gvpe/configure.ac

dnl Process this file with autoconf to produce a configure script.

AC_PREREQ(2.69)
AC_INIT(gvpe, 3.1)
AC_CONFIG_SRCDIR([src/gvpe.C])
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE
AC_CONFIG_HEADERS([config.h])
AM_MAINTAINER_MODE

AH_TOP([
#ifndef CONFIG_H__
#define CONFIG_H__

#ifdef __cplusplus
   using namespace std;
#endif

])

AH_BOTTOM([
typedef unsigned char u8;
typedef signed char s8;

#if __CYGWIN__

typedef unsigned short u16;
typedef unsigned int u32;
typedef signed short s16;
typedef signed int s32;

#else
#include <inttypes.h>

/* old modula-2 habits */
typedef uint16_t u16;
typedef uint32_t u32;
typedef int16_t s16;
typedef int32_t s32;
#endif

#endif

#if HAVE_CLOCALE
# define CLOCALE <clocale>
#else
# define CLOCALE <locale.h>
#endif
])

AM_GNU_GETTEXT([external])
AM_GNU_GETTEXT_VERSION(0.11.5)

# Enable GNU extensions.
# Define this here, not in acconfig's @TOP@ section, since definitions
# in the latter don't make it into the configure-time tests.
AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extensions])

# do NOT define POSIX_SOURCE, sicne this clashes with many BSDs
dnl AC_DEFINE([_POSIX_SOURCE], 1, [Enable POSIX 1003.1 extensions])
dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions])

ALL_LINGUAS=""

dnl Checks for programs.
AC_PROG_CPP
AC_PROG_CXX
AC_PROG_GCC_TRADITIONAL
AC_PROG_AWK
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PROG_RANLIB

AC_ARG_ENABLE(iftype,
  [AS_HELP_STRING(--enable-iftype=TYPE/SUBTYPE,
     Use kernel/net device interface TYPE/SUBTYPE.
     Working combinations are (see doc/gvpe.osdep.5.pod):
        "native/linux"
        "tincd/linux"
        "tincd/netbsd"
        "tincd/freebsd"
        "tincd/openbsd"
        "native/darwin"
        "tincd/darwin"
        "native/cygwin";
     Untested combinations are:
        "tincd/bsd"
        "tincd/solaris"
        "tincd/mingw"
        "tincd/raw_socket"
        "tincd/uml_socket";
     Broken combinations are:
        "tincd/cygwin";
     The default is to autodetect.
  )],
  [
    IFTYPE=`echo $enableval | sed s%/.*%%`
    IFSUBTYPE=`echo $enableval | sed s%.*/%%`
  ]
)

dnl Check and set OS
AC_MSG_CHECKING(for kernel networking interface type)

if test "x$IFTYPE" = "x"; then
   case $target_os in
     *linux*)
       IFTYPE=native
       IFSUBTYPE=linux
       AC_DEFINE(HAVE_LINUX, 1, [Linux])
     ;;
     *freebsd*)
       IFTYPE=tincd
       IFSUBTYPE=freebsd
       AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD])
     ;;
     *darwin*)
       IFTYPE=native
       IFSUBTYPE=darwin
       AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)])
     ;;
     *solaris*)
       IFTYPE=tincd
       IFSUBTYPE=solaris
       AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS])
     ;;
     *openbsd*)
       IFTYPE=tincd
       IFSUBTYPE=openbsd
       AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD])
     ;;
     *netbsd*)
       IFTYPE=tincd
       IFSUBTYPE=netbsd
       AC_DEFINE(HAVE_NETBSD, 1, [NetBSD])
     ;;
     *cygwin*)
       IFTYPE=native
       IFSUBTYPE=cygwin
       AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin])
     ;;
     *)
       AC_MSG_ERROR("Unknown operating system.")
     ;;
   esac
fi
AC_MSG_RESULT($IFTYPE/$IFSUBTYPE)
AC_SUBST(IFTYPE,$IFTYPE)
AC_SUBST(IFSUBTYPE,$IFSUBTYPE)
AC_DEFINE_UNQUOTED(IFTYPE,"$IFTYPE",[kernel interface type])
AC_DEFINE_UNQUOTED(IFSUBTYPE,"$IFSUBTYPE",[kernel interface subtype])

AC_CACHE_SAVE

dnl Checks for libraries.

AC_LANG(C++)
AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale)

dnl Checks for header files.
AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \
        sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \
        sys/mman.h netinet/in.h])
AC_CHECK_HEADERS([arpa/inet.h net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h netinet/in_systm.h], [], [],
[
#include <sys/types.h>
#include <sys/socket.h>
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#endif
#ifdef HAVE_NETINET_IN_SYSTM_H
# include <netinet/in_systm.h>
#endif
])

dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_HEADER_TIME
AC_STRUCT_TM

AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
[
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
  #include <sys/socket.h>]], [[socklen_t len = 42; return len;]])],[ac_cv_type_socklen_t=yes],[ac_cv_type_socklen_t=no])
])
if test $ac_cv_type_socklen_t = yes; then
  AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available])
fi

AC_CACHE_CHECK([for struct addrinfo], ac_cv_struct_addrinfo,
[
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
  #include <sys/socket.h>
  #include <netdb.h>]], [[struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;]])],[ac_cv_struct_addrinfo=yes],[ac_cv_struct_addrinfo=no])
])
if test $ac_cv_struct_addrinfo = yes; then
  AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
fi

dnl Checks for library functions.
AC_TYPE_SIGNAL

AC_LANG_PUSH(C)

AC_HEADER_STDC

dnl argl, could somebody catapult darwin into the 21st century???
AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)

AC_FUNC_ALLOCA

dnl Support for SunOS

AC_CHECK_FUNC(socket, [], [
  AC_CHECK_LIB(socket, connect)
])
AC_CHECK_FUNC(gethostbyname, [], [
  AC_CHECK_LIB(nsl, gethostbyname)
])

dnl libev support
m4_include([libev/libev.m4])

AC_LANG_POP

dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo])

AC_CACHE_SAVE

dnl These are defined in files in m4/
tinc_TUNTAP

PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])

AC_ARG_ENABLE(threads,
  [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
  [try_threads=$enableval],
  [try_threads=yes]
)

if test "x$try_threads" = xyes; then
   AC_CHECK_HEADER(pthread.h,[
      LIBS="$LIBS -lpthread"
      AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
         [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
      )
   ])
fi

AC_ARG_ENABLE(static-daemon,
  [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
  [LDFLAGS_DAEMON=-static]
)
AC_SUBST(LDFLAGS_DAEMON)

dnl AC_ARG_ENABLE(rohc,
dnl   [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)],
dnl   [
dnl   echo
dnl   echo "**********************************************************************"
dnl   echo "**********************************************************************"
dnl   echo "**** --enable-rohc is highly experimental, do not use ****************"
dnl   echo "**********************************************************************"
dnl   echo "**********************************************************************"
dnl   echo
dnl   rohc=true
dnl   AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support])
dnl   ]
dnl )

AM_CONDITIONAL(ROHC, test x$rohc = xtrue)

dnl AC_ARG_ENABLE(bridging,
dnl   [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)],
dnl   AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.])
dnl )

ICMP=1
AC_ARG_ENABLE(icmp,
  [AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)],
  if test "x$enableval" = xno; then
     ICMP=0
  fi
)
if test "x$ICMP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.])
fi

TCP=1
AC_ARG_ENABLE(tcp,
  [AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)],
  if test "x$enableval" = xno; then
     TCP=0
  fi
)
if test "x$TCP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.])
fi

HTTP=1
AC_ARG_ENABLE(http-proxy,
  [AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)],
  if test "x$enableval" = xno; then
     HTTP=0
  fi
)
if test "x$HTTP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.])
fi

AC_ARG_ENABLE(dns,
  [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)],
  [
    AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])])
    AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])])

    AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
  ]
)

RSA=3072
AC_ARG_ENABLE(rsa-length,
  [AS_HELP_STRING(--enable-rsa-length=BITS,[
      use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
  RSA=$enableval
)
AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])

HMACSIZE=12
AC_ARG_ENABLE(hmac-length,
  [AS_HELP_STRING(--enable-hmac-length=BYTES,[
      use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
  HMACSIZE=$enableval
)
AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])

MTU=1500
AC_ARG_ENABLE(max-mtu,
  [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
  MTU=$enableval
)
AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])

COMPRESS=1
AC_ARG_ENABLE(compression,
  [AS_HELP_STRING(--disable-compression,Disable compression support.)],
  if test "x$enableval" = xno; then
     COMPRESS=0
  fi
)
AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])

CIPHER=aes_128_ctr
AC_ARG_ENABLE(cipher,
  [AS_HELP_STRING(--enable-cipher=CIPHER,[
      Select the symmetric cipher (default "aes-128").
      Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
  #if test "x$enableval" = xbf          ; then CIPHER=bf_ctr          ; fi
  if test "x$enableval" = xaes-128     ; then CIPHER=aes_128_ctr     ; fi
  if test "x$enableval" = xaes-192     ; then CIPHER=aes_192_ctr     ; fi
  if test "x$enableval" = xaes-256     ; then CIPHER=aes_256_ctr     ; fi
  #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
  #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
)
AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])

HMAC=sha1
AC_ARG_ENABLE(hmac-digest,
  [AS_HELP_STRING(--enable-hmac-digest=HMAC,[
      Select the HMAC digest algorithm to use (default "sha1"). Must be one of
      "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
  if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
  if test "x$enableval" = xsha512   ; then HMAC=sha512   ; fi
  if test "x$enableval" = xsha256   ; then HMAC=sha256   ; fi
  if test "x$enableval" = xsha1     ; then HMAC=sha1     ; fi
  if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
)
AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])

AUTH=sha512
AC_ARG_ENABLE(auth-digest,
  [AS_HELP_STRING(--enable-auth-digest=DIGEST,[
      Select the hmac algorithm to use (default "sha512"). Must be one of
      "sha512", "sha256", "whirlpool".])],
  if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
  if test "x$enableval" = xsha512   ; then AUTH=sha512   ; fi
  if test "x$enableval" = xsha256   ; then AUTH=sha256   ; fi
)
AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])

if $CXX -v --help 2>&1 | grep -q fno-rtti; then
   CXXFLAGS="$CXXFLAGS -fno-rtti"
fi

#if $CXX -v --help 2>&1 | grep -q fexceptions; then
#   CXXFLAGS="$CXXFLAGS -fno-exceptions"
#fi

LIBS="$EXTRA_LIBS $LIBS"

dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
dnl    CXXFLAGS="$CXXFLAGS -ffunction-sections"
dnl fi
dnl
dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
dnl    LDFLAGS="$LDFLAGS -Wl,--gc-sections"
dnl fi

AC_SUBST(AM_CPPFLAGS)

AC_CONFIG_FILES([Makefile po/Makefile.in
src/Makefile
doc/Makefile
lib/Makefile
m4/Makefile
])
AC_OUTPUT

echo
echo "***"
echo "*** Configuration Summary"
echo "***"
echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
echo "*** RSA size:     $RSA"
echo "*** Cipher used:  $CIPHER"
echo "*** Digest used:  $DIGEST"
echo "*** Authdigest:   $AUTH"
echo "*** HMAC length:  $HMAC"
echo "*** Max. MTU:     $MTU"

echo "***"
echo "*** Enable options:"
grep ENABLE_ config.h | sed -e 's/^/*** /'

if test "$HMACSIZE" -lt 12; then
echo "***"
echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
fi

echo "***"
echo

if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
   cat <<EOF
@<:@33m
***
*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
***
*** You seem to configure gvpe with OpenSSL 1.1 or newer.
*** While this probably compiles, please note that this is not only
*** unsupported, but also discouraged.
***
*** It is recommended to use either OpenSSL 1.0, as long as that is still
*** supported, or LibreSSL (https://www.libressl.org/).
***
*** This is not a political issue - while porting GVPE to the newer
*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
*** not documented, were not caught while compiling but caused security
*** issues. When reported, the reaction of the OpenSSL developers was to
*** update the documentation.
***
*** As a result, I lost all confidence in the ability and desire of
*** OpenSSL developers to create a safe API, and would highly recommend
*** switching to LibreSSL which explicitly avoids such braking changes.
***
*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
***
*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
*** You have been warned, but your choice is respected.
***
@<:@0m

EOF
fi


Revision:	1.67
Committed:	Thu Oct 25 07:31:58 2018 UTC (5 years, 6 months ago) by root
Branch:	MAIN
Changes since 1.66:	+3 -3 lines
Log Message:	* empty log message *
#	Content
1	dnl Process this file with autoconf to produce a configure script.
2
3	AC_PREREQ(2.69)
4	AC_INIT(gvpe, 3.1)
5	AC_CONFIG_SRCDIR([src/gvpe.C])
6	AC_CANONICAL_TARGET
7	AM_INIT_AUTOMAKE
8	AC_CONFIG_HEADERS([config.h])
9	AM_MAINTAINER_MODE
10
11	AH_TOP([
12	#ifndef CONFIG_H__
13	#define CONFIG_H__
14
15	#ifdef __cplusplus
16	using namespace std;
17	#endif
18
19	])
20
21	AH_BOTTOM([
22	typedef unsigned char u8;
23	typedef signed char s8;
24
25	#if __CYGWIN__
26
27	typedef unsigned short u16;
28	typedef unsigned int u32;
29	typedef signed short s16;
30	typedef signed int s32;
31
32	#else
33	#include <inttypes.h>
34
35	/* old modula-2 habits */
36	typedef uint16_t u16;
37	typedef uint32_t u32;
38	typedef int16_t s16;
39	typedef int32_t s32;
40	#endif
41
42	#endif
43
44	#if HAVE_CLOCALE
45	# define CLOCALE <clocale>
46	#else
47	# define CLOCALE <locale.h>
48	#endif
49	])
50
51	AM_GNU_GETTEXT([external])
52	AM_GNU_GETTEXT_VERSION(0.11.5)
53
54	# Enable GNU extensions.
55	# Define this here, not in acconfig's @TOP@ section, since definitions
56	# in the latter don't make it into the configure-time tests.
57	AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extensions])
58
59	# do NOT define POSIX_SOURCE, sicne this clashes with many BSDs
60	dnl AC_DEFINE([_POSIX_SOURCE], 1, [Enable POSIX 1003.1 extensions])
61	dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions])
62
63	ALL_LINGUAS=""
64
65	dnl Checks for programs.
66	AC_PROG_CPP
67	AC_PROG_CXX
68	AC_PROG_GCC_TRADITIONAL
69	AC_PROG_AWK
70	AC_PROG_INSTALL
71	AC_PROG_LN_S
72	AC_PROG_MAKE_SET
73	AC_PROG_RANLIB
74
75	AC_ARG_ENABLE(iftype,
76	[AS_HELP_STRING(--enable-iftype=TYPE/SUBTYPE,
77	Use kernel/net device interface TYPE/SUBTYPE.
78	Working combinations are (see doc/gvpe.osdep.5.pod):
79	"native/linux"
80	"tincd/linux"
81	"tincd/netbsd"
82	"tincd/freebsd"
83	"tincd/openbsd"
84	"native/darwin"
85	"tincd/darwin"
86	"native/cygwin";
87	Untested combinations are:
88	"tincd/bsd"
89	"tincd/solaris"
90	"tincd/mingw"
91	"tincd/raw_socket"
92	"tincd/uml_socket";
93	Broken combinations are:
94	"tincd/cygwin";
95	The default is to autodetect.
96	)],
97	[
98	IFTYPE=`echo $enableval \| sed s%/.*%%`
99	IFSUBTYPE=`echo $enableval \| sed s%.*/%%`
100	]
101	)
102
103	dnl Check and set OS
104	AC_MSG_CHECKING(for kernel networking interface type)
105
106	if test "x$IFTYPE" = "x"; then
107	case $target_os in
108	linux)
109	IFTYPE=native
110	IFSUBTYPE=linux
111	AC_DEFINE(HAVE_LINUX, 1, [Linux])
112	;;
113	freebsd)
114	IFTYPE=tincd
115	IFSUBTYPE=freebsd
116	AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD])
117	;;
118	darwin)
119	IFTYPE=native
120	IFSUBTYPE=darwin
121	AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)])
122	;;
123	solaris)
124	IFTYPE=tincd
125	IFSUBTYPE=solaris
126	AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS])
127	;;
128	openbsd)
129	IFTYPE=tincd
130	IFSUBTYPE=openbsd
131	AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD])
132	;;
133	netbsd)
134	IFTYPE=tincd
135	IFSUBTYPE=netbsd
136	AC_DEFINE(HAVE_NETBSD, 1, [NetBSD])
137	;;
138	cygwin)
139	IFTYPE=native
140	IFSUBTYPE=cygwin
141	AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin])
142	;;
143	*)
144	AC_MSG_ERROR("Unknown operating system.")
145	;;
146	esac
147	fi
148	AC_MSG_RESULT($IFTYPE/$IFSUBTYPE)
149	AC_SUBST(IFTYPE,$IFTYPE)
150	AC_SUBST(IFSUBTYPE,$IFSUBTYPE)
151	AC_DEFINE_UNQUOTED(IFTYPE,"$IFTYPE",[kernel interface type])
152	AC_DEFINE_UNQUOTED(IFSUBTYPE,"$IFSUBTYPE",[kernel interface subtype])
153
154	AC_CACHE_SAVE
155
156	dnl Checks for libraries.
157
158	AC_LANG(C++)
159	AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale)
160
161	dnl Checks for header files.
162	AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \
163	sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \
164	sys/mman.h netinet/in.h])
165	AC_CHECK_HEADERS([arpa/inet.h net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h netinet/in_systm.h], [], [],
166	[
167	#include <sys/types.h>
168	#include <sys/socket.h>
169	#ifdef HAVE_NETINET_IN_H
170	# include <netinet/in.h>
171	#endif
172	#ifdef HAVE_ARPA_INET_H
173	# include <arpa/inet.h>
174	#endif
175	#ifdef HAVE_NETINET_IN_SYSTM_H
176	# include <netinet/in_systm.h>
177	#endif
178	])
179
180	dnl Checks for typedefs, structures, and compiler characteristics.
181	AC_C_CONST
182	AC_TYPE_PID_T
183	AC_TYPE_SIZE_T
184	AC_HEADER_TIME
185	AC_STRUCT_TM
186
187	AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
188	[
189	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
190	#include <sys/socket.h>]], [[socklen_t len = 42; return len;]])],[ac_cv_type_socklen_t=yes],[ac_cv_type_socklen_t=no])
191	])
192	if test $ac_cv_type_socklen_t = yes; then
193	AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available])
194	fi
195
196	AC_CACHE_CHECK([for struct addrinfo], ac_cv_struct_addrinfo,
197	[
198	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
199	#include <sys/socket.h>
200	#include <netdb.h>]], [[struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;]])],[ac_cv_struct_addrinfo=yes],[ac_cv_struct_addrinfo=no])
201	])
202	if test $ac_cv_struct_addrinfo = yes; then
203	AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
204	fi
205
206	dnl Checks for library functions.
207	AC_TYPE_SIGNAL
208
209	AC_LANG_PUSH(C)
210
211	AC_HEADER_STDC
212
213	dnl argl, could somebody catapult darwin into the 21st century???
214	AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)
215
216	AC_FUNC_ALLOCA
217
218	dnl Support for SunOS
219
220	AC_CHECK_FUNC(socket, [], [
221	AC_CHECK_LIB(socket, connect)
222	])
223	AC_CHECK_FUNC(gethostbyname, [], [
224	AC_CHECK_LIB(nsl, gethostbyname)
225	])
226
227	dnl libev support
228	m4_include([libev/libev.m4])
229
230	AC_LANG_POP
231
232	dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo])
233
234	AC_CACHE_SAVE
235
236	dnl These are defined in files in m4/
237	tinc_TUNTAP
238
239	PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
240
241	AC_ARG_ENABLE(threads,
242	[AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
243	[try_threads=$enableval],
244	[try_threads=yes]
245	)
246
247	if test "x$try_threads" = xyes; then
248	AC_CHECK_HEADER(pthread.h,[
249	LIBS="$LIBS -lpthread"
250	AC_COMPILE_IFELSE(
251	[AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
252	[AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
253	)
254	])
255	fi
256
257	AC_ARG_ENABLE(static-daemon,
258	[AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
259	[LDFLAGS_DAEMON=-static]
260	)
261	AC_SUBST(LDFLAGS_DAEMON)
262
263	dnl AC_ARG_ENABLE(rohc,
264	dnl [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)],
265	dnl [
266	dnl echo
267	dnl echo "**********************************************************************"
268	dnl echo "**********************************************************************"
269	dnl echo "** --enable-rohc is highly experimental, do not use **************"
270	dnl echo "**********************************************************************"
271	dnl echo "**********************************************************************"
272	dnl echo
273	dnl rohc=true
274	dnl AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support])
275	dnl ]
276	dnl )
277
278	AM_CONDITIONAL(ROHC, test x$rohc = xtrue)
279
280	dnl AC_ARG_ENABLE(bridging,
281	dnl [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)],
282	dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.])
283	dnl )
284
285	ICMP=1
286	AC_ARG_ENABLE(icmp,
287	[AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)],
288	if test "x$enableval" = xno; then
289	ICMP=0
290	fi
291	)
292	if test "x$ICMP" = x1; then
293	AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.])
294	fi
295
296	TCP=1
297	AC_ARG_ENABLE(tcp,
298	[AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)],
299	if test "x$enableval" = xno; then
300	TCP=0
301	fi
302	)
303	if test "x$TCP" = x1; then
304	AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.])
305	fi
306
307	HTTP=1
308	AC_ARG_ENABLE(http-proxy,
309	[AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)],
310	if test "x$enableval" = xno; then
311	HTTP=0
312	fi
313	)
314	if test "x$HTTP" = x1; then
315	AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.])
316	fi
317
318	AC_ARG_ENABLE(dns,
319	[AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)],
320	[
321	AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])])
322	AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])])
323
324	AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
325	]
326	)
327
328	RSA=3072
329	AC_ARG_ENABLE(rsa-length,
330	[AS_HELP_STRING(--enable-rsa-length=BITS,[
331	use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
332	RSA=$enableval
333	)
334	AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])
335
336	HMACSIZE=12
337	AC_ARG_ENABLE(hmac-length,
338	[AS_HELP_STRING(--enable-hmac-length=BYTES,[
339	use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
340	HMACSIZE=$enableval
341	)
342	AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
343
344	MTU=1500
345	AC_ARG_ENABLE(max-mtu,
346	[AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
347	MTU=$enableval
348	)
349	AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])
350
351	COMPRESS=1
352	AC_ARG_ENABLE(compression,
353	[AS_HELP_STRING(--disable-compression,Disable compression support.)],
354	if test "x$enableval" = xno; then
355	COMPRESS=0
356	fi
357	)
358	AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
359
360	CIPHER=aes_128_ctr
361	AC_ARG_ENABLE(cipher,
362	[AS_HELP_STRING(--enable-cipher=CIPHER,[
363	Select the symmetric cipher (default "aes-128").
364	Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
365	#if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
366	if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
367	if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
368	if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
369	#if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
370	#if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
371	)
372	AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
373
374	HMAC=sha1
375	AC_ARG_ENABLE(hmac-digest,
376	[AS_HELP_STRING(--enable-hmac-digest=HMAC,[
377	Select the HMAC digest algorithm to use (default "sha1"). Must be one of
378	"sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
379	if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
380	if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi
381	if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi
382	if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi
383	if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
384	)
385	AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])
386
387	AUTH=sha512
388	AC_ARG_ENABLE(auth-digest,
389	[AS_HELP_STRING(--enable-auth-digest=DIGEST,[
390	Select the hmac algorithm to use (default "sha512"). Must be one of
391	"sha512", "sha256", "whirlpool".])],
392	if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
393	if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi
394	if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi
395	)
396	AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])
397
398	if $CXX -v --help 2>&1 \| grep -q fno-rtti; then
399	CXXFLAGS="$CXXFLAGS -fno-rtti"
400	fi
401
402	#if $CXX -v --help 2>&1 \| grep -q fexceptions; then
403	# CXXFLAGS="$CXXFLAGS -fno-exceptions"
404	#fi
405
406	LIBS="$EXTRA_LIBS $LIBS"
407
408	dnl if $CXX -v --help 2>&1 \| grep -q ffunction-sections; then
409	dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
410	dnl fi
411	dnl
412	dnl if $LD -v --help 2>&1 \| grep -q gc-sections; then
413	dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
414	dnl fi
415
416	AC_SUBST(AM_CPPFLAGS)
417
418	AC_CONFIG_FILES([Makefile po/Makefile.in
419	src/Makefile
420	doc/Makefile
421	lib/Makefile
422	m4/Makefile
423	])
424	AC_OUTPUT
425
426	echo
427	echo "***"
428	echo "*** Configuration Summary"
429	echo "***"
430	echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
431	echo "*** RSA size: $RSA"
432	echo "*** Cipher used: $CIPHER"
433	echo "*** Digest used: $DIGEST"
434	echo "*** Authdigest: $AUTH"
435	echo "*** HMAC length: $HMAC"
436	echo "*** Max. MTU: $MTU"
437
438	echo "***"
439	echo "*** Enable options:"
440	grep ENABLE_ config.h \| sed -e 's/^/*** /'
441
442	if test "$HMACSIZE" -lt 12; then
443	echo "***"
444	echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
445	fi
446
447	echo "***"
448	echo
449
450	if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
451	cat <<EOF
452	@<:@33m
453	***
454	*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
455	***
456	*** You seem to configure gvpe with OpenSSL 1.1 or newer.
457	*** While this probably compiles, please note that this is not only
458	*** unsupported, but also discouraged.
459	***
460	*** It is recommended to use either OpenSSL 1.0, as long as that is still
461	*** supported, or LibreSSL (https://www.libressl.org/).
462	***
463	*** This is not a political issue - while porting GVPE to the newer
464	*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
465	*** not documented, were not caught while compiling but caused security
466	*** issues. When reported, the reaction of the OpenSSL developers was to
467	*** update the documentation.
468	***
469	*** As a result, I lost all confidence in the ability and desire of
470	*** OpenSSL developers to create a safe API, and would highly recommend
471	*** switching to LibreSSL which explicitly avoids such braking changes.
472	***
473	*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
474	***
475	*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
476	*** You have been warned, but your choice is respected.
477	***
478	@<:@0m
479
480	EOF
481	fi
482
483