--- gvpe/configure.ac 2007/03/29 17:35:20 1.45 +++ gvpe/configure.ac 2013/07/16 16:44:36 1.62 @@ -1,10 +1,10 @@ dnl Process this file with autoconf to produce a configure script. -AC_PREREQ(2.59) +AC_PREREQ(2.69) AC_INIT AC_CONFIG_SRCDIR([src/gvpe.C]) AC_CANONICAL_TARGET -AM_INIT_AUTOMAKE(gvpe, 2.01) +AM_INIT_AUTOMAKE(gvpe, 2.25) AC_CONFIG_HEADERS([config.h]) AM_MAINTAINER_MODE @@ -48,9 +48,6 @@ #endif ]) -dnl Include the macros from the m4/ directory -AM_ACLOCAL_INCLUDE(m4) - AM_GNU_GETTEXT([external]) AM_GNU_GETTEXT_VERSION(0.11.5) @@ -66,7 +63,6 @@ ALL_LINGUAS="" dnl Checks for programs. -AC_PROG_CC AC_PROG_CPP AC_PROG_CXX AC_PROG_GCC_TRADITIONAL @@ -160,7 +156,7 @@ dnl Checks for libraries. AC_LANG(C++) -AC_CHECK_HEADERS(ext/hash_map clocale) +AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale) dnl Checks for header files. AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ @@ -228,6 +224,9 @@ AC_CHECK_LIB(nsl, gethostbyname) ]) +dnl libev support +m4_include([libev/libev.m4]) + AC_LANG_POP dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo]) @@ -243,26 +242,42 @@ fi dnl tinc_ZLIB +AC_ARG_ENABLE(threads, + [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], + [try_threads=$enableval], + [try_threads=yes] +) + +if test "x$try_threads" = xyes; then + AC_CHECK_HEADER(pthread.h,[ + LIBS="$LIBS -lpthread" + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([#include ], [pthread_t id; pthread_create (&id, 0, 0, 0);])], + [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])] + ) + ]) +fi + AC_ARG_ENABLE(static-daemon, [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)], [LDFLAGS_DAEMON=-static] ) AC_SUBST(LDFLAGS_DAEMON) -AC_ARG_ENABLE(rohc, - [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)], - [ - echo - echo "**********************************************************************" - echo "**********************************************************************" - echo "**** --enable-rohc is highly experimental, do not use ****************" - echo "**********************************************************************" - echo "**********************************************************************" - echo - rohc=true - AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support]) - ] -) +dnl AC_ARG_ENABLE(rohc, +dnl [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)], +dnl [ +dnl echo +dnl echo "**********************************************************************" +dnl echo "**********************************************************************" +dnl echo "**** --enable-rohc is highly experimental, do not use ****************" +dnl echo "**********************************************************************" +dnl echo "**********************************************************************" +dnl echo +dnl rohc=true +dnl AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support]) +dnl ] +dnl ) AM_CONDITIONAL(ROHC, test x$rohc = xtrue) @@ -271,18 +286,41 @@ dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.]) dnl ) +ICMP=1 AC_ARG_ENABLE(icmp, - [AS_HELP_STRING(--enable-icmp,enable icmp protocol support (default disabled).)], - AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.]) + [AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)], + if test "x$enableval" = xno; then + ICMP=0 + fi ) +if test "x$ICMP" = x1; then + AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.]) +fi +TCP=1 AC_ARG_ENABLE(tcp, - [AS_HELP_STRING(--enable-tcp,enable tcp protocol support (default disabled).)], + [AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)], + if test "x$enableval" = xno; then + TCP=0 + fi +) +if test "x$TCP" = x1; then AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.]) +fi + +HTTP=1 +AC_ARG_ENABLE(http-proxy, + [AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)], + if test "x$enableval" = xno; then + HTTP=0 + fi ) +if test "x$HTTP" = x1; then + AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.]) +fi AC_ARG_ENABLE(dns, - [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (DOES NOT WORK).)], + [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)], [ AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])]) AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])]) @@ -291,10 +329,13 @@ ] ) -AC_ARG_ENABLE(http-proxy, - [AS_HELP_STRING(--enable-http-proxy,enable http proxy connect support (default disabled).)], - AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.]) +RSA=3072 +AC_ARG_ENABLE(rsa-length, + [AS_HELP_STRING(--enable-rsa-length=BITS,[ + use BITS rsa keys (default 3072). Allowed values are 2048-10240.])], + RSA=$enableval ) +AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.]) HMAC=12 AC_ARG_ENABLE(hmac-length, @@ -313,11 +354,11 @@ AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.]) MTU=1500 -AC_ARG_ENABLE(mtu, +AC_ARG_ENABLE(max-mtu, [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], MTU=$enableval ) -AC_DEFINE_UNQUOTED(MAX_MTU, $MTU + 14, [Maximum MTU supported.]) +AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.]) COMPRESS=1 AC_ARG_ENABLE(compression, @@ -330,37 +371,51 @@ CIPHER=aes_128_cbc AC_ARG_ENABLE(cipher, - [AS_HELP_STRING(--enable-cipher,[ + [AS_HELP_STRING(--enable-cipher=CIPHER,[ Select the symmetric cipher (default "aes-128"). - Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192" or "aes-256".])], - if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi - if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi - if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi - if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi + Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192", "aes-256", "camellia-128" or "camellia-256".])], + if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi + if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_cbc ; fi + if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_cbc ; fi + if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_cbc ; fi + if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi + if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi ) AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) -DIGEST=ripemd160 +DIGEST=sha1 AC_ARG_ENABLE(digest, - [AS_HELP_STRING(--enable-digest,[ - Select the digest algorithm to use (default "ripemd160"). Must be one of - "sha512", "sha256", "sha1", "ripemd160", "md5" or "md4" (insecure).])], + [AS_HELP_STRING(--enable-digest=DIGEST,[ + Select the digest algorithm to use (default "sha1"). Must be one of + "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])], + if test "x$enableval" = xwhirlpool; then DIGEST=whirlpool; fi if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi - if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi - if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi ) AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) +AUTH=sha512 +AC_ARG_ENABLE(auth-digest, + [AS_HELP_STRING(--enable-auth-digest=DIGEST,[ + Select the hmac algorithm to use (default "sha512"). Must be one of + "sha512", "sha256", "whirlpool".])], + if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi + if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi + if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi +) +AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.]) + if $CXX -v --help 2>&1 | grep -q fno-rtti; then CXXFLAGS="$CXXFLAGS -fno-rtti" fi -if $CXX -v --help 2>&1 | grep -q fexceptions; then - CXXFLAGS="$CXXFLAGS -fno-exceptions" -fi +#if $CXX -v --help 2>&1 | grep -q fexceptions; then +# CXXFLAGS="$CXXFLAGS -fno-exceptions" +#fi + +LIBS="$EXTRA_LIBS $LIBS" dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" @@ -385,8 +440,10 @@ echo "*** Configuration Summary" echo "***" echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" +echo "*** RSA size: $RSA" echo "*** Cipher used: $CIPHER" echo "*** Digest used: $DIGEST" +echo "*** Authdigest: $AUTH" echo "*** HMAC length: $HMAC" echo "*** RAND used: $RAND" echo "*** Max. MTU: $MTU" @@ -395,14 +452,9 @@ echo "*** Enable options:" grep ENABLE_ config.h | sed -e 's/^/*** /' -if test "x$DIGEST" = xmd4; then -echo "***" -echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure" -fi - if test "$HMAC" -lt 12; then echo "***" -echo "*** WARNING: The hmac length you have chosen ($HMAC) is probably insecure" +echo "*** WARNING: The hmac length you have chosen ($HMAC) is quite insecure" fi if test "$RAND" -lt 8; then