configure.ac 52.7 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
dnl Copyright (c) 2001-2004, Roger Dingledine
2
dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
3
dnl Copyright (c) 2007-2015, The Tor Project, Inc.
Nick Mathewson's avatar
Nick Mathewson committed
4
dnl See LICENSE for licensing information
5

6
AC_PREREQ([2.63])
Nick Mathewson's avatar
Nick Mathewson committed
7
AC_INIT([tor],[0.2.8.9-dev])
Stewart Smith's avatar
Stewart Smith committed
8
AC_CONFIG_SRCDIR([src/or/main.c])
9
AC_CONFIG_MACRO_DIR([m4])
10
11
12
13
14
15

# "foreign" means we don't follow GNU package layout standards
# "1.11" means we require automake version 1.11 or newer
# "subdir-objects" means put .o files in the same directory as the .c files
AM_INIT_AUTOMAKE([foreign 1.11 subdir-objects])

16
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
17
AC_CONFIG_HEADERS([orconfig.h])
18

19
20
AC_CANONICAL_HOST

21
22
PKG_PROG_PKG_CONFIG

23
24
if test -f "/etc/redhat-release"; then
  if test -f "/usr/kerberos/include"; then
25
    CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
26
  fi
27
fi
28

29
30
# Not a no-op; we want to make sure that CPPFLAGS is set before we use
# the += operator on it in src/or/Makefile.am
31
CPPFLAGS="$CPPFLAGS -I\${top_srcdir}/src/common"
32

33
#XXXX020 We should make these enabled or not, before 0.2.0.x-final
34
AC_ARG_ENABLE(openbsd-malloc,
35
   AS_HELP_STRING(--enable-openbsd-malloc, [use malloc code from OpenBSD.  Linux only]))
36
AC_ARG_ENABLE(instrument-downloads,
37
   AS_HELP_STRING(--enable-instrument-downloads, [instrument downloads of directory resources etc.]))
38
AC_ARG_ENABLE(static-openssl,
39
   AS_HELP_STRING(--enable-static-openssl, [link against a static openssl library. Requires --with-openssl-dir]))
40
AC_ARG_ENABLE(static-libevent,
41
   AS_HELP_STRING(--enable-static-libevent, [link against a static libevent library. Requires --with-libevent-dir]))
42
AC_ARG_ENABLE(static-zlib,
43
   AS_HELP_STRING(--enable-static-zlib, [link against a static zlib library. Requires --with-zlib-dir]))
44
AC_ARG_ENABLE(static-tor,
45
   AS_HELP_STRING(--enable-static-tor, [create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir]))
46
AC_ARG_ENABLE(unittests,
47
   AS_HELP_STRING(--disable-unittests, [don't build unit tests for Tor. Risky!]))
48
AC_ARG_ENABLE(coverage,
49
   AS_HELP_STRING(--enable-coverage, [enable coverage support in the unit-test build]))
50
51
AC_ARG_ENABLE(asserts-in-tests,
   AS_HELP_STRING(--disable-asserts-in-tests, [disable tor_assert() calls in the unit tests, for branch coverage]))
52
AC_ARG_ENABLE(system-torrc,
53
   AS_HELP_STRING(--disable-system-torrc, [don't look for a system-wide torrc file]))
54

55
if test "x$enable_coverage" != "xyes" -a "x$enable_asserts_in_tests" = "xno" ; then
56
57
58
    AC_MSG_ERROR([Can't disable assertions outside of coverage build])
fi

59
60
61
AM_CONDITIONAL(UNITTESTS_ENABLED, test "x$enable_unittests" != "xno")
AM_CONDITIONAL(COVERAGE_ENABLED, test "x$enable_coverage" = "xyes")
AM_CONDITIONAL(DISABLE_ASSERTS_IN_UNIT_TESTS, test "x$enable_asserts_in_tests" = "xno")
62

63
64
65
66
67
68
if test "$enable_static_tor" = "yes"; then
  enable_static_libevent="yes";
  enable_static_openssl="yes";
  enable_static_zlib="yes";
  CFLAGS="$CFLAGS -static"
fi
69

70
71
72
73
74
if test "$enable_system_torrc" = "no"; then
  AC_DEFINE(DISABLE_SYSTEM_TORRC, 1,
            [Defined if we're not going to look for a torrc in SYSCONF])
fi

75
76
AM_CONDITIONAL(USE_OPENBSD_MALLOC, test "x$enable_openbsd_malloc" = "xyes")
if test "x$enable_instrument_downloads" = "xyes"; then
77
78
79
  AC_DEFINE(INSTRUMENT_DOWNLOADS, 1,
            [Defined if we want to keep track of how much of each kind of resource we download.])
fi
80

81
AC_ARG_ENABLE(transparent,
82
     AS_HELP_STRING(--disable-transparent, [disable transparent proxy support]),
83
     [case "${enableval}" in
84
85
        "yes") transparent=true ;;
        "no")  transparent=false ;;
86
87
88
        *) AC_MSG_ERROR(bad value for --enable-transparent) ;;
      esac], [transparent=true])

89
AC_ARG_ENABLE(asciidoc,
90
     AS_HELP_STRING(--disable-asciidoc, [don't use asciidoc (disables building of manpages)]),
91
     [case "${enableval}" in
92
93
        "yes") asciidoc=true ;;
        "no")  asciidoc=false ;;
94
95
96
        *) AC_MSG_ERROR(bad value for --disable-asciidoc) ;;
      esac], [asciidoc=true])

97
98
# systemd notify support
AC_ARG_ENABLE(systemd,
99
      AS_HELP_STRING(--enable-systemd, [enable systemd notification support]),
100
      [case "${enableval}" in
101
102
        "yes") systemd=true ;;
        "no")  systemd=false ;;
103
104
105
106
107
108
        * ) AC_MSG_ERROR(bad value for --enable-systemd) ;;
      esac], [systemd=auto])



# systemd support
109
if test "x$enable_systemd" = "xno"; then
110
111
112
113
114
115
    have_systemd=no;
else
    PKG_CHECK_MODULES(SYSTEMD,
        [libsystemd-daemon],
        have_systemd=yes,
        have_systemd=no)
116
    if test "x$have_systemd" = "xno"; then
117
118
119
120
121
122
        AC_MSG_NOTICE([Okay, checking for systemd a different way...])
        PKG_CHECK_MODULES(SYSTEMD,
            [libsystemd],
            have_systemd=yes,
            have_systemd=no)
    fi
123
124
fi

125
if test "x$have_systemd" = "xyes"; then
126
    AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
127
    TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}"
128
    TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
129
    PKG_CHECK_MODULES(LIBSYSTEMD209, [libsystemd >= 209],
130
         [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], [])
131
fi
132
AC_SUBST(TOR_SYSTEMD_CFLAGS)
133
134
AC_SUBST(TOR_SYSTEMD_LIBS)

135
if test "x$enable_systemd" = "xyes" -a "x$have_systemd" != "xyes" ; then
136
137
138
    AC_MSG_ERROR([Explicitly requested systemd support, but systemd not found])
fi

139
case "$host" in
140
141
142
143
144
   *-*-solaris* )
     AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h])
     ;;
esac

145
AC_ARG_ENABLE(gcc-warnings,
146
     AS_HELP_STRING(--enable-gcc-warnings, [enable verbose warnings]))
147
148
AC_ARG_ENABLE(gcc-warnings-advisory,
     AS_HELP_STRING(--enable-gcc-warnings-advisory, [enable verbose warnings, excluding -Werror]))
149

150
151
dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
AC_ARG_ENABLE(gcc-hardening,
152
    AS_HELP_STRING(--disable-gcc-hardening, [disable compiler security checks]))
153

154
AC_ARG_ENABLE(expensive-hardening,
155
    AS_HELP_STRING(--enable-expensive-hardening, [enable more expensive compiler hardening; makes Tor slower]))
156

157
158
159
dnl Linker hardening options
dnl Currently these options are ELF specific - you can't use this with MacOSX
AC_ARG_ENABLE(linker-hardening,
160
    AS_HELP_STRING(--disable-linker-hardening, [disable linker security fixups]))
161

162
AC_ARG_ENABLE(local-appdata,
163
   AS_HELP_STRING(--enable-local-appdata, [default to host local application data paths on Windows]))
164
165
166
167
168
if test "$enable_local_appdata" = "yes"; then
  AC_DEFINE(ENABLE_LOCAL_APPDATA, 1,
            [Defined if we default to host local appdata paths on Windows])
fi

169
170
# Tor2web mode flag
AC_ARG_ENABLE(tor2web-mode,
171
     AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]),
172
[if test "x$enableval" = "xyes"; then
173
174
175
    CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1"
fi])

176
AC_ARG_ENABLE(bufferevents,
177
     AS_HELP_STRING(--enable-bufferevents, [use Libevent's buffered IO]))
178

179
AC_ARG_ENABLE(tool-name-check,
180
     AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling]))
181

182
AC_ARG_ENABLE(seccomp,
183
     AS_HELP_STRING(--disable-seccomp, [do not attempt to use libseccomp]))
184

185
AC_ARG_ENABLE(libscrypt,
186
     AS_HELP_STRING(--disable-libscrypt, [do not attempt to use libscrypt]))
187

188
189
190
191
192
193
dnl check for the correct "ar" when cross-compiling
AN_MAKEVAR([AR], [AC_PROG_AR])
AN_PROGRAM([ar], [AC_PROG_AR])
AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL([AR], [ar], [ar])])
AC_PROG_AR

194
195
196
197
198
199
dnl Check whether the above macro has settled for a simply named tool even
dnl though we're cross compiling. We must do this before running AC_PROG_CC,
dnl because that will find any cc on the system, not only the cross-compiler,
dnl and then verify that a binary built with this compiler runs on the
dnl build system. It will then come to the false conclusion that we're not
dnl cross-compiling.
200
201
if test "x$enable_tool_name_check" != "xno"; then
    if test "x$ac_tool_warned" = "xyes"; then
202
        AC_MSG_ERROR([We are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
203
	elif test "x$ac_ct_AR" != "x" -a "x$cross_compiling" = "xmaybe"; then
204
205
206
207
		AC_MSG_ERROR([We think we are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
	fi
fi

208
AC_PROG_CC
209
AC_PROG_CPP
210
211
AC_PROG_MAKE_SET
AC_PROG_RANLIB
212

213
214
AC_PATH_PROG([PERL], [perl])

215
216
dnl autoconf 2.59 appears not to support AC_PROG_SED
AC_CHECK_PROG([SED],[sed],[sed],[/bin/false])
217

218
219
dnl check for asciidoc and a2x
AC_PATH_PROG([ASCIIDOC], [asciidoc], none)
220
AC_PATH_PROGS([A2X], [a2x a2x.py], none)
221

222
AM_CONDITIONAL(USE_ASCIIDOC, test "x$asciidoc" = "xtrue")
223

224
225
226
AM_CONDITIONAL(USE_FW_HELPER, test "x$natpmp" = "xtrue" || test "x$upnp" = "xtrue")
AM_CONDITIONAL(NAT_PMP, test "x$natpmp" = "xtrue")
AM_CONDITIONAL(MINIUPNPC, test "x$upnp" = "xtrue")
227
AM_PROG_CC_C_O
228
AC_PROG_CC_C99
229

230
AC_ARG_VAR([PYTHON], [path to Python binary])
231
AC_CHECK_PROGS(PYTHON, [python python2 python2.7 python3 python3.3])
232
233
234
235
236
if test "x$PYTHON" = "x"; then
  AC_MSG_WARN([Python unavailable; some tests will not be run.])
fi
AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"])

237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
AC_C_FLEXIBLE_ARRAY_MEMBER
], [
 dnl Maybe we've got an old autoconf...
 AC_CACHE_CHECK([for flexible array members],
     tor_cv_c_flexarray,
     [AC_COMPILE_IFELSE(
       AC_LANG_PROGRAM([
 struct abc { int a; char b[]; };
], [
 struct abc *def = malloc(sizeof(struct abc)+sizeof(char));
 def->b[0] = 33;
]),
  [tor_cv_c_flexarray=yes],
  [tor_cv_c_flexarray=no])])
252
 if test "$tor_cv_flexarray" = "yes"; then
253
   AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
254
 else
255
   AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [1], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
256
257
258
 fi
])

259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
AC_CACHE_CHECK([for working C99 mid-block declaration syntax],
      tor_cv_c_c99_decl,
      [AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([], [int x; x = 3; int y; y = 4 + x;])],
	 [tor_cv_c_c99_decl=yes],
	 [tor_cv_c_c99_decl=no] )])
if test "$tor_cv_c_c99_decl" != "yes"; then
  AC_MSG_ERROR([Your compiler doesn't support c99 mid-block declarations. This is required as of Tor 0.2.6.x])
fi

AC_CACHE_CHECK([for working C99 designated initializers],
      tor_cv_c_c99_designated_init,
      [AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([struct s { int a; int b; };],
  	       [[ struct s ss = { .b = 5, .a = 6 }; ]])],
	 [tor_cv_c_c99_designated_init=yes],
	 [tor_cv_c_c99_designated_init=no] )])

if test "$tor_cv_c_c99_designated_init" != "yes"; then
  AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x])
fi

281
282
TORUSER=_tor
AC_ARG_WITH(tor-user,
283
        AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]),
284
285
286
287
288
289
290
291
        [
           TORUSER=$withval
        ]
)
AC_SUBST(TORUSER)

TORGROUP=_tor
AC_ARG_WITH(tor-group,
292
        AS_HELP_STRING(--with-tor-group=NAME, [specify group name for tor daemon]),
293
294
295
296
297
298
        [
           TORGROUP=$withval
        ]
)
AC_SUBST(TORGROUP)

299

300
dnl If _WIN32 is defined and non-zero, we are building for win32
301
AC_MSG_CHECKING([for win32])
302
AC_RUN_IFELSE([AC_LANG_SOURCE([
303
int main(int c, char **v) {
304
305
#ifdef _WIN32
#if _WIN32
306
307
308
309
310
311
312
  return 0;
#else
  return 1;
#endif
#else
  return 2;
#endif
313
}])],
314
bwin32=true; AC_MSG_RESULT([yes]),
315
316
bwin32=false; AC_MSG_RESULT([no]),
bwin32=cross; AC_MSG_RESULT([cross])
317
318
)

319
if test "$bwin32" = "cross"; then
320
AC_MSG_CHECKING([for win32 (cross)])
321
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
322
#ifdef _WIN32
323
324
325
326
327
int main(int c, char **v) {return 0;}
#else
#error
int main(int c, char **v) {return x(y);}
#endif
328
])],
329
330
331
332
bwin32=true; AC_MSG_RESULT([yes]),
bwin32=false; AC_MSG_RESULT([no]))
fi

333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
AH_BOTTOM([
#ifdef _WIN32
/* Defined to access windows functions and definitions for >=WinXP */
# ifndef WINVER
#  define WINVER 0x0501
# endif

/* Defined to access _other_ windows functions and definitions for >=WinXP */
# ifndef _WIN32_WINNT
#  define _WIN32_WINNT 0x0501
# endif

/* Defined to avoid including some windows headers as part of Windows.h */
# ifndef WIN32_LEAN_AND_MEAN
#  define WIN32_LEAN_AND_MEAN 1
# endif
#endif
])

Nick Mathewson's avatar
Nick Mathewson committed
352

353
AM_CONDITIONAL(BUILD_NT_SERVICES, test "x$bwin32" = "xtrue")
354

355
356
dnl Enable C99 when compiling with MIPSpro
AC_MSG_CHECKING([for MIPSpro compiler])
357
AC_COMPILE_IFELSE([AC_LANG_PROGRAM(, [
358
359
360
361
#if (defined(__sgi) && defined(_COMPILER_VERSION))
#error
  return x(y);
#endif
362
])],
363
bmipspro=false; AC_MSG_RESULT(no),
364
bmipspro=true; AC_MSG_RESULT(yes))
365

366
if test "$bmipspro" = "true"; then
367
368
369
  CFLAGS="$CFLAGS -c99"
fi

370
371
AC_C_BIGENDIAN

372
AC_SEARCH_LIBS(socket, [socket network])
373
AC_SEARCH_LIBS(gethostbyname, [nsl])
374
AC_SEARCH_LIBS(dlopen, [dl])
375
AC_SEARCH_LIBS(inet_aton, [resolv])
376
AC_SEARCH_LIBS(backtrace, [execinfo])
377
378
379
380
381
382
saved_LIBS="$LIBS"
AC_SEARCH_LIBS([clock_gettime], [rt])
if test "$LIBS" != "$saved_LIBS"; then
   # Looks like we need -lrt for clock_gettime().
   have_rt=yes
fi
383

384
385
AC_SEARCH_LIBS(pthread_create, [pthread])
AC_SEARCH_LIBS(pthread_detach, [pthread])
386

387
388
AM_CONDITIONAL(THREADS_WIN32, test "$bwin32" = "true")
AM_CONDITIONAL(THREADS_PTHREADS, test "$bwin32" = "false")
389

390
AC_CHECK_FUNCS(
391
        _NSGetEnviron \
392
393
	RtlSecureZeroMemory \
	SecureZeroMemory \
Sebastian Hahn's avatar
Sebastian Hahn committed
394
        accept4 \
Nick Mathewson's avatar
Nick Mathewson committed
395
396
        backtrace \
        backtrace_symbols_fd \
Sebastian Hahn's avatar
Sebastian Hahn committed
397
        clock_gettime \
398
	eventfd \
399
	explicit_bzero \
400
	timingsafe_memcmp \
401
402
403
        flock \
        ftime \
        getaddrinfo \
404
        getentropy \
Sebastian Hahn's avatar
Sebastian Hahn committed
405
        getifaddrs \
406
        getpass \
407
408
409
        getrlimit \
        gettimeofday \
        gmtime_r \
410
	htonll \
411
        inet_aton \
Sebastian Hahn's avatar
Sebastian Hahn committed
412
        ioctl \
413
        issetugid \
414
        llround \
415
        localtime_r \
Sebastian Hahn's avatar
Sebastian Hahn committed
416
        lround \
417
        memmem \
418
        memset_s \
419
420
	pipe \
	pipe2 \
421
        prctl \
422
	readpassphrase \
Sebastian Hahn's avatar
Sebastian Hahn committed
423
        rint \
Nick Mathewson's avatar
Nick Mathewson committed
424
        sigaction \
425
        socketpair \
426
	statvfs \
427
428
        strlcat \
        strlcpy \
429
	strnlen \
430
431
432
433
        strptime \
        strtok_r \
        strtoull \
        sysconf \
434
	sysctl \
435
        uname \
436
	usleep \
437
        vasprintf \
438
	_vscprintf
439
)
440

441
if test "$bwin32" != "true"; then
442
443
  AC_CHECK_HEADERS(pthread.h)
  AC_CHECK_FUNCS(pthread_create)
444
  AC_CHECK_FUNCS(pthread_condattr_setclock)
445
446
fi

447
if test "$bwin32" = "true"; then
448
449
450
451
452
453
454
  AC_CHECK_DECLS([SecureZeroMemory, _getwch], , , [
#include <windows.h>
#include <conio.h>
#include <wchar.h>
                 ])
fi

455
456
AM_CONDITIONAL(BUILD_READPASSPHRASE_C,
  test "x$ac_cv_func_readpassphrase" = "xno" && test "$bwin32" = "false")
457

458
dnl ------------------------------------------------------
459
dnl Where do you live, libevent?  And how do we call you?
460

461
if test "$bwin32" = "true"; then
462
  TOR_LIB_WS32=-lws2_32
463
  TOR_LIB_IPHLPAPI=-liphlpapi
464
465
  # Some of the cargo-cults recommend -lwsock32 as well, but I don't
  # think it's actually necessary.
466
  TOR_LIB_GDI=-lgdi32
Nick Mathewson's avatar
   
Nick Mathewson committed
467
else
468
469
  TOR_LIB_WS32=
  TOR_LIB_GDI=
Nick Mathewson's avatar
   
Nick Mathewson committed
470
fi
471
472
AC_SUBST(TOR_LIB_WS32)
AC_SUBST(TOR_LIB_GDI)
473
AC_SUBST(TOR_LIB_IPHLPAPI)
Nick Mathewson's avatar
   
Nick Mathewson committed
474

475
tor_libevent_pkg_redhat="libevent"
476
tor_libevent_pkg_debian="libevent-dev"
477
478
479
tor_libevent_devpkg_redhat="libevent-devel"
tor_libevent_devpkg_debian="libevent-dev"

480
481
482
483
dnl On Gnu/Linux or any place we require it, we'll add librt to the Libevent
dnl linking for static builds.
STATIC_LIBEVENT_FLAGS=""
if test "$enable_static_libevent" = "yes"; then
484
    if test "$have_rt" = "yes"; then
485
486
487
488
489
      STATIC_LIBEVENT_FLAGS=" -lrt "
    fi
fi

TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32], [
490
#ifdef _WIN32
491
492
#include <winsock2.h>
#endif
493
#include <sys/time.h>
Roger Dingledine's avatar
Roger Dingledine committed
494
#include <sys/types.h>
495
#include <event.h>], [
496
#ifdef _WIN32
497
498
#include <winsock2.h>
#endif
499
void *event_init(void);],
500
    [
501
#ifdef _WIN32
502
{WSADATA d; WSAStartup(0x101,&d); }
503
#endif
504
event_init();
505
], [--with-libevent-dir], [/opt/libevent])
506

507
dnl Now check for particular libevent functions.
508
509
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
510
save_CPPFLAGS="$CPPFLAGS"
511
LIBS="-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $LIBS"
512
LDFLAGS="$TOR_LDFLAGS_libevent $LDFLAGS"
513
CPPFLAGS="$TOR_CPPFLAGS_libevent $CPPFLAGS"
514
AC_CHECK_FUNCS([event_get_version_number \
515
                evutil_secure_rng_set_urandom_device_file \
516
                evutil_secure_rng_init \
517
               ])
518
519
520
521
AC_CHECK_MEMBERS([struct event.min_heap_idx], , ,
[#include <event.h>
])

522
AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h)
523

524
LIBS="$STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $save_LIBS"
525

526
527
AM_CONDITIONAL(USE_EXTERNAL_EVDNS,
  test "x$ac_cv_header_event2_dns_h" = "xyes")
528

529
530
531
532
if test "$enable_static_libevent" = "yes"; then
   if test "$tor_cv_library_libevent_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-libevent-dir=x option when using --enable-static-libevent")
   else
533
     TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS"
534
535
   fi
else
536
     if test "x$ac_cv_header_event2_event_h" = "xyes"; then
Nick Mathewson's avatar
Nick Mathewson committed
537
538
       AC_SEARCH_LIBS(event_new, [event event_core], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for event_new"))
       AC_SEARCH_LIBS(evdns_base_new, [event event_extra], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for evdns_base_new"))
539

540
       if test "$ac_cv_search_event_new" != "none required"; then
541
542
         TOR_LIBEVENT_LIBS="$ac_cv_search_event_new"
       fi
543
       if test "$ac_cv_search_evdns_base_new" != "none required"; then
544
545
546
547
548
         TOR_LIBEVENT_LIBS="$ac_cv_search_evdns_base_new $TOR_LIBEVENT_LIBS"
       fi
     else
       TOR_LIBEVENT_LIBS="-levent"
     fi
549
550
fi

551
552
553
554
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

555
556
dnl This isn't the best test for Libevent 2.0.3-alpha.  Once it's released,
dnl we can do much better.
557
558
if test "$enable_bufferevents" = "yes"; then
  if test "$ac_cv_header_event2_bufferevent_ssl_h" != "yes"; then
559
    AC_MSG_ERROR([You've asked for bufferevent support, but you're using a version of Libevent without SSL support.  This won't work.  We need Libevent 2.0.8-rc or later, and you don't seem to even have Libevent 2.0.3-alpha.])
560
561
562
563
564
565
  else

    CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent"

    # Check for the right version.  First see if version detection works.
    AC_MSG_CHECKING([whether we can detect the Libevent version])
566
    AC_COMPILE_IFELSE([AC_LANG_SOURCE([
567
568
569
570
571
572
573
#include <event2/event.h>
#if !defined(LIBEVENT_VERSION_NUMBER) || LIBEVENT_VERSION_NUMBER < 10
#error
int x = y(zz);
#else
int x = 1;
#endif
574
  ])], [event_version_number_works=yes; AC_MSG_RESULT([yes]) ],
575
     [event_version_number_works=no;  AC_MSG_RESULT([no])])
576
    if test "$event_version_number_works" != "yes"; then
577
578
579
      AC_MSG_WARN([Version detection on Libevent seems broken.  Your Libevent installation is probably screwed up or very old.])
    else
      AC_MSG_CHECKING([whether Libevent is new enough for bufferevents])
580
      AC_COMPILE_IFELSE([AC_LANG_SOURCE([
581
#include <event2/event.h>
582
#if !defined(LIBEVENT_VERSION_NUMBER) || LIBEVENT_VERSION_NUMBER < 0x02000d00
583
584
585
586
587
#error
int x = y(zz);
#else
int x = 1;
#endif
588
   ])], [ AC_MSG_RESULT([yes]) ],
589
      [ AC_MSG_RESULT([no])
590
        AC_MSG_ERROR([Libevent does not seem new enough to support bufferevents.  We require 2.0.13-stable or later]) ] )
591
592
    fi
  fi
593
594
fi

595
596
597
598
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

599
600
AM_CONDITIONAL(USE_BUFFEREVENTS, test "$enable_bufferevents" = "yes")
if test "$enable_bufferevents" = "yes"; then
601
602
603
604
605
606
  AC_DEFINE(USE_BUFFEREVENTS, 1, [Defined if we're going to use Libevent's buffered IO API])
  if test "$enable_static_libevent" = "yes"; then
    TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent_openssl.a $TOR_LIBEVENT_LIBS"
  else
    TOR_LIBEVENT_LIBS="-levent_openssl $TOR_LIBEVENT_LIBS"
  fi
607
fi
608
AC_SUBST(TOR_LIBEVENT_LIBS)
609

610
611
612
613
614
615
616
dnl ------------------------------------------------------
dnl Where do you live, libm?

dnl On some platforms (Haiku/BeOS) the math library is
dnl part of libroot. In which case don't link against lm
TOR_LIB_MATH=""
save_LIBS="$LIBS"
617
618
619
AC_SEARCH_LIBS(pow, [m], , AC_MSG_ERROR([Could not find pow in libm or libc.]))
if test "$ac_cv_search_pow" != "none required"; then
    TOR_LIB_MATH="$ac_cv_search_pow"
620
621
622
623
fi
LIBS="$save_LIBS"
AC_SUBST(TOR_LIB_MATH)

624
dnl ------------------------------------------------------
625
dnl Where do you live, openssl?  And how do we call you?
626

627
tor_openssl_pkg_redhat="openssl"
628
tor_openssl_pkg_debian="libssl-dev"
629
630
631
tor_openssl_devpkg_redhat="openssl-devel"
tor_openssl_devpkg_debian="libssl-dev"

632
633
ALT_openssl_WITHVAL=""
AC_ARG_WITH(ssl-dir,
634
  AS_HELP_STRING(--with-ssl-dir=PATH, [obsolete alias for --with-openssl-dir]),
635
  [
636
      if test "x$withval" != "xno" && test "x$withval" != "x"; then
637
638
639
640
         ALT_openssl_WITHVAL="$withval"
      fi
  ])

641
TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI],
642
643
    [#include <openssl/rand.h>],
    [void RAND_add(const void *buf, int num, double entropy);],
644
    [RAND_add((void*)0,0,0);], [],
645
    [/usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/athena /opt/openssl])
646

647
648
dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()

649
650
651
652
if test "$enable_static_openssl" = "yes"; then
   if test "$tor_cv_library_openssl_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
   else
653
     TOR_OPENSSL_LIBS="$TOR_LIBDIR_openssl/libssl.a $TOR_LIBDIR_openssl/libcrypto.a"
654
655
   fi
else
656
     TOR_OPENSSL_LIBS="-lssl -lcrypto"
657
658
659
fi
AC_SUBST(TOR_OPENSSL_LIBS)

660
661
662
663
664
665
666
dnl Now check for particular openssl functions.
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
LIBS="$TOR_OPENSSL_LIBS $LIBS"
LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
667
668
669
670
671
672
673

AC_TRY_COMPILE([
#include <openssl/opensslv.h>
#if OPENSSL_VERSION_NUMBER < 0x1000000fL
#error "too old"
#endif
   ], [],
674
   [ : ],
675
676
   [ AC_ERROR([OpenSSL is too old. We require 1.0.0 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])

677
678
679
680
681
682
683
684
685
686
687
688
689
AC_TRY_COMPILE([
#include <openssl/opensslv.h>
#include <openssl/evp.h>
#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_ECDSA)
#error "no ECC"
#endif
#if !defined(NID_X9_62_prime256v1) || !defined(NID_secp224r1)
#error "curves unavailable"
#endif
   ], [],
   [ : ],
   [ AC_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])

690
691
692
693
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
[#include <openssl/ssl.h>
])

694
695
696
697
698
AC_CHECK_FUNCS([ \
		SSL_SESSION_get_master_key \
		SSL_get_server_random \
                SSL_get_client_ciphers \
                SSL_get_client_random \
699
		SSL_CIPHER_find \
700
		TLS_method
701
	       ])
rl1987's avatar
rl1987 committed
702
703
704
705

dnl Check if OpenSSL has scrypt implementation.
AC_CHECK_FUNCS([ EVP_PBE_scrypt ])

706
707
708
709
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

710
711
712
dnl ------------------------------------------------------
dnl Where do you live, zlib?  And how do we call you?

713
714
715
716
tor_zlib_pkg_redhat="zlib"
tor_zlib_pkg_debian="zlib1g"
tor_zlib_devpkg_redhat="zlib-devel"
tor_zlib_devpkg_debian="zlib1g-dev"
717
718
719
720

TOR_SEARCH_LIBRARY(zlib, $tryzlibdir, [-lz],
    [#include <zlib.h>],
    [const char * zlibVersion(void);],
721
    [zlibVersion();], [--with-zlib-dir],
722
723
    [/opt/zlib])

724
725
726
727
728
729
730
731
732
733
734
735
if test "$enable_static_zlib" = "yes"; then
   if test "$tor_cv_library_zlib_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-zlib-dir=x option when
 using --enable-static-zlib")
   else
     TOR_ZLIB_LIBS="$TOR_LIBDIR_zlib/libz.a"
   fi
else
     TOR_ZLIB_LIBS="-lz"
fi
AC_SUBST(TOR_ZLIB_LIBS)

736
737
738
739
740
741
742
743
744
745
746
747
748
dnl ----------------------------------------------------------------------
dnl Check if libcap is available for capabilities.

tor_cap_pkg_debian="libcap2"
tor_cap_pkg_redhat="libcap"
tor_cap_devpkg_debian="libcap-dev"
tor_cap_devpkg_redhat="libcap-devel"

AC_CHECK_LIB([cap], [cap_init], [],
  AC_MSG_NOTICE([Libcap was not found. Capabilities will not be usable.])
)
AC_CHECK_FUNCS(cap_set_proc)

749
750
751
752
753
dnl ---------------------------------------------------------------------
dnl Now that we know about our major libraries, we can check for compiler
dnl and linker hardening options.  We need to do this with the libraries known,
dnl since sometimes the linker will like an option but not be willing to
dnl use it with a build of a library.
754

755
all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
756
all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI $TOR_CAP_LIBS"
757

758
759
760
761
762
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
#if !defined(__clang__)
#error
#endif])], have_clang=yes, have_clang=no)

763
if test "x$enable_gcc_hardening" != "xno"; then
764
    CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
765
    if test "x$have_clang" = "xyes"; then
766
767
        TOR_CHECK_CFLAGS(-Qunused-arguments)
    fi
768
769
770
    TOR_CHECK_CFLAGS(-fstack-protector-all, also_link)
    AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all])
    AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all])
771
m4_ifdef([AS_VAR_IF],[
772
773
774
775
    AS_VAR_IF(can_compile, [yes],
        AS_VAR_IF(can_link, [yes],
                  [],
                  AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)]))
776
        )])
777
778
    AS_VAR_POPDEF([can_link])
    AS_VAR_POPDEF([can_compile])
779
780
781
    TOR_CHECK_CFLAGS(-Wstack-protector)
    TOR_CHECK_CFLAGS(-fwrapv)
    TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
782
783
784
785
    if test "$bwin32" = "false"; then
       TOR_CHECK_CFLAGS(-fPIE)
       TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
    fi
786
fi
787

788
if test "x$enable_expensive_hardening" = "xyes"; then
789
790
791
792
793
   TOR_CHECK_CFLAGS([-fsanitize=address])
   TOR_CHECK_CFLAGS([-fsanitize=undefined])
   TOR_CHECK_CFLAGS([-fno-omit-frame-pointer])
fi

794
if test "x$enable_linker_hardening" != "xno"; then
795
796
    TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check")
fi
797

798
799
800
# For backtrace support
TOR_CHECK_LDFLAGS(-rdynamic)

801
dnl ------------------------------------------------------
802
803
804
805
dnl Now see if we have a -fomit-frame-pointer compiler option.

saved_CFLAGS="$CFLAGS"
TOR_CHECK_CFLAGS(-fomit-frame-pointer)
806
F_OMIT_FRAME_POINTER=''
807
if test "$saved_CFLAGS" != "$CFLAGS"; then
808
  if test "x$enable_expensive_hardening" != "xyes"; then
809
810
    F_OMIT_FRAME_POINTER='-fomit-frame-pointer'
  fi
811
812
813
814
fi
CFLAGS="$saved_CFLAGS"
AC_SUBST(F_OMIT_FRAME_POINTER)

815
816
817
818
819
820
821
dnl ------------------------------------------------------
dnl If we are adding -fomit-frame-pointer (or if the compiler's doing it
dnl for us, as GCC 4.6 and later do at many optimization levels), then
dnl we should try to add -fasynchronous-unwind-tables so that our backtrace
dnl code will work.
TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables)

822
823
824
dnl ============================================================
dnl Check for libseccomp

825
826
827
828
if test "x$enable_seccomp" != "xno"; then
  AC_CHECK_HEADERS([seccomp.h])
  AC_SEARCH_LIBS(seccomp_init, [seccomp])
fi
829

830
831
832
833
834
835
dnl ============================================================
dnl Check for libscrypt

if test "x$enable_libscrypt" != "xno"; then
  AC_CHECK_HEADERS([libscrypt.h])
  AC_SEARCH_LIBS(libscrypt_scrypt, [scrypt])
836
  AC_CHECK_FUNCS([libscrypt_scrypt])
837
838
fi

839
840
841
842
843
844
845
846
847
848
dnl ============================================================
dnl We need an implementation of curve25519.

dnl set these defaults.
build_curve25519_donna=no
build_curve25519_donna_c64=no
use_curve25519_donna=no
use_curve25519_nacl=no
CURVE25519_LIBS=

849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
dnl The best choice is using curve25519-donna-c64, but that requires
dnl that we
AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
  tor_cv_can_use_curve25519_donna_c64,
  [AC_RUN_IFELSE(
    [AC_LANG_PROGRAM([dnl
      #include <stdint.h>
      typedef unsigned uint128_t __attribute__((mode(TI)));
  int func(uint64_t a, uint64_t b) {
           uint128_t c = ((uint128_t)a) * b;
           int ok = ((uint64_t)(c>>96)) == 522859 &&
             (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
                 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
                 (((uint64_t)(c))&0xffffffffL) == 0;
           return ok;
      }
  ], [dnl
    int ok = func( ((uint64_t)2000000000) * 1000000000,
                   ((uint64_t)1234567890) << 24);
        return !ok;
      ])],
  [tor_cv_can_use_curve25519_donna_c64=yes],
      [tor_cv_can_use_curve25519_donna_c64=no],
  [AC_LINK_IFELSE(
        [AC_LANG_PROGRAM([dnl
      #include <stdint.h>
      typedef unsigned uint128_t __attribute__((mode(TI)));
  int func(uint64_t a, uint64_t b) {
           uint128_t c = ((uint128_t)a) * b;
           int ok = ((uint64_t)(c>>96)) == 522859 &&
             (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
                 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
                 (((uint64_t)(c))&0xffffffffL) == 0;
           return ok;
      }
  ], [dnl
    int ok = func( ((uint64_t)2000000000) * 1000000000,
    	         ((uint64_t)1234567890) << 24);
        return !ok;
      ])],
          [tor_cv_can_use_curve25519_donna_c64=cross],
      [tor_cv_can_use_curve25519_donna_c64=no])])])

AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
                  nacl/crypto_scalarmult_curve25519.h])

AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
  tor_cv_can_use_curve25519_nacl,
  [tor_saved_LIBS="$LIBS"
   LIBS="$LIBS -lnacl"
   AC_LINK_IFELSE(
     [AC_LANG_PROGRAM([dnl
       #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
       #include <crypto_scalarmult_curve25519.h>
   #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
   #include <nacl/crypto_scalarmult_curve25519.h>
   #endif
       #ifdef crypto_scalarmult_curve25519_ref_BYTES
   #error Hey, this is the reference implementation! That's not fast.
   #endif
     ], [
   unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
     ])], [tor_cv_can_use_curve25519_nacl=yes],
     [tor_cv_can_use_curve25519_nacl=no])
   LIBS="$tor_saved_LIBS" ])

 dnl Okay, now we need to figure out which one to actually use. Fall back
 dnl to curve25519-donna.c

918
 if test "x$tor_cv_can_use_curve25519_donna_c64" != "xno"; then
919
920
   build_curve25519_donna_c64=yes
   use_curve25519_donna=yes
921
 elif test "x$tor_cv_can_use_curve25519_nacl" = "xyes"; then
922
923
924
925
926
927
   use_curve25519_nacl=yes
   CURVE25519_LIBS=-lnacl
 else
   build_curve25519_donna=yes
   use_curve25519_donna=yes
 fi
928

929
if test "x$use_curve25519_donna" = "xyes"; then
930
931
932
  AC_DEFINE(USE_CURVE25519_DONNA, 1,
            [Defined if we should use an internal curve25519_donna{,_c64} implementation])
fi
933
if test "x$use_curve25519_nacl" = "xyes"; then
934
935
936
  AC_DEFINE(USE_CURVE25519_NACL, 1,
            [Defined if we should use a curve25519 from nacl])
fi
937
938
939
940
AM_CONDITIONAL(BUILD_CURVE25519_DONNA,
  test "x$build_curve25519_donna" = "xyes")
AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64,
  test "x$build_curve25519_donna_c64" = "xyes")
941
942
AC_SUBST(CURVE25519_LIBS)

943
dnl Make sure to enable support for large off_t if available.
944
945
AC_SYS_LARGEFILE

946
947
948
949
950
951
AC_CHECK_HEADERS(
        assert.h \
        errno.h \
        fcntl.h \
        signal.h \
        string.h \
952
	sys/capability.h \
953
954
955
956
957
958
959
        sys/fcntl.h \
        sys/stat.h \
        sys/time.h \
        sys/types.h \
        time.h \
        unistd.h
 , , AC_MSG_WARN(Some headers were not found, compilation may fail.  If compilation succeeds, please send your orconfig.h to the developers so we can fix this warning.))
960

961
962
dnl These headers are not essential

963
964
AC_CHECK_HEADERS(
        arpa/inet.h \
965
        crt_externs.h \
Nick Mathewson's avatar
Nick Mathewson committed
966
        execinfo.h \
967
        grp.h \
Sebastian Hahn's avatar
Sebastian Hahn committed
968
        ifaddrs.h \
969
970
971
972
973
974
975
976
977
978
979
        inttypes.h \
        limits.h \
        linux/types.h \
        machine/limits.h \
        malloc.h \
        malloc/malloc.h \
        malloc_np.h \
        netdb.h \
        netinet/in.h \
        netinet/in6.h \
        pwd.h \
980
	readpassphrase.h \
981
        stdint.h \
982
	sys/eventfd.h \
983
984
985
986
987
988
989
        sys/file.h \
        sys/ioctl.h \
        sys/limits.h \
        sys/mman.h \
        sys/param.h \
        sys/prctl.h \
        sys/resource.h \
990
        sys/select.h \
991
        sys/socket.h \
992
	sys/statvfs.h \
993
        sys/syscall.h \
994
	sys/sysctl.h \
995
996
997
998
999
1000
1001
1002
1003
        sys/syslimits.h \
        sys/time.h \
        sys/types.h \
        sys/un.h \
        sys/utime.h \
        sys/wait.h \
        syslog.h \
        utime.h
)
1004

1005
1006
AC_CHECK_HEADERS(sys/param.h)

1007
AC_CHECK_HEADERS(net/if.h, net_if_found=1, net_if_found=0,
1008
1009
1010
1011
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
1012
1013
#include <sys/socket.h>
#endif])
1014
AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
1015
1016
1017
1018
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
1019
#include <sys/socket.h>
1020
1021
1022
#endif
#ifdef HAVE_NET_IF_H
#include <net/if.h>
1023
1024
1025
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
1026
#endif])
1027
1028
1029
1030
1031
1032
1033
1034

AC_CHECK_HEADERS(linux/if.h,[],[],
[
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
])

1035
AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
1036
        linux_netfilter_ipv4=1, linux_netfilter_ipv4=0,
1037
1038
1039
1040
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
1041
#include <sys/socket.h>
1042
#endif
1043
1044
1045
1046
1047
1048
1049
1050
1051
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#ifdef HAVE_LINUX_TYPES_H
#include <linux/types.h>
#endif
#ifdef HAVE_NETINET_IN6_H
#include <netinet/in6.h>
#endif
1052
1053
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
1054
#endif])
1055

1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
AC_CHECK_HEADERS(linux/netfilter_ipv6/ip6_tables.h,
        linux_netfilter_ipv6_ip6_tables=1, linux_netfilter_ipv6_ip6_tables=0,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#ifdef HAVE_LINUX_TYPES_H
#include <linux/types.h>
#endif
#ifdef HAVE_NETINET_IN6_H
#include <netinet/in6.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_LINUX_IF_H
#include <linux/if.h>
#endif])

1080
if test "x$transparent" = "xtrue"; then
1081
   transparent_ok=0
1082
   if test "x$net_if_found" = "x1" && test "x$net_pfvar_found" = "x1"; then
1083
1084
     transparent_ok=1
   fi
1085
   if test "x$linux_netfilter_ipv4" = "x1"; then
1086
1087
     transparent_ok=1
   fi
1088
   if test "x$linux_netfilter_ipv6_ip6_tables" = "x1"; then
1089
1090
     transparent_ok=1
   fi
1091
   if test "x$transparent_ok" = "x1"; then
1092
     AC_DEFINE(USE_TRANSPARENT, 1, "Define to enable transparent proxy support")
1093
     case "$host" in
1094
       *-*-openbsd* | *-*-bitrig*)
1095