configure.ac

dnl Define the set of checks for KIST scheduler support.
AC_DEFUN([CHECK_KIST_SUPPORT],[
  dnl KIST needs struct tcp_info and for certain members to exist.
  AC_CHECK_MEMBERS(
    [struct tcp_info.tcpi_unacked, struct tcp_info.tcpi_snd_mss],
    , ,[[#include <netinet/tcp.h>]])
  dnl KIST needs SIOCOUTQNSD to exist for an ioctl call.
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
                     #include <linux/sockios.h>
                     #ifndef SIOCOUTQNSD
                     #error
                     #endif
                     ])], have_siocoutqnsd=yes, have_siocoutqnsd=no)
  if test "x$have_siocoutqnsd" = "xyes"; then
    if test "x$ac_cv_member_struct_tcp_info_tcpi_unacked" = "xyes"; then
      if test "x$ac_cv_member_struct_tcp_info_tcpi_snd_mss" = "xyes"; then
        have_kist_support=yes
      fi
    fi
  fi
])
dnl Now, trigger the check.
CHECK_KIST_SUPPORT
AS_IF([test "x$have_kist_support" = "xyes"],
      [AC_DEFINE(HAVE_KIST_SUPPORT, 1, [Defined if KIST scheduler is supported
                                        on this system])],
      [AC_MSG_NOTICE([KIST scheduler can't be used. Missing support.])])

LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

dnl ------------------------------------------------------
dnl Where do you live, zlib?  And how do we call you?

tor_zlib_pkg_redhat="zlib"
tor_zlib_pkg_debian="zlib1g"
tor_zlib_devpkg_redhat="zlib-devel"
tor_zlib_devpkg_debian="zlib1g-dev"

TOR_SEARCH_LIBRARY(zlib, $tryzlibdir, [-lz],
    [#include <zlib.h>],
    [const char * zlibVersion(void);],
    [zlibVersion();], [--with-zlib-dir],
    [/opt/zlib])

if test "$enable_static_zlib" = "yes"; then
   if test "$tor_cv_library_zlib_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-zlib-dir=x option when
 using --enable-static-zlib")
   else
     TOR_ZLIB_LIBS="$TOR_LIBDIR_zlib/libz.a"
   fi
else
     TOR_ZLIB_LIBS="-lz"
fi
AC_SUBST(TOR_ZLIB_LIBS)

dnl ------------------------------------------------------
dnl Where we do we find lzma?

AC_ARG_ENABLE(lzma,
      AS_HELP_STRING(--enable-lzma, [enable support for the LZMA compression scheme.]),
      [case "${enableval}" in
        "yes") lzma=true ;;
        "no")  lzma=false ;;
        * ) AC_MSG_ERROR(bad value for --enable-lzma) ;;
      esac], [lzma=auto])

if test "x$enable_lzma" = "xno"; then
    have_lzma=no;
else
    PKG_CHECK_MODULES([LZMA],
                      [liblzma],
                      have_lzma=yes,
                      have_lzma=no)

    if test "x$have_lzma" = "xno" ; then
        AC_MSG_WARN([Unable to find liblzma.])
    fi
fi

if test "x$have_lzma" = "xyes"; then
    AC_DEFINE(HAVE_LZMA,1,[Have LZMA])
    TOR_LZMA_CFLAGS="${LZMA_CFLAGS}"
    TOR_LZMA_LIBS="${LZMA_LIBS}"
fi
AC_SUBST(TOR_LZMA_CFLAGS)
AC_SUBST(TOR_LZMA_LIBS)

dnl ------------------------------------------------------
dnl Where we do we find zstd?

AC_ARG_ENABLE(zstd,
      AS_HELP_STRING(--enable-zstd, [enable support for the Zstandard compression scheme.]),
      [case "${enableval}" in
        "yes") zstd=true ;;
        "no")  zstd=false ;;
        * ) AC_MSG_ERROR(bad value for --enable-zstd) ;;
      esac], [zstd=auto])

if test "x$enable_zstd" = "xno"; then
    have_zstd=no;
else
    PKG_CHECK_MODULES([ZSTD],
                      [libzstd >= 1.1],
                      have_zstd=yes,
                      have_zstd=no)

    if test "x$have_zstd" = "xno" ; then
        AC_MSG_WARN([Unable to find libzstd.])
    fi
fi

if test "x$have_zstd" = "xyes"; then
    AC_DEFINE(HAVE_ZSTD,1,[Have Zstd])
    TOR_ZSTD_CFLAGS="${ZSTD_CFLAGS}"
    TOR_ZSTD_LIBS="${ZSTD_LIBS}"

    dnl now check for zstd functions
    save_LIBS="$LIBS"
    save_CFLAGS="$CFLAGS"
    LIBS="$LIBS $ZSTD_LIBS"
    CFLAGS="$CFLAGS $ZSTD_CFLAGS"
    AC_CHECK_FUNCS(ZSTD_estimateCStreamSize \
                   ZSTD_estimateDCtxSize)
    LIBS="$save_LIBS"
    CFLAGS="$save_CFLAGS"
fi
AC_SUBST(TOR_ZSTD_CFLAGS)
AC_SUBST(TOR_ZSTD_LIBS)

dnl ----------------------------------------------------------------------
dnl Check if libcap is available for capabilities.

tor_cap_pkg_debian="libcap2"
tor_cap_pkg_redhat="libcap"
tor_cap_devpkg_debian="libcap-dev"
tor_cap_devpkg_redhat="libcap-devel"

AC_CHECK_LIB([cap], [cap_init], [],
  AC_MSG_NOTICE([Libcap was not found. Capabilities will not be usable.])
)
AC_CHECK_FUNCS(cap_set_proc)

dnl ---------------------------------------------------------------------
dnl Now that we know about our major libraries, we can check for compiler
dnl and linker hardening options.  We need to do this with the libraries known,
dnl since sometimes the linker will like an option but not be willing to
dnl use it with a build of a library.

all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI $TOR_LIB_USERENV $TOR_CAP_LIBS"

CFLAGS_FTRAPV=
CFLAGS_FWRAPV=
CFLAGS_ASAN=
CFLAGS_UBSAN=


AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
#if !defined(__clang__)
#error
#endif])], have_clang=yes, have_clang=no)

if test "x$enable_pic" = "xyes"; then
    TOR_CHECK_CFLAGS(-fPIC)
fi

if test "x$enable_gcc_hardening" != "xno"; then
    CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
    if test "x$have_clang" = "xyes"; then
        TOR_CHECK_CFLAGS(-Qunused-arguments)
    fi
    TOR_CHECK_CFLAGS(-fstack-protector-all, also_link)
    AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all])
    AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all])
m4_ifdef([AS_VAR_IF],[
    AS_VAR_IF(can_compile, [yes],
        AS_VAR_IF(can_link, [yes],
                  [],
                  AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)]))
        )])
    AS_VAR_POPDEF([can_link])
    AS_VAR_POPDEF([can_compile])
    TOR_CHECK_CFLAGS(-Wstack-protector)
    TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
    if test "$bwin32" = "false" && test "$enable_libfuzzer" != "yes" && test "$enable_oss_fuzz" != "yes"; then
       if test "$enable_pic" != "yes"; then
           # If we have already enabled -fPIC, then we don't also need to
           # compile with -fPIE...
           TOR_CHECK_CFLAGS(-fPIE)
       fi
       # ... but we want to link our executables with -pie in any case, since
       # they're executables, not a library.
       TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
    fi
    TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true)

   AC_MSG_CHECKING([whether we can run hardened binaries])
   AC_RUN_IFELSE([AC_LANG_PROGRAM([], [return 0;])],
        [AC_MSG_RESULT([yes])],
        [AC_MSG_RESULT([no])
         AC_MSG_ERROR([dnl
 We can link with compiler hardening options, but we can't run with them.
 That's a bad sign! If you must, you can pass --disable-gcc-hardening to
 configure, but it would be better to figure out what the underlying problem
 is.])],
        [AC_MSG_RESULT([cross])])
fi

if test "$fragile_hardening" = "yes"; then
    TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true)
   if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then
      AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.])
   fi

   if test "$tor_cv_cflags__ftrapv" != "yes"; then
     AC_MSG_ERROR([You requested fragile hardening, but the compiler does not seem to support -ftrapv.])
   fi

   TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=address], also_link, CFLAGS_ASAN="-fsanitize=address", true)
    if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
      AC_MSG_ERROR([The compiler supports -fsanitize=address, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libubsan.*, and with Clang you need libclang_rt.ubsan*])
    fi

   TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=undefined], also_link, CFLAGS_UBSAN="-fsanitize=undefined", true)
    if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
      AC_MSG_ERROR([The compiler supports -fsanitize=undefined, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libasan.*, and with Clang you need libclang_rt.ubsan*])
    fi

   TOR_TRY_COMPILE_WITH_CFLAGS([-fno-sanitize=float-divide-by-zero], also_link, CFLAGS_UBSAN="-fno-sanitize=float-divide-by-zero", true)
    if test "$tor_cv_cflags__fno_sanitize_float_divide_by_zero" = "yes" && test "$tor_can_link__fno_sanitize_float_divide_by_zero" != "yes"; then
      AC_MSG_ERROR([The compiler supports -fno-sanitize=float-divide-by-zero, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libasan.*, and with Clang you need libclang_rt.ubsan*])
    fi

TOR_CHECK_CFLAGS([-fno-omit-frame-pointer])
fi

dnl Find the correct libraries to add in order to use the sanitizers.
dnl
dnl When building Rust, Cargo will run the linker with the -nodefaultlibs
dnl option, which will prevent the compiler from linking the sanitizer
dnl libraries it needs.  We need to specify them manually.
dnl
dnl What's more, we need to specify them in a linker script rather than
dnl from build.rs: these options aren't allowed in the cargo:rustc-flags
dnl variable.
RUST_LINKER_OPTIONS=""
if test "x$have_clang" = "xyes"; then
	if test "x$CFLAGS_ASAN" != "x"; then
		RUST_LINKER_OPTIONS="$RUST_LINKER_OPTIONS -Clink-arg=$CFLAGS_ASAN -Cdefault-linker-libraries"
	fi
	if test "x$CFLAGS_UBSAN" != "x"; then
        	RUST_LINKER_OPTIONS="$RUST_LINKER_OPTIONS -Clink-arg=$CFLAGS_UBSAN -Cdefault-linker-libraries"
	fi
else
	if test "x$CFLAGS_ASAN" != "x"; then
		RUST_LINKER_OPTIONS="$RUST_LINKER_OPTIONS -Clink-arg=-fsanitize=address -Cdefault-linker-libraries"
	fi
	if test "x$CFLAGS_UBSAN" != "x"; then
        	RUST_LINKER_OPTIONS="$RUST_LINKER_OPTIONS -Clink-arg=-fsanitize=undefined -Cdefault-linker-libraries"
	fi
fi
AC_SUBST(RUST_LINKER_OPTIONS)

CFLAGS_BUGTRAP="$CFLAGS_FTRAPV $CFLAGS_ASAN $CFLAGS_UBSAN"
CFLAGS_CONSTTIME="$CFLAGS_FWRAPV"

mulodi_fixes_ftrapv=no
if test "$have_clang" = "yes"; then
  saved_CFLAGS="$CFLAGS"
  CFLAGS="$CFLAGS $CFLAGS_FTRAPV"
  AC_MSG_CHECKING([whether clang -ftrapv can link a 64-bit int multiply])
  AC_LINK_IFELSE([
      AC_LANG_SOURCE([[
          #include <stdint.h>
          #include <stdlib.h>
	  int main(int argc, char **argv)
	  {
            int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2])
	                * (int64_t)atoi(argv[3]);
	    return x == 9;
	  } ]])],
	  [ftrapv_can_link=yes; AC_MSG_RESULT([yes])],
	  [ftrapv_can_link=no; AC_MSG_RESULT([no])])
  if test "$ftrapv_can_link" = "no"; then
    AC_MSG_CHECKING([whether defining __mulodi4 fixes that])
    AC_LINK_IFELSE([
      AC_LANG_SOURCE([[
          #include <stdint.h>
          #include <stdlib.h>
	  int64_t __mulodi4(int64_t a, int64_t b, int *overflow) {
             *overflow=0;
	     return a;
          }
	  int main(int argc, char **argv)
	  {
            int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2])
	                * (int64_t)atoi(argv[3]);
	    return x == 9;
	  } ]])],
	  [mulodi_fixes_ftrapv=yes; AC_MSG_RESULT([yes])],
	  [mulodi_fixes_ftrapv=no; AC_MSG_RESULT([no])])
  fi
  CFLAGS="$saved_CFLAGS"
fi

AM_CONDITIONAL(ADD_MULODI4, test "$mulodi_fixes_ftrapv" = "yes")

dnl These cflags add bunches of branches, and we haven't been able to
dnl persuade ourselves that they're suitable for code that needs to be
dnl constant time.
AC_SUBST(CFLAGS_BUGTRAP)
dnl These cflags are variant ones sutable for code that needs to be
dnl constant-time.
AC_SUBST(CFLAGS_CONSTTIME)

if test "x$enable_linker_hardening" != "xno"; then
    TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check")
fi

# For backtrace support
TOR_CHECK_LDFLAGS(-rdynamic)

dnl ------------------------------------------------------
dnl Now see if we have a -fomit-frame-pointer compiler option.

saved_CFLAGS="$CFLAGS"
TOR_CHECK_CFLAGS(-fomit-frame-pointer)
F_OMIT_FRAME_POINTER=''
if test "$saved_CFLAGS" != "$CFLAGS"; then
  if test "$fragile_hardening" = "yes"; then
    F_OMIT_FRAME_POINTER='-fomit-frame-pointer'
  fi
fi
CFLAGS="$saved_CFLAGS"
AC_SUBST(F_OMIT_FRAME_POINTER)

dnl ------------------------------------------------------
dnl If we are adding -fomit-frame-pointer (or if the compiler's doing it
dnl for us, as GCC 4.6 and later do at many optimization levels), then
dnl we should try to add -fasynchronous-unwind-tables so that our backtrace
dnl code will work.
TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables)

dnl ============================================================
dnl Check for libseccomp

if test "x$enable_seccomp" != "xno"; then
  AC_CHECK_HEADERS([seccomp.h])
  AC_SEARCH_LIBS(seccomp_init, [seccomp])
fi

dnl ============================================================
dnl Check for libscrypt

if test "x$enable_libscrypt" != "xno"; then
  AC_CHECK_HEADERS([libscrypt.h])
  AC_SEARCH_LIBS(libscrypt_scrypt, [scrypt])
  AC_CHECK_FUNCS([libscrypt_scrypt])
fi

dnl ============================================================
dnl We need an implementation of curve25519.

dnl set these defaults.
build_curve25519_donna=no
build_curve25519_donna_c64=no
use_curve25519_donna=no
use_curve25519_nacl=no
CURVE25519_LIBS=

dnl The best choice is using curve25519-donna-c64, but that requires
dnl that we
AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
  tor_cv_can_use_curve25519_donna_c64,
  [AC_RUN_IFELSE(
    [AC_LANG_PROGRAM([dnl
      #include <stdint.h>
      typedef unsigned uint128_t __attribute__((mode(TI)));
  int func(uint64_t a, uint64_t b) {
           uint128_t c = ((uint128_t)a) * b;
           int ok = ((uint64_t)(c>>96)) == 522859 &&
             (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
                 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
                 (((uint64_t)(c))&0xffffffffL) == 0;
           return ok;
      }
  ], [dnl
    int ok = func( ((uint64_t)2000000000) * 1000000000,
                   ((uint64_t)1234567890) << 24);
        return !ok;
      ])],
  [tor_cv_can_use_curve25519_donna_c64=yes],
      [tor_cv_can_use_curve25519_donna_c64=no],
  [AC_LINK_IFELSE(
        [AC_LANG_PROGRAM([dnl
      #include <stdint.h>
      typedef unsigned uint128_t __attribute__((mode(TI)));
  int func(uint64_t a, uint64_t b) {
           uint128_t c = ((uint128_t)a) * b;
           int ok = ((uint64_t)(c>>96)) == 522859 &&
             (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
                 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
                 (((uint64_t)(c))&0xffffffffL) == 0;
           return ok;
      }
  ], [dnl
    int ok = func( ((uint64_t)2000000000) * 1000000000,
    	         ((uint64_t)1234567890) << 24);
        return !ok;
      ])],
          [tor_cv_can_use_curve25519_donna_c64=cross],
      [tor_cv_can_use_curve25519_donna_c64=no])])])

AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
                  nacl/crypto_scalarmult_curve25519.h])

AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
  tor_cv_can_use_curve25519_nacl,
  [tor_saved_LIBS="$LIBS"
   LIBS="$LIBS -lnacl"
   AC_LINK_IFELSE(
     [AC_LANG_PROGRAM([dnl
       #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
       #include <crypto_scalarmult_curve25519.h>
   #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
   #include <nacl/crypto_scalarmult_curve25519.h>
   #endif
       #ifdef crypto_scalarmult_curve25519_ref_BYTES
   #error Hey, this is the reference implementation! That's not fast.
   #endif
     ], [
   unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
     ])], [tor_cv_can_use_curve25519_nacl=yes],
     [tor_cv_can_use_curve25519_nacl=no])
   LIBS="$tor_saved_LIBS" ])

 dnl Okay, now we need to figure out which one to actually use. Fall back
 dnl to curve25519-donna.c

 if test "x$tor_cv_can_use_curve25519_donna_c64" != "xno"; then
   build_curve25519_donna_c64=yes
   use_curve25519_donna=yes
 elif test "x$tor_cv_can_use_curve25519_nacl" = "xyes"; then
   use_curve25519_nacl=yes
   CURVE25519_LIBS=-lnacl
 else
   build_curve25519_donna=yes
   use_curve25519_donna=yes
 fi

if test "x$use_curve25519_donna" = "xyes"; then
  AC_DEFINE(USE_CURVE25519_DONNA, 1,
            [Defined if we should use an internal curve25519_donna{,_c64} implementation])
fi
if test "x$use_curve25519_nacl" = "xyes"; then
  AC_DEFINE(USE_CURVE25519_NACL, 1,
            [Defined if we should use a curve25519 from nacl])
fi
AM_CONDITIONAL(BUILD_CURVE25519_DONNA,
  test "x$build_curve25519_donna" = "xyes")
AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64,
  test "x$build_curve25519_donna_c64" = "xyes")
AC_SUBST(CURVE25519_LIBS)

dnl Make sure to enable support for large off_t if available.
AC_SYS_LARGEFILE

AC_CHECK_HEADERS([errno.h \
		  fcntl.h \
		  signal.h \
		  string.h \
		  sys/capability.h \
		  sys/fcntl.h \
		  sys/stat.h \
		  sys/time.h \
		  sys/types.h \
		  time.h \
		  unistd.h \
		  arpa/inet.h \
		  crt_externs.h \
		  execinfo.h \
		  gnu/libc-version.h \
		  grp.h \
		  ifaddrs.h \
		  inttypes.h \
		  limits.h \
		  linux/types.h \
		  mach/vm_inherit.h \
		  machine/limits.h \
		  malloc.h \
		  malloc/malloc.h \
		  malloc_np.h \
		  netdb.h \
		  netinet/in.h \
		  netinet/in6.h \
		  pwd.h \
		  readpassphrase.h \
		  stdatomic.h \
		  sys/eventfd.h \
		  sys/file.h \
		  sys/ioctl.h \
		  sys/limits.h \
		  sys/mman.h \
		  sys/param.h \
		  sys/prctl.h \
		  sys/random.h \
		  sys/resource.h \
		  sys/select.h \
		  sys/socket.h \
		  sys/statvfs.h \
		  sys/syscall.h \
		  sys/sysctl.h \
		  sys/syslimits.h \
		  sys/time.h \
		  sys/types.h \
		  sys/un.h \
		  sys/utime.h \
		  sys/wait.h \
		  syslog.h \
		  utime.h])

AC_CHECK_HEADERS(sys/param.h)

AC_CHECK_HEADERS(net/if.h, net_if_found=1, net_if_found=0,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif])
AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif])

AC_CHECK_HEADERS(linux/if.h,[],[],
[
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
])

AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
        linux_netfilter_ipv4=1, linux_netfilter_ipv4=0,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#ifdef HAVE_LINUX_TYPES_H
#include <linux/types.h>
#endif
#ifdef HAVE_NETINET_IN6_H
#include <netinet/in6.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif])

AC_CHECK_HEADERS(linux/netfilter_ipv6/ip6_tables.h,
        linux_netfilter_ipv6_ip6_tables=1, linux_netfilter_ipv6_ip6_tables=0,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#ifdef HAVE_LINUX_TYPES_H
#include <linux/types.h>
#endif
#ifdef HAVE_NETINET_IN6_H
#include <netinet/in6.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_LINUX_IF_H
#include <linux/if.h>
#endif])

transparent_ok=0
if test "x$net_if_found" = "x1" && test "x$net_pfvar_found" = "x1"; then
  transparent_ok=1
fi
if test "x$linux_netfilter_ipv4" = "x1"; then
  transparent_ok=1
fi
if test "x$linux_netfilter_ipv6_ip6_tables" = "x1"; then
  transparent_ok=1
fi
if test "x$transparent_ok" = "x1"; then
  AC_DEFINE(USE_TRANSPARENT, 1, "Define to enable transparent proxy support")
else
  AC_MSG_NOTICE([Transparent proxy support enabled, but missing headers.])
fi

AC_CHECK_MEMBERS([struct timeval.tv_sec], , ,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif])

AC_CHECK_SIZEOF(char)
AC_CHECK_SIZEOF(short)
AC_CHECK_SIZEOF(int)
AC_CHECK_SIZEOF(unsigned int)
AC_CHECK_SIZEOF(long)
AC_CHECK_SIZEOF(long long)
AC_CHECK_SIZEOF(__int64)
AC_CHECK_SIZEOF(void *)
AC_CHECK_SIZEOF(time_t)
AC_CHECK_SIZEOF(size_t)
AC_CHECK_SIZEOF(pid_t)

AC_CHECK_TYPES([uint, u_char, ssize_t])

AC_PC_FROM_UCONTEXT([:])

dnl used to include sockaddr_storage, but everybody has that.
AC_CHECK_TYPES([struct in6_addr, struct sockaddr_in6, sa_family_t], , ,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETINET_IN6_H
#include <netinet/in6.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef _WIN32
#define _WIN32_WINNT 0x0501
#define WIN32_LEAN_AND_MEAN
#include <winsock2.h>
#include <ws2tcpip.h>
#endif
])
AC_CHECK_MEMBERS([struct in6_addr.s6_addr32, struct in6_addr.s6_addr16, struct sockaddr_in.sin_len, struct sockaddr_in6.sin6_len], , ,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETINET_IN6_H
#include <netinet/in6.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef _WIN32
#define _WIN32_WINNT 0x0501
#define WIN32_LEAN_AND_MEAN
#include <winsock2.h>
#include <ws2tcpip.h>
#endif
])

AC_CHECK_TYPES([rlim_t], , ,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/resource.h>
#endif
])

AX_CHECK_SIGN([time_t],
       [ : ],
       [ : ], [
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif
#ifdef HAVE_TIME_H
#include <time.h>
#endif
])

if test "$ax_cv_decl_time_t_signed" = "no"; then
  AC_MSG_ERROR([You have an unsigned time_t; Tor does not support that. Please tell the Tor developers about your interesting platform.])
fi

AX_CHECK_SIGN([size_t],
       [ tor_cv_size_t_signed=yes ],
       [ tor_cv_size_t_signed=no ], [
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
])

if test "$ax_cv_decl_size_t_signed" = "yes"; then
  AC_MSG_ERROR([You have a signed size_t; that's grossly nonconformant.])
fi

AX_CHECK_SIGN([enum always],
       [ AC_DEFINE(ENUM_VALS_ARE_SIGNED, 1, [Define if enum is always signed]) ],
       [ : ], [
 enum always { AAA, BBB, CCC };
])

AC_CHECK_SIZEOF(socklen_t, , [AC_INCLUDES_DEFAULT()
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
])

# We want to make sure that we _don't_ have a cell_t defined, like IRIX does.

AC_CHECK_SIZEOF(cell_t)

# Let's see if stdatomic works. (There are some debian clangs that screw it
# up; see Tor bug #26779 and debian bug 903709.)
AC_CACHE_CHECK([whether C11 stdatomic.h actually works],
               tor_cv_stdatomic_works,
[AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
#include <stdatomic.h>
struct x { atomic_size_t y; };
void try_atomic_init(struct x *xx)
{
  atomic_init(&xx->y, 99);
  atomic_fetch_add(&xx->y, 1);
}
]])], [tor_cv_stdatomic_works=yes], [tor_cv_stdatomic_works=no])])

if test "$tor_cv_stdatomic_works" = "yes"; then
   AC_DEFINE(STDATOMIC_WORKS, 1, [Set to 1 if we can compile a simple stdatomic example.])
elif test "$ac_cv_header_stdatomic_h" = "yes"; then
   AC_MSG_WARN([Your compiler provides the stdatomic.h header, but it doesn't seem to work.  I'll pretend it isn't there. If you are using Clang on Debian, maybe this is because of https://bugs.debian.org/903709 ])
fi

# Now make sure that NULL can be represented as zero bytes.
AC_CACHE_CHECK([whether memset(0) sets pointers to NULL], tor_cv_null_is_zero,
[AC_RUN_IFELSE([AC_LANG_SOURCE(
[[#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#ifdef HAVE_STDDEF_H
#include <stddef.h>
#endif
int main () { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2));
return memcmp(&p1,&p2,sizeof(char*))?1:0; }]])],
       [tor_cv_null_is_zero=yes],
       [tor_cv_null_is_zero=no],
       [tor_cv_null_is_zero=cross])])

if test "$tor_cv_null_is_zero" = "cross"; then
  # Cross-compiling; let's hope that the target isn't raving mad.
  AC_MSG_NOTICE([Cross-compiling: we'll assume that NULL is represented as a sequence of 0-valued bytes.])
fi

if test "$tor_cv_null_is_zero" != "no"; then
  AC_DEFINE([NULL_REP_IS_ZERO_BYTES], 1,
            [Define to 1 iff memset(0) sets pointers to NULL])
fi

AC_CACHE_CHECK([whether memset(0) sets doubles to 0.0], tor_cv_dbl0_is_zero,
[AC_RUN_IFELSE([AC_LANG_SOURCE(
[[#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#ifdef HAVE_STDDEF_H
#include <stddef.h>
#endif
int main () { double d1,d2; d1=0; memset(&d2,0,sizeof(d2));
return memcmp(&d1,&d2,sizeof(d1))?1:0; }]])],
       [tor_cv_dbl0_is_zero=yes],
       [tor_cv_dbl0_is_zero=no],
       [tor_cv_dbl0_is_zero=cross])])

if test "$tor_cv_dbl0_is_zero" = "cross"; then
  # Cross-compiling; let's hope that the target isn't raving mad.
  AC_MSG_NOTICE([Cross-compiling: we'll assume that 0.0 can be represented as a sequence of 0-valued bytes.])
fi

if test "$tor_cv_dbl0_is_zero" != "no"; then
  AC_DEFINE([DOUBLE_0_REP_IS_ZERO_BYTES], 1,
            [Define to 1 iff memset(0) sets doubles to 0.0])
fi

# And what happens when we malloc zero?
AC_CACHE_CHECK([whether we can malloc(0) safely.], tor_cv_malloc_zero_works,
[AC_RUN_IFELSE([AC_LANG_SOURCE(
[[#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#ifdef HAVE_STDDEF_H
#include <stddef.h>
#endif
int main () { return malloc(0)?0:1; }]])],
       [tor_cv_malloc_zero_works=yes],
       [tor_cv_malloc_zero_works=no],
       [tor_cv_malloc_zero_works=cross])])

if test "$tor_cv_malloc_zero_works" = "cross"; then
  # Cross-compiling; let's hope that the target isn't raving mad.
  AC_MSG_NOTICE([Cross-compiling: we'll assume that we need to check malloc() arguments for 0.])
fi

if test "$tor_cv_malloc_zero_works" = "yes"; then
  AC_DEFINE([MALLOC_ZERO_WORKS], 1,
            [Define to 1 iff malloc(0) returns a pointer])
fi

# whether we seem to be in a 2s-complement world.
AC_CACHE_CHECK([whether we are using 2s-complement arithmetic], tor_cv_twos_complement,
[AC_RUN_IFELSE([AC_LANG_SOURCE(
[[int main () { int problem = ((-99) != (~99)+1);
return problem ? 1 : 0; }]])],
       [tor_cv_twos_complement=yes],
       [tor_cv_twos_complement=no],
       [tor_cv_twos_complement=cross])])

if test "$tor_cv_twos_complement" = "cross"; then
  # Cross-compiling; let's hope that the target isn't raving mad.
  AC_MSG_NOTICE([Cross-compiling: we'll assume that negative integers are represented with two's complement.])
fi

if test "$tor_cv_twos_complement" != "no"; then
  AC_DEFINE([USING_TWOS_COMPLEMENT], 1,
            [Define to 1 iff we represent negative integers with
             two's complement])
fi

# What does shifting a negative value do?
AC_CACHE_CHECK([whether right-shift on negative values does sign-extension], tor_cv_sign_extend,
[AC_RUN_IFELSE([AC_LANG_SOURCE(
[[int main () { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])],
       [tor_cv_sign_extend=yes],
       [tor_cv_sign_extend=no],
       [tor_cv_sign_extend=cross])])

if test "$tor_cv_sign_extend" = "cross"; then
  # Cross-compiling; let's hope that the target isn't raving mad.
  AC_MSG_NOTICE([Cross-compiling: we'll assume that right-shifting negative integers causes sign-extension])
fi

if test "$tor_cv_sign_extend" != "no"; then
  AC_DEFINE([RSHIFT_DOES_SIGN_EXTEND], 1,
            [Define to 1 iff right-shifting a negative value performs sign-extension])
fi

# Is uint8_t the same type as unsigned char?
AC_CACHE_CHECK([whether uint8_t is the same type as unsigned char], tor_cv_uint8_uchar,
[AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
#include <stdint.h>
extern uint8_t c;
unsigned char c;]])],
       [tor_cv_uint8_uchar=yes],
       [tor_cv_uint8_uchar=no],
       [tor_cv_uint8_uchar=cross])])

if test "$tor_cv_uint8_uchar" = "cross"; then
  AC_MSG_NOTICE([Cross-compiling: we'll assume that uint8_t is the same type as unsigned char])
fi

if test "$tor_cv_uint8_uchar" = "no"; then
  AC_MSG_ERROR([We assume that uint8_t is the same type as unsigned char, but your compiler disagrees.])
fi

AC_ARG_WITH(tcmalloc,
AS_HELP_STRING(--with-tcmalloc, [use tcmalloc memory allocation library. Deprecated; see --with-malloc]),
[ tcmalloc=yes ], [ tcmalloc=no ])

default_malloc=system

if test "x$enable_openbsd_malloc" = "xyes" ; then
  AC_MSG_NOTICE([The --enable-openbsd-malloc argument is deprecated; use --with-malloc=openbsd instead.])
  default_malloc=openbsd
fi

if test "x$tcmalloc" = "xyes"; then
  AC_MSG_NOTICE([The --with-tcmalloc argument is deprecated; use --with-malloc=tcmalloc instead.])
  default_malloc=tcmalloc
fi

AC_ARG_WITH(malloc,
   AS_HELP_STRING([--with-malloc=[system,jemalloc,tcmalloc,openbsd]],
                  [select special malloc implementation [system]]),
   [ malloc="$with_malloc" ], [ malloc="$default_malloc" ])

AS_CASE([$malloc],
  [tcmalloc], [
      PKG_CHECK_MODULES([TCMALLOC],
			[libtcmalloc],
			have_tcmalloc=yes,
			have_tcmalloc=no)

      if test "x$have_tcmalloc" = "xno" ; then
          AC_MSG_ERROR([Unable to find tcmalloc requested by --with-malloc.])
      fi

      CFLAGS="$CFLAGS $TCMALLOC_CFLAGS"
      LIBS="$TCMALLOC_LIBS $LIBS"
  ],

  [jemalloc], [
      PKG_CHECK_MODULES([JEMALLOC],
		        [jemalloc],
			have_jemalloc=yes,
			have_jemalloc=no)

      if test "x$have_tcmalloc" = "xno" ; then
          AC_MSG_ERROR([Unable to find jemalloc requested by --with-malloc.])
      fi

      CFLAGS="$CFLAGS $JEMALLOC_CFLAGS"
      LIBS="$JEMALLOC_LIBS $LIBS"
      using_custom_malloc=yes
  ],

  [openbsd], [
    AC_MSG_WARN([The openbsd malloc port is deprecated in Tor 0.3.5 and will be removed in a future version.])
    enable_openbsd_malloc=yes
  ],

  [system], [
     # handle this later, including the jemalloc fallback
    AC_CHECK_FUNCS(mallinfo)
  ],

  [AC_MSG_ERROR([--with-malloc=`$with_malloc' not supported, see --help])
])

AM_CONDITIONAL(USE_OPENBSD_MALLOC, test "x$enable_openbsd_malloc" = "xyes")

if test "$malloc" != "system"; then
  # Tell the C compiler not to use the system allocator functions.
  TOR_CHECK_CFLAGS([-fno-builtin-malloc -fno-builtin-realloc -fno-builtin-calloc -fno-builtin-free])
fi
if test "$using_custom_malloc" = "yes"; then
  # Tell the C compiler not to use the system allocator functions.
  TOR_CHECK_CFLAGS([-fno-builtin-malloc -fno-builtin-realloc -fno-builtin-calloc -fno-builtin-free])
fi

# By default, we're going to assume we don't have mlockall()
# bionic and other platforms have various broken mlockall subsystems.
# Some systems don't have a working mlockall, some aren't linkable,
# and some have it but don't declare it.
AC_CHECK_FUNCS(mlockall)
AC_CHECK_DECLS([mlockall], , , [
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>
#endif])

# Allow user to specify an alternate syslog facility
AC_ARG_WITH(syslog-facility,
AS_HELP_STRING(--with-syslog-facility=LOG, [syslog facility to use (default=LOG_DAEMON)]),
syslog_facility="$withval", syslog_facility="LOG_DAEMON")
AC_DEFINE_UNQUOTED(LOGFACILITY,$syslog_facility,[name of the syslog facility])
AC_SUBST(LOGFACILITY)

# Check if we have getresuid and getresgid
AC_CHECK_FUNCS(getresuid getresgid)

# Check for gethostbyname_r in all its glorious incompatible versions.
#   (This logic is based on that in Python's configure.in)
AH_TEMPLATE(HAVE_GETHOSTBYNAME_R,
  [Define this if you have any gethostbyname_r()])

AC_CHECK_FUNC(gethostbyname_r, [
  AC_MSG_CHECKING([how many arguments gethostbyname_r() wants])
  OLD_CFLAGS=$CFLAGS
  CFLAGS="$CFLAGS $MY_CPPFLAGS $MY_THREAD_CPPFLAGS $MY_CFLAGS"
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <netdb.h>
  ]], [[
    char *cp1, *cp2;
    struct hostent *h1, *h2;
    int i1, i2;
    (void)gethostbyname_r(cp1,h1,cp2,i1,&h2,&i2);
  ]])],[