--- gvpe/configure.ac 2003/04/07 01:12:56 1.3 +++ gvpe/configure.ac 2013/07/16 16:44:36 1.62 @@ -1,10 +1,11 @@ dnl Process this file with autoconf to produce a configure script. -AC_PREREQ(2.57) -AC_INIT(src/vped.C) +AC_PREREQ(2.69) +AC_INIT +AC_CONFIG_SRCDIR([src/gvpe.C]) AC_CANONICAL_TARGET -AM_INIT_AUTOMAKE(vpe, 0.1) -AM_CONFIG_HEADER(config.h) +AM_INIT_AUTOMAKE(gvpe, 2.25) +AC_CONFIG_HEADERS([config.h]) AM_MAINTAINER_MODE AH_TOP([ @@ -18,26 +19,34 @@ ]) AH_BOTTOM([ +typedef unsigned char u8; +typedef signed char s8; + #if __CYGWIN__ -typedef unsigned char u8; typedef unsigned short u16; typedef unsigned int u32; +typedef signed short s16; +typedef signed int s32; #else #include /* old modula-2 habits */ -typedef unsigned char u8; typedef uint16_t u16; typedef uint32_t u32; +typedef int16_t s16; +typedef int32_t s32; #endif #endif -]) -dnl Include the macros from the m4/ directory -AM_ACLOCAL_INCLUDE(m4) +#if HAVE_CLOCALE +# define CLOCALE +#else +# define CLOCALE +#endif +]) AM_GNU_GETTEXT([external]) AM_GNU_GETTEXT_VERSION(0.11.5) @@ -45,13 +54,15 @@ # Enable GNU extensions. # Define this here, not in acconfig's @TOP@ section, since definitions # in the latter don't make it into the configure-time tests. -AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extenstions]) -AC_DEFINE([__USE_BSD], 1, [Enable BSD extensions]) +AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extensions]) + +# do NOT define POSIX_SOURCE, sicne this clashes with many BSDs +dnl AC_DEFINE([_POSIX_SOURCE], 1, [Enable POSIX 1003.1 extensions]) +dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions]) ALL_LINGUAS="" dnl Checks for programs. -AC_PROG_CC AC_PROG_CPP AC_PROG_CXX AC_PROG_GCC_TRADITIONAL @@ -61,62 +72,110 @@ AC_PROG_MAKE_SET AC_PROG_RANLIB -AC_ISC_POSIX +AC_ARG_ENABLE(iftype, + [AS_HELP_STRING(--enable-iftype=TYPE/SUBTYPE, + Use kernel/net device interface TYPE/SUBTYPE. + Working combinations are (see doc/gvpe.osdep.5.pod): + "native/linux" + "tincd/linux" + "tincd/netbsd" + "tincd/freebsd" + "tincd/openbsd" + "native/darwin" + "tincd/darwin" + "native/cygwin"; + Untested combinations are: + "tincd/bsd" + "tincd/solaris" + "tincd/mingw" + "tincd/raw_socket" + "tincd/uml_socket"; + Broken combinations are: + "tincd/cygwin"; + The default is to autodetect. + )], + [ + IFTYPE=`echo $enableval | sed s%/.*%%` + IFSUBTYPE=`echo $enableval | sed s%.*/%%` + ] +) -m4_if([ dnl Check and set OS +AC_MSG_CHECKING(for kernel networking interface type) -case $target_os in - *linux*) - AC_DEFINE(HAVE_LINUX, 1, [Linux]) - [ rm -f src/device.c; ln -sf linux/device.c src/device.c ] - ;; - *freebsd*) - AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD]) - [ rm -f src/device.c; ln -sf freebsd/device.c src/device.c ] - ;; - *darwin*) - AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)]) - [ rm -f src/device.c; ln -sf darwin/device.c src/device.c ] - ;; - *solaris*) - AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS]) - [ rm -f src/device.c; ln -sf solaris/device.c src/device.c ] - ;; - *openbsd*) - AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD]) - [ rm -f src/device.c; ln -sf openbsd/device.c src/device.c ] - ;; - *netbsd*) - AC_DEFINE(HAVE_NETBSD, 1, [NetBSD]) - [ rm -f src/device.c; ln -sf netbsd/device.c src/device.c ] - ;; - *cygwin*) - AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin]) - [ rm -f src/device.c; ln -sf cygwin/device.c src/device.c ] - ;; - *) - AC_MSG_ERROR("Unknown operating system.") - ;; -esac -]) +if test "x$IFTYPE" = "x"; then + case $target_os in + *linux*) + IFTYPE=native + IFSUBTYPE=linux + AC_DEFINE(HAVE_LINUX, 1, [Linux]) + ;; + *freebsd*) + IFTYPE=tincd + IFSUBTYPE=freebsd + AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD]) + ;; + *darwin*) + IFTYPE=native + IFSUBTYPE=darwin + AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)]) + ;; + *solaris*) + IFTYPE=tincd + IFSUBTYPE=solaris + AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS]) + ;; + *openbsd*) + IFTYPE=tincd + IFSUBTYPE=openbsd + AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD]) + ;; + *netbsd*) + IFTYPE=tincd + IFSUBTYPE=netbsd + AC_DEFINE(HAVE_NETBSD, 1, [NetBSD]) + ;; + *cygwin*) + IFTYPE=native + IFSUBTYPE=cygwin + AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin]) + ;; + *) + AC_MSG_ERROR("Unknown operating system.") + ;; + esac +fi +AC_MSG_RESULT($IFTYPE/$IFSUBTYPE) +AC_SUBST(IFTYPE,$IFTYPE) +AC_SUBST(IFSUBTYPE,$IFSUBTYPE) +AC_DEFINE_UNQUOTED(IFTYPE,"$IFTYPE",[kernel interface type]) +AC_DEFINE_UNQUOTED(IFSUBTYPE,"$IFSUBTYPE",[kernel interface subtype]) AC_CACHE_SAVE dnl Checks for libraries. AC_LANG(C++) -AC_CHECK_HEADERS(ext/hash_map) +AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale) dnl Checks for header files. AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ - sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h cygwin.h]) -AC_CHECK_HEADERS([net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h], [], [], - [#include - #include - #ifdef HAVE_NETINET_IN_SYSTM_H - #include - #endif]) + sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \ + sys/mman.h netinet/in.h]) +AC_CHECK_HEADERS([arpa/inet.h net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h netinet/in_systm.h], [], [], +[ +#include +#include +#ifdef HAVE_NETINET_IN_H +# include +#endif +#ifdef HAVE_ARPA_INET_H +# include +#endif +#ifdef HAVE_NETINET_IN_SYSTM_H +# include +#endif +]) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST @@ -127,12 +186,8 @@ AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, [ - AC_TRY_COMPILE( - [#include - #include ], - [socklen_t len = 42; return len;], - ac_cv_type_socklen_t=yes, - ac_cv_type_socklen_t=no) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include + #include ]], [[socklen_t len = 42; return len;]])],[ac_cv_type_socklen_t=yes],[ac_cv_type_socklen_t=no]) ]) if test $ac_cv_type_socklen_t = yes; then AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available]) @@ -140,13 +195,9 @@ AC_CACHE_CHECK([for struct addrinfo], ac_cv_struct_addrinfo, [ - AC_TRY_COMPILE( - [#include + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include #include - #include ], - [struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;], - ac_cv_struct_addrinfo=yes, - ac_cv_struct_addrinfo=no) + #include ]], [[struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;]])],[ac_cv_struct_addrinfo=yes],[ac_cv_struct_addrinfo=no]) ]) if test $ac_cv_struct_addrinfo = yes; then AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available]) @@ -159,6 +210,7 @@ AC_HEADER_STDC +dnl argl, could somebody catapult darwin into the 21st century??? AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall) AC_FUNC_ALLOCA @@ -172,6 +224,9 @@ AC_CHECK_LIB(nsl, gethostbyname) ]) +dnl libev support +m4_include([libev/libev.m4]) + AC_LANG_POP dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo]) @@ -180,128 +235,234 @@ dnl These are defined in files in m4/ tinc_TUNTAP + tinc_OPENSSL +if test "x$openssl_include" != x; then + CXXFLAGS="$CXXFLAGS -I$openssl_include" +fi dnl tinc_ZLIB +AC_ARG_ENABLE(threads, + [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], + [try_threads=$enableval], + [try_threads=yes] +) + +if test "x$try_threads" = xyes; then + AC_CHECK_HEADER(pthread.h,[ + LIBS="$LIBS -lpthread" + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([#include ], [pthread_t id; pthread_create (&id, 0, 0, 0);])], + [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])] + ) + ]) +fi + +AC_ARG_ENABLE(static-daemon, + [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)], + [LDFLAGS_DAEMON=-static] +) +AC_SUBST(LDFLAGS_DAEMON) + +dnl AC_ARG_ENABLE(rohc, +dnl [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)], +dnl [ +dnl echo +dnl echo "**********************************************************************" +dnl echo "**********************************************************************" +dnl echo "**** --enable-rohc is highly experimental, do not use ****************" +dnl echo "**********************************************************************" +dnl echo "**********************************************************************" +dnl echo +dnl rohc=true +dnl AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support]) +dnl ] +dnl ) + +AM_CONDITIONAL(ROHC, test x$rohc = xtrue) + +dnl AC_ARG_ENABLE(bridging, +dnl [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)], +dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.]) +dnl ) + +ICMP=1 +AC_ARG_ENABLE(icmp, + [AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)], + if test "x$enableval" = xno; then + ICMP=0 + fi +) +if test "x$ICMP" = x1; then + AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.]) +fi + +TCP=1 AC_ARG_ENABLE(tcp, - [AC_HELP_STRING(--enable-tcp, [enable tcp protocol support.])], - AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.]) + [AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)], + if test "x$enableval" = xno; then + TCP=0 + fi ) +if test "x$TCP" = x1; then + AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.]) +fi +HTTP=1 AC_ARG_ENABLE(http-proxy, - [AC_HELP_STRING(--enable-http-proxy, [enable http proxy connect support.])], + [AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)], + if test "x$enableval" = xno; then + HTTP=0 + fi +) +if test "x$HTTP" = x1; then AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.]) +fi + +AC_ARG_ENABLE(dns, + [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)], + [ + AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])]) + AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])]) + + AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.]) + ] ) -HMAC=16 dnl see also the AC_HELP_STRING +RSA=3072 +AC_ARG_ENABLE(rsa-length, + [AS_HELP_STRING(--enable-rsa-length=BITS,[ + use BITS rsa keys (default 3072). Allowed values are 2048-10240.])], + RSA=$enableval +) +AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.]) + +HMAC=12 AC_ARG_ENABLE(hmac-length, - [AC_HELP_STRING(--enable-hmac-length=BYTES, [use a hmac of length BYTES bytes (default 16). Allowed values are 4, 8, 12, 16.])], + [AS_HELP_STRING(--enable-hmac-length=BYTES,[ + use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], HMAC=$enableval ) AC_DEFINE_UNQUOTED(HMACLENGTH, $HMAC, [Size of HMAC in each packet in bytes.]) -RAND=8 dnl see also the AC_HELP_STRING +RAND=8 AC_ARG_ENABLE(rand-length, - [AC_HELP_STRING(--enable-rand-length=BYTES, [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])], + [AS_HELP_STRING(--enable-rand-length=BYTES, + [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])], RAND=$enableval ) AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.]) -MTU=1500 dnl see also the AC_HELP_STRING -AC_ARG_ENABLE(mtu, - [AC_HELP_STRING(--enable-max-mtu=BYTES, enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], +MTU=1500 +AC_ARG_ENABLE(max-mtu, + [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], MTU=$enableval ) -AC_DEFINE_UNQUOTED(MAX_MTU, $MTU + 14, [Maximum MTU supported.]) +AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.]) COMPRESS=1 AC_ARG_ENABLE(compression, - [AC_HELP_STRING(--disable-compression, Disable compression support.)], + [AS_HELP_STRING(--disable-compression,Disable compression support.)], if test "x$enableval" = xno; then COMPRESS=0 fi ) AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) -CIPHER=bf_cbc +CIPHER=aes_128_cbc AC_ARG_ENABLE(cipher, - [AC_HELP_STRING(--enable-cipher, [ - Select the symmetric cipher (default "bf"). Must be one of - "bf" (blowfish), "aes-128", "aes-192" or "aes-256".])], - if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi - if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi - if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi - if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi + [AS_HELP_STRING(--enable-cipher=CIPHER,[ + Select the symmetric cipher (default "aes-128"). + Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192", "aes-256", "camellia-128" or "camellia-256".])], + if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi + if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_cbc ; fi + if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_cbc ; fi + if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_cbc ; fi + if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi + if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi ) AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) DIGEST=sha1 AC_ARG_ENABLE(digest, - [AC_HELP_STRING(--enable-digest, [ - Select the digets algorithm to use (default "sha1"). Must be one of - "sha1", "ripemd160", "md4" or "md5".])], + [AS_HELP_STRING(--enable-digest=DIGEST,[ + Select the digest algorithm to use (default "sha1"). Must be one of + "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])], + if test "x$enableval" = xwhirlpool; then DIGEST=whirlpool; fi + if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi + if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi - if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi - if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi ) AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) -TRUST=1 -m4_if([ -AC_ARG_ENABLE(trust, - [AC_HELP_STRING(--enable-trust, [ - Make authentication faster but allow decoding by all hosts of a VPN. - Use this when the VPN hosts DO trust each other and you don't care - wether man-in-the-middle sniffing attacks are possible by admins - of other VPN hosts. On pentiums or similar machines this can cut down - the time for reconnects by 0.4 seconds or more.])], - if test "x$enableval" = xyes; then - TRUST=1 - fi +AUTH=sha512 +AC_ARG_ENABLE(auth-digest, + [AS_HELP_STRING(--enable-auth-digest=DIGEST,[ + Select the hmac algorithm to use (default "sha512"). Must be one of + "sha512", "sha256", "whirlpool".])], + if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi + if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi + if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi ) -]) -AC_DEFINE_UNQUOTED(ENABLE_TRUST, $TRUST, [Faster, but VPN hosts may sniff each others data.]) +AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.]) if $CXX -v --help 2>&1 | grep -q fno-rtti; then CXXFLAGS="$CXXFLAGS -fno-rtti" fi -if $CXX -v --help 2>&1 | grep -q fexceptions; then - CXXFLAGS="$CXXFLAGS -fno-exceptions" -fi - -if $CXX -v --help 2>&1 | grep -q ffunction-sections; then - CXXFLAGS="$CXXFLAGS -ffunction-sections" -fi +#if $CXX -v --help 2>&1 | grep -q fexceptions; then +# CXXFLAGS="$CXXFLAGS -fno-exceptions" +#fi + +LIBS="$EXTRA_LIBS $LIBS" + +dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then +dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" +dnl fi +dnl +dnl if $LD -v --help 2>&1 | grep -q gc-sections; then +dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" +dnl fi -if $LD -v --help 2>&1 | grep -q gc-sections; then - LDFLAGS="$LDFLAGS -Wl,--gc-sections" -fi +AC_SUBST(INCLUDES) -AC_CONFIG_COMMANDS_POST([ +AC_CONFIG_FILES([Makefile po/Makefile.in +src/Makefile +doc/Makefile +lib/Makefile +m4/Makefile +]) +AC_OUTPUT echo echo "***" echo "*** Configuration Summary" echo "***" +echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" +echo "*** RSA size: $RSA" echo "*** Cipher used: $CIPHER" echo "*** Digest used: $DIGEST" +echo "*** Authdigest: $AUTH" echo "*** HMAC length: $HMAC" echo "*** RAND used: $RAND" echo "*** Max. MTU: $MTU" -echo "*** Compression: $COMPRESS" -dnl echo "*** Trusted Mode: $TRUST" + echo "***" -echo +echo "*** Enable options:" +grep ENABLE_ config.h | sed -e 's/^/*** /' -]) +if test "$HMAC" -lt 12; then +echo "***" +echo "*** WARNING: The hmac length you have chosen ($HMAC) is quite insecure" +fi + +if test "$RAND" -lt 8; then +echo "***" +echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure" +fi + +echo "***" +echo -AC_SUBST(INCLUDES) -AC_OUTPUT(Makefile po/Makefile.in -src/Makefile -doc/Makefile -lib/Makefile -m4/Makefile -)