ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/configure.ac
(Generate patch)

Comparing gvpe/configure.ac (file contents):
Revision 1.44 by pcg, Wed Jan 31 14:02:33 2007 UTC vs.
Revision 1.66 by root, Thu Oct 25 04:32:26 2018 UTC

1dnl Process this file with autoconf to produce a configure script. 1dnl Process this file with autoconf to produce a configure script.
2 2
3AC_PREREQ(2.59) 3AC_PREREQ(2.69)
4AC_INIT 4AC_INIT
5AC_CONFIG_SRCDIR([src/gvpe.C]) 5AC_CONFIG_SRCDIR([src/gvpe.C])
6AC_CANONICAL_TARGET 6AC_CANONICAL_TARGET
7AM_INIT_AUTOMAKE(gvpe, 2.0) 7AM_INIT_AUTOMAKE(gvpe, 3.1)
8AC_CONFIG_HEADERS([config.h]) 8AC_CONFIG_HEADERS([config.h])
9AM_MAINTAINER_MODE 9AM_MAINTAINER_MODE
10 10
11AH_TOP([ 11AH_TOP([
12#ifndef CONFIG_H__ 12#ifndef CONFIG_H__
46#else 46#else
47# define CLOCALE <locale.h> 47# define CLOCALE <locale.h>
48#endif 48#endif
49]) 49])
50 50
51dnl Include the macros from the m4/ directory
52AM_ACLOCAL_INCLUDE(m4)
53
54AM_GNU_GETTEXT([external]) 51AM_GNU_GETTEXT([external])
55AM_GNU_GETTEXT_VERSION(0.11.5) 52AM_GNU_GETTEXT_VERSION(0.11.5)
56 53
57# Enable GNU extensions. 54# Enable GNU extensions.
58# Define this here, not in acconfig's @TOP@ section, since definitions 55# Define this here, not in acconfig's @TOP@ section, since definitions
64dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions]) 61dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions])
65 62
66ALL_LINGUAS="" 63ALL_LINGUAS=""
67 64
68dnl Checks for programs. 65dnl Checks for programs.
69AC_PROG_CC
70AC_PROG_CPP 66AC_PROG_CPP
71AC_PROG_CXX 67AC_PROG_CXX
72AC_PROG_GCC_TRADITIONAL 68AC_PROG_GCC_TRADITIONAL
73AC_PROG_AWK 69AC_PROG_AWK
74AC_PROG_INSTALL 70AC_PROG_INSTALL
158AC_CACHE_SAVE 154AC_CACHE_SAVE
159 155
160dnl Checks for libraries. 156dnl Checks for libraries.
161 157
162AC_LANG(C++) 158AC_LANG(C++)
163AC_CHECK_HEADERS(ext/hash_map clocale) 159AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale)
164 160
165dnl Checks for header files. 161dnl Checks for header files.
166AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ 162AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \
167 sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \ 163 sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \
168 sys/mman.h netinet/in.h]) 164 sys/mman.h netinet/in.h])
226]) 222])
227AC_CHECK_FUNC(gethostbyname, [], [ 223AC_CHECK_FUNC(gethostbyname, [], [
228 AC_CHECK_LIB(nsl, gethostbyname) 224 AC_CHECK_LIB(nsl, gethostbyname)
229]) 225])
230 226
227dnl libev support
228m4_include([libev/libev.m4])
229
231AC_LANG_POP 230AC_LANG_POP
232 231
233dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo]) 232dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo])
234 233
235AC_CACHE_SAVE 234AC_CACHE_SAVE
236 235
237dnl These are defined in files in m4/ 236dnl These are defined in files in m4/
238tinc_TUNTAP 237tinc_TUNTAP
239 238
240tinc_OPENSSL 239PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
241if test "x$openssl_include" != x; then 240
242 CXXFLAGS="$CXXFLAGS -I$openssl_include" 241AC_ARG_ENABLE(threads,
242 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
243 [try_threads=$enableval],
244 [try_threads=yes]
245)
246
247if test "x$try_threads" = xyes; then
248 AC_CHECK_HEADER(pthread.h,[
249 LIBS="$LIBS -lpthread"
250 AC_COMPILE_IFELSE(
251 [AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
252 [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
253 )
254 ])
243fi 255fi
244dnl tinc_ZLIB
245 256
246AC_ARG_ENABLE(static-daemon, 257AC_ARG_ENABLE(static-daemon,
247 [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)], 258 [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
248 [LDFLAGS_DAEMON=-static] 259 [LDFLAGS_DAEMON=-static]
249) 260)
250AC_SUBST(LDFLAGS_DAEMON) 261AC_SUBST(LDFLAGS_DAEMON)
251 262
252AC_ARG_ENABLE(rohc, 263dnl AC_ARG_ENABLE(rohc,
253 [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)], 264dnl [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)],
254 [ 265dnl [
255 echo 266dnl echo
256 echo "**********************************************************************" 267dnl echo "**********************************************************************"
257 echo "**********************************************************************" 268dnl echo "**********************************************************************"
258 echo "**** --enable-rohc is highly experimental, do not use ****************" 269dnl echo "**** --enable-rohc is highly experimental, do not use ****************"
259 echo "**********************************************************************" 270dnl echo "**********************************************************************"
260 echo "**********************************************************************" 271dnl echo "**********************************************************************"
261 echo 272dnl echo
262 rohc=true 273dnl rohc=true
263 AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support]) 274dnl AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support])
264 ] 275dnl ]
265) 276dnl )
266 277
267AM_CONDITIONAL(ROHC, test x$rohc = xtrue) 278AM_CONDITIONAL(ROHC, test x$rohc = xtrue)
268 279
269dnl AC_ARG_ENABLE(bridging, 280dnl AC_ARG_ENABLE(bridging,
270dnl [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)], 281dnl [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)],
271dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.]) 282dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.])
272dnl ) 283dnl )
273 284
285ICMP=1
274AC_ARG_ENABLE(icmp, 286AC_ARG_ENABLE(icmp,
275 [AS_HELP_STRING(--enable-icmp,enable icmp protocol support (default disabled).)], 287 [AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)],
288 if test "x$enableval" = xno; then
289 ICMP=0
290 fi
291)
292if test "x$ICMP" = x1; then
276 AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.]) 293 AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.])
277) 294fi
278 295
296TCP=1
279AC_ARG_ENABLE(tcp, 297AC_ARG_ENABLE(tcp,
280 [AS_HELP_STRING(--enable-tcp,enable tcp protocol support (default disabled).)], 298 [AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)],
299 if test "x$enableval" = xno; then
300 TCP=0
301 fi
302)
303if test "x$TCP" = x1; then
281 AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.]) 304 AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.])
305fi
306
307HTTP=1
308AC_ARG_ENABLE(http-proxy,
309 [AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)],
310 if test "x$enableval" = xno; then
311 HTTP=0
312 fi
282) 313)
314if test "x$HTTP" = x1; then
315 AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.])
316fi
283 317
284AC_ARG_ENABLE(dns, 318AC_ARG_ENABLE(dns,
285 [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (DOES NOT WORK).)], 319 [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)],
286 [ 320 [
287 AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])]) 321 AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])])
288 AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])]) 322 AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])])
289 323
290 AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.]) 324 AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
291 ] 325 ]
292) 326)
293 327
294AC_ARG_ENABLE(http-proxy, 328RSA=3072
295 [AS_HELP_STRING(--enable-http-proxy,enable http proxy connect support (default disabled).)], 329AC_ARG_ENABLE(rsa-length,
296 AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.]) 330 [AS_HELP_STRING(--enable-rsa-length=BITS,[
331 use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
332 RSA=$enableval
297) 333)
334AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])
298 335
299HMAC=12 336HMACSIZE=12
300AC_ARG_ENABLE(hmac-length, 337AC_ARG_ENABLE(hmac-length,
301 [AS_HELP_STRING(--enable-hmac-length=BYTES,[ 338 [AS_HELP_STRING(--enable-hmac-length=BYTES,[
302 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], 339 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
303 HMAC=$enableval 340 HMACSIZE=$enableval
304) 341)
305AC_DEFINE_UNQUOTED(HMACLENGTH, $HMAC, [Size of HMAC in each packet in bytes.]) 342AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
306
307RAND=8
308AC_ARG_ENABLE(rand-length,
309 [AS_HELP_STRING(--enable-rand-length=BYTES,
310 [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])],
311 RAND=$enableval
312)
313AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.])
314 343
315MTU=1500 344MTU=1500
316AC_ARG_ENABLE(mtu, 345AC_ARG_ENABLE(max-mtu,
317 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], 346 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
318 MTU=$enableval 347 MTU=$enableval
319) 348)
320AC_DEFINE_UNQUOTED(MAX_MTU, $MTU + 14, [Maximum MTU supported.]) 349AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])
321 350
322COMPRESS=1 351COMPRESS=1
323AC_ARG_ENABLE(compression, 352AC_ARG_ENABLE(compression,
324 [AS_HELP_STRING(--disable-compression,Disable compression support.)], 353 [AS_HELP_STRING(--disable-compression,Disable compression support.)],
325 if test "x$enableval" = xno; then 354 if test "x$enableval" = xno; then
326 COMPRESS=0 355 COMPRESS=0
327 fi 356 fi
328) 357)
329AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) 358AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
330 359
331CIPHER=aes_128_cbc 360CIPHER=aes_128_ctr
332AC_ARG_ENABLE(cipher, 361AC_ARG_ENABLE(cipher,
333 [AS_HELP_STRING(--enable-cipher,[ 362 [AS_HELP_STRING(--enable-cipher=CIPHER,[
334 Select the symmetric cipher (default "aes-128"). 363 Select the symmetric cipher (default "aes-128").
335 Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192" or "aes-256".])], 364 Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
336 if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi 365 #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
337 if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi 366 if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
338 if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi 367 if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
339 if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi 368 if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
369 #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
370 #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
340) 371)
341AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) 372AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
342 373
343DIGEST=ripemd160 374HMAC=sha1
344AC_ARG_ENABLE(digest, 375AC_ARG_ENABLE(hmac-digest,
345 [AS_HELP_STRING(--enable-digest,[ 376 [AS_HELP_STRING(--enable-hmac-digest=HMAC,[
346 Select the digest algorithm to use (default "ripemd160"). Must be one of 377 Select the HMAC digest algorithm to use (default "sha1"). Must be one of
347 "sha1", "ripemd160", "md5" or "md4" (insecure).])], 378 "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
379 if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
380 if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi
381 if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi
348 if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi 382 if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi
349 if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi 383 if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
384)
385AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])
386
387AUTH=sha512
388AC_ARG_ENABLE(auth-digest,
389 [AS_HELP_STRING(--enable-auth-digest=DIGEST,[
390 Select the hmac algorithm to use (default "sha512"). Must be one of
391 "sha512", "sha256", "whirlpool".])],
392 if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
350 if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi 393 if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi
351 if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi 394 if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi
352) 395)
353AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) 396AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])
354 397
355if $CXX -v --help 2>&1 | grep -q fno-rtti; then 398if $CXX -v --help 2>&1 | grep -q fno-rtti; then
356 CXXFLAGS="$CXXFLAGS -fno-rtti" 399 CXXFLAGS="$CXXFLAGS -fno-rtti"
357fi 400fi
358 401
359if $CXX -v --help 2>&1 | grep -q fexceptions; then 402#if $CXX -v --help 2>&1 | grep -q fexceptions; then
360 CXXFLAGS="$CXXFLAGS -fno-exceptions" 403# CXXFLAGS="$CXXFLAGS -fno-exceptions"
361fi 404#fi
405
406LIBS="$EXTRA_LIBS $LIBS"
362 407
363dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then 408dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
364dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" 409dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
365dnl fi 410dnl fi
366dnl 411dnl
367dnl if $LD -v --help 2>&1 | grep -q gc-sections; then 412dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
368dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" 413dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
369dnl fi 414dnl fi
370 415
371AC_SUBST(INCLUDES) 416AC_SUBST(INCLUDES)
381echo 426echo
382echo "***" 427echo "***"
383echo "*** Configuration Summary" 428echo "*** Configuration Summary"
384echo "***" 429echo "***"
385echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" 430echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
431echo "*** RSA size: $RSA"
386echo "*** Cipher used: $CIPHER" 432echo "*** Cipher used: $CIPHER"
387echo "*** Digest used: $DIGEST" 433echo "*** Digest used: $DIGEST"
434echo "*** Authdigest: $AUTH"
388echo "*** HMAC length: $HMAC" 435echo "*** HMAC length: $HMAC"
389echo "*** RAND used: $RAND"
390echo "*** Max. MTU: $MTU" 436echo "*** Max. MTU: $MTU"
391 437
392echo "***" 438echo "***"
393echo "*** Enable options:" 439echo "*** Enable options:"
394grep ENABLE_ config.h | sed -e 's/^/*** /' 440grep ENABLE_ config.h | sed -e 's/^/*** /'
395 441
396if test "x$DIGEST" = xmd4; then 442if test "$HMACSIZE" -lt 12; then
397echo "***" 443echo "***"
398echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure"
399fi
400
401if test "$HMAC" -lt 12; then
402echo "***"
403echo "*** WARNING: The hmac length you have chosen ($HMAC) is probably insecure" 444echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
404fi
405
406if test "$RAND" -lt 8; then
407echo "***"
408echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure"
409fi 445fi
410 446
411echo "***" 447echo "***"
412echo 448echo
413 449
450if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
451 cat <<EOF
452@<:@33m
453***
454*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
455***
456*** You seem to configure gvpe with OpenSSL 1.1 or newer.
457*** While this probably compiles, please note that this is not only
458*** unsupported, but also discouraged.
459***
460*** It is recommended to use either OpenSSL 1.0, as long as that is still
461*** supported, or LibreSSL (https://www.libressl.org/).
462***
463*** This is not a political issue - while porting GVPE to the newer
464*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
465*** not documented, were not caught while compiling but caused security
466*** issues. When reported, the reaction of the OpenSSL developers was to
467*** update the documentation.
468***
469*** As a result, I lost all confidence in the ability and desire of
470*** OpenSSL developers to create a safe API, and would highly recommend
471*** switching to LibreSSL which explicitly avoids such braking changes.
472***
473*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
474***
475*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
476*** You have been warned, but your choice is respected.
477***
478@<:@0m
414 479
480EOF
481fi
482
483

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines