gvpe/configure.ac

dnl Process this file with autoconf to produce a configure script.

AC_PREREQ([2.71])
AC_INIT([gvpe],[3.1])
AC_CONFIG_SRCDIR([src/gvpe.C])
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE
AC_CONFIG_HEADERS([config.h])
AM_MAINTAINER_MODE

AH_TOP([
#ifndef CONFIG_H__
#define CONFIG_H__

#ifdef __cplusplus
   using namespace std;
#endif

])

AH_BOTTOM([
typedef unsigned char u8;
typedef signed char s8;

#if __CYGWIN__

typedef unsigned short u16;
typedef unsigned int u32;
typedef signed short s16;
typedef signed int s32;

#else
#include <inttypes.h>

/* old modula-2 habits */
typedef uint16_t u16;
typedef uint32_t u32;
typedef int16_t s16;
typedef int32_t s32;
#endif

#endif

#if HAVE_CLOCALE
# define CLOCALE <clocale>
#else
# define CLOCALE <locale.h>
#endif
])

AM_GNU_GETTEXT([external])
AM_GNU_GETTEXT_VERSION(0.11.5)

# Enable GNU extensions.
# Define this here, not in acconfig's @TOP@ section, since definitions
# in the latter don't make it into the configure-time tests.
AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extensions])

# do NOT define POSIX_SOURCE, sicne this clashes with many BSDs
dnl AC_DEFINE([_POSIX_SOURCE], 1, [Enable POSIX 1003.1 extensions])
dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions])

ALL_LINGUAS=""

dnl Checks for programs.
AC_PROG_CPP
AC_PROG_CXX
AC_PROG_GCC_TRADITIONAL
AC_PROG_AWK
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PROG_RANLIB

AC_ARG_ENABLE(iftype,
  [AS_HELP_STRING(--enable-iftype=TYPE/SUBTYPE,
     Use kernel/net device interface TYPE/SUBTYPE.
     Working combinations are (see doc/gvpe.osdep.5.pod):
        "native/linux"
        "tincd/linux"
        "tincd/netbsd"
        "tincd/freebsd"
        "tincd/openbsd"
        "native/darwin"
        "tincd/darwin"
        "native/cygwin";
     Untested combinations are:
        "tincd/bsd"
        "tincd/solaris"
        "tincd/mingw"
        "tincd/raw_socket"
        "tincd/uml_socket";
     Broken combinations are:
        "tincd/cygwin";
     The default is to autodetect.
  )],
  [
    IFTYPE=`echo $enableval | sed s%/.*%%`
    IFSUBTYPE=`echo $enableval | sed s%.*/%%`
  ]
)

dnl Check and set OS
AC_MSG_CHECKING(for kernel networking interface type)

if test "x$IFTYPE" = "x"; then
   case $target_os in
     *linux*)
       IFTYPE=native
       IFSUBTYPE=linux
       AC_DEFINE(HAVE_LINUX, 1, [Linux])
     ;;
     *freebsd*)
       IFTYPE=tincd
       IFSUBTYPE=freebsd
       AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD])
     ;;
     *darwin*)
       IFTYPE=native
       IFSUBTYPE=darwin
       AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)])
     ;;
     *solaris*)
       IFTYPE=tincd
       IFSUBTYPE=solaris
       AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS])
     ;;
     *openbsd*)
       IFTYPE=tincd
       IFSUBTYPE=openbsd
       AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD])
     ;;
     *netbsd*)
       IFTYPE=tincd
       IFSUBTYPE=netbsd
       AC_DEFINE(HAVE_NETBSD, 1, [NetBSD])
     ;;
     *cygwin*)
       IFTYPE=native
       IFSUBTYPE=cygwin
       AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin])
     ;;
     *)
       AC_MSG_ERROR("Unknown operating system.")
     ;;
   esac
fi
AC_MSG_RESULT($IFTYPE/$IFSUBTYPE)
AC_SUBST(IFTYPE,$IFTYPE)
AC_SUBST(IFSUBTYPE,$IFSUBTYPE)
AC_DEFINE_UNQUOTED(IFTYPE,"$IFTYPE",[kernel interface type])
AC_DEFINE_UNQUOTED(IFSUBTYPE,"$IFSUBTYPE",[kernel interface subtype])

AC_CACHE_SAVE

dnl Checks for libraries.

AC_LANG(C++)
AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale)

dnl Checks for header files.
AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \
        sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \
        sys/mman.h netinet/in.h])
AC_CHECK_HEADERS([arpa/inet.h net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h netinet/in_systm.h], [], [],
[
#include <sys/types.h>
#include <sys/socket.h>
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#endif
#ifdef HAVE_NETINET_IN_SYSTM_H
# include <netinet/in_systm.h>
#endif
])

dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_CHECK_HEADERS_ONCE([sys/time.h])

AC_STRUCT_TM

AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
[
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
  #include <sys/socket.h>]], [[socklen_t len = 42; return len;]])],[ac_cv_type_socklen_t=yes],[ac_cv_type_socklen_t=no])
])
if test $ac_cv_type_socklen_t = yes; then
  AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available])
fi

AC_CACHE_CHECK([for struct addrinfo], ac_cv_struct_addrinfo,
[
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
  #include <sys/socket.h>
  #include <netdb.h>]], [[struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;]])],[ac_cv_struct_addrinfo=yes],[ac_cv_struct_addrinfo=no])
])
if test $ac_cv_struct_addrinfo = yes; then
  AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
fi

AC_LANG_PUSH(C)

dnl argl, could somebody catapult darwin into the 21st century???
AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)

AC_FUNC_ALLOCA

dnl Support for SunOS

AC_CHECK_FUNC(socket, [], [
  AC_CHECK_LIB(socket, connect)
])
AC_CHECK_FUNC(gethostbyname, [], [
  AC_CHECK_LIB(nsl, gethostbyname)
])

dnl libev support
m4_include([libev/libev.m4])

AC_LANG_POP

dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo])

AC_CACHE_SAVE

dnl These are defined in files in m4/
tinc_TUNTAP

PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])

AC_ARG_ENABLE(threads,
  [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
  [try_threads=$enableval],
  [try_threads=yes]
)

if test "x$try_threads" = xyes; then
   AC_CHECK_HEADER(pthread.h,[
      LIBS="$LIBS -lpthread"
      AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
         [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
      )
   ])
fi

AC_ARG_ENABLE(static-daemon,
  [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
  [LDFLAGS_DAEMON=-static]
)
AC_SUBST(LDFLAGS_DAEMON)

dnl AC_ARG_ENABLE(rohc,
dnl   [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)],
dnl   [
dnl   echo
dnl   echo "**********************************************************************"
dnl   echo "**********************************************************************"
dnl   echo "**** --enable-rohc is highly experimental, do not use ****************"
dnl   echo "**********************************************************************"
dnl   echo "**********************************************************************"
dnl   echo
dnl   rohc=true
dnl   AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support])
dnl   ]
dnl )

AM_CONDITIONAL(ROHC, test x$rohc = xtrue)

dnl AC_ARG_ENABLE(bridging,
dnl   [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)],
dnl   AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.])
dnl )

ICMP=1
AC_ARG_ENABLE(icmp,
  [AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)],
  if test "x$enableval" = xno; then
     ICMP=0
  fi
)
if test "x$ICMP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.])
fi

TCP=1
AC_ARG_ENABLE(tcp,
  [AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)],
  if test "x$enableval" = xno; then
     TCP=0
  fi
)
if test "x$TCP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.])
fi

HTTP=1
AC_ARG_ENABLE(http-proxy,
  [AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)],
  if test "x$enableval" = xno; then
     HTTP=0
  fi
)
if test "x$HTTP" = x1; then
  AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.])
fi

AC_ARG_ENABLE(dns,
  [AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)],
  [
    AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])])
    AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])])

    AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
  ]
)

RSA=3072
AC_ARG_ENABLE(rsa-length,
  [AS_HELP_STRING(--enable-rsa-length=BITS,[
      use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
  RSA=$enableval
)
AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])

HMACSIZE=12
AC_ARG_ENABLE(hmac-length,
  [AS_HELP_STRING(--enable-hmac-length=BYTES,[
      use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
  HMACSIZE=$enableval
)
AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])

MTU=1500
AC_ARG_ENABLE(max-mtu,
  [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
  MTU=$enableval
)
AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])

COMPRESS=1
AC_ARG_ENABLE(compression,
  [AS_HELP_STRING(--disable-compression,Disable compression support.)],
  if test "x$enableval" = xno; then
     COMPRESS=0
  fi
)
AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])

CIPHER=aes_128_ctr
AC_ARG_ENABLE(cipher,
  [AS_HELP_STRING(--enable-cipher=CIPHER,[
      Select the symmetric cipher (default "aes-128").
      Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
  #if test "x$enableval" = xbf          ; then CIPHER=bf_ctr          ; fi
  if test "x$enableval" = xaes-128     ; then CIPHER=aes_128_ctr     ; fi
  if test "x$enableval" = xaes-192     ; then CIPHER=aes_192_ctr     ; fi
  if test "x$enableval" = xaes-256     ; then CIPHER=aes_256_ctr     ; fi
  #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
  #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
)
AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])

HMAC=sha1
AC_ARG_ENABLE(hmac-digest,
  [AS_HELP_STRING(--enable-hmac-digest=HMAC,[
      Select the HMAC digest algorithm to use (default "sha1"). Must be one of
      "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
  if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
  if test "x$enableval" = xsha512   ; then HMAC=sha512   ; fi
  if test "x$enableval" = xsha256   ; then HMAC=sha256   ; fi
  if test "x$enableval" = xsha1     ; then HMAC=sha1     ; fi
  if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
)
AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])

AUTH=sha512
AC_ARG_ENABLE(auth-digest,
  [AS_HELP_STRING(--enable-auth-digest=DIGEST,[
      Select the hmac algorithm to use (default "sha512"). Must be one of
      "sha512", "sha256", "whirlpool".])],
  if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
  if test "x$enableval" = xsha512   ; then AUTH=sha512   ; fi
  if test "x$enableval" = xsha256   ; then AUTH=sha256   ; fi
)
AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])

if $CXX -v --help 2>&1 | grep -q fno-rtti; then
   CXXFLAGS="$CXXFLAGS -fno-rtti"
fi

#if $CXX -v --help 2>&1 | grep -q fexceptions; then
#   CXXFLAGS="$CXXFLAGS -fno-exceptions"
#fi

LIBS="$EXTRA_LIBS $LIBS"

dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
dnl    CXXFLAGS="$CXXFLAGS -ffunction-sections"
dnl fi
dnl
dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
dnl    LDFLAGS="$LDFLAGS -Wl,--gc-sections"
dnl fi

AC_SUBST(AM_CPPFLAGS)

AC_CONFIG_FILES([Makefile po/Makefile.in
src/Makefile
doc/Makefile
lib/Makefile
m4/Makefile
])
AC_OUTPUT

echo
echo "***"
echo "*** Configuration Summary"
echo "***"
echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
echo "*** RSA size:     $RSA"
echo "*** Cipher used:  $CIPHER"
echo "*** Digest used:  $DIGEST"
echo "*** Authdigest:   $AUTH"
echo "*** HMAC length:  $HMAC"
echo "*** Max. MTU:     $MTU"

echo "***"
echo "*** Enable options:"
grep ENABLE_ config.h | sed -e 's/^/*** /'

if test "$HMACSIZE" -lt 12; then
echo "***"
echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
fi

echo "***"
echo

if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
   cat <<EOF
@<:@33m
***
*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
***
*** You seem to configure gvpe with OpenSSL 1.1 or newer.
*** While this probably compiles, please note that this is not only
*** unsupported, but also discouraged.
***
*** It is recommended to use either OpenSSL 1.0, as long as that is still
*** supported, or LibreSSL (https://www.libressl.org/).
***
*** This is not a political issue - while porting GVPE to the newer
*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
*** not documented, were not caught while compiling but caused security
*** issues. When reported, the reaction of the OpenSSL developers was to
*** update the documentation.
***
*** As a result, I lost all confidence in the ability and desire of
*** OpenSSL developers to create a safe API, and would highly recommend
*** switching to LibreSSL which explicitly avoids such braking changes.
***
*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
***
*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
*** You have been warned, but your choice is respected.
***
@<:@0m

EOF
fi


Revision:	1.68
Committed:	Thu Oct 6 03:25:53 2022 UTC (18 months, 3 weeks ago) by root
Branch:	MAIN
CVS Tags:	HEAD
Changes since 1.67:	+4 -8 lines
Log Message:	* empty log message *
#	Content
1	dnl Process this file with autoconf to produce a configure script.
2
3	AC_PREREQ([2.71])
4	AC_INIT([gvpe],[3.1])
5	AC_CONFIG_SRCDIR([src/gvpe.C])
6	AC_CANONICAL_TARGET
7	AM_INIT_AUTOMAKE
8	AC_CONFIG_HEADERS([config.h])
9	AM_MAINTAINER_MODE
10
11	AH_TOP([
12	#ifndef CONFIG_H__
13	#define CONFIG_H__
14
15	#ifdef __cplusplus
16	using namespace std;
17	#endif
18
19	])
20
21	AH_BOTTOM([
22	typedef unsigned char u8;
23	typedef signed char s8;
24
25	#if __CYGWIN__
26
27	typedef unsigned short u16;
28	typedef unsigned int u32;
29	typedef signed short s16;
30	typedef signed int s32;
31
32	#else
33	#include <inttypes.h>
34
35	/* old modula-2 habits */
36	typedef uint16_t u16;
37	typedef uint32_t u32;
38	typedef int16_t s16;
39	typedef int32_t s32;
40	#endif
41
42	#endif
43
44	#if HAVE_CLOCALE
45	# define CLOCALE <clocale>
46	#else
47	# define CLOCALE <locale.h>
48	#endif
49	])
50
51	AM_GNU_GETTEXT([external])
52	AM_GNU_GETTEXT_VERSION(0.11.5)
53
54	# Enable GNU extensions.
55	# Define this here, not in acconfig's @TOP@ section, since definitions
56	# in the latter don't make it into the configure-time tests.
57	AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extensions])
58
59	# do NOT define POSIX_SOURCE, sicne this clashes with many BSDs
60	dnl AC_DEFINE([_POSIX_SOURCE], 1, [Enable POSIX 1003.1 extensions])
61	dnl AC_DEFINE([_XOPEN_SOURCE], 500, [Enable XOPEN extensions])
62
63	ALL_LINGUAS=""
64
65	dnl Checks for programs.
66	AC_PROG_CPP
67	AC_PROG_CXX
68	AC_PROG_GCC_TRADITIONAL
69	AC_PROG_AWK
70	AC_PROG_INSTALL
71	AC_PROG_LN_S
72	AC_PROG_MAKE_SET
73	AC_PROG_RANLIB
74
75	AC_ARG_ENABLE(iftype,
76	[AS_HELP_STRING(--enable-iftype=TYPE/SUBTYPE,
77	Use kernel/net device interface TYPE/SUBTYPE.
78	Working combinations are (see doc/gvpe.osdep.5.pod):
79	"native/linux"
80	"tincd/linux"
81	"tincd/netbsd"
82	"tincd/freebsd"
83	"tincd/openbsd"
84	"native/darwin"
85	"tincd/darwin"
86	"native/cygwin";
87	Untested combinations are:
88	"tincd/bsd"
89	"tincd/solaris"
90	"tincd/mingw"
91	"tincd/raw_socket"
92	"tincd/uml_socket";
93	Broken combinations are:
94	"tincd/cygwin";
95	The default is to autodetect.
96	)],
97	[
98	IFTYPE=`echo $enableval \| sed s%/.*%%`
99	IFSUBTYPE=`echo $enableval \| sed s%.*/%%`
100	]
101	)
102
103	dnl Check and set OS
104	AC_MSG_CHECKING(for kernel networking interface type)
105
106	if test "x$IFTYPE" = "x"; then
107	case $target_os in
108	linux)
109	IFTYPE=native
110	IFSUBTYPE=linux
111	AC_DEFINE(HAVE_LINUX, 1, [Linux])
112	;;
113	freebsd)
114	IFTYPE=tincd
115	IFSUBTYPE=freebsd
116	AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD])
117	;;
118	darwin)
119	IFTYPE=native
120	IFSUBTYPE=darwin
121	AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)])
122	;;
123	solaris)
124	IFTYPE=tincd
125	IFSUBTYPE=solaris
126	AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS])
127	;;
128	openbsd)
129	IFTYPE=tincd
130	IFSUBTYPE=openbsd
131	AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD])
132	;;
133	netbsd)
134	IFTYPE=tincd
135	IFSUBTYPE=netbsd
136	AC_DEFINE(HAVE_NETBSD, 1, [NetBSD])
137	;;
138	cygwin)
139	IFTYPE=native
140	IFSUBTYPE=cygwin
141	AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin])
142	;;
143	*)
144	AC_MSG_ERROR("Unknown operating system.")
145	;;
146	esac
147	fi
148	AC_MSG_RESULT($IFTYPE/$IFSUBTYPE)
149	AC_SUBST(IFTYPE,$IFTYPE)
150	AC_SUBST(IFSUBTYPE,$IFSUBTYPE)
151	AC_DEFINE_UNQUOTED(IFTYPE,"$IFTYPE",[kernel interface type])
152	AC_DEFINE_UNQUOTED(IFSUBTYPE,"$IFSUBTYPE",[kernel interface subtype])
153
154	AC_CACHE_SAVE
155
156	dnl Checks for libraries.
157
158	AC_LANG(C++)
159	AC_CHECK_HEADERS(tr1/unordered_map ext/hash_map clocale)
160
161	dnl Checks for header files.
162	AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \
163	sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h sys/cygwin.h \
164	sys/mman.h netinet/in.h])
165	AC_CHECK_HEADERS([arpa/inet.h net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h netinet/in_systm.h], [], [],
166	[
167	#include <sys/types.h>
168	#include <sys/socket.h>
169	#ifdef HAVE_NETINET_IN_H
170	# include <netinet/in.h>
171	#endif
172	#ifdef HAVE_ARPA_INET_H
173	# include <arpa/inet.h>
174	#endif
175	#ifdef HAVE_NETINET_IN_SYSTM_H
176	# include <netinet/in_systm.h>
177	#endif
178	])
179
180	dnl Checks for typedefs, structures, and compiler characteristics.
181	AC_C_CONST
182	AC_TYPE_PID_T
183	AC_TYPE_SIZE_T
184	AC_CHECK_HEADERS_ONCE([sys/time.h])
185
186	AC_STRUCT_TM
187
188	AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t,
189	[
190	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
191	#include <sys/socket.h>]], [[socklen_t len = 42; return len;]])],[ac_cv_type_socklen_t=yes],[ac_cv_type_socklen_t=no])
192	])
193	if test $ac_cv_type_socklen_t = yes; then
194	AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available])
195	fi
196
197	AC_CACHE_CHECK([for struct addrinfo], ac_cv_struct_addrinfo,
198	[
199	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
200	#include <sys/socket.h>
201	#include <netdb.h>]], [[struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;]])],[ac_cv_struct_addrinfo=yes],[ac_cv_struct_addrinfo=no])
202	])
203	if test $ac_cv_struct_addrinfo = yes; then
204	AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available])
205	fi
206
207	AC_LANG_PUSH(C)
208
209	dnl argl, could somebody catapult darwin into the 21st century???
210	AC_CHECK_FUNCS(asprintf daemon get_current_dir_name putenv select strerror strsignal strtol unsetenv mlockall)
211
212	AC_FUNC_ALLOCA
213
214	dnl Support for SunOS
215
216	AC_CHECK_FUNC(socket, [], [
217	AC_CHECK_LIB(socket, connect)
218	])
219	AC_CHECK_FUNC(gethostbyname, [], [
220	AC_CHECK_LIB(nsl, gethostbyname)
221	])
222
223	dnl libev support
224	m4_include([libev/libev.m4])
225
226	AC_LANG_POP
227
228	dnl AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo])
229
230	AC_CACHE_SAVE
231
232	dnl These are defined in files in m4/
233	tinc_TUNTAP
234
235	PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
236
237	AC_ARG_ENABLE(threads,
238	[AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
239	[try_threads=$enableval],
240	[try_threads=yes]
241	)
242
243	if test "x$try_threads" = xyes; then
244	AC_CHECK_HEADER(pthread.h,[
245	LIBS="$LIBS -lpthread"
246	AC_COMPILE_IFELSE(
247	[AC_LANG_PROGRAM([#include <pthread.h>], [pthread_t id; pthread_create (&id, 0, 0, 0);])],
248	[AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])]
249	)
250	])
251	fi
252
253	AC_ARG_ENABLE(static-daemon,
254	[AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)],
255	[LDFLAGS_DAEMON=-static]
256	)
257	AC_SUBST(LDFLAGS_DAEMON)
258
259	dnl AC_ARG_ENABLE(rohc,
260	dnl [AS_HELP_STRING(--enable-rohc,enable robust header compression (rfc3095).)],
261	dnl [
262	dnl echo
263	dnl echo "**********************************************************************"
264	dnl echo "**********************************************************************"
265	dnl echo "** --enable-rohc is highly experimental, do not use **************"
266	dnl echo "**********************************************************************"
267	dnl echo "**********************************************************************"
268	dnl echo
269	dnl rohc=true
270	dnl AC_DEFINE_UNQUOTED(ENABLE_ROHC, 1, [ROHC support])
271	dnl ]
272	dnl )
273
274	AM_CONDITIONAL(ROHC, test x$rohc = xtrue)
275
276	dnl AC_ARG_ENABLE(bridging,
277	dnl [AS_HELP_STRING(--enable-bridging,enable bridging support (default disabled).)],
278	dnl AC_DEFINE_UNQUOTED(ENABLE_BRIDGING, 1, [bridging support.])
279	dnl )
280
281	ICMP=1
282	AC_ARG_ENABLE(icmp,
283	[AS_HELP_STRING(--disable-icmp,enable icmp protocol support (default enabled).)],
284	if test "x$enableval" = xno; then
285	ICMP=0
286	fi
287	)
288	if test "x$ICMP" = x1; then
289	AC_DEFINE_UNQUOTED(ENABLE_ICMP, 1, [ICMP protocol support.])
290	fi
291
292	TCP=1
293	AC_ARG_ENABLE(tcp,
294	[AS_HELP_STRING(--disable-tcp,enable tcp protocol support (default enabled).)],
295	if test "x$enableval" = xno; then
296	TCP=0
297	fi
298	)
299	if test "x$TCP" = x1; then
300	AC_DEFINE_UNQUOTED(ENABLE_TCP, 1, [TCP protocol support.])
301	fi
302
303	HTTP=1
304	AC_ARG_ENABLE(http-proxy,
305	[AS_HELP_STRING(--disable-http-proxy,enable http proxy connect support (default enabled).)],
306	if test "x$enableval" = xno; then
307	HTTP=0
308	fi
309	)
310	if test "x$HTTP" = x1; then
311	AC_DEFINE_UNQUOTED(ENABLE_HTTP_PROXY, 1, [http proxy connect support.])
312	fi
313
314	AC_ARG_ENABLE(dns,
315	[AS_HELP_STRING(--enable-dns,enable dns tunnel protocol support (default disabled).)],
316	[
317	AC_CHECK_HEADER(gmp.h,,[AC_MSG_ERROR([gmp.h not found, required for --enable-dns])])
318	AC_CHECK_LIB(gmp,main,,[AC_MSG_ERROR([libgmp not found, required for --enable-dns])])
319
320	AC_DEFINE_UNQUOTED(ENABLE_DNS, 1, [DNS tunnel protocol support.])
321	]
322	)
323
324	RSA=3072
325	AC_ARG_ENABLE(rsa-length,
326	[AS_HELP_STRING(--enable-rsa-length=BITS,[
327	use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
328	RSA=$enableval
329	)
330	AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])
331
332	HMACSIZE=12
333	AC_ARG_ENABLE(hmac-length,
334	[AS_HELP_STRING(--enable-hmac-length=BYTES,[
335	use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
336	HMACSIZE=$enableval
337	)
338	AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
339
340	MTU=1500
341	AC_ARG_ENABLE(max-mtu,
342	[AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
343	MTU=$enableval
344	)
345	AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.])
346
347	COMPRESS=1
348	AC_ARG_ENABLE(compression,
349	[AS_HELP_STRING(--disable-compression,Disable compression support.)],
350	if test "x$enableval" = xno; then
351	COMPRESS=0
352	fi
353	)
354	AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
355
356	CIPHER=aes_128_ctr
357	AC_ARG_ENABLE(cipher,
358	[AS_HELP_STRING(--enable-cipher=CIPHER,[
359	Select the symmetric cipher (default "aes-128").
360	Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
361	#if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
362	if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
363	if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
364	if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
365	#if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
366	#if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
367	)
368	AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
369
370	HMAC=sha1
371	AC_ARG_ENABLE(hmac-digest,
372	[AS_HELP_STRING(--enable-hmac-digest=HMAC,[
373	Select the HMAC digest algorithm to use (default "sha1"). Must be one of
374	"sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
375	if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
376	if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi
377	if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi
378	if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi
379	if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
380	)
381	AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])
382
383	AUTH=sha512
384	AC_ARG_ENABLE(auth-digest,
385	[AS_HELP_STRING(--enable-auth-digest=DIGEST,[
386	Select the hmac algorithm to use (default "sha512"). Must be one of
387	"sha512", "sha256", "whirlpool".])],
388	if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
389	if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi
390	if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi
391	)
392	AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.])
393
394	if $CXX -v --help 2>&1 \| grep -q fno-rtti; then
395	CXXFLAGS="$CXXFLAGS -fno-rtti"
396	fi
397
398	#if $CXX -v --help 2>&1 \| grep -q fexceptions; then
399	# CXXFLAGS="$CXXFLAGS -fno-exceptions"
400	#fi
401
402	LIBS="$EXTRA_LIBS $LIBS"
403
404	dnl if $CXX -v --help 2>&1 \| grep -q ffunction-sections; then
405	dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
406	dnl fi
407	dnl
408	dnl if $LD -v --help 2>&1 \| grep -q gc-sections; then
409	dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
410	dnl fi
411
412	AC_SUBST(AM_CPPFLAGS)
413
414	AC_CONFIG_FILES([Makefile po/Makefile.in
415	src/Makefile
416	doc/Makefile
417	lib/Makefile
418	m4/Makefile
419	])
420	AC_OUTPUT
421
422	echo
423	echo "***"
424	echo "*** Configuration Summary"
425	echo "***"
426	echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
427	echo "*** RSA size: $RSA"
428	echo "*** Cipher used: $CIPHER"
429	echo "*** Digest used: $DIGEST"
430	echo "*** Authdigest: $AUTH"
431	echo "*** HMAC length: $HMAC"
432	echo "*** Max. MTU: $MTU"
433
434	echo "***"
435	echo "*** Enable options:"
436	grep ENABLE_ config.h \| sed -e 's/^/*** /'
437
438	if test "$HMACSIZE" -lt 12; then
439	echo "***"
440	echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
441	fi
442
443	echo "***"
444	echo
445
446	if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
447	cat <<EOF
448	@<:@33m
449	***
450	*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
451	***
452	*** You seem to configure gvpe with OpenSSL 1.1 or newer.
453	*** While this probably compiles, please note that this is not only
454	*** unsupported, but also discouraged.
455	***
456	*** It is recommended to use either OpenSSL 1.0, as long as that is still
457	*** supported, or LibreSSL (https://www.libressl.org/).
458	***
459	*** This is not a political issue - while porting GVPE to the newer
460	*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
461	*** not documented, were not caught while compiling but caused security
462	*** issues. When reported, the reaction of the OpenSSL developers was to
463	*** update the documentation.
464	***
465	*** As a result, I lost all confidence in the ability and desire of
466	*** OpenSSL developers to create a safe API, and would highly recommend
467	*** switching to LibreSSL which explicitly avoids such braking changes.
468	***
469	*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
470	***
471	*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
472	*** You have been warned, but your choice is respected.
473	***
474	@<:@0m
475
476	EOF
477	fi
478
479