAINER_MODE
10
11			AH_TOP([
12			#ifndef CONFIG_H__
13			#define CONFIG_H__
14
15			#ifdef __cplusplus
16			using namespace std;
17			#endif
18
19			])
20
21			AH_BOTTOM([
22	pcg	1.33	typedef unsigned char u8;
23			typedef signed char s8;
24
25	pcg	1.1	#if __CYGWIN__
26
27			typedef unsigned short u16;
28			typedef unsigned int u32;
29	pcg	1.33	typedef signed short s16;
30			typedef signed int s32;
31	pcg	1.1
32			#else
33			#include <inttypes.h>
34
35			/* old modula-2 habits */
36			typedef uint16_t u16;
37			typedef uint32_t u32;
38	pcg	1.33	typedef int16_t s16;
39			typedef int32_t s32;
40	pcg	1.1	#endif
41
42			#endif
43	pcg	1.37
44	pcg	1.38	#if HAVE_CLOCALE
45			# define CLOCALE <clocale>
46	pcg	1.37	#else
47	pcg	1.38	# define CLOCALE <locale.h>
48	pcg	1.37	#endif
49	pcg	1.1	])
50
51			AM_GNU_GETTEXT([external])
52			AM_GNU_GETTEXT_VERSION(0.11.5)
53
54			# Enable GNU extensions.
55			# Define this here, not in acconfig's @TOP@ section, since definitions
56			# in the latter don't make it into the configure-time tests.
57	pcg	1.42	AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extensions])
58	pcg	1.22
59			# do NOT define POSIX_SOURCE, sicne this clashes with many BSDs
60			dnl AC_DEFINE([_POSIX_SOURCE], 1, [Enable POSIX 1003.1 extensions])
61			dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions])
62	pcg	1.1
63			ALL_LINGUAS=""
64
65			dnl Checks for programs.
66			AC_PROG_CPP
67			AC_PROG_CXX
68			AC_PROG_GCC_TRADITIONAL
69			AC_PROG_AWK
70			AC_PROG_INSTALL
71			AC_PROG_LN_S
72			AC_PROG_MAKE_SET
73			AC_PROG_RANLIB
74
75	pcg	1.8	AC_ARG_ENABLE(iftype,
76	pcg	1.28	[AS_HELP_STRING(--enable-iftype=TYPE/SUBTYPE,
77	pcg	1.8	Use kernel/net device interface TYPE/SUBTYPE.
78	pcg	1.40	Working combinations are (see doc/gvpe.osdep.5.pod):
79	pcg	1.14	"native/linux"
80			"tincd/linux"
81	pcg	1.40	"tincd/netbsd"
82	pcg	1.16	"tincd/freebsd"
83	pcg	1.17	"tincd/openbsd"
84	pcg	1.40	"native/darwin"
85	pcg	1.18	"tincd/darwin"
86	pcg	1.16	"native/cygwin";
87	pcg	1.8	Untested combinations are:
88	pcg	1.41	"tincd/bsd"
89	pcg	1.14	"tincd/solaris"
90	pcg	1.36	"tincd/mingw"
91			"tincd/raw_socket"
92			"tincd/uml_socket";
93	pcg	1.8	Broken combinations are:
94	pcg	1.14	"tincd/cygwin";
95	pcg	1.9	The default is to autodetect.
96	pcg	1.28	)],
97	pcg	1.8	[
98			IFTYPE=`echo $enableval \| sed s%/.*%%`
99			IFSUBTYPE=`echo $enableval \| sed s%.*/%%`
100			]
101			)
102
103	pcg	1.1	dnl Check and set OS
104	pcg	1.8	AC_MSG_CHECKING(for kernel networking interface type)
105	pcg	1.1
106	pcg	1.8	if test "x$IFTYPE" = "x"; then
107			case $target_os in
108			linux)
109			IFTYPE=native
110			IFSUBTYPE=linux
111			AC_DEFINE(HAVE_LINUX, 1, [Linux])
112			;;
113			freebsd)
114			IFTYPE=tincd
115			IFSUBTYPE=freebsd
116			AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD])
117			;;
118			darwin)
119	pcg	1.39	IFTYPE=native
120	pcg	1.8	IFSUBTYPE=darwin
121			AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)])
122			;;
123			solaris)
124			IFTYPE=tincd
125			IFSUBTYPE=solaris
126			AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS])
127			;;
128			openbsd)
129			IFTYPE=tincd
130			IFSUBTYPE=openbsd
131			AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD])
132			;;
133			netbsd)
134			IFTYPE=tincd
135			IFSUBTYPE=netbsd
136			AC_DEFINE(HAVE_NETBSD, 1, [NetBSD])
137			;;
138			cygwin)
139	pcg	1.15	IFTYPE=native
140	pcg	1.8	IFSUBTYPE=cygwin
141			AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin])
142			;;
143			*)
144			AC_MSG_ERROR("Unknown operating system.")
145			;;
146			esac
147			fi
148			AC_MSG_RESULT($IFTYPE/$IFSUBTYPE)
149			AC_SUBST(IFTYPE,$IFTYPE)
150			AC_SUBST(IFSUBTYPE,$IFSUBTYPE)
151	pcg	1.19	AC_DEFINE_UNQUOTED(IFTYPE,"$IFTYPE",[kernel interface type])
152			AC_DEFINE_UNQUOTED(IFSUBTYPE,"$IFSUBTYPE",[kernel interface subtype])
153	pcg	1.1
154			AC_CACHE_SAVE
155
156			dnl Checks for libraries.
157
158			AC_LANG(C++)
159	pcg	1.48	AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale)
160	pcg	1.1
161			dnl Checks for header files.
162			AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \
163	pcg	1.22	sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \
164	pcg	1.21	sys/mman.h netinet/in.h])
165	pcg	1.22	AC_CHECK_HEADERS([arpa/inet.h net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h netinet/in_systm.h], [], [],
166	pcg	1.8	[
167			#include <sys/types.h>
168			#include <sys/socket.h>
169			#ifdef HAVE_NETINET_IN_H
170			# include <netinet/in.h>
171			#endif
172			#ifdef HAVE_ARPA_INET_H
173			# include <arpa/inet.h>
174			#endif
175			#ifdef HAVE_NETINET_IN_SYSTM_H
176			# include <netinet/in_systm.h>
177			#endif
178			])
179	pcg	1.1
180			dnl Checks for typedefs, structures, and compiler characteristics.
181			AC_C_CONST
182			AC_TYPE_PID_T
183			AC_TYPE_SIZE_T
184	root	1.68	AC_CHECK_HEADERS_ONCE([sys/time.h])
185
186	pcg	1.1	AC_STRUCT_TM
187	pcg	1.10
188	pcg	1.1	AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
189			[
190	pcg	1.28	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
191			#include <sys/socket.h>]], [[socklen_t len = 42; return len;]])],[ac_cv_type_socklen_t=yes],[ac_cv_type_socklen_t=no])
192	pcg	1.1	])
193			if test $ac_cv_type_socklen_t = yes; then
194			AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available])
195			fi
196
197			AC_CACHE_CHECK([for struct addrinfo], ac_cv_struct_addrinfo,
198			[
199	pcg	1.28	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
200	pcg	1.1	#include <sys/socket.h>
201	pcg	1.28	#include <netdb.h>]], [[struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;]])],[ac_cv_struct_addrinfo=yes],[ac_cv_struct_addrinfo=no])
202	pcg	1.1	])
203			if test $ac_cv_struct_addrinfo = yes; then
204			AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
205			fi
206
207			AC_LANG_PUSH(C)
208
209	pcg	1.11	dnl argl, could somebody catapult darwin into the 21st century???
210	pcg	1.21	AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)
211	pcg	1.1
212			AC_FUNC_ALLOCA
213
214			dnl Support for SunOS
215
216			AC_CHECK_FUNC(socket, [], [
217			AC_CHECK_LIB(socket, connect)
218			])
219			AC_CHECK_FUNC(gethostbyname, [], [
220			AC_CHECK_LIB(nsl, gethostbyname)
221			])
222
223	pcg	1.46	dnl libev support
224	pcg	1.47	m4_include([libev/libev.m4])
225	pcg	1.46
226	pcg	1.1	AC_LANG_POP
227
228			dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo])
229
230			AC_CACHE_SAVE
231
232			dnl These are defined in files in m4/
233			tinc_TUNTAP
234	pcg	1.15
235	root	1.66	PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
236	pcg	1.1
237	root	1.58	AC_ARG_ENABLE(threads,
238			[AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
239			[try_threads=$enableval],
240			[try_threads=yes]
241			)
242
243			if test "x$try_threads" = xyes; then
244			AC_CHECK_HEADER(pthread.h,[
245			LIBS="$LIBS -lpthread"
246			AC_COMPILE_IFELSE(
247			[AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
248			[AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
249			)
250			])
251			fi
252
253	pcg	1.30	AC_ARG_ENABLE(static-daemon,
254			[AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
255			[LDFLAGS_DAEMON=-static]
256			)
257			AC_SUBST(LDFLAGS_DAEMON)
258
259	pcg	1.50	dnl AC_ARG_ENABLE(rohc,
260			dnl [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)],
261			dnl [
262			dnl echo
263			dnl echo "**********************************************************************"
264			dnl echo "**********************************************************************"
265			dnl echo "** --enable-rohc is highly experimental, do not use **************"
266			dnl echo "**********************************************************************"
267			dnl echo "**********************************************************************"
268			dnl echo
269			dnl rohc=true
270			dnl AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support])
271			dnl ]
272			dnl )
273	pcg	1.5
274	pcg	1.25	AM_CONDITIONAL(ROHC, test x$rohc = xtrue)
275
276	pcg	1.42	dnl AC_ARG_ENABLE(bridging,
277			dnl [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)],
278			dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.])
279			dnl )
280
281	pcg	1.52	ICMP=1
282	pcg	1.4	AC_ARG_ENABLE(icmp,
283	pcg	1.52	[AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)],
284			if test "x$enableval" = xno; then
285			ICMP=0
286			fi
287			)
288			if test "x$ICMP" = x1; then
289	pcg	1.4	AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.])
290	pcg	1.52	fi
291	pcg	1.4
292	pcg	1.52	TCP=1
293	pcg	1.2	AC_ARG_ENABLE(tcp,
294	pcg	1.52	[AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)],
295			if test "x$enableval" = xno; then
296			TCP=0
297			fi
298			)
299			if test "x$TCP" = x1; then
300	pcg	1.2	AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.])
301	pcg	1.52	fi
302
303			HTTP=1
304			AC_ARG_ENABLE(http-proxy,
305			[AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)],
306			if test "x$enableval" = xno; then
307			HTTP=0
308			fi
309	pcg	1.2	)
310	pcg	1.52	if test "x$HTTP" = x1; then
311			AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.])
312			fi
313	pcg	1.2
314	pcg	1.26	AC_ARG_ENABLE(dns,
315	pcg	1.52	[AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)],
316	pcg	1.34	[
317			AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])])
318			AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])])
319
320			AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
321			]
322	pcg	1.26	)
323
324	root	1.62	RSA=3072
325			AC_ARG_ENABLE(rsa-length,
326			[AS_HELP_STRING(--enable-rsa-length=BITS,[
327			use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
328			RSA=$enableval
329			)
330			AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])
331
332	root	1.63	HMACSIZE=12
333	pcg	1.1	AC_ARG_ENABLE(hmac-length,
334	pcg	1.30	[AS_HELP_STRING(--enable-hmac-length=BYTES,[
335			use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
336	root	1.63	HMACSIZE=$enableval
337	pcg	1.1	)
338	root	1.63	AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
339	pcg	1.1
340	pcg	1.30	MTU=1500
341	pcg	1.56	AC_ARG_ENABLE(max-mtu,
342	pcg	1.28	[AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
343	pcg	1.1	MTU=$enableval
344			)
345	root	1.59	AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])
346	pcg	1.1
347			COMPRESS=1
348			AC_ARG_ENABLE(compression,
349	pcg	1.28	[AS_HELP_STRING(--disable-compression,Disable compression support.)],
350	pcg	1.1	if test "x$enableval" = xno; then
351			COMPRESS=0
352			fi
353			)
354			AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
355
356	root	1.64	CIPHER=aes_128_ctr
357	pcg	1.1	AC_ARG_ENABLE(cipher,
358	pcg	1.52	[AS_HELP_STRING(--enable-cipher=CIPHER,[
359	pcg	1.42	Select the symmetric cipher (default "aes-128").
360	root	1.64	Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
361			#if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
362			if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
363			if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
364			if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
365			#if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
366			#if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
367	pcg	1.1	)
368			AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
369
370	root	1.63	HMAC=sha1
371			AC_ARG_ENABLE(hmac-digest,
372			[AS_HELP_STRING(--enable-hmac-digest=HMAC,[
373			Select the HMAC digest algorithm to use (default "sha1"). Must be one of
374	root	1.62	"sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
375	root	1.63	if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
376			if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi
377			if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi
378			if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi
379			if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
380	pcg	1.1	)
381	root	1.63	AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])
382	pcg	1.1
383	root	1.62	AUTH=sha512
384			AC_ARG_ENABLE(auth-digest,
385			[AS_HELP_STRING(--enable-auth-digest=DIGEST,[
386			Select the hmac algorithm to use (default "sha512"). Must be one of
387			"sha512", "sha256", "whirlpool".])],
388			if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
389			if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi
390			if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi
391			)
392			AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])
393
394	pcg	1.1	if $CXX -v --help 2>&1 \| grep -q fno-rtti; then
395			CXXFLAGS="$CXXFLAGS -fno-rtti"
396			fi
397
398	pcg	1.49	#if $CXX -v --help 2>&1 \| grep -q fexceptions; then
399			# CXXFLAGS="$CXXFLAGS -fno-exceptions"
400			#fi
401	pcg	1.1
402	pcg	1.47	LIBS="$EXTRA_LIBS $LIBS"
403
404	pcg	1.20	dnl if $CXX -v --help 2>&1 \| grep -q ffunction-sections; then
405			dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
406			dnl fi
407	root	1.64	dnl
408	pcg	1.20	dnl if $LD -v --help 2>&1 \| grep -q gc-sections; then
409			dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
410			dnl fi
411	pcg	1.1
412	root	1.67	AC_SUBST(AM_CPPFLAGS)
413	pcg	1.42
414			AC_CONFIG_FILES([Makefile po/Makefile.in
415			src/Makefile
416			doc/Makefile
417			lib/Makefile
418			m4/Makefile
419			])
420			AC_OUTPUT
421	pcg	1.1
422			echo
423			echo "***"
424			echo "*** Configuration Summary"
425			echo "***"
426	pcg	1.8	echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
427	root	1.62	echo "*** RSA size: $RSA"
428	pcg	1.1	echo "*** Cipher used: $CIPHER"
429			echo "*** Digest used: $DIGEST"
430	root	1.62	echo "*** Authdigest: $AUTH"
431	pcg	1.1	echo "*** HMAC length: $HMAC"
432			echo "*** Max. MTU: $MTU"
433	pcg	1.42
434			echo "***"
435			echo "*** Enable options:"
436			grep ENABLE_ config.h \| sed -e 's/^/*** /'
437	pcg	1.24
438	root	1.63	if test "$HMACSIZE" -lt 12; then
439	pcg	1.24	echo "***"
440	root	1.63	echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
441	pcg	1.24	fi
442
443			echo "***"
444	pcg	1.1	echo
445
446	root	1.66	if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
447			cat <<EOF
448			@<:@33m
449			***
450			*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
451			***
452			*** You seem to configure gvpe with OpenSSL 1.1 or newer.
453			*** While this probably compiles, please note that this is not only
454			*** unsupported, but also discouraged.
455			***
456			*** It is recommended to use either OpenSSL 1.0, as long as that is still
457			*** supported, or LibreSSL (https://www.libressl.org/).
458			***
459			*** This is not a political issue - while porting GVPE to the newer
460			*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
461			*** not documented, were not caught while compiling but caused security
462			*** issues. When reported, the reaction of the OpenSSL developers was to
463			*** update the documentation.
464			***
465			*** As a result, I lost all confidence in the ability and desire of
466			*** OpenSSL developers to create a safe API, and would highly recommend
467			*** switching to LibreSSL which explicitly avoids such braking changes.
468			***
469			*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
470			***
471			*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
472			*** You have been warned, but your choice is respected.
473			***
474			@<:@0m
475
476			EOF
477			fi
478
479	pcg	1.1