diff -Nru gvpe-2.25/aclocal.m4 gvpe-3.0/aclocal.m4 --- gvpe-2.25/aclocal.m4 2013-07-13 00:42:54.000000000 -0400 +++ gvpe-3.0/aclocal.m4 2016-11-10 09:40:18.000000000 -0500 @@ -1,8 +1,7 @@ -# generated automatically by aclocal 1.11.6 -*- Autoconf -*- +# generated automatically by aclocal 1.7.9 -*- Autoconf -*- -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, -# Inc. +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002 +# Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -12,62 +11,332 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -m4_ifndef([AC_AUTOCONF_VERSION], - [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, -[m4_warning([this file was generated for autoconf 2.69. -You have another version of autoconf. It may work, but is not guaranteed to. -If you have problems, you may need to regenerate the build system entirely. -To do so, use the procedure documented by the package, typically `autoreconf'.])]) +# Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008, 2011 Free Software -# Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +# This macro actually does too much some checks are only needed if +# your package does certain things. But this isn't really a big deal. -# serial 1 +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 +# Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +# serial 10 + +AC_PREREQ([2.54]) + +# Autoconf 2.50 wants to disallow AM_ names. We explicitly allow +# the ones we care about. +m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl + +# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) +# AM_INIT_AUTOMAKE([OPTIONS]) +# ----------------------------------------------- +# The call with PACKAGE and VERSION arguments is the old style +# call (pre autoconf-2.50), which is being phased out. PACKAGE +# and VERSION should now be passed to AC_INIT and removed from +# the call to AM_INIT_AUTOMAKE. +# We support both call styles for the transition. After +# the next Automake release, Autoconf can make the AC_INIT +# arguments mandatory, and then we can depend on a new Autoconf +# release and drop the old call support. +AC_DEFUN([AM_INIT_AUTOMAKE], +[AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl + AC_REQUIRE([AC_PROG_INSTALL])dnl +# test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && + test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi +AC_SUBST([CYGPATH_W]) + +# Define the identity of the package. +dnl Distinguish between old-style and new-style calls. +m4_ifval([$2], +[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl + AC_SUBST([PACKAGE], [$1])dnl + AC_SUBST([VERSION], [$2])], +[_AM_SET_OPTIONS([$1])dnl + AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl + AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl + +_AM_IF_OPTION([no-define],, +[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) + AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl + +# Some tools Automake needs. +AC_REQUIRE([AM_SANITY_CHECK])dnl +AC_REQUIRE([AC_ARG_PROGRAM])dnl +AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) +AM_MISSING_PROG(AUTOCONF, autoconf) +AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) +AM_MISSING_PROG(AUTOHEADER, autoheader) +AM_MISSING_PROG(MAKEINFO, makeinfo) +AM_MISSING_PROG(AMTAR, tar) +AM_PROG_INSTALL_SH +AM_PROG_INSTALL_STRIP +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([AC_PROG_MAKE_SET])dnl +AC_REQUIRE([AM_SET_LEADING_DOT])dnl + +_AM_IF_OPTION([no-dependencies],, +[AC_PROVIDE_IFELSE([AC_PROG_CC], + [_AM_DEPENDENCIES(CC)], + [define([AC_PROG_CC], + defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl +AC_PROVIDE_IFELSE([AC_PROG_CXX], + [_AM_DEPENDENCIES(CXX)], + [define([AC_PROG_CXX], + defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl +]) +]) + + +# When config.status generates a header, we must update the stamp-h file. +# This file resides in the same directory as the config header +# that is generated. The stamp files are numbered to have different names. + +# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the +# loop where config.status creates the headers, so we can generate +# our stamp files there. +AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], +[# Compute $1's index in $config_headers. +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $1 | $1:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count]) + +# Copyright 2002 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. -# (This private macro should not be called outside this file.) -AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.11' -dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to -dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.11.6], [], - [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl -]) - -# _AM_AUTOCONF_VERSION(VERSION) -# ----------------------------- -# aclocal traces this macro to find the Autoconf version. -# This is a private macro too. Using m4_define simplifies -# the logic in aclocal, which can simply ignore this definition. -m4_define([_AM_AUTOCONF_VERSION], []) +AC_DEFUN([AM_AUTOMAKE_VERSION],[am__api_version="1.7"]) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- -# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. -# This function is AC_REQUIREd by AM_INIT_AUTOMAKE. +# Call AM_AUTOMAKE_VERSION so it can be traced. +# This function is AC_REQUIREd by AC_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.11.6])dnl -m4_ifndef([AC_AUTOCONF_VERSION], - [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) + [AM_AUTOMAKE_VERSION([1.7.9])]) + +# Helper functions for option handling. -*- Autoconf -*- + +# Copyright 2001, 2002 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +# serial 2 + +# _AM_MANGLE_OPTION(NAME) +# ----------------------- +AC_DEFUN([_AM_MANGLE_OPTION], +[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) -# AM_AUX_DIR_EXPAND -*- Autoconf -*- +# _AM_SET_OPTION(NAME) +# ------------------------------ +# Set option NAME. Presently that only means defining a flag for this option. +AC_DEFUN([_AM_SET_OPTION], +[m4_define(_AM_MANGLE_OPTION([$1]), 1)]) + +# _AM_SET_OPTIONS(OPTIONS) +# ---------------------------------- +# OPTIONS is a space-separated list of Automake options. +AC_DEFUN([_AM_SET_OPTIONS], +[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) + +# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) +# ------------------------------------------- +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +AC_DEFUN([_AM_IF_OPTION], +[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. # -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +# Check to make sure that the build environment is sane. +# -# serial 1 +# Copyright 1996, 1997, 2000, 2001 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +# serial 3 + +# AM_SANITY_CHECK +# --------------- +AC_DEFUN([AM_SANITY_CHECK], +[AC_MSG_CHECKING([whether build environment is sane]) +# Just in case +sleep 1 +echo timestamp > conftest.file +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftest.file` + fi + rm -f conftest.file + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken +alias in your environment]) + fi + + test "$[2]" = conftest.file + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +AC_MSG_RESULT(yes)]) + +# -*- Autoconf -*- + + +# Copyright 1997, 1999, 2000, 2001 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +# serial 3 + +# AM_MISSING_PROG(NAME, PROGRAM) +# ------------------------------ +AC_DEFUN([AM_MISSING_PROG], +[AC_REQUIRE([AM_MISSING_HAS_RUN]) +$1=${$1-"${am_missing_run}$2"} +AC_SUBST($1)]) + + +# AM_MISSING_HAS_RUN +# ------------------ +# Define MISSING if not defined so far and test if it supports --run. +# If it does, set am_missing_run to use it, otherwise, to nothing. +AC_DEFUN([AM_MISSING_HAS_RUN], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + AC_MSG_WARN([`missing' script is too old or missing]) +fi +]) + +# AM_AUX_DIR_EXPAND + +# Copyright 2001 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to @@ -107,71 +376,146 @@ # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. -AC_DEFUN([AM_AUX_DIR_EXPAND], -[dnl Rely on autoconf to set up CDPATH properly. -AC_PREREQ([2.50])dnl +# Rely on autoconf to set up CDPATH properly. +AC_PREREQ([2.50]) + +AC_DEFUN([AM_AUX_DIR_EXPAND], [ # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` ]) -# AM_CONDITIONAL -*- Autoconf -*- +# AM_PROG_INSTALL_SH +# ------------------ +# Define $install_sh. -# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 -# Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +# Copyright 2001 Free Software Foundation, Inc. -# serial 9 +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. -# AM_CONDITIONAL(NAME, SHELL-CONDITION) -# ------------------------------------- -# Define a conditional. -AC_DEFUN([AM_CONDITIONAL], -[AC_PREREQ(2.52)dnl - ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], - [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl -AC_SUBST([$1_TRUE])dnl -AC_SUBST([$1_FALSE])dnl -_AM_SUBST_NOTMAKE([$1_TRUE])dnl -_AM_SUBST_NOTMAKE([$1_FALSE])dnl -m4_define([_AM_COND_VALUE_$1], [$2])dnl -if $2; then - $1_TRUE= - $1_FALSE='#' -else - $1_TRUE='#' - $1_FALSE= -fi -AC_CONFIG_COMMANDS_PRE( -[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then - AC_MSG_ERROR([[conditional "$1" was never defined. -Usually this means the macro was only invoked conditionally.]]) -fi])]) +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. -# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009, -# 2010, 2011 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +AC_DEFUN([AM_PROG_INSTALL_SH], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +install_sh=${install_sh-"$am_aux_dir/install-sh"} +AC_SUBST(install_sh)]) -# serial 12 +# AM_PROG_INSTALL_STRIP -# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be -# written in clear, in which case automake, when reading aclocal.m4, -# will think it sees a *use*, and therefore will trigger all it's -# C support machinery. Also note that it means that autoscan, seeing -# CC etc. in the Makefile, will ask for an AC_PROG_CC use... +# Copyright 2001 Free Software Foundation, Inc. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. -# _AM_DEPENDENCIES(NAME) -# ---------------------- -# See how the compiler implements dependency checking. -# NAME is "CC", "CXX", "GCJ", or "OBJC". -# We try a few techniques and use that to set a single cache variable. -# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +# One issue with vendor `install' (even GNU) is that you can't +# specify the program used to strip binaries. This is especially +# annoying in cross-compiling environments, where the build's strip +# is unlikely to handle the host's binaries. +# Fortunately install-sh will honor a STRIPPROG variable, so we +# always use install-sh in `make install-strip', and initialize +# STRIPPROG with the value of the STRIP variable (set by the user). +AC_DEFUN([AM_PROG_INSTALL_STRIP], +[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be `maybe'. +if test "$cross_compiling" != no; then + AC_CHECK_TOOL([STRIP], [strip], :) +fi +INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s" +AC_SUBST([INSTALL_STRIP_PROGRAM])]) + +# -*- Autoconf -*- +# Copyright (C) 2003 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +# serial 1 + +# Check whether the underlying file-system supports filenames +# with a leading dot. For instance MS-DOS doesn't. +AC_DEFUN([AM_SET_LEADING_DOT], +[rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null +AC_SUBST([am__leading_dot])]) + +# serial 5 -*- Autoconf -*- + +# Copyright (C) 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + + +# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be +# written in clear, in which case automake, when reading aclocal.m4, +# will think it sees a *use*, and therefore will trigger all it's +# C support machinery. Also note that it means that autoscan, seeing +# CC etc. in the Makefile, will ask for an AC_PROG_CC use... + + + +# _AM_DEPENDENCIES(NAME) +# ---------------------- +# See how the compiler implements dependency checking. +# NAME is "CC", "CXX", "GCJ", or "OBJC". +# We try a few techniques and use that to set a single cache variable. +# # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was # modified to invoke _AM_DEPENDENCIES(CC); we would have a circular # dependency, and given that the user is not expected to run this macro, @@ -185,7 +529,6 @@ ifelse([$1], CC, [depcc="$CC" am_compiler_list=], [$1], CXX, [depcc="$CXX" am_compiler_list=], [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], - [$1], UPC, [depcc="$UPC" am_compiler_list=], [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], [depcc="$$1" am_compiler_list=]) @@ -197,7 +540,6 @@ # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. - rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. @@ -215,16 +557,6 @@ if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` fi - am__universal=false - m4_case([$1], [CC], - [case " $depcc " in #( - *\ -arch\ *\ -arch\ *) am__universal=true ;; - esac], - [CXX], - [case " $depcc " in #( - *\ -arch\ *\ -arch\ *) am__universal=true ;; - esac]) - for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and @@ -236,23 +568,11 @@ : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with - # Solaris 8's {/usr,}/bin/sh. - touch sub/conftst$i.h + : > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with `-c' and `-o' for the sake of the "dashmstdout" - # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs - am__obj=sub/conftest.${OBJEXT-o} - am__minus_obj="-o $am__obj" case $depmode in - gcc) - # This depmode causes a compiler race in universal mode. - test "$am__universal" = false || continue - ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested @@ -262,33 +582,23 @@ break fi ;; - msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok `-c -o', but also, the minuso test has - # not run yet. These depmodes are late enough in the game, and - # so weak that their functioning should not be impacted. - am__obj=conftest.${OBJEXT-o} - am__minus_obj= - ;; none) break ;; esac + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. if depmode=$depmode \ - source=sub/conftest.c object=$am__obj \ + source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ - $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ >/dev/null 2>conftest.err && - grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && - grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings - # or remarks (even with -Werror). So we grep stderr for any message - # that says an option was ignored or not supported. - # When given -MP, icc 7.0 and 7.1 complain thusly: - # icc: Command line warning: ignoring option '-M'; no argument required - # The diagnosis changed in icc 8.0: - # icc: Command line remark: option '-MP' not supported - if (grep 'ignoring option' conftest.err || - grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + # (even with -Werror). So we grep stderr for any message + # that says an option was ignored. + if grep 'ignoring option' conftest.err >/dev/null 2>&1; then :; else am_cv_$1_dependencies_compiler_type=$depmode break fi @@ -322,84 +632,84 @@ # ------------ AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE(dependency-tracking, -[ --disable-dependency-tracking speeds up one-time build - --enable-dependency-tracking do not reject slow dependency extractors]) +[ --disable-dependency-tracking Speeds up one-time builds + --enable-dependency-tracking Do not reject slow dependency extractors]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' - am__nodep='_no' fi AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) -AC_SUBST([AMDEPBACKSLASH])dnl -_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl -AC_SUBST([am__nodep])dnl -_AM_SUBST_NOTMAKE([am__nodep])dnl +AC_SUBST([AMDEPBACKSLASH]) ]) -# Generate code to set up dependency tracking. -*- Autoconf -*- +# Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 -# Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +# Copyright 1999, 2000, 2001, 2002 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. -#serial 5 +#serial 2 # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], -[{ - # Autoconf 2.62 quotes --file arguments for eval, but not when files - # are listed without --file. Let's play safe and only enable the eval - # if we detect the quoting. - case $CONFIG_FILES in - *\'*) eval set x "$CONFIG_FILES" ;; - *) set x $CONFIG_FILES ;; - esac - shift - for mf - do - # Strip MF so we end up with the name of the file. - mf=`echo "$mf" | sed -e 's/:.*$//'` - # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named `Makefile.in', but - # some people rename them; so instead we look at the file content. - # Grep'ing the first line is not enough: some people post-process - # each Makefile.in and add a new line on top of each file to say so. - # Grep'ing the whole file is not good either: AIX grep has a line - # limit of 2048, but all sed's we know have understand at least 4000. - if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then - dirpart=`AS_DIRNAME("$mf")` - else - continue - fi - # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running `make'. - DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` - test -z "$DEPDIR" && continue - am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "am__include" && continue - am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # When using ansi2knr, U may be empty or an underscore; expand it - U=`sed -n 's/^U = //p' < "$mf"` - # Find all dependency output files, they are included files with - # $(DEPDIR) in their names. We invoke sed twice because it is the - # simplest approach to changing $(DEPDIR) to its actual value in the - # expansion. - for file in `sed -n " - s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do - # Make sure the directory exists. - test -f "$dirpart/$file" && continue - fdir=`AS_DIRNAME(["$file"])` - AS_MKDIR_P([$dirpart/$fdir]) - # echo "creating $dirpart/$file" - echo '# dummy' > "$dirpart/$file" - done +[for mf in $CONFIG_FILES; do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # So let's grep whole file. + if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then + dirpart=`AS_DIRNAME("$mf")` + else + continue + fi + grep '^DEP_FILES *= *[[^ @%:@]]' < "$mf" > /dev/null || continue + # Extract the definition of DEP_FILES from the Makefile without + # running `make'. + DEPDIR=`sed -n -e '/^DEPDIR = / s///p' < "$mf"` + test -z "$DEPDIR" && continue + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n -e '/^U = / s///p' < "$mf"` + test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR" + # We invoke sed twice because it is the simplest approach to + # changing $(DEPDIR) to its actual value in the expansion. + for file in `sed -n -e ' + /^DEP_FILES = .*\\\\$/ { + s/^DEP_FILES = // + :loop + s/\\\\$// + p + n + /\\\\$/ b loop + p + } + /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`AS_DIRNAME(["$file"])` + AS_MKDIR_P([$dirpart/$fdir]) + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" done -} +done ])# _AM_OUTPUT_DEPENDENCY_COMMANDS @@ -416,240 +726,27 @@ [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) ]) -# Do all the work for Automake. -*- Autoconf -*- - -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2008, 2009 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# serial 16 - -# This macro actually does too much. Some checks are only needed if -# your package does certain things. But this isn't really a big deal. - -# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) -# AM_INIT_AUTOMAKE([OPTIONS]) -# ----------------------------------------------- -# The call with PACKAGE and VERSION arguments is the old style -# call (pre autoconf-2.50), which is being phased out. PACKAGE -# and VERSION should now be passed to AC_INIT and removed from -# the call to AM_INIT_AUTOMAKE. -# We support both call styles for the transition. After -# the next Automake release, Autoconf can make the AC_INIT -# arguments mandatory, and then we can depend on a new Autoconf -# release and drop the old call support. -AC_DEFUN([AM_INIT_AUTOMAKE], -[AC_PREREQ([2.62])dnl -dnl Autoconf wants to disallow AM_ names. We explicitly allow -dnl the ones we care about. -m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl -AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl -AC_REQUIRE([AC_PROG_INSTALL])dnl -if test "`cd $srcdir && pwd`" != "`pwd`"; then - # Use -I$(srcdir) only when $(srcdir) != ., so that make's output - # is not polluted with repeated "-I." - AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl - # test to see if srcdir already configured - if test -f $srcdir/config.status; then - AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) - fi -fi - -# test whether we have cygpath -if test -z "$CYGPATH_W"; then - if (cygpath --version) >/dev/null 2>/dev/null; then - CYGPATH_W='cygpath -w' - else - CYGPATH_W=echo - fi -fi -AC_SUBST([CYGPATH_W]) - -# Define the identity of the package. -dnl Distinguish between old-style and new-style calls. -m4_ifval([$2], -[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl - AC_SUBST([PACKAGE], [$1])dnl - AC_SUBST([VERSION], [$2])], -[_AM_SET_OPTIONS([$1])dnl -dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. -m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, - [m4_fatal([AC_INIT should be called with package and version arguments])])dnl - AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl - AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl - -_AM_IF_OPTION([no-define],, -[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) - AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl - -# Some tools Automake needs. -AC_REQUIRE([AM_SANITY_CHECK])dnl -AC_REQUIRE([AC_ARG_PROGRAM])dnl -AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) -AM_MISSING_PROG(AUTOCONF, autoconf) -AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) -AM_MISSING_PROG(AUTOHEADER, autoheader) -AM_MISSING_PROG(MAKEINFO, makeinfo) -AC_REQUIRE([AM_PROG_INSTALL_SH])dnl -AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl -AC_REQUIRE([AM_PROG_MKDIR_P])dnl -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. -AC_REQUIRE([AC_PROG_AWK])dnl -AC_REQUIRE([AC_PROG_MAKE_SET])dnl -AC_REQUIRE([AM_SET_LEADING_DOT])dnl -_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], - [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], - [_AM_PROG_TAR([v7])])]) -_AM_IF_OPTION([no-dependencies],, -[AC_PROVIDE_IFELSE([AC_PROG_CC], - [_AM_DEPENDENCIES(CC)], - [define([AC_PROG_CC], - defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl -AC_PROVIDE_IFELSE([AC_PROG_CXX], - [_AM_DEPENDENCIES(CXX)], - [define([AC_PROG_CXX], - defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl -AC_PROVIDE_IFELSE([AC_PROG_OBJC], - [_AM_DEPENDENCIES(OBJC)], - [define([AC_PROG_OBJC], - defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl -]) -_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl -dnl The `parallel-tests' driver may need to know about EXEEXT, so add the -dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro -dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. -AC_CONFIG_COMMANDS_PRE(dnl -[m4_provide_if([_AM_COMPILER_EXEEXT], - [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl -]) - -dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not -dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further -dnl mangled by Autoconf and run in a shell conditional statement. -m4_define([_AC_COMPILER_EXEEXT], -m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) - - -# When config.status generates a header, we must update the stamp-h file. -# This file resides in the same directory as the config header -# that is generated. The stamp files are numbered to have different names. - -# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the -# loop where config.status creates the headers, so we can generate -# our stamp files there. -AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], -[# Compute $1's index in $config_headers. -_am_arg=$1 -_am_stamp_count=1 -for _am_header in $config_headers :; do - case $_am_header in - $_am_arg | $_am_arg:* ) - break ;; - * ) - _am_stamp_count=`expr $_am_stamp_count + 1` ;; - esac -done -echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) - -# Copyright (C) 2001, 2003, 2005, 2008, 2011 Free Software Foundation, -# Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +# Check to see how 'make' treats includes. -*- Autoconf -*- -# serial 1 +# Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc. -# AM_PROG_INSTALL_SH -# ------------------ -# Define $install_sh. -AC_DEFUN([AM_PROG_INSTALL_SH], -[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -if test x"${install_sh}" != xset; then - case $am_aux_dir in - *\ * | *\ *) - install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; - *) - install_sh="\${SHELL} $am_aux_dir/install-sh" - esac -fi -AC_SUBST(install_sh)]) +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. -# Copyright (C) 2003, 2005 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. # serial 2 -# Check whether the underlying file-system supports filenames -# with a leading dot. For instance MS-DOS doesn't. -AC_DEFUN([AM_SET_LEADING_DOT], -[rm -rf .tst 2>/dev/null -mkdir .tst 2>/dev/null -if test -d .tst; then - am__leading_dot=. -else - am__leading_dot=_ -fi -rmdir .tst 2>/dev/null -AC_SUBST([am__leading_dot])]) - -# Add --enable-maintainer-mode option to configure. -*- Autoconf -*- -# From Jim Meyering - -# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008, -# 2011 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# serial 5 - -# AM_MAINTAINER_MODE([DEFAULT-MODE]) -# ---------------------------------- -# Control maintainer-specific portions of Makefiles. -# Default is to disable them, unless `enable' is passed literally. -# For symmetry, `disable' may be passed as well. Anyway, the user -# can override the default with the --enable/--disable switch. -AC_DEFUN([AM_MAINTAINER_MODE], -[m4_case(m4_default([$1], [disable]), - [enable], [m4_define([am_maintainer_other], [disable])], - [disable], [m4_define([am_maintainer_other], [enable])], - [m4_define([am_maintainer_other], [enable]) - m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])]) -AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) - dnl maintainer-mode's default is 'disable' unless 'enable' is passed - AC_ARG_ENABLE([maintainer-mode], -[ --][am_maintainer_other][-maintainer-mode am_maintainer_other make rules and dependencies not useful - (and sometimes confusing) to the casual installer], - [USE_MAINTAINER_MODE=$enableval], - [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) - AC_MSG_RESULT([$USE_MAINTAINER_MODE]) - AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes]) - MAINT=$MAINTAINER_MODE_TRUE - AC_SUBST([MAINT])dnl -] -) - -AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE]) - -# Check to see how 'make' treats includes. -*- Autoconf -*- - -# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# serial 4 - # AM_MAKE_INCLUDE() # ----------------- # Check to see how make treats includes. @@ -657,7 +754,7 @@ [am_make=${MAKE-make} cat > confinc << 'END' am__doit: - @echo this is the am__doit target + @echo done .PHONY: am__doit END # If we don't find an include directive, just comment out the code. @@ -667,24 +764,24 @@ _am_result=none # First try GNU make style include. echo "include confinc" > confmf -# Ignore all kinds of additional output from `make'. -case `$am_make -s -f confmf 2> /dev/null` in #( -*the\ am__doit\ target*) - am__include=include - am__quote= - _am_result=GNU - ;; -esac +# We grep out `Entering directory' and `Leaving directory' +# messages which can occur if `w' ends up in MAKEFLAGS. +# In particular we don't look at `^make:' because GNU make might +# be invoked under some other name (usually "gmake"), in which +# case it prints its new name instead of `make'. +if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then + am__include=include + am__quote= + _am_result=GNU +fi # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf - case `$am_make -s -f confmf 2> /dev/null` in #( - *the\ am__doit\ target*) - am__include=.include - am__quote="\"" - _am_result=BSD - ;; - esac + if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then + am__include=.include + am__quote="\"" + _am_result=BSD + fi fi AC_SUBST([am__include]) AC_SUBST([am__quote]) @@ -692,328 +789,2093 @@ rm -f confinc confmf ]) -# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- +# AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 -# Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +# Copyright 1997, 2000, 2001 Free Software Foundation, Inc. -# serial 6 +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. -# AM_MISSING_PROG(NAME, PROGRAM) -# ------------------------------ -AC_DEFUN([AM_MISSING_PROG], -[AC_REQUIRE([AM_MISSING_HAS_RUN]) -$1=${$1-"${am_missing_run}$2"} -AC_SUBST($1)]) +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. +# serial 5 -# AM_MISSING_HAS_RUN -# ------------------ -# Define MISSING if not defined so far and test if it supports --run. -# If it does, set am_missing_run to use it, otherwise, to nothing. -AC_DEFUN([AM_MISSING_HAS_RUN], -[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -AC_REQUIRE_AUX_FILE([missing])dnl -if test x"${MISSING+set}" != xset; then - case $am_aux_dir in - *\ * | *\ *) - MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; - *) - MISSING="\${SHELL} $am_aux_dir/missing" ;; - esac -fi -# Use eval to expand $SHELL -if eval "$MISSING --run true"; then - am_missing_run="$MISSING --run " -else - am_missing_run= - AC_MSG_WARN([`missing' script is too old or missing]) +AC_PREREQ(2.52) + +# AM_CONDITIONAL(NAME, SHELL-CONDITION) +# ------------------------------------- +# Define a conditional. +AC_DEFUN([AM_CONDITIONAL], +[ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +AC_SUBST([$1_TRUE]) +AC_SUBST([$1_FALSE]) +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= fi +AC_CONFIG_COMMANDS_PRE( +[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then + AC_MSG_ERROR([conditional "$1" was never defined. +Usually this means the macro was only invoked conditionally.]) +fi])]) + +# Add --enable-maintainer-mode option to configure. +# From Jim Meyering + +# Copyright 1996, 1998, 2000, 2001, 2002 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +# serial 2 + +AC_DEFUN([AM_MAINTAINER_MODE], +[AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) + dnl maintainer-mode is disabled by default + AC_ARG_ENABLE(maintainer-mode, +[ --enable-maintainer-mode enable make rules and dependencies not useful + (and sometimes confusing) to the casual installer], + USE_MAINTAINER_MODE=$enableval, + USE_MAINTAINER_MODE=no) + AC_MSG_RESULT([$USE_MAINTAINER_MODE]) + AM_CONDITIONAL(MAINTAINER_MODE, [test $USE_MAINTAINER_MODE = yes]) + MAINT=$MAINTAINER_MODE_TRUE + AC_SUBST(MAINT)dnl +] +) + +AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE]) + +# gettext.m4 serial 17 (gettext-0.11.5) +dnl Copyright (C) 1995-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. +dnl +dnl This file can can be used in projects which are not available under +dnl the GNU General Public License or the GNU Library General Public +dnl License but which still want to provide support for the GNU gettext +dnl functionality. +dnl Please note that the actual code of the GNU gettext library is covered +dnl by the GNU Library General Public License, and the rest of the GNU +dnl gettext package package is covered by the GNU General Public License. +dnl They are *not* in the public domain. + +dnl Authors: +dnl Ulrich Drepper , 1995-2000. +dnl Bruno Haible , 2000-2002. + +dnl Macro to add for using GNU gettext. + +dnl Usage: AM_GNU_GETTEXT([INTLSYMBOL], [NEEDSYMBOL], [INTLDIR]). +dnl INTLSYMBOL can be one of 'external', 'no-libtool', 'use-libtool'. The +dnl default (if it is not specified or empty) is 'no-libtool'. +dnl INTLSYMBOL should be 'external' for packages with no intl directory, +dnl and 'no-libtool' or 'use-libtool' for packages with an intl directory. +dnl If INTLSYMBOL is 'use-libtool', then a libtool library +dnl $(top_builddir)/intl/libintl.la will be created (shared and/or static, +dnl depending on --{enable,disable}-{shared,static} and on the presence of +dnl AM-DISABLE-SHARED). If INTLSYMBOL is 'no-libtool', a static library +dnl $(top_builddir)/intl/libintl.a will be created. +dnl If NEEDSYMBOL is specified and is 'need-ngettext', then GNU gettext +dnl implementations (in libc or libintl) without the ngettext() function +dnl will be ignored. If NEEDSYMBOL is specified and is +dnl 'need-formatstring-macros', then GNU gettext implementations that don't +dnl support the ISO C 99 formatstring macros will be ignored. +dnl INTLDIR is used to find the intl libraries. If empty, +dnl the value `$(top_builddir)/intl/' is used. +dnl +dnl The result of the configuration is one of three cases: +dnl 1) GNU gettext, as included in the intl subdirectory, will be compiled +dnl and used. +dnl Catalog format: GNU --> install in $(datadir) +dnl Catalog extension: .mo after installation, .gmo in source tree +dnl 2) GNU gettext has been found in the system's C library. +dnl Catalog format: GNU --> install in $(datadir) +dnl Catalog extension: .mo after installation, .gmo in source tree +dnl 3) No internationalization, always use English msgid. +dnl Catalog format: none +dnl Catalog extension: none +dnl If INTLSYMBOL is 'external', only cases 2 and 3 can occur. +dnl The use of .gmo is historical (it was needed to avoid overwriting the +dnl GNU format catalogs when building on a platform with an X/Open gettext), +dnl but we keep it in order not to force irrelevant filename changes on the +dnl maintainers. +dnl +AC_DEFUN([AM_GNU_GETTEXT], +[ + dnl Argument checking. + ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [no-libtool], , [ifelse([$1], [use-libtool], , + [errprint([ERROR: invalid first argument to AM_GNU_GETTEXT +])])])])]) + ifelse([$2], [], , [ifelse([$2], [need-ngettext], , [ifelse([$2], [need-formatstring-macros], , + [errprint([ERROR: invalid second argument to AM_GNU_GETTEXT +])])])]) + define(gt_included_intl, ifelse([$1], [external], [no], [yes])) + define(gt_libtool_suffix_prefix, ifelse([$1], [use-libtool], [l], [])) + + AC_REQUIRE([AM_PO_SUBDIRS])dnl + ifelse(gt_included_intl, yes, [ + AC_REQUIRE([AM_INTL_SUBDIR])dnl + ]) + + dnl Prerequisites of AC_LIB_LINKFLAGS_BODY. + AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) + AC_REQUIRE([AC_LIB_RPATH]) + + dnl Sometimes libintl requires libiconv, so first search for libiconv. + dnl Ideally we would do this search only after the + dnl if test "$USE_NLS" = "yes"; then + dnl if test "$gt_cv_func_gnugettext_libc" != "yes"; then + dnl tests. But if configure.in invokes AM_ICONV after AM_GNU_GETTEXT + dnl the configure script would need to contain the same shell code + dnl again, outside any 'if'. There are two solutions: + dnl - Invoke AM_ICONV_LINKFLAGS_BODY here, outside any 'if'. + dnl - Control the expansions in more detail using AC_PROVIDE_IFELSE. + dnl Since AC_PROVIDE_IFELSE is only in autoconf >= 2.52 and not + dnl documented, we avoid it. + ifelse(gt_included_intl, yes, , [ + AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY]) + ]) + + AC_MSG_CHECKING([whether NLS is requested]) + dnl Default is enabled NLS + AC_ARG_ENABLE(nls, + [ --disable-nls do not use Native Language Support], + USE_NLS=$enableval, USE_NLS=yes) + AC_MSG_RESULT($USE_NLS) + AC_SUBST(USE_NLS) + + ifelse(gt_included_intl, yes, [ + BUILD_INCLUDED_LIBINTL=no + USE_INCLUDED_LIBINTL=no + ]) + LIBINTL= + LTLIBINTL= + POSUB= + + dnl If we use NLS figure out what method + if test "$USE_NLS" = "yes"; then + gt_use_preinstalled_gnugettext=no + ifelse(gt_included_intl, yes, [ + AC_MSG_CHECKING([whether included gettext is requested]) + AC_ARG_WITH(included-gettext, + [ --with-included-gettext use the GNU gettext library included here], + nls_cv_force_use_gnu_gettext=$withval, + nls_cv_force_use_gnu_gettext=no) + AC_MSG_RESULT($nls_cv_force_use_gnu_gettext) + + nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext" + if test "$nls_cv_force_use_gnu_gettext" != "yes"; then + ]) + dnl User does not insist on using GNU NLS library. Figure out what + dnl to use. If GNU gettext is available we use this. Else we have + dnl to fall back to GNU NLS library. + + dnl Add a version number to the cache macros. + define([gt_api_version], ifelse([$2], [need-formatstring-macros], 3, ifelse([$2], [need-ngettext], 2, 1))) + define([gt_cv_func_gnugettext_libc], [gt_cv_func_gnugettext]gt_api_version[_libc]) + define([gt_cv_func_gnugettext_libintl], [gt_cv_func_gnugettext]gt_api_version[_libintl]) + + AC_CACHE_CHECK([for GNU gettext in libc], gt_cv_func_gnugettext_libc, + [AC_TRY_LINK([#include +]ifelse([$2], [need-formatstring-macros], +[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) +#endif +changequote(,)dnl +typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; +changequote([,])dnl +], [])[extern int _nl_msg_cat_cntr; +extern int *_nl_domain_bindings;], + [bindtextdomain ("", ""); +return (int) gettext ("")]ifelse([$2], [need-ngettext], [ + (int) ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_domain_bindings], + gt_cv_func_gnugettext_libc=yes, + gt_cv_func_gnugettext_libc=no)]) + + if test "$gt_cv_func_gnugettext_libc" != "yes"; then + dnl Sometimes libintl requires libiconv, so first search for libiconv. + ifelse(gt_included_intl, yes, , [ + AM_ICONV_LINK + ]) + dnl Search for libintl and define LIBINTL, LTLIBINTL and INCINTL + dnl accordingly. Don't use AC_LIB_LINKFLAGS_BODY([intl],[iconv]) + dnl because that would add "-liconv" to LIBINTL and LTLIBINTL + dnl even if libiconv doesn't exist. + AC_LIB_LINKFLAGS_BODY([intl]) + AC_CACHE_CHECK([for GNU gettext in libintl], + gt_cv_func_gnugettext_libintl, + [gt_save_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $INCINTL" + gt_save_LIBS="$LIBS" + LIBS="$LIBS $LIBINTL" + dnl Now see whether libintl exists and does not depend on libiconv. + AC_TRY_LINK([#include +]ifelse([$2], [need-formatstring-macros], +[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) +#endif +changequote(,)dnl +typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; +changequote([,])dnl +], [])[extern int _nl_msg_cat_cntr; +extern +#ifdef __cplusplus +"C" +#endif +const char *_nl_expand_alias ();], + [bindtextdomain ("", ""); +return (int) gettext ("")]ifelse([$2], [need-ngettext], [ + (int) ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_expand_alias (0)], + gt_cv_func_gnugettext_libintl=yes, + gt_cv_func_gnugettext_libintl=no) + dnl Now see whether libintl exists and depends on libiconv. + if test "$gt_cv_func_gnugettext_libintl" != yes && test -n "$LIBICONV"; then + LIBS="$LIBS $LIBICONV" + AC_TRY_LINK([#include +]ifelse([$2], [need-formatstring-macros], +[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) +#endif +changequote(,)dnl +typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; +changequote([,])dnl +], [])[extern int _nl_msg_cat_cntr; +extern +#ifdef __cplusplus +"C" +#endif +const char *_nl_expand_alias ();], + [bindtextdomain ("", ""); +return (int) gettext ("")]ifelse([$2], [need-ngettext], [ + (int) ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_expand_alias (0)], + [LIBINTL="$LIBINTL $LIBICONV" + LTLIBINTL="$LTLIBINTL $LTLIBICONV" + gt_cv_func_gnugettext_libintl=yes + ]) + fi + CPPFLAGS="$gt_save_CPPFLAGS" + LIBS="$gt_save_LIBS"]) + fi + + dnl If an already present or preinstalled GNU gettext() is found, + dnl use it. But if this macro is used in GNU gettext, and GNU + dnl gettext is already preinstalled in libintl, we update this + dnl libintl. (Cf. the install rule in intl/Makefile.in.) + if test "$gt_cv_func_gnugettext_libc" = "yes" \ + || { test "$gt_cv_func_gnugettext_libintl" = "yes" \ + && test "$PACKAGE" != gettext; }; then + gt_use_preinstalled_gnugettext=yes + else + dnl Reset the values set by searching for libintl. + LIBINTL= + LTLIBINTL= + INCINTL= + fi + + ifelse(gt_included_intl, yes, [ + if test "$gt_use_preinstalled_gnugettext" != "yes"; then + dnl GNU gettext is not found in the C library. + dnl Fall back on included GNU gettext library. + nls_cv_use_gnu_gettext=yes + fi + fi + + if test "$nls_cv_use_gnu_gettext" = "yes"; then + dnl Mark actions used to generate GNU NLS library. + INTLOBJS="\$(GETTOBJS)" + BUILD_INCLUDED_LIBINTL=yes + USE_INCLUDED_LIBINTL=yes + LIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LIBICONV" + LTLIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LTLIBICONV" + LIBS=`echo " $LIBS " | sed -e 's/ -lintl / /' -e 's/^ //' -e 's/ $//'` + fi + + if test "$gt_use_preinstalled_gnugettext" = "yes" \ + || test "$nls_cv_use_gnu_gettext" = "yes"; then + dnl Mark actions to use GNU gettext tools. + CATOBJEXT=.gmo + fi + ]) + + if test "$gt_use_preinstalled_gnugettext" = "yes" \ + || test "$nls_cv_use_gnu_gettext" = "yes"; then + AC_DEFINE(ENABLE_NLS, 1, + [Define to 1 if translation of program messages to the user's native language + is requested.]) + else + USE_NLS=no + fi + fi + + if test "$USE_NLS" = "yes"; then + + if test "$gt_use_preinstalled_gnugettext" = "yes"; then + if test "$gt_cv_func_gnugettext_libintl" = "yes"; then + AC_MSG_CHECKING([how to link with libintl]) + AC_MSG_RESULT([$LIBINTL]) + AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCINTL]) + fi + + dnl For backward compatibility. Some packages may be using this. + AC_DEFINE(HAVE_GETTEXT, 1, + [Define if the GNU gettext() function is already present or preinstalled.]) + AC_DEFINE(HAVE_DCGETTEXT, 1, + [Define if the GNU dcgettext() function is already present or preinstalled.]) + fi + + dnl We need to process the po/ directory. + POSUB=po + fi + + ifelse(gt_included_intl, yes, [ + dnl If this is used in GNU gettext we have to set BUILD_INCLUDED_LIBINTL + dnl to 'yes' because some of the testsuite requires it. + if test "$PACKAGE" = gettext; then + BUILD_INCLUDED_LIBINTL=yes + fi + + dnl Make all variables we use known to autoconf. + AC_SUBST(BUILD_INCLUDED_LIBINTL) + AC_SUBST(USE_INCLUDED_LIBINTL) + AC_SUBST(CATOBJEXT) + AC_SUBST(INTLOBJS) + + dnl For backward compatibility. Some configure.ins may be using this. + nls_cv_header_intl= + nls_cv_header_libgt= + + dnl For backward compatibility. Some Makefiles may be using this. + DATADIRNAME=share + AC_SUBST(DATADIRNAME) + + dnl For backward compatibility. Some Makefiles may be using this. + INSTOBJEXT=.mo + AC_SUBST(INSTOBJEXT) + + dnl For backward compatibility. Some Makefiles may be using this. + GENCAT=gencat + AC_SUBST(GENCAT) + + dnl Enable libtool support if the surrounding package wishes it. + INTL_LIBTOOL_SUFFIX_PREFIX=gt_libtool_suffix_prefix + AC_SUBST(INTL_LIBTOOL_SUFFIX_PREFIX) + ]) + + dnl For backward compatibility. Some Makefiles may be using this. + INTLLIBS="$LIBINTL" + AC_SUBST(INTLLIBS) + + dnl Make all documented variables known to autoconf. + AC_SUBST(LIBINTL) + AC_SUBST(LTLIBINTL) + AC_SUBST(POSUB) ]) -# Copyright (C) 2003, 2004, 2005, 2006, 2011 Free Software Foundation, -# Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. -# serial 1 +dnl Checks for all prerequisites of the po subdirectory, +dnl except for USE_NLS. +AC_DEFUN([AM_PO_SUBDIRS], +[ + AC_REQUIRE([AC_PROG_MAKE_SET])dnl + AC_REQUIRE([AC_PROG_INSTALL])dnl + AC_REQUIRE([AM_MKINSTALLDIRS])dnl + + dnl Perform the following tests also if --disable-nls has been given, + dnl because they are needed for "make dist" to work. + + dnl Search for GNU msgfmt in the PATH. + dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions. + dnl The second test excludes FreeBSD msgfmt. + AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, + [$ac_dir/$ac_word --statistics /dev/null >/dev/null 2>&1 && + (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], + :) + AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) + + dnl Search for GNU xgettext 0.11 or newer in the PATH. + dnl The first test excludes Solaris xgettext and early GNU xgettext versions. + dnl The second test excludes FreeBSD xgettext. + AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, + [$ac_dir/$ac_word --omit-header --copyright-holder= /dev/null >/dev/null 2>&1 && + (if $ac_dir/$ac_word --omit-header --copyright-holder= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], + :) + dnl Remove leftover from FreeBSD xgettext call. + rm -f messages.po + + dnl Search for GNU msgmerge 0.11 or newer in the PATH. + AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge, + [$ac_dir/$ac_word --update -q /dev/null /dev/null >/dev/null 2>&1], :) + + dnl This could go away some day; the PATH_PROG_WITH_TEST already does it. + dnl Test whether we really found GNU msgfmt. + if test "$GMSGFMT" != ":"; then + dnl If it is no GNU msgfmt we define it as : so that the + dnl Makefiles still can work. + if $GMSGFMT --statistics /dev/null >/dev/null 2>&1 && + (if $GMSGFMT --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then + : ; + else + GMSGFMT=`echo "$GMSGFMT" | sed -e 's,^.*/,,'` + AC_MSG_RESULT( + [found $GMSGFMT program is not GNU msgfmt; ignore it]) + GMSGFMT=":" + fi + fi -# AM_PROG_MKDIR_P -# --------------- -# Check for `mkdir -p'. -AC_DEFUN([AM_PROG_MKDIR_P], -[AC_PREREQ([2.60])dnl -AC_REQUIRE([AC_PROG_MKDIR_P])dnl -dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, -dnl while keeping a definition of mkdir_p for backward compatibility. -dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. -dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of -dnl Makefile.ins that do not define MKDIR_P, so we do our own -dnl adjustment using top_builddir (which is defined more often than -dnl MKDIR_P). -AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl -case $mkdir_p in - [[\\/$]]* | ?:[[\\/]]*) ;; - */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; -esac + dnl This could go away some day; the PATH_PROG_WITH_TEST already does it. + dnl Test whether we really found GNU xgettext. + if test "$XGETTEXT" != ":"; then + dnl If it is no GNU xgettext we define it as : so that the + dnl Makefiles still can work. + if $XGETTEXT --omit-header --copyright-holder= /dev/null >/dev/null 2>&1 && + (if $XGETTEXT --omit-header --copyright-holder= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then + : ; + else + AC_MSG_RESULT( + [found xgettext program is not GNU xgettext; ignore it]) + XGETTEXT=":" + fi + dnl Remove leftover from FreeBSD xgettext call. + rm -f messages.po + fi + + AC_OUTPUT_COMMANDS([ + for ac_file in $CONFIG_FILES; do + # Support "outfile[:infile[:infile...]]" + case "$ac_file" in + *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + esac + # PO directories have a Makefile.in generated from Makefile.in.in. + case "$ac_file" in */Makefile.in) + # Adjust a relative srcdir. + ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` + ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" + ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` + # In autoconf-2.13 it is called $ac_given_srcdir. + # In autoconf-2.50 it is called $srcdir. + test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" + case "$ac_given_srcdir" in + .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; + /*) top_srcdir="$ac_given_srcdir" ;; + *) top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then + rm -f "$ac_dir/POTFILES" + test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" + cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" + # ALL_LINGUAS, POFILES, GMOFILES, UPDATEPOFILES, DUMMYPOFILES depend + # on $ac_dir but don't depend on user-specified configuration + # parameters. + if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then + # The LINGUAS file contains the set of available languages. + if test -n "$ALL_LINGUAS"; then + test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" + fi + ALL_LINGUAS_=`sed -e "/^#/d" "$ac_given_srcdir/$ac_dir/LINGUAS"` + # Hide the ALL_LINGUAS assigment from automake. + eval 'ALL_LINGUAS''=$ALL_LINGUAS_' + fi + case "$ac_given_srcdir" in + .) srcdirpre= ;; + *) srcdirpre='$(srcdir)/' ;; + esac + POFILES= + GMOFILES= + UPDATEPOFILES= + DUMMYPOFILES= + for lang in $ALL_LINGUAS; do + POFILES="$POFILES $srcdirpre$lang.po" + GMOFILES="$GMOFILES $srcdirpre$lang.gmo" + UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" + DUMMYPOFILES="$DUMMYPOFILES $lang.nop" + done + # CATALOGS depends on both $ac_dir and the user's LINGUAS + # environment variable. + INST_LINGUAS= + if test -n "$ALL_LINGUAS"; then + for presentlang in $ALL_LINGUAS; do + useit=no + if test "%UNSET%" != "$LINGUAS"; then + desiredlanguages="$LINGUAS" + else + desiredlanguages="$ALL_LINGUAS" + fi + for desiredlang in $desiredlanguages; do + # Use the presentlang catalog if desiredlang is + # a. equal to presentlang, or + # b. a variant of presentlang (because in this case, + # presentlang can be used as a fallback for messages + # which are not translated in the desiredlang catalog). + case "$desiredlang" in + "$presentlang"*) useit=yes;; + esac + done + if test $useit = yes; then + INST_LINGUAS="$INST_LINGUAS $presentlang" + fi + done + fi + CATALOGS= + if test -n "$INST_LINGUAS"; then + for lang in $INST_LINGUAS; do + CATALOGS="$CATALOGS $lang.gmo" + done + fi + test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" + sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" + for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do + if test -f "$f"; then + case "$f" in + *.orig | *.bak | *~) ;; + *) cat "$f" >> "$ac_dir/Makefile" ;; + esac + fi + done + fi + ;; + esac + done], + [# Capture the value of obsolete ALL_LINGUAS because we need it to compute + # POFILES, GMOFILES, UPDATEPOFILES, DUMMYPOFILES, CATALOGS. But hide it + # from automake. + eval 'ALL_LINGUAS''="$ALL_LINGUAS"' + # Capture the value of LINGUAS because we need it to compute CATALOGS. + LINGUAS="${LINGUAS-%UNSET%}" + ]) ]) -# Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001, 2002, 2003, 2005, 2008, 2010 Free Software -# Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +dnl Checks for all prerequisites of the intl subdirectory, +dnl except for INTL_LIBTOOL_SUFFIX_PREFIX (and possibly LIBTOOL), INTLOBJS, +dnl USE_INCLUDED_LIBINTL, BUILD_INCLUDED_LIBINTL. +AC_DEFUN([AM_INTL_SUBDIR], +[ + AC_REQUIRE([AC_PROG_INSTALL])dnl + AC_REQUIRE([AM_MKINSTALLDIRS])dnl + AC_REQUIRE([AC_PROG_CC])dnl + AC_REQUIRE([AC_CANONICAL_HOST])dnl + AC_REQUIRE([AC_PROG_RANLIB])dnl + AC_REQUIRE([AC_ISC_POSIX])dnl + AC_REQUIRE([AC_HEADER_STDC])dnl + AC_REQUIRE([AC_C_CONST])dnl + AC_REQUIRE([AC_C_INLINE])dnl + AC_REQUIRE([AC_TYPE_OFF_T])dnl + AC_REQUIRE([AC_TYPE_SIZE_T])dnl + AC_REQUIRE([AC_FUNC_ALLOCA])dnl + AC_REQUIRE([AC_FUNC_MMAP])dnl + AC_REQUIRE([jm_GLIBC21])dnl + AC_REQUIRE([gt_INTDIV0])dnl + AC_REQUIRE([jm_AC_TYPE_UINTMAX_T])dnl + AC_REQUIRE([gt_HEADER_INTTYPES_H])dnl + AC_REQUIRE([gt_INTTYPES_PRI])dnl + + AC_CHECK_HEADERS([argz.h limits.h locale.h nl_types.h malloc.h stddef.h \ +stdlib.h string.h unistd.h sys/param.h]) + AC_CHECK_FUNCS([feof_unlocked fgets_unlocked getc_unlocked getcwd getegid \ +geteuid getgid getuid mempcpy munmap putenv setenv setlocale stpcpy \ +strcasecmp strdup strtoul tsearch __argz_count __argz_stringify __argz_next]) + + AM_ICONV + AM_LANGINFO_CODESET + if test $ac_cv_header_locale_h = yes; then + AM_LC_MESSAGES + fi -# serial 5 + dnl intl/plural.c is generated from intl/plural.y. It requires bison, + dnl because plural.y uses bison specific features. It requires at least + dnl bison-1.26 because earlier versions generate a plural.c that doesn't + dnl compile. + dnl bison is only needed for the maintainer (who touches plural.y). But in + dnl order to avoid separate Makefiles or --enable-maintainer-mode, we put + dnl the rule in general Makefile. Now, some people carelessly touch the + dnl files or have a broken "make" program, hence the plural.c rule will + dnl sometimes fire. To avoid an error, defines BISON to ":" if it is not + dnl present or too old. + AC_CHECK_PROGS([INTLBISON], [bison]) + if test -z "$INTLBISON"; then + ac_verc_fail=yes + else + dnl Found it, now check the version. + AC_MSG_CHECKING([version of bison]) +changequote(<<,>>)dnl + ac_prog_version=`$INTLBISON --version 2>&1 | sed -n 's/^.*GNU Bison.* \([0-9]*\.[0-9.]*\).*$/\1/p'` + case $ac_prog_version in + '') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;; + 1.2[6-9]* | 1.[3-9][0-9]* | [2-9].*) +changequote([,])dnl + ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;; + *) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;; + esac + AC_MSG_RESULT([$ac_prog_version]) + fi + if test $ac_verc_fail = yes; then + INTLBISON=: + fi +]) -# _AM_MANGLE_OPTION(NAME) -# ----------------------- -AC_DEFUN([_AM_MANGLE_OPTION], -[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) -# _AM_SET_OPTION(NAME) -# -------------------- -# Set option NAME. Presently that only means defining a flag for this option. -AC_DEFUN([_AM_SET_OPTION], -[m4_define(_AM_MANGLE_OPTION([$1]), 1)]) +AC_DEFUN([AM_MKINSTALLDIRS], +[ + dnl If the AC_CONFIG_AUX_DIR macro for autoconf is used we possibly + dnl find the mkinstalldirs script in another subdir but $(top_srcdir). + dnl Try to locate is. + MKINSTALLDIRS= + if test -n "$ac_aux_dir"; then + MKINSTALLDIRS="$ac_aux_dir/mkinstalldirs" + fi + if test -z "$MKINSTALLDIRS"; then + MKINSTALLDIRS="\$(top_srcdir)/mkinstalldirs" + fi + AC_SUBST(MKINSTALLDIRS) +]) -# _AM_SET_OPTIONS(OPTIONS) -# ------------------------ -# OPTIONS is a space-separated list of Automake options. -AC_DEFUN([_AM_SET_OPTIONS], -[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) -# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) -# ------------------------------------------- -# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. -AC_DEFUN([_AM_IF_OPTION], -[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) +dnl Usage: AM_GNU_GETTEXT_VERSION([gettext-version]) +AC_DEFUN([AM_GNU_GETTEXT_VERSION], []) -# Check to make sure that the build environment is sane. -*- Autoconf -*- +# lib-prefix.m4 serial 1 (gettext-0.11) +dnl Copyright (C) 2001-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl From Bruno Haible. + +dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed +dnl to access previously installed libraries. The basic assumption is that +dnl a user will want packages to use other packages he previously installed +dnl with the same --prefix option. +dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate +dnl libraries, but is otherwise very convenient. +AC_DEFUN([AC_LIB_PREFIX], +[ + AC_BEFORE([$0], [AC_LIB_LINKFLAGS]) + AC_REQUIRE([AC_PROG_CC]) + AC_REQUIRE([AC_CANONICAL_HOST]) + AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) + dnl By default, look in $includedir and $libdir. + use_additional=yes + AC_LIB_WITH_FINAL_PREFIX([ + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + ]) + AC_ARG_WITH([lib-prefix], +[ --with-lib-prefix[=DIR] search for libraries in DIR/include and DIR/lib + --without-lib-prefix don't search for libraries in includedir and libdir], +[ + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + AC_LIB_WITH_FINAL_PREFIX([ + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + ]) + else + additional_includedir="$withval/include" + additional_libdir="$withval/lib" + fi + fi +]) + if test $use_additional = yes; then + dnl Potentially add $additional_includedir to $CPPFLAGS. + dnl But don't add it + dnl 1. if it's the standard /usr/include, + dnl 2. if it's already present in $CPPFLAGS, + dnl 3. if it's /usr/local/include and we are using GCC on Linux, + dnl 4. if it doesn't exist as a directory. + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + for x in $CPPFLAGS; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux*) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + dnl Really add $additional_includedir to $CPPFLAGS. + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir" + fi + fi + fi + fi + dnl Potentially add $additional_libdir to $LDFLAGS. + dnl But don't add it + dnl 1. if it's the standard /usr/lib, + dnl 2. if it's already present in $LDFLAGS, + dnl 3. if it's /usr/local/lib and we are using GCC on Linux, + dnl 4. if it doesn't exist as a directory. + if test "X$additional_libdir" != "X/usr/lib"; then + haveit= + for x in $LDFLAGS; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test "X$additional_libdir" = "X/usr/local/lib"; then + if test -n "$GCC"; then + case $host_os in + linux*) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + dnl Really add $additional_libdir to $LDFLAGS. + LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir" + fi + fi + fi + fi + fi +]) -# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 -# Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +dnl AC_LIB_PREPARE_PREFIX creates variables acl_final_prefix, +dnl acl_final_exec_prefix, containing the values to which $prefix and +dnl $exec_prefix will expand at the end of the configure script. +AC_DEFUN([AC_LIB_PREPARE_PREFIX], +[ + dnl Unfortunately, prefix and exec_prefix get only finally determined + dnl at the end of configure. + if test "X$prefix" = "XNONE"; then + acl_final_prefix="$ac_default_prefix" + else + acl_final_prefix="$prefix" + fi + if test "X$exec_prefix" = "XNONE"; then + acl_final_exec_prefix='${prefix}' + else + acl_final_exec_prefix="$exec_prefix" + fi + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" + prefix="$acl_save_prefix" +]) -# serial 5 +dnl AC_LIB_WITH_FINAL_PREFIX([statement]) evaluates statement, with the +dnl variables prefix and exec_prefix bound to the values they will have +dnl at the end of the configure script. +AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX], +[ + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + $1 + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" +]) -# AM_SANITY_CHECK -# --------------- -AC_DEFUN([AM_SANITY_CHECK], -[AC_MSG_CHECKING([whether build environment is sane]) -# Just in case -sleep 1 -echo timestamp > conftest.file -# Reject unsafe characters in $srcdir or the absolute working directory -# name. Accept space and tab only in the latter. -am_lf=' -' -case `pwd` in - *[[\\\"\#\$\&\'\`$am_lf]]*) - AC_MSG_ERROR([unsafe absolute working directory name]);; -esac -case $srcdir in - *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) - AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; -esac +# lib-link.m4 serial 3 (gettext-0.11.3) +dnl Copyright (C) 2001-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl From Bruno Haible. + +dnl AC_LIB_LINKFLAGS(name [, dependencies]) searches for libname and +dnl the libraries corresponding to explicit and implicit dependencies. +dnl Sets and AC_SUBSTs the LIB${NAME} and LTLIB${NAME} variables and +dnl augments the CPPFLAGS variable. +AC_DEFUN([AC_LIB_LINKFLAGS], +[ + AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) + AC_REQUIRE([AC_LIB_RPATH]) + define([Name],[translit([$1],[./-], [___])]) + define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-], + [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])]) + AC_CACHE_CHECK([how to link with lib[]$1], [ac_cv_lib[]Name[]_libs], [ + AC_LIB_LINKFLAGS_BODY([$1], [$2]) + ac_cv_lib[]Name[]_libs="$LIB[]NAME" + ac_cv_lib[]Name[]_ltlibs="$LTLIB[]NAME" + ac_cv_lib[]Name[]_cppflags="$INC[]NAME" + ]) + LIB[]NAME="$ac_cv_lib[]Name[]_libs" + LTLIB[]NAME="$ac_cv_lib[]Name[]_ltlibs" + INC[]NAME="$ac_cv_lib[]Name[]_cppflags" + AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME) + AC_SUBST([LIB]NAME) + AC_SUBST([LTLIB]NAME) + dnl Also set HAVE_LIB[]NAME so that AC_LIB_HAVE_LINKFLAGS can reuse the + dnl results of this search when this library appears as a dependency. + HAVE_LIB[]NAME=yes + undefine([Name]) + undefine([NAME]) +]) -# Do `set' in a subshell so we don't clobber the current shell's -# arguments. Must try -L first in case configure is actually a -# symlink; some systems play weird games with the mod time of symlinks -# (eg FreeBSD returns the mod time of the symlink's containing -# directory). -if ( - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$[*]" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - rm -f conftest.file - if test "$[*]" != "X $srcdir/configure conftest.file" \ - && test "$[*]" != "X conftest.file $srcdir/configure"; then +dnl AC_LIB_HAVE_LINKFLAGS(name, dependencies, includes, testcode) +dnl searches for libname and the libraries corresponding to explicit and +dnl implicit dependencies, together with the specified include files and +dnl the ability to compile and link the specified testcode. If found, it +dnl sets and AC_SUBSTs HAVE_LIB${NAME}=yes and the LIB${NAME} and +dnl LTLIB${NAME} variables and augments the CPPFLAGS variable, and +dnl #defines HAVE_LIB${NAME} to 1. Otherwise, it sets and AC_SUBSTs +dnl HAVE_LIB${NAME}=no and LIB${NAME} and LTLIB${NAME} to empty. +AC_DEFUN([AC_LIB_HAVE_LINKFLAGS], +[ + AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) + AC_REQUIRE([AC_LIB_RPATH]) + define([Name],[translit([$1],[./-], [___])]) + define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-], + [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])]) + + dnl Search for lib[]Name and define LIB[]NAME, LTLIB[]NAME and INC[]NAME + dnl accordingly. + AC_LIB_LINKFLAGS_BODY([$1], [$2]) + + dnl Add $INC[]NAME to CPPFLAGS before performing the following checks, + dnl because if the user has installed lib[]Name and not disabled its use + dnl via --without-lib[]Name-prefix, he wants to use it. + ac_save_CPPFLAGS="$CPPFLAGS" + AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME) + + AC_CACHE_CHECK([for lib[]$1], [ac_cv_lib[]Name], [ + ac_save_LIBS="$LIBS" + LIBS="$LIBS $LIB[]NAME" + AC_TRY_LINK([$3], [$4], [ac_cv_lib[]Name=yes], [ac_cv_lib[]Name=no]) + LIBS="$ac_save_LIBS" + ]) + if test "$ac_cv_lib[]Name" = yes; then + HAVE_LIB[]NAME=yes + AC_DEFINE([HAVE_LIB]NAME, 1, [Define if you have the $1 library.]) + AC_MSG_CHECKING([how to link with lib[]$1]) + AC_MSG_RESULT([$LIB[]NAME]) + else + HAVE_LIB[]NAME=no + dnl If $LIB[]NAME didn't lead to a usable library, we don't need + dnl $INC[]NAME either. + CPPFLAGS="$ac_save_CPPFLAGS" + LIB[]NAME= + LTLIB[]NAME= + fi + AC_SUBST([HAVE_LIB]NAME) + AC_SUBST([LIB]NAME) + AC_SUBST([LTLIB]NAME) + undefine([Name]) + undefine([NAME]) +]) - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken -alias in your environment]) - fi +dnl Determine the platform dependent parameters needed to use rpath: +dnl libext, shlibext, hardcode_libdir_flag_spec, hardcode_libdir_separator, +dnl hardcode_direct, hardcode_minus_L, +dnl sys_lib_search_path_spec, sys_lib_dlsearch_path_spec. +AC_DEFUN([AC_LIB_RPATH], +[ + AC_REQUIRE([AC_PROG_CC]) dnl we use $CC, $GCC, $LDFLAGS + AC_REQUIRE([AC_LIB_PROG_LD]) dnl we use $LD, $with_gnu_ld + AC_REQUIRE([AC_CANONICAL_HOST]) dnl we use $host + AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT]) dnl we use $ac_aux_dir + AC_CACHE_CHECK([for shared library run path origin], acl_cv_rpath, [ + CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \ + ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh + . ./conftest.sh + rm -f ./conftest.sh + acl_cv_rpath=done + ]) + wl="$acl_cv_wl" + libext="$acl_cv_libext" + shlibext="$acl_cv_shlibext" + hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" + hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" + hardcode_direct="$acl_cv_hardcode_direct" + hardcode_minus_L="$acl_cv_hardcode_minus_L" + sys_lib_search_path_spec="$acl_cv_sys_lib_search_path_spec" + sys_lib_dlsearch_path_spec="$acl_cv_sys_lib_dlsearch_path_spec" + dnl Determine whether the user wants rpath handling at all. + AC_ARG_ENABLE(rpath, + [ --disable-rpath do not hardcode runtime library paths], + :, enable_rpath=yes) +]) - test "$[2]" = conftest.file - ) -then - # Ok. - : +dnl AC_LIB_LINKFLAGS_BODY(name [, dependencies]) searches for libname and +dnl the libraries corresponding to explicit and implicit dependencies. +dnl Sets the LIB${NAME}, LTLIB${NAME} and INC${NAME} variables. +AC_DEFUN([AC_LIB_LINKFLAGS_BODY], +[ + define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-], + [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])]) + dnl By default, look in $includedir and $libdir. + use_additional=yes + AC_LIB_WITH_FINAL_PREFIX([ + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + ]) + AC_ARG_WITH([lib$1-prefix], +[ --with-lib$1-prefix[=DIR] search for lib$1 in DIR/include and DIR/lib + --without-lib$1-prefix don't search for lib$1 in includedir and libdir], +[ + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + AC_LIB_WITH_FINAL_PREFIX([ + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + ]) + else + additional_includedir="$withval/include" + additional_libdir="$withval/lib" + fi + fi +]) + dnl Search the library and its dependencies in $additional_libdir and + dnl $LDFLAGS. Using breadth-first-seach. + LIB[]NAME= + LTLIB[]NAME= + INC[]NAME= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='$1 $2' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + dnl See if it was already located by an earlier AC_LIB_LINKFLAGS + dnl or AC_LIB_HAVE_LINKFLAGS call. + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$value" + else + dnl An earlier call to AC_LIB_HAVE_LINKFLAGS has determined + dnl that this library doesn't exist. So just drop it. + : + fi + else + dnl Search the library lib$name in $additional_libdir and $LDFLAGS + dnl and the already constructed $LIBNAME/$LTLIBNAME. + found_dir= + found_la= + found_so= + found_a= + if test $use_additional = yes; then + if test -n "$shlibext" && test -f "$additional_libdir/lib$name.$shlibext"; then + found_dir="$additional_libdir" + found_so="$additional_libdir/lib$name.$shlibext" + if test -f "$additional_libdir/lib$name.la"; then + found_la="$additional_libdir/lib$name.la" + fi + else + if test -f "$additional_libdir/lib$name.$libext"; then + found_dir="$additional_libdir" + found_a="$additional_libdir/lib$name.$libext" + if test -f "$additional_libdir/lib$name.la"; then + found_la="$additional_libdir/lib$name.la" + fi + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIB[]NAME; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$shlibext" && test -f "$dir/lib$name.$shlibext"; then + found_dir="$dir" + found_so="$dir/lib$name.$shlibext" + if test -f "$dir/lib$name.la"; then + found_la="$dir/lib$name.la" + fi + else + if test -f "$dir/lib$name.$libext"; then + found_dir="$dir" + found_a="$dir/lib$name.$libext" + if test -f "$dir/lib$name.la"; then + found_la="$dir/lib$name.la" + fi + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + dnl Found the library. + LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + dnl Linking with a shared library. We attempt to hardcode its + dnl directory into the executable's runpath, unless it's the + dnl standard /usr/lib. + if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/lib"; then + dnl No hardcoding is needed. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" + else + dnl Use an explicit option to hardcode DIR into the resulting + dnl binary. + dnl Potentially add DIR to ltrpathdirs. + dnl The ltrpathdirs will be appended to $LTLIBNAME at the end. + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + dnl The hardcoding into $LIBNAME is system dependent. + if test "$hardcode_direct" = yes; then + dnl Using DIR/libNAME.so during linking hardcodes DIR into the + dnl resulting binary. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" + else + if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then + dnl Use an explicit option to hardcode DIR into the resulting + dnl binary. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" + dnl Potentially add DIR to rpathdirs. + dnl The rpathdirs will be appended to $LIBNAME at the end. + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + dnl Rely on "-L$found_dir". + dnl But don't add it if it's already contained in the LDFLAGS + dnl or the already constructed $LIBNAME + haveit= + for x in $LDFLAGS $LIB[]NAME; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir" + fi + if test "$hardcode_minus_L" != no; then + dnl FIXME: Not sure whether we should use + dnl "-L$found_dir -l$name" or "-L$found_dir $found_so" + dnl here. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" + else + dnl We cannot use $hardcode_runpath_var and LD_RUN_PATH + dnl here, because this doesn't fit in flags passed to the + dnl compiler. So give up. No hardcoding. This affects only + dnl very old systems. + dnl FIXME: Not sure whether we should use + dnl "-L$found_dir -l$name" or "-L$found_dir $found_so" + dnl here. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + dnl Linking with a static library. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_a" + else + dnl We shouldn't come here, but anyway it's good to have a + dnl fallback. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir -l$name" + fi + fi + dnl Assume the include files are nearby. + additional_includedir= + case "$found_dir" in + */lib | */lib/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e 's,/lib/*$,,'` + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + dnl Potentially add $additional_includedir to $INCNAME. + dnl But don't add it + dnl 1. if it's the standard /usr/include, + dnl 2. if it's /usr/local/include and we are using GCC on Linux, + dnl 3. if it's already present in $CPPFLAGS or the already + dnl constructed $INCNAME, + dnl 4. if it doesn't exist as a directory. + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux*) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INC[]NAME; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + dnl Really add $additional_includedir to $INCNAME. + INC[]NAME="${INC[]NAME}${INC[]NAME:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + dnl Look for dependencies. + if test -n "$found_la"; then + dnl Read the .la file. It defines the variables + dnl dlname, library_names, old_library, dependency_libs, current, + dnl age, revision, installed, dlopen, dlpreopen, libdir. + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + dnl We use only dependency_libs. + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + dnl Potentially add $additional_libdir to $LIBNAME and $LTLIBNAME. + dnl But don't add it + dnl 1. if it's the standard /usr/lib, + dnl 2. if it's /usr/local/lib and we are using GCC on Linux, + dnl 3. if it's already present in $LDFLAGS or the already + dnl constructed $LIBNAME, + dnl 4. if it doesn't exist as a directory. + if test "X$additional_libdir" != "X/usr/lib"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/lib"; then + if test -n "$GCC"; then + case $host_os in + linux*) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIB[]NAME; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + dnl Really add $additional_libdir to $LIBNAME. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIB[]NAME; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + dnl Really add $additional_libdir to $LTLIBNAME. + LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + dnl Potentially add DIR to rpathdirs. + dnl The rpathdirs will be appended to $LIBNAME at the end. + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + dnl Potentially add DIR to ltrpathdirs. + dnl The ltrpathdirs will be appended to $LTLIBNAME at the end. + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + dnl Handle this in the next round. + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + dnl Handle this in the next round. Throw away the .la's + dnl directory; it is already contained in a preceding -L + dnl option. + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + dnl Most likely an immediate library name. + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$dep" + LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$dep" + ;; + esac + done + fi + else + dnl Didn't find the library; assume it is in the system directories + dnl known to the linker and runtime loader. (All the system + dnl directories known to the linker should also be known to the + dnl runtime loader, otherwise the system is severely misconfigured.) + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name" + LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$hardcode_libdir_separator"; then + dnl Weird platform: only the last -rpath option counts, the user must + dnl pass all path elements in one option. We can arrange that for a + dnl single library, but not when more than one $LIBNAMEs are used. + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$found_dir" + done + dnl Note: hardcode_libdir_flag_spec uses $libdir and $wl. + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag" + else + dnl The -rpath options are cumulative. + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + dnl When using libtool, the option that works for both libraries and + dnl executables is -R. The -R options are cumulative. + for found_dir in $ltrpathdirs; do + LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-R$found_dir" + done + fi +]) + +dnl AC_LIB_APPENDTOVAR(VAR, CONTENTS) appends the elements of CONTENTS to VAR, +dnl unless already present in VAR. +dnl Works only for CPPFLAGS, not for LIB* variables because that sometimes +dnl contains two or three consecutive elements that belong together. +AC_DEFUN([AC_LIB_APPENDTOVAR], +[ + for element in [$2]; do + haveit= + for x in $[$1]; do + AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + [$1]="${[$1]}${[$1]:+ }$element" + fi + done +]) + +# lib-ld.m4 serial 1 (gettext-0.11) +dnl Copyright (C) 1996-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl Subroutines of libtool.m4, +dnl with replacements s/AC_/AC_LIB/ and s/lt_cv/acl_cv/ to avoid collision +dnl with libtool.m4. + +dnl From libtool-1.4. Sets the variable with_gnu_ld to yes or no. +AC_DEFUN([AC_LIB_PROG_LD_GNU], +[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], acl_cv_prog_gnu_ld, +[# I'd rather use --version here, but apparently some GNU ld's only accept -v. +if $LD -v 2>&1 &5; then + acl_cv_prog_gnu_ld=yes else - AC_MSG_ERROR([newly created file is older than distributed files! -Check your system clock]) + acl_cv_prog_gnu_ld=no +fi]) +with_gnu_ld=$acl_cv_prog_gnu_ld +]) + +dnl From libtool-1.4. Sets the variable LD. +AC_DEFUN([AC_LIB_PROG_LD], +[AC_ARG_WITH(gnu-ld, +[ --with-gnu-ld assume the C compiler uses GNU ld [default=no]], +test "$withval" = no || with_gnu_ld=yes, with_gnu_ld=no) +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + AC_MSG_CHECKING([for ld used by GCC]) + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [[\\/]* | [A-Za-z]:[\\/]*)] + [re_direlt='/[^/][^/]*/\.\./'] + # Canonicalize the path of ld + ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` + while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do + ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + AC_MSG_CHECKING([for GNU ld]) +else + AC_MSG_CHECKING([for non-GNU ld]) fi -AC_MSG_RESULT(yes)]) +AC_CACHE_VAL(acl_cv_path_LD, +[if test -z "$LD"; then + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + acl_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some GNU ld's only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + if "$acl_cv_path_LD" -v 2>&1 < /dev/null | egrep '(GNU|with BFD)' > /dev/null; then + test "$with_gnu_ld" != no && break + else + test "$with_gnu_ld" != yes && break + fi + fi + done + IFS="$ac_save_ifs" +else + acl_cv_path_LD="$LD" # Let the user override the test with a path. +fi]) +LD="$acl_cv_path_LD" +if test -n "$LD"; then + AC_MSG_RESULT($LD) +else + AC_MSG_RESULT(no) +fi +test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH]) +AC_LIB_PROG_LD_GNU +]) -# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +# iconv.m4 serial AM4 (gettext-0.11.3) +dnl Copyright (C) 2000-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl From Bruno Haible. + +AC_DEFUN([AM_ICONV_LINKFLAGS_BODY], +[ + dnl Prerequisites of AC_LIB_LINKFLAGS_BODY. + AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) + AC_REQUIRE([AC_LIB_RPATH]) + + dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV + dnl accordingly. + AC_LIB_LINKFLAGS_BODY([iconv]) +]) -# serial 1 +AC_DEFUN([AM_ICONV_LINK], +[ + dnl Some systems have iconv in libc, some have it in libiconv (OSF/1 and + dnl those with the standalone portable GNU libiconv installed). + + dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV + dnl accordingly. + AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY]) + + dnl Add $INCICONV to CPPFLAGS before performing the following checks, + dnl because if the user has installed libiconv and not disabled its use + dnl via --without-libiconv-prefix, he wants to use it. The first + dnl AC_TRY_LINK will then fail, the second AC_TRY_LINK will succeed. + am_save_CPPFLAGS="$CPPFLAGS" + AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCICONV]) + + AC_CACHE_CHECK(for iconv, am_cv_func_iconv, [ + am_cv_func_iconv="no, consider installing GNU libiconv" + am_cv_lib_iconv=no + AC_TRY_LINK([#include +#include ], + [iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd);], + am_cv_func_iconv=yes) + if test "$am_cv_func_iconv" != yes; then + am_save_LIBS="$LIBS" + LIBS="$LIBS $LIBICONV" + AC_TRY_LINK([#include +#include ], + [iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd);], + am_cv_lib_iconv=yes + am_cv_func_iconv=yes) + LIBS="$am_save_LIBS" + fi + ]) + if test "$am_cv_func_iconv" = yes; then + AC_DEFINE(HAVE_ICONV, 1, [Define if you have the iconv() function.]) + fi + if test "$am_cv_lib_iconv" = yes; then + AC_MSG_CHECKING([how to link with libiconv]) + AC_MSG_RESULT([$LIBICONV]) + else + dnl If $LIBICONV didn't lead to a usable library, we don't need $INCICONV + dnl either. + CPPFLAGS="$am_save_CPPFLAGS" + LIBICONV= + LTLIBICONV= + fi + AC_SUBST(LIBICONV) + AC_SUBST(LTLIBICONV) +]) -# AM_PROG_INSTALL_STRIP -# --------------------- -# One issue with vendor `install' (even GNU) is that you can't -# specify the program used to strip binaries. This is especially -# annoying in cross-compiling environments, where the build's strip -# is unlikely to handle the host's binaries. -# Fortunately install-sh will honor a STRIPPROG variable, so we -# always use install-sh in `make install-strip', and initialize -# STRIPPROG with the value of the STRIP variable (set by the user). -AC_DEFUN([AM_PROG_INSTALL_STRIP], -[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl -# Installed binaries are usually stripped using `strip' when the user -# run `make install-strip'. However `strip' might not be the right -# tool to use in cross-compilation environments, therefore Automake -# will honor the `STRIP' environment variable to overrule this program. -dnl Don't test for $cross_compiling = yes, because it might be `maybe'. -if test "$cross_compiling" != no; then - AC_CHECK_TOOL([STRIP], [strip], :) +AC_DEFUN([AM_ICONV], +[ + AM_ICONV_LINK + if test "$am_cv_func_iconv" = yes; then + AC_MSG_CHECKING([for iconv declaration]) + AC_CACHE_VAL(am_cv_proto_iconv, [ + AC_TRY_COMPILE([ +#include +#include +extern +#ifdef __cplusplus +"C" +#endif +#if defined(__STDC__) || defined(__cplusplus) +size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft); +#else +size_t iconv(); +#endif +], [], am_cv_proto_iconv_arg1="", am_cv_proto_iconv_arg1="const") + am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);"]) + am_cv_proto_iconv=`echo "[$]am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'` + AC_MSG_RESULT([$]{ac_t:- + }[$]am_cv_proto_iconv) + AC_DEFINE_UNQUOTED(ICONV_CONST, $am_cv_proto_iconv_arg1, + [Define as const if the declaration of iconv() needs const.]) + fi +]) + +# progtest.m4 serial 2 (gettext-0.10.40) +dnl Copyright (C) 1996-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. +dnl +dnl This file can can be used in projects which are not available under +dnl the GNU General Public License or the GNU Library General Public +dnl License but which still want to provide support for the GNU gettext +dnl functionality. +dnl Please note that the actual code of the GNU gettext library is covered +dnl by the GNU Library General Public License, and the rest of the GNU +dnl gettext package package is covered by the GNU General Public License. +dnl They are *not* in the public domain. + +dnl Authors: +dnl Ulrich Drepper , 1996. + +# Search path for a program which passes the given test. + +dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR, +dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]]) +AC_DEFUN([AM_PATH_PROG_WITH_TEST], +[# Extract the first word of "$2", so it can be a program name with args. +set dummy $2; ac_word=[$]2 +AC_MSG_CHECKING([for $ac_word]) +AC_CACHE_VAL(ac_cv_path_$1, +[case "[$]$1" in + /*) + ac_cv_path_$1="[$]$1" # Let the user override the test with a path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in ifelse([$5], , $PATH, [$5]); do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if [$3]; then + ac_cv_path_$1="$ac_dir/$ac_word" + break + fi + fi + done + IFS="$ac_save_ifs" +dnl If no 4th arg is given, leave the cache variable unset, +dnl so AC_PATH_PROGS will keep looking. +ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" +])dnl + ;; +esac])dnl +$1="$ac_cv_path_$1" +if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then + AC_MSG_RESULT([$]$1) +else + AC_MSG_RESULT(no) fi -INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" -AC_SUBST([INSTALL_STRIP_PROGRAM])]) +AC_SUBST($1)dnl +]) -# Copyright (C) 2006, 2008, 2010 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +# isc-posix.m4 serial 2 (gettext-0.11.2) +dnl Copyright (C) 1995-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +# This file is not needed with autoconf-2.53 and newer. Remove it in 2005. + +# This test replaces the one in autoconf. +# Currently this macro should have the same name as the autoconf macro +# because gettext's gettext.m4 (distributed in the automake package) +# still uses it. Otherwise, the use in gettext.m4 makes autoheader +# give these diagnostics: +# configure.in:556: AC_TRY_COMPILE was called before AC_ISC_POSIX +# configure.in:556: AC_TRY_RUN was called before AC_ISC_POSIX + +undefine([AC_ISC_POSIX]) + +AC_DEFUN([AC_ISC_POSIX], + [ + dnl This test replaces the obsolescent AC_ISC_POSIX kludge. + AC_CHECK_LIB(cposix, strerror, [LIBS="$LIBS -lcposix"]) + ] +) -# serial 3 +# glibc21.m4 serial 2 (fileutils-4.1.3, gettext-0.10.40) +dnl Copyright (C) 2000-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +# Test for the GNU C Library, version 2.1 or newer. +# From Bruno Haible. + +AC_DEFUN([jm_GLIBC21], + [ + AC_CACHE_CHECK(whether we are using the GNU C Library 2.1 or newer, + ac_cv_gnu_library_2_1, + [AC_EGREP_CPP([Lucky GNU user], + [ +#include +#ifdef __GNU_LIBRARY__ + #if (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 1) || (__GLIBC__ > 2) + Lucky GNU user + #endif +#endif + ], + ac_cv_gnu_library_2_1=yes, + ac_cv_gnu_library_2_1=no) + ] + ) + AC_SUBST(GLIBC21) + GLIBC21="$ac_cv_gnu_library_2_1" + ] +) -# _AM_SUBST_NOTMAKE(VARIABLE) -# --------------------------- -# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. -# This macro is traced by Automake. -AC_DEFUN([_AM_SUBST_NOTMAKE]) - -# AM_SUBST_NOTMAKE(VARIABLE) -# -------------------------- -# Public sister of _AM_SUBST_NOTMAKE. -AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) +# intdiv0.m4 serial 1 (gettext-0.11.3) +dnl Copyright (C) 2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl From Bruno Haible. + +AC_DEFUN([gt_INTDIV0], +[ + AC_REQUIRE([AC_PROG_CC])dnl + AC_REQUIRE([AC_CANONICAL_HOST])dnl + + AC_CACHE_CHECK([whether integer division by zero raises SIGFPE], + gt_cv_int_divbyzero_sigfpe, + [ + AC_TRY_RUN([ +#include +#include + +static void +#ifdef __cplusplus +sigfpe_handler (int sig) +#else +sigfpe_handler (sig) int sig; +#endif +{ + /* Exit with code 0 if SIGFPE, with code 1 if any other signal. */ + exit (sig != SIGFPE); +} -# Check how to create a tarball. -*- Autoconf -*- +int x = 1; +int y = 0; +int z; +int nan; + +int main () +{ + signal (SIGFPE, sigfpe_handler); +/* IRIX and AIX (when "xlc -qcheck" is used) yield signal SIGTRAP. */ +#if (defined (__sgi) || defined (_AIX)) && defined (SIGTRAP) + signal (SIGTRAP, sigfpe_handler); +#endif +/* Linux/SPARC yields signal SIGILL. */ +#if defined (__sparc__) && defined (__linux__) + signal (SIGILL, sigfpe_handler); +#endif + + z = x / y; + nan = y / y; + exit (1); +} +], gt_cv_int_divbyzero_sigfpe=yes, gt_cv_int_divbyzero_sigfpe=no, + [ + # Guess based on the CPU. + case "$host_cpu" in + alpha* | i[34567]86 | m68k | s390*) + gt_cv_int_divbyzero_sigfpe="guessing yes";; + *) + gt_cv_int_divbyzero_sigfpe="guessing no";; + esac + ]) + ]) + case "$gt_cv_int_divbyzero_sigfpe" in + *yes) value=1;; + *) value=0;; + esac + AC_DEFINE_UNQUOTED(INTDIV0_RAISES_SIGFPE, $value, + [Define if integer division by zero raises signal SIGFPE.]) +]) -# Copyright (C) 2004, 2005, 2012 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. +# uintmax_t.m4 serial 6 (gettext-0.11) +dnl Copyright (C) 1997-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl From Paul Eggert. + +AC_PREREQ(2.13) + +# Define uintmax_t to `unsigned long' or `unsigned long long' +# if does not exist. + +AC_DEFUN([jm_AC_TYPE_UINTMAX_T], +[ + AC_REQUIRE([jm_AC_HEADER_INTTYPES_H]) + AC_REQUIRE([jm_AC_HEADER_STDINT_H]) + if test $jm_ac_cv_header_inttypes_h = no && test $jm_ac_cv_header_stdint_h = no; then + AC_REQUIRE([jm_AC_TYPE_UNSIGNED_LONG_LONG]) + test $ac_cv_type_unsigned_long_long = yes \ + && ac_type='unsigned long long' \ + || ac_type='unsigned long' + AC_DEFINE_UNQUOTED(uintmax_t, $ac_type, + [Define to unsigned long or unsigned long long + if and don't define.]) + fi +]) -# serial 2 +# inttypes_h.m4 serial 4 (gettext-0.11.4) +dnl Copyright (C) 1997-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl From Paul Eggert. + +# Define HAVE_INTTYPES_H_WITH_UINTMAX if exists, +# doesn't clash with , and declares uintmax_t. + +AC_DEFUN([jm_AC_HEADER_INTTYPES_H], +[ + AC_CACHE_CHECK([for inttypes.h], jm_ac_cv_header_inttypes_h, + [AC_TRY_COMPILE( + [#include +#include ], + [uintmax_t i = (uintmax_t) -1;], + jm_ac_cv_header_inttypes_h=yes, + jm_ac_cv_header_inttypes_h=no)]) + if test $jm_ac_cv_header_inttypes_h = yes; then + AC_DEFINE_UNQUOTED(HAVE_INTTYPES_H_WITH_UINTMAX, 1, +[Define if exists, doesn't clash with , + and declares uintmax_t. ]) + fi +]) -# _AM_PROG_TAR(FORMAT) -# -------------------- -# Check how to create a tarball in format FORMAT. -# FORMAT should be one of `v7', `ustar', or `pax'. -# -# Substitute a variable $(am__tar) that is a command -# writing to stdout a FORMAT-tarball containing the directory -# $tardir. -# tardir=directory && $(am__tar) > result.tar -# -# Substitute a variable $(am__untar) that extract such -# a tarball read from stdin. -# $(am__untar) < result.tar -AC_DEFUN([_AM_PROG_TAR], -[# Always define AMTAR for backward compatibility. Yes, it's still used -# in the wild :-( We should find a proper way to deprecate it ... -AC_SUBST([AMTAR], ['$${TAR-tar}']) -m4_if([$1], [v7], - [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], - [m4_case([$1], [ustar],, [pax],, - [m4_fatal([Unknown tar format])]) -AC_MSG_CHECKING([how to create a $1 tar archive]) -# Loop over all known methods to create a tar archive until one works. -_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' -_am_tools=${am_cv_prog_tar_$1-$_am_tools} -# Do not fold the above two line into one, because Tru64 sh and -# Solaris sh will not grok spaces in the rhs of `-'. -for _am_tool in $_am_tools -do - case $_am_tool in - gnutar) - for _am_tar in tar gnutar gtar; - do - AM_RUN_LOG([$_am_tar --version]) && break - done - am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' - am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' - am__untar="$_am_tar -xf -" - ;; - plaintar) - # Must skip GNU tar: if it does not support --format= it doesn't create - # ustar tarball either. - (tar --version) >/dev/null 2>&1 && continue - am__tar='tar chf - "$$tardir"' - am__tar_='tar chf - "$tardir"' - am__untar='tar xf -' - ;; - pax) - am__tar='pax -L -x $1 -w "$$tardir"' - am__tar_='pax -L -x $1 -w "$tardir"' - am__untar='pax -r' - ;; - cpio) - am__tar='find "$$tardir" -print | cpio -o -H $1 -L' - am__tar_='find "$tardir" -print | cpio -o -H $1 -L' - am__untar='cpio -i -H $1 -d' - ;; - none) - am__tar=false - am__tar_=false - am__untar=false - ;; - esac +# stdint_h.m4 serial 2 (gettext-0.11.4) +dnl Copyright (C) 1997-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl From Paul Eggert. + +# Define HAVE_STDINT_H_WITH_UINTMAX if exists, +# doesn't clash with , and declares uintmax_t. + +AC_DEFUN([jm_AC_HEADER_STDINT_H], +[ + AC_CACHE_CHECK([for stdint.h], jm_ac_cv_header_stdint_h, + [AC_TRY_COMPILE( + [#include +#include ], + [uintmax_t i = (uintmax_t) -1;], + jm_ac_cv_header_stdint_h=yes, + jm_ac_cv_header_stdint_h=no)]) + if test $jm_ac_cv_header_stdint_h = yes; then + AC_DEFINE_UNQUOTED(HAVE_STDINT_H_WITH_UINTMAX, 1, +[Define if exists, doesn't clash with , + and declares uintmax_t. ]) + fi +]) - # If the value was cached, stop now. We just wanted to have am__tar - # and am__untar set. - test -n "${am_cv_prog_tar_$1}" && break +# ulonglong.m4 serial 2 (fileutils-4.0.32, gettext-0.10.40) +dnl Copyright (C) 1999-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl From Paul Eggert. + +AC_DEFUN([jm_AC_TYPE_UNSIGNED_LONG_LONG], +[ + AC_CACHE_CHECK([for unsigned long long], ac_cv_type_unsigned_long_long, + [AC_TRY_LINK([unsigned long long ull = 1; int i = 63;], + [unsigned long long ullmax = (unsigned long long) -1; + return ull << i | ull >> i | ullmax / ull | ullmax % ull;], + ac_cv_type_unsigned_long_long=yes, + ac_cv_type_unsigned_long_long=no)]) + if test $ac_cv_type_unsigned_long_long = yes; then + AC_DEFINE(HAVE_UNSIGNED_LONG_LONG, 1, + [Define if you have the unsigned long long type.]) + fi +]) - # tar/untar a dummy directory, and stop if the command works - rm -rf conftest.dir - mkdir conftest.dir - echo GrepMe > conftest.dir/file - AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) - rm -rf conftest.dir - if test -s conftest.tar; then - AM_RUN_LOG([$am__untar /dev/null 2>&1 && break +# inttypes.m4 serial 1 (gettext-0.11.4) +dnl Copyright (C) 1997-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl From Paul Eggert. + +# Define HAVE_INTTYPES_H if exists and doesn't clash with +# . + +AC_DEFUN([gt_HEADER_INTTYPES_H], +[ + AC_CACHE_CHECK([for inttypes.h], gt_cv_header_inttypes_h, + [ + AC_TRY_COMPILE( + [#include +#include ], + [], gt_cv_header_inttypes_h=yes, gt_cv_header_inttypes_h=no) + ]) + if test $gt_cv_header_inttypes_h = yes; then + AC_DEFINE_UNQUOTED(HAVE_INTTYPES_H, 1, + [Define if exists and doesn't clash with .]) fi -done -rm -rf conftest.dir +]) + +# inttypes-pri.m4 serial 1 (gettext-0.11.4) +dnl Copyright (C) 1997-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl From Bruno Haible. + +# Define PRI_MACROS_BROKEN if exists and defines the PRI* +# macros to non-string values. This is the case on AIX 4.3.3. + +AC_DEFUN([gt_INTTYPES_PRI], +[ + AC_REQUIRE([gt_HEADER_INTTYPES_H]) + if test $gt_cv_header_inttypes_h = yes; then + AC_CACHE_CHECK([whether the inttypes.h PRIxNN macros are broken], + gt_cv_inttypes_pri_broken, + [ + AC_TRY_COMPILE([#include +#ifdef PRId32 +char *p = PRId32; +#endif +], [], gt_cv_inttypes_pri_broken=no, gt_cv_inttypes_pri_broken=yes) + ]) + fi + if test "$gt_cv_inttypes_pri_broken" = yes; then + AC_DEFINE_UNQUOTED(PRI_MACROS_BROKEN, 1, + [Define if exists and defines unusable PRI* macros.]) + fi +]) + +# codeset.m4 serial AM1 (gettext-0.10.40) +dnl Copyright (C) 2000-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +dnl From Bruno Haible. + +AC_DEFUN([AM_LANGINFO_CODESET], +[ + AC_CACHE_CHECK([for nl_langinfo and CODESET], am_cv_langinfo_codeset, + [AC_TRY_LINK([#include ], + [char* cs = nl_langinfo(CODESET);], + am_cv_langinfo_codeset=yes, + am_cv_langinfo_codeset=no) + ]) + if test $am_cv_langinfo_codeset = yes; then + AC_DEFINE(HAVE_LANGINFO_CODESET, 1, + [Define if you have and nl_langinfo(CODESET).]) + fi +]) + +# lcmessage.m4 serial 3 (gettext-0.11.3) +dnl Copyright (C) 1995-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. +dnl +dnl This file can can be used in projects which are not available under +dnl the GNU General Public License or the GNU Library General Public +dnl License but which still want to provide support for the GNU gettext +dnl functionality. +dnl Please note that the actual code of the GNU gettext library is covered +dnl by the GNU Library General Public License, and the rest of the GNU +dnl gettext package package is covered by the GNU General Public License. +dnl They are *not* in the public domain. + +dnl Authors: +dnl Ulrich Drepper , 1995. + +# Check whether LC_MESSAGES is available in . + +AC_DEFUN([AM_LC_MESSAGES], +[ + AC_CACHE_CHECK([for LC_MESSAGES], am_cv_val_LC_MESSAGES, + [AC_TRY_LINK([#include ], [return LC_MESSAGES], + am_cv_val_LC_MESSAGES=yes, am_cv_val_LC_MESSAGES=no)]) + if test $am_cv_val_LC_MESSAGES = yes; then + AC_DEFINE(HAVE_LC_MESSAGES, 1, + [Define if your file defines LC_MESSAGES.]) + fi +]) + +dnl Check to find out whether the running kernel has support for TUN/TAP + +AC_DEFUN([tinc_TUNTAP], +[ +AC_ARG_WITH(kernel, + [ --with-kernel=dir give the directory with kernel sources] + [ (default: /usr/src/linux)], + kerneldir="$withval", + kerneldir="/usr/src/linux" +) + +AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, +[ + AC_TRY_COMPILE([#include "$kerneldir/include/linux/if_tun.h"], + [int a = IFF_TAP;], + if_tun_h="\"$kerneldir/include/linux/if_tun.h\"", + [AC_TRY_COMPILE([#include ], + [int a = IFF_TAP;], + if_tun_h="default", + if_tun_h="no" + )] + ) + + if test $if_tun_h = no; then + tinc_cv_linux_if_tun_h=none + else + tinc_cv_linux_if_tun_h="$if_tun_h" + fi +]) + +if test $tinc_cv_linux_if_tun_h != none; then + AC_DEFINE(HAVE_TUNTAP, 1, [Universal tun/tap driver present]) + if test $tinc_cv_linux_if_tun_h != default; then + AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, $tinc_cv_linux_if_tun_h, [Location of if_tun.h]) + fi +fi +AC_SUBST(LINUX_IF_TUN_H) +AC_SUBST(HAVE_TUNTAP) +]) + +dnl Check to find the OpenSSL headers/libraries + +AC_DEFUN([tinc_OPENSSL], +[ + tinc_ac_save_CPPFLAGS="$CPPFLAGS" + + AC_ARG_WITH(openssl-include, + [ --with-openssl-include=DIR OpenSSL headers directory (without trailing /openssl)], + [openssl_include="$withval" + CFLAGS="$CFLAGS -I$withval" + CPPFLAGS="$CPPFLAGS -I$withval"] + ) + + AC_ARG_WITH(openssl-lib, + [ --with-openssl-lib=DIR OpenSSL library directory], + [openssl_lib="$withval" + LIBS="$LIBS -L$withval"] + ) + + AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h, + [], + [AC_MSG_ERROR([OpenSSL header files not found.]); break] + ) + + CPPFLAGS="$tinc_ac_save_CPPFLAGS" + + AC_CHECK_LIB(crypto, SHA1_Init, + [LIBS="$LIBS -lcrypto"], + [AC_MSG_ERROR([OpenSSL libraries not found.])] + ) + + AC_CHECK_FUNCS([RAND_pseudo_bytes OPENSSL_add_all_algorithms_noconf OpenSSL_add_all_algorithms SSLeay_add_all_algorithms]) + + AC_CHECK_FUNC(dlopen, + [], + [AC_CHECK_LIB(dl, dlopen, + [LIBS="$LIBS -ldl"], + [AC_MSG_ERROR([OpenSSL depends on libdl.])] + )] + ) + + AC_CHECK_FUNC(inflate, + [], + [AC_CHECK_LIB(z, inflate, + [LIBS="$LIBS -lz"], + [AC_MSG_ERROR([OpenSSL depends on libz.])] + )] + ) +]) -AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) -AC_MSG_RESULT([$am_cv_prog_tar_$1])]) -AC_SUBST([am__tar]) -AC_SUBST([am__untar]) -]) # _AM_PROG_TAR - -m4_include([m4/gettext.m4]) -m4_include([m4/iconv.m4]) -m4_include([m4/lib-ld.m4]) -m4_include([m4/lib-link.m4]) -m4_include([m4/lib-prefix.m4]) -m4_include([m4/openssl.m4]) -m4_include([m4/progtest.m4]) -m4_include([m4/tuntap.m4]) diff -Nru gvpe-2.25/config.guess gvpe-3.0/config.guess --- gvpe-2.25/config.guess 2011-03-06 08:22:55.000000000 -0500 +++ gvpe-3.0/config.guess 2014-09-12 19:10:20.000000000 -0400 @@ -1,14 +1,12 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 -# Free Software Foundation, Inc. +# Copyright 1992-2014 Free Software Foundation, Inc. -timestamp='2009-12-30' +timestamp='2014-03-23' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -17,26 +15,22 @@ # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Originally written by Per Bothner. Please send patches (context -# diff format) to and include a ChangeLog -# entry. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). # -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. +# Originally written by Per Bothner. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# +# Please send patches with a ChangeLog entry to config-patches@gnu.org. + me=`echo "$0" | sed -e 's,.*/,,'` @@ -56,9 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free -Software Foundation, Inc. +Copyright 1992-2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -140,12 +132,33 @@ UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown +case "${UNAME_SYSTEM}" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval $set_cc_for_build + cat <<-EOF > $dummy.c + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + ;; +esac + # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or - # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward @@ -181,7 +194,7 @@ fi ;; *) - os=netbsd + os=netbsd ;; esac # The OS release @@ -202,6 +215,10 @@ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} + exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} @@ -224,7 +241,7 @@ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on @@ -270,7 +287,10 @@ # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - exit ;; + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead @@ -296,12 +316,12 @@ echo s390-ibm-zvmoe exit ;; *:OS400:*:*) - echo powerpc-ibm-os400 + echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; - arm:riscos:*:*|arm:RISCOS:*:*) + arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) @@ -395,23 +415,23 @@ # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit ;; + exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} - exit ;; + echo m68k-milan-mint${UNAME_RELEASE} + exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} - exit ;; + echo m68k-hades-mint${UNAME_RELEASE} + exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} - exit ;; + echo m68k-unknown-mint${UNAME_RELEASE} + exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; @@ -481,8 +501,8 @@ echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ @@ -495,7 +515,7 @@ else echo i586-dg-dgux${UNAME_RELEASE} fi - exit ;; + exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; @@ -552,7 +572,7 @@ echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[456]) + *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -595,52 +615,52 @@ 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` - sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 - 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 - esac ;; - esac + esac ;; + esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); - #define _HPUX_SOURCE - #include - #include - - int main () - { - #if defined(_SC_KERNEL_BITS) - long bits = sysconf(_SC_KERNEL_BITS); - #endif - long cpu = sysconf (_SC_CPU_VERSION); - - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1"); break; - case CPU_PA_RISC2_0: - #if defined(_SC_KERNEL_BITS) - switch (bits) - { - case 64: puts ("hppa2.0w"); break; - case 32: puts ("hppa2.0n"); break; - default: puts ("hppa2.0"); break; - } break; - #else /* !defined(_SC_KERNEL_BITS) */ - puts ("hppa2.0"); break; - #endif - default: puts ("hppa1.0"); break; - } - exit (0); - } + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa @@ -731,22 +751,22 @@ exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd - exit ;; + exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit ;; + exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd - exit ;; + exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd - exit ;; + exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd - exit ;; + exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; @@ -770,14 +790,14 @@ exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} @@ -789,30 +809,35 @@ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) - case ${UNAME_MACHINE} in - pc98) - echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + UNAME_PROCESSOR=`/usr/bin/uname -p` + case ${UNAME_PROCESSOR} in amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) - echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; + *:MINGW64*:*) + echo ${UNAME_MACHINE}-pc-mingw64 + exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; + *:MSYS*:*) + echo ${UNAME_MACHINE}-pc-msys + exit ;; i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) - case ${UNAME_MACHINE} in + case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; @@ -849,15 +874,22 @@ exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + aarch64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; @@ -867,52 +899,56 @@ EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; - esac + esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else - echo ${UNAME_MACHINE}-unknown-linux-gnueabi + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi + else + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf + fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) - echo cris-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) - echo crisv32-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; frv:Linux:*:*) - echo frv-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + hexagon:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) - LIBC=gnu - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build @@ -931,51 +967,63 @@ #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or32:Linux:*:*) - echo or32-unknown-linux-gnu + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} + exit ;; + or32:Linux:*:* | or1k*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-gnu + echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + echo powerpc-unknown-linux-${LIBC} + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux + echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-gnu + echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo x86_64-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -984,11 +1032,11 @@ echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... - # I am not positive that other SVR4 systems won't match this, + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. + # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) @@ -1020,7 +1068,7 @@ fi exit ;; i*86:*:5:[678]*) - # UnixWare 7.x, OpenUNIX and OpenServer 6. + # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; @@ -1048,13 +1096,13 @@ exit ;; pc:*:*:*) # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i586. + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp - exit ;; + exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; @@ -1089,8 +1137,8 @@ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4; exit; } ;; + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ @@ -1133,10 +1181,10 @@ echo ns32k-sni-sysv fi exit ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm @@ -1162,11 +1210,11 @@ exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} + echo mips-nec-sysv${UNAME_RELEASE} else - echo mips-unknown-sysv${UNAME_RELEASE} + echo mips-unknown-sysv${UNAME_RELEASE} fi - exit ;; + exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; @@ -1179,6 +1227,9 @@ BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1205,19 +1256,31 @@ exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - case $UNAME_PROCESSOR in - i386) - eval $set_cc_for_build - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - UNAME_PROCESSOR="x86_64" - fi - fi ;; - unknown) UNAME_PROCESSOR=powerpc ;; - esac + eval $set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) @@ -1231,7 +1294,10 @@ *:QNX:*:4*) echo i386-pc-qnx exit ;; - NSE-?:NONSTOP_KERNEL:*:*) + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; + NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) @@ -1276,13 +1342,13 @@ echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} + echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) - UNAME_MACHINE=`(uname -p) 2>/dev/null` + UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; @@ -1300,158 +1366,10 @@ i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; -esac - -#echo '(No uname command or uname output not recognized.)' 1>&2 -#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 - -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi + x86_64:VMkernel:*:*) + echo ${UNAME_MACHINE}-unknown-esx exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi +esac cat >&2 <. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches to . Submit a context -# diff and a properly formatted GNU ChangeLog entry. +# Please send patches with a ChangeLog entry to config-patches@gnu.org. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -75,9 +68,7 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free -Software Foundation, Inc. +Copyright 1992-2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -124,13 +115,18 @@ # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ - uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; + android-linux) + os=-linux-android + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] @@ -153,12 +149,12 @@ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze) + -apple | -axis | -knuth | -cray | -microblaze*) os= basic_machine=$1 ;; - -bluegene*) - os=-cnk + -bluegene*) + os=-cnk ;; -sim | -cisco | -oki | -wec | -winbond) os= @@ -174,10 +170,10 @@ os=-chorusos basic_machine=$1 ;; - -chorusrdb) - os=-chorusrdb + -chorusrdb) + os=-chorusrdb basic_machine=$1 - ;; + ;; -hiux*) os=-hiuxwe2 ;; @@ -222,6 +218,12 @@ -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; + -lynx*178) + os=-lynxos178 + ;; + -lynx*5) + os=-lynxos5 + ;; -lynx*) os=-lynxos ;; @@ -246,20 +248,28 @@ # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ + | aarch64 | aarch64_be \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | be32 | be64 \ | bfin \ - | c4x | clipper \ + | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ + | epiphany \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ + | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep | metag \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -273,38 +283,51 @@ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ - | nios | nios2 \ + | nds32 | nds32le | nds32be \ + | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | or32 \ + | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ - | rx \ + | riscv32 | riscv64 \ + | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ - | spu | strongarm \ - | tahoe | thumb | tic4x | tic80 | tron \ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ - | v850 | v850e \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | we32k \ - | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ + | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | picochip) - # Motorola 68HC11/12. + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -314,6 +337,21 @@ basic_machine=mt-unknown ;; + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; + xgate) + basic_machine=$basic_machine-unknown + os=-none + ;; + xscaleeb) + basic_machine=armeb-unknown + ;; + + xscaleel) + basic_machine=armel-unknown + ;; + # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. @@ -328,25 +366,31 @@ # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ + | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | be32-* | be64-* \ | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ - | clipper-* | craynv-* | cydra-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ + | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -360,34 +404,41 @@ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ - | nios-* | nios2-* \ + | nds32-* | nds32le-* | nds32be-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ + | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ - | romp-* | rs6000-* | rx-* \ + | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ - | tahoe-* | thumb-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile-* | tilegx-* \ + | tile*-* \ | tron-* \ | ubicom32-* \ - | v850-* | v850e-* | vax-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ | we32k-* \ - | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-* | z80-*) @@ -412,7 +463,7 @@ basic_machine=a29k-amd os=-udi ;; - abacus) + abacus) basic_machine=abacus-unknown ;; adobe68k) @@ -482,11 +533,20 @@ basic_machine=powerpc-ibm os=-cnk ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; c90) basic_machine=c90-cray os=-unicos ;; - cegcc) + cegcc) basic_machine=arm-unknown os=-cegcc ;; @@ -518,7 +578,7 @@ basic_machine=craynv-cray os=-unicosmp ;; - cr16) + cr16 | cr16-*) basic_machine=cr16-unknown os=-elf ;; @@ -676,7 +736,6 @@ i370-ibm* | ibm*) basic_machine=i370-ibm ;; -# I'm not sure what "Sysv32" means. Should this be sysv3.2? i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 @@ -734,11 +793,15 @@ basic_machine=ns32k-utek os=-sysv ;; - microblaze) + microblaze*) basic_machine=microblaze-xilinx ;; + mingw64) + basic_machine=x86_64-pc + os=-mingw64 + ;; mingw32) - basic_machine=i386-pc + basic_machine=i686-pc os=-mingw32 ;; mingw32ce) @@ -766,6 +829,10 @@ basic_machine=powerpc-unknown os=-morphos ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; msdos) basic_machine=i386-pc os=-msdos @@ -773,10 +840,18 @@ ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; + msys) + basic_machine=i686-pc + os=-msys + ;; mvs) basic_machine=i370-ibm os=-mvs ;; + nacl) + basic_machine=le32-unknown + os=-nacl + ;; ncr3000) basic_machine=i486-ncr os=-sysv4 @@ -841,6 +916,12 @@ np1) basic_machine=np1-gould ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; nsr-tandem) basic_machine=nsr-tandem ;; @@ -923,9 +1004,10 @@ ;; power) basic_machine=power-ibm ;; - ppc) basic_machine=powerpc-unknown + ppc | ppcbe) basic_machine=powerpc-unknown ;; - ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ppc-* | ppcbe-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown @@ -950,7 +1032,11 @@ basic_machine=i586-unknown os=-pw32 ;; - rdos) + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) basic_machine=i386-pc os=-rdos ;; @@ -1019,6 +1105,9 @@ basic_machine=i860-stratus os=-sysv4 ;; + strongarm-* | thumb-*) + basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; sun2) basic_machine=m68000-sun ;; @@ -1075,25 +1164,8 @@ basic_machine=t90-cray os=-unicos ;; - tic54x | c54x*) - basic_machine=tic54x-unknown - os=-coff - ;; - tic55x | c55x*) - basic_machine=tic55x-unknown - os=-coff - ;; - tic6x | c6x*) - basic_machine=tic6x-unknown - os=-coff - ;; - # This must be matched before tile*. - tilegx*) - basic_machine=tilegx-unknown - os=-linux-gnu - ;; tile*) - basic_machine=tile-unknown + basic_machine=$basic_machine-unknown os=-linux-gnu ;; tx39) @@ -1163,6 +1235,9 @@ xps | xps100) basic_machine=xps100-honeywell ;; + xscale-* | xscalee[bl]-*) + basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + ;; ymp) basic_machine=ymp-cray os=-unicos @@ -1260,11 +1335,11 @@ if [ x"$os" != x"" ] then case $os in - # First match some system type aliases - # that might get confused with valid system types. + # First match some system type aliases + # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. - -auroraux) - os=-auroraux + -auroraux) + os=-auroraux ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` @@ -1288,28 +1363,29 @@ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* \ + | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -openbsd* | -solidbsd* \ + | -bitrig* | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ - | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1348,7 +1424,7 @@ -opened*) os=-openedition ;; - -os400*) + -os400*) os=-os400 ;; -wince*) @@ -1397,7 +1473,7 @@ -sinix*) os=-sysv4 ;; - -tpf*) + -tpf*) os=-tpf ;; -triton*) @@ -1433,17 +1509,14 @@ -aros*) os=-aros ;; - -kaos*) - os=-kaos - ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; - -nacl*) - ;; + -nacl*) + ;; -none) ;; *) @@ -1466,10 +1539,10 @@ # system, and we'll never get to this point. case $basic_machine in - score-*) + score-*) os=-elf ;; - spu-*) + spu-*) os=-elf ;; *-acorn) @@ -1481,8 +1554,23 @@ arm*-semi) os=-aout ;; - c4x-* | tic4x-*) - os=-coff + c4x-* | tic4x-*) + os=-coff + ;; + c8051-*) + os=-elf + ;; + hexagon-*) + os=-elf + ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff ;; # This must come before the *-dec entry. pdp10-*) @@ -1502,14 +1590,11 @@ ;; m68000-sun) os=-sunos3 - # This also exists in the configure program, but was not the - # default. - # os=-sunos4 ;; m68*-cisco) os=-aout ;; - mep-*) + mep-*) os=-elf ;; mips*-cisco) @@ -1536,7 +1621,7 @@ *-ibm) os=-aix ;; - *-knuth) + *-knuth) os=-mmixware ;; *-wec) diff -Nru gvpe-2.25/configure gvpe-3.0/configure --- gvpe-2.25/configure 2013-07-13 00:42:55.000000000 -0400 +++ gvpe-3.0/configure 2016-11-10 09:40:18.000000000 -0500 @@ -619,9 +619,7 @@ # include #endif" -ac_subst_vars='am__EXEEXT_FALSE -am__EXEEXT_TRUE -LTLIBOBJS +ac_subst_vars='LTLIBOBJS LIBOBJS INCLUDES ROHC_FALSE @@ -654,7 +652,6 @@ am__fastdepCC_FALSE am__fastdepCC_TRUE CCDEPMODE -am__nodep AMDEPBACKSLASH AMDEP_FALSE AMDEP_TRUE @@ -676,17 +673,13 @@ MAINT MAINTAINER_MODE_FALSE MAINTAINER_MODE_TRUE -am__untar -am__tar -AMTAR am__leading_dot SET_MAKE AWK -mkdir_p -MKDIR_P INSTALL_STRIP_PROGRAM STRIP install_sh +AMTAR MAKEINFO AUTOHEADER AUTOMAKE @@ -695,7 +688,6 @@ VERSION PACKAGE CYGPATH_W -am__isrc INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM @@ -730,6 +722,7 @@ docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -769,12 +762,13 @@ enable_tcp enable_http_proxy enable_dns +enable_rsa_length enable_hmac_length -enable_rand_length enable_max_mtu enable_compression enable_cipher -enable_digest +enable_hmac_digest +enable_auth_digest ' ac_precious_vars='build_alias host_alias @@ -827,6 +821,7 @@ sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE}' @@ -1079,6 +1074,15 @@ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1216,7 +1220,7 @@ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1369,6 +1373,7 @@ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1406,10 +1411,10 @@ --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --enable-maintainer-mode enable make rules and dependencies not useful - (and sometimes confusing) to the casual installer - --disable-dependency-tracking speeds up one-time build - --enable-dependency-tracking do not reject slow dependency extractors + --enable-maintainer-mode enable make rules and dependencies not useful + (and sometimes confusing) to the casual installer + --disable-dependency-tracking Speeds up one-time builds + --enable-dependency-tracking Do not reject slow dependency extractors --disable-rpath do not hardcode runtime library paths --disable-nls do not use Native Language Support --enable-iftype=TYPE/SUBTYPE @@ -1430,22 +1435,25 @@ --disable-http-proxy enable http proxy connect support (default enabled). --enable-dns enable dns tunnel protocol support (default disabled). + --enable-rsa-length=BITS + use BITS rsa keys (default 3072). Allowed values are + 2048-10240. --enable-hmac-length=BYTES use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16. - --enable-rand-length=BYTES - use BYTES bytes of extra randomness (default 8). - Allowed values are 0, 4, 8. --enable-max-mtu=BYTES enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support. --disable-compression Disable compression support. --enable-cipher=CIPHER Select the symmetric cipher (default "aes-128"). - Must be one of "bf" (blowfish), "aes-128" - (rijndael), "aes-192" or "aes-256". - --enable-digest=CIPHER Select the digest algorithm to use (default - "ripemd160"). Must be one of "sha512", "sha256", - "sha1" (legacy), "ripemd160", "md5" (insecure) or - "md4" (insecure). + Must be one of "aes-128" (rijndael), "aes-192", or + "aes-256". + --enable-hmac-digest=HMAC + Select the HMAC digest algorithm to use (default + "sha1"). Must be one of "sha512", "sha256", "sha1", + "ripemd160", "whirlpool". + --enable-auth-digest=DIGEST + Select the hmac algorithm to use (default "sha512"). + Must be one of "sha512", "sha256", "whirlpool". Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -2763,8 +2771,7 @@ test "$program_prefix$program_suffix$program_transform_name" = \ NONENONEs,x,x, && program_prefix=${target_alias}- -am__api_version='1.11' - +am__api_version="1.7" # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: @@ -2863,29 +2870,16 @@ # Just in case sleep 1 echo timestamp > conftest.file -# Reject unsafe characters in $srcdir or the absolute working directory -# name. Accept space and tab only in the latter. -am_lf=' -' -case `pwd` in - *[\\\"\#\$\&\'\`$am_lf]*) - as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; -esac -case $srcdir in - *[\\\"\#\$\&\'\`$am_lf\ \ ]*) - as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; -esac - # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` + set X `ls -t $srcdir/configure conftest.file` fi rm -f conftest.file if test "$*" != "X $srcdir/configure conftest.file" \ @@ -2920,17 +2914,11 @@ ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` + # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` -if test x"${MISSING+set}" != xset; then - case $am_aux_dir in - *\ * | *\ *) - MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; - *) - MISSING="\${SHELL} $am_aux_dir/missing" ;; - esac -fi +test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " @@ -2940,163 +2928,6 @@ $as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} fi -if test x"${install_sh}" != xset; then - case $am_aux_dir in - *\ * | *\ *) - install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; - *) - install_sh="\${SHELL} $am_aux_dir/install-sh" - esac -fi - -# Installed binaries are usually stripped using `strip' when the user -# run `make install-strip'. However `strip' might not be the right -# tool to use in cross-compilation environments, therefore Automake -# will honor the `STRIP' environment variable to overrule this program. -if test "$cross_compiling" != no; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. -set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$STRIP"; then - ac_cv_prog_STRIP="$STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_STRIP="${ac_tool_prefix}strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -STRIP=$ac_cv_prog_STRIP -if test -n "$STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 -$as_echo "$STRIP" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_STRIP"; then - ac_ct_STRIP=$STRIP - # Extract the first word of "strip", so it can be a program name with args. -set dummy strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_STRIP"; then - ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_STRIP="strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP -if test -n "$ac_ct_STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 -$as_echo "$ac_ct_STRIP" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_STRIP" = x; then - STRIP=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - STRIP=$ac_ct_STRIP - fi -else - STRIP="$ac_cv_prog_STRIP" -fi - -fi -INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 -$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } -if test -z "$MKDIR_P"; then - if ${ac_cv_path_mkdir+:} false; then : - $as_echo_n "(cached) " >&6 -else - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in mkdir gmkdir; do - for ac_exec_ext in '' $ac_executable_extensions; do - as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue - case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( - 'mkdir (GNU coreutils) '* | \ - 'mkdir (coreutils) '* | \ - 'mkdir (fileutils) '4.1*) - ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext - break 3;; - esac - done - done - done -IFS=$as_save_IFS - -fi - - test -d ./--version && rmdir ./--version - if test "${ac_cv_path_mkdir+set}" = set; then - MKDIR_P="$ac_cv_path_mkdir -p" - else - # As a last resort, use the slow shell script. Don't cache a - # value for MKDIR_P within a source directory, because that will - # break other packages using the cache if that directory is - # removed, or if the value is a relative name. - MKDIR_P="$ac_install_sh -d" - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 -$as_echo "$MKDIR_P" >&6; } - -mkdir_p="$MKDIR_P" -case $mkdir_p in - [\\/$]* | ?:[\\/]*) ;; - */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; -esac - for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. @@ -3179,14 +3010,10 @@ fi rmdir .tst 2>/dev/null -if test "`cd $srcdir && pwd`" != "`pwd`"; then - # Use -I$(srcdir) only when $(srcdir) != ., so that make's output - # is not polluted with repeated "-I." - am__isrc=' -I$(srcdir)' - # test to see if srcdir already configured - if test -f $srcdir/config.status; then - as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 - fi + # test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && + test -f $srcdir/config.status; then + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi # test whether we have cygpath @@ -3201,7 +3028,7 @@ # Define the identity of the package. PACKAGE=gvpe - VERSION=2.25 + VERSION=3.0 cat >>confdefs.h <<_ACEOF @@ -3229,21 +3056,118 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. -# Always define AMTAR for backward compatibility. Yes, it's still used -# in the wild :-( We should find a proper way to deprecate it ... -AMTAR='$${TAR-tar}' -am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' +AMTAR=${AMTAR-"${am_missing_run}tar"} + +install_sh=${install_sh-"$am_aux_dir/install-sh"} + +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi +fi +INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s" +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. -ac_config_headers="$ac_config_headers config.h" +ac_config_headers="$ac_config_headers config.h" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5 $as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; } # Check whether --enable-maintainer-mode was given. @@ -3255,7 +3179,9 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5 $as_echo "$USE_MAINTAINER_MODE" >&6; } - if test $USE_MAINTAINER_MODE = yes; then + + +if test $USE_MAINTAINER_MODE = yes; then MAINTAINER_MODE_TRUE= MAINTAINER_MODE_FALSE='#' else @@ -3490,7 +3416,7 @@ am_make=${MAKE-make} cat > confinc << 'END' am__doit: - @echo this is the am__doit target + @echo done .PHONY: am__doit END # If we don't find an include directive, just comment out the code. @@ -3501,24 +3427,24 @@ _am_result=none # First try GNU make style include. echo "include confinc" > confmf -# Ignore all kinds of additional output from `make'. -case `$am_make -s -f confmf 2> /dev/null` in #( -*the\ am__doit\ target*) - am__include=include - am__quote= - _am_result=GNU - ;; -esac +# We grep out `Entering directory' and `Leaving directory' +# messages which can occur if `w' ends up in MAKEFLAGS. +# In particular we don't look at `^make:' because GNU make might +# be invoked under some other name (usually "gmake"), in which +# case it prints its new name instead of `make'. +if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then + am__include=include + am__quote= + _am_result=GNU +fi # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf - case `$am_make -s -f confmf 2> /dev/null` in #( - *the\ am__doit\ target*) - am__include=.include - am__quote="\"" - _am_result=BSD - ;; - esac + if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then + am__include=.include + am__quote="\"" + _am_result=BSD + fi fi @@ -3534,9 +3460,10 @@ if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' - am__nodep='_no' fi - if test "x$enable_dependency_tracking" != xno; then + + +if test "x$enable_dependency_tracking" != xno; then AMDEP_TRUE= AMDEP_FALSE='#' else @@ -3545,6 +3472,7 @@ fi + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -4347,7 +4275,6 @@ # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. - rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. @@ -4365,11 +4292,6 @@ if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi - am__universal=false - case " $depcc " in #( - *\ -arch\ *\ -arch\ *) am__universal=true ;; - esac - for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and @@ -4381,23 +4303,11 @@ : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with - # Solaris 8's {/usr,}/bin/sh. - touch sub/conftst$i.h + : > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with `-c' and `-o' for the sake of the "dashmstdout" - # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs - am__obj=sub/conftest.${OBJEXT-o} - am__minus_obj="-o $am__obj" case $depmode in - gcc) - # This depmode causes a compiler race in universal mode. - test "$am__universal" = false || continue - ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested @@ -4407,33 +4317,23 @@ break fi ;; - msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok `-c -o', but also, the minuso test has - # not run yet. These depmodes are late enough in the game, and - # so weak that their functioning should not be impacted. - am__obj=conftest.${OBJEXT-o} - am__minus_obj= - ;; none) break ;; esac + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. if depmode=$depmode \ - source=sub/conftest.c object=$am__obj \ + source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ - $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ >/dev/null 2>conftest.err && - grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && - grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings - # or remarks (even with -Werror). So we grep stderr for any message - # that says an option was ignored or not supported. - # When given -MP, icc 7.0 and 7.1 complain thusly: - # icc: Command line warning: ignoring option '-M'; no argument required - # The diagnosis changed in icc 8.0: - # icc: Command line remark: option '-MP' not supported - if (grep 'ignoring option' conftest.err || - grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + # (even with -Werror). So we grep stderr for any message + # that says an option was ignored. + if grep 'ignoring option' conftest.err >/dev/null 2>&1; then :; else am_cv_CC_dependencies_compiler_type=$depmode break fi @@ -4451,7 +4351,9 @@ $as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type - if + + +if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then am__fastdepCC_TRUE= @@ -6097,7 +5999,6 @@ # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. - rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. @@ -6115,11 +6016,6 @@ if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi - am__universal=false - case " $depcc " in #( - *\ -arch\ *\ -arch\ *) am__universal=true ;; - esac - for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and @@ -6131,23 +6027,11 @@ : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with - # Solaris 8's {/usr,}/bin/sh. - touch sub/conftst$i.h + : > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with `-c' and `-o' for the sake of the "dashmstdout" - # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs - am__obj=sub/conftest.${OBJEXT-o} - am__minus_obj="-o $am__obj" case $depmode in - gcc) - # This depmode causes a compiler race in universal mode. - test "$am__universal" = false || continue - ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested @@ -6157,33 +6041,23 @@ break fi ;; - msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok `-c -o', but also, the minuso test has - # not run yet. These depmodes are late enough in the game, and - # so weak that their functioning should not be impacted. - am__obj=conftest.${OBJEXT-o} - am__minus_obj= - ;; none) break ;; esac + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. if depmode=$depmode \ - source=sub/conftest.c object=$am__obj \ + source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ - $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ >/dev/null 2>conftest.err && - grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && - grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings - # or remarks (even with -Werror). So we grep stderr for any message - # that says an option was ignored or not supported. - # When given -MP, icc 7.0 and 7.1 complain thusly: - # icc: Command line warning: ignoring option '-M'; no argument required - # The diagnosis changed in icc 8.0: - # icc: Command line remark: option '-MP' not supported - if (grep 'ignoring option' conftest.err || - grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + # (even with -Werror). So we grep stderr for any message + # that says an option was ignored. + if grep 'ignoring option' conftest.err >/dev/null 2>&1; then :; else am_cv_CXX_dependencies_compiler_type=$depmode break fi @@ -6201,7 +6075,9 @@ $as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; } CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type - if + + +if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then am__fastdepCXX_TRUE= @@ -8463,7 +8339,9 @@ - if test x$rohc = xtrue; then + + +if test x$rohc = xtrue; then ROHC_TRUE= ROHC_FALSE='#' else @@ -8587,29 +8465,29 @@ fi -HMAC=12 -# Check whether --enable-hmac-length was given. -if test "${enable_hmac_length+set}" = set; then : - enableval=$enable_hmac_length; HMAC=$enableval +RSA=3072 +# Check whether --enable-rsa-length was given. +if test "${enable_rsa_length+set}" = set; then : + enableval=$enable_rsa_length; RSA=$enableval fi cat >>confdefs.h <<_ACEOF -#define HMACLENGTH $HMAC +#define RSABITS $RSA _ACEOF -RAND=8 -# Check whether --enable-rand-length was given. -if test "${enable_rand_length+set}" = set; then : - enableval=$enable_rand_length; RAND=$enableval +HMACSIZE=12 +# Check whether --enable-hmac-length was given. +if test "${enable_hmac_length+set}" = set; then : + enableval=$enable_hmac_length; HMACSIZE=$enableval fi cat >>confdefs.h <<_ACEOF -#define RAND_SIZE $RAND +#define HMACLENGTH $HMACSIZE _ACEOF @@ -8641,13 +8519,15 @@ _ACEOF -CIPHER=aes_128_cbc +CIPHER=aes_128_ctr # Check whether --enable-cipher was given. if test "${enable_cipher+set}" = set; then : - enableval=$enable_cipher; if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi - if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi - if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi - if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi + enableval=$enable_cipher; #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi + if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi + if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi + if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi + #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi + #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi fi @@ -8657,21 +8537,35 @@ _ACEOF -DIGEST=ripemd160 -# Check whether --enable-digest was given. -if test "${enable_digest+set}" = set; then : - enableval=$enable_digest; if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi - if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi - if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi - if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi - if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi - if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi +HMAC=sha1 +# Check whether --enable-hmac-digest was given. +if test "${enable_hmac_digest+set}" = set; then : + enableval=$enable_hmac_digest; if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi + if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi + if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi + if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi + if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi fi cat >>confdefs.h <<_ACEOF -#define ENABLE_DIGEST EVP_${DIGEST} +#define ENABLE_HMAC EVP_${HMAC} +_ACEOF + + +AUTH=sha512 +# Check whether --enable-auth-digest was given. +if test "${enable_auth_digest+set}" = set; then : + enableval=$enable_auth_digest; if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi + if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi + if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi + +fi + + +cat >>confdefs.h <<_ACEOF +#define ENABLE_AUTH EVP_${AUTH} _ACEOF @@ -8799,14 +8693,6 @@ LTLIBOBJS=$ac_ltlibobjs - if test -n "$EXEEXT"; then - am__EXEEXT_TRUE= - am__EXEEXT_FALSE='#' -else - am__EXEEXT_TRUE='#' - am__EXEEXT_FALSE= -fi - if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then as_fn_error $? "conditional \"MAINTAINER_MODE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -9301,7 +9187,6 @@ ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' -MKDIR_P='$MKDIR_P' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF @@ -9883,11 +9768,6 @@ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac - ac_MKDIR_P=$MKDIR_P - case $MKDIR_P in - [\\/$]* | ?:[\\/]* ) ;; - */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; - esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 @@ -9942,7 +9822,6 @@ s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t -s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ @@ -9988,22 +9867,21 @@ || as_fn_error $? "could not create -" "$LINENO" 5 fi # Compute "$ac_file"'s index in $config_headers. -_am_arg="$ac_file" _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in - $_am_arg | $_am_arg:* ) + "$ac_file" | "$ac_file":* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done -echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || -$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$_am_arg" : 'X\(//\)[^/]' \| \ - X"$_am_arg" : 'X\(//\)$' \| \ - X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$_am_arg" | +echo "timestamp for "$ac_file"" >`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -10126,28 +10004,17 @@ ;; esac done ;; - "depfiles":C) test x"$AMDEP_TRUE" != x"" || { - # Autoconf 2.62 quotes --file arguments for eval, but not when files - # are listed without --file. Let's play safe and only enable the eval - # if we detect the quoting. - case $CONFIG_FILES in - *\'*) eval set x "$CONFIG_FILES" ;; - *) set x $CONFIG_FILES ;; - esac - shift - for mf - do - # Strip MF so we end up with the name of the file. - mf=`echo "$mf" | sed -e 's/:.*$//'` - # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named `Makefile.in', but - # some people rename them; so instead we look at the file content. - # Grep'ing the first line is not enough: some people post-process - # each Makefile.in and add a new line on top of each file to say so. - # Grep'ing the whole file is not good either: AIX grep has a line - # limit of 2048, but all sed's we know have understand at least 4000. - if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then - dirpart=`$as_dirname -- "$mf" || + "depfiles":C) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # So let's grep whole file. + if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then + dirpart=`$as_dirname -- "$mf" || $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$mf" : 'X\(//\)[^/]' \| \ X"$mf" : 'X\(//\)$' \| \ @@ -10170,28 +10037,34 @@ q } s/.*/./; q'` - else - continue - fi - # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running `make'. - DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` - test -z "$DEPDIR" && continue - am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "am__include" && continue - am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # When using ansi2knr, U may be empty or an underscore; expand it - U=`sed -n 's/^U = //p' < "$mf"` - # Find all dependency output files, they are included files with - # $(DEPDIR) in their names. We invoke sed twice because it is the - # simplest approach to changing $(DEPDIR) to its actual value in the - # expansion. - for file in `sed -n " - s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do - # Make sure the directory exists. - test -f "$dirpart/$file" && continue - fdir=`$as_dirname -- "$file" || + else + continue + fi + grep '^DEP_FILES *= *[^ #]' < "$mf" > /dev/null || continue + # Extract the definition of DEP_FILES from the Makefile without + # running `make'. + DEPDIR=`sed -n -e '/^DEPDIR = / s///p' < "$mf"` + test -z "$DEPDIR" && continue + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n -e '/^U = / s///p' < "$mf"` + test -d "$dirpart/$DEPDIR" || mkdir "$dirpart/$DEPDIR" + # We invoke sed twice because it is the simplest approach to + # changing $(DEPDIR) to its actual value in the expansion. + for file in `sed -n -e ' + /^DEP_FILES = .*\\\\$/ { + s/^DEP_FILES = // + :loop + s/\\\\$// + p + n + /\\\\$/ b loop + p + } + /^DEP_FILES = / s/^DEP_FILES = //p' < "$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`$as_dirname -- "$file" || $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$file" : 'X\(//\)[^/]' \| \ X"$file" : 'X\(//\)$' \| \ @@ -10214,12 +10087,11 @@ q } s/.*/./; q'` - as_dir=$dirpart/$fdir; as_fn_mkdir_p - # echo "creating $dirpart/$file" - echo '# dummy' > "$dirpart/$file" - done + as_dir=$dirpart/$fdir; as_fn_mkdir_p + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" done -} +done ;; esac @@ -10265,34 +10137,20 @@ echo "*** Configuration Summary" echo "***" echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" +echo "*** RSA size: $RSA" echo "*** Cipher used: $CIPHER" echo "*** Digest used: $DIGEST" +echo "*** Authdigest: $AUTH" echo "*** HMAC length: $HMAC" -echo "*** RAND used: $RAND" echo "*** Max. MTU: $MTU" echo "***" echo "*** Enable options:" grep ENABLE_ config.h | sed -e 's/^/*** /' -if test "x$DIGEST" = xmd4; then -echo "***" -echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure" -fi - -if test "x$DIGEST" = xmd5; then -echo "***" -echo "*** WARNING: The digest you have chosen ($DIGEST) is quite insecure" -fi - -if test "$HMAC" -lt 12; then -echo "***" -echo "*** WARNING: The hmac length you have chosen ($HMAC) is quite insecure" -fi - -if test "$RAND" -lt 8; then +if test "$HMACSIZE" -lt 12; then echo "***" -echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure" +echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure" fi echo "***" diff -Nru gvpe-2.25/configure.ac gvpe-3.0/configure.ac --- gvpe-2.25/configure.ac 2013-07-13 00:42:28.000000000 -0400 +++ gvpe-3.0/configure.ac 2016-11-02 03:05:16.000000000 -0400 @@ -4,7 +4,7 @@ AC_INIT AC_CONFIG_SRCDIR([src/gvpe.C]) AC_CANONICAL_TARGET -AM_INIT_AUTOMAKE(gvpe, 2.25) +AM_INIT_AUTOMAKE(gvpe, 3.0) AC_CONFIG_HEADERS([config.h]) AM_MAINTAINER_MODE @@ -329,21 +329,21 @@ ] ) -HMAC=12 +RSA=3072 +AC_ARG_ENABLE(rsa-length, + [AS_HELP_STRING(--enable-rsa-length=BITS,[ + use BITS rsa keys (default 3072). Allowed values are 2048-10240.])], + RSA=$enableval +) +AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.]) + +HMACSIZE=12 AC_ARG_ENABLE(hmac-length, [AS_HELP_STRING(--enable-hmac-length=BYTES,[ use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], - HMAC=$enableval -) -AC_DEFINE_UNQUOTED(HMACLENGTH, $HMAC, [Size of HMAC in each packet in bytes.]) - -RAND=8 -AC_ARG_ENABLE(rand-length, - [AS_HELP_STRING(--enable-rand-length=BYTES, - [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])], - RAND=$enableval + HMACSIZE=$enableval ) -AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.]) +AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.]) MTU=1500 AC_ARG_ENABLE(max-mtu, @@ -361,31 +361,43 @@ ) AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) -CIPHER=aes_128_cbc +CIPHER=aes_128_ctr AC_ARG_ENABLE(cipher, [AS_HELP_STRING(--enable-cipher=CIPHER,[ Select the symmetric cipher (default "aes-128"). - Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192" or "aes-256".])], - if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi - if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi - if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi - if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi + Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])], + #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi + if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi + if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi + if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi + #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi + #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi ) AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) -DIGEST=ripemd160 -AC_ARG_ENABLE(digest, - [AS_HELP_STRING(--enable-digest=CIPHER,[ - Select the digest algorithm to use (default "ripemd160"). Must be one of - "sha512", "sha256", "sha1" (legacy), "ripemd160", "md5" (insecure) or "md4" (insecure).])], - if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi - if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi - if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi - if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi - if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi - if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi +HMAC=sha1 +AC_ARG_ENABLE(hmac-digest, + [AS_HELP_STRING(--enable-hmac-digest=HMAC,[ + Select the HMAC digest algorithm to use (default "sha1"). Must be one of + "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])], + if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi + if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi + if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi + if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi + if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi +) +AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.]) + +AUTH=sha512 +AC_ARG_ENABLE(auth-digest, + [AS_HELP_STRING(--enable-auth-digest=DIGEST,[ + Select the hmac algorithm to use (default "sha512"). Must be one of + "sha512", "sha256", "whirlpool".])], + if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi + if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi + if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi ) -AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) +AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.]) if $CXX -v --help 2>&1 | grep -q fno-rtti; then CXXFLAGS="$CXXFLAGS -fno-rtti" @@ -400,7 +412,7 @@ dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" dnl fi -dnl +dnl dnl if $LD -v --help 2>&1 | grep -q gc-sections; then dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" dnl fi @@ -420,34 +432,20 @@ echo "*** Configuration Summary" echo "***" echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" +echo "*** RSA size: $RSA" echo "*** Cipher used: $CIPHER" echo "*** Digest used: $DIGEST" +echo "*** Authdigest: $AUTH" echo "*** HMAC length: $HMAC" -echo "*** RAND used: $RAND" echo "*** Max. MTU: $MTU" echo "***" echo "*** Enable options:" grep ENABLE_ config.h | sed -e 's/^/*** /' -if test "x$DIGEST" = xmd4; then -echo "***" -echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure" -fi - -if test "x$DIGEST" = xmd5; then -echo "***" -echo "*** WARNING: The digest you have chosen ($DIGEST) is quite insecure" -fi - -if test "$HMAC" -lt 12; then -echo "***" -echo "*** WARNING: The hmac length you have chosen ($HMAC) is quite insecure" -fi - -if test "$RAND" -lt 8; then +if test "$HMACSIZE" -lt 12; then echo "***" -echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure" +echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure" fi echo "***" diff -Nru gvpe-2.25/COPYING gvpe-3.0/COPYING --- gvpe-2.25/COPYING 2013-07-13 00:24:24.000000000 -0400 +++ gvpe-3.0/COPYING 2012-08-12 02:20:09.000000000 -0400 @@ -1,636 +1,285 @@ -This program is released under the GPLv3 with the additional exemption that -compiling, linking, and/or using OpenSSL is allowed. You may provide -binary packages linked to the OpenSSL libraries, provided that all other -requirements of the GPL are met. + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 -Some files in this package are licensed with different, but hopefully -compatible, licenses. - ------------------------------------------------------------------------------ - - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. + Preamble - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to this License. - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it @@ -638,15 +287,15 @@ To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least +convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) - This program is free software: you can redistribute it and/or modify + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or + the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -655,30 +304,37 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program. If not, see . + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Also add information on how to contact you by electronic and paper mail. - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff -Nru gvpe-2.25/debian/changelog gvpe-3.0/debian/changelog --- gvpe-2.25/debian/changelog 2016-12-13 03:39:01.000000000 -0500 +++ gvpe-3.0/debian/changelog 2017-01-20 22:53:31.000000000 -0500 @@ -1,3 +1,12 @@ +gvpe (3.0-0ubuntu1) devel; urgency=medium + + * New upstream release. + - Drop patches applied upstream. + * d/copyright: Update filename. + * d/control: Update build-deps, info → texinfo. + + -- Unit 193 Fri, 20 Jan 2017 22:53:31 -0500 + gvpe (2.25-3) unstable; urgency=medium * debian/control: B-D replaced by libssl1.0-dev (Closes: #828336) diff -Nru gvpe-2.25/debian/control gvpe-3.0/debian/control --- gvpe-2.25/debian/control 2016-12-13 03:39:01.000000000 -0500 +++ gvpe-3.0/debian/control 2017-01-20 22:53:31.000000000 -0500 @@ -1,11 +1,12 @@ Source: gvpe Section: net Priority: extra -Maintainer: TANIGUCHI Takaki +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: TANIGUCHI Takaki Build-Depends: debhelper (>= 9), autotools-dev, libssl1.0-dev | libssl-dev (<< 1.1.0~), dh-autoreconf, - info + texinfo Standards-Version: 3.9.8 Homepage: http://software.schmorp.de/pkg/gvpe.html Vcs-Git: git://git.debian.org/collab-maint/gvpe.git diff -Nru gvpe-2.25/debian/copyright gvpe-3.0/debian/copyright --- gvpe-2.25/debian/copyright 2016-12-13 03:39:01.000000000 -0500 +++ gvpe-3.0/debian/copyright 2017-01-20 22:53:31.000000000 -0500 @@ -27,7 +27,7 @@ 2003,2007,2008,2009 Marc Lehmann License: GPL-2.0+ -Files: lib/getopt.c lib/getopt.h lib/getopt1.c lib/libgettext.h +Files: lib/getopt.c lib/getopt.h lib/getopt1.c lib/gettext.h Copyright: Free Software Foundation, Inc. License: GPL-2.0+ diff -Nru gvpe-2.25/debian/patches/fix_gvpe_conf_5 gvpe-3.0/debian/patches/fix_gvpe_conf_5 --- gvpe-2.25/debian/patches/fix_gvpe_conf_5 2016-12-13 03:39:01.000000000 -0500 +++ gvpe-3.0/debian/patches/fix_gvpe_conf_5 1969-12-31 19:00:00.000000000 -0500 @@ -1,818 +0,0 @@ -Index: gvpe/doc/gvpe.conf.5 -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ gvpe/doc/gvpe.conf.5 2013-10-07 14:34:07.969935743 +0900 -@@ -0,0 +1,813 @@ -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) -+.\" -+.\" Standard preamble: -+.\" ======================================================================== -+.de Sp \" Vertical space (when we can't use .PP) -+.if t .sp .5v -+.if n .sp -+.. -+.de Vb \" Begin verbatim text -+.ft CW -+.nf -+.ne \\$1 -+.. -+.de Ve \" End verbatim text -+.ft R -+.fi -+.. -+.\" Set up some character translations and predefined strings. \*(-- will -+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -+.\" double quote, and \*(R" will give a right double quote. \*(C+ will -+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -+.\" nothing in troff, for use with C<>. -+.tr \(*W- -+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -+.ie n \{\ -+. ds -- \(*W- -+. ds PI pi -+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -+. ds L" "" -+. ds R" "" -+. ds C` "" -+. ds C' "" -+'br\} -+.el\{\ -+. ds -- \|\(em\| -+. ds PI \(*p -+. ds L" `` -+. ds R" '' -+. ds C` -+. ds C' -+'br\} -+.\" -+.\" Escape single quotes in literal strings from groff's Unicode transform. -+.ie \n(.g .ds Aq \(aq -+.el .ds Aq ' -+.\" -+.\" If the F register is turned on, we'll generate index entries on stderr for -+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -+.\" entries marked with X<> in POD. Of course, you'll have to process the -+.\" output yourself in some meaningful fashion. -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX -+.. -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" -+.. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} -+.\} -+.rr rF -+.\" -+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -+.\" Fear. Run. Save yourself. No user-serviceable parts. -+. \" fudge factors for nroff and troff -+.if n \{\ -+. ds #H 0 -+. ds #V .8m -+. ds #F .3m -+. ds #[ \f1 -+. ds #] \fP -+.\} -+.if t \{\ -+. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -+. ds #V .6m -+. ds #F 0 -+. ds #[ \& -+. ds #] \& -+.\} -+. \" simple accents for nroff and troff -+.if n \{\ -+. ds ' \& -+. ds ` \& -+. ds ^ \& -+. ds , \& -+. ds ~ ~ -+. ds / -+.\} -+.if t \{\ -+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -+.\} -+. \" troff and (daisy-wheel) nroff accents -+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -+.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -+.ds ae a\h'-(\w'a'u*4/10)'e -+.ds Ae A\h'-(\w'A'u*4/10)'E -+. \" corrections for vroff -+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -+. \" for low resolution devices (crt and lpr) -+.if \n(.H>23 .if \n(.V>19 \ -+\{\ -+. ds : e -+. ds 8 ss -+. ds o a -+. ds d- d\h'-1'\(ga -+. ds D- D\h'-1'\(hy -+. ds th \o'bp' -+. ds Th \o'LP' -+. ds ae ae -+. ds Ae AE -+.\} -+.rm #[ #] #H #V #F C -+.\" ======================================================================== -+.\" -+.IX Title "GVPE.CONF.5 1" -+.TH GVPE.CONF.5 1 "2013-08-19" "perl v5.18.1" "User Contributed Perl Documentation" -+.\" For nroff, turn off justification. Always turn off hyphenation; it makes -+.\" way too many mistakes in technical documents. -+.if n .ad l -+.nh -+.SH "NAME" -+gvpe.conf \- configuration file for the GNU VPE daemon -+.SH "SYNOPSIS" -+.IX Header "SYNOPSIS" -+.Vb 4 -+\& # global options for all nodes -+\& udp\-port = 407 -+\& mtu = 1492 -+\& ifname = vpn0 -+\& -+\& # first node is named branch1 and is at 1.2.3.4 -+\& node = branch1 -+\& hostname = 1.2.3.4 -+\& -+\& # second node uses dns to resolve the address -+\& node = branch2 -+\& hostname = www.example.net -+\& udp\-port = 500 # this host uses a different udp\-port -+\& -+\& # third node has no fixed ip address -+\& node = branch3 -+\& connect = ondemand -+.Ve -+.SH "DESCRIPTION" -+.IX Header "DESCRIPTION" -+The gvpe config file consists of a series of lines that contain \f(CW\*(C`variable -+= value\*(C'\fR pairs. Empty lines are ignored. Comments start with a \f(CW\*(C`#\*(C'\fR and -+extend to the end of the line. They can be used on their own lines, or -+after any directives. Whitespace is allowed around the \f(CW\*(C`=\*(C'\fR sign or after -+values, but not within the variable names or values themselves. -+.PP -+All settings are applied \*(L"in order\*(R", that is, later settings of the same -+variable overwrite earlier ones. -+.PP -+The only exceptions to the above are the \*(L"on\*(R" and \*(L"include\*(R" directives: -+.IP "on nodename ..." 4 -+.IX Item "on nodename ..." -+.PD 0 -+.IP "on !nodename ..." 4 -+.IX Item "on !nodename ..." -+.PD -+You can prefix any configuration directive with \f(CW\*(C`on\*(C'\fR and a nodename. \s-1GVPE\s0 -+will will only \*(L"execute\*(R" it on the named node, or (if the nodename starts -+with \f(CW\*(C`!\*(C'\fR) on all nodes except the named one. -+.Sp -+Example: set the \s-1MTU\s0 to \f(CW1450\fR everywhere, \f(CW\*(C`loglevel\*(C'\fR to \f(CW\*(C`noise\*(C'\fR on -+\&\f(CW\*(C`branch1\*(C'\fR, and \f(CW\*(C`connect\*(C'\fR to \f(CW\*(C`ondemand\*(C'\fR everywhere but on branch2. -+.Sp -+.Vb 3 -+\& mtu = 1450 -+\& on branch1 loglevel = noise -+\& on !branch2 connect = ondemand -+.Ve -+.IP "include relative-or-absolute-path" 4 -+.IX Item "include relative-or-absolute-path" -+Reads the specified file (the path must not contain whitespace or \f(CW\*(C`=\*(C'\fR -+characters) and evaluate all config directives in it as if they were -+spelled out in place of the \f(CW\*(C`include\*(C'\fR directive. -+.Sp -+The path is a printf format string, that is, you must escape any \f(CW\*(C`%\*(C'\fR -+by doubling it, and you can have a single \f(CW%s\fR inside, which will be -+replaced by the current nodename. -+.Sp -+Relative paths are interpreted relative to the \s-1GVPE\s0 config directory. -+.Sp -+Example: include the file \fIlocal.conf\fR in the config directory on every -+node. -+.Sp -+.Vb 1 -+\& include local.conf -+.Ve -+.Sp -+Example: include a file \fIconf/\fRnodename\fI.conf\fR -+.Sp -+.Vb 1 -+\& include conf/%s.conf -+.Ve -+.SH "ANATOMY OF A CONFIG FILE" -+.IX Header "ANATOMY OF A CONFIG FILE" -+Usually, a config file starts with a few global settings (like the \s-1UDP\s0 -+port to listen on), followed by node-specific sections that begin with a -+\&\f(CW\*(C`node = nickname\*(C'\fR line. -+.PP -+Every node that is part of the network must have a section that starts -+with \f(CW\*(C`node = nickname\*(C'\fR. The number and order of the nodes is important -+and must be the same on all nodes. It is not uncommon for node sections to -+be completely empty \- if the default values are right. -+.PP -+Node-specific settings can be used at any time. If used before the first -+node section they will set the default values for all following nodes. -+.SH "CONFIG VARIABLES" -+.IX Header "CONFIG VARIABLES" -+.SS "\s-1GLOBAL SETTINGS\s0" -+.IX Subsection "GLOBAL SETTINGS" -+Global settings will affect the behaviour of the running gvpe daemon, that -+is, they are in some sense node-specific (config files can set different -+values on different nodes using \f(CW\*(C`on\*(C'\fR), but will affect the behaviour of -+the gvpe daemon and all connections it creates. -+.IP "chroot = path or /" 4 -+.IX Item "chroot = path or /" -+Tells \s-1GVPE\s0 to \fIchroot\fR\|(2) to the specified path after reading all necessary -+files, binding to sockets and running the \f(CW\*(C`if\-up\*(C'\fR script, but before -+running \f(CW\*(C`node\-up\*(C'\fR or any other scripts. -+.Sp -+The special path \fI/\fR instructs \s-1GVPE\s0 to create (and remove) an empty -+temporary directory to use as new root. This is most secure, but makes it -+impossible to use any scripts other than the \f(CW\*(C`if\-up\*(C'\fR one. -+.IP "chuid = numerical-uid" 4 -+.IX Item "chuid = numerical-uid" -+.PD 0 -+.IP "chgid = numerical-gid" 4 -+.IX Item "chgid = numerical-gid" -+.PD -+These two options tell \s-1GVPE\s0 to change to the given user and/or group id -+after reading all necessary files, binding to sockets and running the -+\&\f(CW\*(C`if\-up\*(C'\fR script. -+.Sp -+Other scripts, such as \f(CW\*(C`node\-up\*(C'\fR, are run with the new user id or group id. -+.IP "chuser = username" 4 -+.IX Item "chuser = username" -+Alternative to \f(CW\*(C`chuid\*(C'\fR and \f(CW\*(C`chgid\*(C'\fR: Sets both \f(CW\*(C`chuid\*(C'\fR and \f(CW\*(C`chgid\*(C'\fR -+to the user and (primary) group ids of the specified user (for example, -+\&\f(CW\*(C`nobody\*(C'\fR). -+.IP "dns-forw-host = hostname/ip" 4 -+.IX Item "dns-forw-host = hostname/ip" -+The \s-1DNS\s0 server to forward \s-1DNS\s0 requests to for the \s-1DNS\s0 tunnel protocol -+(default: \f(CW127.0.0.1\fR, changing it is highly recommended). -+.IP "dns-forw-port = port-number" 4 -+.IX Item "dns-forw-port = port-number" -+The port where the \f(CW\*(C`dns\-forw\-host\*(C'\fR is to be contacted (default: \f(CW53\fR, -+which is fine in most cases). -+.IP "dns-case-preserving = yes|true|on | no|false|off" 4 -+.IX Item "dns-case-preserving = yes|true|on | no|false|off" -+Sets whether the \s-1DNS\s0 transport forwarding server preserves case (\s-1DNS\s0 -+servers have to, but some access systems are even more broken than others) -+(default: true). -+.Sp -+Normally, when the forwarding server changes the case of domain names then -+\&\s-1GVPE\s0 will automatically set this to false. -+.IP "dns-max-outstanding = integer-number-of-requests" 4 -+.IX Item "dns-max-outstanding = integer-number-of-requests" -+The maximum number of outstanding \s-1DNS\s0 transport requests -+(default: \f(CW100\fR). \s-1GVPE\s0 will never issue more requests then the given -+limit without receiving replies. In heavily overloaded situations it might -+help to set this to a low number (e.g. \f(CW3\fR or even \f(CW1\fR) to limit the -+number of parallel requests. -+.Sp -+The default should be working \s-1OK\s0 for most links. -+.IP "dns-overlap-factor = float" 4 -+.IX Item "dns-overlap-factor = float" -+The \s-1DNS\s0 transport uses the minimum request latency (\fBmin_latency\fR) seen -+during a connection as it's timing base. This factor (default: \f(CW0.5\fR, -+must be > 0) is multiplied by \fBmin_latency\fR to get the maximum sending -+rate (= minimum send interval), i.e. a factor of \f(CW1\fR means that a new -+request might be generated every \fBmin_latency\fR seconds, which means on -+average there should only ever be one outstanding request. A factor of -+\&\f(CW0.5\fR means that \s-1GVPE\s0 will send requests twice as often as the minimum -+latency measured. -+.Sp -+For congested or picky \s-1DNS\s0 forwarders you could use a value nearer to or -+exceeding \f(CW1\fR. -+.Sp -+The default should be working \s-1OK\s0 for most links. -+.IP "dns-send-interval = send-interval-in-seconds" 4 -+.IX Item "dns-send-interval = send-interval-in-seconds" -+The minimum send interval (= maximum rate) that the \s-1DNS\s0 transport will -+use to send new \s-1DNS\s0 requests. \s-1GVPE\s0 will not exceed this rate even when -+the latency is very low. The default is \f(CW0.01\fR, which means \s-1GVPE\s0 will -+not send more than 100 \s-1DNS\s0 requests per connection per second. For -+high-bandwidth links you could go lower, e.g. to \f(CW0.001\fR or so. For -+congested or rate-limited links, you might want to go higher, say \f(CW0.1\fR, -+\&\f(CW0.2\fR or even higher. -+.Sp -+The default should be working \s-1OK\s0 for most links. -+.IP "dns-timeout-factor = float" 4 -+.IX Item "dns-timeout-factor = float" -+Factor to multiply the \f(CW\*(C`min_latency\*(C'\fR (see \f(CW\*(C`dns\-overlap\-factor\*(C'\fR) by to -+get request timeouts. The default of \f(CW8\fR means that the \s-1DNS\s0 transport -+will resend the request when no reply has been received for longer than -+eight times the minimum (= expected) latency, assuming the request or -+reply has been lost. -+.Sp -+For congested links a higher value might be necessary (e.g. \f(CW30\fR). If -+the link is very stable lower values (e.g. \f(CW2\fR) might work -+nicely. Values near or below \f(CW1\fR makes no sense whatsoever. -+.Sp -+The default should be working \s-1OK\s0 for most links but will result in low -+throughput if packet loss is high. -+.IP "if-up = relative-or-absolute-path" 4 -+.IX Item "if-up = relative-or-absolute-path" -+Sets the path of a script that should be called immediately after the -+network interface is initialized (but not necessarily up). The following -+environment variables are passed to it (the values are just examples). -+.Sp -+Variables that have the same value on all nodes: -+.RS 4 -+.IP "CONFBASE=/etc/gvpe" 4 -+.IX Item "CONFBASE=/etc/gvpe" -+The configuration base directory. -+.IP "IFNAME=vpn0" 4 -+.IX Item "IFNAME=vpn0" -+The network interface to initialize. -+.IP "IFTYPE=native # or tincd" 4 -+.IX Item "IFTYPE=native # or tincd" -+.PD 0 -+.IP "IFSUBTYPE=linux # or freebsd, darwin etc.." 4 -+.IX Item "IFSUBTYPE=linux # or freebsd, darwin etc.." -+.PD -+The interface type (\f(CW\*(C`native\*(C'\fR or \f(CW\*(C`tincd\*(C'\fR) and the subtype (usually the -+\&\s-1OS\s0 name in lowercase) that this \s-1GVPE\s0 was configured for. Can be used to -+select the correct syntax to use for network-related commands. -+.IP "MTU=1436" 4 -+.IX Item "MTU=1436" -+The \s-1MTU\s0 to set the interface to. You can use lower values (if done -+consistently on all nodes), but this is usually either inefficient or -+simply ineffective. -+.IP "NODES=5" 4 -+.IX Item "NODES=5" -+The number of nodes in this \s-1GVPE\s0 network. -+.RE -+.RS 4 -+.Sp -+Variables that are node-specific and with values pertaining to the node -+running this \s-1GVPE:\s0 -+.IP "IFUPDATA=string" 4 -+.IX Item "IFUPDATA=string" -+The value of the configuration directive \f(CW\*(C`if\-up\-data\*(C'\fR. -+.IP "MAC=fe:fd:80:00:00:01" 4 -+.IX Item "MAC=fe:fd:80:00:00:01" -+The \s-1MAC\s0 address the network interface has to use. -+.Sp -+Might be used to initialize interfaces on platforms where \s-1GVPE\s0 does not -+do this automatically. Please see the \f(CW\*(C`gvpe.osdep(5)\*(C'\fR man page for -+platform-specific information. -+.IP "NODENAME=branch1" 4 -+.IX Item "NODENAME=branch1" -+The nickname of the node. -+.IP "NODEID=1" 4 -+.IX Item "NODEID=1" -+The numerical node \s-1ID\s0 of the node running this instance of \s-1GVPE.\s0 The first -+node mentioned in the config file gets \s-1ID 1,\s0 the second \s-1ID 2\s0 and so on. -+.RE -+.RS 4 -+.Sp -+In addition, all node-specific variables (except \f(CW\*(C`NODEID\*(C'\fR) will be -+available with a postfix of \f(CW\*(C`_nodeid\*(C'\fR, which contains the value for that -+node, e.g. the \f(CW\*(C`MAC_1\*(C'\fR variable contains the \s-1MAC\s0 address of node #1, while -+the \f(CW\*(C`NODENAME_22\*(C'\fR variable contains the name of node #22. -+.Sp -+Here is a simple if-up script: -+.Sp -+.Vb 5 -+\& #!/bin/sh -+\& ip link set $IFNAME up -+\& [ $NODENAME = branch1 ] && ip addr add 10.0.0.1 dev $IFNAME -+\& [ $NODENAME = branch2 ] && ip addr add 10.1.0.1 dev $IFNAME -+\& ip route add 10.0.0.0/8 dev $IFNAME -+.Ve -+.Sp -+More complicated examples (using routing to reduce \s-1ARP\s0 traffic) can be -+found in the \fIetc/\fR subdirectory of the distribution. -+.RE -+.IP "ifname = devname" 4 -+.IX Item "ifname = devname" -+Sets the tun interface name to the given name. The default is OS-specific -+and most probably something like \f(CW\*(C`tun0\*(C'\fR. -+.IP "ifpersist = yes|true|on | no|false|off" 4 -+.IX Item "ifpersist = yes|true|on | no|false|off" -+Should the tun/tap device be made persistent, that is, should the device -+stay up even when gvpe exits? Some versions of the tunnel device have -+problems sending packets when gvpe is restarted in persistent mode, so -+if the connections can be established but you cannot send packets from -+the local node, try to set this to \f(CW\*(C`off\*(C'\fR and do an ifconfig down on the -+device. -+.IP "ip-proto = numerical-ip-protocol" 4 -+.IX Item "ip-proto = numerical-ip-protocol" -+Sets the protocol number to be used for the rawip protocol. This is a -+global option because all nodes must use the same protocol, and since -+there are no port numbers, you cannot easily run more than one gvpe -+instance using the same protocol, nor can you share the protocol with -+other programs. -+.Sp -+The default is 47 (\s-1GRE\s0), which has a good chance of tunneling -+through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 -+compatible). Other common choices are 50 (\s-1IPSEC, ESP\s0), 51 (\s-1IPSEC, AH\s0), 4 -+(\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP,\s0 rfc1241). -+.Sp -+Many versions of Linux seem to have a bug that causes them to reorder -+packets for some ip protocols (\s-1GRE, ESP\s0) but not for others (\s-1AH\s0), so -+choose wisely (that is, use 51, \s-1AH\s0). -+.IP "http-proxy-host = hostname/ip" 4 -+.IX Item "http-proxy-host = hostname/ip" -+The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was -+compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of -+tcp connections through a http proxy server. -+.Sp -+\&\f(CW\*(C`http\-proxy\-host\*(C'\fR and \f(CW\*(C`http\-proxy\-port\*(C'\fR should specify the hostname and -+port number of the proxy server. See \f(CW\*(C`http\-proxy\-loginpw\*(C'\fR if your proxy -+requires authentication. -+.Sp -+Please note that gvpe will still try to resolve all hostnames in the -+configuration file, so if you are behind a proxy without access to a \s-1DNS\s0 -+server better use numerical \s-1IP\s0 addresses. -+.Sp -+To make best use of this option disable all protocols except \s-1TCP\s0 in your -+config file and make sure your routers (or all other nodes) are listening -+on a port that the proxy allows (443, https, is a common choice). -+.Sp -+If you have a router, connecting to it will suffice. Otherwise \s-1TCP\s0 must be -+enabled on all nodes. -+.Sp -+Example: -+.Sp -+.Vb 3 -+\& http\-proxy\-host = proxy.example.com -+\& http\-proxy\-port = 3128 # 8080 is another common choice -+\& http\-proxy\-auth = schmorp:grumbeere -+.Ve -+.IP "http-proxy-port = proxy-tcp-port" 4 -+.IX Item "http-proxy-port = proxy-tcp-port" -+The port where your proxy server listens. -+.IP "http-proxy-auth = login:password" 4 -+.IX Item "http-proxy-auth = login:password" -+The optional login and password used to authenticate to the proxy server, -+separated by a literal colon (\f(CW\*(C`:\*(C'\fR). Only basic authentication is -+currently supported. -+.IP "keepalive = seconds" 4 -+.IX Item "keepalive = seconds" -+Sets the keepalive probe interval in seconds (default: \f(CW60\fR). After this -+many seconds of inactivity the daemon will start to send keepalive probe -+every 3 seconds until it receives a reply from the other end. If no reply -+is received within 15 seconds, the peer is considered unreachable and the -+connection is closed. -+.IP "loglevel = noise|trace|debug|info|notice|warn|error|critical" 4 -+.IX Item "loglevel = noise|trace|debug|info|notice|warn|error|critical" -+Set the logging level. Connection established messages are logged at level -+\&\f(CW\*(C`info\*(C'\fR, notable errors are logged with \f(CW\*(C`error\*(C'\fR. Default is \f(CW\*(C`info\*(C'\fR. -+.IP "mtu = bytes" 4 -+.IX Item "mtu = bytes" -+Sets the maximum \s-1MTU\s0 that should be used on outgoing packets (basically -+the \s-1MTU\s0 of the outgoing interface) The daemon will automatically calculate -+maximum overhead (e.g. \s-1UDP\s0 header size, encryption blocksize...) and pass -+this information to the \f(CW\*(C`if\-up\*(C'\fR script. -+.Sp -+Recommended values are 1500 (ethernet), 1492 (pppoe), 1472 (pptp). -+.Sp -+This value must be the minimum of the \s-1MTU\s0 values of all nodes. -+.IP "nfmark = integer" 4 -+.IX Item "nfmark = integer" -+This advanced option, when set to a nonzero value (default: \f(CW0\fR), tries -+to set the netfilter mark (or fwmark) value on all sockets gvpe uses to -+send packets. -+.Sp -+This can be used to make gvpe use a different set of routing rules. For -+example, on GNU/Linux, the \f(CW\*(C`if\-up\*(C'\fR could set \f(CW\*(C`nfmark\*(C'\fR to 1000 and then -+put all routing rules into table \f(CW99\fR and then use an ip rule to make -+gvpe traffic avoid that routing table, in effect routing normal traffic -+via gvpe and gvpe traffic via the normal system routing tables: -+.Sp -+.Vb 1 -+\& ip rule add not fwmark 1000 lookup 99 -+.Ve -+.IP "node = nickname" 4 -+.IX Item "node = nickname" -+Not really a config setting but introduces a node section. The nickname is -+used to select the right configuration section and must be passed as an -+argument to the gvpe daemon. -+.IP "node-up = relative-or-absolute-path" 4 -+.IX Item "node-up = relative-or-absolute-path" -+Sets a command (default: none) that should be called whenever a connection -+is established (even on rekeying operations). Note that node\-up/down -+scripts will be run asynchronously, but execution is serialised, so there -+will only ever be one such script running. -+.Sp -+In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following -+environment variables will be set (values are just examples): -+.RS 4 -+.IP "DESTNODE=branch2" 4 -+.IX Item "DESTNODE=branch2" -+The name of the remote node. -+.IP "DESTID=2" 4 -+.IX Item "DESTID=2" -+The node id of the remote node. -+.IP "DESTSI=rawip/88.99.77.55:0" 4 -+.IX Item "DESTSI=rawip/88.99.77.55:0" -+The \*(L"socket info\*(R" of the target node, protocol dependent but usually in -+the format protocol/ip:port. -+.IP "DESTIP=188.13.66.8" 4 -+.IX Item "DESTIP=188.13.66.8" -+The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from -+everywhere, as long as the other node can authenticate itself). -+.IP "DESTPORT=655 # deprecated" 4 -+.IX Item "DESTPORT=655 # deprecated" -+The protocol port used by the other side, if applicable. -+.IP "STATE=up" 4 -+.IX Item "STATE=up" -+Node-up scripts get called with STATE=up, node-change scripts get called -+with STATE=change and node-down scripts get called with STATE=down. -+.RE -+.RS 4 -+.Sp -+Here is a nontrivial example that uses nsupdate to update the name => ip -+mapping in some \s-1DNS\s0 zone: -+.Sp -+.Vb 6 -+\& #!/bin/sh -+\& { -+\& echo update delete $DESTNODE.lowttl.example.net. a -+\& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP -+\& echo -+\& } | nsupdate \-d \-k $CONFBASE:key.example.net. -+.Ve -+.RE -+.IP "node-change = relative-or-absolute-path" 4 -+.IX Item "node-change = relative-or-absolute-path" -+Same as \f(CW\*(C`node\-change\*(C'\fR, but gets called whenever something about a -+connection changes (such as the source \s-1IP\s0 address). -+.IP "node-down = relative-or-absolute-path" 4 -+.IX Item "node-down = relative-or-absolute-path" -+Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. -+.IP "pid-file = path" 4 -+.IX Item "pid-file = path" -+The path to the pid file to check and create -+(default: \f(CW\*(C`LOCALSTATEDIR/run/gvpe.pid\*(C'\fR). -+.IP "private-key = relative-path-to-key" 4 -+.IX Item "private-key = relative-path-to-key" -+Sets the path (relative to the config directory) to the private key -+(default: \f(CW\*(C`hostkey\*(C'\fR). This is a printf format string so every \f(CW\*(C`%\*(C'\fR must -+be doubled. A single \f(CW%s\fR is replaced by the hostname, so you could -+use paths like \f(CW\*(C`hostkeys/%s\*(C'\fR to fetch the files at the location where -+\&\f(CW\*(C`gvpectrl\*(C'\fR puts them. -+.Sp -+Since only the private key file of the current node is used and the -+private key file should be kept secret per-node to avoid spoofing, it is -+not recommended to use this feature. -+.IP "rekey = seconds" 4 -+.IX Item "rekey = seconds" -+Sets the rekeying interval in seconds (default: \f(CW3607\fR). Connections are -+reestablished every \f(CW\*(C`rekey\*(C'\fR seconds, making them use a new encryption -+key. -+.IP "seed-device = path" 4 -+.IX Item "seed-device = path" -+The random device used to initially and regularly seed the random -+number generator (default: \fI/dev/urandom\fR). Randomness is of paramount -+importance to the security of the algorithms used in gvpe. -+.Sp -+On program start and every seed-interval, gvpe will read 64 octets. -+.Sp -+Setting this path to the empty string will disable this functionality -+completely (the underlying crypto library will likely look for entropy -+sources on it's own though, so not all is lost). -+.IP "seed-interval = seconds" 4 -+.IX Item "seed-interval = seconds" -+The number of seconds between reseeds of the random number generator -+(default: \f(CW3613\fR). A value of \f(CW0\fR disables this regular reseeding. -+.SS "\s-1NODE SPECIFIC SETTINGS\s0" -+.IX Subsection "NODE SPECIFIC SETTINGS" -+The following settings are node-specific, that is, every node can have -+different settings, even within the same gvpe instance. Settings that are -+set before the first node section set the defaults, settings that are -+set within a node section only apply to the given node. -+.IP "allow-direct = nodename" 4 -+.IX Item "allow-direct = nodename" -+Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. -+.IP "compress = yes|true|on | no|false|off" 4 -+.IX Item "compress = yes|true|on | no|false|off" -+For the current node, this specified whether it will accept compressed -+packets, and for all other nodes, this specifies whether to try to -+compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). Compression is -+really cheap even on slow computers, has no size overhead at all and will -+only be used when the other side supports compression, so enabling this is -+often a good idea. -+.IP "connect = ondemand | never | always | disabled" 4 -+.IX Item "connect = ondemand | never | always | disabled" -+Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always -+try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR -+(never initiate a connection to the given host, but accept connections), -+\&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection when there are outstanding -+packets in the queue and take it down after the keepalive interval) or -+\&\f(CW\*(C`disabled\*(C'\fR (node is bad, don't talk to it). -+.Sp -+Routers will automatically be forced to \f(CW\*(C`always\*(C'\fR unless they are -+\&\f(CW\*(C`disabled\*(C'\fR, to ensure all nodes can talk to each other. -+.IP "deny-direct = nodename | *" 4 -+.IX Item "deny-direct = nodename | *" -+Deny direct connections to the specified node (or all nodes when \f(CW\*(C`*\*(C'\fR -+is given). Only one node can be specified, but you can use multiple -+\&\f(CW\*(C`allow\-direct\*(C'\fR and \f(CW\*(C`deny\-direct\*(C'\fR statements. This only makes sense in -+networks with routers, as routers are required for indirect connections. -+.Sp -+Sometimes, a node cannot reach some other nodes for reasons of network -+connectivity. For example, a node behind a firewall that only allows -+connections to/from a single other node in the network. In this case one -+should specify \f(CW\*(C`deny\-direct = *\*(C'\fR and \f(CW\*(C`allow\-direct = othernodename\*(C'\fR (the other -+node \fImust\fR be a router for this to work). -+.Sp -+The algorithm to check whether a connection may be direct is as follows: -+.Sp -+1. Other node mentioned in an \f(CW\*(C`allow\-direct\*(C'\fR? If yes, allow the connection. -+.Sp -+2. Other node mentioned in a \f(CW\*(C`deny\-direct\*(C'\fR? If yes, deny direct connections. -+.Sp -+3. Allow the connection. -+.Sp -+That is, \f(CW\*(C`allow\-direct\*(C'\fR takes precedence over \f(CW\*(C`deny\-direct\*(C'\fR. -+.Sp -+The check is done in both directions, i.e. both nodes must allow a direct -+connection before one is attempted, so you only need to specify connect -+limitations on one node. -+.IP "dns-domain = domain-suffix" 4 -+.IX Item "dns-domain = domain-suffix" -+The \s-1DNS\s0 domain suffix that points to the \s-1DNS\s0 tunnel server for this node. -+.Sp -+The domain must point to a \s-1NS\s0 record that points to the \fIdns-hostname\fR, -+i.e. -+.Sp -+.Vb 2 -+\& dns\-domainname = tunnel.example.net -+\& dns\-hostname = tunnel\-server.example.net -+.Ve -+.Sp -+Corresponds to the following \s-1DNS\s0 entries in the \f(CW\*(C`example.net\*(C'\fR domain: -+.Sp -+.Vb 2 -+\& tunnel.example.net. NS tunnel\-server.example.net. -+\& tunnel\-server.example.net. A 13.13.13.13 -+.Ve -+.IP "dns-hostname = hostname/ip" 4 -+.IX Item "dns-hostname = hostname/ip" -+The address to bind the \s-1DNS\s0 tunnel socket to, similar to the \f(CW\*(C`hostname\*(C'\fR, -+but for the \s-1DNS\s0 tunnel protocol only. Default: \f(CW0.0.0.0\fR, but that might -+change. -+.IP "dns-port = port-number" 4 -+.IX Item "dns-port = port-number" -+The port to bind the \s-1DNS\s0 tunnel socket to. Must be \f(CW53\fR on \s-1DNS\s0 tunnel servers. -+.IP "enable-dns = yes|true|on | no|false|off" 4 -+.IX Item "enable-dns = yes|true|on | no|false|off" -+See \fIgvpe.protocol\fR\|(7) for a description of the \s-1DNS\s0 transport -+protocol. Avoid this protocol if you can. -+.Sp -+Enable the \s-1DNS\s0 tunneling protocol on this node, either as server or as -+client. Support for this transport protocol is only available when gvpe -+was compiled using the \f(CW\*(C`\-\-enable\-dns\*(C'\fR option. -+.IP "enable-icmp = yes|true|on | no|false|off" 4 -+.IX Item "enable-icmp = yes|true|on | no|false|off" -+See \fIgvpe.protocol\fR\|(7) for a description of the \s-1ICMP\s0 transport protocol. -+.Sp -+Enable the \s-1ICMP\s0 transport using \s-1ICMP\s0 packets of type \f(CW\*(C`icmp\-type\*(C'\fR on this -+node. -+.IP "enable-rawip = yes|true|on | no|false|off" 4 -+.IX Item "enable-rawip = yes|true|on | no|false|off" -+See \fIgvpe.protocol\fR\|(7) for a description of the \s-1RAW IP\s0 transport protocol. -+.Sp -+Enable the \s-1RAW\s0 IPv4 transport using the \f(CW\*(C`ip\-proto\*(C'\fR protocol -+(default: \f(CW\*(C`no\*(C'\fR). -+.IP "enable-tcp = yes|true|on | no|false|off" 4 -+.IX Item "enable-tcp = yes|true|on | no|false|off" -+See \fIgvpe.protocol\fR\|(7) for a description of the \s-1TCP\s0 transport protocol. -+.Sp -+Enable the TCPv4 transport using the \f(CW\*(C`tcp\-port\*(C'\fR port -+(default: \f(CW\*(C`no\*(C'\fR). Support for this transport protocol is only available -+when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option. -+.IP "enable-udp = yes|true|on | no|false|off" 4 -+.IX Item "enable-udp = yes|true|on | no|false|off" -+See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. -+.Sp -+Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR). -+.IP "hostname = hostname | ip [can not be defaulted]" 4 -+.IX Item "hostname = hostname | ip [can not be defaulted]" -+Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0 -+address. It will be resolved before each connect request, so dyndns should -+work fine. If this setting is not specified and a router is available, -+then the router will be queried for the address of this node. Otherwise, -+the connection attempt will fail. -+.Sp -+Note that \s-1DNS\s0 resolving is done synchronously, pausing the daemon. If that -+is an issue you need to specify \s-1IP\s0 addresses. -+.IP "icmp-type = integer" 4 -+.IX Item "icmp-type = integer" -+Sets the type value to be used for outgoing (and incoming) packets sent -+via the \s-1ICMP\s0 transport. -+.Sp -+The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as -+\&\*(L"ping-reply\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a. -+\&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used. -+.IP "if-up-data = value" 4 -+.IX Item "if-up-data = value" -+The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR -+script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. -+.IP "inherit-tos = yes|true|on | no|false|off" 4 -+.IX Item "inherit-tos = yes|true|on | no|false|off" -+Whether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when -+sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then -+outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent -+to the tunnel device, which is usually what you want. -+.IP "max-retry = positive-number" 4 -+.IX Item "max-retry = positive-number" -+The maximum interval in seconds (default: \f(CW3600\fR, one hour) between -+retries to establish a connection to this node. When a connection cannot -+be established, gvpe uses exponential back-off capped at this value. It's -+sometimes useful to set this to a much lower value (e.g. \f(CW120\fR) on -+connections to routers that usually are stable but sometimes are down, to -+assure quick reconnections even after longer downtimes. -+.IP "max-ttl = seconds" 4 -+.IX Item "max-ttl = seconds" -+Expire packets that couldn't be sent after this many seconds -+(default: \f(CW60\fR). Gvpe will normally queue packets for a node without an -+active connection, in the hope of establishing a connection soon. This -+value specifies the maximum lifetime a packet will stay in the queue, if a -+packet gets older, it will be thrown away. -+.IP "max-queue = positive\-number>=1" 4 -+.IX Item "max-queue = positive-number>=1" -+The maximum number of packets that will be queued (default: \f(CW512\fR) -+for this node. If more packets are sent then earlier packets will be -+expired. See \f(CW\*(C`max\-ttl\*(C'\fR, above. -+.IP "router-priority = 0 | 1 | positive\-number>=2" 4 -+.IX Item "router-priority = 0 | 1 | positive-number>=2" -+Sets the router priority of the given node (default: \f(CW0\fR, disabled). -+.Sp -+If some node tries to connect to another node but it doesn't have a -+hostname, it asks a router node for it's \s-1IP\s0 address. The router node -+chosen is the one with the highest priority larger than \f(CW1\fR that is -+currently reachable. This is called a \fImediated\fR connection, as the -+connection itself will still be direct, but it uses another node to -+mediate between the two nodes. -+.Sp -+The value \f(CW0\fR disables routing, that means if the node receives a packet -+not for itself it will not forward it but instead drop it. -+.Sp -+The special value \f(CW1\fR allows other hosts to route through the router -+host, but they will never route through it by default (i.e. the config -+file of another node needs to specify a router priority higher than one -+to choose such a node for routing). -+.Sp -+The idea behind this is that some hosts can, if required, bump the -+\&\f(CW\*(C`router\-priority\*(C'\fR setting to higher than \f(CW1\fR in their local config to -+route through specific hosts. If \f(CW\*(C`router\-priority\*(C'\fR is \f(CW0\fR, then routing -+will be refused, so \f(CW1\fR serves as a \*(L"enable, but do not use by default\*(R" -+switch. -+.Sp -+Nodes with \f(CW\*(C`router\-priority\*(C'\fR set to \f(CW2\fR or higher will always be forced -+to \f(CW\*(C`connect\*(C'\fR = \f(CW\*(C`always\*(C'\fR (unless they are \f(CW\*(C`disabled\*(C'\fR). -+.IP "tcp-port = port-number" 4 -+.IX Item "tcp-port = port-number" -+Similar to \f(CW\*(C`udp\-port\*(C'\fR (default: \f(CW655\fR), but sets the \s-1TCP\s0 port number. -+.IP "udp-port = port-number" 4 -+.IX Item "udp-port = port-number" -+Sets the port number used by the \s-1UDP\s0 protocol (default: \f(CW655\fR, not -+officially assigned by \s-1IANA\s0!). -+.SH "CONFIG DIRECTORY LAYOUT" -+.IX Header "CONFIG DIRECTORY LAYOUT" -+The default (or recommended) directory layout for the config directory is: -+.IP "gvpe.conf" 4 -+.IX Item "gvpe.conf" -+The config file. -+.IP "if-up" 4 -+.IX Item "if-up" -+The if-up script -+.IP "node-up, node-down" 4 -+.IX Item "node-up, node-down" -+If used the node up or node-down scripts. -+.IP "hostkey" 4 -+.IX Item "hostkey" -+The private key (taken from \f(CW\*(C`hostkeys/nodename\*(C'\fR) of the current host. -+.IP "pubkey/nodename" 4 -+.IX Item "pubkey/nodename" -+The public keys of the other nodes, one file per node. -+.SH "SEE ALSO" -+.IX Header "SEE ALSO" -+\&\fIgvpe\fR\|(5), \fIgvpe\fR\|(8), \fIgvpectrl\fR\|(8). -+.SH "AUTHOR" -+.IX Header "AUTHOR" -+Marc Lehmann diff -Nru gvpe-2.25/debian/patches/series gvpe-3.0/debian/patches/series --- gvpe-2.25/debian/patches/series 2016-12-13 03:39:01.000000000 -0500 +++ gvpe-3.0/debian/patches/series 1969-12-31 19:00:00.000000000 -0500 @@ -1 +0,0 @@ -fix_gvpe_conf_5 diff -Nru gvpe-2.25/doc/gvpe.5 gvpe-3.0/doc/gvpe.5 --- gvpe-2.25/doc/gvpe.5 2013-07-12 21:59:30.000000000 -0400 +++ gvpe-3.0/doc/gvpe.5 2016-11-02 03:01:51.000000000 -0400 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.20) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GVPE 5" -.TH GVPE 5 "2013-07-10" "2.24" "GNU Virtual Private Ethernet" +.TH GVPE 5 "2016-11-02" "2.25" "GNU Virtual Private Ethernet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -135,8 +144,8 @@ .IX Header "DESCRIPTION" \&\s-1GVPE\s0 is a suite designed to provide a virtual private network for multiple nodes over an untrusted network. This document first gives an introduction -to VPNs in general and then describes the specific implementation of \s-1GVPE\s0. -.SS "\s-1WHAT\s0 \s-1IS\s0 A \s-1VPN\s0?" +to VPNs in general and then describes the specific implementation of \s-1GVPE.\s0 +.SS "\s-1WHAT IS A VPN\s0?" .IX Subsection "WHAT IS A VPN?" \&\s-1VPN\s0 is an acronym, it stands for: .IP "Virtual" 4 @@ -156,23 +165,23 @@ eavesdropped while at the same time being able to trust data sent by other nodes. .Sp -In the case of \s-1GVPE\s0, even participating nodes cannot sniff packets +In the case of \s-1GVPE,\s0 even participating nodes cannot sniff packets send to other nodes or spoof packets as if sent from other nodes, so communications between any two nodes is private to those two nodes. .IP "Network" 4 .IX Item "Network" Network means that more than two parties can participate in the network, so for instance it's possible to connect multiple branches of a company -into a single network. Many so-called \*(L"\s-1VPN\s0\*(R" solutions only create +into a single network. Many so-called \*(L"\s-1VPN\*(R"\s0 solutions only create point-to-point tunnels, which in turn can be used to build larger networks. .Sp \&\s-1GVPE\s0 provides a true multi-point network in which any number of nodes (at least a few dozen in practise, the theoretical limit is 4095 nodes) can participate. -.SS "\s-1GVPE\s0 \s-1DESIGN\s0 \s-1GOALS\s0" +.SS "\s-1GVPE DESIGN GOALS\s0" .IX Subsection "GVPE DESIGN GOALS" -.IP "\s-1SIMPLE\s0 \s-1DESIGN\s0" 4 +.IP "\s-1SIMPLE DESIGN\s0" 4 .IX Item "SIMPLE DESIGN" Cipher, \s-1HMAC\s0 algorithms and other key parameters must be selected at compile time \- this makes it possible to only link in algorithms @@ -182,11 +191,11 @@ further and internally reserves blocks of the same length for all packets, which virtually removes all possibilities of buffer overflows, as there is only a single type of buffer and it's always of fixed length. -.IP "\s-1EASY\s0 \s-1TO\s0 \s-1SETUP\s0" 4 +.IP "\s-1EASY TO SETUP\s0" 4 .IX Item "EASY TO SETUP" A few lines of config (the config file is shared unmodified between all -hosts) and a single run of \f(CW\*(C`gvpectrl\*(C'\fR to generate the keys suffices to -make it work. +hosts) and generating an \s-1RSA\s0 key-pair on each node suffices to make it +work. .IP "MAC-BASED \s-1SECURITY\s0" 4 .IX Item "MAC-BASED SECURITY" Since every host has it's own private key, other hosts cannot spoof @@ -218,7 +227,7 @@ Here are a few recipes for compiling your gvpe, showing the extremes (fast, small, insecure \s-1OR\s0 slow, large, more secure), between which you should choose: -.SS "\s-1AS\s0 \s-1LOW\s0 \s-1PACKET\s0 \s-1OVERHEAD\s0 \s-1AS\s0 \s-1POSSIBLE\s0" +.SS "\s-1AS LOW PACKET OVERHEAD AS POSSIBLE\s0" .IX Subsection "AS LOW PACKET OVERHEAD AS POSSIBLE" .Vb 1 \& ./configure \-\-enable\-hmac\-length=4 \-\-enable\-rand\-length=0 @@ -228,7 +237,7 @@ only 4 bytes of overhead over the raw ethernet frame). This is a insecure configuration because a \s-1HMAC\s0 length of 4 makes collision attacks almost trivial. -.SS "\s-1MINIMIZE\s0 \s-1CPU\s0 \s-1TIME\s0 \s-1REQUIRED\s0" +.SS "\s-1MINIMIZE CPU TIME REQUIRED\s0" .IX Subsection "MINIMIZE CPU TIME REQUIRED" .Vb 1 \& ./configure \-\-enable\-cipher=bf \-\-enable\-digest=md4 @@ -237,7 +246,7 @@ Use the fastest cipher and digest algorithms currently available in gvpe. \s-1MD4\s0 has been broken and is quite insecure, though, so using another digest algorithm is recommended. -.SS "\s-1MAXIMIZE\s0 \s-1SECURITY\s0" +.SS "\s-1MAXIMIZE SECURITY\s0" .IX Subsection "MAXIMIZE SECURITY" .Vb 1 \& ./configure \-\-enable\-hmac\-length=16 \-\-enable\-rand\-length=12 \-\-enable\-digest=ripemd610 @@ -248,15 +257,15 @@ with 12 bytes of random data. .PP In general, remember that \s-1AES\-128\s0 seems to be as secure but faster than -\&\s-1AES\-192\s0 or \s-1AES\-256\s0, more randomness helps against sniffing and a longer -\&\s-1HMAC\s0 helps against spoofing. \s-1MD4\s0 is a fast digest, \s-1SHA1\s0, \s-1RIPEMD160\s0, \s-1SHA256\s0 +\&\s-1AES\-192\s0 or \s-1AES\-256,\s0 more randomness helps against sniffing and a longer +\&\s-1HMAC\s0 helps against spoofing. \s-1MD4\s0 is a fast digest, \s-1SHA1, RIPEMD160, SHA256\s0 are consecutively better, and Blowfish is a fast cipher (and also quite secure). .SH "HOW TO SET UP A SIMPLE VPN" .IX Header "HOW TO SET UP A SIMPLE VPN" In this section I will describe how to get a simple \s-1VPN\s0 consisting of three hosts up and running. -.SS "\s-1STEP\s0 1: configuration" +.SS "\s-1STEP 1:\s0 configuration" .IX Subsection "STEP 1: configuration" First you have to create a daemon configuration file and put it into the configuration directory. This is usually \f(CW\*(C`/etc/gvpe\*(C'\fR, depending on how you @@ -301,43 +310,51 @@ be able to reach the other nodes. You can, of course, also use proxy \s-1ARP\s0 or other means of pseudo-bridging, or (best) full routing \- the choice is yours. -.SS "\s-1STEP\s0 2: create the \s-1RSA\s0 key pairs for all hosts" -.IX Subsection "STEP 2: create the RSA key pairs for all hosts" -Run the following command to generate all key pairs for all nodes (that -might take a while): +.SS "\s-1STEP 2:\s0 create the \s-1RSA\s0 key pair for each node" +.IX Subsection "STEP 2: create the RSA key pair for each node" +Next you have to generate the \s-1RSA\s0 keys for the nodes. While you can set +up \s-1GVPE\s0 so you can generate all keys on a single host and centrally +distribute all keys, it is safer to generate the key for each node on the +node, so that the secret/private key does not have to be copied over the +network. +.PP +To do so, run the following command to generate a key pair: .PP .Vb 1 -\& gvpectrl \-c /etc/gvpe \-g +\& gvpectrl \-c /etc/gvpe \-g nodekey .Ve .PP -This command will put the public keys into \f(CW\*(C`/etc/gvpe/pubkeys/\f(CInodename\f(CW\*(C'\fR and the private keys into \f(CW\*(C`/etc/gvpe/hostkeys/\f(CInodename\f(CW\*(C'\fR. -.SS "\s-1STEP\s0 3: distribute the config files to all nodes" -.IX Subsection "STEP 3: distribute the config files to all nodes" -Now distribute the config files and private keys to the other nodes. This -should be done in two steps, since only the private keys meant for a node -should be distributed (so each node has only it's own private key). +This will create two files, \fInodekey\fR and \fInodekey.privkey\fR. The former +should be copied to \fI/etc/gvpe/pubkey/\fInodename\fI\fR on the host where +your config file is (you will have to create the \fIpubkey\fR directory +first): .PP -The example uses rsync-over-ssh +.Vb 1 +\& scp nodekey confighost:/etc/gvpe/pubkey/nodename +.Ve .PP -First all the config files without the hostkeys should be distributed: +The private key \fInodekey.privkey\fR should be moved to \fI/etc/gvpe/hostkey\fR: .PP -.Vb 3 -\& rsync \-avzessh /etc/gvpe first.example.net:/etc/. \-\-exclude hostkeys -\& rsync \-avzessh /etc/gvpe 133.55.82.9:/etc/. \-\-exclude hostkeys -\& rsync \-avzessh /etc/gvpe third.example.net:/etc/. \-\-exclude hostkeys +.Vb 2 +\& mkdir \-p /etc/gvpe +\& mv nodekey.privkey /etc/gvpe/hostkey .Ve +.SS "\s-1STEP 3:\s0 distribute the config files to all nodes" +.IX Subsection "STEP 3: distribute the config files to all nodes" +Now distribute the config files and public keys to the other nodes. .PP -Then the hostkeys should be copied: +The example uses rsync-over-ssh to copy the config file and all the public +keys: .PP .Vb 3 -\& rsync \-avzessh /etc/gvpe/hostkeys/first first.example.net:/etc/hostkey -\& rsync \-avzessh /etc/gvpe/hostkeys/second 133.55.82.9:/etc/hostkey -\& rsync \-avzessh /etc/gvpe/hostkeys/third third.example.net:/etc/hostkey +\& rsync \-avzessh /etc/gvpe first.example.net:/etc/. \-\-exclude hostkey +\& rsync \-avzessh /etc/gvpe 133.55.82.9:/etc/. \-\-exclude hostkey +\& rsync \-avzessh /etc/gvpe third.example.net:/etc/. \-\-exclude hostkey .Ve .PP -You should now check the configuration by issuing the command \f(CW\*(C`gvpectrl \-c -/etc/gvpe \-s\*(C'\fR on each node and verify it's output. -.SS "\s-1STEP\s0 4: starting gvpe" +You should now check the configuration by issuing the command \f(CW\*(C`gvpectrl +\&\-c /etc/gvpe \-s\*(C'\fR on each node and verify it's output. +.SS "\s-1STEP 4:\s0 starting gvpe" .IX Subsection "STEP 4: starting gvpe" You should then start gvpe on each node by issuing a command like: .PP @@ -359,13 +376,36 @@ .Vb 1 \& t1:2345:respawn:/opt/gvpe/sbin/gvpe \-D \-L first >/dev/null 2>&1 .Ve -.SS "\s-1STEP\s0 5: enjoy" +.SS "\s-1STEP 5:\s0 enjoy" .IX Subsection "STEP 5: enjoy" \&... and play around. Sending a \-HUP (\f(CW\*(C`gvpectrl \-kHUP\*(C'\fR) to the daemon will make it try to connect to all other nodes again. If you run it from -inittab, as is recommended, \f(CW\*(C`gvpectrl \-k\*(C'\fR (or simply \f(CW\*(C`killall gvpe\*(C'\fR) will -kill the daemon, start it again, making it read it's configuration files -again. +inittab \f(CW\*(C`gvpectrl \-k\*(C'\fR (or simply \f(CW\*(C`killall gvpe\*(C'\fR) will kill the daemon, +start it again, making it read it's configuration files again. +.PP +To run the \s-1GVPE\s0 daemon permanently from your SysV init, you can add it to +your \fIinittab\fR, e.g.: +.PP +.Vb 1 +\& t1:2345:respawn:/bin/sh \-c "exec nice \-n\-20 /path/to/gvpe \-D node >/var/log/gvpe.log 2>&1" +.Ve +.PP +For systems using systemd, you can use a unit file similar to this one: +.PP +.Vb 4 +\& [Unit] +\& Description=gvpe +\& After=network.target +\& Before=remote\-fs.target +\& +\& [Service] +\& ExecStart=/path/to/gvpe \-D node +\& KillMode=process +\& Restart=always +\& +\& [Install] +\& WantedBy=multi\-user.target +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIgvpe.osdep\fR\|(5) for OS-dependent information, \fIgvpe.conf\fR\|(5), \fIgvpectrl\fR\|(8), @@ -379,8 +419,8 @@ Marc Lehmann .SH "COPYRIGHTS AND LICENSES" .IX Header "COPYRIGHTS AND LICENSES" -\&\s-1GVPE\s0 itself is distributed under the \s-1GENERAL\s0 \s-1PUBLIC\s0 \s-1LICENSE\s0 (see the file +\&\s-1GVPE\s0 itself is distributed under the \s-1GENERAL PUBLIC LICENSE \s0(see the file \&\s-1COPYING\s0 that should be part of your distribution). .PP In some configurations it uses modified versions of the tinc vpn suite, -which is also available under the \s-1GENERAL\s0 \s-1PUBLIC\s0 \s-1LICENSE\s0. +which is also available under the \s-1GENERAL PUBLIC LICENSE.\s0 diff -Nru gvpe-2.25/doc/gvpe.5.pod gvpe-3.0/doc/gvpe.5.pod --- gvpe-2.25/doc/gvpe.5.pod 2013-07-09 21:53:26.000000000 -0400 +++ gvpe-3.0/doc/gvpe.5.pod 2016-11-02 02:55:21.000000000 -0400 @@ -68,8 +68,8 @@ =item EASY TO SETUP A few lines of config (the config file is shared unmodified between all -hosts) and a single run of C to generate the keys suffices to -make it work. +hosts) and generating an RSA key-pair on each node suffices to make it +work. =item MAC-BASED SECURITY @@ -191,39 +191,43 @@ or other means of pseudo-bridging, or (best) full routing - the choice is yours. -=head2 STEP 2: create the RSA key pairs for all hosts +=head2 STEP 2: create the RSA key pair for each node -Run the following command to generate all key pairs for all nodes (that -might take a while): +Next you have to generate the RSA keys for the nodes. While you can set +up GVPE so you can generate all keys on a single host and centrally +distribute all keys, it is safer to generate the key for each node on the +node, so that the secret/private key does not have to be copied over the +network. - gvpectrl -c /etc/gvpe -g +To do so, run the following command to generate a key pair: -This command will put the public keys into C<< -/etc/gvpe/pubkeys/I >> and the private keys into C<< -/etc/gvpe/hostkeys/I >>. + gvpectrl -c /etc/gvpe -g nodekey -=head2 STEP 3: distribute the config files to all nodes +This will create two files, F and F. The former +should be copied to F<< /etc/gvpe/pubkey/I >> on the host where +your config file is (you will have to create the F directory +first): + + scp nodekey confighost:/etc/gvpe/pubkey/nodename -Now distribute the config files and private keys to the other nodes. This -should be done in two steps, since only the private keys meant for a node -should be distributed (so each node has only it's own private key). +The private key F should be moved to F: -The example uses rsync-over-ssh + mkdir -p /etc/gvpe + mv nodekey.privkey /etc/gvpe/hostkey -First all the config files without the hostkeys should be distributed: +=head2 STEP 3: distribute the config files to all nodes - rsync -avzessh /etc/gvpe first.example.net:/etc/. --exclude hostkeys - rsync -avzessh /etc/gvpe 133.55.82.9:/etc/. --exclude hostkeys - rsync -avzessh /etc/gvpe third.example.net:/etc/. --exclude hostkeys +Now distribute the config files and public keys to the other nodes. -Then the hostkeys should be copied: +The example uses rsync-over-ssh to copy the config file and all the public +keys: - rsync -avzessh /etc/gvpe/hostkeys/first first.example.net:/etc/hostkey - rsync -avzessh /etc/gvpe/hostkeys/second 133.55.82.9:/etc/hostkey - rsync -avzessh /etc/gvpe/hostkeys/third third.example.net:/etc/hostkey + rsync -avzessh /etc/gvpe first.example.net:/etc/. --exclude hostkey + rsync -avzessh /etc/gvpe 133.55.82.9:/etc/. --exclude hostkey + rsync -avzessh /etc/gvpe third.example.net:/etc/. --exclude hostkey -You should now check the configuration by issuing the command C on each node and verify it's output. +You should now check the configuration by issuing the command C on each node and verify it's output. =head2 STEP 4: starting gvpe @@ -248,9 +252,28 @@ ... and play around. Sending a -HUP (C) to the daemon will make it try to connect to all other nodes again. If you run it from -inittab, as is recommended, C (or simply C) will -kill the daemon, start it again, making it read it's configuration files -again. +inittab C (or simply C) will kill the daemon, +start it again, making it read it's configuration files again. + +To run the GVPE daemon permanently from your SysV init, you can add it to +your F, e.g.: + + t1:2345:respawn:/bin/sh -c "exec nice -n-20 /path/to/gvpe -D node >/var/log/gvpe.log 2>&1" + +For systems using systemd, you can use a unit file similar to this one: + + [Unit] + Description=gvpe + After=network.target + Before=remote-fs.target + + [Service] + ExecStart=/path/to/gvpe -D node + KillMode=process + Restart=always + + [Install] + WantedBy=multi-user.target =head1 SEE ALSO diff -Nru gvpe-2.25/doc/gvpe.8 gvpe-3.0/doc/gvpe.8 --- gvpe-2.25/doc/gvpe.8 2008-09-01 01:36:06.000000000 -0400 +++ gvpe-3.0/doc/gvpe.8 2016-11-02 03:01:51.000000000 -0400 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -46,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -53,20 +47,27 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -132,13 +133,13 @@ .\" ======================================================================== .\" .IX Title "GVPE 8" -.TH GVPE 8 "2008-09-01" "2.2" "GNU Virtual Private Ethernet" +.TH GVPE 8 "2016-11-02" "2.25" "GNU Virtual Private Ethernet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -\&\f(CW\*(C`gvpe\*(C'\fR \- \s-1GNU\s0 Virtual Private Ethernet Daemon +"gvpe" \- GNU Virtual Private Ethernet Daemon .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\f(CW\*(C`gvpe\*(C'\fR [\fB\-cDlL\fR] [\fB\-\-config=\fR\fI\s-1DIR\s0\fR] [\fB\-\-no\-detach\fR] [\fB\-l=\fR\fI\s-1LEVEL\s0]\fR] @@ -242,8 +243,14 @@ .ie n .IP "\*(C`/etc/gvpe/pubkey/*\*(C'" 4 .el .IP "\f(CW\*(C`/etc/gvpe/pubkey/*\*(C'\fR" 4 .IX Item "/etc/gvpe/pubkey/*" -The directory containing the public keys for every node, usually -autogenerated by executing \f(CW\*(C`gvpectrl \-\-generate\-keys\*(C'\fR. +The directory containing the public keys for every node, one file per node +with the name of the node. +.ie n .IP "\*(C`/etc/gvpe/hostkey\*(C'" 4 +.el .IP "\f(CW\*(C`/etc/gvpe/hostkey\*(C'\fR" 4 +.IX Item "/etc/gvpe/hostkey" +The file containing the private key of the node \s-1GVPE\s0 runs on. Unlike all +the other files in the \fI/etc/gvpe\fR directory, this file usually differes +for each node that \s-1GVPE\s0 runs on. .ie n .IP "\*(C`/var/run/gvpe.pid\*(C'" 4 .el .IP "\f(CW\*(C`/var/run/gvpe.pid\*(C'\fR" 4 .IX Item "/var/run/gvpe.pid" @@ -261,7 +268,7 @@ The \s-1GVPE\s0 mailing list, at or \&\f(CW\*(C`gvpe@lists.schmorp.de\*(C'\fR. .PP -\&\s-1GVPE\s0 comes with \s-1ABSOLUTELY\s0 \s-1NO\s0 \s-1WARRANTY\s0. This is free software, and you are +\&\s-1GVPE\s0 comes with \s-1ABSOLUTELY NO WARRANTY. \s0 This is free software, and you are welcome to redistribute it under certain conditions; see the file \s-1COPYING\s0 for details. .SH "AUTHOR" diff -Nru gvpe-2.25/doc/gvpe.8.pod gvpe-3.0/doc/gvpe.8.pod --- gvpe-2.25/doc/gvpe.8.pod 2008-09-01 01:25:42.000000000 -0400 +++ gvpe-3.0/doc/gvpe.8.pod 2016-11-02 02:58:28.000000000 -0400 @@ -121,8 +121,14 @@ =item C -The directory containing the public keys for every node, usually -autogenerated by executing C. +The directory containing the public keys for every node, one file per node +with the name of the node. + +=item C + +The file containing the private key of the node GVPE runs on. Unlike all +the other files in the F directory, this file usually differes +for each node that GVPE runs on. =item C diff -Nru gvpe-2.25/doc/gvpe.conf.5 gvpe-3.0/doc/gvpe.conf.5 --- gvpe-2.25/doc/gvpe.conf.5 2013-07-12 22:41:13.000000000 -0400 +++ gvpe-3.0/doc/gvpe.conf.5 2016-11-02 03:01:51.000000000 -0400 @@ -0,0 +1,854 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` +. ds C' +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "GVPE.CONF 5" +.TH GVPE.CONF 5 "2016-11-02" "2.25" "GNU Virtual Private Ethernet" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +gvpe.conf \- configuration file for the GNU VPE daemon +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& # global options for all nodes +\& udp\-port = 407 +\& mtu = 1492 +\& ifname = vpn0 +\& +\& # first node is named branch1 and is at 1.2.3.4 +\& node = branch1 +\& hostname = 1.2.3.4 +\& +\& # second node uses dns to resolve the address +\& node = branch2 +\& hostname = www.example.net +\& udp\-port = 500 # this host uses a different udp\-port +\& +\& # third node has no fixed ip address +\& node = branch3 +\& connect = ondemand +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The gvpe config file consists of a series of lines that contain \f(CW\*(C`variable += value\*(C'\fR pairs. Empty lines are ignored. Comments start with a \f(CW\*(C`#\*(C'\fR and +extend to the end of the line. They can be used on their own lines, or +after any directives. Whitespace is allowed around the \f(CW\*(C`=\*(C'\fR sign or after +values, but not within the variable names or values themselves. +.PP +All settings are applied \*(L"in order\*(R", that is, later settings of the same +variable overwrite earlier ones. +.PP +The only exceptions to the above are the following directives: +.IP "node nodename" 4 +.IX Item "node nodename" +Introduces a node section. The nodename is used to select the right +configuration section and is the same string as is passed as an argument +to the gvpe daemon. +.Sp +Multiple \f(CW\*(C`node\*(C'\fR statements with the same node name are supported and will +be merged together. +.IP "global" 4 +.IX Item "global" +This statement switches back to the global section, which is mainly +useful if you want to include a second config file, e..g for local +customisations. To do that, simply include this at the very end of your +config file: +.Sp +.Vb 2 +\& global +\& include local.conf +.Ve +.IP "on nodename ..." 4 +.IX Item "on nodename ..." +.PD 0 +.IP "on !nodename ..." 4 +.IX Item "on !nodename ..." +.PD +You can prefix any configuration directive with \f(CW\*(C`on\*(C'\fR and a nodename. \s-1GVPE\s0 +will will only \*(L"execute\*(R" it on the named node, or (if the nodename starts +with \f(CW\*(C`!\*(C'\fR) on all nodes except the named one. +.Sp +Example: set the \s-1MTU\s0 to \f(CW1450\fR everywhere, \f(CW\*(C`loglevel\*(C'\fR to \f(CW\*(C`noise\*(C'\fR on +\&\f(CW\*(C`branch1\*(C'\fR, and \f(CW\*(C`connect\*(C'\fR to \f(CW\*(C`ondemand\*(C'\fR everywhere but on branch2. +.Sp +.Vb 3 +\& mtu = 1450 +\& on branch1 loglevel = noise +\& on !branch2 connect = ondemand +.Ve +.IP "include relative-or-absolute-path" 4 +.IX Item "include relative-or-absolute-path" +Reads the specified file (the path must not contain whitespace or \f(CW\*(C`=\*(C'\fR +characters) and evaluate all config directives in it as if they were +spelled out in place of the \f(CW\*(C`include\*(C'\fR directive. +.Sp +The path is a printf format string, that is, you must escape any \f(CW\*(C`%\*(C'\fR +by doubling it, and you can have a single \f(CW%s\fR inside, which will be +replaced by the current nodename. +.Sp +Relative paths are interpreted relative to the \s-1GVPE\s0 config directory. +.Sp +Example: include the file \fIlocal.conf\fR in the config directory on every +node. +.Sp +.Vb 1 +\& include local.conf +.Ve +.Sp +Example: include a file \fIconf/\fRnodename\fI.conf\fR +.Sp +.Vb 1 +\& include conf/%s.conf +.Ve +.SH "ANATOMY OF A CONFIG FILE" +.IX Header "ANATOMY OF A CONFIG FILE" +Usually, a config file starts with a few global settings (like the \s-1UDP\s0 +port to listen on), followed by node-specific sections that begin with a +\&\f(CW\*(C`node = nickname\*(C'\fR line. +.PP +Every node that is part of the network must have a section that starts +with \f(CW\*(C`node = nickname\*(C'\fR. The number and order of the nodes is important +and must be the same on all nodes. It is not uncommon for node sections to +be completely empty \- if the default values are right. +.PP +Node-specific settings can be used at any time. If used before the first +node section they will set the default values for all following nodes. +.SH "CONFIG VARIABLES" +.IX Header "CONFIG VARIABLES" +.SS "\s-1GLOBAL SETTINGS\s0" +.IX Subsection "GLOBAL SETTINGS" +Global settings will affect the behaviour of the running gvpe daemon, that +is, they are in some sense node-specific (config files can set different +values on different nodes using \f(CW\*(C`on\*(C'\fR), but will affect the behaviour of +the gvpe daemon and all connections it creates. +.IP "chroot = path or /" 4 +.IX Item "chroot = path or /" +Tells \s-1GVPE\s0 to \fIchroot\fR\|(2) to the specified path after reading all necessary +files, binding to sockets and running the \f(CW\*(C`if\-up\*(C'\fR script, but before +running \f(CW\*(C`node\-up\*(C'\fR or any other scripts. +.Sp +The special path \fI/\fR instructs \s-1GVPE\s0 to create (and remove) an empty +temporary directory to use as new root. This is most secure, but makes it +impossible to use any scripts other than the \f(CW\*(C`if\-up\*(C'\fR one. +.IP "chuid = numerical-uid" 4 +.IX Item "chuid = numerical-uid" +.PD 0 +.IP "chgid = numerical-gid" 4 +.IX Item "chgid = numerical-gid" +.PD +These two options tell \s-1GVPE\s0 to change to the given user and/or group id +after reading all necessary files, binding to sockets and running the +\&\f(CW\*(C`if\-up\*(C'\fR script. +.Sp +Other scripts, such as \f(CW\*(C`node\-up\*(C'\fR, are run with the new user id or group id. +.IP "chuser = username" 4 +.IX Item "chuser = username" +Alternative to \f(CW\*(C`chuid\*(C'\fR and \f(CW\*(C`chgid\*(C'\fR: Sets both \f(CW\*(C`chuid\*(C'\fR and \f(CW\*(C`chgid\*(C'\fR +to the user and (primary) group ids of the specified user (for example, +\&\f(CW\*(C`nobody\*(C'\fR). +.IP "dns-forw-host = hostname/ip" 4 +.IX Item "dns-forw-host = hostname/ip" +The \s-1DNS\s0 server to forward \s-1DNS\s0 requests to for the \s-1DNS\s0 tunnel protocol +(default: \f(CW127.0.0.1\fR, changing it is highly recommended). +.IP "dns-forw-port = port-number" 4 +.IX Item "dns-forw-port = port-number" +The port where the \f(CW\*(C`dns\-forw\-host\*(C'\fR is to be contacted (default: \f(CW53\fR, +which is fine in most cases). +.IP "dns-case-preserving = yes|true|on | no|false|off" 4 +.IX Item "dns-case-preserving = yes|true|on | no|false|off" +Sets whether the \s-1DNS\s0 transport forwarding server preserves case (\s-1DNS\s0 +servers have to, but some access systems are even more broken than others) +(default: true). +.Sp +Normally, when the forwarding server changes the case of domain names then +\&\s-1GVPE\s0 will automatically set this to false. +.IP "dns-max-outstanding = integer-number-of-requests" 4 +.IX Item "dns-max-outstanding = integer-number-of-requests" +The maximum number of outstanding \s-1DNS\s0 transport requests +(default: \f(CW100\fR). \s-1GVPE\s0 will never issue more requests then the given +limit without receiving replies. In heavily overloaded situations it might +help to set this to a low number (e.g. \f(CW3\fR or even \f(CW1\fR) to limit the +number of parallel requests. +.Sp +The default should be working \s-1OK\s0 for most links. +.IP "dns-overlap-factor = float" 4 +.IX Item "dns-overlap-factor = float" +The \s-1DNS\s0 transport uses the minimum request latency (\fBmin_latency\fR) seen +during a connection as it's timing base. This factor (default: \f(CW0.5\fR, +must be > 0) is multiplied by \fBmin_latency\fR to get the maximum sending +rate (= minimum send interval), i.e. a factor of \f(CW1\fR means that a new +request might be generated every \fBmin_latency\fR seconds, which means on +average there should only ever be one outstanding request. A factor of +\&\f(CW0.5\fR means that \s-1GVPE\s0 will send requests twice as often as the minimum +latency measured. +.Sp +For congested or picky \s-1DNS\s0 forwarders you could use a value nearer to or +exceeding \f(CW1\fR. +.Sp +The default should be working \s-1OK\s0 for most links. +.IP "dns-send-interval = send-interval-in-seconds" 4 +.IX Item "dns-send-interval = send-interval-in-seconds" +The minimum send interval (= maximum rate) that the \s-1DNS\s0 transport will +use to send new \s-1DNS\s0 requests. \s-1GVPE\s0 will not exceed this rate even when +the latency is very low. The default is \f(CW0.01\fR, which means \s-1GVPE\s0 will +not send more than 100 \s-1DNS\s0 requests per connection per second. For +high-bandwidth links you could go lower, e.g. to \f(CW0.001\fR or so. For +congested or rate-limited links, you might want to go higher, say \f(CW0.1\fR, +\&\f(CW0.2\fR or even higher. +.Sp +The default should be working \s-1OK\s0 for most links. +.IP "dns-timeout-factor = float" 4 +.IX Item "dns-timeout-factor = float" +Factor to multiply the \f(CW\*(C`min_latency\*(C'\fR (see \f(CW\*(C`dns\-overlap\-factor\*(C'\fR) by to +get request timeouts. The default of \f(CW8\fR means that the \s-1DNS\s0 transport +will resend the request when no reply has been received for longer than +eight times the minimum (= expected) latency, assuming the request or +reply has been lost. +.Sp +For congested links a higher value might be necessary (e.g. \f(CW30\fR). If +the link is very stable lower values (e.g. \f(CW2\fR) might work +nicely. Values near or below \f(CW1\fR makes no sense whatsoever. +.Sp +The default should be working \s-1OK\s0 for most links but will result in low +throughput if packet loss is high. +.IP "if-up = relative-or-absolute-path" 4 +.IX Item "if-up = relative-or-absolute-path" +Sets the path of a script that should be called immediately after the +network interface is initialized (but not necessarily up). The following +environment variables are passed to it (the values are just examples). +.Sp +Variables that have the same value on all nodes: +.RS 4 +.IP "CONFBASE=/etc/gvpe" 4 +.IX Item "CONFBASE=/etc/gvpe" +The configuration base directory. +.IP "IFNAME=vpn0" 4 +.IX Item "IFNAME=vpn0" +The network interface to initialize. +.IP "IFTYPE=native # or tincd" 4 +.IX Item "IFTYPE=native # or tincd" +.PD 0 +.IP "IFSUBTYPE=linux # or freebsd, darwin etc.." 4 +.IX Item "IFSUBTYPE=linux # or freebsd, darwin etc.." +.PD +The interface type (\f(CW\*(C`native\*(C'\fR or \f(CW\*(C`tincd\*(C'\fR) and the subtype (usually the +\&\s-1OS\s0 name in lowercase) that this \s-1GVPE\s0 was configured for. Can be used to +select the correct syntax to use for network-related commands. +.IP "MTU=1436" 4 +.IX Item "MTU=1436" +The \s-1MTU\s0 to set the interface to. You can use lower values (if done +consistently on all nodes), but this is usually either inefficient or +simply ineffective. +.IP "NODES=5" 4 +.IX Item "NODES=5" +The number of nodes in this \s-1GVPE\s0 network. +.RE +.RS 4 +.Sp +Variables that are node-specific and with values pertaining to the node +running this \s-1GVPE:\s0 +.IP "IFUPDATA=string" 4 +.IX Item "IFUPDATA=string" +The value of the configuration directive \f(CW\*(C`if\-up\-data\*(C'\fR. +.IP "MAC=fe:fd:80:00:00:01" 4 +.IX Item "MAC=fe:fd:80:00:00:01" +The \s-1MAC\s0 address the network interface has to use. +.Sp +Might be used to initialize interfaces on platforms where \s-1GVPE\s0 does not +do this automatically. Please see the \f(CW\*(C`gvpe.osdep(5)\*(C'\fR man page for +platform-specific information. +.IP "NODENAME=branch1" 4 +.IX Item "NODENAME=branch1" +The nickname of the node. +.IP "NODEID=1" 4 +.IX Item "NODEID=1" +The numerical node \s-1ID\s0 of the node running this instance of \s-1GVPE.\s0 The first +node mentioned in the config file gets \s-1ID 1,\s0 the second \s-1ID 2\s0 and so on. +.RE +.RS 4 +.Sp +In addition, all node-specific variables (except \f(CW\*(C`NODEID\*(C'\fR) will be +available with a postfix of \f(CW\*(C`_nodeid\*(C'\fR, which contains the value for that +node, e.g. the \f(CW\*(C`MAC_1\*(C'\fR variable contains the \s-1MAC\s0 address of node #1, while +the \f(CW\*(C`NODENAME_22\*(C'\fR variable contains the name of node #22. +.Sp +Here is a simple if-up script: +.Sp +.Vb 5 +\& #!/bin/sh +\& ip link set $IFNAME up +\& [ $NODENAME = branch1 ] && ip addr add 10.0.0.1 dev $IFNAME +\& [ $NODENAME = branch2 ] && ip addr add 10.1.0.1 dev $IFNAME +\& ip route add 10.0.0.0/8 dev $IFNAME +.Ve +.Sp +More complicated examples (using routing to reduce \s-1ARP\s0 traffic) can be +found in the \fIetc/\fR subdirectory of the distribution. +.RE +.IP "ifname = devname" 4 +.IX Item "ifname = devname" +Sets the tun interface name to the given name. The default is OS-specific +and most probably something like \f(CW\*(C`tun0\*(C'\fR. +.IP "ifpersist = yes|true|on | no|false|off" 4 +.IX Item "ifpersist = yes|true|on | no|false|off" +Should the tun/tap device be made persistent, that is, should the device +stay up even when gvpe exits? Some versions of the tunnel device have +problems sending packets when gvpe is restarted in persistent mode, so +if the connections can be established but you cannot send packets from +the local node, try to set this to \f(CW\*(C`off\*(C'\fR and do an ifconfig down on the +device. +.IP "ip-proto = numerical-ip-protocol" 4 +.IX Item "ip-proto = numerical-ip-protocol" +Sets the protocol number to be used for the rawip protocol. This is a +global option because all nodes must use the same protocol, and since +there are no port numbers, you cannot easily run more than one gvpe +instance using the same protocol, nor can you share the protocol with +other programs. +.Sp +The default is 47 (\s-1GRE\s0), which has a good chance of tunneling +through firewalls (but note that gvpe's rawip protocol is not \s-1GRE\s0 +compatible). Other common choices are 50 (\s-1IPSEC, ESP\s0), 51 (\s-1IPSEC, AH\s0), 4 +(\s-1IPIP\s0 tunnels) or 98 (\s-1ENCAP,\s0 rfc1241). +.Sp +Many versions of Linux seem to have a bug that causes them to reorder +packets for some ip protocols (\s-1GRE, ESP\s0) but not for others (\s-1AH\s0), so +choose wisely (that is, use 51, \s-1AH\s0). +.IP "http-proxy-host = hostname/ip" 4 +.IX Item "http-proxy-host = hostname/ip" +The \f(CW\*(C`http\-proxy\-*\*(C'\fR family of options are only available if gvpe was +compiled with the \f(CW\*(C`\-\-enable\-http\-proxy\*(C'\fR option and enable tunneling of +tcp connections through a http proxy server. +.Sp +\&\f(CW\*(C`http\-proxy\-host\*(C'\fR and \f(CW\*(C`http\-proxy\-port\*(C'\fR should specify the hostname and +port number of the proxy server. See \f(CW\*(C`http\-proxy\-loginpw\*(C'\fR if your proxy +requires authentication. +.Sp +Please note that gvpe will still try to resolve all hostnames in the +configuration file, so if you are behind a proxy without access to a \s-1DNS\s0 +server better use numerical \s-1IP\s0 addresses. +.Sp +To make best use of this option disable all protocols except \s-1TCP\s0 in your +config file and make sure your routers (or all other nodes) are listening +on a port that the proxy allows (443, https, is a common choice). +.Sp +If you have a router, connecting to it will suffice. Otherwise \s-1TCP\s0 must be +enabled on all nodes. +.Sp +Example: +.Sp +.Vb 3 +\& http\-proxy\-host = proxy.example.com +\& http\-proxy\-port = 3128 # 8080 is another common choice +\& http\-proxy\-auth = schmorp:grumbeere +.Ve +.IP "http-proxy-port = proxy-tcp-port" 4 +.IX Item "http-proxy-port = proxy-tcp-port" +The port where your proxy server listens. +.IP "http-proxy-auth = login:password" 4 +.IX Item "http-proxy-auth = login:password" +The optional login and password used to authenticate to the proxy server, +separated by a literal colon (\f(CW\*(C`:\*(C'\fR). Only basic authentication is +currently supported. +.IP "keepalive = seconds" 4 +.IX Item "keepalive = seconds" +Sets the keepalive probe interval in seconds (default: \f(CW60\fR). After this +many seconds of inactivity the daemon will start to send keepalive probe +every 3 seconds until it receives a reply from the other end. If no reply +is received within 15 seconds, the peer is considered unreachable and the +connection is closed. +.IP "loglevel = noise|trace|debug|info|notice|warn|error|critical" 4 +.IX Item "loglevel = noise|trace|debug|info|notice|warn|error|critical" +Set the logging level. Connection established messages are logged at level +\&\f(CW\*(C`info\*(C'\fR, notable errors are logged with \f(CW\*(C`error\*(C'\fR. Default is \f(CW\*(C`info\*(C'\fR. +.IP "mtu = bytes" 4 +.IX Item "mtu = bytes" +Sets the maximum \s-1MTU\s0 that should be used on outgoing packets (basically +the \s-1MTU\s0 of the outgoing interface) The daemon will automatically calculate +maximum overhead (e.g. \s-1UDP\s0 header size, encryption blocksize...) and pass +this information to the \f(CW\*(C`if\-up\*(C'\fR script. +.Sp +Recommended values are 1500 (ethernet), 1492 (pppoe), 1472 (pptp). +.Sp +This value must be the minimum of the \s-1MTU\s0 values of all nodes. +.IP "nfmark = integer" 4 +.IX Item "nfmark = integer" +This advanced option, when set to a nonzero value (default: \f(CW0\fR), tries +to set the netfilter mark (or fwmark) value on all sockets gvpe uses to +send packets. +.Sp +This can be used to make gvpe use a different set of routing rules. For +example, on GNU/Linux, the \f(CW\*(C`if\-up\*(C'\fR could set \f(CW\*(C`nfmark\*(C'\fR to 1000 and then +put all routing rules into table \f(CW99\fR and then use an ip rule to make +gvpe traffic avoid that routing table, in effect routing normal traffic +via gvpe and gvpe traffic via the normal system routing tables: +.Sp +.Vb 1 +\& ip rule add not fwmark 1000 lookup 99 +.Ve +.IP "node-up = relative-or-absolute-path" 4 +.IX Item "node-up = relative-or-absolute-path" +Sets a command (default: none) that should be called whenever a connection +is established (even on rekeying operations). Note that node\-up/down +scripts will be run asynchronously, but execution is serialised, so there +will only ever be one such script running. +.Sp +In addition to all the variables passed to \f(CW\*(C`if\-up\*(C'\fR scripts, the following +environment variables will be set (values are just examples): +.RS 4 +.IP "DESTNODE=branch2" 4 +.IX Item "DESTNODE=branch2" +The name of the remote node. +.IP "DESTID=2" 4 +.IX Item "DESTID=2" +The node id of the remote node. +.IP "DESTSI=rawip/88.99.77.55:0" 4 +.IX Item "DESTSI=rawip/88.99.77.55:0" +The \*(L"socket info\*(R" of the target node, protocol dependent but usually in +the format protocol/ip:port. +.IP "DESTIP=188.13.66.8" 4 +.IX Item "DESTIP=188.13.66.8" +The numerical \s-1IP\s0 address of the remote node (gvpe accepts connections from +everywhere, as long as the other node can authenticate itself). +.IP "DESTPORT=655 # deprecated" 4 +.IX Item "DESTPORT=655 # deprecated" +The protocol port used by the other side, if applicable. +.IP "STATE=up" 4 +.IX Item "STATE=up" +Node-up scripts get called with STATE=up, node-change scripts get called +with STATE=change and node-down scripts get called with STATE=down. +.RE +.RS 4 +.Sp +Here is a nontrivial example that uses nsupdate to update the name => ip +mapping in some \s-1DNS\s0 zone: +.Sp +.Vb 6 +\& #!/bin/sh +\& { +\& echo update delete $DESTNODE.lowttl.example.net. a +\& echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP +\& echo +\& } | nsupdate \-d \-k $CONFBASE:key.example.net. +.Ve +.RE +.IP "node-change = relative-or-absolute-path" 4 +.IX Item "node-change = relative-or-absolute-path" +Same as \f(CW\*(C`node\-change\*(C'\fR, but gets called whenever something about a +connection changes (such as the source \s-1IP\s0 address). +.IP "node-down = relative-or-absolute-path" 4 +.IX Item "node-down = relative-or-absolute-path" +Same as \f(CW\*(C`node\-up\*(C'\fR, but gets called whenever a connection is lost. +.IP "pid-file = path" 4 +.IX Item "pid-file = path" +The path to the pid file to check and create +(default: \f(CW\*(C`LOCALSTATEDIR/run/gvpe.pid\*(C'\fR). The first \f(CW%s\fR is replaced by +the nodename \- any other use of \f(CW\*(C`%\*(C'\fR must be written as \f(CW\*(C`%%\*(C'\fR. +.IP "private-key = relative-path-to-key" 4 +.IX Item "private-key = relative-path-to-key" +Sets the path (relative to the config directory) to the private key +(default: \f(CW\*(C`hostkey\*(C'\fR). This is a printf format string so every \f(CW\*(C`%\*(C'\fR must +be doubled. A single \f(CW%s\fR is replaced by the hostname, so you could use +paths like \f(CW\*(C`hostkeys/%s\*(C'\fR to be able to share the same config directory +between nodes. +.Sp +Since only the private key file of the current node is used and the +private key file should be kept secret per-node to avoid spoofing, it is +not recommended to use this feature this way though. +.IP "rekey = seconds" 4 +.IX Item "rekey = seconds" +Sets the rekeying interval in seconds (default: \f(CW3607\fR). Connections are +reestablished every \f(CW\*(C`rekey\*(C'\fR seconds, making them use a new encryption +key. +.IP "seed-device = path" 4 +.IX Item "seed-device = path" +The random device used to initially and regularly seed the random +number generator (default: \fI/dev/urandom\fR). Randomness is of paramount +importance to the security of the algorithms used in gvpe. +.Sp +On program start and every seed-interval, gvpe will read 64 octets. +.Sp +Setting this path to the empty string will disable this functionality +completely (the underlying crypto library will likely look for entropy +sources on it's own though, so not all is lost). +.IP "seed-interval = seconds" 4 +.IX Item "seed-interval = seconds" +The number of seconds between reseeds of the random number generator +(default: \f(CW3613\fR). A value of \f(CW0\fR disables this regular reseeding. +.IP "serial = string" 4 +.IX Item "serial = string" +The configuration serial number. This can be any string up to 16 bytes +length. Only when the serial matches on both sides of a conenction will +the connection succeed. This is \fInot\fR a security mechanism and eay to +spoof, this mechanism exists to alert users that their config is outdated. +.Sp +It's recommended to specify this is a date string such as \f(CW\*(C`2013\-05\-05\*(C'\fR or +\&\f(CW20121205084417\fR. +.Sp +The exact algorithm is as this: if a connection request is received form a +node with an identical serial, then it succeeds normally. +.Sp +If the remote serial is lower than the local serial, it is ignored. +.Sp +If the remote serial is higher than the local serial, a warning message is +logged. +.SS "\s-1NODE SPECIFIC SETTINGS\s0" +.IX Subsection "NODE SPECIFIC SETTINGS" +The following settings are node-specific, that is, every node can have +different settings, even within the same gvpe instance. Settings that are +set before the first node section set the defaults, settings that are +set within a node section only apply to the given node. +.IP "allow-direct = nodename" 4 +.IX Item "allow-direct = nodename" +Allow direct connections to this node. See \f(CW\*(C`deny\-direct\*(C'\fR for more info. +.IP "compress = yes|true|on | no|false|off" 4 +.IX Item "compress = yes|true|on | no|false|off" +For the current node, this specified whether it will accept compressed +packets, and for all other nodes, this specifies whether to try to +compress data packets sent to this node (default: \f(CW\*(C`yes\*(C'\fR). Compression is +really cheap even on slow computers, has no size overhead at all and will +only be used when the other side supports compression, so enabling this is +often a good idea. +.IP "connect = ondemand | never | always | disabled" 4 +.IX Item "connect = ondemand | never | always | disabled" +Sets the connect mode (default: \f(CW\*(C`always\*(C'\fR). It can be \f(CW\*(C`always\*(C'\fR (always +try to establish and keep a connection to the given node), \f(CW\*(C`never\*(C'\fR +(never initiate a connection to the given host, but accept connections), +\&\f(CW\*(C`ondemand\*(C'\fR (try to establish a connection when there are outstanding +packets in the queue and take it down after the keepalive interval) or +\&\f(CW\*(C`disabled\*(C'\fR (node is bad, don't talk to it). +.Sp +Routers will automatically be forced to \f(CW\*(C`always\*(C'\fR unless they are +\&\f(CW\*(C`disabled\*(C'\fR, to ensure all nodes can talk to each other. +.IP "deny-direct = nodename | *" 4 +.IX Item "deny-direct = nodename | *" +Deny direct connections to the specified node (or all nodes when \f(CW\*(C`*\*(C'\fR +is given). Only one node can be specified, but you can use multiple +\&\f(CW\*(C`allow\-direct\*(C'\fR and \f(CW\*(C`deny\-direct\*(C'\fR statements. This only makes sense in +networks with routers, as routers are required for indirect connections. +.Sp +Sometimes, a node cannot reach some other nodes for reasons of network +connectivity. For example, a node behind a firewall that only allows +connections to/from a single other node in the network. In this case one +should specify \f(CW\*(C`deny\-direct = *\*(C'\fR and \f(CW\*(C`allow\-direct = othernodename\*(C'\fR (the other +node \fImust\fR be a router for this to work). +.Sp +The algorithm to check whether a connection may be direct is as follows: +.Sp +1. Other node mentioned in an \f(CW\*(C`allow\-direct\*(C'\fR? If yes, allow the connection. +.Sp +2. Other node mentioned in a \f(CW\*(C`deny\-direct\*(C'\fR? If yes, deny direct connections. +.Sp +3. Allow the connection. +.Sp +That is, \f(CW\*(C`allow\-direct\*(C'\fR takes precedence over \f(CW\*(C`deny\-direct\*(C'\fR. +.Sp +The check is done in both directions, i.e. both nodes must allow a direct +connection before one is attempted, so you only need to specify connect +limitations on one node. +.IP "dns-domain = domain-suffix" 4 +.IX Item "dns-domain = domain-suffix" +The \s-1DNS\s0 domain suffix that points to the \s-1DNS\s0 tunnel server for this node. +.Sp +The domain must point to a \s-1NS\s0 record that points to the \fIdns-hostname\fR, +i.e. +.Sp +.Vb 2 +\& dns\-domainname = tunnel.example.net +\& dns\-hostname = tunnel\-server.example.net +.Ve +.Sp +Corresponds to the following \s-1DNS\s0 entries in the \f(CW\*(C`example.net\*(C'\fR domain: +.Sp +.Vb 2 +\& tunnel.example.net. NS tunnel\-server.example.net. +\& tunnel\-server.example.net. A 13.13.13.13 +.Ve +.IP "dns-hostname = hostname/ip" 4 +.IX Item "dns-hostname = hostname/ip" +The address to bind the \s-1DNS\s0 tunnel socket to, similar to the \f(CW\*(C`hostname\*(C'\fR, +but for the \s-1DNS\s0 tunnel protocol only. Default: \f(CW0.0.0.0\fR, but that might +change. +.IP "dns-port = port-number" 4 +.IX Item "dns-port = port-number" +The port to bind the \s-1DNS\s0 tunnel socket to. Must be \f(CW53\fR on \s-1DNS\s0 tunnel servers. +.IP "enable-dns = yes|true|on | no|false|off" 4 +.IX Item "enable-dns = yes|true|on | no|false|off" +See \fIgvpe.protocol\fR\|(7) for a description of the \s-1DNS\s0 transport +protocol. Avoid this protocol if you can. +.Sp +Enable the \s-1DNS\s0 tunneling protocol on this node, either as server or as +client. Support for this transport protocol is only available when gvpe +was compiled using the \f(CW\*(C`\-\-enable\-dns\*(C'\fR option. +.IP "enable-icmp = yes|true|on | no|false|off" 4 +.IX Item "enable-icmp = yes|true|on | no|false|off" +See \fIgvpe.protocol\fR\|(7) for a description of the \s-1ICMP\s0 transport protocol. +.Sp +Enable the \s-1ICMP\s0 transport using \s-1ICMP\s0 packets of type \f(CW\*(C`icmp\-type\*(C'\fR on this +node. +.IP "enable-rawip = yes|true|on | no|false|off" 4 +.IX Item "enable-rawip = yes|true|on | no|false|off" +See \fIgvpe.protocol\fR\|(7) for a description of the \s-1RAW IP\s0 transport protocol. +.Sp +Enable the \s-1RAW\s0 IPv4 transport using the \f(CW\*(C`ip\-proto\*(C'\fR protocol +(default: \f(CW\*(C`no\*(C'\fR). +.IP "enable-tcp = yes|true|on | no|false|off" 4 +.IX Item "enable-tcp = yes|true|on | no|false|off" +See \fIgvpe.protocol\fR\|(7) for a description of the \s-1TCP\s0 transport protocol. +.Sp +Enable the TCPv4 transport using the \f(CW\*(C`tcp\-port\*(C'\fR port +(default: \f(CW\*(C`no\*(C'\fR). Support for this transport protocol is only available +when gvpe was compiled using the \f(CW\*(C`\-\-enable\-tcp\*(C'\fR option. +.IP "enable-udp = yes|true|on | no|false|off" 4 +.IX Item "enable-udp = yes|true|on | no|false|off" +See \fIgvpe.protocol\fR\|(7) for a description of the \s-1UDP\s0 transport protocol. +.Sp +Enable the UDPv4 transport using the \f(CW\*(C`udp\-port\*(C'\fR port (default: \f(CW\*(C`no\*(C'\fR). +.IP "hostname = hostname | ip [can not be defaulted]" 4 +.IX Item "hostname = hostname | ip [can not be defaulted]" +Forces the address of this node to be set to the given \s-1DNS\s0 hostname or \s-1IP\s0 +address. It will be resolved before each connect request, so dyndns should +work fine. If this setting is not specified and a router is available, +then the router will be queried for the address of this node. Otherwise, +the connection attempt will fail. +.Sp +Note that \s-1DNS\s0 resolving is done synchronously, pausing the daemon. If that +is an issue you need to specify \s-1IP\s0 addresses. +.IP "icmp-type = integer" 4 +.IX Item "icmp-type = integer" +Sets the type value to be used for outgoing (and incoming) packets sent +via the \s-1ICMP\s0 transport. +.Sp +The default is \f(CW0\fR (which is \f(CW\*(C`echo\-reply\*(C'\fR, also known as +\&\*(L"ping-reply\*(R"). Other useful values include \f(CW8\fR (\f(CW\*(C`echo\-request\*(C'\fR, a.k.a. +\&\*(L"ping\*(R") and \f(CW11\fR (\f(CW\*(C`time\-exceeded\*(C'\fR), but any 8\-bit value can be used. +.IP "if-up-data = value" 4 +.IX Item "if-up-data = value" +The value specified using this directive will be passed to the \f(CW\*(C`if\-up\*(C'\fR +script in the environment variable \f(CW\*(C`IFUPDATA\*(C'\fR. +.IP "inherit-tos = yes|true|on | no|false|off" 4 +.IX Item "inherit-tos = yes|true|on | no|false|off" +Whether to inherit the \s-1TOS\s0 settings of packets sent to the tunnel when +sending packets to this node (default: \f(CW\*(C`yes\*(C'\fR). If set to \f(CW\*(C`yes\*(C'\fR then +outgoing tunnel packets will have the same \s-1TOS\s0 setting as the packets sent +to the tunnel device, which is usually what you want. +.IP "low-power = yes|true|on | no|false|off" 4 +.IX Item "low-power = yes|true|on | no|false|off" +If true, designates a node as a low-power node. Low-power nodes use +larger timeouts and try to reduce cpu time. Other nodes talking to a +low-power node will also use larger timeouts, and will use less aggressive +optimisations, in the hope of reducing load. Security is not compromised. +.Sp +The typical low-power node would be a mobile phone, where wakeups and +encryption can significantly increase power drain. +.IP "max-retry = positive-number" 4 +.IX Item "max-retry = positive-number" +The maximum interval in seconds (default: \f(CW3600\fR, one hour) between +retries to establish a connection to this node. When a connection cannot +be established, gvpe uses exponential back-off capped at this value. It's +sometimes useful to set this to a much lower value (e.g. \f(CW120\fR) on +connections to routers that usually are stable but sometimes are down, to +assure quick reconnections even after longer downtimes. +.IP "max-ttl = seconds" 4 +.IX Item "max-ttl = seconds" +Expire packets that couldn't be sent after this many seconds +(default: \f(CW60\fR). Gvpe will normally queue packets for a node without an +active connection, in the hope of establishing a connection soon. This +value specifies the maximum lifetime a packet will stay in the queue, if a +packet gets older, it will be thrown away. +.IP "max-queue = positive\-number>=1" 4 +.IX Item "max-queue = positive-number>=1" +The maximum number of packets that will be queued (default: \f(CW512\fR) +for this node. If more packets are sent then earlier packets will be +expired. See \f(CW\*(C`max\-ttl\*(C'\fR, above. +.IP "router-priority = 0 | 1 | positive\-number>=2" 4 +.IX Item "router-priority = 0 | 1 | positive-number>=2" +Sets the router priority of the given node (default: \f(CW0\fR, disabled). +.Sp +If some node tries to connect to another node but it doesn't have a +hostname, it asks a router node for it's \s-1IP\s0 address. The router node +chosen is the one with the highest priority larger than \f(CW1\fR that is +currently reachable. This is called a \fImediated\fR connection, as the +connection itself will still be direct, but it uses another node to +mediate between the two nodes. +.Sp +The value \f(CW0\fR disables routing, that means if the node receives a packet +not for itself it will not forward it but instead drop it. +.Sp +The special value \f(CW1\fR allows other hosts to route through the router +host, but they will never route through it by default (i.e. the config +file of another node needs to specify a router priority higher than one +to choose such a node for routing). +.Sp +The idea behind this is that some hosts can, if required, bump the +\&\f(CW\*(C`router\-priority\*(C'\fR setting to higher than \f(CW1\fR in their local config to +route through specific hosts. If \f(CW\*(C`router\-priority\*(C'\fR is \f(CW0\fR, then routing +will be refused, so \f(CW1\fR serves as a \*(L"enable, but do not use by default\*(R" +switch. +.Sp +Nodes with \f(CW\*(C`router\-priority\*(C'\fR set to \f(CW2\fR or higher will always be forced +to \f(CW\*(C`connect\*(C'\fR = \f(CW\*(C`always\*(C'\fR (unless they are \f(CW\*(C`disabled\*(C'\fR). +.IP "tcp-port = port-number" 4 +.IX Item "tcp-port = port-number" +Similar to \f(CW\*(C`udp\-port\*(C'\fR (default: \f(CW655\fR), but sets the \s-1TCP\s0 port number. +.IP "udp-port = port-number" 4 +.IX Item "udp-port = port-number" +Sets the port number used by the \s-1UDP\s0 protocol (default: \f(CW655\fR, not +officially assigned by \s-1IANA\s0!). +.SH "CONFIG DIRECTORY LAYOUT" +.IX Header "CONFIG DIRECTORY LAYOUT" +The default (or recommended) directory layout for the config directory is: +.IP "gvpe.conf" 4 +.IX Item "gvpe.conf" +The config file. +.IP "if-up" 4 +.IX Item "if-up" +The if-up script +.IP "node-up, node-down" 4 +.IX Item "node-up, node-down" +If used the node up or node-down scripts. +.IP "hostkey" 4 +.IX Item "hostkey" +The (default path of the) private key of the current host. +.IP "pubkey/nodename" 4 +.IX Item "pubkey/nodename" +The public keys of the other nodes, one file per node. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIgvpe\fR\|(5), \fIgvpe\fR\|(8), \fIgvpectrl\fR\|(8). +.SH "AUTHOR" +.IX Header "AUTHOR" +Marc Lehmann diff -Nru gvpe-2.25/doc/gvpe.conf.5.pod gvpe-3.0/doc/gvpe.conf.5.pod --- gvpe-2.25/doc/gvpe.conf.5.pod 2013-07-12 22:28:38.000000000 -0400 +++ gvpe-3.0/doc/gvpe.conf.5.pod 2016-11-02 02:56:48.000000000 -0400 @@ -33,10 +33,29 @@ All settings are applied "in order", that is, later settings of the same variable overwrite earlier ones. -The only exceptions to the above are the "on" and "include" directives: +The only exceptions to the above are the following directives: =over 4 +=item node nodename + +Introduces a node section. The nodename is used to select the right +configuration section and is the same string as is passed as an argument +to the gvpe daemon. + +Multiple C statements with the same node name are supported and will +be merged together. + +=item global + +This statement switches back to the global section, which is mainly +useful if you want to include a second config file, e..g for local +customisations. To do that, simply include this at the very end of your +config file: + + global + include local.conf + =item on nodename ... =item on !nodename ... @@ -386,12 +405,6 @@ ip rule add not fwmark 1000 lookup 99 -=item node = nickname - -Not really a config setting but introduces a node section. The nickname is -used to select the right configuration section and must be passed as an -argument to the gvpe daemon. - =item node-up = relative-or-absolute-path Sets a command (default: none) that should be called whenever a connection @@ -455,19 +468,20 @@ =item pid-file = path The path to the pid file to check and create -(default: C). +(default: C). The first C<%s> is replaced by +the nodename - any other use of C<%> must be written as C<%%>. =item private-key = relative-path-to-key Sets the path (relative to the config directory) to the private key (default: C). This is a printf format string so every C<%> must -be doubled. A single C<%s> is replaced by the hostname, so you could -use paths like C to fetch the files at the location where -C puts them. +be doubled. A single C<%s> is replaced by the hostname, so you could use +paths like C to be able to share the same config directory +between nodes. Since only the private key file of the current node is used and the private key file should be kept secret per-node to avoid spoofing, it is -not recommended to use this feature. +not recommended to use this feature this way though. =item rekey = seconds @@ -492,6 +506,24 @@ The number of seconds between reseeds of the random number generator (default: C<3613>). A value of C<0> disables this regular reseeding. +=item serial = string + +The configuration serial number. This can be any string up to 16 bytes +length. Only when the serial matches on both sides of a conenction will +the connection succeed. This is I a security mechanism and eay to +spoof, this mechanism exists to alert users that their config is outdated. + +It's recommended to specify this is a date string such as C<2013-05-05> or +C<20121205084417>. + +The exact algorithm is as this: if a connection request is received form a +node with an identical serial, then it succeeds normally. + +If the remote serial is lower than the local serial, it is ignored. + +If the remote serial is higher than the local serial, a warning message is +logged. + =back =head2 NODE SPECIFIC SETTINGS @@ -649,6 +681,16 @@ outgoing tunnel packets will have the same TOS setting as the packets sent to the tunnel device, which is usually what you want. +=item low-power = yes|true|on | no|false|off + +If true, designates a node as a low-power node. Low-power nodes use +larger timeouts and try to reduce cpu time. Other nodes talking to a +low-power node will also use larger timeouts, and will use less aggressive +optimisations, in the hope of reducing load. Security is not compromised. + +The typical low-power node would be a mobile phone, where wakeups and +encryption can significantly increase power drain. + =item max-retry = positive-number The maximum interval in seconds (default: C<3600>, one hour) between @@ -731,7 +773,7 @@ =item hostkey -The private key (taken from C) of the current host. +The (default path of the) private key of the current host. =item pubkey/nodename diff -Nru gvpe-2.25/doc/gvpectrl.8 gvpe-3.0/doc/gvpectrl.8 --- gvpe-2.25/doc/gvpectrl.8 2008-09-01 01:36:06.000000000 -0400 +++ gvpe-3.0/doc/gvpectrl.8 2016-11-02 03:01:51.000000000 -0400 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -46,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -53,20 +47,27 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -132,13 +133,13 @@ .\" ======================================================================== .\" .IX Title "GVPECTRL 8" -.TH GVPECTRL 8 "2008-09-01" "2.2" "GNU Virtual Private Ethernet" +.TH GVPECTRL 8 "2016-11-02" "2.25" "GNU Virtual Private Ethernet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -\&\f(CW\*(C`gvpectrl\*(C'\fR \- \s-1GNU\s0 Virtual Private Ethernet Control Program +"gvpectrl" \- GNU Virtual Private Ethernet Control Program .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\f(CW\*(C`gvpectrl\*(C'\fR [\fB\-ckgs\fR] [\fB\-\-config=\fR\fI\s-1DIR\s0\fR] [\fB\-\-generate\-keys\fR] [\fB\-\-help\fR] @@ -151,9 +152,34 @@ .IP "\fB\-c\fR, \fB\-\-config=\fR\fI\s-1DIR\s0\fR" 4 .IX Item "-c, --config=DIR" Read configuration options from \fI\s-1DIR\s0\fR. -.IP "\fB\-g\fR, \fB\-\-generate\-keys\fR" 4 -.IX Item "-g, --generate-keys" -Generate public/private \s-1RSA\s0 key-pair and exit. +.IP "\fB\-g\fR, \fB\-\-generate\-key=path\fR" 4 +.IX Item "-g, --generate-key=path" +Generates a single \s-1RSA\s0 key-pair. The public key will be stored in \fI\fIpath\fI\fR +while the private key will be stored in \fI\fIpath\fI .privkey\fR. Neither file must be +non-empty for this to succeed. +.Sp +The public key file \fI\fIpath\fI\fR is normally copied to \fIpubkey/nodename\fR in +the config directory on all nodes, while the private key \fI\fIpath\fI.privkey\fR +should be copied to the file \fIhostkey\fR on the node the key is for. +.Sp +It's recommended to generate the keypair on the node where it will be +used, so that the private key file does not have to travel over the +network. +.IP "\fB\-G\fR, \fB\-\-generate\-keys\fR" 4 +.IX Item "-G, --generate-keys" +Generate public/private \s-1RSA\s0 key-pairs for all nodes not having a key and exit. +.Sp +Note that in normal configurations this will fail, as there cna only be +one private key per host. To make this configuration work you need to +specify separate keyfiles for hostkeys in your config file, e.g.: +.Sp +.Vb 1 +\& private\-key = hostkeys/%s +.Ve +.Sp +Such a configuration makes it easier to distribute a configuration +centrally but requires private keys to be transported securely over the +network. .IP "\fB\-q\fR, \fB\-\-quiet\fR" 4 .IX Item "-q, --quiet" Suppresses messages the author finds nonessential for scripting purposes. @@ -178,7 +204,7 @@ .IX Header "SEE ALSO" \&\fIgvpe\fR\|(5), \fIgvpe.conf\fR\|(5), \fIgvpe\fR\|(8). .PP -\&\s-1GVPE\s0 comes with \s-1ABSOLUTELY\s0 \s-1NO\s0 \s-1WARRANTY\s0. This is free software, and you are +\&\s-1GVPE\s0 comes with \s-1ABSOLUTELY NO WARRANTY. \s0 This is free software, and you are welcome to redistribute it under certain conditions; see the file \s-1COPYING\s0 for details. .SH "AUTHOR" diff -Nru gvpe-2.25/doc/gvpectrl.8.pod gvpe-3.0/doc/gvpectrl.8.pod --- gvpe-2.25/doc/gvpectrl.8.pod 2008-09-01 01:31:04.000000000 -0400 +++ gvpe-3.0/doc/gvpectrl.8.pod 2016-11-02 02:45:57.000000000 -0400 @@ -19,9 +19,33 @@ Read configuration options from I. -=item B<-g>, B<--generate-keys> +=item B<-g>, B<--generate-key=path> -Generate public/private RSA key-pair and exit. +Generates a single RSA key-pair. The public key will be stored in F<< I >> +while the private key will be stored in F<< I .privkey >>. Neither file must be +non-empty for this to succeed. + +The public key file F<< I >> is normally copied to F in +the config directory on all nodes, while the private key F<< I.privkey >> +should be copied to the file F on the node the key is for. + +It's recommended to generate the keypair on the node where it will be +used, so that the private key file does not have to travel over the +network. + +=item B<-G>, B<--generate-keys> + +Generate public/private RSA key-pairs for all nodes not having a key and exit. + +Note that in normal configurations this will fail, as there cna only be +one private key per host. To make this configuration work you need to +specify separate keyfiles for hostkeys in your config file, e.g.: + + private-key = hostkeys/%s + +Such a configuration makes it easier to distribute a configuration +centrally but requires private keys to be transported securely over the +network. =item B<-q>, B<--quiet> diff -Nru gvpe-2.25/doc/gvpe.info gvpe-3.0/doc/gvpe.info --- gvpe-2.25/doc/gvpe.info 2013-07-09 20:19:43.000000000 -0400 +++ gvpe-3.0/doc/gvpe.info 1969-12-31 19:00:00.000000000 -0500 @@ -1,2219 +0,0 @@ -This is gvpe.info, produced by makeinfo version 4.13 from gvpe.texi. - -INFO-DIR-SECTION Networking tools -START-INFO-DIR-ENTRY -* gvpe: (gvpe). The GNU VPE Manual. -END-INFO-DIR-ENTRY - - This is the info manual for vpe, the Virtual Private Ethernet daemon. - - Copyright (C) 2003-2008 Marc Lehmann . - - Permission is granted to make and distribute verbatim copies of this -manual provided the copyright notice and this permission notice are -preserved on all copies. - - Permission is granted to copy and distribute modified versions of -this manual under the conditions for verbatim copying, provided that the -entire resulting derived work is distributed under the terms of a -permission notice identical to this one. - - -File: gvpe.info, Node: Top, Next: Overview, Up: (dir) - -1 Introduction -************** - -This is the documentation for the GNU Virtual Private Ethernet suite. - - The GNU Virtual Private Ethernet suite implements a virtual (uses -udp, tcp, rawip and other protocols for tunneling), private (encrypted, -authenticated) ethernet (mac-based, broadcast-based network) that is -shared among multiple nodes, in effect implementing an ethernet bus -over public networks. - -* Menu: - -* Overview:: Introduction to and Tutorial for GVPE (gvpe(5)) -* OS Dependencies:: OS-Dependent Installation and Configuration Notes (gvpe.osdep(5)) -* gvpe.conf:: The main configuration file (gvpe.conf(5)) -* gvpectrl:: Configuration/Control Program Reference (gvpectrl(8)) -* gvpe:: The GVPE Daemon (gvpe(8)) -* gvpe.protocol:: The GVPE Transport and VPN Protocols (gvpe.protocol(7)) -* Simple Example:: A simple yet realistic Example -* Complex Example:: A non-trivial Example -* Index:: Keyword and Concept index - - -File: gvpe.info, Node: Overview, Next: OS Dependencies, Prev: Top, Up: Top - -2 Overview -********** - -2.1 NAME -======== - -GNU-VPE - Overview of the GNU Virtual Private Ethernet suite. - -2.2 DESCRIPTION -=============== - -GVPE is a suite designed to provide a virtual private network for -multiple nodes over an untrusted network. This document first gives an -introduction to VPNs in general and then describes the specific -implementation of GVPE. - -2.2.1 WHAT IS A VPN? --------------------- - -VPN is an acronym, it stands for: - - * Virtual - - Virtual means that no physical network is created (of course), but - a network is _emulated_ by creating multiple tunnels between the - member nodes by encapsulating and sending data over another - transport network. - - Usually the emulated network is a normal IP or Ethernet, and the - transport network is the Internet. However, using a VPN system - like GVPE to connect nodes over other untrusted networks such as - Wireless LAN is not uncommon. - - * Private - - Private means that non-participating nodes cannot decode ("sniff)" - nor inject ("spoof") packets. This means that nodes can be - connected over untrusted networks such as the public Internet - without fear of being eavesdropped while at the same time being - able to trust data sent by other nodes. - - In the case of GVPE, even participating nodes cannot sniff packets - send to other nodes or spoof packets as if sent from other nodes, - so communications between any two nodes is private to those two - nodes. - - * Network - - Network means that more than two parties can participate in the - network, so for instance it's possible to connect multiple - branches of a company into a single network. Many so-called "VPN" - solutions only create point-to-point tunnels, which in turn can be - used to build larger networks. - - GVPE provides a true multi-point network in which any number of - nodes (at least a few dozen in practise, the theoretical limit is - 4095 nodes) can participate. - - -2.2.2 GVPE DESIGN GOALS ------------------------ - - * SIMPLE DESIGN - - Cipher, HMAC algorithms and other key parameters must be selected - at compile time - this makes it possible to only link in - algorithms you actually need. It also makes the crypto part of the - source very transparent and easy to inspect, and last not least - this makes it possible to hardcode the layout of all packets into - the binary. GVPE goes a step further and internally reserves - blocks of the same length for all packets, which virtually removes - all possibilities of buffer overflows, as there is only a single - type of buffer and it's always of fixed length. - - * EASY TO SETUP - - A few lines of config (the config file is shared unmodified - between all hosts) and a single run of gvpectrl to generate the - keys suffices to make it work. - - * MAC-BASED SECURITY - - Since every host has it's own private key, other hosts cannot - spoof traffic from this host. That makes it possible to filter - packet by MAC address, e.g. to ensure that packets from a specific - IP address come, in fact, from a specific host that is associated - with that IP and not from another host. - - -2.3 PROGRAMS -============ - -Gvpe comes with two programs: one daemon (gvpe) and one control program -(gvpectrl). - - * gvpectrl - - This program is used to generate the keys, check and give an - overview of of the configuration and to control the daemon - (restarting etc.). - - * gvpe - - This is the daemon used to establish and maintain connections to - the other network nodes. It should be run on the gateway of each - VPN subnet. - - -2.4 COMPILETIME CONFIGURATION -============================= - -Please have a look at the gvpe.osdep(5) manpage for platform-specific -information. - - Gvpe hardcodes most encryption parameters. While this reduces -flexibility, it makes the program much simpler and helps making buffer -overflows impossible under most circumstances. - - Here are a few recipes for compiling your gvpe, showing the extremes -(fast, small, insecure OR slow, large, more secure), between which you -should choose: - -2.4.1 AS LOW PACKET OVERHEAD AS POSSIBLE ----------------------------------------- - - ./configure --enable-hmac-length=4 --enable-rand-length=0 - - Minimize the header overhead of VPN packets (the above will result -in only 4 bytes of overhead over the raw ethernet frame). This is a -insecure configuration because a HMAC length of 4 makes collision -attacks based on the birthday paradox pretty easy. - -2.4.2 MINIMIZE CPU TIME REQUIRED --------------------------------- - - ./configure --enable-cipher=bf --enable-digest=md4 - - Use the fastest cipher and digest algorithms currently available in -gvpe. MD4 has been broken and is quite insecure, though, so using -another digest algorithm is recommended. - -2.4.3 MAXIMIZE SECURITY ------------------------ - - ./configure --enable-hmac-length=16 --enable-rand-length=8 --enable-digest=sha1 - - This uses a 16 byte HMAC checksum to authenticate packets (I guess -8-12 would also be pretty secure ;) and will additionally prefix each -packet with 8 bytes of random data. In the long run, people should move -to SHA-256 and beyond). - - In general, remember that AES-128 seems to be as secure but faster -than AES-192 or AES-256, more randomness helps against sniffing and a -longer HMAC helps against spoofing. MD4 is a fast digest, SHA1, -RIPEMD160, SHA256 are consecutively better, and Blowfish is a fast -cipher (and also quite secure). - -2.5 HOW TO SET UP A SIMPLE VPN -============================== - -In this section I will describe how to get a simple VPN consisting of -three hosts up and running. - -2.5.1 STEP 1: configuration ---------------------------- - -First you have to create a daemon configuration file and put it into -the configuration directory. This is usually /etc/gvpe, depending on -how you configured gvpe, and can be overwritten using the -c command -line switch. - - Put the following lines into /etc/gvpe/gvpe.conf: - - udp-port = 50000 # the external port to listen on (configure your firewall) - mtu = 1400 # minimum MTU of all outgoing interfaces on all hosts - ifname = vpn0 # the local network device name - - node = first # just a nickname - hostname = first.example.net # the DNS name or IP address of the host - - node = second - hostname = 133.55.82.9 - - node = third - hostname = third.example.net - - The only other file necessary is the if-up script that initializes -the virtual ethernet interface on the local host. Put the following -lines into /etc/gvpe/if-up and make it executable (chmod 755 -/etc/gvpe/if-up): - - #!/bin/sh - ip link set $IFNAME address $MAC mtu $MTU up - [ $NODENAME = first ] && ip addr add 10.0.1.1 dev $IFNAME - [ $NODENAME = second ] && ip addr add 10.0.2.1 dev $IFNAME - [ $NODENAME = third ] && ip addr add 10.0.3.1 dev $IFNAME - ip route add 10.0.0.0/16 dev $IFNAME - - This script will give each node a different IP address in the -10.0/16 network. The internal network (if gvpe runs on a router) -should then be set to a subset of that network, e.g. 10.0.1.0/24 on -node first, 10.0.2.0/24 on node second, and so on. - - By enabling routing on the gateway host that runs gvpe all nodes -will be able to reach the other nodes. You can, of course, also use -proxy ARP or other means of pseudo-bridging, or (best) full routing - -the choice is yours. - -2.5.2 STEP 2: create the RSA key pairs for all hosts ----------------------------------------------------- - -Run the following command to generate all key pairs for all nodes (that -might take a while): - - gvpectrl -c /etc/gvpe -g - - This command will put the public keys into -/etc/gvpe/pubkeys/_nodename_ and the private keys into -/etc/gvpe/hostkeys/_nodename_. - -2.5.3 STEP 3: distribute the config files to all nodes ------------------------------------------------------- - -Now distribute the config files and private keys to the other nodes. -This should be done in two steps, since only the private keys meant for -a node should be distributed (so each node has only it's own private -key). - - The example uses rsync-over-ssh - - First all the config files without the hostkeys should be -distributed: - - rsync -avzessh /etc/gvpe first.example.net:/etc/. --exclude hostkeys - rsync -avzessh /etc/gvpe 133.55.82.9:/etc/. --exclude hostkeys - rsync -avzessh /etc/gvpe third.example.net:/etc/. --exclude hostkeys - - Then the hostkeys should be copied: - - rsync -avzessh /etc/gvpe/hostkeys/first first.example.net:/etc/hostkey - rsync -avzessh /etc/gvpe/hostkeys/second 133.55.82.9:/etc/hostkey - rsync -avzessh /etc/gvpe/hostkeys/third third.example.net:/etc/hostkey - - You should now check the configuration by issuing the command -gvpectrl -c /etc/gvpe -s on each node and verify it's output. - -2.5.4 STEP 4: starting gvpe ---------------------------- - -You should then start gvpe on each node by issuing a command like: - - gvpe -D -l info first # first is the nodename - - This will make the gvpe daemon stay in foreground. You should then -see "connection established" messages. If you don't see them check your -firewall and routing (use tcpdump ;). - - If this works you should check your networking setup by pinging -various endpoints. - - To make gvpe run more permanently you can either run it as a daemon -(by starting it without the -D switch), or, much better, from your -inittab or equivalent. I use a line like this on all my systems: - - t1:2345:respawn:/opt/gvpe/sbin/gvpe -D -L first >/dev/null 2>&1 - -2.5.5 STEP 5: enjoy -------------------- - -... and play around. Sending a -HUP (gvpectrl -kHUP) to the daemon will -make it try to connect to all other nodes again. If you run it from -inittab, as is recommended, gvpectrl -k (or simply killall gvpe) will -kill the daemon, start it again, making it read it's configuration -files again. - -2.6 COPYRIGHTS AND LICENSES -=========================== - -GVPE itself is distributed under the GENERAL PUBLIC LICENSE (see the -file COPYING that should be part of your distribution). - - In some configurations it uses modified versions of the tinc vpn -suite, which is also available under the GENERAL PUBLIC LICENSE. - - -File: gvpe.info, Node: OS Dependencies, Next: gvpe.conf, Prev: Overview, Up: Top - -3 OS Dependencies -***************** - -3.1 NAME -======== - -gvpe.osdep - os dependent information - -3.2 DESCRIPTION -=============== - -This file tries to capture OS-dependent configuration or build issues, -quirks and platform limitations, as known. - -3.3 TUN vs. TAP interface -========================= - -Most operating systems nowadays support something called a -_tunnel_-device, which makes it possible to divert IPv4 (and often -other protocols, too) into a user space daemon like gvpe. This is being -referred to as a TUN-device. - - This is fine for point-to-point tunnels, but for a virtual ethernet, -an additional ethernet header is needed. This functionality (called a -TAP device here) is only provided by a subset of the configurations. - - On platforms only supporting a TUN-device, gvpe will invoke it's -magical ethernet emulation package, which currently only handles ARP -requests for the IPv4 protocol (but more could be added, bu the tincd -network drivers might need to be modified for this to work). This means -that on those platforms, only IPv4 will be supported. - - Also, since there is no way (currently) to tell gvpe which IP -subnets are found on a specific host, you will either need to hardwire -the MAC address for TUN-style hosts on all networks (and avoid ARP -altogether, which is possible), or you need to send a packet from these -hosts into the vpn network to tell gvpe the local interface address. - -3.4 Interface Initialisation -============================ - -Unless otherwise notes, the network interface will be initialized with -the expected MAC address and correct MTU value. With most interface -drivers, this is done by running /sbin/ifconfig, so make sure that this -command exists. - -3.5 Interface Types -=================== - -3.5.1 native/linux ------------------- - -TAP-device; already part of the kernel (only 2.4+ supported, but see -tincd/linux). This is the configuration tested best, as gvpe is being -developed on this platform. - - ifname should be set to the name of the network device. - - To hardwire ARP addresses, use iproute2 (arp can do it, too): - - MAC=fe:fd:80:00:00:$(printf "%02x" $NODEID) - ip neighbour add 10.11.12.13 lladdr $MAC nud permanent dev $IFNAME - -3.5.2 tincd/linux ------------------ - -TAP-device; already part of the kernel (2.2 only). See native/linux for -more info. - - ifname should be set to the path of a tap device, e.g. /dev/tap0. -The interface will be named accordingly. - -3.5.3 native/cygwin -------------------- - -TAP-device; The TAP device to be used must either be the CIPE driver -(http://cipe-win32.sourceforge.net/), or (highly recommended) the newer -TAP-Win32 driver bundled with openvpn (http://openvpn.sf.net/). Just -download and run the openvpn installer. The only option you need to -select is the TAP driver. - - ifname should be set to the name of the device, found in the -registry at (no kidding :): - - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\\Connection\Name - - The MAC address is dynamically being patched into packets and -ARP-requests, so only IPv4 works with ARP on this platform. - -3.5.4 tincd/bsd ---------------- - -TAP-device, maybe; migth work for many bsd variants. - - This driver is a newer version of the tincd/*bsd drivers. It _might_ -provide a TAP device, or might not work at all. You might try this -interface type first, and, if it doesn't work, try one of the -OS-specific drivers. - -3.5.5 tincd/freebsd -------------------- - -TAP-device; part of the kernel (since 4.x, maybe earlier). - - ifname should be set to the path of a tap device, e.g. /dev/tap0. -The interface will be named accordingly. - - These commands might be helpful examples: - - ifconfig $IFNAME 10.0.0.$NODEID - route add -net 10.0.0.0 -netmask 255.255.255.0 -interface $IFNAME 10.0.0.$NODEID - -3.5.6 tincd/netbsd ------------------- - -TUN-device; The interface is a point-to-point device. To initialize it, -you currently need to configure it as a point-to-point device, giving -it an address on your vpn (the exact address doesn't matter), like this: - - ifconfig $IFNAME mtu $MTU up - ifconfig $IFNAME 10.11.12.13 10.55.66.77 - route add -net 10.0.0.0 10.55.66.77 255.0.0.0 - ping -c1 10.55.66.77 # ping once to tell gvpe your gw ip - - The ping is required to tell the ARP emulator inside GVPE the local -IP address. - - ifname should be set to the path of a tun device, e.g. /dev/tun0. -The interface will be named accordingly. - -3.5.7 tincd/openbsd -------------------- - -TUN-device; already part of the kernel. See tincd/netbsd for more -information. - -3.5.8 native/darwin -------------------- - -TAP-device; - - The necessary kernel extension can be found here: - - http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ - - There are two drivers, the one to use is the "tap" driver. It driver -must be loaded before use, read the docs on how to install it as a -startup item. - - ifname should be set to the path of a tap device, e.g. /dev/tap0. -The interface will be named accordingly. - - These commands might be helpful examples: - - ifconfig $IFNAME 10.0.0.$NODEID - route add -net 10.0.0.0 -interface $IFNAME 255.255.255.0 - -3.5.9 tincd/darwin ------------------- - -TUN-device; See tincd/netbsd for more information. native/darwin is -preferable. - - The necessary kernel extension can be found here: - - http://chrisp.de/en/projects/tunnel.html - - ifname should be set to the path of a tun device, e.g. /dev/tun0. -The interface will be named accordingly. - - The driver must be loaded before use: - - kmodload tunnel - -3.5.10 tincd/solaris --------------------- - -TUN-device; already part of the kernel(?), or available here: - - http://vtun.sourceforge.net/tun/ - - Some precompiled tun drivers might be available here: - - http://www.monkey.org/~dugsong/fragroute/ - - The interface MAC and MTU are _NOT_ set up for you. Please try it -out and send me an ifconfig command invocation that does that. - - See tincd/netbsd for more information. - - Completely untested so far. - -3.5.11 tincd/mingw ------------------- - -TAP-device; see native/cygwin for more information. - - The setup is likely to be similar to native/cygwin. - - Completely untested so far. - -3.5.12 tincd/raw_socket ------------------------ - -TAP-device; purpose unknown and untested, probably binds itself on an -existing ethernet device (given by ifname). It must be down prior to -running the command, and GVPE will try to set it's MAC address and MTU -to the "correct" values. - - Completely untested so far. - -3.5.13 tincd/uml_socket ------------------------ - -TAP-device; purpose unknown and untested, probably creates a UNIX -datagram socket (path given by ifname) and reads and writes raw -packets, so might be useful in other than UML contexts. - - No network interface is created, and the MAC and MTU must be set as -appropriate on the other side of the socket. GVPE will exit if the MAC -address doesn't match what it expects. - - Completely untested so far. - -3.5.14 tincd/cygwin -------------------- - -Known to be broken, use native/cygwin instead. - - -File: gvpe.info, Node: gvpe.conf, Next: gvpectrl, Prev: OS Dependencies, Up: Top - -4 gvpe.conf -*********** - -4.1 NAME -======== - -gvpe.conf - configuration file for the GNU VPE daemon - -4.2 SYNOPSIS -============ - - # global options for all nodes - udp-port = 407 - mtu = 1492 - ifname = vpn0 - - # first node is named branch1 and is at 1.2.3.4 - node = branch1 - hostname = 1.2.3.4 - - # second node uses dns to resolve the address - node = branch2 - hostname = www.example.net - udp-port = 500 # this host uses a different udp-port - - # third node has no fixed ip address - node = branch3 - connect = ondemand - -4.3 DESCRIPTION -=============== - -The gvpe config file consists of a series of lines that contain -variable = value pairs. Empty lines are ignored. Comments start with a -# and extend to the end of the line. They can be used on their own -lines, or after any directives. Whitespace is allowed around the = sign -or after values, but not within the variable names or values themselves. - - The only exception to the above is the "on" directive that can -prefix any name = value setting and will only "execute" it on the named -node, or (if the nodename starts with "!") on all nodes except the -named one. - - For example, set the MTU to 1450 everywhere, loglevel to noise on -branch1, and connect to ondemand everywhere but on branch2: - - mtu = 1450 - on branch1 loglevel = noise - on !branch2 connect = ondemand - - All settings are applied "in order", that is, later settings of the -same variable overwrite earlier ones. - -4.4 ANATOMY OF A CONFIG FILE -============================ - -Usually, a config file starts with a few global settings (like the UDP -port to listen on), followed by node-specific sections that begin with -a node = nickname line. - - Every node that is part of the network must have a section that -starts with node = nickname. The number and order of the nodes is -important and must be the same on all nodes. It is not uncommon for -node sections to be completely empty - if the default values are right. - - Node-specific settings can be used at any time. If used before the -first node section they will set the default values for all following -nodes. - -4.5 CONFIG VARIABLES -==================== - -4.5.1 GLOBAL SETTINGS ---------------------- - -Global settings will affect the behaviour of the running gvpe daemon, -that is, they are in some sense node-specific (config files can set -different values on different nodes using on), but will affect the -behaviour of the gvpe daemon and all connections it creates. - - * dns-forw-host = hostname/ip - - The DNS server to forward DNS requests to for the DNS tunnel - protocol (default: 127.0.0.1, changing it is highly recommended). - - * dns-forw-port = port-number - - The port where the dns-forw-host is to be contacted (default: 53, - which is fine in most cases). - - * dns-max-outstanding = integer-number-of-requests - - The maximum number of outstanding DNS transport requests (default: - 100). GVPE will never issue more requests then the given limit - without receiving replies. In heavily overloaded situations it - might help to set this to a low number (e.g. 3 or even 1) to limit - the number of parallel requests. - - The default should be working OK for most links. - - * dns-overlap-factor = float - - The DNS transport uses the minimum request latency (*min_latency*) - seen during a connection as it's timing base. This factor - (default: 0.5, must be > 0) is multiplied by *min_latency* to get - the maximum sending rate (= minimum send interval), i.e. a factor - of 1 means that a new request might be generated every - *min_latency* seconds, which means on average there should only - ever be one outstanding request. A factor of 0.5 means that GVPE - will send requests twice as often as the minimum latency measured. - - For congested or picky DNS forwarders you could use a value nearer - to or exceeding 1. - - The default should be working OK for most links. - - * dns-send-interval = send-interval-in-seconds - - The minimum send interval (= maximum rate) that the DNS transport - will use to send new DNS requests. GVPE will not exceed this rate - even when the latency is very low. The default is 0.01, which - means GVPE will not send more than 100 DNS requests per connection - per second. For high-bandwidth links you could go lower, e.g. to - 0.001 or so. For congested or rate-limited links, you might want - to go higher, say 0.1, 0.2 or even higher. - - The default should be working OK for most links. - - * dns-timeout-factor = float - - Factor to multiply the min_latency (see dns-overlap-factor) by to - get request timeouts. The default of 8 means that the DNS - transport will resend the request when no reply has been received - for longer than eight times the minimum (= expected) latency, - assuming the request or reply has been lost. - - For congested links a higher value might be necessary (e.g. 30). - If the link is very stable lower values (e.g. 2) might work - nicely. Values near or below 1 makes no sense whatsoever. - - The default should be working OK for most links but will result in - low throughput if packet loss is high. - - * if-up = relative-or-absolute-path - - Sets the path of a script that should be called immediately after - the network interface is initialized (but not necessarily up). The - following environment variables are passed to it (the values are - just examples). - - Variables that have the same value on all nodes: - - * CONFBASE=/etc/gvpe - - The configuration base directory. - - * IFNAME=vpn0 - - The network interface to initialize. - - * IFTYPE=native # or tincd - - * IFSUBTYPE=linux # or freebsd, darwin etc.. - - The interface type (native or tincd) and the subtype (usually - the OS name in lowercase) that this GVPE was configured for. - Can be used to select the correct syntax to use for - network-related commands. - - * MTU=1436 - - The MTU to set the interface to. You can use lower values (if - done consistently on all nodes), but this is usually either - inefficient or simply ineffective. - - * NODES=5 - - The number of nodes in this GVPE network. - - - Variables that are node-specific and with values pertaining to the - node running this GVPE: - - * IFUPDATA=string - - The value of the configuration directive if-up-data. - - * MAC=fe:fd:80:00:00:01 - - The MAC address the network interface has to use. - - Might be used to initialize interfaces on platforms where - GVPE does not do this automatically. Please see the - gvpe.osdep(5) man page for platform-specific information. - - * NODENAME=branch1 - - The nickname of the node. - - * NODEID=1 - - The numerical node ID of the node running this instance of - GVPE. The first node mentioned in the config file gets ID 1, - the second ID 2 and so on. - - - In addition, all node-specific variables (except NODEID) will be - available with a postfix of _nodeid, which contains the value for - that node, e.g. the MAC_1 variable contains the MAC address of - node #1, while the NODENAME_22 variable contains the name of node - #22. - - Here is a simple if-up script: - - #!/bin/sh - ip link set $IFNAME up - [ $NODENAME = branch1 ] && ip addr add 10.0.0.1 dev $IFNAME - [ $NODENAME = branch2 ] && ip addr add 10.1.0.1 dev $IFNAME - ip route add 10.0.0.0/8 dev $IFNAME - - More complicated examples (using routing to reduce ARP traffic) - can be found in the `etc/' subdirectory of the distribution. - - * ifname = devname - - Sets the tun interface name to the given name. The default is - OS-specific and most probably something like tun0. - - * ifpersist = yes|true|on | no|false|off - - Should the tun/tap device be made persistent, that is, should the - device stay up even when gvpe exits? Some versions of the tunnel - device have problems sending packets when gvpe is restarted in - persistent mode, so if the connections can be established but you - cannot send packets from the local node, try to set this to off - and do an ifconfig down on the device. - - * ip-proto = numerical-ip-protocol - - Sets the protocol number to be used for the rawip protocol. This - is a global option because all nodes must use the same protocol, - and since there are no port numbers, you cannot easily run more - than one gvpe instance using the same protocol, nor can you share - the protocol with other programs. - - The default is 47 (GRE), which has a good chance of tunneling - through firewalls (but note that gvpe's rawip protocol is not GRE - compatible). Other common choices are 50 (IPSEC, ESP), 51 (IPSEC, - AH), 4 (IPIP tunnels) or 98 (ENCAP, rfc1241). - - Many versions of Linux seem to have a bug that causes them to - reorder packets for some ip protocols (GRE, ESP) but not for - others (AH), so choose wisely (that is, use 51, AH). - - * http-proxy-host = hostname/ip - - The http-proxy-* family of options are only available if gvpe was - compiled with the -enable-http-proxy option and enable tunneling - of tcp connections through a http proxy server. - - http-proxy-host and http-proxy-port should specify the hostname - and port number of the proxy server. See http-proxy-loginpw if - your proxy requires authentication. - - Please note that gvpe will still try to resolve all hostnames in - the configuration file, so if you are behind a proxy without - access to a DNS server better use numerical IP addresses. - - To make best use of this option disable all protocols except TCP - in your config file and make sure your routers (or all other - nodes) are listening on a port that the proxy allows (443, https, - is a common choice). - - If you have a router, connecting to it will suffice. Otherwise TCP - must be enabled on all nodes. - - Example: - - http-proxy-host = proxy.example.com - http-proxy-port = 3128 # 8080 is another common choice - http-proxy-auth = schmorp:grumbeere - - * http-proxy-port = proxy-tcp-port - - The port where your proxy server listens. - - * http-proxy-auth = login:password - - The optional login and password used to authenticate to the proxy - server, separated by a literal colon (:). Only basic - authentication is currently supported. - - * keepalive = seconds - - Sets the keepalive probe interval in seconds (default: 60). After - this many seconds of inactivity the daemon will start to send - keepalive probe every 3 seconds until it receives a reply from the - other end. If no reply is received within 15 seconds, the peer is - considered unreachable and the connection is closed. - - * loglevel = noise|trace|debug|info|notice|warn|error|critical - - Set the logging level. Connection established messages are logged - at level info, notable errors are logged with error. Default is - info. - - * mtu = bytes - - Sets the maximum MTU that should be used on outgoing packets - (basically the MTU of the outgoing interface) The daemon will - automatically calculate maximum overhead (e.g. UDP header size, - encryption blocksize...) and pass this information to the if-up - script. - - Recommended values are 1500 (ethernet), 1492 (pppoe), 1472 (pptp). - - This value must be the minimum of the MTU values of all nodes. - - * node = nickname - - Not really a config setting but introduces a node section. The - nickname is used to select the right configuration section and - must be passed as an argument to the gvpe daemon. - - * node-up = relative-or-absolute-path - - Sets a command (default: none) that should be called whenever a - connection is established (even on rekeying operations). Note that - node-up/down scripts will be run asynchronously, but execution is - serialised, so there will only ever be one such script running. - - In addition to all the variables passed to if-up scripts, the - following environment variables will be set (values are just - examples): - - * DESTNODE=branch2 - - The name of the remote node. - - * DESTID=2 - - The node id of the remote node. - - * DESTSI=rawip/88.99.77.55:0 - - The "socket info" of the target node, protocol dependent but - usually in the format protocol/ip:port. - - * DESTIP=188.13.66.8 - - The numerical IP address of the remote node (gvpe accepts - connections from everywhere, as long as the other node can - authenticate itself). - - * DESTPORT=655 # deprecated - - The protocol port used by the other side, if applicable. - - * STATE=up - - Node-up scripts get called with STATE=up, node-change scripts - get called with STATE=change and node-down scripts get called - with STATE=down. - - - Here is a nontrivial example that uses nsupdate to update the name - => ip mapping in some DNS zone: - - #!/bin/sh - { - echo update delete $DESTNODE.lowttl.example.net. a - echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP - echo - } | nsupdate -d -k $CONFBASE:key.example.net. - - * node-change = relative-or-absolute-path - - Same as node-change, but gets called whenever something about a - connection changes (such as the source IP address). - - * node-down = relative-or-absolute-path - - Same as node-up, but gets called whenever a connection is lost. - - * pid-file = path - - The path to the pid file to check and create (default: - LOCALSTATEDIR/run/gvpe.pid). - - * private-key = relative-path-to-key - - Sets the path (relative to the config directory) to the private - key (default: hostkey). This is a printf format string so every % - must be doubled. A single %s is replaced by the hostname, so you - could use paths like hostkeys/%s to fetch the files at the - location where gvpectrl puts them. - - Since only the private key file of the current node is used and - the private key file should be kept secret per-node to avoid - spoofing, it is not recommended to use this feature. - - * rekey = seconds - - Sets the rekeying interval in seconds (default: 3600). Connections - are reestablished every rekey seconds, making them use a new - encryption key. - - * nfmark = integer - - This advanced option, when set to a nonzero value (default: 0), - tries to set the netfilter mark (or fwmark) value on all sockets - gvpe uses to send packets. - - This can be used to make gvpe use a different set of routing - rules. For example, on GNU/Linux, the if-up could set nfmark to - 1000 and then put all routing rules into table 99 and then use an - ip rule to make gvpe traffic avoid that routing table, in effect - routing normal traffic via gvpe and gvpe traffic via the normal - system routing tables: - - ip rule add not fwmark 1000 lookup 99 - - -4.5.2 NODE SPECIFIC SETTINGS ----------------------------- - -The following settings are node-specific, that is, every node can have -different settings, even within the same gvpe instance. Settings that -are set before the first node section set the defaults, settings that -are set within a node section only apply to the given node. - - * allow-direct = nodename - - Allow direct connections to this node. See deny-direct for more - info. - - * compress = yes|true|on | no|false|off - - For the current node, this specified whether it will accept - compressed packets, and for all other nodes, this specifies - whether to try to compress data packets sent to this node - (default: yes). Compression is really cheap even on slow - computers, has no size overhead at all and will only be used when - the other side supports compression, so enabling this is often a - good idea. - - * connect = ondemand | never | always | disabled - - Sets the connect mode (default: always). It can be always (always - try to establish and keep a connection to the given node), never - (never initiate a connection to the given host, but accept - connections), ondemand (try to establish a connection when there - are outstanding packets in the queue and take it down after the - keepalive interval) or disabled (node is bad, don't talk to it). - - Routers will automatically be forced to always unless they are - disabled, to ensure all nodes can talk to each other. - - * deny-direct = nodename | * - - Deny direct connections to the specified node (or all nodes when * - is given). Only one node can be specified, but you can use - multiple allow-direct and deny-direct statements. This only makes - sense in networks with routers, as routers are required for - indirect connections. - - Sometimes, a node cannot reach some other nodes for reasons of - network connectivity. For example, a node behind a firewall that - only allows connections to/from a single other node in the - network. In this case one should specify deny-direct = * and - allow-direct = othernodename (the other node _must_ be a router - for this to work). - - The algorithm to check whether a connection may be direct is as - follows: - - 1. Other node mentioned in an allow-direct? If yes, allow the - connection. - - 2. Other node mentioned in a deny-direct? If yes, deny direct - connections. - - 3. Allow the connection. - - That is, allow-direct takes precedence over deny-direct. - - The check is done in both directions, i.e. both nodes must allow a - direct connection before one is attempted, so you only need to - specify connect limitations on one node. - - * dns-domain = domain-suffix - - The DNS domain suffix that points to the DNS tunnel server for - this node. - - The domain must point to a NS record that points to the - _dns-hostname_, i.e. - - dns-domainname = tunnel.example.net - dns-hostname = tunnel-server.example.net - - Corresponds to the following DNS entries in the example.net domain: - - tunnel.example.net. NS tunnel-server.example.net. - tunnel-server.example.net. A 13.13.13.13 - - * dns-hostname = hostname/ip - - The address to bind the DNS tunnel socket to, similar to the - hostname, but for the DNS tunnel protocol only. Default: 0.0.0.0, - but that might change. - - * dns-port = port-number - - The port to bind the DNS tunnel socket to. Must be 53 on DNS - tunnel servers. - - * enable-dns = yes|true|on | no|false|off - - See gvpe.protocol(7) for a description of the DNS transport - protocol. Avoid this protocol if you can. - - Enable the DNS tunneling protocol on this node, either as server - or as client. Support for this transport protocol is only - available when gvpe was compiled using the -enable-dns option. - - * enable-icmp = yes|true|on | no|false|off - - See gvpe.protocol(7) for a description of the ICMP transport - protocol. - - Enable the ICMP transport using ICMP packets of type icmp-type on - this node. - - * enable-rawip = yes|true|on | no|false|off - - See gvpe.protocol(7) for a description of the RAW IP transport - protocol. - - Enable the RAW IPv4 transport using the ip-proto protocol - (default: no). - - * enable-tcp = yes|true|on | no|false|off - - See gvpe.protocol(7) for a description of the TCP transport - protocol. - - Enable the TCPv4 transport using the tcp-port port (default: no). - Support for this transport protocol is only available when gvpe - was compiled using the -enable-tcp option. - - * enable-udp = yes|true|on | no|false|off - - See gvpe.protocol(7) for a description of the UDP transport - protocol. - - Enable the UDPv4 transport using the udp-port port (default: no, - unless no other protocol is enabled for a node, in which case this - protocol is enabled automatically). - - NOTE: Please specify enable-udp = yes if you want to use it even - though it might get switched on automatically, as some future - version might default to another default protocol. - - * hostname = hostname | ip [can not be defaulted] - - Forces the address of this node to be set to the given DNS - hostname or IP address. It will be resolved before each connect - request, so dyndns should work fine. If this setting is not - specified and a router is available, then the router will be - queried for the address of this node. Otherwise, the connection - attempt will fail. - - Note that DNS resolving is done synchronously, pausing the daemon. - If that is an issue you need to specify IP addresses. - - * icmp-type = integer - - Sets the type value to be used for outgoing (and incoming) packets - sent via the ICMP transport. - - The default is 0 (which is echo-reply, also known as - "ping-reply"). Other useful values include 8 (echo-request, a.k.a. - "ping") and 11 (time-exceeded), but any 8-bit value can be used. - - * if-up-data = value - - The value specified using this directive will be passed to the - if-up script in the environment variable IFUPDATA. - - * inherit-tos = yes|true|on | no|false|off - - Whether to inherit the TOS settings of packets sent to the tunnel - when sending packets to this node (default: yes). If set to yes - then outgoing tunnel packets will have the same TOS setting as the - packets sent to the tunnel device, which is usually what you want. - - * max-retry = positive-number - - The maximum interval in seconds (default: 3600, one hour) between - retries to establish a connection to this node. When a connection - cannot be established, gvpe uses exponential back-off capped at - this value. It's sometimes useful to set this to a much lower - value (e.g. 120) on connections to routers that usually are stable - but sometimes are down, to assure quick reconnections even after - longer downtimes. - - * max-ttl = seconds - - Expire packets that couldn't be sent after this many seconds - (default: 60). Gvpe will normally queue packets for a node without - an active connection, in the hope of establishing a connection - soon. This value specifies the maximum lifetime a packet will stay - in the queue, if a packet gets older, it will be thrown away. - - * max-queue = positive-number>=1 - - The maximum number of packets that will be queued (default: 512) - for this node. If more packets are sent then earlier packets will - be expired. See max-ttl, above. - - * router-priority = 0 | 1 | positive-number>=2 - - Sets the router priority of the given node (default: 0, disabled). - - If some node tries to connect to another node but it doesn't have - a hostname, it asks a router node for it's IP address. The router - node chosen is the one with the highest priority larger than 1 - that is currently reachable. This is called a _mediated_ - connection, as the connection itself will still be direct, but it - uses another node to mediate between the two nodes. - - The value 0 disables routing, that means if the node receives a - packet not for itself it will not forward it but instead drop it. - - The special value 1 allows other hosts to route through the router - host, but they will never route through it by default (i.e. the - config file of another node needs to specify a router priority - higher than one to choose such a node for routing). - - The idea behind this is that some hosts can, if required, bump the - router-priority setting to higher than 1 in their local config to - route through specific hosts. If router-priority is 0, then - routing will be refused, so 1 serves as a "enable, but do not use - by default" switch. - - Nodes with router-priority set to 2 or higher will always be - forced to connect = always (unless they are disabled). - - * tcp-port = port-number - - Similar to udp-port (default: 655), but sets the TCP port number. - - * udp-port = port-number - - Sets the port number used by the UDP protocol (default: 655, not - officially assigned by IANA!). - - -4.6 CONFIG DIRECTORY LAYOUT -=========================== - -The default (or recommended) directory layout for the config directory -is: - - * gvpe.conf - - The config file. - - * if-up - - The if-up script - - * node-up, node-down - - If used the node up or node-down scripts. - - * hostkey - - The private key (taken from hostkeys/nodename) of the current host. - - * pubkey/nodename - - The public keys of the other nodes, one file per node. - - - -File: gvpe.info, Node: gvpectrl, Next: gvpe, Prev: gvpe.conf, Up: Top - -5 gvpectrl -********** - -5.1 NAME -======== - -gvpectrl - GNU Virtual Private Ethernet Control Program - -5.2 SYNOPSIS -============ - -gvpectrl [*-ckgs*] [*-config=*_DIR_] [*-generate-keys*] [*-help*] -[*-kill*[*=*_SIGNAL_]] [*-show-config*] [*-version*] - -5.3 DESCRIPTION -=============== - -This is the control program for the gvpe, the virtual private ethernet -daemon. - -5.4 OPTIONS -=========== - - * *-c*, *-config=*_DIR_ - - Read configuration options from _DIR_. - - * *-g*, *-generate-keys* - - Generate public/private RSA key-pair and exit. - - * *-q*, *-quiet* - - Suppresses messages the author finds nonessential for scripting - purposes. - - * *-help* - - Display short list of options. - - * *-kill*[*=*_SIGNAL_] - - Attempt to kill a running gvpectrl (optionally with the specified - _SIGNAL_ instead of SIGTERM) and exit. - - * *-show-config* - - Show a summary of the configuration, and how gvpe interprets it. - Can also be very useful when designing firewall scripts. - - * *-version* - - Output version information and exit. - - -5.5 BUGS -======== - -If you find any bugs, report them to gvpe@schmorp.de. - - -File: gvpe.info, Node: gvpe, Next: gvpe.protocol, Prev: gvpectrl, Up: Top - -6 gvpe -****** - -6.1 NAME -======== - -gvpe - GNU Virtual Private Ethernet Daemon - -6.2 SYNOPSIS -============ - -gvpe [*-cDlL*] [*-config=*_DIR_] [*-no-detach*] [*-l=*_LEVEL]_] -[*-kill*[*=*_SIGNAL_]] [*-mlock*] [*-help*] [*-version*] _NODENAME_ -[_option..._] - -6.3 DESCRIPTION -=============== - -See the gvpe(5) man page for an introduction to the gvpe suite. - - This is the manual page for gvpe, the virtual private ethernet -daemon. When started, gvpe will read it's configuration file to -determine the network topology, and other configuration information, -assuming the role of node _NODENAME_ - - It will then create/connect to the tun/tap device and set up a -socket for incoming connections. Then a if-up script will be executed -to further configure the virtual network device. If that succeeds, it -will detach from the controlling terminal and continue in the -background, accepting and setting up connections to other gvpe daemons -that are part of the same virtual private ethernet. - - The optional arguments after the node name have to be of the form: - - [I.]var=value - - If the argument has a prefix of nodename. (i.e. -laptop.enable-dns=yes) then it will be parsed after all the config -directives for that node, if not, it is parsed before the first node -directive in the config file, and can be used to set global options or -default variables. - - For example, to start gvpe in the foreground, with log-level info on -the node laptop, with TCP enabled and HTTP-Proxy host and Port set, use -this: - - gvpe -D -l info laptop \ - http-proxy-host=10.0.0.18 http-proxy-port=3128 \ - laptop.enable-tcp=yes - -6.4 OPTIONS -=========== - - * *-c*, *-config=*_DIR_ - - Read configuration options from _DIR_ - - * *-d*, *-l=*_LEVEL_ - - Set logging level to _LEVEL_ (one of: noise, trace, debug, info, - notice, warn, error, critical). - - * *-help* - - Display short list of options. - - * *-D*, *-no-detach* - - Don't fork and detach but stay in foreground and log messages to - stderr in addition to syslog. - - * *-L*, *-mlock* - - Lock gvpe into main memory. This will prevent sensitive data like - shared private keys to be written to the system swap - files/partitions. - - * *-version* - - Output version information and exit. - - -6.5 SIGNALS -=========== - - * HUP - - Closes/resets all connections, resets the retry time and will - start connecting again (it will NOT re-read the config file). This - is useful e.g. in a /etc/ppp/if-up script. - - * TERM - - Closes/resets all connections and exits. - - * USR1 - - Dump current network status into the syslog (at loglevel notice, - so make sure your loglevel allows this). - - -6.6 FILES -========= - - * /etc/gvpe/gvpe.conf - - The configuration file for gvpe. - - * /etc/gvpe/if-up - - Script which is executed as soon as the virtual network device has - been allocated. Purpose is to further configure that device. - - * /etc/gvpe/node-up - - Script which is executed whenever a node connects to this node. - This can be used for example to run nsupdate. - - * /etc/gvpe/node-down - - Script which is executed whenever a connection to another node is - lost. for example to run nsupdate. - - * /etc/gvpe/pubkey/* - - The directory containing the public keys for every node, usually - autogenerated by executing gvpectrl -generate-keys. - - * /var/run/gvpe.pid - - The PID of the currently running gvpe is stored in this file. - - -6.7 BUGS -======== - -The cryptography in gvpe has not been thoroughly checked by many people -yet. Use it at your own risk! - - If you find any bugs, report them to gvpe@schmorp.de. - - -File: gvpe.info, Node: gvpe.protocol, Next: Simple Example, Prev: gvpe, Up: Top - -7 gvpe.protocol -*************** - -7.1 The GNU-VPE Protocols -========================= - -7.2 Overview -============ - -GVPE can make use of a number of protocols. One of them is the GNU VPE -protocol which is used to authenticate tunnels and send encrypted data -packets. This protocol is described in more detail the second part of -this document. - - The first part of this document describes the transport protocols -which are used by GVPE to send it's data packets over the network. - -7.3 PART 1: Transport protocols -=============================== - -GVPE offers a wide range of transport protocols that can be used to -interchange data between nodes. Protocols differ in their overhead, -speed, reliability, and robustness. - - The following sections describe each transport protocol in more -detail. They are sorted by overhead/efficiency, the most efficient -transport is listed first: - -7.3.1 RAW IP ------------- - -This protocol is the best choice, performance-wise, as the minimum -overhead per packet is only 38 bytes. - - It works by sending the VPN payload using raw IP frames (using the -protocol set by ip-proto). - - Using raw IP frames has the drawback that many firewalls block -"unknown" protocols, so this transport only works if you have full IP -connectivity between nodes. - -7.3.2 ICMP ----------- - -This protocol offers very low overhead (minimum 42 bytes), and can -sometimes tunnel through firewalls when other protocols can not. - - It works by prepending an ICMP header with type icmp-type and a code -of 255. The default icmp-type is echo-reply, so the resulting packets -look like echo replies, which looks rather strange to network -administrators. - - This transport should only be used if other transports (i.e. raw IP) -are not available or undesirable (due to their overhead). - -7.3.3 UDP ---------- - -This is a good general choice for the transport protocol as UDP packets -tunnel well through most firewalls and routers, and the overhead per -packet is moderate (minimum 58 bytes). - - It should be used if RAW IP is not available. - -7.3.4 TCP ---------- - -This protocol is a very bad choice, as it not only has high overhead -(more than 60 bytes), but the transport also retries on it's own, which -leads to congestion when the link has moderate packet loss (as both the -TCP transport and the tunneled traffic will retry, increasing -congestion more and more). It also has high latency and is quite -inefficient. - - It's only useful when tunneling through firewalls that block better -protocols. If a node doesn't have direct internet access but a HTTP -proxy that supports the CONNECT method it can be used to tunnel through -a web proxy. For this to work, the tcp-port should be 443 (https), as -most proxies do not allow connections to other ports. - - It is an abuse of the usage a proxy was designed for, so make sure -you are allowed to use it for GVPE. - - This protocol also has server and client sides. If the tcp-port is -set to zero, other nodes cannot connect to this node directly. If the -tcp-port is non-zero, the node can act both as a client as well as a -server. - -7.3.5 DNS ---------- - -*WARNING:* Parsing and generating DNS packets is rather tricky. The -code almost certainly contains buffer overflows and other, likely -exploitable, bugs. You have been warned. - - This is the worst choice of transport protocol with respect to -overhead (overhead can be 2-3 times higher than the transferred data), -and latency (which can be many seconds). Some DNS servers might not be -prepared to handle the traffic and drop or corrupt packets. The client -also has to constantly poll the server for data, so the client will -constantly create traffic even if it doesn't need to transport packets. - - In addition, the same problems as the TCP transport also plague this -protocol. - - It's only use is to tunnel through firewalls that do not allow -direct internet access. Similar to using a HTTP proxy (as the TCP -transport does), it uses a local DNS server/forwarder (given by the -dns-forw-host configuration value) as a proxy to send and receive data -as a client, and an NS record pointing to the GVPE server (as given by -the dns-hostname directive). - - The only good side of this protocol is that it can tunnel through -most firewalls mostly undetected, iff the local DNS server/forwarder is -sane (which is true for most routers, wireless LAN gateways and -nameservers). - - Fine-tuning needs to be done by editing src/vpn_dns.C directly. - -7.4 PART 2: The GNU VPE protocol -================================ - -This section, unfortunately, is not yet finished, although the protocol -is stable (until bugs in the cryptography are found, which will likely -completely change the following description). Nevertheless, it should -give you some overview over the protocol. - -7.4.1 Anatomy of a VPN packet ------------------------------ - -The exact layout and field lengths of a VPN packet is determined at -compile time and doesn't change. The same structure is used for all -transport protocols, be it RAWIP or TCP. - - +------+------+--------+------+ - | HMAC | TYPE | SRCDST | DATA | - +------+------+--------+------+ - - The HMAC field is present in all packets, even if not used (e.g. in -auth request packets), in which case it is set to all zeroes. The -checksum itself is calculated over the TYPE, SRCDST and DATA fields in -all cases. - - The TYPE field is a single byte and determines the purpose of the -packet (e.g. RESET, COMPRESSED/UNCOMPRESSED DATA, PING, AUTH -REQUEST/RESPONSE, CONNECT REQUEST/INFO etc.). - - SRCDST is a three byte field which contains the source and -destination node IDs (12 bits each). - - The DATA portion differs between each packet type, naturally, and is -the only part that can be encrypted. Data packets contain more fields, -as shown: - - +------+------+--------+------+-------+------+ - | HMAC | TYPE | SRCDST | RAND | SEQNO | DATA | - +------+------+--------+------+-------+------+ - - RAND is a sequence of fully random bytes, used to increase the -entropy of the data for encryption purposes. - - SEQNO is a 32-bit sequence number. It is negotiated at every -connection initialization and starts at some random 31 bit value. VPE -currently uses a sliding window of 512 packets/sequence numbers to -detect reordering, duplication and replay attacks. - -7.4.2 The authentication protocol ---------------------------------- - -Before nodes can exchange packets, they need to establish authenticity -of the other side and a key. Every node has a private RSA key and the -public RSA keys of all other nodes. - - A host establishes a simplex connection by sending the other node an -RSA encrypted challenge containing a random challenge (consisting of -the encryption key to use when sending packets, more random data and -PKCS1_OAEP padding) and a random 16 byte "challenge-id" (used to detect -duplicate auth packets). The destination node will respond by replying -with an (unencrypted) RIPEMD160 hash of the decrypted challenge, which -will authenticate that node. The destination node will also set the -outgoing encryption parameters as given in the packet. - - When the source node receives a correct auth reply (by verifying the -hash and the id, which will expire after 120 seconds), it will start to -accept data packets from the destination node. - - This means that a node can only initiate a simplex connection, -telling the other side the key it has to use when it sends packets. The -challenge reply is only used to set the current IP address of the other -side and protocol parameters. - - This protocol is completely symmetric, so to be able to send packets -the destination node must send a challenge in the exact same way as -already described (so, in essence, two simplex connections are created -per node pair). - -7.4.3 Retrying --------------- - -When there is no response to an auth request, the node will send auth -requests in bursts with an exponential back-off. After some time it -will resort to PING packets, which are very small (8 bytes + protocol -header) and lightweight (no RSA operations required). A node that -receives ping requests from an unconnected peer will respond by trying -to create a connection. - - In addition to the exponential back-off, there is a global -rate-limit on a per-IP base. It allows long bursts but will limit total -packet rate to something like one control packet every ten seconds, to -avoid accidental floods due to protocol problems (like a RSA key file -mismatch between two nodes). - - The intervals between retries are limited by the max-retry -configuration value. A node with connect = always will always retry, a -node with connect = ondemand will only try (and re-try) to connect as -long as there are packets in the queue, usually this limits the retry -period to max-ttl seconds. - - Sending packets over the VPN will reset the retry intervals as well, -which means as long as somebody is trying to send packets to a given -node, GVPE will try to connect every few seconds. - -7.4.4 Routing and Protocol translation --------------------------------------- - -The GVPE routing algorithm is easy: there isn't much routing to speak -of: When routing packets to another node, GVPE trues the following -options, in order: - - * If the two nodes should be able to reach each other directly - (common protocol, port known), then GVPE will send the packet - directly to the other node. - - * If this isn't possible (e.g. because the node doesn't have a - hostname or known port), but the nodes speak a common protocol and - a router is available, then GVPE will ask a router to "mediate" - between both nodes (see below). - - * If a direct connection isn't possible (no common protocols) or - forbidden (deny-direct) and there are any routers, then GVPE will - try to send packets to the router with the highest priority that - is connected already _and_ is able (as specified by the config - file) to connect directly to the target node. - - * If no such router exists, then GVPE will simply send the packet to - the node with the highest priority available. - - * Failing all that, the packet will be dropped. - - - A host can usually declare itself unreachable directly by setting -it's port number(s) to zero. It can declare other hosts as unreachable -by using a config-file that disables all protocols for these other -hosts. Another option is to disable all protocols on that host in the -other config files. - - If two hosts cannot connect to each other because their IP -address(es) are not known (such as dial-up hosts), one side will send a -_mediated_ connection request to a router (routers must be configured -to act as routers!), which will send both the originating and the -destination host a connection info request with protocol information -and IP address of the other host (if known). Both hosts will then try -to establish a direct connection to the other peer, which is usually -possible even when both hosts are behind a NAT gateway. - - Routing via other nodes works because the SRCDST field is not -encrypted, so the router can just forward the packet to the destination -host. Since each host uses it's own private key, the router will not be -able to decrypt or encrypt packets, it will just act as a simple router -and protocol translator. - - -File: gvpe.info, Node: Simple Example, Next: Complex Example, Prev: gvpe.protocol, Up: Top - -8 Simple Example -**************** - -In this example, gvpe is used to implement a simple, UDP-based ethernet -on three hosts. - - The config file (gvpe.conf) is the same on all hosts: - - enable-udp = yes # use UDP - udp-port = 407 # use this UDP port - mtu = 1492 # handy for TDSL - ifname = vpn0 # I prefer vpn0 over e.g. tap0 - - node = huffy # arbitrary node name - hostname = 1.2.3.4 # ip address if this host - - node = welshy - hostname = www.example.net # resolve at connection time - - node = wheelery - # no hostname, will be determinded dynamically using router1 or router2 - - gvpe will execute the if-up script on every hosts, which, for linux, -could look like this for all three hosts: - - ifconfig $IFNAME hw ether $MAC mtu $MTU - ifconfig $IFNAME 10.0.0.$NODE - route add -net 10.0.0.0 netmask 255.0.0.0 dev $IFNAME - - The 10.0.0.$NODE resolves to 10.0.0.1 on huffy, 10.0.0.2 on welshy -and so on. Other schemes, such as 10.$NODE.0.1 might be useful, too. - - After generating the keys (gvpectrl) and starting the daemon (gvpe --D -l info _NODENAME_ for test purposes) the three hosts should be able -to ping each other. - - If you have an internal 10.x.x.x network (with a tighter netmask -then 255.0.0.0, e.g. 10.1.0.0 on huffy, 10.2.0.0 on welshy and so on), -you can now enable ip-forwarding and proxy-arp (or set the hosts as -default gateway), and your three hosts should forward traffic from each -network to each other. - - -File: gvpe.info, Node: Complex Example, Next: complex/gvpe.conf, Prev: Simple Example, Up: Top - -9 Complex Example -***************** - -These files are configuration files for "our" internal network. - - It is highly non-trivial, so don't use this configuration as the -basis of your network unless you know what you are doing. - - It features: around 30 hosts, many of them have additional networks -behind them and use an assortment of different tunneling protocols. The -vpn is fully routed, no arp is used at all. - - The public IP addresses of connecting nodes are automatically -registered via dns on the node ruth, using a node-up/node-down script. - - And last not least: the if-up script can generate information to be -used in firewall rules (IP-net/MAC-address pairs) so ensure packet -integrity so you can use your iptables etc. firewall to filter by IP -address only. - -* Menu: - -* complex/gvpe.conf:: An example gvpe configuration -* complex/if-up:: A fully-routing if-up config -* complex/node-up:: A node-up/node-down script utilizing dynds - - -File: gvpe.info, Node: complex/gvpe.conf, Next: complex/if-up, Prev: Complex Example, Up: Complex Example - -10 complex/gvpe.conf -******************** - - # sample configfile - # the config file must be exactly(!) the same on all nodes - - rekey = 54321 # the rekeying interval - keepalive = 300 # the keepalive interval - on ruth keepalive = 120 # ruth is important and demands lower keepalives - on surfer keepalive = 40 - mtu = 1492 # the mtu (minimum mtu of attached host) - ifname = vpn0 # the tunnel interface name to use - ifpersist = no # the tun device should be persistent - inherit-tos = yes # should tunnel packets inherit tos flags? - compress = yes # wether compression should be used (NYI) - connect = ondemand # connect to this host always/never or ondemand - router-priority = 1 # route for everybody - if necessary - - loglevel = notice # info logs connects, notice only important messages - on mobil loglevel = info - on doom loglevel = info - on ruth loglevel = info - - udp-port = 407 # the udp port to use for sending/receiving packets - tcp-port = 443 # the tcp port to listen for connections (we use https over proxy) - ip-proto = 50 # (ab)use the ipsec protocol as rawip - icmp-type = 0 # (ab)use echo replies for tunneling - enable-udp = yes # udp is spoken almost everywhere - enable-tcp = no # tcp is not spoken everywhere - enable-rawip = no # rawip is not spoken everywhere - enable-icmp = no # most hosts don't bother to icmp - - # every "node =" introduces a new node in the network - # the options following it don't set defaults but are - # node-specific. - - # marc@lap - node = mobil - - # marc@home - node = doom - enable-rawip = yes - enable-tcp = yes - - # marc@uni - node = ruth - enable-rawip = yes - enable-tcp = yes - enable-icmp = yes - hostname = 200.100.162.95 - connect = always - router-priority = 30 - on ruth node-up = node-up - on ruth node-down = node-up - - # marc@mu - node = frank - enable-rawip = yes - hostname = 44.88.167.250 - router-priority = 20 - connect = always - - # nethype - node = rain - enable-rawip = yes - hostname = 145.253.105.130 - router-priority = 10 - connect = always - - # marco@home - node = marco - enable-rawip = yes - - # stefan@ka - node = wappla - connect = never - - # stefan@lap - node = stefan - udp-port = 408 - connect = never - - # paul@wg - node = n8geil - on ruth enable-icmp = yes - on n8geil enable-icmp = yes - enable-udp = no - - # paul@lap - node = syrr - - # paul@lu - node = donomos - - # marco@hn - node = core - - # elmex@home - node = elmex - enable-rawip = yes - hostname = 100.251.143.181 - - # stefan@kwc.at - node = fwkw - connect = never - on stefan connect = always - on wappla connect = always - hostname = 182.73.81.146 - - # elmex@home - node = jungfrau - enable-rawip = yes - - # uni main router - node = surfer - enable-rawip = yes - enable-tcp = no - enable-icmp = yes - hostname = 200.100.162.79 - connect = always - router-priority = 40 - - # jkneer@marvin - node = marvin - enable-rawip = yes - enable-udp = no - - # jkneer@entrophy - node = entrophy - enable-udp = no - enable-tcp = yes - - # mr. primitive - node = voyager - enable-udp = no - enable-tcp = no - on voyager enable-tcp = yes - on voyager enable-udp = yes - - # v-server (barbados.dn-systems.de) - #node = vserver - #enable-udp = yes - #hostname = 193.108.181.74 - - -File: gvpe.info, Node: complex/if-up, Next: complex/node-up, Prev: complex/gvpe.conf, Up: Complex Example - -11 complex/if-up -**************** - - #!/bin/bash - - # Some environment variables will be set: - # - # CONFBASE=/etc/vpe # the configuration directory prefix - # IFNAME=vpn0 # the network interface (ifname) - # MAC=fe:fd:80:00:00:01 # the mac-address to use for the interface - # NODENAME=cerebro # the selected nodename (-n switch) - # NODEID=1 # the numerical node id - # MTU=1436 # the tunnel packet overhead (set mtu to 1500-$OVERHEAD) - - # this if-up script is rather full-featured, and is used to - # generate a fully-routed (no arp traffic) vpn. the main portion - # consists of "ipn" calls (see below). - - # some hosts require additional specific configuration, this is handled - # using if statements near the end of the script. - - # with the --fw switch, outputs mac/net pairs for your firewall use: - # if-up --fw | while read mac net; do - # iptables -t filter -A INPUT -i vpn0 -p all -m mac --mac-source \! $mac -s $net -j DROP - # done - - ipn() { - local id="$1"; shift - local mac=fe:fd:80:00:00:$(printf "%02x" $id) - if [ -n "$FW" ]; then - for net in "$@"; do - echo "$mac $net" - done - else - local ip="$1"; shift - if [ "$id" == $NODEID ]; then - [ -n "$ADDR_ONLY" ] && ip addr add $ip broadcast 10.255.255.255 dev $IFNAME - elif [ -z "$ADDR_ONLY" ]; then - ip neighbour add $ip lladdr $mac nud permanent dev $IFNAME - for route in "$@"; do - ip route add $route via $ip dev vpn0 - done - fi - fi - } - - ipns() { - # this contains the generic routing information for the vpn - # each call to ipn has the following parameters: - # ipn [ ...] - # the second line (ipn 2) means: - # the second node (doom in the config file) has the ip address 10.0.0.5, - # which is the gateway for the 10.0/28 network and three additional ip - # addresses - - ipn 1 10.0.0.20 - ipn 2 10.0.0.5 10.0.0.0/28 #200.100.162.92 200.100.162.93 100.99.218.222 - ipn 3 10.0.0.17 - ipn 4 10.0.0.18 - ipn 5 10.0.0.19 10.3.0.0/16 - ipn 6 10.0.0.21 10.0.2.0/26 #200.100.162.17 - ipn 7 10.0.0.22 10.1.2.0/24 # wappla, off - ipn 8 10.0.0.23 # stefan, off - ipn 9 10.0.0.24 10.13.0.0/16 - ipn 10 10.0.0.25 - ipn 11 10.0.0.26 - ipn 12 10.0.0.27 10.0.2.64/26 - ipn 13 10.0.0.28 10.0.3.0/24 - ipn 14 10.0.0.29 10.1.1.0/24 # fwkw, off - # mind the gateway ip gap - ipn 15 10.9.0.30 10.0.4.0/24 - ipn 16 10.9.0.31 - ipn 17 10.9.0.32 10.42.0.0/16 - ipn 18 10.9.0.33 - ipn 19 10.9.0.34 - #ipn 20 10.9.0.35 - } - - if [ "$1" == "--fw" ]; then - FW=1 - - ipns - else - exec >/var/log/vpe.if-up 2>&1 - set -x - - [ $NODENAME = "ruth" ] && ip link set $IFNAME down # hack - - # first set the link up and initialize the interface ip - # address. - ip link set $IFNAME address $MAC - ip link set $IFNAME mtu $MTU up - ADDR_ONLY=1 ipns # set addr only - - # now initialize the main vpn routes (10.0/8) - # the second route is a hack to to reach some funnily-connected - # machines. - ip route add 10.0.0.0/8 dev $IFNAME - ip route add 10.0.0.0/27 dev $IFNAME - - ipns # set the interface routes - - # now for something completely different, ehr, something not - # easily doable with ipn, namely some extra specific highly complicated - # and non-regular setups for some machines. - if [ $NODENAME = doom ]; then - ip addr add 200.100.162.92 dev $IFNAME - ip route add 200.100.0.0/16 via 10.0.0.17 dev $IFNAME - ip route flush table 101 - ip route add table 101 default src 200.100.162.92 via 10.0.0.17 dev $IFNAME - - ip addr add 100.99.218.222 dev $IFNAME - ip route add 100.99.218.192/27 via 10.0.0.19 dev $IFNAME - ip route flush table 103 - ip route add table 103 default src 100.99.218.222 via 10.0.0.19 - - elif [ $NODENAME = marco ]; then - ip addr add 200.100.162.17 dev $IFNAME - - for addr in 79 89 90 91 92 93 94 95; do - ip route add 200.100.162.$addr dev ppp0 - done - ip route add 200.100.76.0/23 dev ppp0 - ip route add src 200.100.162.17 200.100.0.0/16 via 10.0.0.17 dev $IFNAME - - elif [ $NODENAME = ruth ]; then - ip route add 200.100.162.17 via 10.0.0.21 dev vpn0 - ip route add 200.100.162.92 via 10.0.0.5 dev vpn0 - ip route add 200.100.162.93 via 10.0.0.5 dev vpn0 - - fi - - # and this is the second part of the 10.0/27 hack. don't ask. - [ $NODENAME != fwkw ] && ip route add 10.0.0.0/24 via 10.0.0.29 dev $IFNAME - fi - - -File: gvpe.info, Node: complex/node-up, Next: Index, Prev: complex/if-up, Up: Complex Example - -12 complex/node-up -****************** - - #!/bin/sh - - # Some environment variables will be set (in addition the ones - # set in if-up, too): - # - # DESTNODE=doom # others nodename - # DESTID=5 # others node id - # DESTIP=188.13.66.8 # others ip - # DESTPORT=407 # others port - # STATE=up/down # node-up gets UP, node-down script gets DOWN - - if [ $STATE = up ]; then - { - echo update delete $DESTNODE.lowttl.example.com. a - echo update delete $DESTNODE-last.lowttl.example.com. a - echo update add $DESTNODE.lowttl.example.com. 1 in a $DESTIP - echo update add $DESTNODE-last.lowttl.example.com. 1 in a $DESTIP - echo - } | nsupdate -d -k $CONFBASE:marc.example.net. - else - { - echo update delete $DESTNODE.lowttl.example.com. a - echo update delete $DESTNODE-last.lowttl.example.com. a - echo update add $DESTNODE-last.lowttl.example.com. 1 in a $DESTIP - echo - } | nsupdate -d -k $CONFBASE:marc.example.net. - fi - - -File: gvpe.info, Node: Index, Prev: complex/node-up, Up: Top - -13 Index -******** - -[index] -* Menu: - -* allow-direct: gvpe.conf. (line 436) -* compress: gvpe.conf. (line 441) -* CONFBASE: gvpe.conf. (line 157) -* connect: gvpe.conf. (line 451) -* deny-direct: gvpe.conf. (line 463) -* DESTID: gvpe.conf. (line 344) -* DESTIP: gvpe.conf. (line 353) -* DESTNODE: gvpe.conf. (line 340) -* DESTPORT: gvpe.conf. (line 359) -* DESTSI: gvpe.conf. (line 348) -* dns-domain: gvpe.conf. (line 495) -* dns-forw-host: gvpe.conf. (line 85) -* dns-forw-port: gvpe.conf. (line 90) -* dns-hostname: gvpe.conf. (line 511) -* dns-max-outstanding: gvpe.conf. (line 95) -* dns-overlap-factor: gvpe.conf. (line 105) -* dns-port: gvpe.conf. (line 517) -* dns-send-interval: gvpe.conf. (line 121) -* dns-timeout-factor: gvpe.conf. (line 133) -* enable-dns: gvpe.conf. (line 522) -* enable-icmp: gvpe.conf. (line 531) -* enable-rawip: gvpe.conf. (line 539) -* enable-tcp: gvpe.conf. (line 547) -* enable-udp: gvpe.conf. (line 556) -* hostname: gvpe.conf. (line 569) -* http-proxy-auth: gvpe.conf. (line 291) -* http-proxy-host: gvpe.conf. (line 259) -* http-proxy-port: gvpe.conf. (line 287) -* icmp-type: gvpe.conf. (line 581) -* if-up: gvpe.conf. (line 148) -* if-up-data: gvpe.conf. (line 590) -* ifname: gvpe.conf. (line 228) -* IFNAME: gvpe.conf. (line 161) -* ifpersist: gvpe.conf. (line 233) -* IFSUBTYPE: gvpe.conf. (line 167) -* IFTYPE: gvpe.conf. (line 165) -* IFUPDATA: gvpe.conf. (line 188) -* inherit-tos: gvpe.conf. (line 595) -* ip-proto: gvpe.conf. (line 242) -* keepalive: gvpe.conf. (line 297) -* loglevel: gvpe.conf. (line 305) -* MAC: gvpe.conf. (line 192) -* max-queue: gvpe.conf. (line 620) -* max-retry: gvpe.conf. (line 602) -* max-ttl: gvpe.conf. (line 612) -* mtu: gvpe.conf. (line 311) -* MTU: gvpe.conf. (line 174) -* nfmark: gvpe.conf. (line 412) -* node: gvpe.conf. (line 323) -* node-change: gvpe.conf. (line 380) -* node-down: gvpe.conf. (line 385) -* node-up: gvpe.conf. (line 329) -* NODEID: gvpe.conf. (line 204) -* NODENAME: gvpe.conf. (line 200) -* NODES: gvpe.conf. (line 180) -* pid-file: gvpe.conf. (line 389) -* private-key: gvpe.conf. (line 394) -* rekey: gvpe.conf. (line 406) -* router-priority: gvpe.conf. (line 626) -* STATE: gvpe.conf. (line 363) -* tcp-port: gvpe.conf. (line 654) -* udp-port: gvpe.conf. (line 658) - - - -Tag Table: -Node: Top744 -Node: Overview1769 -Node: OS Dependencies12167 -Node: gvpe.conf19341 -Node: gvpectrl44377 -Node: gvpe45582 -Node: gvpe.protocol49317 -Node: Simple Example60636 -Node: Complex Example62280 -Node: complex/gvpe.conf63336 -Node: complex/if-up67021 -Node: complex/node-up72092 -Node: Index73252 - -End Tag Table diff -Nru gvpe-2.25/doc/gvpe.osdep.5 gvpe-3.0/doc/gvpe.osdep.5 --- gvpe-2.25/doc/gvpe.osdep.5 2008-09-01 01:36:06.000000000 -0400 +++ gvpe-3.0/doc/gvpe.osdep.5 2016-03-30 00:01:32.000000000 -0400 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -46,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -53,20 +47,27 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -132,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GVPE.OSDEP 5" -.TH GVPE.OSDEP 5 "2008-09-01" "2.2" "GNU Virtual Private Ethernet" +.TH GVPE.OSDEP 5 "2015-10-31" "2.25" "GNU Virtual Private Ethernet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -173,7 +174,7 @@ exists. .SH "Interface Types" .IX Header "Interface Types" -.Sh "native/linux" +.SS "native/linux" .IX Subsection "native/linux" TAP-device; already part of the kernel (only 2.4+ supported, but see tincd/linux). This is the configuration tested best, as gvpe is being @@ -187,14 +188,14 @@ \& MAC=fe:fd:80:00:00:$(printf "%02x" $NODEID) \& ip neighbour add 10.11.12.13 lladdr $MAC nud permanent dev $IFNAME .Ve -.Sh "tincd/linux" +.SS "tincd/linux" .IX Subsection "tincd/linux" TAP-device; already part of the kernel (2.2 only). See \&\f(CW\*(C`native/linux\*(C'\fR for more info. .PP \&\f(CW\*(C`ifname\*(C'\fR should be set to the path of a tap device, e.g. \f(CW\*(C`/dev/tap0\*(C'\fR. The interface will be named accordingly. -.Sh "native/cygwin" +.SS "native/cygwin" .IX Subsection "native/cygwin" TAP-device; The \s-1TAP\s0 device to be used must either be the \s-1CIPE\s0 driver (\f(CW\*(C`http://cipe\-win32.sourceforge.net/\*(C'\fR), or (highly recommended) the newer @@ -211,7 +212,7 @@ .PP The \s-1MAC\s0 address is dynamically being patched into packets and ARP-requests, so only IPv4 works with \s-1ARP\s0 on this platform. -.Sh "tincd/bsd" +.SS "tincd/bsd" .IX Subsection "tincd/bsd" TAP-device, maybe; migth work for many bsd variants. .PP @@ -219,7 +220,7 @@ provide a \s-1TAP\s0 device, or might not work at all. You might try this interface type first, and, if it doesn't work, try one of the OS-specific drivers. -.Sh "tincd/freebsd" +.SS "tincd/freebsd" .IX Subsection "tincd/freebsd" TAP-device; part of the kernel (since 4.x, maybe earlier). .PP @@ -232,7 +233,7 @@ \& ifconfig $IFNAME 10.0.0.$NODEID \& route add \-net 10.0.0.0 \-netmask 255.255.255.0 \-interface $IFNAME 10.0.0.$NODEID .Ve -.Sh "tincd/netbsd" +.SS "tincd/netbsd" .IX Subsection "tincd/netbsd" TUN-device; The interface is a point-to-point device. To initialize it, you currently need to configure it as a point-to-point device, giving it @@ -250,10 +251,10 @@ .PP \&\f(CW\*(C`ifname\*(C'\fR should be set to the path of a tun device, e.g. \f(CW\*(C`/dev/tun0\*(C'\fR. The interface will be named accordingly. -.Sh "tincd/openbsd" +.SS "tincd/openbsd" .IX Subsection "tincd/openbsd" TUN-device; already part of the kernel. See \f(CW\*(C`tincd/netbsd\*(C'\fR for more information. -.Sh "native/darwin" +.SS "native/darwin" .IX Subsection "native/darwin" TAP-device; .PP @@ -276,7 +277,7 @@ \& ifconfig $IFNAME 10.0.0.$NODEID \& route add \-net 10.0.0.0 \-interface $IFNAME 255.255.255.0 .Ve -.Sh "tincd/darwin" +.SS "tincd/darwin" .IX Subsection "tincd/darwin" TUN-device; See \f(CW\*(C`tincd/netbsd\*(C'\fR for more information. \f(CW\*(C`native/darwin\*(C'\fR is preferable. @@ -295,7 +296,7 @@ .Vb 1 \& kmodload tunnel .Ve -.Sh "tincd/solaris" +.SS "tincd/solaris" .IX Subsection "tincd/solaris" TUN-device; already part of the kernel(?), or available here: .PP @@ -315,14 +316,14 @@ See \f(CW\*(C`tincd/netbsd\*(C'\fR for more information. .PP Completely untested so far. -.Sh "tincd/mingw" +.SS "tincd/mingw" .IX Subsection "tincd/mingw" TAP-device; see \f(CW\*(C`native/cygwin\*(C'\fR for more information. .PP The setup is likely to be similar to \f(CW\*(C`native/cygwin\*(C'\fR. .PP Completely untested so far. -.Sh "tincd/raw_socket" +.SS "tincd/raw_socket" .IX Subsection "tincd/raw_socket" TAP-device; purpose unknown and untested, probably binds itself on an existing ethernet device (given by \f(CW\*(C`ifname\*(C'\fR). It must be down prior to @@ -330,7 +331,7 @@ the \*(L"correct\*(R" values. .PP Completely untested so far. -.Sh "tincd/uml_socket" +.SS "tincd/uml_socket" .IX Subsection "tincd/uml_socket" TAP-device; purpose unknown and untested, probably creates a \s-1UNIX\s0 datagram socket (path given by \f(CW\*(C`ifname\*(C'\fR) and reads and writes raw packets, so @@ -341,7 +342,7 @@ address doesn't match what it expects. .PP Completely untested so far. -.Sh "tincd/cygwin" +.SS "tincd/cygwin" .IX Subsection "tincd/cygwin" Known to be broken, use \f(CW\*(C`native/cygwin\*(C'\fR instead. .SH "SEE ALSO" diff -Nru gvpe-2.25/doc/gvpe.protocol.7 gvpe-3.0/doc/gvpe.protocol.7 --- gvpe-2.25/doc/gvpe.protocol.7 2013-07-12 21:59:30.000000000 -0400 +++ gvpe-3.0/doc/gvpe.protocol.7 2016-03-30 00:01:32.000000000 -0400 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.20) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GVPE.PROTOCOL 7" -.TH GVPE.PROTOCOL 7 "2013-07-12" "2.24" "GNU Virtual Private Ethernet" +.TH GVPE.PROTOCOL 7 "2015-10-31" "2.25" "GNU Virtual Private Ethernet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -133,13 +142,13 @@ .IX Header "The GNU-VPE Protocols" .SH "Overview" .IX Header "Overview" -\&\s-1GVPE\s0 can make use of a number of protocols. One of them is the \s-1GNU\s0 \s-1VPE\s0 +\&\s-1GVPE\s0 can make use of a number of protocols. One of them is the \s-1GNU VPE\s0 protocol which is used to authenticate tunnels and send encrypted data packets. This protocol is described in more detail the second part of this document. .PP The first part of this document describes the transport protocols which -are used by \s-1GVPE\s0 to send it's data packets over the network. +are used by \s-1GVPE\s0 to send its data packets over the network. .SH "PART 1: Transport protocols" .IX Header "PART 1: Transport protocols" \&\s-1GVPE\s0 offers a wide range of transport protocols that can be used to @@ -149,7 +158,7 @@ The following sections describe each transport protocol in more detail. They are sorted by overhead/efficiency, the most efficient transport is listed first: -.SS "\s-1RAW\s0 \s-1IP\s0" +.SS "\s-1RAW IP\s0" .IX Subsection "RAW IP" This protocol is the best choice, performance-wise, as the minimum overhead per packet is only 38 bytes. @@ -178,11 +187,11 @@ tunnel well through most firewalls and routers, and the overhead per packet is moderate (minimum 58 bytes). .PP -It should be used if \s-1RAW\s0 \s-1IP\s0 is not available. +It should be used if \s-1RAW IP\s0 is not available. .SS "\s-1TCP\s0" .IX Subsection "TCP" This protocol is a very bad choice, as it not only has high overhead (more -than 60 bytes), but the transport also retries on it's own, which leads +than 60 bytes), but the transport also retries on its own, which leads to congestion when the link has moderate packet loss (as both the \s-1TCP\s0 transport and the tunneled traffic will retry, increasing congestion more and more). It also has high latency and is quite inefficient. @@ -194,7 +203,7 @@ most proxies do not allow connections to other ports. .PP It is an abuse of the usage a proxy was designed for, so make sure you are -allowed to use it for \s-1GVPE\s0. +allowed to use it for \s-1GVPE.\s0 .PP This protocol also has server and client sides. If the \f(CW\*(C`tcp\-port\*(C'\fR is set to zero, other nodes cannot connect to this node directly. If the @@ -238,7 +247,7 @@ .IX Subsection "Anatomy of a VPN packet" The exact layout and field lengths of a \s-1VPN\s0 packet is determined at compile time and doesn't change. The same structure is used for all -transport protocols, be it \s-1RAWIP\s0 or \s-1TCP\s0. +transport protocols, be it \s-1RAWIP\s0 or \s-1TCP.\s0 .PP .Vb 3 \& +\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-+ @@ -247,12 +256,12 @@ .Ve .PP The \s-1HMAC\s0 field is present in all packets, even if not used (e.g. in auth -request packets), in which case it is set to all zeroes. The checksum -itself is calculated over the \s-1TYPE\s0, \s-1SRCDST\s0 and \s-1DATA\s0 fields in all cases. +request packets), in which case it is set to all zeroes. The \s-1MAC\s0 itself is +calculated over the \s-1TYPE, SRCDST\s0 and \s-1DATA\s0 fields in all cases. .PP The \s-1TYPE\s0 field is a single byte and determines the purpose of the packet -(e.g. \s-1RESET\s0, \s-1COMPRESSED/UNCOMPRESSED\s0 \s-1DATA\s0, \s-1PING\s0, \s-1AUTH\s0 \s-1REQUEST/RESPONSE\s0, -\&\s-1CONNECT\s0 \s-1REQUEST/INFO\s0 etc.). +(e.g. \s-1RESET, COMPRESSED/UNCOMPRESSED DATA, PING, AUTH REQUEST/RESPONSE, +CONNECT REQUEST/INFO\s0 etc.). .PP \&\s-1SRCDST\s0 is a three byte field which contains the source and destination node IDs (12 bits each). @@ -262,50 +271,84 @@ shown: .PP .Vb 3 -\& +\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-+\-\-\-\-\-\-+ -\& | HMAC | TYPE | SRCDST | RAND | SEQNO | DATA | -\& +\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-+\-\-\-\-\-\-+ +\& +\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-+\-\-\-\-\-\-+ +\& | HMAC | TYPE | SRCDST | SEQNO | DATA | +\& +\-\-\-\-\-\-+\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-+\-\-\-\-\-\-+ .Ve .PP -\&\s-1RAND\s0 is a sequence of fully random bytes, used to increase the entropy of -the data for encryption purposes. -.PP \&\s-1SEQNO\s0 is a 32\-bit sequence number. It is negotiated at every connection -initialization and starts at some random 31 bit value. \s-1VPE\s0 currently uses +initialization and starts at some random 31 bit value. \s-1GVPE\s0 currently uses a sliding window of 512 packets/sequence numbers to detect reordering, duplication and replay attacks. .PP -The encryption is done on \s-1RAND+SEQNO+DATA\s0 in \s-1CBC\s0 mode with zero \s-1IV\s0 (or, -equivalently, the \s-1IV\s0 is \s-1RAND+SEQNO\s0, encrypted with the block cipher, -unless \s-1RAND\s0 size is decreased or increased over the default value). -.SS "The authentication protocol" -.IX Subsection "The authentication protocol" +The encryption is done on \s-1SEQNO+DATA\s0 in \s-1CTR\s0 mode with \s-1IV\s0 generated from +the seqno (for \s-1AES:\s0 seqno || seqno || seqno || (u32)0), which ensures +uniqueness for a given key. +.SS "The authentication/key exchange protocol" +.IX Subsection "The authentication/key exchange protocol" Before nodes can exchange packets, they need to establish authenticity of the other side and a key. Every node has a private \s-1RSA\s0 key and the public \&\s-1RSA\s0 keys of all other nodes. .PP -A host establishes a simplex connection by sending the other node an \s-1RSA\s0 -encrypted challenge containing a random challenge (consisting of the -encryption and authentication keys to use when sending packets, more -random data and \s-1PKCS1_OAEP\s0 padding) and a random 16 byte \*(L"challenge-id\*(R" -(used to detect duplicate auth packets). The destination node will respond -by replying with an (unencrypted) hash of the decrypted challenge, which -will authenticate that node. The destination node will also set the -outgoing encryption parameters as given in the packet. -.PP -When the source node receives a correct auth reply (by verifying the -hash and the id, which will expire after 120 seconds), it will start to -accept data packets from the destination node. -.PP -This means that a node can only initiate a simplex connection, telling the -other side the key it has to use when it sends packets. The challenge -reply is only used to set the current \s-1IP\s0 address of the other side and -protocol parameters. -.PP -This protocol is completely symmetric, so to be able to send packets the -destination node must send a challenge in the exact same way as already -described (so, in essence, two simplex connections are created per node -pair). +When a node wants to establish a connection to another node, it sends an +RSA-OEAP-encrypted challenge and an \s-1ECDH \s0(curve25519) key. The other node +replies with its own \s-1ECDH\s0 key and a \s-1HKDF\s0 of the challenge and both \s-1ECDH\s0 +keys to prove its identity. +.PP +The remote node enganges in exactly the same protocol. When both nodes +have exchanged their challenge and verified the response, they calculate a +cipher key and a \s-1HMAC\s0 key and start exchanging data packets. +.PP +In detail, the challenge consist of: +.PP +.Vb 1 +\& RSA\-OAEP (SEQNO MAC CIPHER SALT EXTRA\-AUTH) ECDH1 +.Ve +.PP +That is, it encrypts (with the public key of the remote node) an initial +sequence number for data packets, key material for the \s-1HMAC\s0 key, key +material for the cipher key, a salt used by the \s-1HKDF \s0(as shown later) and +some extra random bytes that are unused except for authentication. It also +sends the public key of a curve25519 exchange. +.PP +The remote node decrypts the \s-1RSA\s0 data, generates its own \s-1ECDH\s0 key (\s-1ECDH2\s0), +and replies with: +.PP +.Vb 1 +\& HKDF\-Expand (HKDF\-Extract (ECDH2, RSA), ECDH1, AUTH_DIGEST_SIZE) ECDH2 +.Ve +.PP +That is, it extracts from the decrypted \s-1RSA\s0 challenge, using its \s-1ECDH\s0 +key as salt, and then expands using the requesting node's \s-1ECDH1\s0 key. The +resulting hash is returned as a proof that the node could decrypt the \s-1RSA\s0 +challenge data, together with the \s-1ECDH\s0 key. +.PP +After both nodes have done this to each other, they calculate the shared +\&\s-1ECDH\s0 secret, cipher and \s-1HMAC\s0 keys for the session (each node generates two +cipher and \s-1HMAC\s0 keys, one for sending and one for receiving). +.PP +The \s-1HMAC\s0 key for sending is generated as follow: +.PP +.Vb 1 +\& HMAC_KEY = HKDF\-Expand (HKDF\-Extract (REMOTE_SALT, MAC ECDH_SECRET), info, HMAC_MD_SIZE) +.Ve +.PP +It extracts from \s-1MAC\s0 and \s-1ECDH_SECRET\s0 using the \fIremote\fR \s-1SALT,\s0 then +expands using a static info string. +.PP +The cipher key is generated in the same way, except using the \s-1CIPHER\s0 part +of the original challenge. +.PP +The result of this process is to authenticate each node to the other +node, while exchanging keys using both \s-1RSA\s0 and \s-1ECDH,\s0 the latter providing +perfect forward secrecy. +.PP +The protocol has been overdesigned where this was possible without +increasing implementation complexity, in an attempt to protect against +implementation or protocol failures. For example, if the \s-1ECDH\s0 challenge +was found to be flawed, perfect forward secrecy would be lost, but the +data would likely still be protected. Likewise, standard algorithms and +implementations are used where possible. .SS "Retrying" .IX Subsection "Retrying" When there is no response to an auth request, the node will send auth @@ -350,7 +393,7 @@ .IX Item "Failing all that, the packet will be dropped." .PD .PP -A host can usually declare itself unreachable directly by setting it's +A host can usually declare itself unreachable directly by setting its port number(s) to zero. It can declare other hosts as unreachable by using a config-file that disables all protocols for these other hosts. Another option is to disable all protocols on that host in the other config files. @@ -366,6 +409,6 @@ .PP Routing via other nodes works because the \s-1SRCDST\s0 field is not encrypted, so the router can just forward the packet to the destination host. Since -each host uses it's own private key, the router will not be able to +each host uses its own private key, the router will not be able to decrypt or encrypt packets, it will just act as a simple router and protocol translator. diff -Nru gvpe-2.25/doc/gvpe.protocol.7.pod gvpe-3.0/doc/gvpe.protocol.7.pod --- gvpe-2.25/doc/gvpe.protocol.7.pod 2013-07-12 00:15:52.000000000 -0400 +++ gvpe-3.0/doc/gvpe.protocol.7.pod 2015-10-31 02:14:32.000000000 -0400 @@ -8,7 +8,7 @@ document. The first part of this document describes the transport protocols which -are used by GVPE to send it's data packets over the network. +are used by GVPE to send its data packets over the network. =head1 PART 1: Transport protocols @@ -56,7 +56,7 @@ =head2 TCP This protocol is a very bad choice, as it not only has high overhead (more -than 60 bytes), but the transport also retries on it's own, which leads +than 60 bytes), but the transport also retries on its own, which leads to congestion when the link has moderate packet loss (as both the TCP transport and the tunneled traffic will retry, increasing congestion more and more). It also has high latency and is quite inefficient. @@ -122,8 +122,8 @@ +------+------+--------+------+ The HMAC field is present in all packets, even if not used (e.g. in auth -request packets), in which case it is set to all zeroes. The checksum -itself is calculated over the TYPE, SRCDST and DATA fields in all cases. +request packets), in which case it is set to all zeroes. The MAC itself is +calculated over the TYPE, SRCDST and DATA fields in all cases. The TYPE field is a single byte and determines the purpose of the packet (e.g. RESET, COMPRESSED/UNCOMPRESSED DATA, PING, AUTH REQUEST/RESPONSE, @@ -136,50 +136,78 @@ only part that can be encrypted. Data packets contain more fields, as shown: - +------+------+--------+------+-------+------+ - | HMAC | TYPE | SRCDST | RAND | SEQNO | DATA | - +------+------+--------+------+-------+------+ - -RAND is a sequence of fully random bytes, used to increase the entropy of -the data for encryption purposes. + +------+------+--------+-------+------+ + | HMAC | TYPE | SRCDST | SEQNO | DATA | + +------+------+--------+-------+------+ SEQNO is a 32-bit sequence number. It is negotiated at every connection -initialization and starts at some random 31 bit value. VPE currently uses +initialization and starts at some random 31 bit value. GVPE currently uses a sliding window of 512 packets/sequence numbers to detect reordering, duplication and replay attacks. -The encryption is done on RAND+SEQNO+DATA in CBC mode with zero IV (or, -equivalently, the IV is RAND+SEQNO, encrypted with the block cipher, -unless RAND size is decreased or increased over the default value). +The encryption is done on SEQNO+DATA in CTR mode with IV generated from +the seqno (for AES: seqno || seqno || seqno || (u32)0), which ensures +uniqueness for a given key. -=head2 The authentication protocol +=head2 The authentication/key exchange protocol Before nodes can exchange packets, they need to establish authenticity of the other side and a key. Every node has a private RSA key and the public RSA keys of all other nodes. -A host establishes a simplex connection by sending the other node an RSA -encrypted challenge containing a random challenge (consisting of the -encryption and authentication keys to use when sending packets, more -random data and PKCS1_OAEP padding) and a random 16 byte "challenge-id" -(used to detect duplicate auth packets). The destination node will respond -by replying with an (unencrypted) hash of the decrypted challenge, which -will authenticate that node. The destination node will also set the -outgoing encryption parameters as given in the packet. - -When the source node receives a correct auth reply (by verifying the -hash and the id, which will expire after 120 seconds), it will start to -accept data packets from the destination node. - -This means that a node can only initiate a simplex connection, telling the -other side the key it has to use when it sends packets. The challenge -reply is only used to set the current IP address of the other side and -protocol parameters. - -This protocol is completely symmetric, so to be able to send packets the -destination node must send a challenge in the exact same way as already -described (so, in essence, two simplex connections are created per node -pair). +When a node wants to establish a connection to another node, it sends an +RSA-OEAP-encrypted challenge and an ECDH (curve25519) key. The other node +replies with its own ECDH key and a HKDF of the challenge and both ECDH +keys to prove its identity. + +The remote node enganges in exactly the same protocol. When both nodes +have exchanged their challenge and verified the response, they calculate a +cipher key and a HMAC key and start exchanging data packets. + +In detail, the challenge consist of: + + RSA-OAEP (SEQNO MAC CIPHER SALT EXTRA-AUTH) ECDH1 + +That is, it encrypts (with the public key of the remote node) an initial +sequence number for data packets, key material for the HMAC key, key +material for the cipher key, a salt used by the HKDF (as shown later) and +some extra random bytes that are unused except for authentication. It also +sends the public key of a curve25519 exchange. + +The remote node decrypts the RSA data, generates its own ECDH key (ECDH2), +and replies with: + + HKDF-Expand (HKDF-Extract (ECDH2, RSA), ECDH1, AUTH_DIGEST_SIZE) ECDH2 + +That is, it extracts from the decrypted RSA challenge, using its ECDH +key as salt, and then expands using the requesting node's ECDH1 key. The +resulting hash is returned as a proof that the node could decrypt the RSA +challenge data, together with the ECDH key. + +After both nodes have done this to each other, they calculate the shared +ECDH secret, cipher and HMAC keys for the session (each node generates two +cipher and HMAC keys, one for sending and one for receiving). + +The HMAC key for sending is generated as follow: + + HMAC_KEY = HKDF-Expand (HKDF-Extract (REMOTE_SALT, MAC ECDH_SECRET), info, HMAC_MD_SIZE) + +It extracts from MAC and ECDH_SECRET using the I SALT, then +expands using a static info string. + +The cipher key is generated in the same way, except using the CIPHER part +of the original challenge. + +The result of this process is to authenticate each node to the other +node, while exchanging keys using both RSA and ECDH, the latter providing +perfect forward secrecy. + +The protocol has been overdesigned where this was possible without +increasing implementation complexity, in an attempt to protect against +implementation or protocol failures. For example, if the ECDH challenge +was found to be flawed, perfect forward secrecy would be lost, but the +data would likely still be protected. Likewise, standard algorithms and +implementations are used where possible. =head2 Retrying @@ -236,7 +264,7 @@ =back -A host can usually declare itself unreachable directly by setting it's +A host can usually declare itself unreachable directly by setting its port number(s) to zero. It can declare other hosts as unreachable by using a config-file that disables all protocols for these other hosts. Another option is to disable all protocols on that host in the other config files. @@ -252,7 +280,7 @@ Routing via other nodes works because the SRCDST field is not encrypted, so the router can just forward the packet to the destination host. Since -each host uses it's own private key, the router will not be able to +each host uses its own private key, the router will not be able to decrypt or encrypt packets, it will just act as a simple router and protocol translator. diff -Nru gvpe-2.25/doc/gvpe.texi gvpe-3.0/doc/gvpe.texi --- gvpe-2.25/doc/gvpe.texi 2011-02-11 23:34:19.000000000 -0500 +++ gvpe-3.0/doc/gvpe.texi 2016-11-10 09:40:47.000000000 -0500 @@ -144,7 +144,7 @@ @item EASY TO SETUP -A few lines of config (the config file is shared unmodified between all hosts) and a single run of @t{gvpectrl} to generate the keys suffices to make it work. +A few lines of config (the config file is shared unmodified between all hosts) and generating an RSA key-pair on each node suffices to make it work. @refill @@ -197,7 +197,7 @@ ./configure --enable-hmac-length=4 --enable-rand-length=0 @end example -Minimize the header overhead of VPN packets (the above will result in only 4 bytes of overhead over the raw ethernet frame). This is a insecure configuration because a HMAC length of 4 makes collision attacks based on the birthday paradox pretty easy. +Minimize the header overhead of VPN packets (the above will result in only 4 bytes of overhead over the raw ethernet frame). This is a insecure configuration because a HMAC length of 4 makes collision attacks almost trivial. @refill @@ -216,10 +216,10 @@ @example - ./configure --enable-hmac-length=16 --enable-rand-length=8 --enable-digest=sha1 + ./configure --enable-hmac-length=16 --enable-rand-length=12 --enable-digest=ripemd610 @end example -This uses a 16 byte HMAC checksum to authenticate packets (I guess 8-12 would also be pretty secure ;) and will additionally prefix each packet with 8 bytes of random data. In the long run, people should move to SHA-256 and beyond). +This uses a 16 byte HMAC checksum to authenticate packets (I guess 8-12 would also be pretty secure ;) and will additionally prefix each packet with 12 bytes of random data. @refill In general, remember that AES-128 seems to be as secure but faster than AES-192 or AES-256, more randomness helps against sniffing and a longer HMAC helps against spoofing. MD4 is a fast digest, SHA1, RIPEMD160, SHA256 are consecutively better, and Blowfish is a fast cipher (and also quite secure). @refill @@ -271,42 +271,47 @@ @refill -@subsection STEP 2: create the RSA key pairs for all hosts -Run the following command to generate all key pairs for all nodes (that might take a while): +@subsection STEP 2: create the RSA key pair for each node +Next you have to generate the RSA keys for the nodes. While you can set up GVPE so you can generate all keys on a single host and centrally distribute all keys, it is safer to generate the key for each node on the node, so that the secret/private key does not have to be copied over the network. +@refill +To do so, run the following command to generate a key pair: @refill @example - gvpectrl -c /etc/gvpe -g + gvpectrl -c /etc/gvpe -g nodekey @end example -This command will put the public keys into @t{/etc/gvpe/pubkeys/@emph{nodename}} and the private keys into @t{/etc/gvpe/hostkeys/@emph{nodename}}. +This will create two files, @file{nodekey} and @file{nodekey.privkey}. The former should be copied to @file{/etc/gvpe/pubkey/@emph{nodename}} on the host where your config file is (you will have to create the @file{pubkey} directory first): @refill -@subsection STEP 3: distribute the config files to all nodes -Now distribute the config files and private keys to the other nodes. This should be done in two steps, since only the private keys meant for a node should be distributed (so each node has only it's own private key). -@refill -The example uses rsync-over-ssh -@refill -First all the config files without the hostkeys should be distributed: +@example + scp nodekey confighost:/etc/gvpe/pubkey/nodename +@end example + +The private key @file{nodekey.privkey} should be moved to @file{/etc/gvpe/hostkey}: @refill @example - rsync -avzessh /etc/gvpe first.example.net:/etc/. --exclude hostkeys - rsync -avzessh /etc/gvpe 133.55.82.9:/etc/. --exclude hostkeys - rsync -avzessh /etc/gvpe third.example.net:/etc/. --exclude hostkeys + mkdir -p /etc/gvpe + mv nodekey.privkey /etc/gvpe/hostkey @end example -Then the hostkeys should be copied: + + +@subsection STEP 3: distribute the config files to all nodes +Now distribute the config files and public keys to the other nodes. +@refill +The example uses rsync-over-ssh to copy the config file and all the public keys: @refill @example - rsync -avzessh /etc/gvpe/hostkeys/first first.example.net:/etc/hostkey - rsync -avzessh /etc/gvpe/hostkeys/second 133.55.82.9:/etc/hostkey - rsync -avzessh /etc/gvpe/hostkeys/third third.example.net:/etc/hostkey + rsync -avzessh /etc/gvpe first.example.net:/etc/. --exclude hostkey + rsync -avzessh /etc/gvpe 133.55.82.9:/etc/. --exclude hostkey + rsync -avzessh /etc/gvpe third.example.net:/etc/. --exclude hostkey @end example You should now check the configuration by issuing the command @t{gvpectrl -c /etc/gvpe -s} on each node and verify it's output. @@ -337,10 +342,37 @@ @subsection STEP 5: enjoy -... and play around. Sending a -HUP (@t{gvpectrl -kHUP}) to the daemon will make it try to connect to all other nodes again. If you run it from inittab, as is recommended, @t{gvpectrl -k} (or simply @t{killall gvpe}) will kill the daemon, start it again, making it read it's configuration files again. +... and play around. Sending a -HUP (@t{gvpectrl -kHUP}) to the daemon will make it try to connect to all other nodes again. If you run it from inittab @t{gvpectrl -k} (or simply @t{killall gvpe}) will kill the daemon, start it again, making it read it's configuration files again. +@refill +To run the GVPE daemon permanently from your SysV init, you can add it to your @file{inittab}, e.g.: @refill +@example + t1:2345:respawn:/bin/sh -c "exec nice -n-20 /path/to/gvpe -D node >/var/log/gvpe.log 2>&1" +@end example + +For systems using systemd, you can use a unit file similar to this one: +@refill + + +@example + [Unit] + Description=gvpe + After=network.target + Before=remote-fs.target + + [Service] + ExecStart=/path/to/gvpe -D node + KillMode=process + Restart=always + + [Install] + WantedBy=multi-user.target +@end example + + + @section COPYRIGHTS AND LICENSES GVPE itself is distributed under the GENERAL PUBLIC LICENSE (see the file COPYING that should be part of your distribution). @refill @@ -608,9 +640,49 @@ @section DESCRIPTION The gvpe config file consists of a series of lines that contain @t{variable = value} pairs. Empty lines are ignored. Comments start with a @t{#} and extend to the end of the line. They can be used on their own lines, or after any directives. Whitespace is allowed around the @t{=} sign or after values, but not within the variable names or values themselves. @refill -The only exception to the above is the "on" directive that can prefix any @t{name = value} setting and will only "execute" it on the named node, or (if the nodename starts with "!") on all nodes except the named one. +All settings are applied "in order", that is, later settings of the same variable overwrite earlier ones. +@refill +The only exceptions to the above are the following directives: +@refill + + +@itemize + + +@item +node nodename + +Introduces a node section. The nodename is used to select the right configuration section and is the same string as is passed as an argument to the gvpe daemon. @refill -For example, set the MTU to @t{1450} everywhere, loglevel to @t{noise} on branch1, and connect to @t{ondemand} everywhere but on branch2: +Multiple @t{node} statements with the same node name are supported and will be merged together. +@refill + + +@item +global + +This statement switches back to the global section, which is mainly useful if you want to include a second config file, e..g for local customisations. To do that, simply include this at the very end of your config file: +@refill + + +@example + global + include local.conf +@end example + + + +@item +on nodename ... + + + +@item +on !nodename ... + +You can prefix any configuration directive with @t{on} and a nodename. GVPE will will only "execute" it on the named node, or (if the nodename starts with @t{!}) on all nodes except the named one. +@refill +Example: set the MTU to @t{1450} everywhere, @t{loglevel} to @t{noise} on @t{branch1}, and @t{connect} to @t{ondemand} everywhere but on branch2. @refill @@ -620,10 +692,37 @@ on !branch2 connect = ondemand @end example -All settings are applied "in order", that is, later settings of the same variable overwrite earlier ones. + + +@item +include relative-or-absolute-path + +Reads the specified file (the path must not contain whitespace or @t{=} characters) and evaluate all config directives in it as if they were spelled out in place of the @t{include} directive. +@refill +The path is a printf format string, that is, you must escape any @t{%} by doubling it, and you can have a single @t{%s} inside, which will be replaced by the current nodename. +@refill +Relative paths are interpreted relative to the GVPE config directory. +@refill +Example: include the file @file{local.conf} in the config directory on every node. +@refill + + +@example + include local.conf +@end example + +Example: include a file @file{conf/}nodename@file{.conf} @refill +@example + include conf/%s.conf +@end example + +@end itemize + + + @section ANATOMY OF A CONFIG FILE Usually, a config file starts with a few global settings (like the UDP port to listen on), followed by node-specific sections that begin with a @t{node = nickname} line. @refill @@ -645,6 +744,40 @@ @item +chroot = path or / + +@cindex chroot +Tells GVPE to chroot(2) to the specified path after reading all necessary files, binding to sockets and running the @t{if-up} script, but before running @t{node-up} or any other scripts. +@refill +The special path @file{/} instructs GVPE to create (and remove) an empty temporary directory to use as new root. This is most secure, but makes it impossible to use any scripts other than the @t{if-up} one. +@refill + + +@item +chuid = numerical-uid + +@cindex chuid + + +@item +chgid = numerical-gid + +@cindex chgid +These two options tell GVPE to change to the given user and/or group id after reading all necessary files, binding to sockets and running the @t{if-up} script. +@refill +Other scripts, such as @t{node-up}, are run with the new user id or group id. +@refill + + +@item +chuser = username + +@cindex chuser +Alternative to @t{chuid} and @t{chgid}: Sets both @t{chuid} and @t{chgid} to the user and (primary) group ids of the specified user (for example, @t{nobody}). +@refill + + +@item dns-forw-host = hostname/ip @cindex dns-forw-host @@ -661,6 +794,16 @@ @item +dns-case-preserving = yes|true|on | no|false|off + +@cindex dns-case-preserving +Sets whether the DNS transport forwarding server preserves case (DNS servers have to, but some access systems are even more broken than others) (default: true). +@refill +Normally, when the forwarding server changes the case of domain names then GVPE will automatically set this to false. +@refill + + +@item dns-max-outstanding = integer-number-of-requests @cindex dns-max-outstanding @@ -896,7 +1039,7 @@ keepalive = seconds @cindex keepalive -Sets the keepalive probe interval in seconds (default: @t{60}). After this many seconds of inactivity the daemon will start to send keepalive probe every 3 seconds until it receives a reply from the other end. If no reply is received within 15 seconds, the peer is considered unreachable and the connection is closed. +Sets the keepalive probe interval in seconds (default: @t{60}). After this many seconds of inactivity the daemon will start to send keepalive probe every 3 seconds until it receives a reply from the other end. If no reply is received within 15 seconds, the peer is considered unreachable and the connection is closed. @refill @@ -921,11 +1064,19 @@ @item -node = nickname +nfmark = integer -@cindex node -Not really a config setting but introduces a node section. The nickname is used to select the right configuration section and must be passed as an argument to the gvpe daemon. +@cindex nfmark +This advanced option, when set to a nonzero value (default: @t{0}), tries to set the netfilter mark (or fwmark) value on all sockets gvpe uses to send packets. @refill +This can be used to make gvpe use a different set of routing rules. For example, on GNU/Linux, the @t{if-up} could set @t{nfmark} to 1000 and then put all routing rules into table @t{99} and then use an ip rule to make gvpe traffic avoid that routing table, in effect routing normal traffic via gvpe and gvpe traffic via the normal system routing tables: +@refill + + +@example + ip rule add not fwmark 1000 lookup 99 +@end example + @item @@ -998,7 +1149,7 @@ @{ echo update delete $DESTNODE.lowttl.example.net. a echo update add $DESTNODE.lowttl.example.net. 1 in a $DESTIP - echo + echo @} | nsupdate -d -k $CONFBASE:key.example.net. @end example @@ -1024,7 +1175,7 @@ pid-file = path @cindex pid-file -The path to the pid file to check and create (default: @t{LOCALSTATEDIR/run/gvpe.pid}). +The path to the pid file to check and create (default: @t{LOCALSTATEDIR/run/gvpe.pid}). The first @t{%s} is replaced by the nodename - any other use of @t{%} must be written as @t{%%}. @refill @@ -1032,9 +1183,9 @@ private-key = relative-path-to-key @cindex private-key -Sets the path (relative to the config directory) to the private key (default: @t{hostkey}). This is a printf format string so every @t{%} must be doubled. A single @t{%s} is replaced by the hostname, so you could use paths like @t{hostkeys/%s} to fetch the files at the location where @t{gvpectrl} puts them. +Sets the path (relative to the config directory) to the private key (default: @t{hostkey}). This is a printf format string so every @t{%} must be doubled. A single @t{%s} is replaced by the hostname, so you could use paths like @t{hostkeys/%s} to be able to share the same config directory between nodes. @refill -Since only the private key file of the current node is used and the private key file should be kept secret per-node to avoid spoofing, it is not recommended to use this feature. +Since only the private key file of the current node is used and the private key file should be kept secret per-node to avoid spoofing, it is not recommended to use this feature this way though. @refill @@ -1042,24 +1193,44 @@ rekey = seconds @cindex rekey -Sets the rekeying interval in seconds (default: @t{3600}). Connections are reestablished every @t{rekey} seconds, making them use a new encryption key. +Sets the rekeying interval in seconds (default: @t{3607}). Connections are reestablished every @t{rekey} seconds, making them use a new encryption key. @refill @item -nfmark = integer +seed-device = path -@cindex nfmark -This advanced option, when set to a nonzero value (default: @t{0}), tries to set the netfilter mark (or fwmark) value on all sockets gvpe uses to send packets. +@cindex seed-device +The random device used to initially and regularly seed the random number generator (default: @file{/dev/urandom}). Randomness is of paramount importance to the security of the algorithms used in gvpe. @refill -This can be used to make gvpe use a different set of routing rules. For example, on GNU/Linux, the @t{if-up} could set @t{nfmark} to 1000 and then put all routing rules into table @t{99} and then use an ip rule to make gvpe traffic avoid that routing table, in effect routing normal traffic via gvpe and gvpe traffic via the normal system routing tables: +On program start and every seed-interval, gvpe will read 64 octets. +@refill +Setting this path to the empty string will disable this functionality completely (the underlying crypto library will likely look for entropy sources on it's own though, so not all is lost). @refill -@example - ip rule add not fwmark 1000 lookup 99 -@end example +@item +seed-interval = seconds + +@cindex seed-interval +The number of seconds between reseeds of the random number generator (default: @t{3613}). A value of @t{0} disables this regular reseeding. +@refill + +@item +serial = string + +@cindex serial +The configuration serial number. This can be any string up to 16 bytes length. Only when the serial matches on both sides of a conenction will the connection succeed. This is @emph{not} a security mechanism and eay to spoof, this mechanism exists to alert users that their config is outdated. +@refill +It's recommended to specify this is a date string such as @t{2013-05-05} or @t{20121205084417}. +@refill +The exact algorithm is as this: if a connection request is received form a node with an identical serial, then it succeeds normally. +@refill +If the remote serial is lower than the local serial, it is ignored. +@refill +If the remote serial is higher than the local serial, a warning message is logged. +@refill @end itemize @@ -1208,9 +1379,7 @@ @cindex enable-udp See gvpe.protocol(7) for a description of the UDP transport protocol. @refill -Enable the UDPv4 transport using the @t{udp-port} port (default: @t{no}, unless no other protocol is enabled for a node, in which case this protocol is enabled automatically). -@refill -NOTE: Please specify @t{enable-udp = yes} if you want to use it even though it might get switched on automatically, as some future version might default to another default protocol. +Enable the UDPv4 transport using the @t{udp-port} port (default: @t{no}). @refill @@ -1251,6 +1420,16 @@ @item +low-power = yes|true|on | no|false|off + +@cindex low-power +If true, designates a node as a low-power node. Low-power nodes use larger timeouts and try to reduce cpu time. Other nodes talking to a low-power node will also use larger timeouts, and will use less aggressive optimisations, in the hope of reducing load. Security is not compromised. +@refill +The typical low-power node would be a mobile phone, where wakeups and encryption can significantly increase power drain. +@refill + + +@item max-retry = positive-number @cindex max-retry @@ -1342,7 +1521,7 @@ @item hostkey -The private key (taken from @t{hostkeys/nodename}) of the current host. +The (default path of the) private key of the current host. @refill @@ -1389,9 +1568,30 @@ @item -@strong{-g}, @strong{--generate-keys} +@strong{-g}, @strong{--generate-key=path} -Generate public/private RSA key-pair and exit. +Generates a single RSA key-pair. The public key will be stored in @file{@emph{path}} while the private key will be stored in @file{@emph{path} .privkey}. Neither file must be non-empty for this to succeed. +@refill +The public key file @file{@emph{path}} is normally copied to @file{pubkey/nodename} in the config directory on all nodes, while the private key @file{@emph{path}.privkey} should be copied to the file @file{hostkey} on the node the key is for. +@refill +It's recommended to generate the keypair on the node where it will be used, so that the private key file does not have to travel over the network. +@refill + + +@item +@strong{-G}, @strong{--generate-keys} + +Generate public/private RSA key-pairs for all nodes not having a key and exit. +@refill +Note that in normal configurations this will fail, as there cna only be one private key per host. To make this configuration work you need to specify separate keyfiles for hostkeys in your config file, e.g.: +@refill + + +@example + private-key = hostkeys/%s +@end example + +Such a configuration makes it easier to distribute a configuration centrally but requires private keys to be transported securely over the network. @refill @@ -1597,7 +1797,14 @@ @item @t{/etc/gvpe/pubkey/*} -The directory containing the public keys for every node, usually autogenerated by executing @t{gvpectrl --generate-keys}. +The directory containing the public keys for every node, one file per node with the name of the node. +@refill + + +@item +@t{/etc/gvpe/hostkey} + +The file containing the private key of the node GVPE runs on. Unlike all the other files in the @file{/etc/gvpe} directory, this file usually differes for each node that GVPE runs on. @refill @@ -1628,7 +1835,7 @@ @section Overview GVPE can make use of a number of protocols. One of them is the GNU VPE protocol which is used to authenticate tunnels and send encrypted data packets. This protocol is described in more detail the second part of this document. @refill -The first part of this document describes the transport protocols which are used by GVPE to send it's data packets over the network. +The first part of this document describes the transport protocols which are used by GVPE to send its data packets over the network. @refill @@ -1665,7 +1872,7 @@ @subsection TCP -This protocol is a very bad choice, as it not only has high overhead (more than 60 bytes), but the transport also retries on it's own, which leads to congestion when the link has moderate packet loss (as both the TCP transport and the tunneled traffic will retry, increasing congestion more and more). It also has high latency and is quite inefficient. +This protocol is a very bad choice, as it not only has high overhead (more than 60 bytes), but the transport also retries on its own, which leads to congestion when the link has moderate packet loss (as both the TCP transport and the tunneled traffic will retry, increasing congestion more and more). It also has high latency and is quite inefficient. @refill It's only useful when tunneling through firewalls that block better protocols. If a node doesn't have direct internet access but a HTTP proxy that supports the CONNECT method it can be used to tunnel through a web proxy. For this to work, the @t{tcp-port} should be @t{443} (@t{https}), as most proxies do not allow connections to other ports. @refill @@ -1682,7 +1889,7 @@ @refill In addition, the same problems as the TCP transport also plague this protocol. @refill -It's only use is to tunnel through firewalls that do not allow direct internet access. Similar to using a HTTP proxy (as the TCP transport does), it uses a local DNS server/forwarder (given by the @t{dns-forw-host} configuration value) as a proxy to send and receive data as a client, and an @t{NS} record pointing to the GVPE server (as given by the @t{dns-hostname} directive). +Its only use is to tunnel through firewalls that do not allow direct internet access. Similar to using a HTTP proxy (as the TCP transport does), it uses a local DNS server/forwarder (given by the @t{dns-forw-host} configuration value) as a proxy to send and receive data as a client, and an @t{NS} record pointing to the GVPE server (as given by the @t{dns-hostname} directive). @refill The only good side of this protocol is that it can tunnel through most firewalls mostly undetected, iff the local DNS server/forwarder is sane (which is true for most routers, wireless LAN gateways and nameservers). @refill @@ -1706,7 +1913,7 @@ +------+------+--------+------+ @end example -The HMAC field is present in all packets, even if not used (e.g. in auth request packets), in which case it is set to all zeroes. The checksum itself is calculated over the TYPE, SRCDST and DATA fields in all cases. +The HMAC field is present in all packets, even if not used (e.g. in auth request packets), in which case it is set to all zeroes. The MAC itself is calculated over the TYPE, SRCDST and DATA fields in all cases. @refill The TYPE field is a single byte and determines the purpose of the packet (e.g. RESET, COMPRESSED/UNCOMPRESSED DATA, PING, AUTH REQUEST/RESPONSE, CONNECT REQUEST/INFO etc.). @refill @@ -1717,27 +1924,61 @@ @example - +------+------+--------+------+-------+------+ - | HMAC | TYPE | SRCDST | RAND | SEQNO | DATA | - +------+------+--------+------+-------+------+ + +------+------+--------+-------+------+ + | HMAC | TYPE | SRCDST | SEQNO | DATA | + +------+------+--------+-------+------+ @end example -RAND is a sequence of fully random bytes, used to increase the entropy of the data for encryption purposes. +SEQNO is a 32-bit sequence number. It is negotiated at every connection initialization and starts at some random 31 bit value. GVPE currently uses a sliding window of 512 packets/sequence numbers to detect reordering, duplication and replay attacks. @refill -SEQNO is a 32-bit sequence number. It is negotiated at every connection initialization and starts at some random 31 bit value. VPE currently uses a sliding window of 512 packets/sequence numbers to detect reordering, duplication and replay attacks. +The encryption is done on SEQNO+DATA in CTR mode with IV generated from the seqno (for AES: seqno || seqno || seqno || (u32)0), which ensures uniqueness for a given key. @refill -@subsection The authentication protocol +@subsection The authentication/key exchange protocol Before nodes can exchange packets, they need to establish authenticity of the other side and a key. Every node has a private RSA key and the public RSA keys of all other nodes. @refill -A host establishes a simplex connection by sending the other node an RSA encrypted challenge containing a random challenge (consisting of the encryption key to use when sending packets, more random data and PKCS1_OAEP padding) and a random 16 byte "challenge-id" (used to detect duplicate auth packets). The destination node will respond by replying with an (unencrypted) RIPEMD160 hash of the decrypted challenge, which will authenticate that node. The destination node will also set the outgoing encryption parameters as given in the packet. +When a node wants to establish a connection to another node, it sends an RSA-OEAP-encrypted challenge and an ECDH (curve25519) key. The other node replies with its own ECDH key and a HKDF of the challenge and both ECDH keys to prove its identity. +@refill +The remote node enganges in exactly the same protocol. When both nodes have exchanged their challenge and verified the response, they calculate a cipher key and a HMAC key and start exchanging data packets. +@refill +In detail, the challenge consist of: +@refill + + +@example + RSA-OAEP (SEQNO MAC CIPHER SALT EXTRA-AUTH) ECDH1 +@end example + +That is, it encrypts (with the public key of the remote node) an initial sequence number for data packets, key material for the HMAC key, key material for the cipher key, a salt used by the HKDF (as shown later) and some extra random bytes that are unused except for authentication. It also sends the public key of a curve25519 exchange. +@refill +The remote node decrypts the RSA data, generates its own ECDH key (ECDH2), and replies with: +@refill + + +@example + HKDF-Expand (HKDF-Extract (ECDH2, RSA), ECDH1, AUTH_DIGEST_SIZE) ECDH2 +@end example + +That is, it extracts from the decrypted RSA challenge, using its ECDH key as salt, and then expands using the requesting node's ECDH1 key. The resulting hash is returned as a proof that the node could decrypt the RSA challenge data, together with the ECDH key. +@refill +After both nodes have done this to each other, they calculate the shared ECDH secret, cipher and HMAC keys for the session (each node generates two cipher and HMAC keys, one for sending and one for receiving). +@refill +The HMAC key for sending is generated as follow: +@refill + + +@example + HMAC_KEY = HKDF-Expand (HKDF-Extract (REMOTE_SALT, MAC ECDH_SECRET), info, HMAC_MD_SIZE) +@end example + +It extracts from MAC and ECDH_SECRET using the @emph{remote} SALT, then expands using a static info string. @refill -When the source node receives a correct auth reply (by verifying the hash and the id, which will expire after 120 seconds), it will start to accept data packets from the destination node. +The cipher key is generated in the same way, except using the CIPHER part of the original challenge. @refill -This means that a node can only initiate a simplex connection, telling the other side the key it has to use when it sends packets. The challenge reply is only used to set the current IP address of the other side and protocol parameters. +The result of this process is to authenticate each node to the other node, while exchanging keys using both RSA and ECDH, the latter providing perfect forward secrecy. @refill -This protocol is completely symmetric, so to be able to send packets the destination node must send a challenge in the exact same way as already described (so, in essence, two simplex connections are created per node pair). +The protocol has been overdesigned where this was possible without increasing implementation complexity, in an attempt to protect against implementation or protocol failures. For example, if the ECDH challenge was found to be flawed, perfect forward secrecy would be lost, but the data would likely still be protected. Likewise, standard algorithms and implementations are used where possible. @refill @@ -1753,7 +1994,7 @@ @subsection Routing and Protocol translation -The GVPE routing algorithm is easy: there isn't much routing to speak of: When routing packets to another node, GVPE trues the following options, in order: +The GVPE routing algorithm is easy: there isn't much routing to speak of: When routing packets to another node, GVPE tries the following options, in order: @refill @@ -1785,11 +2026,11 @@ @end itemize -A host can usually declare itself unreachable directly by setting it's port number(s) to zero. It can declare other hosts as unreachable by using a config-file that disables all protocols for these other hosts. Another option is to disable all protocols on that host in the other config files. +A host can usually declare itself unreachable directly by setting its port number(s) to zero. It can declare other hosts as unreachable by using a config-file that disables all protocols for these other hosts. Another option is to disable all protocols on that host in the other config files. @refill If two hosts cannot connect to each other because their IP address(es) are not known (such as dial-up hosts), one side will send a @emph{mediated} connection request to a router (routers must be configured to act as routers!), which will send both the originating and the destination host a connection info request with protocol information and IP address of the other host (if known). Both hosts will then try to establish a direct connection to the other peer, which is usually possible even when both hosts are behind a NAT gateway. @refill -Routing via other nodes works because the SRCDST field is not encrypted, so the router can just forward the packet to the destination host. Since each host uses it's own private key, the router will not be able to decrypt or encrypt packets, it will just act as a simple router and protocol translator. +Routing via other nodes works because the SRCDST field is not encrypted, so the router can just forward the packet to the destination host. Since each host uses its own private key, the router will not be able to decrypt or encrypt packets, it will just act as a simple router and protocol translator. @refill diff -Nru gvpe-2.25/doc/Makefile.in gvpe-3.0/doc/Makefile.in --- gvpe-2.25/doc/Makefile.in 2013-07-13 00:42:55.000000000 -0400 +++ gvpe-3.0/doc/Makefile.in 2016-11-10 09:40:18.000000000 -0500 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.6 from Makefile.am. +# Makefile.in generated by automake 1.7.9 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,29 +13,17 @@ # PARTICULAR PURPOSE. @SET_MAKE@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ VPATH = @srcdir@ -am__make_dryrun = \ - { \ - am__dry=no; \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ - | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ - *) \ - for am__flg in $$MAKEFLAGS; do \ - case $$am__flg in \ - *=*|--*) ;; \ - *n*) am__dry=yes; break;; \ - esac; \ - done;; \ - esac; \ - test $$am__dry = yes; \ - } pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = .. + am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c @@ -47,78 +34,7 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : -build_triplet = @build@ host_triplet = @host@ -target_triplet = @target@ -subdir = doc -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in texinfo.tex -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/m4/tuntap.m4 $(top_srcdir)/libev/libev.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -SOURCES = -DIST_SOURCES = -INFO_DEPS = $(srcdir)/gvpe.info -am__TEXINFO_TEX_DIR = $(srcdir) -DVIS = gvpe.dvi -PDFS = gvpe.pdf -PSS = gvpe.ps -HTMLS = gvpe.html -TEXINFOS = gvpe.texi -TEXI2DVI = texi2dvi -TEXI2PDF = $(TEXI2DVI) --pdf --batch -MAKEINFOHTML = $(MAKEINFO) --html -AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS) -DVIPS = dvips -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -am__installdirs = "$(DESTDIR)$(infodir)" "$(DESTDIR)$(man5dir)" \ - "$(DESTDIR)$(man7dir)" "$(DESTDIR)$(man8dir)" -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -man5dir = $(mandir)/man5 -man7dir = $(mandir)/man7 -man8dir = $(mandir)/man8 -NROFF = nroff -MANS = $(man_MANS) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) # Use `ginstall' in the definition of man_MANS to avoid # confusion with the `install' target. The install rule transforms `ginstall' @@ -126,6 +42,8 @@ transform = s/ginstall/install/; @program_transform_name@ ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -154,7 +72,6 @@ IFSUBTYPE = @IFSUBTYPE@ IFTYPE = @IFTYPE@ INCLUDES = @INCLUDES@ -INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ @@ -172,8 +89,9 @@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ +MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ +MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ MKINSTALLDIRS = @MKINSTALLDIRS@ MSGFMT = @MSGFMT@ MSGMERGE = @MSGMERGE@ @@ -188,30 +106,29 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ POSUB = @POSUB@ RANLIB = @RANLIB@ +ROHC_FALSE = @ROHC_FALSE@ +ROHC_TRUE = @ROHC_TRUE@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ +am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ -builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ @@ -231,148 +148,74 @@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ -mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ + info_TEXINFOS = gvpe.texi + man_MANS = gvpe.5 gvpe.8 gvpectrl.8 gvpe.conf.5 gvpe.protocol.7 gvpe.osdep.5 + PERL = @PERL@ MAINTAINERCLEANFILES = gvpe.texi gvpe.5 gvpe.8 gvpectrl.8 gvpe.conf.5 gvpe.protocol.7 gvpe.osdep.5 + EXTRA_DIST = $(man_MANS) gvpe.texi \ Makefile.maint pod2texi \ gvpe.texi.pod gvpe.5.pod gvpe.8.pod gvpectrl.8.pod gvpe.conf.5.pod gvpe.protocol.7.pod gvpe.osdep.5.pod \ complex-example/README complex-example/if-up complex-example/node-up complex-example/gvpe.conf +subdir = doc +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +DIST_SOURCES = +am__TEXINFO_TEX_DIR = $(srcdir) +INFO_DEPS = +DVIS = +PDFS = +PSS = +TEXINFOS = gvpe.texi + +NROFF = nroff +MANS = $(man_MANS) +DIST_COMMON = $(srcdir)/Makefile.in Makefile.am texinfo.tex all: all-am .SUFFIXES: -.SUFFIXES: .dvi .html .info .pdf .ps .texi -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu doc/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -.texi.info: - restore=: && backupdir="$(am__leading_dot)am$$$$" && \ - am__cwd=`pwd` && $(am__cd) $(srcdir) && \ - rm -rf $$backupdir && mkdir $$backupdir && \ - if ($(MAKEINFO) --version) >/dev/null 2>&1; then \ - for f in $@ $@-[0-9] $@-[0-9][0-9] $(@:.info=).i[0-9] $(@:.info=).i[0-9][0-9]; do \ - if test -f $$f; then mv $$f $$backupdir; restore=mv; else :; fi; \ - done; \ - else :; fi && \ - cd "$$am__cwd"; \ - if $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \ - -o $@ $<; \ - then \ - rc=0; \ - $(am__cd) $(srcdir); \ - else \ - rc=$$?; \ - $(am__cd) $(srcdir) && \ - $$restore $$backupdir/* `echo "./$@" | sed 's|[^/]*$$||'`; \ - fi; \ - rm -rf $$backupdir; exit $$rc - -.texi.dvi: - TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \ - MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \ - $(TEXI2DVI) $< - -.texi.pdf: - TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \ - MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \ - $(TEXI2PDF) $< - -.texi.html: - rm -rf $(@:.html=.htp) - if $(MAKEINFOHTML) $(AM_MAKEINFOHTMLFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \ - -o $(@:.html=.htp) $<; \ - then \ - rm -rf $@; \ - if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \ - mv $(@:.html=) $@; else mv $(@:.html=.htp) $@; fi; \ - else \ - if test ! -d $(@:.html=.htp) && test -d $(@:.html=); then \ - rm -rf $(@:.html=); else rm -Rf $(@:.html=.htp) $@; fi; \ - exit 1; \ - fi -$(srcdir)/gvpe.info: gvpe.texi -gvpe.dvi: gvpe.texi -gvpe.pdf: gvpe.texi -gvpe.html: gvpe.texi +.SUFFIXES: .dvi .ps +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.ac $(ACLOCAL_M4) + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu doc/Makefile +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) +TEXI2DVI = texi2dvi + +TEXI2PDF = $(TEXI2DVI) --pdf --batch +DVIPS = dvips .dvi.ps: - TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \ $(DVIPS) -o $@ $< -uninstall-dvi-am: - @$(NORMAL_UNINSTALL) - @list='$(DVIS)'; test -n "$(dvidir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(dvidir)/$$f'"; \ - rm -f "$(DESTDIR)$(dvidir)/$$f"; \ - done - -uninstall-html-am: - @$(NORMAL_UNINSTALL) - @list='$(HTMLS)'; test -n "$(htmldir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " rm -rf '$(DESTDIR)$(htmldir)/$$f'"; \ - rm -rf "$(DESTDIR)$(htmldir)/$$f"; \ - done - uninstall-info-am: - @$(PRE_UNINSTALL) - @if test -d '$(DESTDIR)$(infodir)' && $(am__can_run_installinfo); then \ + $(PRE_UNINSTALL) + @if (install-info --version && \ + install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \ list='$(INFO_DEPS)'; \ for file in $$list; do \ relfile=`echo "$$file" | sed 's|^.*/||'`; \ - echo " install-info --info-dir='$(DESTDIR)$(infodir)' --remove '$(DESTDIR)$(infodir)/$$relfile'"; \ - if install-info --info-dir="$(DESTDIR)$(infodir)" --remove "$(DESTDIR)$(infodir)/$$relfile"; \ - then :; else test ! -f "$(DESTDIR)$(infodir)/$$relfile" || exit 1; fi; \ + echo " install-info --info-dir=$(DESTDIR)$(infodir) --remove $(DESTDIR)$(infodir)/$$relfile"; \ + install-info --info-dir=$(DESTDIR)$(infodir) --remove $(DESTDIR)$(infodir)/$$relfile; \ done; \ else :; fi @$(NORMAL_UNINSTALL) @@ -380,56 +223,25 @@ for file in $$list; do \ relfile=`echo "$$file" | sed 's|^.*/||'`; \ relfile_i=`echo "$$relfile" | sed 's|\.info$$||;s|$$|.i|'`; \ - (if test -d "$(DESTDIR)$(infodir)" && cd "$(DESTDIR)$(infodir)"; then \ - echo " cd '$(DESTDIR)$(infodir)' && rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]"; \ + (if cd $(DESTDIR)$(infodir); then \ + echo " rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9])"; \ rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]; \ else :; fi); \ done -uninstall-pdf-am: - @$(NORMAL_UNINSTALL) - @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(pdfdir)/$$f'"; \ - rm -f "$(DESTDIR)$(pdfdir)/$$f"; \ - done - -uninstall-ps-am: - @$(NORMAL_UNINSTALL) - @list='$(PSS)'; test -n "$(psdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(psdir)/$$f'"; \ - rm -f "$(DESTDIR)$(psdir)/$$f"; \ - done - dist-info: $(INFO_DEPS) - @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ list='$(INFO_DEPS)'; \ for base in $$list; do \ - case $$base in \ - $(srcdir)/*) base=`echo "$$base" | sed "s|^$$srcdirstrip/||"`;; \ - esac; \ if test -f $$base; then d=.; else d=$(srcdir); fi; \ - base_i=`echo "$$base" | sed 's|\.info$$||;s|$$|.i|'`; \ - for file in $$d/$$base $$d/$$base-[0-9] $$d/$$base-[0-9][0-9] $$d/$$base_i[0-9] $$d/$$base_i[0-9][0-9]; do \ - if test -f $$file; then \ - relfile=`expr "$$file" : "$$d/\(.*\)"`; \ - test -f "$(distdir)/$$relfile" || \ - cp -p $$file "$(distdir)/$$relfile"; \ - else :; fi; \ + for file in $$d/$$base*; do \ + relfile=`expr "$$file" : "$$d/\(.*\)"`; \ + test -f $(distdir)/$$relfile || \ + cp -p $$file $(distdir)/$$relfile; \ done; \ done mostlyclean-aminfo: - -rm -rf gvpe.aux gvpe.cp gvpe.cps gvpe.fn gvpe.fns gvpe.ky gvpe.kys \ - gvpe.log gvpe.pg gvpe.pgs gvpe.tmp gvpe.toc gvpe.tp gvpe.tps \ - gvpe.vr gvpe.vrs - -clean-aminfo: - -test -z "gvpe.dvi gvpe.pdf gvpe.ps gvpe.html" \ - || rm -rf gvpe.dvi gvpe.pdf gvpe.ps gvpe.html + -rm -f maintainer-clean-aminfo: @list='$(INFO_DEPS)'; for i in $$list; do \ @@ -437,182 +249,183 @@ echo " rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]"; \ rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]; \ done -install-man5: $(man_MANS) + +man5dir = $(mandir)/man5 +install-man5: $(man5_MANS) $(man_MANS) @$(NORMAL_INSTALL) - @list1=''; \ - list2='$(man_MANS)'; \ - test -n "$(man5dir)" \ - && test -n "`echo $$list1$$list2`" \ - || exit 0; \ - echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ - { for i in $$list1; do echo "$$i"; done; \ - if test -n "$$list2"; then \ - for i in $$list2; do echo "$$i"; done \ - | sed -n '/\.5[a-z]*$$/p'; \ - fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done | \ - sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ - sed 'N;N;s,\n, ,g' | { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ - fi; \ + $(mkinstalldirs) $(DESTDIR)$(man5dir) + @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.5*) list="$$list $$i" ;; \ + esac; \ done; \ - for i in $$list; do echo "$$i"; done | $(am__base_list) | \ - while read files; do \ - test -z "$$files" || { \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ - done; } - + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 5*) ;; \ + *) ext='5' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \ + done uninstall-man5: @$(NORMAL_UNINSTALL) - @list=''; test -n "$(man5dir)" || exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ - sed -n '/\.5[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ - dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) -install-man7: $(man_MANS) - @$(NORMAL_INSTALL) - @list1=''; \ - list2='$(man_MANS)'; \ - test -n "$(man7dir)" \ - && test -n "`echo $$list1$$list2`" \ - || exit 0; \ - echo " $(MKDIR_P) '$(DESTDIR)$(man7dir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(man7dir)" || exit 1; \ - { for i in $$list1; do echo "$$i"; done; \ - if test -n "$$list2"; then \ - for i in $$list2; do echo "$$i"; done \ - | sed -n '/\.7[a-z]*$$/p'; \ - fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done | \ - sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ - sed 'N;N;s,\n, ,g' | { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man7dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man7dir)/$$inst" || exit $$?; \ - fi; \ + @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.5*) list="$$list $$i" ;; \ + esac; \ done; \ - for i in $$list; do echo "$$i"; done | $(am__base_list) | \ - while read files; do \ - test -z "$$files" || { \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man7dir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(man7dir)" || exit $$?; }; \ - done; } + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 5*) ;; \ + *) ext='5' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \ + rm -f $(DESTDIR)$(man5dir)/$$inst; \ + done +man7dir = $(mandir)/man7 +install-man7: $(man7_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(man7dir) + @list='$(man7_MANS) $(dist_man7_MANS) $(nodist_man7_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.7*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 7*) ;; \ + *) ext='7' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man7dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man7dir)/$$inst; \ + done uninstall-man7: @$(NORMAL_UNINSTALL) - @list=''; test -n "$(man7dir)" || exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ - sed -n '/\.7[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ - dir='$(DESTDIR)$(man7dir)'; $(am__uninstall_files_from_dir) -install-man8: $(man_MANS) - @$(NORMAL_INSTALL) - @list1=''; \ - list2='$(man_MANS)'; \ - test -n "$(man8dir)" \ - && test -n "`echo $$list1$$list2`" \ - || exit 0; \ - echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ - { for i in $$list1; do echo "$$i"; done; \ - if test -n "$$list2"; then \ - for i in $$list2; do echo "$$i"; done \ - | sed -n '/\.8[a-z]*$$/p'; \ - fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done | \ - sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ - sed 'N;N;s,\n, ,g' | { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ - fi; \ + @list='$(man7_MANS) $(dist_man7_MANS) $(nodist_man7_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.7*) list="$$list $$i" ;; \ + esac; \ done; \ - for i in $$list; do echo "$$i"; done | $(am__base_list) | \ - while read files; do \ - test -z "$$files" || { \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ - done; } + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 7*) ;; \ + *) ext='7' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man7dir)/$$inst"; \ + rm -f $(DESTDIR)$(man7dir)/$$inst; \ + done +man8dir = $(mandir)/man8 +install-man8: $(man8_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(man8dir) + @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 8*) ;; \ + *) ext='8' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \ + done uninstall-man8: @$(NORMAL_UNINSTALL) - @list=''; test -n "$(man8dir)" || exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ - dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 8*) ;; \ + *) ext='8' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \ + rm -f $(DESTDIR)$(man8dir)/$$inst; \ + done tags: TAGS TAGS: ctags: CTAGS CTAGS: +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +top_distdir = .. +distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) distdir: $(DISTFILES) - @list='$(MANS)'; if test -n "$$list"; then \ - list=`for p in $$list; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ - if test -n "$$list" && \ - grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ - echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ - grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ - echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ - echo " typically \`make maintainer-clean' will remove them" >&2; \ - exit 1; \ - else :; fi; \ - else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ + $(mkinstalldirs) $(distdir)/complex-example + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkinstalldirs) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done @@ -622,10 +435,9 @@ check-am: all-am check: check-am all-am: Makefile $(INFO_DEPS) $(MANS) + installdirs: - for dir in "$(DESTDIR)$(infodir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man7dir)" "$(DESTDIR)$(man8dir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done + $(mkinstalldirs) $(DESTDIR)$(infodir) $(DESTDIR)$(man5dir) $(DESTDIR)$(man7dir) $(DESTDIR)$(man8dir) install: install-am install-exec: install-exec-am install-data: install-data-am @@ -636,22 +448,16 @@ installcheck: installcheck-am install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -659,7 +465,7 @@ -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am -clean-am: clean-aminfo clean-generic mostlyclean-am +clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile @@ -669,131 +475,44 @@ dvi-am: $(DVIS) -html: html-am - -html-am: $(HTMLS) - info: info-am info-am: $(INFO_DEPS) install-data-am: install-info-am install-man -install-dvi: install-dvi-am - -install-dvi-am: $(DVIS) - @$(NORMAL_INSTALL) - @list='$(DVIS)'; test -n "$(dvidir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(dvidir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(dvidir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dvidir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(dvidir)" || exit $$?; \ - done install-exec-am: -install-html: install-html-am - -install-html-am: $(HTMLS) - @$(NORMAL_INSTALL) - @list='$(HTMLS)'; list2=; test -n "$(htmldir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(htmldir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p" || test -d "$$p"; then d=; else d="$(srcdir)/"; fi; \ - $(am__strip_dir) \ - d2=$$d$$p; \ - if test -d "$$d2"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)/$$f'"; \ - $(MKDIR_P) "$(DESTDIR)$(htmldir)/$$f" || exit 1; \ - echo " $(INSTALL_DATA) '$$d2'/* '$(DESTDIR)$(htmldir)/$$f'"; \ - $(INSTALL_DATA) "$$d2"/* "$(DESTDIR)$(htmldir)/$$f" || exit $$?; \ - else \ - list2="$$list2 $$d2"; \ - fi; \ - done; \ - test -z "$$list2" || { echo "$$list2" | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(htmldir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(htmldir)" || exit $$?; \ - done; } install-info: install-info-am install-info-am: $(INFO_DEPS) @$(NORMAL_INSTALL) - @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ - list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(infodir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(infodir)" || exit 1; \ - fi; \ + $(mkinstalldirs) $(DESTDIR)$(infodir) + @list='$(INFO_DEPS)'; \ for file in $$list; do \ - case $$file in \ - $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ - esac; \ if test -f $$file; then d=.; else d=$(srcdir); fi; \ file_i=`echo "$$file" | sed 's|\.info$$||;s|$$|.i|'`; \ for ifile in $$d/$$file $$d/$$file-[0-9] $$d/$$file-[0-9][0-9] \ - $$d/$$file_i[0-9] $$d/$$file_i[0-9][0-9] ; do \ + $$d/$$file_i[0-9] $$d/$$file_i[0-9][0-9] ; do \ if test -f $$ifile; then \ - echo "$$ifile"; \ + relfile=`echo "$$ifile" | sed 's|^.*/||'`; \ + echo " $(INSTALL_DATA) $$ifile $(DESTDIR)$(infodir)/$$relfile"; \ + $(INSTALL_DATA) $$ifile $(DESTDIR)$(infodir)/$$relfile; \ else : ; fi; \ done; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(infodir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(infodir)" || exit $$?; done + done @$(POST_INSTALL) - @if $(am__can_run_installinfo); then \ - list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \ + @if (install-info --version && \ + install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \ + list='$(INFO_DEPS)'; \ for file in $$list; do \ relfile=`echo "$$file" | sed 's|^.*/||'`; \ - echo " install-info --info-dir='$(DESTDIR)$(infodir)' '$(DESTDIR)$(infodir)/$$relfile'";\ - install-info --info-dir="$(DESTDIR)$(infodir)" "$(DESTDIR)$(infodir)/$$relfile" || :;\ + echo " install-info --info-dir=$(DESTDIR)$(infodir) $(DESTDIR)$(infodir)/$$relfile";\ + install-info --info-dir=$(DESTDIR)$(infodir) $(DESTDIR)$(infodir)/$$relfile || :;\ done; \ else : ; fi install-man: install-man5 install-man7 install-man8 -install-pdf: install-pdf-am - -install-pdf-am: $(PDFS) - @$(NORMAL_INSTALL) - @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(pdfdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(pdfdir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pdfdir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(pdfdir)" || exit $$?; done -install-ps: install-ps-am - -install-ps-am: $(PSS) - @$(NORMAL_INSTALL) - @list='$(PSS)'; test -n "$(psdir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(psdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(psdir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(psdir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(psdir)" || exit $$?; done installcheck-am: maintainer-clean: maintainer-clean-am @@ -813,32 +532,24 @@ ps-am: $(PSS) -uninstall-am: uninstall-dvi-am uninstall-html-am uninstall-info-am \ - uninstall-man uninstall-pdf-am uninstall-ps-am +uninstall-am: uninstall-info-am uninstall-man uninstall-man: uninstall-man5 uninstall-man7 uninstall-man8 -.MAKE: install-am install-strip - -.PHONY: all all-am check check-am clean clean-aminfo clean-generic \ - dist-info distclean distclean-generic distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-man5 install-man7 \ - install-man8 install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-aminfo \ - maintainer-clean-generic mostlyclean mostlyclean-aminfo \ - mostlyclean-generic pdf pdf-am ps ps-am uninstall uninstall-am \ - uninstall-dvi-am uninstall-html-am uninstall-info-am \ - uninstall-man uninstall-man5 uninstall-man7 uninstall-man8 \ - uninstall-pdf-am uninstall-ps-am +.PHONY: all all-am check check-am clean clean-generic dist-info \ + distclean distclean-generic distdir dvi dvi-am info info-am \ + install install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am install-man \ + install-man5 install-man7 install-man8 install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-aminfo maintainer-clean-generic mostlyclean \ + mostlyclean-aminfo mostlyclean-generic pdf pdf-am ps ps-am \ + uninstall uninstall-am uninstall-info-am uninstall-man \ + uninstall-man5 uninstall-man7 uninstall-man8 # For additional rules usually of interest only to the maintainer, # see GNUmakefile and Makefile.maint. - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru gvpe-2.25/lib/Makefile.in gvpe-3.0/lib/Makefile.in --- gvpe-2.25/lib/Makefile.in 2013-07-13 00:42:55.000000000 -0400 +++ gvpe-3.0/lib/Makefile.in 2016-11-10 09:40:18.000000000 -0500 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.6 from Makefile.am. +# Makefile.in generated by automake 1.7.9 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -15,30 +14,16 @@ @SET_MAKE@ - +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ VPATH = @srcdir@ -am__make_dryrun = \ - { \ - am__dry=no; \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ - | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ - *) \ - for am__flg in $$MAKEFLAGS; do \ - case $$am__flg in \ - *=*|--*) ;; \ - *n*) am__dry=yes; break;; \ - esac; \ - done;; \ - esac; \ - test $$am__dry = yes; \ - } pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = .. + am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c @@ -50,53 +35,11 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : -build_triplet = @build@ host_triplet = @host@ -target_triplet = @target@ -subdir = lib -DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in alloca.c -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/m4/tuntap.m4 $(top_srcdir)/libev/libev.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LIBRARIES = $(noinst_LIBRARIES) -AR = ar -ARFLAGS = cru -libgvpe_a_AR = $(AR) $(ARFLAGS) -am_libgvpe_a_OBJECTS = pidfile.$(OBJEXT) getopt.$(OBJEXT) \ - getopt1.$(OBJEXT) dropin.$(OBJEXT) -libgvpe_a_OBJECTS = $(am_libgvpe_a_OBJECTS) -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -SOURCES = $(libgvpe_a_SOURCES) -DIST_SOURCES = $(libgvpe_a_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -HEADERS = $(noinst_HEADERS) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -124,8 +67,8 @@ HAVE_TUNTAP = @HAVE_TUNTAP@ IFSUBTYPE = @IFSUBTYPE@ IFTYPE = @IFTYPE@ + INCLUDES = @INCLUDES@ -I. -I$(top_builddir) -INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ @@ -143,8 +86,9 @@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ +MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ +MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ MKINSTALLDIRS = @MKINSTALLDIRS@ MSGFMT = @MSGFMT@ MSGMERGE = @MSGMERGE@ @@ -159,30 +103,29 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ POSUB = @POSUB@ RANLIB = @RANLIB@ +ROHC_FALSE = @ROHC_FALSE@ +ROHC_TRUE = @ROHC_TRUE@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ +am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ -builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ @@ -202,73 +145,78 @@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ -mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ noinst_LIBRARIES = libgvpe.a + libgvpe_a_SOURCES = pidfile.c getopt.c getopt1.c dropin.c + libgvpe_a_LIBADD = @LIBOBJS@ @ALLOCA@ libgvpe_a_DEPENDENCIES = $(libgvpe_a_LIBADD) + noinst_HEADERS = pidfile.h getopt.h dropin.h gettext.h +subdir = lib +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +LIBRARIES = $(noinst_LIBRARIES) + +libgvpe_a_AR = $(AR) cru +am_libgvpe_a_OBJECTS = pidfile.$(OBJEXT) getopt.$(OBJEXT) \ + getopt1.$(OBJEXT) dropin.$(OBJEXT) +libgvpe_a_OBJECTS = $(am_libgvpe_a_OBJECTS) + +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +@AMDEP_TRUE@DEP_FILES = $(DEPDIR)/alloca.Po ./$(DEPDIR)/dropin.Po \ +@AMDEP_TRUE@ ./$(DEPDIR)/getopt.Po ./$(DEPDIR)/getopt1.Po \ +@AMDEP_TRUE@ ./$(DEPDIR)/pidfile.Po +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DIST_SOURCES = $(libgvpe_a_SOURCES) +HEADERS = $(noinst_HEADERS) + +DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.in Makefile.am \ + alloca.c +SOURCES = $(libgvpe_a_SOURCES) + all: all-am .SUFFIXES: .SUFFIXES: .c .o .obj -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu lib/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu lib/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.ac $(ACLOCAL_M4) + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu lib/Makefile +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) + +AR = ar clean-noinstLIBRARIES: -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES) -libgvpe.a: $(libgvpe_a_OBJECTS) $(libgvpe_a_DEPENDENCIES) $(EXTRA_libgvpe_a_DEPENDENCIES) +libgvpe.a: $(libgvpe_a_OBJECTS) $(libgvpe_a_DEPENDENCIES) -rm -f libgvpe.a $(libgvpe_a_AR) libgvpe.a $(libgvpe_a_OBJECTS) $(libgvpe_a_LIBADD) $(RANLIB) libgvpe.a mostlyclean-compile: - -rm -f *.$(OBJEXT) + -rm -f *.$(OBJEXT) core *.core distclean-compile: -rm -f *.tab.c @@ -280,104 +228,117 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pidfile.Po@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" \ +@am__fastdepCC_TRUE@ -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; \ +@am__fastdepCC_TRUE@ else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; \ +@am__fastdepCC_TRUE@ fi @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< +@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$< .c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" \ +@am__fastdepCC_TRUE@ -c -o $@ `if test -f '$<'; then $(CYGPATH_W) '$<'; else $(CYGPATH_W) '$(srcdir)/$<'; fi`; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; \ +@am__fastdepCC_TRUE@ else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; \ +@am__fastdepCC_TRUE@ fi @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` +@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `if test -f '$<'; then $(CYGPATH_W) '$<'; else $(CYGPATH_W) '$(srcdir)/$<'; fi` +uninstall-info-am: + +ETAGS = etags +ETAGSFLAGS = + +CTAGS = ctags +CTAGSFLAGS = + +tags: TAGS ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ mkid -fID $$unique -tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - set x; \ + tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$tags$$unique" \ + || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique + ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique + $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +top_distdir = .. +distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkinstalldirs) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LIBRARIES) $(HEADERS) + installdirs: install: install-am install-exec: install-exec-am @@ -389,22 +350,16 @@ installcheck: installcheck-am install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -423,40 +378,18 @@ dvi-am: -html: html-am - -html-am: - info: info-am info-am: install-data-am: -install-dvi: install-dvi-am - -install-dvi-am: - install-exec-am: -install-html: install-html-am - -install-html-am: - install-info: install-info-am -install-info-am: - install-man: -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - installcheck-am: maintainer-clean: maintainer-clean-am @@ -476,23 +409,17 @@ ps-am: -uninstall-am: - -.MAKE: install-am install-strip +uninstall-am: uninstall-info-am .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-noinstLIBRARIES ctags distclean distclean-compile \ - distclean-generic distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \ - uninstall-am - + distclean-generic distclean-tags distdir dvi dvi-am info \ + info-am install install-am install-data install-data-am \ + install-exec install-exec-am install-info install-info-am \ + install-man install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \ + ps ps-am tags uninstall uninstall-am uninstall-info-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru gvpe-2.25/libev/ev.c gvpe-3.0/libev/ev.c --- gvpe-2.25/libev/ev.c 2013-07-04 18:32:19.000000000 -0400 +++ gvpe-3.0/libev/ev.c 2016-02-17 23:47:57.000000000 -0500 @@ -1,7 +1,7 @@ /* * libev event processing core, watcher management * - * Copyright (c) 2007,2008,2009,2010,2011,2012 Marc Alexander Lehmann + * Copyright (c) 2007,2008,2009,2010,2011,2012,2013 Marc Alexander Lehmann * All rights reserved. * * Redistribution and use in source and binary forms, with or without modifica- @@ -45,11 +45,11 @@ # include "config.h" # endif -#if HAVE_FLOOR -# ifndef EV_USE_FLOOR -# define EV_USE_FLOOR 1 +# if HAVE_FLOOR +# ifndef EV_USE_FLOOR +# define EV_USE_FLOOR 1 +# endif # endif -#endif # if HAVE_CLOCK_SYSCALL # ifndef EV_USE_CLOCK_SYSCALL @@ -243,10 +243,7 @@ #elif defined _sys_nsig # define EV_NSIG (_sys_nsig) /* Solaris 2.5 */ #else -# error "unable to find value for NSIG, please report" -/* to make it compile regardless, just remove the above line, */ -/* but consider reporting it, too! :) */ -# define EV_NSIG 65 +# define EV_NSIG (8 * sizeof (sigset_t) + 1) #endif #ifndef EV_USE_FLOOR @@ -254,13 +251,22 @@ #endif #ifndef EV_USE_CLOCK_SYSCALL -# if __linux && __GLIBC__ >= 2 +# if __linux && __GLIBC__ == 2 && __GLIBC_MINOR__ < 17 # define EV_USE_CLOCK_SYSCALL EV_FEATURE_OS # else # define EV_USE_CLOCK_SYSCALL 0 # endif #endif +#if !(_POSIX_TIMERS > 0) +# ifndef EV_USE_MONOTONIC +# define EV_USE_MONOTONIC 0 +# endif +# ifndef EV_USE_REALTIME +# define EV_USE_REALTIME 0 +# endif +#endif + #ifndef EV_USE_MONOTONIC # if defined _POSIX_MONOTONIC_CLOCK && _POSIX_MONOTONIC_CLOCK >= 0 # define EV_USE_MONOTONIC EV_FEATURE_OS @@ -487,7 +493,7 @@ /* * libecb - http://software.schmorp.de/pkg/libecb * - * Copyright (©) 2009-2012 Marc Alexander Lehmann + * Copyright (©) 2009-2015 Marc Alexander Lehmann * Copyright (©) 2011 Emanuele Giaquinta * All rights reserved. * @@ -511,13 +517,24 @@ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH- * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Alternatively, the contents of this file may be used under the terms of + * the GNU General Public License ("GPL") version 2 or any later version, + * in which case the provisions of the GPL are applicable instead of + * the above. If you wish to allow the use of your version of this file + * only under the terms of the GPL and not to allow others to use your + * version of this file under the BSD license, indicate your decision + * by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL. If you do not delete the + * provisions above, a recipient may use your version of this file under + * either the BSD or the GPL. */ #ifndef ECB_H #define ECB_H /* 16 bits major, 16 bits minor */ -#define ECB_VERSION 0x00010003 +#define ECB_VERSION 0x00010005 #ifdef _WIN32 typedef signed char int8_t; @@ -544,16 +561,19 @@ #endif #else #include - #if UINTMAX_MAX > 0xffffffffU + #if (defined INTPTR_MAX ? INTPTR_MAX : ULONG_MAX) > 0xffffffffU #define ECB_PTRSIZE 8 #else #define ECB_PTRSIZE 4 #endif #endif +#define ECB_GCC_AMD64 (__amd64 || __amd64__ || __x86_64 || __x86_64__) +#define ECB_MSVC_AMD64 (_M_AMD64 || _M_X64) + /* work around x32 idiocy by defining proper macros */ -#if __x86_64 || _M_AMD64 - #if __ILP32 +#if ECB_GCC_AMD64 || ECB_MSVC_AMD64 + #if _ILP32 #define ECB_AMD64_X32 1 #else #define ECB_AMD64 1 @@ -567,21 +587,41 @@ * we try to detect these and simply assume they are not gcc - if they have * an issue with that they should have done it right in the first place. */ -#ifndef ECB_GCC_VERSION - #if !defined __GNUC_MINOR__ || defined __INTEL_COMPILER || defined __SUNPRO_C || defined __SUNPRO_CC || defined __llvm__ || defined __clang__ - #define ECB_GCC_VERSION(major,minor) 0 - #else - #define ECB_GCC_VERSION(major,minor) (__GNUC__ > (major) || (__GNUC__ == (major) && __GNUC_MINOR__ >= (minor))) - #endif +#if !defined __GNUC_MINOR__ || defined __INTEL_COMPILER || defined __SUNPRO_C || defined __SUNPRO_CC || defined __llvm__ || defined __clang__ + #define ECB_GCC_VERSION(major,minor) 0 +#else + #define ECB_GCC_VERSION(major,minor) (__GNUC__ > (major) || (__GNUC__ == (major) && __GNUC_MINOR__ >= (minor))) +#endif + +#define ECB_CLANG_VERSION(major,minor) (__clang_major__ > (major) || (__clang_major__ == (major) && __clang_minor__ >= (minor))) + +#if __clang__ && defined __has_builtin + #define ECB_CLANG_BUILTIN(x) __has_builtin (x) +#else + #define ECB_CLANG_BUILTIN(x) 0 +#endif + +#if __clang__ && defined __has_extension + #define ECB_CLANG_EXTENSION(x) __has_extension (x) +#else + #define ECB_CLANG_EXTENSION(x) 0 #endif -#define ECB_C (__STDC__+0) /* this assumes that __STDC__ is either empty or a number */ -#define ECB_C99 (__STDC_VERSION__ >= 199901L) -#define ECB_C11 (__STDC_VERSION__ >= 201112L) #define ECB_CPP (__cplusplus+0) #define ECB_CPP11 (__cplusplus >= 201103L) #if ECB_CPP + #define ECB_C 0 + #define ECB_STDC_VERSION 0 +#else + #define ECB_C 1 + #define ECB_STDC_VERSION __STDC_VERSION__ +#endif + +#define ECB_C99 (ECB_STDC_VERSION >= 199901L) +#define ECB_C11 (ECB_STDC_VERSION >= 201112L) + +#if ECB_CPP #define ECB_EXTERN_C extern "C" #define ECB_EXTERN_C_BEG ECB_EXTERN_C { #define ECB_EXTERN_C_END } @@ -604,32 +644,51 @@ #define ECB_MEMORY_FENCE do { } while (0) #endif +/* http://www-01.ibm.com/support/knowledgecenter/SSGH3R_13.1.0/com.ibm.xlcpp131.aix.doc/compiler_ref/compiler_builtins.html */ +#if __xlC__ && ECB_CPP + #include +#endif + +#if 1400 <= _MSC_VER + #include /* fence functions _ReadBarrier, also bit search functions _BitScanReverse */ +#endif + #ifndef ECB_MEMORY_FENCE #if ECB_GCC_VERSION(2,5) || defined __INTEL_COMPILER || (__llvm__ && __GNUC__) || __SUNPRO_C >= 0x5110 || __SUNPRO_CC >= 0x5110 #if __i386 || __i386__ #define ECB_MEMORY_FENCE __asm__ __volatile__ ("lock; orb $0, -1(%%esp)" : : : "memory") #define ECB_MEMORY_FENCE_ACQUIRE __asm__ __volatile__ ("" : : : "memory") #define ECB_MEMORY_FENCE_RELEASE __asm__ __volatile__ ("") - #elif __amd64 || __amd64__ || __x86_64 || __x86_64__ + #elif ECB_GCC_AMD64 #define ECB_MEMORY_FENCE __asm__ __volatile__ ("mfence" : : : "memory") #define ECB_MEMORY_FENCE_ACQUIRE __asm__ __volatile__ ("" : : : "memory") #define ECB_MEMORY_FENCE_RELEASE __asm__ __volatile__ ("") #elif __powerpc__ || __ppc__ || __powerpc64__ || __ppc64__ #define ECB_MEMORY_FENCE __asm__ __volatile__ ("sync" : : : "memory") + #elif defined __ARM_ARCH_2__ \ + || defined __ARM_ARCH_3__ || defined __ARM_ARCH_3M__ \ + || defined __ARM_ARCH_4__ || defined __ARM_ARCH_4T__ \ + || defined __ARM_ARCH_5__ || defined __ARM_ARCH_5E__ \ + || defined __ARM_ARCH_5T__ || defined __ARM_ARCH_5TE__ \ + || defined __ARM_ARCH_5TEJ__ + /* should not need any, unless running old code on newer cpu - arm doesn't support that */ #elif defined __ARM_ARCH_6__ || defined __ARM_ARCH_6J__ \ - || defined __ARM_ARCH_6K__ || defined __ARM_ARCH_6ZK__ + || defined __ARM_ARCH_6K__ || defined __ARM_ARCH_6ZK__ \ + || defined __ARM_ARCH_6T2__ #define ECB_MEMORY_FENCE __asm__ __volatile__ ("mcr p15,0,%0,c7,c10,5" : : "r" (0) : "memory") #elif defined __ARM_ARCH_7__ || defined __ARM_ARCH_7A__ \ - || defined __ARM_ARCH_7M__ || defined __ARM_ARCH_7R__ + || defined __ARM_ARCH_7R__ || defined __ARM_ARCH_7M__ #define ECB_MEMORY_FENCE __asm__ __volatile__ ("dmb" : : : "memory") - #elif __sparc || __sparc__ + #elif __aarch64__ + #define ECB_MEMORY_FENCE __asm__ __volatile__ ("dmb ish" : : : "memory") + #elif (__sparc || __sparc__) && !(__sparc_v8__ || defined __sparcv8) #define ECB_MEMORY_FENCE __asm__ __volatile__ ("membar #LoadStore | #LoadLoad | #StoreStore | #StoreLoad" : : : "memory") #define ECB_MEMORY_FENCE_ACQUIRE __asm__ __volatile__ ("membar #LoadStore | #LoadLoad" : : : "memory") #define ECB_MEMORY_FENCE_RELEASE __asm__ __volatile__ ("membar #LoadStore | #StoreStore") #elif defined __s390__ || defined __s390x__ #define ECB_MEMORY_FENCE __asm__ __volatile__ ("bcr 15,0" : : : "memory") #elif defined __mips__ - /* GNU/Linux emulates sync on mips1 architectures, so we force it's use */ + /* GNU/Linux emulates sync on mips1 architectures, so we force its use */ /* anybody else who still uses mips1 is supposed to send in their version, with detection code. */ #define ECB_MEMORY_FENCE __asm__ __volatile__ (".set mips2; sync; .set mips0" : : : "memory") #elif defined __alpha__ @@ -639,6 +698,12 @@ #define ECB_MEMORY_FENCE_RELEASE __asm__ __volatile__ ("") #elif defined __ia64__ #define ECB_MEMORY_FENCE __asm__ __volatile__ ("mf" : : : "memory") + #elif defined __m68k__ + #define ECB_MEMORY_FENCE __asm__ __volatile__ ("" : : : "memory") + #elif defined __m88k__ + #define ECB_MEMORY_FENCE __asm__ __volatile__ ("tb1 0,%%r0,128" : : : "memory") + #elif defined __sh__ + #define ECB_MEMORY_FENCE __asm__ __volatile__ ("" : : : "memory") #endif #endif #endif @@ -647,18 +712,23 @@ #if ECB_GCC_VERSION(4,7) /* see comment below (stdatomic.h) about the C11 memory model. */ #define ECB_MEMORY_FENCE __atomic_thread_fence (__ATOMIC_SEQ_CST) + #define ECB_MEMORY_FENCE_ACQUIRE __atomic_thread_fence (__ATOMIC_ACQUIRE) + #define ECB_MEMORY_FENCE_RELEASE __atomic_thread_fence (__ATOMIC_RELEASE) - /* The __has_feature syntax from clang is so misdesigned that we cannot use it - * without risking compile time errors with other compilers. We *could* - * define our own ecb_clang_has_feature, but I just can't be bothered to work - * around this shit time and again. - * #elif defined __clang && __has_feature (cxx_atomic) - * // see comment below (stdatomic.h) about the C11 memory model. - * #define ECB_MEMORY_FENCE __c11_atomic_thread_fence (__ATOMIC_SEQ_CST) - */ + #elif ECB_CLANG_EXTENSION(c_atomic) + /* see comment below (stdatomic.h) about the C11 memory model. */ + #define ECB_MEMORY_FENCE __c11_atomic_thread_fence (__ATOMIC_SEQ_CST) + #define ECB_MEMORY_FENCE_ACQUIRE __c11_atomic_thread_fence (__ATOMIC_ACQUIRE) + #define ECB_MEMORY_FENCE_RELEASE __c11_atomic_thread_fence (__ATOMIC_RELEASE) #elif ECB_GCC_VERSION(4,4) || defined __INTEL_COMPILER || defined __clang__ #define ECB_MEMORY_FENCE __sync_synchronize () + #elif _MSC_VER >= 1500 /* VC++ 2008 */ + /* apparently, microsoft broke all the memory barrier stuff in Visual Studio 2008... */ + #pragma intrinsic(_ReadBarrier,_WriteBarrier,_ReadWriteBarrier) + #define ECB_MEMORY_FENCE _ReadWriteBarrier (); MemoryBarrier() + #define ECB_MEMORY_FENCE_ACQUIRE _ReadWriteBarrier (); MemoryBarrier() /* according to msdn, _ReadBarrier is not a load fence */ + #define ECB_MEMORY_FENCE_RELEASE _WriteBarrier (); MemoryBarrier() #elif _MSC_VER >= 1400 /* VC++ 2005 */ #pragma intrinsic(_ReadBarrier,_WriteBarrier,_ReadWriteBarrier) #define ECB_MEMORY_FENCE _ReadWriteBarrier () @@ -688,6 +758,8 @@ /* for most usages, or gcc and clang have a bug */ /* I *currently* lean towards the latter, and inefficiently implement */ /* all three of ecb's fences as a seq_cst fence */ + /* Update, gcc-4.8 generates mfence for all c++ fences, but nothing */ + /* for all __atomic_thread_fence's except seq_cst */ #define ECB_MEMORY_FENCE atomic_thread_fence (memory_order_seq_cst) #endif #endif @@ -720,7 +792,7 @@ /*****************************************************************************/ -#if __cplusplus +#if ECB_CPP #define ecb_inline static inline #elif ECB_GCC_VERSION(2,5) #define ecb_inline static __inline__ @@ -744,35 +816,79 @@ #define ECB_CONCAT(a, b) ECB_CONCAT_(a, b) #define ECB_STRINGIFY_(a) # a #define ECB_STRINGIFY(a) ECB_STRINGIFY_(a) +#define ECB_STRINGIFY_EXPR(expr) ((expr), ECB_STRINGIFY_ (expr)) #define ecb_function_ ecb_inline -#if ECB_GCC_VERSION(3,1) - #define ecb_attribute(attrlist) __attribute__(attrlist) - #define ecb_is_constant(expr) __builtin_constant_p (expr) - #define ecb_expect(expr,value) __builtin_expect ((expr),(value)) - #define ecb_prefetch(addr,rw,locality) __builtin_prefetch (addr, rw, locality) +#if ECB_GCC_VERSION(3,1) || ECB_CLANG_VERSION(2,8) + #define ecb_attribute(attrlist) __attribute__ (attrlist) #else #define ecb_attribute(attrlist) +#endif + +#if ECB_GCC_VERSION(3,1) || ECB_CLANG_BUILTIN(__builtin_constant_p) + #define ecb_is_constant(expr) __builtin_constant_p (expr) +#else + /* possible C11 impl for integral types + typedef struct ecb_is_constant_struct ecb_is_constant_struct; + #define ecb_is_constant(expr) _Generic ((1 ? (struct ecb_is_constant_struct *)0 : (void *)((expr) - (expr)), ecb_is_constant_struct *: 0, default: 1)) */ + #define ecb_is_constant(expr) 0 +#endif + +#if ECB_GCC_VERSION(3,1) || ECB_CLANG_BUILTIN(__builtin_expect) + #define ecb_expect(expr,value) __builtin_expect ((expr),(value)) +#else #define ecb_expect(expr,value) (expr) +#endif + +#if ECB_GCC_VERSION(3,1) || ECB_CLANG_BUILTIN(__builtin_prefetch) + #define ecb_prefetch(addr,rw,locality) __builtin_prefetch (addr, rw, locality) +#else #define ecb_prefetch(addr,rw,locality) #endif /* no emulation for ecb_decltype */ -#if ECB_GCC_VERSION(4,5) - #define ecb_decltype(x) __decltype(x) -#elif ECB_GCC_VERSION(3,0) - #define ecb_decltype(x) __typeof(x) +#if ECB_CPP11 + // older implementations might have problems with decltype(x)::type, work around it + template struct ecb_decltype_t { typedef T type; }; + #define ecb_decltype(x) ecb_decltype_t::type +#elif ECB_GCC_VERSION(3,0) || ECB_CLANG_VERSION(2,8) + #define ecb_decltype(x) __typeof__ (x) +#endif + +#if _MSC_VER >= 1300 + #define ecb_deprecated __declspec (deprecated) +#else + #define ecb_deprecated ecb_attribute ((__deprecated__)) +#endif + +#if _MSC_VER >= 1500 + #define ecb_deprecated_message(msg) __declspec (deprecated (msg)) +#elif ECB_GCC_VERSION(4,5) + #define ecb_deprecated_message(msg) ecb_attribute ((__deprecated__ (msg)) +#else + #define ecb_deprecated_message(msg) ecb_deprecated +#endif + +#if _MSC_VER >= 1400 + #define ecb_noinline __declspec (noinline) +#else + #define ecb_noinline ecb_attribute ((__noinline__)) #endif -#define ecb_noinline ecb_attribute ((__noinline__)) #define ecb_unused ecb_attribute ((__unused__)) #define ecb_const ecb_attribute ((__const__)) #define ecb_pure ecb_attribute ((__pure__)) -#if ECB_C11 +#if ECB_C11 || __IBMC_NORETURN + /* http://www-01.ibm.com/support/knowledgecenter/SSGH3R_13.1.0/com.ibm.xlcpp131.aix.doc/language_ref/noreturn.html */ #define ecb_noreturn _Noreturn +#elif ECB_CPP11 + #define ecb_noreturn [[noreturn]] +#elif _MSC_VER >= 1200 + /* http://msdn.microsoft.com/en-us/library/k6ktzx3s.aspx */ + #define ecb_noreturn __declspec (noreturn) #else #define ecb_noreturn ecb_attribute ((__noreturn__)) #endif @@ -797,7 +913,10 @@ #define ecb_unlikely(expr) ecb_expect_false (expr) /* count trailing zero bits and count # of one bits */ -#if ECB_GCC_VERSION(3,4) +#if ECB_GCC_VERSION(3,4) \ + || (ECB_CLANG_BUILTIN(__builtin_clz) && ECB_CLANG_BUILTIN(__builtin_clzll) \ + && ECB_CLANG_BUILTIN(__builtin_ctz) && ECB_CLANG_BUILTIN(__builtin_ctzll) \ + && ECB_CLANG_BUILTIN(__builtin_popcount)) /* we assume int == 32 bit, long == 32 or 64 bit and long long == 64 bit */ #define ecb_ld32(x) (__builtin_clz (x) ^ 31) #define ecb_ld64(x) (__builtin_clzll (x) ^ 63) @@ -806,10 +925,15 @@ #define ecb_popcount32(x) __builtin_popcount (x) /* no popcountll */ #else - ecb_function_ int ecb_ctz32 (uint32_t x) ecb_const; - ecb_function_ int + ecb_function_ ecb_const int ecb_ctz32 (uint32_t x); + ecb_function_ ecb_const int ecb_ctz32 (uint32_t x) { +#if 1400 <= _MSC_VER && (_M_IX86 || _M_X64 || _M_IA64 || _M_ARM) + unsigned long r; + _BitScanForward (&r, x); + return (int)r; +#else int r = 0; x &= ~x + 1; /* this isolates the lowest bit */ @@ -829,18 +953,25 @@ #endif return r; +#endif } - ecb_function_ int ecb_ctz64 (uint64_t x) ecb_const; - ecb_function_ int + ecb_function_ ecb_const int ecb_ctz64 (uint64_t x); + ecb_function_ ecb_const int ecb_ctz64 (uint64_t x) { - int shift = x & 0xffffffffU ? 0 : 32; +#if 1400 <= _MSC_VER && (_M_X64 || _M_IA64 || _M_ARM) + unsigned long r; + _BitScanForward64 (&r, x); + return (int)r; +#else + int shift = x & 0xffffffff ? 0 : 32; return ecb_ctz32 (x >> shift) + shift; +#endif } - ecb_function_ int ecb_popcount32 (uint32_t x) ecb_const; - ecb_function_ int + ecb_function_ ecb_const int ecb_popcount32 (uint32_t x); + ecb_function_ ecb_const int ecb_popcount32 (uint32_t x) { x -= (x >> 1) & 0x55555555; @@ -851,9 +982,14 @@ return x >> 24; } - ecb_function_ int ecb_ld32 (uint32_t x) ecb_const; - ecb_function_ int ecb_ld32 (uint32_t x) + ecb_function_ ecb_const int ecb_ld32 (uint32_t x); + ecb_function_ ecb_const int ecb_ld32 (uint32_t x) { +#if 1400 <= _MSC_VER && (_M_IX86 || _M_X64 || _M_IA64 || _M_ARM) + unsigned long r; + _BitScanReverse (&r, x); + return (int)r; +#else int r = 0; if (x >> 16) { x >>= 16; r += 16; } @@ -863,33 +999,40 @@ if (x >> 1) { r += 1; } return r; +#endif } - ecb_function_ int ecb_ld64 (uint64_t x) ecb_const; - ecb_function_ int ecb_ld64 (uint64_t x) + ecb_function_ ecb_const int ecb_ld64 (uint64_t x); + ecb_function_ ecb_const int ecb_ld64 (uint64_t x) { +#if 1400 <= _MSC_VER && (_M_X64 || _M_IA64 || _M_ARM) + unsigned long r; + _BitScanReverse64 (&r, x); + return (int)r; +#else int r = 0; if (x >> 32) { x >>= 32; r += 32; } return r + ecb_ld32 (x); +#endif } #endif -ecb_function_ ecb_bool ecb_is_pot32 (uint32_t x) ecb_const; -ecb_function_ ecb_bool ecb_is_pot32 (uint32_t x) { return !(x & (x - 1)); } -ecb_function_ ecb_bool ecb_is_pot64 (uint64_t x) ecb_const; -ecb_function_ ecb_bool ecb_is_pot64 (uint64_t x) { return !(x & (x - 1)); } +ecb_function_ ecb_const ecb_bool ecb_is_pot32 (uint32_t x); +ecb_function_ ecb_const ecb_bool ecb_is_pot32 (uint32_t x) { return !(x & (x - 1)); } +ecb_function_ ecb_const ecb_bool ecb_is_pot64 (uint64_t x); +ecb_function_ ecb_const ecb_bool ecb_is_pot64 (uint64_t x) { return !(x & (x - 1)); } -ecb_function_ uint8_t ecb_bitrev8 (uint8_t x) ecb_const; -ecb_function_ uint8_t ecb_bitrev8 (uint8_t x) +ecb_function_ ecb_const uint8_t ecb_bitrev8 (uint8_t x); +ecb_function_ ecb_const uint8_t ecb_bitrev8 (uint8_t x) { return ( (x * 0x0802U & 0x22110U) - | (x * 0x8020U & 0x88440U)) * 0x10101U >> 16; + | (x * 0x8020U & 0x88440U)) * 0x10101U >> 16; } -ecb_function_ uint16_t ecb_bitrev16 (uint16_t x) ecb_const; -ecb_function_ uint16_t ecb_bitrev16 (uint16_t x) +ecb_function_ ecb_const uint16_t ecb_bitrev16 (uint16_t x); +ecb_function_ ecb_const uint16_t ecb_bitrev16 (uint16_t x) { x = ((x >> 1) & 0x5555) | ((x & 0x5555) << 1); x = ((x >> 2) & 0x3333) | ((x & 0x3333) << 2); @@ -899,8 +1042,8 @@ return x; } -ecb_function_ uint32_t ecb_bitrev32 (uint32_t x) ecb_const; -ecb_function_ uint32_t ecb_bitrev32 (uint32_t x) +ecb_function_ ecb_const uint32_t ecb_bitrev32 (uint32_t x); +ecb_function_ ecb_const uint32_t ecb_bitrev32 (uint32_t x) { x = ((x >> 1) & 0x55555555) | ((x & 0x55555555) << 1); x = ((x >> 2) & 0x33333333) | ((x & 0x33333333) << 2); @@ -913,71 +1056,80 @@ /* popcount64 is only available on 64 bit cpus as gcc builtin */ /* so for this version we are lazy */ -ecb_function_ int ecb_popcount64 (uint64_t x) ecb_const; -ecb_function_ int +ecb_function_ ecb_const int ecb_popcount64 (uint64_t x); +ecb_function_ ecb_const int ecb_popcount64 (uint64_t x) { return ecb_popcount32 (x) + ecb_popcount32 (x >> 32); } -ecb_inline uint8_t ecb_rotl8 (uint8_t x, unsigned int count) ecb_const; -ecb_inline uint8_t ecb_rotr8 (uint8_t x, unsigned int count) ecb_const; -ecb_inline uint16_t ecb_rotl16 (uint16_t x, unsigned int count) ecb_const; -ecb_inline uint16_t ecb_rotr16 (uint16_t x, unsigned int count) ecb_const; -ecb_inline uint32_t ecb_rotl32 (uint32_t x, unsigned int count) ecb_const; -ecb_inline uint32_t ecb_rotr32 (uint32_t x, unsigned int count) ecb_const; -ecb_inline uint64_t ecb_rotl64 (uint64_t x, unsigned int count) ecb_const; -ecb_inline uint64_t ecb_rotr64 (uint64_t x, unsigned int count) ecb_const; - -ecb_inline uint8_t ecb_rotl8 (uint8_t x, unsigned int count) { return (x >> ( 8 - count)) | (x << count); } -ecb_inline uint8_t ecb_rotr8 (uint8_t x, unsigned int count) { return (x << ( 8 - count)) | (x >> count); } -ecb_inline uint16_t ecb_rotl16 (uint16_t x, unsigned int count) { return (x >> (16 - count)) | (x << count); } -ecb_inline uint16_t ecb_rotr16 (uint16_t x, unsigned int count) { return (x << (16 - count)) | (x >> count); } -ecb_inline uint32_t ecb_rotl32 (uint32_t x, unsigned int count) { return (x >> (32 - count)) | (x << count); } -ecb_inline uint32_t ecb_rotr32 (uint32_t x, unsigned int count) { return (x << (32 - count)) | (x >> count); } -ecb_inline uint64_t ecb_rotl64 (uint64_t x, unsigned int count) { return (x >> (64 - count)) | (x << count); } -ecb_inline uint64_t ecb_rotr64 (uint64_t x, unsigned int count) { return (x << (64 - count)) | (x >> count); } - -#if ECB_GCC_VERSION(4,3) +ecb_inline ecb_const uint8_t ecb_rotl8 (uint8_t x, unsigned int count); +ecb_inline ecb_const uint8_t ecb_rotr8 (uint8_t x, unsigned int count); +ecb_inline ecb_const uint16_t ecb_rotl16 (uint16_t x, unsigned int count); +ecb_inline ecb_const uint16_t ecb_rotr16 (uint16_t x, unsigned int count); +ecb_inline ecb_const uint32_t ecb_rotl32 (uint32_t x, unsigned int count); +ecb_inline ecb_const uint32_t ecb_rotr32 (uint32_t x, unsigned int count); +ecb_inline ecb_const uint64_t ecb_rotl64 (uint64_t x, unsigned int count); +ecb_inline ecb_const uint64_t ecb_rotr64 (uint64_t x, unsigned int count); + +ecb_inline ecb_const uint8_t ecb_rotl8 (uint8_t x, unsigned int count) { return (x >> ( 8 - count)) | (x << count); } +ecb_inline ecb_const uint8_t ecb_rotr8 (uint8_t x, unsigned int count) { return (x << ( 8 - count)) | (x >> count); } +ecb_inline ecb_const uint16_t ecb_rotl16 (uint16_t x, unsigned int count) { return (x >> (16 - count)) | (x << count); } +ecb_inline ecb_const uint16_t ecb_rotr16 (uint16_t x, unsigned int count) { return (x << (16 - count)) | (x >> count); } +ecb_inline ecb_const uint32_t ecb_rotl32 (uint32_t x, unsigned int count) { return (x >> (32 - count)) | (x << count); } +ecb_inline ecb_const uint32_t ecb_rotr32 (uint32_t x, unsigned int count) { return (x << (32 - count)) | (x >> count); } +ecb_inline ecb_const uint64_t ecb_rotl64 (uint64_t x, unsigned int count) { return (x >> (64 - count)) | (x << count); } +ecb_inline ecb_const uint64_t ecb_rotr64 (uint64_t x, unsigned int count) { return (x << (64 - count)) | (x >> count); } + +#if ECB_GCC_VERSION(4,3) || (ECB_CLANG_BUILTIN(__builtin_bswap32) && ECB_CLANG_BUILTIN(__builtin_bswap64)) + #if ECB_GCC_VERSION(4,8) || ECB_CLANG_BUILTIN(__builtin_bswap16) + #define ecb_bswap16(x) __builtin_bswap16 (x) + #else #define ecb_bswap16(x) (__builtin_bswap32 (x) >> 16) + #endif #define ecb_bswap32(x) __builtin_bswap32 (x) #define ecb_bswap64(x) __builtin_bswap64 (x) +#elif _MSC_VER + #include + #define ecb_bswap16(x) ((uint16_t)_byteswap_ushort ((uint16_t)(x))) + #define ecb_bswap32(x) ((uint32_t)_byteswap_ulong ((uint32_t)(x))) + #define ecb_bswap64(x) ((uint64_t)_byteswap_uint64 ((uint64_t)(x))) #else - ecb_function_ uint16_t ecb_bswap16 (uint16_t x) ecb_const; - ecb_function_ uint16_t + ecb_function_ ecb_const uint16_t ecb_bswap16 (uint16_t x); + ecb_function_ ecb_const uint16_t ecb_bswap16 (uint16_t x) { return ecb_rotl16 (x, 8); } - ecb_function_ uint32_t ecb_bswap32 (uint32_t x) ecb_const; - ecb_function_ uint32_t + ecb_function_ ecb_const uint32_t ecb_bswap32 (uint32_t x); + ecb_function_ ecb_const uint32_t ecb_bswap32 (uint32_t x) { return (((uint32_t)ecb_bswap16 (x)) << 16) | ecb_bswap16 (x >> 16); } - ecb_function_ uint64_t ecb_bswap64 (uint64_t x) ecb_const; - ecb_function_ uint64_t + ecb_function_ ecb_const uint64_t ecb_bswap64 (uint64_t x); + ecb_function_ ecb_const uint64_t ecb_bswap64 (uint64_t x) { return (((uint64_t)ecb_bswap32 (x)) << 32) | ecb_bswap32 (x >> 32); } #endif -#if ECB_GCC_VERSION(4,5) +#if ECB_GCC_VERSION(4,5) || ECB_CLANG_BUILTIN(__builtin_unreachable) #define ecb_unreachable() __builtin_unreachable () #else /* this seems to work fine, but gcc always emits a warning for it :/ */ - ecb_inline void ecb_unreachable (void) ecb_noreturn; - ecb_inline void ecb_unreachable (void) { } + ecb_inline ecb_noreturn void ecb_unreachable (void); + ecb_inline ecb_noreturn void ecb_unreachable (void) { } #endif /* try to tell the compiler that some condition is definitely true */ #define ecb_assume(cond) if (!(cond)) ecb_unreachable (); else 0 -ecb_inline unsigned char ecb_byteorder_helper (void) ecb_const; -ecb_inline unsigned char +ecb_inline ecb_const uint32_t ecb_byteorder_helper (void); +ecb_inline ecb_const uint32_t ecb_byteorder_helper (void) { /* the union code still generates code under pressure in gcc, */ @@ -986,26 +1138,28 @@ /* the reason why we have this horrible preprocessor mess */ /* is to avoid it in all cases, at least on common architectures */ /* or when using a recent enough gcc version (>= 4.6) */ -#if __i386 || __i386__ || _M_X86 || __amd64 || __amd64__ || _M_X64 - return 0x44; -#elif __BYTE_ORDER__ && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ - return 0x44; -#elif __BYTE_ORDER__ && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ - return 0x11; +#if (defined __BYTE_ORDER__ && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) \ + || ((__i386 || __i386__ || _M_IX86 || ECB_GCC_AMD64 || ECB_MSVC_AMD64) && !__VOS__) + #define ECB_LITTLE_ENDIAN 1 + return 0x44332211; +#elif (defined __BYTE_ORDER__ && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) \ + || ((__AARCH64EB__ || __MIPSEB__ || __ARMEB__) && !__VOS__) + #define ECB_BIG_ENDIAN 1 + return 0x11223344; #else union { - uint32_t i; - uint8_t c; - } u = { 0x11223344 }; - return u.c; + uint8_t c[4]; + uint32_t u; + } u = { 0x11, 0x22, 0x33, 0x44 }; + return u.u; #endif } -ecb_inline ecb_bool ecb_big_endian (void) ecb_const; -ecb_inline ecb_bool ecb_big_endian (void) { return ecb_byteorder_helper () == 0x11; } -ecb_inline ecb_bool ecb_little_endian (void) ecb_const; -ecb_inline ecb_bool ecb_little_endian (void) { return ecb_byteorder_helper () == 0x44; } +ecb_inline ecb_const ecb_bool ecb_big_endian (void); +ecb_inline ecb_const ecb_bool ecb_big_endian (void) { return ecb_byteorder_helper () == 0x11223344; } +ecb_inline ecb_const ecb_bool ecb_little_endian (void); +ecb_inline ecb_const ecb_bool ecb_little_endian (void) { return ecb_byteorder_helper () == 0x44332211; } #if ECB_GCC_VERSION(3,0) || ECB_C99 #define ecb_mod(m,n) ((m) % (n) + ((m) % (n) < 0 ? (n) : 0)) @@ -1013,7 +1167,7 @@ #define ecb_mod(m,n) ((m) < 0 ? ((n) - 1 - ((-1 - (m)) % (n))) : ((m) % (n))) #endif -#if __cplusplus +#if ECB_CPP template static inline T ecb_div_rd (T val, T div) { @@ -1040,6 +1194,102 @@ #define ecb_array_length(name) (sizeof (name) / sizeof (name [0])) #endif +ecb_function_ ecb_const uint32_t ecb_binary16_to_binary32 (uint32_t x); +ecb_function_ ecb_const uint32_t +ecb_binary16_to_binary32 (uint32_t x) +{ + unsigned int s = (x & 0x8000) << (31 - 15); + int e = (x >> 10) & 0x001f; + unsigned int m = x & 0x03ff; + + if (ecb_expect_false (e == 31)) + /* infinity or NaN */ + e = 255 - (127 - 15); + else if (ecb_expect_false (!e)) + { + if (ecb_expect_true (!m)) + /* zero, handled by code below by forcing e to 0 */ + e = 0 - (127 - 15); + else + { + /* subnormal, renormalise */ + unsigned int s = 10 - ecb_ld32 (m); + + m = (m << s) & 0x3ff; /* mask implicit bit */ + e -= s - 1; + } + } + + /* e and m now are normalised, or zero, (or inf or nan) */ + e += 127 - 15; + + return s | (e << 23) | (m << (23 - 10)); +} + +ecb_function_ ecb_const uint16_t ecb_binary32_to_binary16 (uint32_t x); +ecb_function_ ecb_const uint16_t +ecb_binary32_to_binary16 (uint32_t x) +{ + unsigned int s = (x >> 16) & 0x00008000; /* sign bit, the easy part */ + unsigned int e = ((x >> 23) & 0x000000ff) - (127 - 15); /* the desired exponent */ + unsigned int m = x & 0x007fffff; + + x &= 0x7fffffff; + + /* if it's within range of binary16 normals, use fast path */ + if (ecb_expect_true (0x38800000 <= x && x <= 0x477fefff)) + { + /* mantissa round-to-even */ + m += 0x00000fff + ((m >> (23 - 10)) & 1); + + /* handle overflow */ + if (ecb_expect_false (m >= 0x00800000)) + { + m >>= 1; + e += 1; + } + + return s | (e << 10) | (m >> (23 - 10)); + } + + /* handle large numbers and infinity */ + if (ecb_expect_true (0x477fefff < x && x <= 0x7f800000)) + return s | 0x7c00; + + /* handle zero, subnormals and small numbers */ + if (ecb_expect_true (x < 0x38800000)) + { + /* zero */ + if (ecb_expect_true (!x)) + return s; + + /* handle subnormals */ + + /* too small, will be zero */ + if (e < (14 - 24)) /* might not be sharp, but is good enough */ + return s; + + m |= 0x00800000; /* make implicit bit explicit */ + + /* very tricky - we need to round to the nearest e (+10) bit value */ + { + unsigned int bits = 14 - e; + unsigned int half = (1 << (bits - 1)) - 1; + unsigned int even = (m >> bits) & 1; + + /* if this overflows, we will end up with a normalised number */ + m = (m + half + even) >> bits; + } + + return s | m; + } + + /* handle NaNs, preserve leftmost nan bits, but make sure we don't turn them into infinities */ + m >>= 13; + + return s | 0x7c00 | m | !m; +} + /*******************************************************************************/ /* floating point stuff, can be disabled by defining ECB_NO_LIBM */ @@ -1047,27 +1297,53 @@ /* the only noteworthy exception is ancient armle, which uses order 43218765 */ #if 0 \ || __i386 || __i386__ \ - || __amd64 || __amd64__ || __x86_64 || __x86_64__ \ + || ECB_GCC_AMD64 \ || __powerpc__ || __ppc__ || __powerpc64__ || __ppc64__ \ - || defined __arm__ && defined __ARM_EABI__ \ || defined __s390__ || defined __s390x__ \ || defined __mips__ \ || defined __alpha__ \ || defined __hppa__ \ || defined __ia64__ \ - || defined _M_IX86 || defined _M_AMD64 || defined _M_IA64 + || defined __m68k__ \ + || defined __m88k__ \ + || defined __sh__ \ + || defined _M_IX86 || defined ECB_MSVC_AMD64 || defined _M_IA64 \ + || (defined __arm__ && (defined __ARM_EABI__ || defined __EABI__ || defined __VFP_FP__ || defined _WIN32_WCE || defined __ANDROID__)) \ + || defined __aarch64__ #define ECB_STDFP 1 #include /* for memcpy */ #else #define ECB_STDFP 0 - #include /* for frexp*, ldexp* */ #endif #ifndef ECB_NO_LIBM + #include /* for frexp*, ldexp*, INFINITY, NAN */ + + /* only the oldest of old doesn't have this one. solaris. */ + #ifdef INFINITY + #define ECB_INFINITY INFINITY + #else + #define ECB_INFINITY HUGE_VAL + #endif + + #ifdef NAN + #define ECB_NAN NAN + #else + #define ECB_NAN ECB_INFINITY + #endif + + #if ECB_C99 || _XOPEN_VERSION >= 600 || _POSIX_VERSION >= 200112L + #define ecb_ldexpf(x,e) ldexpf ((x), (e)) + #define ecb_frexpf(x,e) frexpf ((x), (e)) + #else + #define ecb_ldexpf(x,e) (float) ldexp ((double) (x), (e)) + #define ecb_frexpf(x,e) (float) frexp ((double) (x), (e)) + #endif + /* convert a float to ieee single/binary32 */ - ecb_function_ uint32_t ecb_float_to_binary32 (float x) ecb_const; - ecb_function_ uint32_t + ecb_function_ ecb_const uint32_t ecb_float_to_binary32 (float x); + ecb_function_ ecb_const uint32_t ecb_float_to_binary32 (float x) { uint32_t r; @@ -1084,7 +1360,7 @@ if (x < -3.40282346638528860e+38f) return 0xff800000U; if (x != x ) return 0x7fbfffffU; - m = frexpf (x, &e) * 0x1000000U; + m = ecb_frexpf (x, &e) * 0x1000000U; r = m & 0x80000000U; @@ -1106,8 +1382,8 @@ } /* converts an ieee single/binary32 to a float */ - ecb_function_ float ecb_binary32_to_float (uint32_t x) ecb_const; - ecb_function_ float + ecb_function_ ecb_const float ecb_binary32_to_float (uint32_t x); + ecb_function_ ecb_const float ecb_binary32_to_float (uint32_t x) { float r; @@ -1127,7 +1403,7 @@ e = 1; /* we distrust ldexpf a bit and do the 2**-24 scaling by an extra multiply */ - r = ldexpf (x * (0.5f / 0x800000U), e - 126); + r = ecb_ldexpf (x * (0.5f / 0x800000U), e - 126); r = neg ? -r : r; #endif @@ -1136,8 +1412,8 @@ } /* convert a double to ieee double/binary64 */ - ecb_function_ uint64_t ecb_double_to_binary64 (double x) ecb_const; - ecb_function_ uint64_t + ecb_function_ ecb_const uint64_t ecb_double_to_binary64 (double x); + ecb_function_ ecb_const uint64_t ecb_double_to_binary64 (double x) { uint64_t r; @@ -1176,8 +1452,8 @@ } /* converts an ieee double/binary64 to a double */ - ecb_function_ double ecb_binary64_to_double (uint64_t x) ecb_const; - ecb_function_ double + ecb_function_ ecb_const double ecb_binary64_to_double (uint64_t x); + ecb_function_ ecb_const double ecb_binary64_to_double (uint64_t x) { double r; @@ -1205,6 +1481,22 @@ return r; } + /* convert a float to ieee half/binary16 */ + ecb_function_ ecb_const uint16_t ecb_float_to_binary16 (float x); + ecb_function_ ecb_const uint16_t + ecb_float_to_binary16 (float x) + { + return ecb_binary32_to_binary16 (ecb_float_to_binary32 (x)); + } + + /* convert an ieee half/binary16 to float */ + ecb_function_ ecb_const float ecb_binary16_to_float (uint16_t x); + ecb_function_ ecb_const float + ecb_binary16_to_float (uint16_t x) + { + return ecb_binary32_to_float (ecb_binary16_to_binary32 (x)); + } + #endif #endif @@ -1237,7 +1529,7 @@ #if EV_FEATURE_CODE # define inline_speed ecb_inline #else -# define inline_speed static noinline +# define inline_speed noinline static #endif #define NUMPRI (EV_MAXPRI - EV_MINPRI + 1) @@ -1294,7 +1586,8 @@ #include /* a floor() replacement function, should be independent of ev_tstamp type */ -static ev_tstamp noinline +noinline +static ev_tstamp ev_floor (ev_tstamp v) { /* the choice of shift factor is not terribly important */ @@ -1336,7 +1629,8 @@ # include #endif -static unsigned int noinline ecb_cold +noinline ecb_cold +static unsigned int ev_linux_version (void) { #ifdef __linux @@ -1375,7 +1669,8 @@ /*****************************************************************************/ #if EV_AVOID_STDIO -static void noinline ecb_cold +noinline ecb_cold +static void ev_printerr (const char *msg) { write (STDERR_FILENO, msg, strlen (msg)); @@ -1384,13 +1679,15 @@ static void (*syserr_cb)(const char *msg) EV_THROW; -void ecb_cold +ecb_cold +void ev_set_syserr_cb (void (*cb)(const char *msg) EV_THROW) EV_THROW { syserr_cb = cb; } -static void noinline ecb_cold +noinline ecb_cold +static void ev_syserr (const char *msg) { if (!msg) @@ -1431,7 +1728,8 @@ static void *(*alloc)(void *ptr, long size) EV_THROW = ev_realloc_emul; -void ecb_cold +ecb_cold +void ev_set_allocator (void *(*cb)(void *ptr, long size) EV_THROW) EV_THROW { alloc = cb; @@ -1650,7 +1948,8 @@ return ncur; } -static void * noinline ecb_cold +noinline ecb_cold +static void * array_realloc (int elem, void *base, int *cur, int cnt) { *cur = array_nextsize (elem, *cur, cnt); @@ -1663,7 +1962,7 @@ #define array_needsize(type,base,cur,cnt,init) \ if (expect_false ((cnt) > (cur))) \ { \ - int ecb_unused ocur_ = (cur); \ + ecb_unused int ocur_ = (cur); \ (base) = (type *)array_realloc \ (sizeof (type), (base), &(cur), (cnt)); \ init ((base) + (ocur_), (cur) - ocur_); \ @@ -1685,12 +1984,14 @@ /*****************************************************************************/ /* dummy callback for pending events */ -static void noinline +noinline +static void pendingcb (EV_P_ ev_prepare *w, int revents) { } -void noinline +noinline +void ev_feed_event (EV_P_ void *w, int revents) EV_THROW { W w_ = (W)w; @@ -1830,7 +2131,8 @@ } /* something about the given fd changed */ -inline_size void +inline_size +void fd_change (EV_P_ int fd, int flags) { unsigned char reify = anfds [fd].reify; @@ -1845,7 +2147,7 @@ } /* the given fd is invalid/unusable, so make sure it doesn't hurt us anymore */ -inline_speed void ecb_cold +inline_speed ecb_cold void fd_kill (EV_P_ int fd) { ev_io *w; @@ -1858,7 +2160,7 @@ } /* check whether the given fd is actually valid, for error recovery */ -inline_size int ecb_cold +inline_size ecb_cold int fd_valid (int fd) { #ifdef _WIN32 @@ -1869,7 +2171,8 @@ } /* called on EBADF to verify fds */ -static void noinline ecb_cold +noinline ecb_cold +static void fd_ebadf (EV_P) { int fd; @@ -1881,7 +2184,8 @@ } /* called on ENOMEM in select/poll to kill some fds and retry */ -static void noinline ecb_cold +noinline ecb_cold +static void fd_enomem (EV_P) { int fd; @@ -1895,7 +2199,8 @@ } /* usually called after fork if backend needs to re-arm all fds from scratch */ -static void noinline +noinline +static void fd_rearm_all (EV_P) { int fd; @@ -2086,7 +2391,8 @@ #if EV_SIGNAL_ENABLE || EV_ASYNC_ENABLE -static void noinline ecb_cold +noinline ecb_cold +static void evpipe_init (EV_P) { if (!ev_is_active (&pipe_w)) @@ -2274,7 +2580,8 @@ ev_feed_signal (signum); } -void noinline +noinline +void ev_feed_signal_event (EV_P_ int signum) EV_THROW { WL w; @@ -2401,20 +2708,20 @@ # include "ev_select.c" #endif -int ecb_cold +ecb_cold int ev_version_major (void) EV_THROW { return EV_VERSION_MAJOR; } -int ecb_cold +ecb_cold int ev_version_minor (void) EV_THROW { return EV_VERSION_MINOR; } /* return true if we are running with elevated privileges and should ignore env variables */ -int inline_size ecb_cold +inline_size ecb_cold int enable_secure (void) { #ifdef _WIN32 @@ -2425,7 +2732,8 @@ #endif } -unsigned int ecb_cold +ecb_cold +unsigned int ev_supported_backends (void) EV_THROW { unsigned int flags = 0; @@ -2439,7 +2747,8 @@ return flags; } -unsigned int ecb_cold +ecb_cold +unsigned int ev_recommended_backends (void) EV_THROW { unsigned int flags = ev_supported_backends (); @@ -2461,7 +2770,8 @@ return flags; } -unsigned int ecb_cold +ecb_cold +unsigned int ev_embeddable_backends (void) EV_THROW { int flags = EVBACKEND_EPOLL | EVBACKEND_KQUEUE | EVBACKEND_PORT; @@ -2517,7 +2827,7 @@ } void -ev_set_invoke_pending_cb (EV_P_ void (*invoke_pending_cb)(EV_P)) EV_THROW +ev_set_invoke_pending_cb (EV_P_ ev_loop_callback invoke_pending_cb) EV_THROW { invoke_cb = invoke_pending_cb; } @@ -2531,7 +2841,8 @@ #endif /* initialise a loop structure, must be zero-initialised */ -static void noinline ecb_cold +noinline ecb_cold +static void loop_init (EV_P_ unsigned int flags) EV_THROW { if (!backend) @@ -2628,7 +2939,8 @@ } /* free up a loop structure */ -void ecb_cold +ecb_cold +void ev_loop_destroy (EV_P) { int i; @@ -2759,7 +3071,7 @@ #endif #if EV_SIGNAL_ENABLE || EV_ASYNC_ENABLE - if (ev_is_active (&pipe_w)) + if (ev_is_active (&pipe_w) && postfork != 2) { /* pipe_write_wanted must be false now, so modifying fd vars should be safe */ @@ -2780,7 +3092,8 @@ #if EV_MULTIPLICITY -struct ev_loop * ecb_cold +ecb_cold +struct ev_loop * ev_loop_new (unsigned int flags) EV_THROW { EV_P = (struct ev_loop *)ev_malloc (sizeof (struct ev_loop)); @@ -2798,7 +3111,8 @@ #endif /* multiplicity */ #if EV_VERIFY -static void noinline ecb_cold +noinline ecb_cold +static void verify_watcher (EV_P_ W w) { assert (("libev: watcher has invalid priority", ABSPRI (w) >= 0 && ABSPRI (w) < NUMPRI)); @@ -2807,7 +3121,8 @@ assert (("libev: pending watcher not on pending queue", pendings [ABSPRI (w)][w->pending - 1].w == w)); } -static void noinline ecb_cold +noinline ecb_cold +static void verify_heap (EV_P_ ANHE *heap, int N) { int i; @@ -2822,7 +3137,8 @@ } } -static void noinline ecb_cold +noinline ecb_cold +static void array_verify (EV_P_ W *ws, int cnt) { while (cnt--) @@ -2921,7 +3237,8 @@ #endif #if EV_MULTIPLICITY -struct ev_loop * ecb_cold +ecb_cold +struct ev_loop * #else int #endif @@ -2979,7 +3296,8 @@ return count; } -void noinline +noinline +void ev_invoke_pending (EV_P) { pendingpri = NUMPRI; @@ -3064,7 +3382,8 @@ #if EV_PERIODIC_ENABLE -static void noinline +noinline +static void periodic_recalc (EV_P_ ev_periodic *w) { ev_tstamp interval = w->interval > MIN_INTERVAL ? w->interval : MIN_INTERVAL; @@ -3132,7 +3451,8 @@ /* simply recalculate all periodics */ /* TODO: maybe ensure that at least one event happens when jumping forward? */ -static void noinline ecb_cold +noinline ecb_cold +static void periodics_reschedule (EV_P) { int i; @@ -3155,7 +3475,8 @@ #endif /* adjust all timers by a given offset */ -static void noinline ecb_cold +noinline ecb_cold +static void timers_reschedule (EV_P_ ev_tstamp adjust) { int i; @@ -3533,7 +3854,8 @@ /*****************************************************************************/ -void noinline +noinline +void ev_io_start (EV_P_ ev_io *w) EV_THROW { int fd = w->fd; @@ -3559,7 +3881,8 @@ EV_FREQUENT_CHECK; } -void noinline +noinline +void ev_io_stop (EV_P_ ev_io *w) EV_THROW { clear_pending (EV_A_ (W)w); @@ -3578,7 +3901,8 @@ EV_FREQUENT_CHECK; } -void noinline +noinline +void ev_timer_start (EV_P_ ev_timer *w) EV_THROW { if (expect_false (ev_is_active (w))) @@ -3602,7 +3926,8 @@ /*assert (("libev: internal timer heap corruption", timers [ev_active (w)] == (WT)w));*/ } -void noinline +noinline +void ev_timer_stop (EV_P_ ev_timer *w) EV_THROW { clear_pending (EV_A_ (W)w); @@ -3632,7 +3957,8 @@ EV_FREQUENT_CHECK; } -void noinline +noinline +void ev_timer_again (EV_P_ ev_timer *w) EV_THROW { EV_FREQUENT_CHECK; @@ -3666,7 +3992,8 @@ } #if EV_PERIODIC_ENABLE -void noinline +noinline +void ev_periodic_start (EV_P_ ev_periodic *w) EV_THROW { if (expect_false (ev_is_active (w))) @@ -3696,7 +4023,8 @@ /*assert (("libev: internal periodic heap corruption", ANHE_w (periodics [ev_active (w)]) == (WT)w));*/ } -void noinline +noinline +void ev_periodic_stop (EV_P_ ev_periodic *w) EV_THROW { clear_pending (EV_A_ (W)w); @@ -3724,7 +4052,8 @@ EV_FREQUENT_CHECK; } -void noinline +noinline +void ev_periodic_again (EV_P_ ev_periodic *w) EV_THROW { /* TODO: use adjustheap and recalculation */ @@ -3739,7 +4068,8 @@ #if EV_SIGNAL_ENABLE -void noinline +noinline +void ev_signal_start (EV_P_ ev_signal *w) EV_THROW { if (expect_false (ev_is_active (w))) @@ -3821,7 +4151,8 @@ EV_FREQUENT_CHECK; } -void noinline +noinline +void ev_signal_stop (EV_P_ ev_signal *w) EV_THROW { clear_pending (EV_A_ (W)w); @@ -3907,14 +4238,15 @@ #define NFS_STAT_INTERVAL 30.1074891 /* for filesystems potentially failing inotify */ #define MIN_STAT_INTERVAL 0.1074891 -static void noinline stat_timer_cb (EV_P_ ev_timer *w_, int revents); +noinline static void stat_timer_cb (EV_P_ ev_timer *w_, int revents); #if EV_USE_INOTIFY /* the * 2 is to allow for alignment padding, which for some reason is >> 8 */ # define EV_INOTIFY_BUFSIZE (sizeof (struct inotify_event) * 2 + NAME_MAX) -static void noinline +noinline +static void infy_add (EV_P_ ev_stat *w) { w->wd = inotify_add_watch (fs_fd, w->path, @@ -3988,7 +4320,8 @@ if (ev_is_active (&w->timer)) ev_unref (EV_A); } -static void noinline +noinline +static void infy_del (EV_P_ ev_stat *w) { int slot; @@ -4005,7 +4338,8 @@ inotify_rm_watch (fs_fd, wd); } -static void noinline +noinline +static void infy_wd (EV_P_ int slot, int wd, struct inotify_event *ev) { if (slot < 0) @@ -4051,7 +4385,8 @@ } } -inline_size void ecb_cold +inline_size ecb_cold +void ev_check_2625 (EV_P) { /* kernels < 2.6.25 are borked @@ -4159,7 +4494,8 @@ w->attr.st_nlink = 1; } -static void noinline +noinline +static void stat_timer_cb (EV_P_ ev_timer *w_, int revents) { ev_stat *w = (ev_stat *)(((char *)w_) - offsetof (ev_stat, timer)); @@ -4379,7 +4715,8 @@ #endif #if EV_EMBED_ENABLE -void noinline +noinline +void ev_embed_sweep (EV_P_ ev_embed *w) EV_THROW { ev_run (w->other, EVRUN_NOWAIT); @@ -4686,7 +5023,8 @@ /*****************************************************************************/ #if EV_WALK_ENABLE -void ecb_cold +ecb_cold +void ev_walk (EV_P_ int types, void (*cb)(EV_P_ int type, void *w)) EV_THROW { int i, j; diff -Nru gvpe-2.25/libev/ev_epoll.c gvpe-3.0/libev/ev_epoll.c --- gvpe-2.25/libev/ev_epoll.c 2012-12-05 13:19:37.000000000 -0500 +++ gvpe-3.0/libev/ev_epoll.c 2016-02-17 23:42:18.000000000 -0500 @@ -179,7 +179,7 @@ if (expect_false ((uint32_t)anfds [fd].egen != (uint32_t)(ev->data.u64 >> 32))) { /* recreate kernel state */ - postfork = 1; + postfork |= 2; continue; } @@ -203,7 +203,7 @@ /* which is fortunately easy to do for us. */ if (epoll_ctl (backend_fd, want ? EPOLL_CTL_MOD : EPOLL_CTL_DEL, fd, ev)) { - postfork = 1; /* an error occurred, recreate kernel state */ + postfork |= 2; /* an error occurred, recreate kernel state */ continue; } } @@ -228,11 +228,15 @@ if (anfds [fd].emask & EV_EMASK_EPERM && events) fd_event (EV_A_ fd, events); else - epoll_eperms [i] = epoll_eperms [--epoll_epermcnt]; + { + epoll_eperms [i] = epoll_eperms [--epoll_epermcnt]; + anfds [fd].emask = 0; + } } } -int inline_size +inline_size +int epoll_init (EV_P_ int flags) { #ifdef EPOLL_CLOEXEC @@ -257,14 +261,16 @@ return EVBACKEND_EPOLL; } -void inline_size +inline_size +void epoll_destroy (EV_P) { ev_free (epoll_events); array_free (epoll_eperm, EMPTY); } -void inline_size +inline_size +void epoll_fork (EV_P) { close (backend_fd); diff -Nru gvpe-2.25/libev/ev.h gvpe-3.0/libev/ev.h --- gvpe-2.25/libev/ev.h 2013-07-12 21:59:26.000000000 -0400 +++ gvpe-3.0/libev/ev.h 2016-06-07 00:32:29.000000000 -0400 @@ -1,7 +1,7 @@ /* * libev native API header * - * Copyright (c) 2007,2008,2009,2010,2011,2012 Marc Alexander Lehmann + * Copyright (c) 2007,2008,2009,2010,2011,2012,2015 Marc Alexander Lehmann * All rights reserved. * * Redistribution and use in source and binary forms, with or without modifica- @@ -42,12 +42,16 @@ #ifdef __cplusplus # define EV_CPP(x) x +# if __cplusplus >= 201103L +# define EV_THROW noexcept +# else +# define EV_THROW throw () +# endif #else # define EV_CPP(x) +# define EV_THROW #endif -#define EV_THROW EV_CPP(throw()) - EV_CPP(extern "C" {) /*****************************************************************************/ @@ -148,6 +152,8 @@ typedef double ev_tstamp; +#include /* for memmove */ + #ifndef EV_ATOMIC_T # include # define EV_ATOMIC_T sig_atomic_t volatile @@ -205,7 +211,7 @@ /*****************************************************************************/ #define EV_VERSION_MAJOR 4 -#define EV_VERSION_MINOR 15 +#define EV_VERSION_MINOR 22 /* eventmask, revents, events... */ enum { @@ -509,10 +515,10 @@ /* method bits to be ored together */ enum { - EVBACKEND_SELECT = 0x00000001U, /* about anywhere */ - EVBACKEND_POLL = 0x00000002U, /* !win */ + EVBACKEND_SELECT = 0x00000001U, /* available just about anywhere */ + EVBACKEND_POLL = 0x00000002U, /* !win, !aix, broken on osx */ EVBACKEND_EPOLL = 0x00000004U, /* linux */ - EVBACKEND_KQUEUE = 0x00000008U, /* bsd */ + EVBACKEND_KQUEUE = 0x00000008U, /* bsd, broken on osx */ EVBACKEND_DEVPOLL = 0x00000010U, /* solaris 8 */ /* NYI */ EVBACKEND_PORT = 0x00000020U, /* solaris 10 */ EVBACKEND_ALL = 0x0000003FU, /* all known backends */ @@ -658,8 +664,10 @@ /* advanced stuff for threading etc. support, see docs */ EV_API_DECL void ev_set_userdata (EV_P_ void *data) EV_THROW; EV_API_DECL void *ev_userdata (EV_P) EV_THROW; -EV_API_DECL void ev_set_invoke_pending_cb (EV_P_ void (*invoke_pending_cb)(EV_P)) EV_THROW; -EV_API_DECL void ev_set_loop_release_cb (EV_P_ void (*release)(EV_P), void (*acquire)(EV_P) EV_THROW) EV_THROW; +typedef void (*ev_loop_callback)(EV_P); +EV_API_DECL void ev_set_invoke_pending_cb (EV_P_ ev_loop_callback invoke_pending_cb) EV_THROW; +/* C++ doesn't allow the use of the ev_loop_callback typedef here, so we need to spell it out */ +EV_API_DECL void ev_set_loop_release_cb (EV_P_ void (*release)(EV_P) EV_THROW, void (*acquire)(EV_P) EV_THROW) EV_THROW; EV_API_DECL unsigned int ev_pending_count (EV_P) EV_THROW; /* number of pending events, if any */ EV_API_DECL void ev_invoke_pending (EV_P); /* invoke all pending watchers */ @@ -713,7 +721,8 @@ #define ev_is_pending(ev) (0 + ((ev_watcher *)(void *)(ev))->pending) /* ro, true when watcher is waiting for callback invocation */ #define ev_is_active(ev) (0 + ((ev_watcher *)(void *)(ev))->active) /* ro, true when the watcher has been started */ -#define ev_cb(ev) (ev)->cb /* rw */ +#define ev_cb_(ev) (ev)->cb /* rw */ +#define ev_cb(ev) (memmove (&ev_cb_ (ev), &((ev_watcher *)(ev))->cb, sizeof (ev_cb_ (ev))), (ev)->cb) #if EV_MINPRI == EV_MAXPRI # define ev_priority(ev) ((ev), EV_MINPRI) @@ -726,11 +735,11 @@ #define ev_periodic_at(ev) (+((ev_watcher_time *)(ev))->at) #ifndef ev_set_cb -# define ev_set_cb(ev,cb_) ev_cb (ev) = (cb_) +# define ev_set_cb(ev,cb_) (ev_cb_ (ev) = (cb_), memmove (&((ev_watcher *)(ev))->cb, &ev_cb_ (ev), sizeof (ev_cb_ (ev)))) #endif /* stopping (enabling, adding) a watcher does nothing if it is already running */ -/* stopping (disabling, deleting) a watcher does nothing unless its already running */ +/* stopping (disabling, deleting) a watcher does nothing unless it's already running */ #if EV_PROTOTYPES /* feeds an event into a watcher as if the event actually occurred */ diff -Nru gvpe-2.25/libev/ev++.h gvpe-3.0/libev/ev++.h --- gvpe-2.25/libev/ev++.h 2013-07-12 21:59:26.000000000 -0400 +++ gvpe-3.0/libev/ev++.h 2015-06-29 10:13:35.000000000 -0400 @@ -575,7 +575,7 @@ } #endif - /* using a template here would require quite a bit more lines, + /* using a template here would require quite a few more lines, * so a macro solution was chosen */ #define EV_BEGIN_WATCHER(cppstem,cstem) \ \ diff -Nru gvpe-2.25/libev/ev_kqueue.c gvpe-3.0/libev/ev_kqueue.c --- gvpe-2.25/libev/ev_kqueue.c 2012-12-05 13:19:37.000000000 -0500 +++ gvpe-3.0/libev/ev_kqueue.c 2016-02-17 23:42:47.000000000 -0500 @@ -1,7 +1,7 @@ /* * libev kqueue backend * - * Copyright (c) 2007,2008,2009,2010,2011,2012 Marc Alexander Lehmann + * Copyright (c) 2007,2008,2009,2010,2011,2012,2013 Marc Alexander Lehmann * All rights reserved. * * Redistribution and use in source and binary forms, with or without modifica- @@ -43,7 +43,8 @@ #include #include -void inline_speed +inline_speed +void kqueue_change (EV_P_ int fd, int filter, int flags, int fflags) { ++kqueue_changecnt; @@ -152,7 +153,8 @@ } } -int inline_size +inline_size +int kqueue_init (EV_P_ int flags) { /* initialize the kernel queue */ @@ -176,14 +178,16 @@ return EVBACKEND_KQUEUE; } -void inline_size +inline_size +void kqueue_destroy (EV_P) { ev_free (kqueue_events); ev_free (kqueue_changes); } -void inline_size +inline_size +void kqueue_fork (EV_P) { /* some BSD kernels don't just destroy the kqueue itself, diff -Nru gvpe-2.25/libev/ev_poll.c gvpe-3.0/libev/ev_poll.c --- gvpe-2.25/libev/ev_poll.c 2012-05-29 11:20:25.000000000 -0400 +++ gvpe-3.0/libev/ev_poll.c 2016-02-17 23:43:02.000000000 -0500 @@ -39,7 +39,8 @@ #include -void inline_size +inline_size +void pollidx_init (int *base, int count) { /* consider using memset (.., -1, ...), which is practically guaranteed @@ -126,7 +127,8 @@ } } -int inline_size +inline_size +int poll_init (EV_P_ int flags) { backend_mintime = 1e-3; @@ -139,7 +141,8 @@ return EVBACKEND_POLL; } -void inline_size +inline_size +void poll_destroy (EV_P) { ev_free (pollidxs); diff -Nru gvpe-2.25/libev/ev_select.c gvpe-3.0/libev/ev_select.c --- gvpe-2.25/libev/ev_select.c 2012-05-29 11:20:25.000000000 -0400 +++ gvpe-3.0/libev/ev_select.c 2016-02-17 23:43:39.000000000 -0500 @@ -271,7 +271,8 @@ #endif } -int inline_size +inline_size +int select_init (EV_P_ int flags) { backend_mintime = 1e-6; @@ -300,7 +301,8 @@ return EVBACKEND_SELECT; } -void inline_size +inline_size +void select_destroy (EV_P) { ev_free (vec_ri); diff -Nru gvpe-2.25/libev/ev_vars.h gvpe-3.0/libev/ev_vars.h --- gvpe-2.25/libev/ev_vars.h 2013-07-12 21:59:26.000000000 -0400 +++ gvpe-3.0/libev/ev_vars.h 2014-09-09 17:49:57.000000000 -0400 @@ -1,7 +1,7 @@ /* * loop member variable declarations * - * Copyright (c) 2007,2008,2009,2010,2011,2012 Marc Alexander Lehmann + * Copyright (c) 2007,2008,2009,2010,2011,2012,2013 Marc Alexander Lehmann * All rights reserved. * * Redistribution and use in source and binary forms, with or without modifica- @@ -194,9 +194,10 @@ VARx(unsigned int, loop_depth) /* #ev_run enters - #ev_run leaves */ VARx(void *, userdata) +/* C++ doesn't support the ev_loop_callback typedef here. stinks. */ VAR (release_cb, void (*release_cb)(EV_P) EV_THROW) VAR (acquire_cb, void (*acquire_cb)(EV_P) EV_THROW) -VAR (invoke_cb , void (*invoke_cb) (EV_P)) +VAR (invoke_cb , ev_loop_callback invoke_cb) #endif #undef VARx diff -Nru gvpe-2.25/libev/ev_win32.c gvpe-3.0/libev/ev_win32.c --- gvpe-2.25/libev/ev_win32.c 2013-06-09 20:14:12.000000000 -0400 +++ gvpe-3.0/libev/ev_win32.c 2015-11-12 02:02:35.000000000 -0500 @@ -39,9 +39,6 @@ #ifdef _WIN32 -/* timeb.h is actually xsi legacy functionality */ -#include - /* note: the comment below could not be substantiated, but what would I care */ /* MSDN says this is required to handle SIGFPE */ /* my wild guess would be that using something floating-pointy is required */ @@ -91,6 +88,8 @@ if (connect (sock [0], (struct sockaddr *)&addr, addr_size)) goto fail; + /* TODO: returns INVALID_SOCKET on winsock accept, not < 0. fix it */ + /* when convenient, probably by just removing error checking altogether? */ if ((sock [1] = accept (listener, 0, 0)) < 0) goto fail; diff -Nru gvpe-2.25/libev/libev.m4 gvpe-3.0/libev/libev.m4 --- gvpe-2.25/libev/libev.m4 2012-05-29 11:20:25.000000000 -0400 +++ gvpe-3.0/libev/libev.m4 2014-05-22 14:53:16.000000000 -0400 @@ -1,12 +1,12 @@ dnl this file is part of libev, do not make local modifications dnl http://software.schmorp.de/pkg/libev -dnl libev support -AC_CHECK_HEADERS(sys/inotify.h sys/epoll.h sys/event.h port.h poll.h sys/select.h sys/eventfd.h sys/signalfd.h) +dnl libev support +AC_CHECK_HEADERS(sys/inotify.h sys/epoll.h sys/event.h port.h poll.h sys/select.h sys/eventfd.h sys/signalfd.h) AC_CHECK_FUNCS(inotify_init epoll_ctl kqueue port_create poll select eventfd signalfd) -AC_CHECK_FUNCS(clock_gettime, [], [ +AC_CHECK_FUNCS(clock_gettime, [], [ dnl on linux, try syscall wrapper first if test $(uname) = Linux; then AC_MSG_CHECKING(for clock_gettime syscall) @@ -21,15 +21,15 @@ [AC_MSG_RESULT(no)]) fi if test -z "$LIBEV_M4_AVOID_LIBRT" && test -z "$ac_have_clock_syscall"; then - AC_CHECK_LIB(rt, clock_gettime) + AC_CHECK_LIB(rt, clock_gettime) unset ac_cv_func_clock_gettime AC_CHECK_FUNCS(clock_gettime) fi ]) -AC_CHECK_FUNCS(nanosleep, [], [ +AC_CHECK_FUNCS(nanosleep, [], [ if test -z "$LIBEV_M4_AVOID_LIBRT"; then - AC_CHECK_LIB(rt, nanosleep) + AC_CHECK_LIB(rt, nanosleep) unset ac_cv_func_nanosleep AC_CHECK_FUNCS(nanosleep) fi diff -Nru gvpe-2.25/m4/Makefile.in gvpe-3.0/m4/Makefile.in --- gvpe-2.25/m4/Makefile.in 2013-07-13 00:42:55.000000000 -0400 +++ gvpe-3.0/m4/Makefile.in 2016-11-10 09:40:18.000000000 -0500 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.6 from Makefile.am. +# Makefile.in generated by automake 1.7.9 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,29 +13,17 @@ # PARTICULAR PURPOSE. @SET_MAKE@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ VPATH = @srcdir@ -am__make_dryrun = \ - { \ - am__dry=no; \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ - | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ - *) \ - for am__flg in $$MAKEFLAGS; do \ - case $$am__flg in \ - *=*|--*) ;; \ - *n*) am__dry=yes; break;; \ - esac; \ - done;; \ - esac; \ - test $$am__dry = yes; \ - } pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = .. + am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c @@ -48,35 +35,11 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : -build_triplet = @build@ host_triplet = @host@ -target_triplet = @target@ -subdir = m4 -DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - ChangeLog -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/m4/tuntap.m4 $(top_srcdir)/libev/libev.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -SOURCES = -DIST_SOURCES = -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -105,7 +68,6 @@ IFSUBTYPE = @IFSUBTYPE@ IFTYPE = @IFTYPE@ INCLUDES = @INCLUDES@ -INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ @@ -123,8 +85,9 @@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ +MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ +MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ MKINSTALLDIRS = @MKINSTALLDIRS@ MSGFMT = @MSGFMT@ MSGMERGE = @MSGMERGE@ @@ -139,30 +102,29 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ POSUB = @POSUB@ RANLIB = @RANLIB@ +ROHC_FALSE = @ROHC_FALSE@ +ROHC_TRUE = @ROHC_TRUE@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ +am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ -builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ @@ -182,103 +144,85 @@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ -mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ + EXTRA_DIST = README Makefile.am.in aclocal-include.m4 codeset.m4 \ gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes-pri.m4 inttypes.m4 \ inttypes_h.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 \ lib-prefix.m4 openssl.m4 progtest.m4 stdint_h.m4 tuntap.m4 uintmax_t.m4 \ ulonglong.m4 +subdir = m4 +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +DIST_SOURCES = +DIST_COMMON = README $(srcdir)/Makefile.in ChangeLog Makefile.am all: all-am .SUFFIXES: -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu m4/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu m4/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.ac $(ACLOCAL_M4) + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu m4/Makefile +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) +uninstall-info-am: tags: TAGS TAGS: ctags: CTAGS CTAGS: +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +top_distdir = .. +distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkinstalldirs) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile + installdirs: install: install-am install-exec: install-exec-am @@ -290,22 +234,16 @@ installcheck: installcheck-am install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -322,40 +260,18 @@ dvi-am: -html: html-am - -html-am: - info: info-am info-am: install-data-am: -install-dvi: install-dvi-am - -install-dvi-am: - install-exec-am: -install-html: install-html-am - -install-html-am: - install-info: install-info-am -install-info-am: - install-man: -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - installcheck-am: maintainer-clean: maintainer-clean-am @@ -374,19 +290,16 @@ ps-am: -uninstall-am: - -.MAKE: install-am install-strip +uninstall-am: uninstall-info-am .PHONY: all all-am check check-am clean clean-generic distclean \ - distclean-generic distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ + distclean-generic distdir dvi dvi-am info info-am install \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am install-man \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic pdf pdf-am ps ps-am uninstall uninstall-am + mostlyclean-generic pdf pdf-am ps ps-am uninstall uninstall-am \ + uninstall-info-am Makefile.am: Makefile.am.in @@ -400,7 +313,6 @@ sed -n '/^##m4-files-end/,$$p' $< >> $@t chmod a-w $@t mv $@t $@ - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru gvpe-2.25/Makefile.in gvpe-3.0/Makefile.in --- gvpe-2.25/Makefile.in 2013-07-13 00:42:55.000000000 -0400 +++ gvpe-3.0/Makefile.in 2016-11-10 09:40:18.000000000 -0500 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.6 from Makefile.am. +# Makefile.in generated by automake 1.7.9 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,29 +13,17 @@ # PARTICULAR PURPOSE. @SET_MAKE@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ VPATH = @srcdir@ -am__make_dryrun = \ - { \ - am__dry=no; \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ - | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ - *) \ - for am__flg in $$MAKEFLAGS; do \ - case $$am__flg in \ - *=*|--*) ;; \ - *n*) am__dry=yes; break;; \ - esac; \ - done;; \ - esac; \ - test $$am__dry = yes; \ - } pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = . + am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c @@ -48,94 +35,11 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : -build_triplet = @build@ host_triplet = @host@ -target_triplet = @target@ -subdir = . -DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in $(srcdir)/config.h.in \ - $(top_srcdir)/configure ABOUT-NLS AUTHORS COPYING ChangeLog \ - INSTALL NEWS TODO config.guess config.rpath config.sub depcomp \ - install-sh missing mkinstalldirs -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/m4/tuntap.m4 $(top_srcdir)/libev/libev.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ - configure.lineno config.status.lineno -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -SOURCES = -DIST_SOURCES = -RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ - html-recursive info-recursive install-data-recursive \ - install-dvi-recursive install-exec-recursive \ - install-html-recursive install-info-recursive \ - install-pdf-recursive install-ps-recursive install-recursive \ - installcheck-recursive installdirs-recursive pdf-recursive \ - ps-recursive uninstall-recursive -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ - $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ - distdir dist dist-all distcheck -ETAGS = etags -CTAGS = ctags -DIST_SUBDIRS = $(SUBDIRS) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -distdir = $(PACKAGE)-$(VERSION) -top_distdir = $(distdir) -am__remove_distdir = \ - if test -d "$(distdir)"; then \ - find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ - && rm -rf "$(distdir)" \ - || { sleep 5 && rm -rf "$(distdir)"; }; \ - else :; fi -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" -DIST_ARCHIVES = $(distdir).tar.gz -GZIP_ENV = --best -distuninstallcheck_listfiles = find . -type f -print -am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ - | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' -distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -164,7 +68,6 @@ IFSUBTYPE = @IFSUBTYPE@ IFTYPE = @IFTYPE@ INCLUDES = @INCLUDES@ -INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ @@ -182,8 +85,9 @@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ +MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ +MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ MKINSTALLDIRS = @MKINSTALLDIRS@ MSGFMT = @MSGFMT@ MSGMERGE = @MSGMERGE@ @@ -198,30 +102,29 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ POSUB = @POSUB@ RANLIB = @RANLIB@ +ROHC_FALSE = @ROHC_FALSE@ +ROHC_TRUE = @ROHC_TRUE@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ +am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ -builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ @@ -241,91 +144,95 @@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ -mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ + AUTOMAKE_OPTIONS = gnu + SUBDIRS = m4 lib src doc po -ACLOCAL_AMFLAGS = -I m4 + +ACLOCAL_AMFLAGS = -I m4 + EXTRA_DIST = config.rpath mkinstalldirs depcomp TODO \ libev/ev.c libev/ev.h libev/libev.m4 libev/ev++.h \ libev/ev_epoll.c libev/ev_kqueue.c libev/ev_poll.c libev/ev_select.c \ libev/ev_vars.h libev/ev_win32.c libev/ev_wrap.h + CVS_CREATED = ABOUT-NLS configure aclocal.m4 config.h.in config.guess \ config.sub install-sh missing mkinstalldirs \ stamp-h.in m4/Makefile.am po/Makefile.in.in \ po/vpe.pot po/*.sed po/*.header po/*.sin po/Rules-quot \ src/.libs intl depcomp +subdir = . +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = +DIST_SOURCES = + +RECURSIVE_TARGETS = info-recursive dvi-recursive pdf-recursive \ + ps-recursive install-info-recursive uninstall-info-recursive \ + all-recursive install-data-recursive install-exec-recursive \ + installdirs-recursive install-recursive uninstall-recursive \ + check-recursive installcheck-recursive +DIST_COMMON = README $(srcdir)/Makefile.in $(srcdir)/configure \ + ABOUT-NLS AUTHORS COPYING ChangeLog INSTALL Makefile.am NEWS \ + TODO aclocal.m4 config.guess config.h.in config.rpath \ + config.sub configure configure.ac depcomp install-sh missing \ + mkinstalldirs +DIST_SUBDIRS = $(SUBDIRS) all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: -am--refresh: Makefile - @: -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \ - $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - echo ' $(SHELL) ./config.status'; \ - $(SHELL) ./config.status;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ - esac; -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.ac $(ACLOCAL_M4) + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu Makefile +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe) + +$(top_builddir)/config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck +$(srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(srcdir)/configure.ac $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES) + cd $(srcdir) && $(AUTOCONF) -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - $(am__cd) $(srcdir) && $(AUTOCONF) -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) -$(am__aclocal_m4_deps): +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ configure.ac m4/aclocal-include.m4 m4/codeset.m4 m4/gettext.m4 m4/glibc21.m4 m4/iconv.m4 m4/intdiv0.m4 m4/inttypes-pri.m4 m4/inttypes.m4 m4/inttypes_h.m4 m4/isc-posix.m4 m4/lcmessage.m4 m4/lib-ld.m4 m4/lib-link.m4 m4/lib-prefix.m4 m4/openssl.m4 m4/progtest.m4 m4/stdint_h.m4 m4/tuntap.m4 m4/uintmax_t.m4 m4/ulonglong.m4 + cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) config.h: stamp-h1 - @if test ! -f $@; then rm -f stamp-h1; else :; fi - @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi + @if test ! -f $@; then \ + rm -f stamp-h1; \ + $(MAKE) stamp-h1; \ + else :; fi stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status config.h -$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) - rm -f stamp-h1 - touch $@ + +$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(top_srcdir)/configure.ac $(ACLOCAL_M4) + cd $(top_srcdir) && $(AUTOHEADER) + touch $(srcdir)/config.h.in distclean-hdr: -rm -f config.h stamp-h1 +uninstall-info-am: # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. @@ -334,13 +241,7 @@ # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): - @fail= failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ + @set fnord $$MAKEFLAGS; amf=$$2; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ @@ -351,21 +252,16 @@ else \ local_target="$$target"; \ fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" -$(RECURSIVE_CLEAN_TARGETS): - @fail= failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ +mostlyclean-recursive clean-recursive distclean-recursive \ +maintainer-clean-recursive: + @set fnord $$MAKEFLAGS; amf=$$2; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ @@ -385,217 +281,167 @@ else \ local_target="$$target"; \ fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done +ETAGS = etags +ETAGSFLAGS = + +CTAGS = ctags +CTAGSFLAGS = + +tags: TAGS + ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ mkid -fID $$unique -tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - set x; \ + tags=; \ here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + if (etags --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ - empty_fix=.; \ else \ include_option=--include; \ - empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + test -f $$subdir/TAGS && \ + tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$tags$$unique" \ + || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique + ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique + $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +top_distdir = . +distdir = $(PACKAGE)-$(VERSION) + +am__remove_distdir = \ + { test ! -d $(distdir) \ + || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -fr $(distdir); }; } + +GZIP_ENV = --best +distuninstallcheck_listfiles = find . -type f -print +distcleancheck_listfiles = find . -type f -print distdir: $(DISTFILES) $(am__remove_distdir) - test -d "$(distdir)" || mkdir "$(distdir)" - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ + mkdir $(distdir) + $(mkinstalldirs) $(distdir)/libev $(distdir)/po + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkinstalldirs) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ - $(am__make_dryrun) \ - || test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ + test -d $(distdir)/$$subdir \ + || mkdir $(distdir)/$$subdir \ + || exit 1; \ + (cd $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ + top_distdir="$(top_distdir)" \ + distdir=../$(distdir)/$$subdir \ distdir) \ || exit 1; \ fi; \ done - -test -n "$(am__skip_mode_fix)" \ - || find "$(distdir)" -type d ! -perm -755 \ + -find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ - ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ - || chmod -R a+r "$(distdir)" + ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r $(distdir) dist-gzip: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__remove_distdir) - -dist-bzip2: distdir - tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 - $(am__remove_distdir) - -dist-lzip: distdir - tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz - $(am__remove_distdir) - -dist-lzma: distdir - tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma - $(am__remove_distdir) - -dist-xz: distdir - tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz - $(am__remove_distdir) - -dist-tarZ: distdir - tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z - $(am__remove_distdir) - -dist-shar: distdir - shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz - $(am__remove_distdir) - -dist-zip: distdir - -rm -f $(distdir).zip - zip -rq $(distdir).zip $(distdir) + $(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__remove_distdir) dist dist-all: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist - case '$(DIST_ARCHIVES)' in \ - *.tar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ - *.tar.bz2*) \ - bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ - *.tar.lzma*) \ - lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ - *.tar.lz*) \ - lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ - *.tar.xz*) \ - xz -dc $(distdir).tar.xz | $(am__untar) ;;\ - *.tar.Z*) \ - uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ - *.shar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ - *.zip*) \ - unzip $(distdir).zip ;;\ - esac + $(am__remove_distdir) + GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(AMTAR) xf - chmod -R a-w $(distdir); chmod u+w $(distdir) mkdir $(distdir)/_build mkdir $(distdir)/_inst chmod a-w $(distdir) - test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ - && am__cwd=`pwd` \ - && $(am__cd) $(distdir)/_build \ + && cd $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ - $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ @@ -607,33 +453,22 @@ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ - (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + (cd ../.. && $(mkinstalldirs) "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ - && $(MAKE) $(AM_MAKEFLAGS) dist \ - && rm -rf $(DIST_ARCHIVES) \ - && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ - && cd "$$am__cwd" \ - || exit 1 + && $(MAKE) $(AM_MAKEFLAGS) dist-gzip \ + && rm -f $(distdir).tar.gz \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck $(am__remove_distdir) - @(echo "$(distdir) archives ready for distribution: "; \ - list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ - sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' + @echo "$(distdir).tar.gz is ready for distribution" | \ + sed 'h;s/./=/g;p;x;p;x' distuninstallcheck: - @test -n '$(distuninstallcheck_dir)' || { \ - echo 'ERROR: trying to run $@ with an empty' \ - '$$(distuninstallcheck_dir)' >&2; \ - exit 1; \ - }; \ - $(am__cd) '$(distuninstallcheck_dir)' || { \ - echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ - exit 1; \ - }; \ - test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ + @cd $(distuninstallcheck_dir) \ + && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ @@ -654,6 +489,7 @@ all-am: Makefile config.h installdirs: installdirs-recursive installdirs-am: + install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive @@ -664,22 +500,16 @@ installcheck: installcheck-recursive install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -697,40 +527,18 @@ dvi-am: -html: html-recursive - -html-am: - info: info-recursive info-am: install-data-am: -install-dvi: install-dvi-recursive - -install-dvi-am: - install-exec-am: -install-html: install-html-recursive - -install-html-am: - install-info: install-info-recursive -install-info-am: - install-man: -install-pdf: install-pdf-recursive - -install-pdf-am: - -install-ps: install-ps-recursive - -install-ps-am: - installcheck-am: maintainer-clean: maintainer-clean-recursive @@ -751,27 +559,26 @@ ps-am: -uninstall-am: - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \ - ctags-recursive install-am install-strip tags-recursive +uninstall-am: uninstall-info-am -.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ - all all-am am--refresh check check-am clean clean-generic \ - ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \ - dist-lzip dist-lzma dist-shar dist-tarZ dist-xz dist-zip \ - distcheck distclean distclean-generic distclean-hdr \ - distclean-tags distcleancheck distdir distuninstallcheck dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-dvi install-dvi-am \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic pdf pdf-am ps ps-am tags tags-recursive \ - uninstall uninstall-am +uninstall-info: uninstall-info-recursive +.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am check check-am clean \ + clean-generic clean-recursive ctags ctags-recursive dist \ + dist-all dist-gzip distcheck distclean distclean-generic \ + distclean-hdr distclean-recursive distclean-tags distcleancheck \ + distdir distuninstallcheck dvi dvi-am dvi-recursive info \ + info-am info-recursive install install-am install-data \ + install-data-am install-data-recursive install-exec \ + install-exec-am install-exec-recursive install-info \ + install-info-am install-info-recursive install-man \ + install-recursive install-strip installcheck installcheck-am \ + installdirs installdirs-am installdirs-recursive \ + maintainer-clean maintainer-clean-generic \ + maintainer-clean-recursive mostlyclean mostlyclean-generic \ + mostlyclean-recursive pdf pdf-am pdf-recursive ps ps-am \ + ps-recursive tags tags-recursive uninstall uninstall-am \ + uninstall-info-am uninstall-info-recursive uninstall-recursive # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru gvpe-2.25/NEWS gvpe-3.0/NEWS --- gvpe-2.25/NEWS 2013-07-13 00:42:43.000000000 -0400 +++ gvpe-3.0/NEWS 2016-11-10 09:40:05.000000000 -0500 @@ -1,5 +1,63 @@ GVPE NEWS +3.0 Thu Nov 10 15:39:58 CET 2016 + - INCOMPATIBLE CHANGE: core protocol version 1.0. + - INCOMPATIBLE CHANGE: node sections are now introduced + with "node nodename", not "node = nodename". + - INCOMPATIBLE CHANGE: gvpectrl -g will now generate a single + keypair, while -G will try to generate all keypairs as before. + - openssl 1.0.2 is the latest supported openssl release, + openssl 1.1.0 is not supported at the moment as the work to + make it compatible to both versions is just too much. a switch + to openssl 1.1 or another library will be done in a future release. + - update examples to not generate keys centrally, but locally on each + node. + - add workaround for temporary/rare ENOBUFS condition. + - while individual packets couldn't be replayed, a whole session + could be replayed - this has been fixed by an extra key exchange. + - fix a delete vs. delete [] mismatch in the central logging function. + - in addition to rsa key exchange and authentication, the handshake now + adds a diffie-hellman key exchange (using curve25119) for perfect + forward secrecy. mac and cipher keys are derived using HKDF. + - rsa key sizes are now configurable and larger (default is 3072). + correspondingly, the minimum mtu is no longer 296 but 576. + - fixed a potential (unverified) buffer overrun on rsa decryption. + - new per-node low-power setting that tries to reduce cpu/network usage. + - router reconnects could cause excessive rekeying on other connections. + - gvpectrl no longer generates all missing public keys, but + only missing private keys. private keys are also put + into the configured location. + - the pid-file now accepts %s as nodename as elsewhere. + - switch to counter mode (only aes supported at the moment in + openssl). this gets rid of the need to generate a random iv, + is likely more secure (and, as a side effect, gets rid of + slow randomness generation. counter mode is often faster + then cbc mode as well, and packets are smaller). + - no longer use RAND_bytes to generate session keys - you NEED + a real source of entropy now (e.g. egd or /dev/random - see the + openssl documentation). + - multiple node statements for the same node are now supported + and will be merged. + - a new directive "global" switches back to the global section + of the config file. + - if-up scripts can now be specified with absolute paths. + - new global option: serial, to detect configuration mismatches. + - use HKDF as authentication proof, not HMAC or a plain hash + (hint by Ilmari Karonen). + - during rekeying or connection establishments, hmac authentication + errors could occur and reset the connection. Transient hmac + authentication errors are now being ignored for 3 seconds. + - log the reason for a conneciton loss. + - use a (hopefully) constant time memcmp to compare internal secrets. + - fix a (harmless) errornous out of bounds stack read that would trigger + gcc's -fsanitize=address. + - bump old packet window size from 512 to 65536. + - update for big changes in openssl 1.1 API, wrap primitives + to make further changes easier. + - correctly check return values for openssl 1.0.0 and later. + - check for both public and private key file when deciding whether + to skip generating a key to avoid accidental overwrites. + 2.25 Sat Jul 13 06:42:33 CEST 2013 - INCOMPATIBLE CHANGE: no longer enable udp protocol if no other protocols are enabled - this is necessary when you have nodes with @@ -18,7 +76,7 @@ to chroot to a specified or anonymous new root, and change user id. - new global configuration options seed_device and seed_interval, to configure another device than /dev/urandom for random seeds, - and to configure a regular imterval to reseed the rng. + and to configure a regular interval to reseed the rng. - prefer inet_aton over gethostbyname, as the latter is not guaranteed to "resolve" literal ip addresses. - configure didn't detect openssl 1.0 because SHA1_version became private @@ -33,7 +91,7 @@ - major, but incremental, dns transport improvements: - do not simply abort in some error cases in the dns transport, but try to recover. - - allow lowercase/uppercase alises for base-n encodings that do + - allow lowercase/uppercase aliases for base-n encodings that do not rely on case. - use base26 instead of base22 encoding for dns syn's, and base36 instead of base22 for headers (saves one byte/packet). diff -Nru gvpe-2.25/po/gvpe.pot gvpe-3.0/po/gvpe.pot --- gvpe-2.25/po/gvpe.pot 2013-07-13 00:45:00.000000000 -0400 +++ gvpe-3.0/po/gvpe.pot 2016-11-10 09:40:47.000000000 -0500 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2013-07-13 06:45+0200\n" +"POT-Creation-Date: 2016-11-10 15:40+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -315,308 +315,286 @@ msgid "Dropping packet of %d bytes to %s: not connected to UML yet" msgstr "" -#: src/conf.C:222 +#: src/conf.C:232 msgid "" "illegal boolean value, only 'yes|true|on' or 'no|false|off' allowed, ignored" msgstr "" -#: src/conf.C:250 +#: src/conf.C:266 msgid "no value given for variable, ignored" msgstr "" -#: src/conf.C:273 +#: src/conf.C:289 msgid "unknown loglevel, ignored" msgstr "" -#: src/conf.C:287 +#: src/conf.C:305 msgid "user specified for chuser not found" msgstr "" -#: src/conf.C:323 -#, c-format -msgid "unable to open public rsa key file '%s': %s" -msgstr "" - -#: src/conf.C:333 -#, c-format -msgid "unable to read public rsa key file '%s': %s" -msgstr "" - -#: src/conf.C:478 +#: src/conf.C:463 msgid "" "illegal value for 'connectmode', use one of 'ondemand', 'never', 'always' or " "'disabled', ignored" msgstr "" -#: src/conf.C:522 +#: src/conf.C:509 msgid "unknown configuration directive - ignored" msgstr "" -#: src/conf.C:532 +#: src/conf.C:519 #, c-format msgid "%s: max-queue value invalid, setting it to 1." msgstr "" -#: src/conf.C:571 -#, c-format -msgid "%s, while parsing command line option '%s'." -msgstr "" - -#: src/conf.C:593 +#: src/conf.C:545 #, c-format msgid "%s, at '%s', line %d." msgstr "" -#: src/conf.C:602 +#: src/conf.C:552 #, c-format msgid "unable to read config file '%s': %s" msgstr "" -#: src/conf.C:631 +#: src/conf.C:581 #, c-format msgid "unable to read private rsa key file '%s': %s" msgstr "" -#: src/conf.C:641 +#: src/conf.C:593 #, c-format msgid "unable to open private rsa key file '%s': %s" msgstr "" -#: src/conf.C:654 +#: src/conf.C:619 +#, c-format +msgid "unable to open public rsa key file '%s': %s" +msgstr "" + +#: src/conf.C:629 +#, c-format +msgid "unable to read public rsa key file '%s': %s" +msgstr "" + +#: src/conf.C:648 +#, c-format +msgid "local node ('%s') not found in config file, aborting." +msgstr "" + +#: src/conf.C:656 #, c-format msgid "private hostkey and public node key mismatch: is '%s' the correct node?" msgstr "" +#: src/conf.C:692 +#, c-format +msgid "command line option '%s' refers to unknown node, ignoring." +msgstr "" + #: src/conf.C:702 #, c-format +msgid "%s, while parsing command line option '%s'." +msgstr "" + +#: src/conf.C:746 +#, c-format msgid "" "\n" "Configuration\n" "\n" msgstr "" -#: src/conf.C:703 +#: src/conf.C:747 #, c-format msgid "# of nodes: %d\n" msgstr "" -#: src/conf.C:704 +#: src/conf.C:748 #, c-format msgid "this node: %s\n" msgstr "" -#: src/conf.C:705 +#: src/conf.C:749 #, c-format msgid "MTU: %d\n" msgstr "" -#: src/conf.C:706 +#: src/conf.C:750 #, c-format msgid "rekeying interval: %d\n" msgstr "" -#: src/conf.C:707 +#: src/conf.C:751 #, c-format msgid "keepalive interval: %d\n" msgstr "" -#: src/conf.C:708 +#: src/conf.C:752 #, c-format msgid "interface: %s\n" msgstr "" -#: src/conf.C:709 +#: src/conf.C:753 #, c-format msgid "primary rsa key: %s\n" msgstr "" -#: src/conf.C:710 +#: src/conf.C:754 #, c-format msgid "rsa key size: %d\n" msgstr "" -#: src/conf.C:714 +#: src/conf.C:758 msgid "ID#" msgstr "" -#: src/conf.C:714 +#: src/conf.C:758 msgid "MAC" msgstr "" -#: src/conf.C:714 +#: src/conf.C:758 msgid "Com" msgstr "" -#: src/conf.C:714 +#: src/conf.C:758 msgid "Conmode" msgstr "" -#: src/conf.C:714 +#: src/conf.C:758 msgid "Node" msgstr "" -#: src/conf.C:714 +#: src/conf.C:758 msgid "Prot" msgstr "" -#: src/conf.C:714 +#: src/conf.C:758 msgid "Host:Port" msgstr "" -#: src/connection.C:600 +#: src/connection.C:592 #, c-format -msgid "major version mismatch (remote %d <=> local %d)" +msgid "%s(%s): major version mismatch (remote %d <=> local %d)" msgstr "" -#: src/connection.C:602 +#: src/connection.C:595 #, c-format -msgid "rand size mismatch (remote %d <=> local %d)" +msgid "%s(%s): cipher algo mismatch (remote %x <=> local %x)" msgstr "" -#: src/connection.C:604 +#: src/connection.C:598 #, c-format -msgid "hmac length mismatch (remote %d <=> local %d)" +msgid "%s(%s): mac algo mismatch (remote %x <=> local %x)" msgstr "" -#: src/connection.C:606 +#: src/connection.C:601 #, c-format -msgid "challenge length mismatch (remote %d <=> local %d)" +msgid "%s(%s): auth algo mismatch (remote %x <=> local %x)" msgstr "" #: src/connection.C:608 #, c-format -msgid "cipher mismatch (remote %x <=> local %x)" -msgstr "" - -#: src/connection.C:610 -#, c-format -msgid "digest mismatch (remote %x <=> local %x)" +msgid "%s(%s): remote serial newer than local serial - outdated config?" msgstr "" -#: src/connection.C:612 +#: src/connection.C:690 #, c-format -msgid "hmac mismatch (remote %x <=> local %x)" +msgid "%s(%s): connection established (%s), protocol version %d.%d." msgstr "" -#: src/connection.C:690 -#, c-format -msgid "%s: possible connection establish (ictx %d, octx %d)" +#: src/connection.C:699 +msgid "node-up command execution failed, continuing." msgstr "" -#: src/connection.C:734 +#: src/connection.C:739 #, c-format msgid "%s: direct connection denied by config." msgstr "" -#: src/connection.C:753 +#: src/connection.C:756 #, c-format msgid "%s: no common protocol, trying to route through %s." msgstr "" -#: src/connection.C:758 +#: src/connection.C:761 #, c-format msgid "%s: node unreachable, no common protocol or no router available." msgstr "" -#: src/connection.C:885 +#: src/connection.C:881 #, c-format msgid "%s: sending direct connection request to %s." msgstr "" -#: src/connection.C:917 +#: src/connection.C:916 #, c-format -msgid "%s(%s): connection lost" +msgid "%s(%s): connection lost (%s)" msgstr "" -#: src/connection.C:924 +#: src/connection.C:923 msgid "node-down command execution failed, continuing." msgstr "" -#: src/connection.C:1059 +#: src/connection.C:1080 #, c-format -msgid "%s(%s): protocol mismatch, disabling node." +msgid "%s(%s): protocol magic mismatch - stray packet?" msgstr "" -#: src/connection.C:1081 src/connection.C:1131 +#: src/connection.C:1086 #, c-format msgid "%s(%s): protocol minor version mismatch: ours is %d, %s's is %d." msgstr "" -#: src/connection.C:1092 +#: src/connection.C:1102 #, c-format msgid "" "%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?" msgstr "" -#: src/connection.C:1114 +#: src/connection.C:1142 #, c-format -msgid "%s(%s): protocol mismatch." -msgstr "" - -#: src/connection.C:1139 -#, c-format -msgid "%s(%s): unrequested auth response, ignoring." -msgstr "" - -#: src/connection.C:1149 -#, c-format -msgid "" -"%s(%s): hmac authentication error on auth response, received invalid packet\n" -"could be an attack, or just corruption or a synchronization error." -msgstr "" - -#: src/connection.C:1171 -#, c-format -msgid "%s(%s): connection established (%s), protocol version %d.%d." +msgid "%s(%s): unrequested or outdated auth response, ignoring." msgstr "" #: src/connection.C:1182 -msgid "node-up command execution failed, continuing." -msgstr "" - -#: src/connection.C:1188 -#, c-format -msgid "%s(%s): sent and received challenge do not match." -msgstr "" - -#: src/connection.C:1213 #, c-format msgid "" "%s(%s): hmac authentication error, received invalid packet\n" "could be an attack, or just corruption or a synchronization error." msgstr "" -#: src/connection.C:1231 +#: src/connection.C:1205 #, c-format msgid "%s(%s): changing socket address to %s." msgstr "" -#: src/connection.C:1240 +#: src/connection.C:1214 msgid "node-change command execution failed, continuing." msgstr "" -#: src/connection.C:1250 +#: src/connection.C:1224 #, c-format msgid "" "received very old packet (received %08lx, expected %08lx). possible replay " "attack, or just packet duplication/delay, ignoring." msgstr "" -#: src/connection.C:1253 +#: src/connection.C:1227 #, c-format msgid "" "received recent duplicated packet (received %08lx, expected %08lx). possible " "replay attack, or just packet duplication, ignoring." msgstr "" -#: src/connection.C:1257 +#: src/connection.C:1231 #, c-format msgid "" "received out-of-sync (far future) packet (received %08lx, expected %08lx). " "probably just massive packet loss, sending reset." msgstr "" -#: src/connection.C:1297 src/connection.C:1336 +#: src/connection.C:1271 src/connection.C:1310 #, c-format msgid "" "received authenticated connection request from unknown node #%d, config file " @@ -692,9 +670,9 @@ msgid "error while reading from %s %s: %s" msgstr "" -#: src/device-linux.C:179 src/device-tincd.C:232 src/device-darwin.C:108 +#: src/device-linux.C:179 #, c-format -msgid "can't write to %s %s: %s" +msgid "can't write %d byte packet to %s %s: %s" msgstr "" #: src/device-tincd.C:98 @@ -721,6 +699,11 @@ msgid "can't read from to %s %s: %s" msgstr "" +#: src/device-tincd.C:232 src/device-darwin.C:108 +#, c-format +msgid "can't write to %s %s: %s" +msgstr "" + #: src/device-darwin.C:57 msgid "darwin tap driver" msgstr "" @@ -732,19 +715,19 @@ "(%d > %d)." msgstr "" -#: src/gvpe.C:95 src/gvpectrl.C:96 +#: src/gvpe.C:96 src/gvpectrl.C:104 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "" -#: src/gvpe.C:98 +#: src/gvpe.C:99 #, c-format msgid "" "Usage: %s [option]... NODENAME\n" "\n" msgstr "" -#: src/gvpe.C:100 +#: src/gvpe.C:101 #, c-format msgid "" " -c, --config=DIR Read configuration options from DIR.\n" @@ -757,32 +740,32 @@ "\n" msgstr "" -#: src/gvpe.C:106 src/gvpectrl.C:108 +#: src/gvpe.C:107 src/gvpectrl.C:117 #, c-format msgid "Report bugs to .\n" msgstr "" -#: src/gvpe.C:164 +#: src/gvpe.C:165 #, c-format msgid "terminating with exit code %d" msgstr "" -#: src/gvpe.C:242 +#: src/gvpe.C:243 #, c-format msgid "unable to open seed device '%s': %s, exiting." msgstr "" -#: src/gvpe.C:278 src/gvpectrl.C:326 +#: src/gvpe.C:290 src/gvpectrl.C:384 #, c-format msgid "%s version %s (built %s %s, protocol version %d.%d)\n" msgstr "" -#: src/gvpe.C:280 src/gvpectrl.C:328 +#: src/gvpe.C:292 src/gvpectrl.C:386 #, c-format msgid "Built with kernel interface %s/%s.\n" msgstr "" -#: src/gvpe.C:282 +#: src/gvpe.C:294 #, c-format msgid "" "Copyright (C) 2003-2011 Marc Lehmann and others.\n" @@ -793,39 +776,40 @@ "see the file COPYING for details.\n" msgstr "" -#: src/gvpe.C:301 +#: src/gvpe.C:313 #, c-format msgid "system call `%s' failed: %s" msgstr "" -#: src/gvpe.C:312 +#: src/gvpe.C:324 msgid "unable to initialise the event loop (bad $LIBEV_METHODS?)" msgstr "" -#: src/gvpe.C:326 +#: src/gvpe.C:338 #, c-format msgid "" "current node not set, or node '%s' not found in configfile, specify the " "nodename when starting gvpe." msgstr "" -#: src/gvpe.C:343 +#: src/gvpe.C:355 msgid "unrecoverable error while setting up network, exiting." msgstr "" -#: src/gvpectrl.C:99 +#: src/gvpectrl.C:107 #, c-format msgid "" "Usage: %s [option]...\n" "\n" msgstr "" -#: src/gvpectrl.C:101 +#: src/gvpectrl.C:109 #, c-format msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -k, --kill[=SIGNAL] Attempt to kill a running gvpe and exit.\n" -" -g, --generate-keys Generate public/private RSA keypair.\n" +" -g, --generate-key=file Generate public/private RSA keypair.\n" +" -G, --generate-keys Generate all public/private RSA keypairs.\n" " -s, --show-config Display the configuration information.\n" " -q, --quiet Be quite quiet.\n" " --help Display this help and exit.\n" @@ -833,24 +817,34 @@ "\n" msgstr "" -#: src/gvpectrl.C:156 +#: src/gvpectrl.C:165 #, c-format msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " "USR1, USR2, WINCH, INT or ALRM.\n" msgstr "" -#: src/gvpectrl.C:275 +#: src/gvpectrl.C:335 +#, c-format +msgid "generated %d bits key for %s.\n" +msgstr "" + +#: src/gvpectrl.C:338 +#, c-format +msgid "'%s' keypair already exists, skipping node %s.\n" +msgstr "" + +#: src/gvpectrl.C:359 #, c-format -msgid "generating %d bits key for %s:\n" +msgid "generated %d bits key as %s.\n" msgstr "" -#: src/gvpectrl.C:286 +#: src/gvpectrl.C:363 #, c-format -msgid "Done.\n" +msgid "'%s' keypair already exists, not generating key.\n" msgstr "" -#: src/gvpectrl.C:330 +#: src/gvpectrl.C:388 #, c-format msgid "" "Copyright (C) 2003-2013 Marc Lehmann and others.\n" @@ -872,254 +866,264 @@ msgid "unable to resolve host '%s'" msgstr "" -#: src/util.C:73 +#: src/util.C:75 #, c-format msgid "A gvpe daemon is already running with pid %d.\n" msgstr "" -#: src/util.C:93 +#: src/util.C:95 #, c-format msgid "No other gvpe daemon is running.\n" msgstr "" -#: src/util.C:102 +#: src/util.C:104 #, c-format msgid "The gvpe daemon is no longer running. " msgstr "" -#: src/util.C:104 +#: src/util.C:106 #, c-format msgid "Removing stale lock file.\n" msgstr "" -#: src/util.C:129 +#: src/util.C:131 #, c-format msgid "couldn't detach from terminal: %s" msgstr "" -#: src/util.C:143 +#: src/util.C:145 #, c-format msgid "gvpe daemon %s (%s %s) starting up." msgstr "" -#: src/util.C:183 +#: src/util.C:185 #, c-format msgid "waiting for an external command failed: %s." msgstr "" -#: src/util.C:189 +#: src/util.C:191 #, c-format msgid "external command returned with exit status %d (%04x)." msgstr "" -#: src/util.C:197 +#: src/util.C:199 #, c-format msgid "unable to fork, exiting: %s" msgstr "" -#: src/vpn.C:134 +#: src/util.C:408 +msgid "" +"Not enough random entropy to generate secure keys. Using weaker pseudo-" +"random session keys." +msgstr "" + +#: src/util.C:410 +msgid "RAND_bytes failed, aborting." +msgstr "" + +#: src/vpn.C:154 #, c-format msgid "unable to create %s socket: %s." msgstr "" -#: src/vpn.C:144 +#: src/vpn.C:164 #, c-format msgid "unable to set nfmark on %s socket: %s" msgstr "" -#: src/vpn.C:179 +#: src/vpn.C:199 #, c-format msgid "can't bind ipv4 socket on %s: %s, exiting." msgstr "" -#: src/vpn.C:219 +#: src/vpn.C:239 #, c-format msgid "can't bind udpv4 on %s: %s, exiting." msgstr "" -#: src/vpn.C:265 +#: src/vpn.C:285 #, c-format msgid "can't bind icmpv4 on %s: %s, exiting." msgstr "" -#: src/vpn.C:294 +#: src/vpn.C:314 #, c-format msgid "can't bind tcpv4 on %s: %s, exiting." msgstr "" -#: src/vpn.C:300 +#: src/vpn.C:320 #, c-format msgid "can't listen tcpv4 on %s: %s, exiting." msgstr "" -#: src/vpn.C:346 +#: src/vpn.C:366 #, c-format msgid "can't bind dnsv4 on %s: %s, exiting." msgstr "" -#: src/vpn.C:359 +#: src/vpn.C:379 msgid "no protocols enabled." msgstr "" -#: src/vpn.C:370 +#: src/vpn.C:390 #, c-format msgid "cannot create network interface '%s'." msgstr "" -#: src/vpn.C:382 +#: src/vpn.C:402 #, c-format msgid "interface initialization command '%s' failed." msgstr "" -#: src/vpn.C:390 +#: src/vpn.C:410 msgid "if-up command execution failed." msgstr "" -#: src/vpn.C:409 +#: src/vpn.C:429 msgid "unable to create anonymous root path." msgstr "" -#: src/vpn.C:415 -msgid "unable to crate anonymous root directory." +#: src/vpn.C:435 +msgid "unable to create anonymous root directory." msgstr "" -#: src/vpn.C:421 +#: src/vpn.C:441 msgid "unable to change to anonymous root directory." msgstr "" -#: src/vpn.C:426 +#: src/vpn.C:446 msgid "unable to remove anonymous root directory, continuing." msgstr "" -#: src/vpn.C:432 +#: src/vpn.C:452 #, c-format msgid "%s: unable to change to specified root directory." msgstr "" -#: src/vpn.C:439 +#: src/vpn.C:459 msgid "unable to set new root directory." msgstr "" -#: src/vpn.C:445 +#: src/vpn.C:465 msgid "unable to set cwd to new root directory." msgstr "" -#: src/vpn.C:453 +#: src/vpn.C:473 #, c-format msgid "unable to change group id to %d." msgstr "" -#: src/vpn.C:460 +#: src/vpn.C:480 #, c-format msgid "unable to change user id to %d." msgstr "" -#: src/vpn.C:552 +#: src/vpn.C:572 #, c-format msgid "<nodename, name)) + return *i; + + return 0; +} + //static bool //is_true (const char *name) //{ @@ -228,7 +238,7 @@ { char *end = line + strlen (line); - while (*end < ' ' && end >= line) + while (end >= line && *end < ' ') end--; *++end = 0; @@ -244,6 +254,12 @@ if (var[0] == '#') return 0; /* comment: ignore */ + if (!strcmp (var, "global")) + { + node = &conf.default_node; + return 0; + } + char *val = strtok (NULL, "\t\n\r ="); if (!val || val[0] == '#') @@ -272,6 +288,8 @@ if (l == L_NONE) return _("unknown loglevel, ignored"); } + else if (!strcmp (var, "serial")) + strncpy (conf.serial, val, sizeof (conf.serial)); else if (!strcmp (var, "ip-proto")) conf.ip_proto = atoi (val); else if (!strcmp (var, "icmp-type")) @@ -299,48 +317,15 @@ // per node else if (!strcmp (var, "node")) { - parse_argv (); - - conf.default_node.id++; - node = new conf_node (conf.default_node); - conf.nodes.push_back (node); - node->nodename = strdup (val); - - { - char *fname; - FILE *f; - - asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); - - f = fopen (fname, "r"); - if (f) - { - node->rsa_key = RSA_new (); - - if (!PEM_read_RSAPublicKey(f, &node->rsa_key, NULL, NULL)) - { - ERR_load_RSA_strings (); ERR_load_PEM_strings (); - slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); - exit (EXIT_FAILURE); - } - - require (RSA_blinding_on (node->rsa_key, 0)); - - fclose (f); - } - else - { - slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno)); - - if (need_keys) - exit (EXIT_FAILURE); - } + node = conf.find_node (val); - free (fname); - } - - if (::thisnode && !strcmp (node->nodename, ::thisnode)) - conf.thisnode = node; + if (!node) + { + conf.default_node.id++; + node = new conf_node (conf.default_node); + conf.nodes.push_back (node); + node->nodename = strdup (val); + } } else if (!strcmp (var, "private-key")) free (conf.prikeyfile), conf.prikeyfile = strdup (val); @@ -481,6 +466,8 @@ parse_bool (node->inherit_tos, "inherit-tos", true, false); else if (!strcmp (var, "compress")) parse_bool (node->compress, "compress", true, false); + else if (!strcmp (var, "low-power")) + parse_bool (node->low_power, "low-power", true, false); // all these bool options really really cost a lot of executable size! else if (!strcmp (var, "enable-tcp")) { @@ -541,41 +528,6 @@ } void -configuration_parser::parse_argv () -{ - for (int i = 0; i < argc; ++i) - { - char *v = argv [i]; - - if (!*v) - continue; - - char *enode = v; - - while (*enode != '.' && *enode > ' ' && *enode != '=' && *enode) - enode++; - - if (*enode != '.') - enode = 0; - - char *wnode = node == &conf.default_node - ? 0 - : node->nodename; - - if ((!wnode && !enode) - || (wnode && enode && !strncmp (wnode, v, enode - v))) - { - const char *warn = parse_line (enode ? enode + 1 : v); - - if (warn) - slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v); - - *v = 0; - } - } -} - -void configuration_parser::parse_file (const char *fname) { if (FILE *f = fopen (fname, "r")) @@ -594,8 +546,6 @@ } fclose (f); - - parse_argv (); } else { @@ -608,7 +558,7 @@ bool need_keys, int argc, char **argv) -: conf (conf),need_keys (need_keys), argc (argc), argv (argv) +: conf (conf), need_keys (need_keys), argc (argc), argv (argv) { char *fname; @@ -638,25 +588,119 @@ } else { - slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno)); - if (need_keys) - exit (EXIT_FAILURE); + { + slog (need_keys ? L_ERR : L_NOTICE, _("unable to open private rsa key file '%s': %s"), fname, strerror (errno)); + exit (EXIT_FAILURE); + } } free (fname); - if (need_keys && ::thisnode - && conf.rsa_key && conf.thisnode && conf.thisnode->rsa_key) - if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0 - || BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0) - { - slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode); - exit (EXIT_FAILURE); - } + fname = conf.config_filename (conf.pidfilename); + free (conf.pidfilename); conf.pidfilename = fname; for (configuration::node_vector::iterator i = conf.nodes.begin(); i != conf.nodes.end(); ++i) - (*i)->finalise (); + { + conf_node *node = *i; + char *fname; + FILE *f; + + asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); + + f = fopen (fname, "r"); + if (f) + { + node->rsa_key = RSA_new (); + + if (!PEM_read_RSAPublicKey (f, &node->rsa_key, NULL, NULL)) + { + ERR_load_RSA_strings (); ERR_load_PEM_strings (); + slog (L_ERR, _("unable to open public rsa key file '%s': %s"), fname, ERR_error_string (ERR_get_error (), 0)); + exit (EXIT_FAILURE); + } + + require (RSA_blinding_on (node->rsa_key, 0)); + + fclose (f); + } + else + { + slog (need_keys ? L_ERR : L_NOTICE, _("unable to read public rsa key file '%s': %s"), fname, strerror (errno)); + + if (need_keys) + exit (EXIT_FAILURE); + } + + free (fname); + + (*i)->finalise (); + } + + if (::thisnode) + { + conf.thisnode = conf.find_node (::thisnode); + + if (need_keys) + { + if (!conf.thisnode) + { + slog (L_NOTICE, _("local node ('%s') not found in config file, aborting."), ::thisnode); + exit (EXIT_FAILURE); + } + + if (conf.rsa_key && conf.thisnode->rsa_key) + if (BN_cmp (conf.rsa_key->n, conf.thisnode->rsa_key->n) != 0 + || BN_cmp (conf.rsa_key->e, conf.thisnode->rsa_key->e) != 0) + { + slog (L_NOTICE, _("private hostkey and public node key mismatch: is '%s' the correct node?"), ::thisnode); + exit (EXIT_FAILURE); + } + } + } + + parse_argv (); +} + +void +configuration_parser::parse_argv () +{ + for (int i = 0; i < argc; ++i) + { + char *v = argv [i]; + + if (!*v) + continue; + + char *enode = v; + + while (*enode != '.' && *enode > ' ' && *enode != '=' && *enode) + enode++; + + if (*enode != '.') + enode = 0; + + if (enode) + { + char *val = strdup (v); + val [enode - v] = 0; + node = conf.find_node (val); + free (val); + + if (!node) + { + slog (L_WARN, _("command line option '%s' refers to unknown node, ignoring."), v); + continue; + } + } + else + node = &conf.default_node; + + const char *warn = parse_line (enode ? enode + 1 : v); + + if (warn) + slog (L_WARN, _("%s, while parsing command line option '%s'."), warn, v); + } } char * @@ -664,7 +708,7 @@ { char *fname; - asprintf (&fname, name ? name : dflt, ::thisnode); + asprintf (&fname, name ? name : dflt, ::thisnode ? ::thisnode : ""); if (!ABSOLUTE_PATH (fname)) { diff -Nru gvpe-2.25/src/conf.h gvpe-3.0/src/conf.h --- gvpe-2.25/src/conf.h 2013-07-12 22:08:10.000000000 -0400 +++ gvpe-3.0/src/conf.h 2015-10-31 02:14:32.000000000 -0400 @@ -34,6 +34,8 @@ #include +#include + #include #include "slog.h" @@ -93,6 +95,7 @@ enum connectmode { C_ONDEMAND, C_NEVER, C_ALWAYS, C_DISABLED } connectmode; bool compress; bool inherit_tos; // inherit TOS in packets send to this destination + bool low_power; // node is a low-power node (reduce cpu usage, wakeups and assume higher latency) vector allow_direct; vector deny_direct; @@ -125,6 +128,7 @@ node_vector nodes; conf_node default_node; conf_node *thisnode; + char serial[SERIAL_SIZE]; char *seed_dev; // the randomd evice to use for seeding double reseed; // the interval between additional seeds int mtu; // the mtu used for outgoing tunnel packets @@ -170,6 +174,8 @@ void cleanup (); void clear (); + conf_node *find_node (const char *name); + // create a filename from string, replacing %s by the nodename // and using relative paths under confbase. char *config_filename (const char *name, const char *dflt = 0); diff -Nru gvpe-2.25/src/connection.C gvpe-3.0/src/connection.C --- gvpe-2.25/src/connection.C 2013-07-09 21:50:26.000000000 -0400 +++ gvpe-3.0/src/connection.C 2016-06-30 07:53:02.000000000 -0400 @@ -1,6 +1,6 @@ /* connection.C -- manage a single connection - Copyright (C) 2003-2008,2010,2011 Marc Lehmann + Copyright (C) 2003-2008,2010,2011,2013,2016 Marc Lehmann This file is part of GVPE. @@ -35,6 +35,7 @@ #include #include +#include #include #include #include @@ -42,18 +43,15 @@ #include "conf.h" #include "slog.h" +#include "crypto.h" #include "device.h" #include "vpn.h" #include "connection.h" +#include "hkdf.h" #include "netcompat.h" -#if !HAVE_RAND_PSEUDO_BYTES -# define RAND_pseudo_bytes RAND_bytes -#endif - -#define MAGIC_OLD "vped\xbd\xc6\xdb\x82" // 8 bytes of magic (still used in the protocol) -#define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic (understood but not generated) +#define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic #define ULTRA_FAST 1 #define HLOG 15 @@ -107,108 +105,103 @@ struct crypto_ctx { - EVP_CIPHER_CTX cctx; - HMAC_CTX hctx; + cipher cctx; + hmac hctx; - crypto_ctx (const rsachallenge &challenge, int enc); + crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc); ~crypto_ctx (); }; -crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc) +crypto_ctx::crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc) { - EVP_CIPHER_CTX_init (&cctx); - require (EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc)); - HMAC_CTX_init (&hctx); - HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0); -} + ecdh_key s; -crypto_ctx::~crypto_ctx () -{ - require (EVP_CIPHER_CTX_cleanup (&cctx)); - HMAC_CTX_cleanup (&hctx); -} + curve25519_combine (a, b, s); -static void -rsa_hash (const rsaid &id, const rsachallenge &chg, rsaresponse &h) -{ - EVP_MD_CTX ctx; + { + u8 mac_key[MAC_KEYSIZE]; + static const unsigned char mac_info[] = "gvpe mac key"; - EVP_MD_CTX_init (&ctx); - require (EVP_DigestInit (&ctx, RSA_HASH)); - require (EVP_DigestUpdate (&ctx, &chg, sizeof chg)); - require (EVP_DigestUpdate (&ctx, &id, sizeof id)); - require (EVP_DigestFinal (&ctx, (unsigned char *)&h, 0)); - EVP_MD_CTX_cleanup (&ctx); -} + hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ()); + kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key)); + kdf.extract (s, sizeof (s)); + kdf.extract_done (HKDF_PRF_HASH ()); + kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info)); -struct rsa_entry -{ - tstamp expire; - rsaid id; - rsachallenge chg; -}; + hctx.init (mac_key, MAC_KEYSIZE, MAC_DIGEST ()); + } -struct rsa_cache : list -{ - inline void cleaner_cb (ev::timer &w, int revents); ev::timer cleaner; - - bool find (const rsaid &id, rsachallenge &chg) { - for (iterator i = begin (); i != end (); ++i) - { - if (!memcmp (&id, &i->id, sizeof id) && i->expire > ev_now ()) - { - memcpy (&chg, &i->chg, sizeof chg); + u8 cipher_key[CIPHER_KEYSIZE]; + static const unsigned char cipher_info[] = "gvpe cipher key"; - erase (i); - return true; - } - } + hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ()); + kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key)); + kdf.extract (s, sizeof (s)); + kdf.extract_done (HKDF_PRF_HASH ()); + kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info)); - if (!cleaner.is_active ()) - cleaner.again (); - - return false; + EVP_CIPHER_CTX_init (cctx); + require (EVP_CipherInit_ex (cctx, CIPHER (), 0, cipher_key, 0, enc)); } +} - void gen (rsaid &id, rsachallenge &chg) - { - rsa_entry e; +crypto_ctx::~crypto_ctx () +{ + require (EVP_CIPHER_CTX_cleanup (cctx)); +} - RAND_bytes ((unsigned char *)&id, sizeof id); - RAND_bytes ((unsigned char *)&chg, sizeof chg); +static inline void +auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr) +{ + if (RSA_public_encrypt (sizeof (auth.rsa), + (unsigned char *)&auth.rsa, (unsigned char *)&encr.rsa, + key, RSA_PKCS1_OAEP_PADDING) < 0) + fatal ("RSA_public_encrypt error"); - e.expire = ev_now () + RSA_TTL; - e.id = id; - memcpy (&e.chg, &chg, sizeof chg); + memcpy (&encr.ecdh, &auth.ecdh, sizeof (encr.ecdh)); +} - push_back (e); +static inline bool +auth_decrypt (RSA *key, const auth_encr &encr, auth_data &auth) +{ + u8 rsa_decrypt[RSA_KEYLEN]; - if (!cleaner.is_active ()) - cleaner.again (); - } + if (RSA_private_decrypt (sizeof (encr.rsa), + (const unsigned char *)&encr.rsa, (unsigned char *)rsa_decrypt, + key, RSA_PKCS1_OAEP_PADDING) != sizeof (auth.rsa)) + return 0; - rsa_cache () - { - cleaner.set (this); - cleaner.set (RSA_TTL, RSA_TTL); - } + memcpy (&auth.rsa, rsa_decrypt, sizeof (auth.rsa)); + memcpy (&auth.ecdh, &encr.ecdh, sizeof (auth.ecdh)); -} rsa_cache; + return 1; +} + +static void +auth_hash (const auth_data &auth, const ecdh_key &b, auth_mac &mac) +{ + hkdf kdf (b, sizeof b, AUTH_DIGEST ()); // use response ecdh b as salt + kdf.extract (&auth.rsa, sizeof (auth.rsa)); + kdf.extract_done (); + kdf.expand (mac, sizeof mac, auth.ecdh, sizeof (auth.ecdh)); // use challenge ecdh b as info +} void -rsa_cache::cleaner_cb (ev::timer &w, int revents) +connection::generate_auth_data () { - if (empty ()) - w.stop (); - else + if (auth_expire < ev_now ()) { - for (iterator i = begin (); i != end (); ) - if (i->expire <= ev_now ()) - i = erase (i); - else - ++i; + // request data + rand_fill (snd_auth.rsa); + curve25519_generate (snd_ecdh_a, snd_auth.ecdh); + + // eventual response data + curve25519_generate (rcv_ecdh_a, rcv_ecdh_b); } + + // every use prolongs the expiry + auth_expire = ev_now () + AUTH_TTL; } ////////////////////////////////////////////////////////////////////////////// @@ -367,35 +360,28 @@ ///////////////////////////////////////////////////////////////////////////// -unsigned char hmac_packet::hmac_digest[EVP_MAX_MD_SIZE]; - void -hmac_packet::hmac_gen (crypto_ctx *ctx) +hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest) { - unsigned int xlen; - - HMAC_CTX *hctx = &ctx->hctx; - - HMAC_Init_ex (hctx, 0, 0, 0, 0); - HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), - len - sizeof (hmac_packet)); - HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen); + ctx->hctx.init (); + ctx->hctx.add (((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet)); + ctx->hctx.digest (hmac_digest); } void hmac_packet::hmac_set (crypto_ctx *ctx) { - hmac_gen (ctx); - + unsigned char hmac_digest[EVP_MAX_MD_SIZE]; + hmac_gen (ctx, hmac_digest); memcpy (hmac, hmac_digest, HMACLENGTH); } bool hmac_packet::hmac_chk (crypto_ctx *ctx) { - hmac_gen (ctx); - - return !memcmp (hmac, hmac_digest, HMACLENGTH); + unsigned char hmac_digest[EVP_MAX_MD_SIZE]; + hmac_gen (ctx, hmac_digest); + return slow_memeq (hmac, hmac_digest, HMACLENGTH); } void @@ -411,11 +397,11 @@ } #define MAXVPNDATA (MAX_MTU - 6 - 6) -#define DATAHDR (sizeof (u32) + RAND_SIZE) struct vpndata_packet : vpn_packet { - u8 data[MAXVPNDATA + DATAHDR]; // seqno + u32 ctr; // seqno + u8 data[MAXVPNDATA]; void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno); tap_packet *unpack (connection *conn, u32 &seqno); @@ -423,14 +409,37 @@ private: const u32 data_hdr_size () const { - return sizeof (vpndata_packet) - sizeof (net_packet) - MAXVPNDATA - DATAHDR; + // the distance from beginning of packet to data member + return data - at (0); } }; +// expands packet counter (unlike seqno, in network byte order) to counter mode IV +static unsigned char * +expand_iv (u32 ctr) +{ + static u32 iv[IV_SIZE (CIPHER) / 4]; + + require (sizeof (iv) == 4 * 4); + require (IV_SIZE (CIPHER) % 4 == 0); + + iv[0] = + iv[1] = + iv[2] = ctr; + + // I would reuse ctr here to to avoid potential endianness issues, + // but it seems openssl wraps around. While this would be still ok, + // and I don't even know if its true, let's play safe and initialise + // to 0. + iv[3] = 0; + + return (unsigned char *)iv; +} + void vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno) { - EVP_CIPHER_CTX *cctx = &conn->octx->cctx; + EVP_CIPHER_CTX *cctx = conn->octx->cctx; int outl = 0, outl2; ptype type = PT_DATA_UNCOMPRESSED; @@ -453,34 +462,20 @@ } #endif - require (EVP_EncryptInit_ex (cctx, 0, 0, 0, 0)); - - struct { -#if RAND_SIZE - u8 rnd[RAND_SIZE]; -#endif - u32 seqno; - } datahdr; - - datahdr.seqno = ntohl (seqno); -#if RAND_SIZE - RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE); -#endif + ctr = htonl (seqno); - require (EVP_EncryptUpdate (cctx, - (unsigned char *) data + outl, &outl2, - (unsigned char *) &datahdr, DATAHDR)); - outl += outl2; + require (EVP_EncryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr))); require (EVP_EncryptUpdate (cctx, - (unsigned char *) data + outl, &outl2, - (unsigned char *) d, l)); + (unsigned char *)data + outl, &outl2, + (unsigned char *)d, l)); outl += outl2; - require (EVP_EncryptFinal_ex (cctx, (unsigned char *) data + outl, &outl2)); + // it seems this is a nop for us, but we do it anyways + require (EVP_EncryptFinal_ex (cctx, (unsigned char *)data + outl, &outl2)); outl += outl2; - len = outl + data_hdr_size (); + len = data_hdr_size () + outl; set_hdr (type, dst); @@ -490,13 +485,14 @@ tap_packet * vpndata_packet::unpack (connection *conn, u32 &seqno) { - EVP_CIPHER_CTX *cctx = &conn->ictx->cctx; + EVP_CIPHER_CTX *cctx = conn->ictx->cctx; int outl = 0, outl2; tap_packet *p = new tap_packet; u8 *d; - u32 l = len - data_hdr_size (); - require (EVP_DecryptInit_ex (cctx, 0, 0, 0, 0)); + seqno = ntohl (ctr); + + require (EVP_DecryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr))); #if ENABLE_COMPRESSION u8 cdata[MAX_MTU]; @@ -505,33 +501,32 @@ d = cdata; else #endif - d = &(*p)[6 + 6 - DATAHDR]; + d = &(*p)[6 + 6]; - /* this overwrites part of the src mac, but we fix that later */ + // this can overwrite the len/dst/src fields require (EVP_DecryptUpdate (cctx, d, &outl2, (unsigned char *)&data, len - data_hdr_size ())); outl += outl2; + // it seems this is a nop for us, but we do it anyways require (EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2)); outl += outl2; - seqno = ntohl (*(u32 *)(d + RAND_SIZE)); - id2mac (dst () ? dst() : THISNODE->id, p->dst); id2mac (src (), p->src); #if ENABLE_COMPRESSION if (type == PT_DATA_COMPRESSED) { - u32 cl = (d[DATAHDR] << 8) | d[DATAHDR + 1]; + u32 cl = (d[0] << 8) | d[1]; - p->len = lzf_decompress (d + DATAHDR + 2, cl < MAX_MTU ? cl : 0, + p->len = lzf_decompress (d + 2, cl < MAX_MTU - 2 ? cl : 0, &(*p)[6 + 6], MAX_MTU) + 6 + 6; } else - p->len = outl + (6 + 6 - DATAHDR); + p->len = outl + (6 + 6); #endif return p; @@ -548,15 +543,13 @@ struct config_packet : vpn_packet { - // actually, hmaclen cannot be checked because the hmac - // field comes before this data, so peers with other - // hmacs simply will not work. - u8 prot_major, prot_minor, randsize, hmaclen; - u8 flags, challengelen, features, pad3; - u32 cipher_nid, digest_nid, hmac_nid; + u8 serial[SERIAL_SIZE]; + u8 prot_major, prot_minor, randsize; + u8 flags, features, pad6, pad7, pad8; + u32 cipher_nid, mac_nid, auth_nid; void setup (ptype type, int dst); - bool chk_config () const; + bool chk_config (const conf_node *conf, const sockinfo &rsi) const; static u8 get_features () { @@ -579,56 +572,60 @@ { prot_major = PROTOCOL_MAJOR; prot_minor = PROTOCOL_MINOR; - randsize = RAND_SIZE; - hmaclen = HMACLENGTH; flags = 0; - challengelen = sizeof (rsachallenge); features = get_features (); - cipher_nid = htonl (EVP_CIPHER_nid (CIPHER)); - digest_nid = htonl (EVP_MD_type (RSA_HASH)); - hmac_nid = htonl (EVP_MD_type (DIGEST)); + strncpy ((char *)serial, conf.serial, sizeof (serial)); + + cipher_nid = htonl (EVP_CIPHER_nid (CIPHER ())); + mac_nid = htonl (EVP_MD_type (MAC_DIGEST ())); + auth_nid = htonl (EVP_MD_type (AUTH_DIGEST ())); len = sizeof (*this) - sizeof (net_packet); set_hdr (type, dst); } bool -config_packet::chk_config () const +config_packet::chk_config (const conf_node *conf, const sockinfo &rsi) const { if (prot_major != PROTOCOL_MAJOR) - slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR); - else if (randsize != RAND_SIZE) - slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE); - else if (hmaclen != HMACLENGTH) - slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH); - else if (challengelen != sizeof (rsachallenge)) - slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge)); - else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER))) - slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER)); - else if (digest_nid != htonl (EVP_MD_type (RSA_HASH))) - slog (L_WARN, _("digest mismatch (remote %x <=> local %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH)); - else if (hmac_nid != htonl (EVP_MD_type (DIGEST))) - slog (L_WARN, _("hmac mismatch (remote %x <=> local %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST)); + slog (L_WARN, _("%s(%s): major version mismatch (remote %d <=> local %d)"), + conf->nodename, (const char *)rsi, prot_major, PROTOCOL_MAJOR); + else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER ()))) + slog (L_WARN, _("%s(%s): cipher algo mismatch (remote %x <=> local %x)"), + conf->nodename, (const char *)rsi, ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER ())); + else if (mac_nid != htonl (EVP_MD_type (MAC_DIGEST ()))) + slog (L_WARN, _("%s(%s): mac algo mismatch (remote %x <=> local %x)"), + conf->nodename, (const char *)rsi, ntohl (mac_nid), EVP_MD_type (MAC_DIGEST ())); + else if (auth_nid != htonl (EVP_MD_type (AUTH_DIGEST ()))) + slog (L_WARN, _("%s(%s): auth algo mismatch (remote %x <=> local %x)"), + conf->nodename, (const char *)rsi, ntohl (auth_nid), EVP_MD_type (AUTH_DIGEST ())); else - return true; + { + int cmp = memcmp (serial, ::conf.serial, sizeof (serial)); + + if (cmp > 0) + slog (L_WARN, _("%s(%s): remote serial newer than local serial - outdated config?"), + conf->nodename, (const char *)rsi); + else if (cmp == 0) + return true; + } return false; } -struct auth_req_packet : config_packet +struct auth_req_packet : config_packet // UNPROTECTED { char magic[8]; u8 initiate; // false if this is just an automatic reply u8 protocols; // supported protocols (will be patched on forward) u8 pad2, pad3; - rsaid id; - rsaencrdata encr; + auth_encr encr; auth_req_packet (int dst, bool initiate_, u8 protocols_) { config_packet::setup (PT_AUTH_REQ, dst); - strncpy (magic, MAGIC_OLD, 8); + memcpy (magic, MAGIC, 8); initiate = !!initiate_; protocols = protocols_; @@ -636,16 +633,13 @@ } }; -struct auth_res_packet : config_packet +struct auth_res_packet : vpn_packet // UNPROTECTED { - rsaid id; - u8 pad1, pad2, pad3; - u8 response_len; // encrypted length - rsaresponse response; + auth_response response; auth_res_packet (int dst) { - config_packet::setup (PT_AUTH_RES, dst); + set_hdr (PT_AUTH_RES, dst); len = sizeof (*this) - sizeof (net_packet); } @@ -685,43 +679,54 @@ ///////////////////////////////////////////////////////////////////////////// void -connection::connection_established () +connection::connection_established (const sockinfo &rsi) { - slog (L_NOISE, _("%s: possible connection establish (ictx %d, octx %d)"), conf->nodename, !!ictx, !!octx); + if (!have_snd_auth || !have_rcv_auth) + return; - if (ictx && octx) + si = rsi; + protocol = rsi.prot; + + slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."), + conf->nodename, (const char *)rsi, + vpn->can_direct (THISNODE, conf) ? "direct" : "forwarded", + PROTOCOL_MAJOR, prot_minor); + + if (::conf.script_node_up) { - // make sure rekeying timeouts are slightly asymmetric - ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0); - rekey.start (rekey_interval, rekey_interval); + run_script_cb *cb = new run_script_cb; + cb->set (this); + run_script_queued (cb, _("node-up command execution failed, continuing.")); + } + + delete ictx; ictx = new crypto_ctx (rcv_auth, snd_auth, rcv_ecdh_a, rcv_auth.ecdh, 0); + iseqno.reset (ntohl (rcv_auth.rsa.seqno) & 0x7fffffff); - keepalive.start (::conf.keepalive); + delete octx; octx = new crypto_ctx (snd_auth, rcv_auth, snd_ecdh_a, snd_ecdh_b , 1); + oseqno = ntohl (snd_auth.rsa.seqno) & 0x7fffffff; - // send queued packets - if (ictx && octx) - { - while (tap_packet *p = (tap_packet *)data_queue.get ()) - { - if (p->len) send_data_packet (p); - delete p; - } + // make sure rekeying timeouts are slightly asymmetric + ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0); + rekey.start (rekey_interval, rekey_interval); - while (vpn_packet *p = (vpn_packet *)vpn_queue.get ()) - { - if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY); - delete p; - } - } + hmac_error = 0.; - vpn->connection_established (this); + keepalive.start (::conf.keepalive); + + // send queued packets + while (tap_packet *p = (tap_packet *)data_queue.get ()) + { + if (p->len) send_data_packet (p); + delete p; } - else + + while (vpn_packet *p = (vpn_packet *)vpn_queue.get ()) { - retry_cnt = 0; - establish_connection.start (5); - keepalive.stop (); - rekey.stop (); + if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY); + delete p; } + + vpn->connection_established (this); } void @@ -736,8 +741,6 @@ } si.set (conf, protocol); - - is_direct = si.valid (); } // ensure sockinfo is valid, forward if necessary @@ -766,7 +769,7 @@ connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos) { if (!vpn->send_vpn_packet (pkt, si, tos)) - reset_connection (); + reset_connection ("packet send error"); } void @@ -777,7 +780,6 @@ pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING); slog (L_TRACE, "%s << %s [%s]", conf->nodename, pong ? "PT_PONG" : "PT_PING", (const char *)si); - send_vpn_packet (pkt, si, IPTOS_LOWDELAY); delete pkt; @@ -802,30 +804,24 @@ { auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols); - rsachallenge chg; - rsa_cache.gen (pkt->id, chg); - rsa_encrypt (conf->rsa_key, chg, pkt->encr); + generate_auth_data (); + auth_encrypt (conf->rsa_key, snd_auth, pkt->encr); slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si); - send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly delete pkt; } void -connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg) +connection::send_auth_response (const sockinfo &si) { auth_res_packet *pkt = new auth_res_packet (conf->id); - pkt->id = id; - - rsa_hash (id, chg, pkt->response); - - pkt->hmac_set (octx); + memcpy (pkt->response.ecdh, rcv_ecdh_b, sizeof rcv_ecdh_b); + auth_hash (rcv_auth, rcv_ecdh_b, pkt->response.mac); slog (L_TRACE, "%s << PT_AUTH_RES [%s]", conf->nodename, (const char *)si); - send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly delete pkt; @@ -859,7 +855,7 @@ // and stop trying. should probably be handled by a per-connection expire handler. if (connectmode == conf_node::C_ONDEMAND && vpn_queue.empty () && data_queue.empty ()) { - reset_connection (); + reset_connection ("no demand"); return; } @@ -871,7 +867,7 @@ reset_si (); - bool slow = si.prot & PROT_SLOW; + bool slow = (si.prot & PROT_SLOW) || (conf->low_power || THISNODE->low_power); if (si.prot && !si.host && vpn->can_direct (THISNODE, conf)) { @@ -891,14 +887,17 @@ if (dsi.valid () && auth_rate_limiter.can (dsi)) { - if (retry_cnt < 4) + // use ping after the first few retries + // TODO: on rekeys, the other node might not interpret ping correctly, + // TODO: as it will still have a valid connection + if (retry_cnt < 4 && (!conf->low_power || THISNODE->low_power)) send_auth_request (dsi, true); else send_ping (dsi, 0); } } - retry_int *= slow ? 8. : 0.9; + retry_int *= slow ? 4. : 0.9; if (retry_int < conf->max_retry) retry_cnt++; @@ -910,12 +909,12 @@ } void -connection::reset_connection () +connection::reset_connection (const char *reason) { if (ictx && octx) { - slog (L_INFO, _("%s(%s): connection lost"), - conf->nodename, (const char *)si); + slog (L_INFO, _("%s(%s): connection lost (%s)"), + conf->nodename, (const char *)si, reason); if (::conf.script_node_down) { @@ -930,6 +929,10 @@ si.host = 0; + have_snd_auth = false; + have_rcv_auth = false; + auth_expire = 0.; + last_activity = 0.; //last_si_change = 0.; retry_cnt = 0; @@ -945,14 +948,14 @@ if (ictx && octx) send_reset (si); - reset_connection (); + reset_connection ("shutdown"); } // poor-man's rekeying inline void connection::rekey_cb (ev::timer &w, int revents) { - reset_connection (); + reset_connection ("rekeying"); establish_connection (); } @@ -979,7 +982,7 @@ connection::post_inject_queue () { // force a connection every now and when when packets are sent (max 1/s) - if (ev_now () - last_establish_attempt >= 0.95) // arbitrary + if (ev_now () - last_establish_attempt >= (conf->low_power || THISNODE->low_power ? 2.95 : 0.95)) // arbitrary establish_connection.stop (); establish_connection (); @@ -1049,20 +1052,18 @@ break; case vpn_packet::PT_RESET: - { - reset_connection (); + slog (L_TRACE, "%s >> PT_RESET", conf->nodename); + + if (ictx && octx) + { + reset_connection ("remote reset"); - config_packet *p = (config_packet *) pkt; + config_packet *p = (config_packet *) pkt; + + if (p->chk_config (conf, rsi) && connectmode == conf_node::C_ALWAYS) + establish_connection (); + } - if (!p->chk_config ()) - { - slog (L_WARN, _("%s(%s): protocol mismatch, disabling node."), - conf->nodename, (const char *)rsi); - connectmode = conf_node::C_DISABLED; - } - else if (connectmode == conf_node::C_ALWAYS) - establish_connection (); - } break; case vpn_packet::PT_AUTH_REQ: @@ -1074,8 +1075,12 @@ conf->nodename, p->initiate ? "initiate" : "reply", p->protocols, p->features); - if (p->chk_config () - && (!memcmp (p->magic, MAGIC_OLD, 8) || !memcmp (p->magic, MAGIC, 8))) + if (memcmp (p->magic, MAGIC, 8)) + { + slog (L_WARN, _("%s(%s): protocol magic mismatch - stray packet?"), + conf->nodename, (const char *)rsi); + } + else if (p->chk_config (conf, rsi)) { if (p->prot_minor != PROTOCOL_MINOR) slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), @@ -1083,36 +1088,40 @@ PROTOCOL_MINOR, conf->nodename, p->prot_minor); if (p->initiate) - send_auth_request (rsi, false); + { + send_auth_request (rsi, false); + + if (ictx && octx) + reset_connection ("reconnect"); + } - rsachallenge k; + auth_data auth; - if (!rsa_decrypt (::conf.rsa_key, p->encr, k)) + if (!auth_decrypt (::conf.rsa_key, p->encr, auth)) { slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"), conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0)); - break; } else { - delete octx; + bool chg = !have_rcv_auth || !slow_memeq (&rcv_auth, &auth, sizeof auth); - octx = new crypto_ctx (k, 1); - oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff; + rcv_auth = auth; + have_rcv_auth = true; - conf->protocols = p->protocols; - features = p->features & config_packet::get_features (); + send_auth_response (rsi); - send_auth_response (rsi, p->id, k); - - connection_established (); + if (chg) + { + conf->protocols = p->protocols; + features = p->features & config_packet::get_features (); - break; + connection_established (rsi); + } } + + break; } - else - slog (L_WARN, _("%s(%s): protocol mismatch."), - conf->nodename, (const char *)rsi); send_reset (rsi); } @@ -1125,76 +1134,22 @@ slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename); - if (p->chk_config ()) - { - if (p->prot_minor != PROTOCOL_MINOR) - slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), - conf->nodename, (const char *)rsi, - PROTOCOL_MINOR, conf->nodename, p->prot_minor); - - rsachallenge chg; - - if (!rsa_cache.find (p->id, chg)) - { - slog (L_ERR, _("%s(%s): unrequested auth response, ignoring."), - conf->nodename, (const char *)rsi); - break; - } - else - { - crypto_ctx *cctx = new crypto_ctx (chg, 0); + auth_mac local_mac; + auth_hash (snd_auth, p->response.ecdh, local_mac); - if (!p->hmac_chk (cctx)) - { - slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n" - "could be an attack, or just corruption or a synchronization error."), - conf->nodename, (const char *)rsi); - break; - } - else - { - rsaresponse h; - - rsa_hash (p->id, chg, h); - - if (!memcmp ((u8 *)&h, (u8 *)p->response, sizeof h)) - { - prot_minor = p->prot_minor; - - delete ictx; ictx = cctx; - - iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid - - si = rsi; - protocol = rsi.prot; - - slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."), - conf->nodename, (const char *)rsi, - is_direct ? "direct" : "forwarded", - p->prot_major, p->prot_minor); - - connection_established (); - - if (::conf.script_node_up) - { - run_script_cb *cb = new run_script_cb; - cb->set (this); - run_script_queued (cb, _("node-up command execution failed, continuing.")); - } - - break; - } - else - slog (L_ERR, _("%s(%s): sent and received challenge do not match."), - conf->nodename, (const char *)rsi); - } + if (!slow_memeq (&p->response.mac, local_mac, sizeof local_mac)) + { + slog (L_ERR, _("%s(%s): unrequested or outdated auth response, ignoring."), + conf->nodename, (const char *)rsi); + } + else if (!have_snd_auth) + { + memcpy (snd_ecdh_b, p->response.ecdh, sizeof snd_ecdh_b); - delete cctx; - } + have_snd_auth = true; + connection_established (rsi); } } - - send_reset (rsi); break; case vpn_packet::PT_DATA_COMPRESSED: @@ -1210,15 +1165,34 @@ vpndata_packet *p = (vpndata_packet *)pkt; if (!p->hmac_chk (ictx)) - slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n" - "could be an attack, or just corruption or a synchronization error."), - conf->nodename, (const char *)rsi); + { + // rekeying often creates temporary hmac auth floods + // we assume they don't take longer than a few seconds normally, + // and suppress messages and resets during that time. + //TODO: should be done per source address + if (!hmac_error) + { + hmac_error = ev_now () + 3; + break; + } + else if (hmac_error >= ev_now ()) + break; // silently suppress + else + { + slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n" + "could be an attack, or just corruption or a synchronization error."), + conf->nodename, (const char *)rsi); + // reset + } + } else { u32 seqno; tap_packet *d = p->unpack (this, seqno); int seqclass = iseqno.seqno_classify (seqno); + hmac_error = 0; + if (seqclass == 0) // ok { vpn->tap->send (d); @@ -1354,7 +1328,7 @@ w.start (when); else if (when < -15) { - reset_connection (); + reset_connection ("keepalive overdue"); establish_connection (); } else if (conf->connectmode != conf_node::C_ONDEMAND @@ -1368,7 +1342,7 @@ // should delete octx, though, or something like that ;) w.start (when + 10); else - reset_connection (); + reset_connection ("keepalive timeout"); } void @@ -1478,7 +1452,7 @@ if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED) vpn_queue.put (new net_packet); - reset_connection (); + reset_connection ("startup"); } connection::~connection () diff -Nru gvpe-2.25/src/connection.h gvpe-3.0/src/connection.h --- gvpe-2.25/src/connection.h 2013-07-09 21:50:26.000000000 -0400 +++ gvpe-3.0/src/connection.h 2016-06-30 07:39:10.000000000 -0400 @@ -1,6 +1,6 @@ /* connection.h -- header for connection.C - Copyright (C) 2003-2008 Marc Lehmann + Copyright (C) 2003-2008,2013,2016 Marc Lehmann This file is part of GVPE. @@ -39,20 +39,54 @@ #include "sockinfo.h" #include "util.h" #include "device.h" +#include "curve25519.h" +#include "iv_gen.h" struct vpn; // called after HUP etc. to (re-)initialize global data structures void connection_init (); -struct rsaid +typedef curve25519_key ecdh_key; + +struct rsa_data +{ + u32 seqno; // (ictx) initial sequence nr (31 bits) + u8 mac_key[MAC_IKMSIZE]; // (ictx) used to generate hmac key + u8 cipher_key[CIPHER_IKMSIZE]; // (ictx) used to generate cipher key + u8 hkdf_salt[HKDF_SALT]; // (octx) used as hkdf salt + u8 extra_auth[ // (ictx) additional auth randomness + (RSABITS >> 3) + - RSA_OAEP_SIZE + - sizeof (u32) // seqno + - MAC_IKMSIZE + - CIPHER_IKMSIZE + - HKDF_SALT + - 3 // struct alignment... + ]; +}; + +struct auth_data +{ + rsa_data rsa; + ecdh_key ecdh; +}; + +typedef u8 rsa_crypt[RSA_KEYLEN]; // encrypted challenge + +struct auth_encr { - u8 id[RSA_IDLEN]; // the challenge id + rsa_crypt rsa; + ecdh_key ecdh; }; -typedef rsaclear rsachallenge; // challenge data; -typedef rsacrypt rsaencrdata; // encrypted challenge -typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash +typedef u8 auth_mac[AUTH_SIZE]; + +struct auth_response +{ + auth_mac mac; + ecdh_key ecdh; +}; //////////////////////////////////////////////////////////////////////////////////////// @@ -62,13 +96,11 @@ { u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere - void hmac_set (crypto_ctx * ctx); - bool hmac_chk (crypto_ctx * ctx); + void hmac_set (crypto_ctx *ctx); + bool hmac_chk (crypto_ctx *ctx); private: - static unsigned char hmac_digest[EVP_MAX_MD_SIZE]; - - void hmac_gen (crypto_ctx * ctx); + void hmac_gen (crypto_ctx *ctx, u8 *hmac_digest); }; struct vpn_packet : hmac_packet @@ -162,12 +194,28 @@ u8 protocol; u8 features; - bool is_direct; // current connection (si) is direct? pkt_queue data_queue, vpn_queue; crypto_ctx *octx, *ictx; + void generate_auth_data (); + + ev_tstamp auth_expire; // when the snd_* and *_ecdh values expire + ev_tstamp hmac_error; // time of first hmac error in a series + + // send auth data - used for octx + auth_data snd_auth; + ecdh_key snd_ecdh_a; // the secret ecdh key we used for our request + ecdh_key snd_ecdh_b; // the public ecdh key we received in the response + bool have_snd_auth; // received response for our req + + // receive auth data - used for ictx + auth_data rcv_auth; + ecdh_key rcv_ecdh_a; // the secret ecdh key we used for our response + ecdh_key rcv_ecdh_b; // the public ecdh key we sent in our response + bool have_rcv_auth; // received auth from other side + #if ENABLE_DNS struct dns_connection *dns; #endif @@ -179,16 +227,16 @@ const sockinfo &forward_si (const sockinfo &si) const; void shutdown (); - void connection_established (); - void reset_connection (); + void connection_established (const sockinfo &rsi); + void reset_connection (const char *reason); void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection; - void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing) + void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekeying (actually current reset + reestablishing) void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe void send_connect_request (int id); void send_auth_request (const sockinfo &si, bool initiate); - void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg); + void send_auth_response (const sockinfo &si); void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols); void send_reset (const sockinfo &dsi); void send_ping (const sockinfo &dsi, u8 pong = 0); diff -Nru gvpe-2.25/src/crypto.C gvpe-3.0/src/crypto.C --- gvpe-2.25/src/crypto.C 1969-12-31 19:00:00.000000000 -0500 +++ gvpe-3.0/src/crypto.C 2016-06-30 12:11:33.000000000 -0400 @@ -0,0 +1,76 @@ +/* + crypto.C -- openssl crypto wrappers + Copyright (C) 2016 Marc Lehmann + + This file is part of GVPE. + + GVPE is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, see . + + Additional permission under GNU GPL version 3 section 7 + + If you modify this Program, or any covered work, by linking or + combining it with the OpenSSL project's OpenSSL library (or a modified + version of that library), containing parts covered by the terms of the + OpenSSL or SSLeay licenses, the licensors of this Program grant you + additional permission to convey the resulting work. Corresponding + Source for a non-source form of such a combination shall include the + source code for the parts of OpenSSL used as well as that of the + covered work. +*/ + +#include + +#include "crypto.h" + +hmac::hmac () +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000 + require (ctx = (HMAC_CTX *)OPENSSL_malloc (sizeof (*ctx))); + HMAC_CTX_init (ctx); +#else + require (ctx = HMAC_CTX_new ()); +#endif +} + +hmac::~hmac () +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000 + HMAC_CTX_cleanup (ctx); + OPENSSL_free (ctx); +#else + HMAC_CTX_free (ctx); +#endif +} + +cipher::cipher () +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000 + require (ctx = (EVP_CIPHER_CTX *)OPENSSL_malloc (sizeof (*ctx))); + EVP_CIPHER_CTX_init (ctx); +#else + require (ctx = EVP_CIPHER_CTX_new ()); +#endif +} + +cipher::~cipher () +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000 + EVP_CIPHER_CTX_cleanup (ctx); + OPENSSL_free (ctx); +#else + EVP_CIPHER_CTX_free (ctx); +#endif +} + + diff -Nru gvpe-2.25/src/crypto.h gvpe-3.0/src/crypto.h --- gvpe-2.25/src/crypto.h 1969-12-31 19:00:00.000000000 -0500 +++ gvpe-3.0/src/crypto.h 2016-06-30 12:28:30.000000000 -0400 @@ -0,0 +1,104 @@ +/* + crypto.h -- openssl crypto wrappers + Copyright (C) 2016 Marc Lehmann + + This file is part of GVPE. + + GVPE is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, see . + + Additional permission under GNU GPL version 3 section 7 + + If you modify this Program, or any covered work, by linking or + combining it with the OpenSSL project's OpenSSL library (or a modified + version of that library), containing parts covered by the terms of the + OpenSSL or SSLeay licenses, the licensors of this Program grant you + additional permission to convey the resulting work. Corresponding + Source for a non-source form of such a combination shall include the + source code for the parts of OpenSSL used as well as that of the + covered work. +*/ + +#ifndef CRYPTO_H__ +#define CRYPTO_H__ + +#include + +#include +#include +#include + +// openssl 0.9.8/1.0.0 compatibility +#if OPENSSL_VERSION_NUMBER < 0x10001000 + #define require101(exp) exp +#else + #define require101(exp) require (exp) +#endif + +/* this pretty much wraps the slightly weird openssl api */ +class hmac +{ + HMAC_CTX *ctx; + +public: + + hmac (); + ~hmac (); + + void init (const void *key, int key_len, const EVP_MD *hash = 0) + { + require101 (HMAC_Init_ex (ctx, key, key_len, hash, 0)); + } + + void init () + { + require101 (HMAC_Init_ex (ctx, 0, 0, 0, 0)); + } + + void + add (const void *data, int len) + { + require101 (HMAC_Update (ctx, (const unsigned char *)data, len)); + } + + void + digest (void *dgst) + { + require101 (HMAC_Final (ctx, (unsigned char *)dgst, 0)); + } + + int + size () + { + return HMAC_size (ctx); + } +}; + +/* cheap alloc/free wrapper only atm. */ +class cipher +{ + EVP_CIPHER_CTX *ctx; + +public: + + cipher (); + ~cipher (); + + operator EVP_CIPHER_CTX *() + { + return ctx; + } +}; + +#endif + diff -Nru gvpe-2.25/src/curve25519.C gvpe-3.0/src/curve25519.C --- gvpe-2.25/src/curve25519.C 1969-12-31 19:00:00.000000000 -0500 +++ gvpe-3.0/src/curve25519.C 2015-10-31 02:14:32.000000000 -0400 @@ -0,0 +1,93 @@ +/* + curve25519.C -- diffie hellman key exchange + Copyright (C) 2013 Marc Lehmann + + This file is part of GVPE. + + GVPE is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, see . + + Additional permission under GNU GPL version 3 section 7 + + If you modify this Program, or any covered work, by linking or + combining it with the OpenSSL project's OpenSSL library (or a modified + version of that library), containing parts covered by the terms of the + OpenSSL or SSLeay licenses, the licensors of this Program grant you + additional permission to convey the resulting work. Corresponding + Source for a non-source form of such a combination shall include the + source code for the parts of OpenSSL used as well as that of the + covered work. +*/ + +#include "config.h" + +#include +#include + +#include "util.h" +#include "curve25519.h" + +#if __GNUC__ >= 4 && __SIZEOF_LONG__ == 8 +#include "curve25519-donna-c64.c" +#else +#include "curve25519-donna.c" +#endif + +static void +curve25519_derive (const curve25519_key &a, curve25519_key &b) +{ + static const curve25519_key basepoint = { 9 }; + curve25519_donna (b, a, basepoint); +} + +void curve25519_generate (curve25519_key &a, curve25519_key &b) +{ + rand_fill (a); + +#if 0 + a [ 0] &= 0xf8; + a [31] &= 0x7f; + a [31] |= 0x40; +#endif + + curve25519_derive (a, b); +} + +void curve25519_combine (const curve25519_key &a, const curve25519_key &b, curve25519_key &s) +{ + curve25519_donna (s, a, b); +} + +void curve25519_verify () +{ + // NaCl test vector + + static const curve25519_key alice_private = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a }; + static const curve25519_key alice_public = { 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a }; + static const curve25519_key bob_private = { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f, 0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, 0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb }; + static const curve25519_key bob_public = { 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f }; + static const curve25519_key alice_mult_bob = { 0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42 }; + + curve25519_key a, b, s1, s2; + + curve25519_derive (alice_private, a); + curve25519_derive (bob_private , b); + curve25519_combine (alice_private, b, s1); + curve25519_combine (bob_private , a, s2); + + require (!memcmp (alice_public , a , sizeof a )); + require (!memcmp (bob_public , b , sizeof b )); + require (!memcmp (alice_mult_bob, s1, sizeof s1)); + require (!memcmp (alice_mult_bob, s2, sizeof s2)); +} + diff -Nru gvpe-2.25/src/curve25519-donna.c gvpe-3.0/src/curve25519-donna.c --- gvpe-2.25/src/curve25519-donna.c 1969-12-31 19:00:00.000000000 -0500 +++ gvpe-3.0/src/curve25519-donna.c 2015-01-17 02:36:59.000000000 -0500 @@ -0,0 +1,860 @@ +/* Copyright 2008, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * curve25519-donna: Curve25519 elliptic curve, public key function + * + * http://code.google.com/p/curve25519-donna/ + * + * Adam Langley + * + * Derived from public domain C code by Daniel J. Bernstein + * + * More information about curve25519 can be found here + * http://cr.yp.to/ecdh.html + * + * djb's sample implementation of curve25519 is written in a special assembly + * language called qhasm and uses the floating point registers. + * + * This is, almost, a clean room reimplementation from the curve25519 paper. It + * uses many of the tricks described therein. Only the crecip function is taken + * from the sample implementation. */ + +#include +#include + +#ifdef _MSC_VER +#define inline __inline +#endif + +typedef uint8_t u8; +typedef int32_t s32; +typedef int64_t limb; + +/* Field element representation: + * + * Field elements are written as an array of signed, 64-bit limbs, least + * significant first. The value of the field element is: + * x[0] + 2^26·x[1] + x^51·x[2] + 2^102·x[3] + ... + * + * i.e. the limbs are 26, 25, 26, 25, ... bits wide. */ + +/* Sum two numbers: output += in */ +static void fsum(limb *output, const limb *in) { + unsigned i; + for (i = 0; i < 10; i += 2) { + output[0+i] = output[0+i] + in[0+i]; + output[1+i] = output[1+i] + in[1+i]; + } +} + +/* Find the difference of two numbers: output = in - output + * (note the order of the arguments!). */ +static void fdifference(limb *output, const limb *in) { + unsigned i; + for (i = 0; i < 10; ++i) { + output[i] = in[i] - output[i]; + } +} + +/* Multiply a number by a scalar: output = in * scalar */ +static void fscalar_product(limb *output, const limb *in, const limb scalar) { + unsigned i; + for (i = 0; i < 10; ++i) { + output[i] = in[i] * scalar; + } +} + +/* Multiply two numbers: output = in2 * in + * + * output must be distinct to both inputs. The inputs are reduced coefficient + * form, the output is not. + * + * output[x] <= 14 * the largest product of the input limbs. */ +static void fproduct(limb *output, const limb *in2, const limb *in) { + output[0] = ((limb) ((s32) in2[0])) * ((s32) in[0]); + output[1] = ((limb) ((s32) in2[0])) * ((s32) in[1]) + + ((limb) ((s32) in2[1])) * ((s32) in[0]); + output[2] = 2 * ((limb) ((s32) in2[1])) * ((s32) in[1]) + + ((limb) ((s32) in2[0])) * ((s32) in[2]) + + ((limb) ((s32) in2[2])) * ((s32) in[0]); + output[3] = ((limb) ((s32) in2[1])) * ((s32) in[2]) + + ((limb) ((s32) in2[2])) * ((s32) in[1]) + + ((limb) ((s32) in2[0])) * ((s32) in[3]) + + ((limb) ((s32) in2[3])) * ((s32) in[0]); + output[4] = ((limb) ((s32) in2[2])) * ((s32) in[2]) + + 2 * (((limb) ((s32) in2[1])) * ((s32) in[3]) + + ((limb) ((s32) in2[3])) * ((s32) in[1])) + + ((limb) ((s32) in2[0])) * ((s32) in[4]) + + ((limb) ((s32) in2[4])) * ((s32) in[0]); + output[5] = ((limb) ((s32) in2[2])) * ((s32) in[3]) + + ((limb) ((s32) in2[3])) * ((s32) in[2]) + + ((limb) ((s32) in2[1])) * ((s32) in[4]) + + ((limb) ((s32) in2[4])) * ((s32) in[1]) + + ((limb) ((s32) in2[0])) * ((s32) in[5]) + + ((limb) ((s32) in2[5])) * ((s32) in[0]); + output[6] = 2 * (((limb) ((s32) in2[3])) * ((s32) in[3]) + + ((limb) ((s32) in2[1])) * ((s32) in[5]) + + ((limb) ((s32) in2[5])) * ((s32) in[1])) + + ((limb) ((s32) in2[2])) * ((s32) in[4]) + + ((limb) ((s32) in2[4])) * ((s32) in[2]) + + ((limb) ((s32) in2[0])) * ((s32) in[6]) + + ((limb) ((s32) in2[6])) * ((s32) in[0]); + output[7] = ((limb) ((s32) in2[3])) * ((s32) in[4]) + + ((limb) ((s32) in2[4])) * ((s32) in[3]) + + ((limb) ((s32) in2[2])) * ((s32) in[5]) + + ((limb) ((s32) in2[5])) * ((s32) in[2]) + + ((limb) ((s32) in2[1])) * ((s32) in[6]) + + ((limb) ((s32) in2[6])) * ((s32) in[1]) + + ((limb) ((s32) in2[0])) * ((s32) in[7]) + + ((limb) ((s32) in2[7])) * ((s32) in[0]); + output[8] = ((limb) ((s32) in2[4])) * ((s32) in[4]) + + 2 * (((limb) ((s32) in2[3])) * ((s32) in[5]) + + ((limb) ((s32) in2[5])) * ((s32) in[3]) + + ((limb) ((s32) in2[1])) * ((s32) in[7]) + + ((limb) ((s32) in2[7])) * ((s32) in[1])) + + ((limb) ((s32) in2[2])) * ((s32) in[6]) + + ((limb) ((s32) in2[6])) * ((s32) in[2]) + + ((limb) ((s32) in2[0])) * ((s32) in[8]) + + ((limb) ((s32) in2[8])) * ((s32) in[0]); + output[9] = ((limb) ((s32) in2[4])) * ((s32) in[5]) + + ((limb) ((s32) in2[5])) * ((s32) in[4]) + + ((limb) ((s32) in2[3])) * ((s32) in[6]) + + ((limb) ((s32) in2[6])) * ((s32) in[3]) + + ((limb) ((s32) in2[2])) * ((s32) in[7]) + + ((limb) ((s32) in2[7])) * ((s32) in[2]) + + ((limb) ((s32) in2[1])) * ((s32) in[8]) + + ((limb) ((s32) in2[8])) * ((s32) in[1]) + + ((limb) ((s32) in2[0])) * ((s32) in[9]) + + ((limb) ((s32) in2[9])) * ((s32) in[0]); + output[10] = 2 * (((limb) ((s32) in2[5])) * ((s32) in[5]) + + ((limb) ((s32) in2[3])) * ((s32) in[7]) + + ((limb) ((s32) in2[7])) * ((s32) in[3]) + + ((limb) ((s32) in2[1])) * ((s32) in[9]) + + ((limb) ((s32) in2[9])) * ((s32) in[1])) + + ((limb) ((s32) in2[4])) * ((s32) in[6]) + + ((limb) ((s32) in2[6])) * ((s32) in[4]) + + ((limb) ((s32) in2[2])) * ((s32) in[8]) + + ((limb) ((s32) in2[8])) * ((s32) in[2]); + output[11] = ((limb) ((s32) in2[5])) * ((s32) in[6]) + + ((limb) ((s32) in2[6])) * ((s32) in[5]) + + ((limb) ((s32) in2[4])) * ((s32) in[7]) + + ((limb) ((s32) in2[7])) * ((s32) in[4]) + + ((limb) ((s32) in2[3])) * ((s32) in[8]) + + ((limb) ((s32) in2[8])) * ((s32) in[3]) + + ((limb) ((s32) in2[2])) * ((s32) in[9]) + + ((limb) ((s32) in2[9])) * ((s32) in[2]); + output[12] = ((limb) ((s32) in2[6])) * ((s32) in[6]) + + 2 * (((limb) ((s32) in2[5])) * ((s32) in[7]) + + ((limb) ((s32) in2[7])) * ((s32) in[5]) + + ((limb) ((s32) in2[3])) * ((s32) in[9]) + + ((limb) ((s32) in2[9])) * ((s32) in[3])) + + ((limb) ((s32) in2[4])) * ((s32) in[8]) + + ((limb) ((s32) in2[8])) * ((s32) in[4]); + output[13] = ((limb) ((s32) in2[6])) * ((s32) in[7]) + + ((limb) ((s32) in2[7])) * ((s32) in[6]) + + ((limb) ((s32) in2[5])) * ((s32) in[8]) + + ((limb) ((s32) in2[8])) * ((s32) in[5]) + + ((limb) ((s32) in2[4])) * ((s32) in[9]) + + ((limb) ((s32) in2[9])) * ((s32) in[4]); + output[14] = 2 * (((limb) ((s32) in2[7])) * ((s32) in[7]) + + ((limb) ((s32) in2[5])) * ((s32) in[9]) + + ((limb) ((s32) in2[9])) * ((s32) in[5])) + + ((limb) ((s32) in2[6])) * ((s32) in[8]) + + ((limb) ((s32) in2[8])) * ((s32) in[6]); + output[15] = ((limb) ((s32) in2[7])) * ((s32) in[8]) + + ((limb) ((s32) in2[8])) * ((s32) in[7]) + + ((limb) ((s32) in2[6])) * ((s32) in[9]) + + ((limb) ((s32) in2[9])) * ((s32) in[6]); + output[16] = ((limb) ((s32) in2[8])) * ((s32) in[8]) + + 2 * (((limb) ((s32) in2[7])) * ((s32) in[9]) + + ((limb) ((s32) in2[9])) * ((s32) in[7])); + output[17] = ((limb) ((s32) in2[8])) * ((s32) in[9]) + + ((limb) ((s32) in2[9])) * ((s32) in[8]); + output[18] = 2 * ((limb) ((s32) in2[9])) * ((s32) in[9]); +} + +/* Reduce a long form to a short form by taking the input mod 2^255 - 19. + * + * On entry: |output[i]| < 14*2^54 + * On exit: |output[0..8]| < 280*2^54 */ +static void freduce_degree(limb *output) { + /* Each of these shifts and adds ends up multiplying the value by 19. + * + * For output[0..8], the absolute entry value is < 14*2^54 and we add, at + * most, 19*14*2^54 thus, on exit, |output[0..8]| < 280*2^54. */ + output[8] += output[18] << 4; + output[8] += output[18] << 1; + output[8] += output[18]; + output[7] += output[17] << 4; + output[7] += output[17] << 1; + output[7] += output[17]; + output[6] += output[16] << 4; + output[6] += output[16] << 1; + output[6] += output[16]; + output[5] += output[15] << 4; + output[5] += output[15] << 1; + output[5] += output[15]; + output[4] += output[14] << 4; + output[4] += output[14] << 1; + output[4] += output[14]; + output[3] += output[13] << 4; + output[3] += output[13] << 1; + output[3] += output[13]; + output[2] += output[12] << 4; + output[2] += output[12] << 1; + output[2] += output[12]; + output[1] += output[11] << 4; + output[1] += output[11] << 1; + output[1] += output[11]; + output[0] += output[10] << 4; + output[0] += output[10] << 1; + output[0] += output[10]; +} + +#if (-1 & 3) != 3 +#error "This code only works on a two's complement system" +#endif + +/* return v / 2^26, using only shifts and adds. + * + * On entry: v can take any value. */ +static inline limb +div_by_2_26(const limb v) +{ + /* High word of v; no shift needed. */ + const uint32_t highword = (uint32_t) (((uint64_t) v) >> 32); + /* Set to all 1s if v was negative; else set to 0s. */ + const int32_t sign = ((int32_t) highword) >> 31; + /* Set to 0x3ffffff if v was negative; else set to 0. */ + const int32_t roundoff = ((uint32_t) sign) >> 6; + /* Should return v / (1<<26) */ + return (v + roundoff) >> 26; +} + +/* return v / (2^25), using only shifts and adds. + * + * On entry: v can take any value. */ +static inline limb +div_by_2_25(const limb v) +{ + /* High word of v; no shift needed*/ + const uint32_t highword = (uint32_t) (((uint64_t) v) >> 32); + /* Set to all 1s if v was negative; else set to 0s. */ + const int32_t sign = ((int32_t) highword) >> 31; + /* Set to 0x1ffffff if v was negative; else set to 0. */ + const int32_t roundoff = ((uint32_t) sign) >> 7; + /* Should return v / (1<<25) */ + return (v + roundoff) >> 25; +} + +/* Reduce all coefficients of the short form input so that |x| < 2^26. + * + * On entry: |output[i]| < 280*2^54 */ +static void freduce_coefficients(limb *output) { + unsigned i; + + output[10] = 0; + + for (i = 0; i < 10; i += 2) { + limb over = div_by_2_26(output[i]); + /* The entry condition (that |output[i]| < 280*2^54) means that over is, at + * most, 280*2^28 in the first iteration of this loop. This is added to the + * next limb and we can approximate the resulting bound of that limb by + * 281*2^54. */ + output[i] -= over << 26; + output[i+1] += over; + + /* For the first iteration, |output[i+1]| < 281*2^54, thus |over| < + * 281*2^29. When this is added to the next limb, the resulting bound can + * be approximated as 281*2^54. + * + * For subsequent iterations of the loop, 281*2^54 remains a conservative + * bound and no overflow occurs. */ + over = div_by_2_25(output[i+1]); + output[i+1] -= over << 25; + output[i+2] += over; + } + /* Now |output[10]| < 281*2^29 and all other coefficients are reduced. */ + output[0] += output[10] << 4; + output[0] += output[10] << 1; + output[0] += output[10]; + + output[10] = 0; + + /* Now output[1..9] are reduced, and |output[0]| < 2^26 + 19*281*2^29 + * So |over| will be no more than 2^16. */ + { + limb over = div_by_2_26(output[0]); + output[0] -= over << 26; + output[1] += over; + } + + /* Now output[0,2..9] are reduced, and |output[1]| < 2^25 + 2^16 < 2^26. The + * bound on |output[1]| is sufficient to meet our needs. */ +} + +/* A helpful wrapper around fproduct: output = in * in2. + * + * On entry: |in[i]| < 2^27 and |in2[i]| < 2^27. + * + * output must be distinct to both inputs. The output is reduced degree + * (indeed, one need only provide storage for 10 limbs) and |output[i]| < 2^26. */ +static void +fmul(limb *output, const limb *in, const limb *in2) { + limb t[19]; + fproduct(t, in, in2); + /* |t[i]| < 14*2^54 */ + freduce_degree(t); + freduce_coefficients(t); + /* |t[i]| < 2^26 */ + memcpy(output, t, sizeof(limb) * 10); +} + +/* Square a number: output = in**2 + * + * output must be distinct from the input. The inputs are reduced coefficient + * form, the output is not. + * + * output[x] <= 14 * the largest product of the input limbs. */ +static void fsquare_inner(limb *output, const limb *in) { + output[0] = ((limb) ((s32) in[0])) * ((s32) in[0]); + output[1] = 2 * ((limb) ((s32) in[0])) * ((s32) in[1]); + output[2] = 2 * (((limb) ((s32) in[1])) * ((s32) in[1]) + + ((limb) ((s32) in[0])) * ((s32) in[2])); + output[3] = 2 * (((limb) ((s32) in[1])) * ((s32) in[2]) + + ((limb) ((s32) in[0])) * ((s32) in[3])); + output[4] = ((limb) ((s32) in[2])) * ((s32) in[2]) + + 4 * ((limb) ((s32) in[1])) * ((s32) in[3]) + + 2 * ((limb) ((s32) in[0])) * ((s32) in[4]); + output[5] = 2 * (((limb) ((s32) in[2])) * ((s32) in[3]) + + ((limb) ((s32) in[1])) * ((s32) in[4]) + + ((limb) ((s32) in[0])) * ((s32) in[5])); + output[6] = 2 * (((limb) ((s32) in[3])) * ((s32) in[3]) + + ((limb) ((s32) in[2])) * ((s32) in[4]) + + ((limb) ((s32) in[0])) * ((s32) in[6]) + + 2 * ((limb) ((s32) in[1])) * ((s32) in[5])); + output[7] = 2 * (((limb) ((s32) in[3])) * ((s32) in[4]) + + ((limb) ((s32) in[2])) * ((s32) in[5]) + + ((limb) ((s32) in[1])) * ((s32) in[6]) + + ((limb) ((s32) in[0])) * ((s32) in[7])); + output[8] = ((limb) ((s32) in[4])) * ((s32) in[4]) + + 2 * (((limb) ((s32) in[2])) * ((s32) in[6]) + + ((limb) ((s32) in[0])) * ((s32) in[8]) + + 2 * (((limb) ((s32) in[1])) * ((s32) in[7]) + + ((limb) ((s32) in[3])) * ((s32) in[5]))); + output[9] = 2 * (((limb) ((s32) in[4])) * ((s32) in[5]) + + ((limb) ((s32) in[3])) * ((s32) in[6]) + + ((limb) ((s32) in[2])) * ((s32) in[7]) + + ((limb) ((s32) in[1])) * ((s32) in[8]) + + ((limb) ((s32) in[0])) * ((s32) in[9])); + output[10] = 2 * (((limb) ((s32) in[5])) * ((s32) in[5]) + + ((limb) ((s32) in[4])) * ((s32) in[6]) + + ((limb) ((s32) in[2])) * ((s32) in[8]) + + 2 * (((limb) ((s32) in[3])) * ((s32) in[7]) + + ((limb) ((s32) in[1])) * ((s32) in[9]))); + output[11] = 2 * (((limb) ((s32) in[5])) * ((s32) in[6]) + + ((limb) ((s32) in[4])) * ((s32) in[7]) + + ((limb) ((s32) in[3])) * ((s32) in[8]) + + ((limb) ((s32) in[2])) * ((s32) in[9])); + output[12] = ((limb) ((s32) in[6])) * ((s32) in[6]) + + 2 * (((limb) ((s32) in[4])) * ((s32) in[8]) + + 2 * (((limb) ((s32) in[5])) * ((s32) in[7]) + + ((limb) ((s32) in[3])) * ((s32) in[9]))); + output[13] = 2 * (((limb) ((s32) in[6])) * ((s32) in[7]) + + ((limb) ((s32) in[5])) * ((s32) in[8]) + + ((limb) ((s32) in[4])) * ((s32) in[9])); + output[14] = 2 * (((limb) ((s32) in[7])) * ((s32) in[7]) + + ((limb) ((s32) in[6])) * ((s32) in[8]) + + 2 * ((limb) ((s32) in[5])) * ((s32) in[9])); + output[15] = 2 * (((limb) ((s32) in[7])) * ((s32) in[8]) + + ((limb) ((s32) in[6])) * ((s32) in[9])); + output[16] = ((limb) ((s32) in[8])) * ((s32) in[8]) + + 4 * ((limb) ((s32) in[7])) * ((s32) in[9]); + output[17] = 2 * ((limb) ((s32) in[8])) * ((s32) in[9]); + output[18] = 2 * ((limb) ((s32) in[9])) * ((s32) in[9]); +} + +/* fsquare sets output = in^2. + * + * On entry: The |in| argument is in reduced coefficients form and |in[i]| < + * 2^27. + * + * On exit: The |output| argument is in reduced coefficients form (indeed, one + * need only provide storage for 10 limbs) and |out[i]| < 2^26. */ +static void +fsquare(limb *output, const limb *in) { + limb t[19]; + fsquare_inner(t, in); + /* |t[i]| < 14*2^54 because the largest product of two limbs will be < + * 2^(27+27) and fsquare_inner adds together, at most, 14 of those + * products. */ + freduce_degree(t); + freduce_coefficients(t); + /* |t[i]| < 2^26 */ + memcpy(output, t, sizeof(limb) * 10); +} + +/* Take a little-endian, 32-byte number and expand it into polynomial form */ +static void +fexpand(limb *output, const u8 *input) { +#define F(n,start,shift,mask) \ + output[n] = ((((limb) input[start + 0]) | \ + ((limb) input[start + 1]) << 8 | \ + ((limb) input[start + 2]) << 16 | \ + ((limb) input[start + 3]) << 24) >> shift) & mask; + F(0, 0, 0, 0x3ffffff); + F(1, 3, 2, 0x1ffffff); + F(2, 6, 3, 0x3ffffff); + F(3, 9, 5, 0x1ffffff); + F(4, 12, 6, 0x3ffffff); + F(5, 16, 0, 0x1ffffff); + F(6, 19, 1, 0x3ffffff); + F(7, 22, 3, 0x1ffffff); + F(8, 25, 4, 0x3ffffff); + F(9, 28, 6, 0x1ffffff); +#undef F +} + +#if (-32 >> 1) != -16 +#error "This code only works when >> does sign-extension on negative numbers" +#endif + +/* s32_eq returns 0xffffffff iff a == b and zero otherwise. */ +static s32 s32_eq(s32 a, s32 b) { + a = ~(a ^ b); + a &= a << 16; + a &= a << 8; + a &= a << 4; + a &= a << 2; + a &= a << 1; + return a >> 31; +} + +/* s32_gte returns 0xffffffff if a >= b and zero otherwise, where a and b are + * both non-negative. */ +static s32 s32_gte(s32 a, s32 b) { + a -= b; + /* a >= 0 iff a >= b. */ + return ~(a >> 31); +} + +/* Take a fully reduced polynomial form number and contract it into a + * little-endian, 32-byte array. + * + * On entry: |input_limbs[i]| < 2^26 */ +static void +fcontract(u8 *output, limb *input_limbs) { + int i; + int j; + s32 input[10]; + s32 mask; + + /* |input_limbs[i]| < 2^26, so it's valid to convert to an s32. */ + for (i = 0; i < 10; i++) { + input[i] = input_limbs[i]; + } + + for (j = 0; j < 2; ++j) { + for (i = 0; i < 9; ++i) { + if ((i & 1) == 1) { + /* This calculation is a time-invariant way to make input[i] + * non-negative by borrowing from the next-larger limb. */ + const s32 mask = input[i] >> 31; + const s32 carry = -((input[i] & mask) >> 25); + input[i] = input[i] + (carry << 25); + input[i+1] = input[i+1] - carry; + } else { + const s32 mask = input[i] >> 31; + const s32 carry = -((input[i] & mask) >> 26); + input[i] = input[i] + (carry << 26); + input[i+1] = input[i+1] - carry; + } + } + + /* There's no greater limb for input[9] to borrow from, but we can multiply + * by 19 and borrow from input[0], which is valid mod 2^255-19. */ + { + const s32 mask = input[9] >> 31; + const s32 carry = -((input[9] & mask) >> 25); + input[9] = input[9] + (carry << 25); + input[0] = input[0] - (carry * 19); + } + + /* After the first iteration, input[1..9] are non-negative and fit within + * 25 or 26 bits, depending on position. However, input[0] may be + * negative. */ + } + + /* The first borrow-propagation pass above ended with every limb + except (possibly) input[0] non-negative. + + If input[0] was negative after the first pass, then it was because of a + carry from input[9]. On entry, input[9] < 2^26 so the carry was, at most, + one, since (2**26-1) >> 25 = 1. Thus input[0] >= -19. + + In the second pass, each limb is decreased by at most one. Thus the second + borrow-propagation pass could only have wrapped around to decrease + input[0] again if the first pass left input[0] negative *and* input[1] + through input[9] were all zero. In that case, input[1] is now 2^25 - 1, + and this last borrow-propagation step will leave input[1] non-negative. */ + { + const s32 mask = input[0] >> 31; + const s32 carry = -((input[0] & mask) >> 26); + input[0] = input[0] + (carry << 26); + input[1] = input[1] - carry; + } + + /* All input[i] are now non-negative. However, there might be values between + * 2^25 and 2^26 in a limb which is, nominally, 25 bits wide. */ + for (j = 0; j < 2; j++) { + for (i = 0; i < 9; i++) { + if ((i & 1) == 1) { + const s32 carry = input[i] >> 25; + input[i] &= 0x1ffffff; + input[i+1] += carry; + } else { + const s32 carry = input[i] >> 26; + input[i] &= 0x3ffffff; + input[i+1] += carry; + } + } + + { + const s32 carry = input[9] >> 25; + input[9] &= 0x1ffffff; + input[0] += 19*carry; + } + } + + /* If the first carry-chain pass, just above, ended up with a carry from + * input[9], and that caused input[0] to be out-of-bounds, then input[0] was + * < 2^26 + 2*19, because the carry was, at most, two. + * + * If the second pass carried from input[9] again then input[0] is < 2*19 and + * the input[9] -> input[0] carry didn't push input[0] out of bounds. */ + + /* It still remains the case that input might be between 2^255-19 and 2^255. + * In this case, input[1..9] must take their maximum value and input[0] must + * be >= (2^255-19) & 0x3ffffff, which is 0x3ffffed. */ + mask = s32_gte(input[0], 0x3ffffed); + for (i = 1; i < 10; i++) { + if ((i & 1) == 1) { + mask &= s32_eq(input[i], 0x1ffffff); + } else { + mask &= s32_eq(input[i], 0x3ffffff); + } + } + + /* mask is either 0xffffffff (if input >= 2^255-19) and zero otherwise. Thus + * this conditionally subtracts 2^255-19. */ + input[0] -= mask & 0x3ffffed; + + for (i = 1; i < 10; i++) { + if ((i & 1) == 1) { + input[i] -= mask & 0x1ffffff; + } else { + input[i] -= mask & 0x3ffffff; + } + } + + input[1] <<= 2; + input[2] <<= 3; + input[3] <<= 5; + input[4] <<= 6; + input[6] <<= 1; + input[7] <<= 3; + input[8] <<= 4; + input[9] <<= 6; +#define F(i, s) \ + output[s+0] |= input[i] & 0xff; \ + output[s+1] = (input[i] >> 8) & 0xff; \ + output[s+2] = (input[i] >> 16) & 0xff; \ + output[s+3] = (input[i] >> 24) & 0xff; + output[0] = 0; + output[16] = 0; + F(0,0); + F(1,3); + F(2,6); + F(3,9); + F(4,12); + F(5,16); + F(6,19); + F(7,22); + F(8,25); + F(9,28); +#undef F +} + +/* Input: Q, Q', Q-Q' + * Output: 2Q, Q+Q' + * + * x2 z3: long form + * x3 z3: long form + * x z: short form, destroyed + * xprime zprime: short form, destroyed + * qmqp: short form, preserved + * + * On entry and exit, the absolute value of the limbs of all inputs and outputs + * are < 2^26. */ +static void fmonty(limb *x2, limb *z2, /* output 2Q */ + limb *x3, limb *z3, /* output Q + Q' */ + limb *x, limb *z, /* input Q */ + limb *xprime, limb *zprime, /* input Q' */ + const limb *qmqp /* input Q - Q' */) { + limb origx[10], origxprime[10], zzz[19], xx[19], zz[19], xxprime[19], + zzprime[19], zzzprime[19], xxxprime[19]; + + memcpy(origx, x, 10 * sizeof(limb)); + fsum(x, z); + /* |x[i]| < 2^27 */ + fdifference(z, origx); /* does x - z */ + /* |z[i]| < 2^27 */ + + memcpy(origxprime, xprime, sizeof(limb) * 10); + fsum(xprime, zprime); + /* |xprime[i]| < 2^27 */ + fdifference(zprime, origxprime); + /* |zprime[i]| < 2^27 */ + fproduct(xxprime, xprime, z); + /* |xxprime[i]| < 14*2^54: the largest product of two limbs will be < + * 2^(27+27) and fproduct adds together, at most, 14 of those products. + * (Approximating that to 2^58 doesn't work out.) */ + fproduct(zzprime, x, zprime); + /* |zzprime[i]| < 14*2^54 */ + freduce_degree(xxprime); + freduce_coefficients(xxprime); + /* |xxprime[i]| < 2^26 */ + freduce_degree(zzprime); + freduce_coefficients(zzprime); + /* |zzprime[i]| < 2^26 */ + memcpy(origxprime, xxprime, sizeof(limb) * 10); + fsum(xxprime, zzprime); + /* |xxprime[i]| < 2^27 */ + fdifference(zzprime, origxprime); + /* |zzprime[i]| < 2^27 */ + fsquare(xxxprime, xxprime); + /* |xxxprime[i]| < 2^26 */ + fsquare(zzzprime, zzprime); + /* |zzzprime[i]| < 2^26 */ + fproduct(zzprime, zzzprime, qmqp); + /* |zzprime[i]| < 14*2^52 */ + freduce_degree(zzprime); + freduce_coefficients(zzprime); + /* |zzprime[i]| < 2^26 */ + memcpy(x3, xxxprime, sizeof(limb) * 10); + memcpy(z3, zzprime, sizeof(limb) * 10); + + fsquare(xx, x); + /* |xx[i]| < 2^26 */ + fsquare(zz, z); + /* |zz[i]| < 2^26 */ + fproduct(x2, xx, zz); + /* |x2[i]| < 14*2^52 */ + freduce_degree(x2); + freduce_coefficients(x2); + /* |x2[i]| < 2^26 */ + fdifference(zz, xx); // does zz = xx - zz + /* |zz[i]| < 2^27 */ + memset(zzz + 10, 0, sizeof(limb) * 9); + fscalar_product(zzz, zz, 121665); + /* |zzz[i]| < 2^(27+17) */ + /* No need to call freduce_degree here: + fscalar_product doesn't increase the degree of its input. */ + freduce_coefficients(zzz); + /* |zzz[i]| < 2^26 */ + fsum(zzz, xx); + /* |zzz[i]| < 2^27 */ + fproduct(z2, zz, zzz); + /* |z2[i]| < 14*2^(26+27) */ + freduce_degree(z2); + freduce_coefficients(z2); + /* |z2|i| < 2^26 */ +} + +/* Conditionally swap two reduced-form limb arrays if 'iswap' is 1, but leave + * them unchanged if 'iswap' is 0. Runs in data-invariant time to avoid + * side-channel attacks. + * + * NOTE that this function requires that 'iswap' be 1 or 0; other values give + * wrong results. Also, the two limb arrays must be in reduced-coefficient, + * reduced-degree form: the values in a[10..19] or b[10..19] aren't swapped, + * and all all values in a[0..9],b[0..9] must have magnitude less than + * INT32_MAX. */ +static void +swap_conditional(limb a[19], limb b[19], limb iswap) { + unsigned i; + const s32 swap = (s32) -iswap; + + for (i = 0; i < 10; ++i) { + const s32 x = swap & ( ((s32)a[i]) ^ ((s32)b[i]) ); + a[i] = ((s32)a[i]) ^ x; + b[i] = ((s32)b[i]) ^ x; + } +} + +/* Calculates nQ where Q is the x-coordinate of a point on the curve + * + * resultx/resultz: the x coordinate of the resulting curve point (short form) + * n: a little endian, 32-byte number + * q: a point of the curve (short form) */ +static void +cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) { + limb a[19] = {0}, b[19] = {1}, c[19] = {1}, d[19] = {0}; + limb *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t; + limb e[19] = {0}, f[19] = {1}, g[19] = {0}, h[19] = {1}; + limb *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h; + + unsigned i, j; + + memcpy(nqpqx, q, sizeof(limb) * 10); + + for (i = 0; i < 32; ++i) { + u8 byte = n[31 - i]; + for (j = 0; j < 8; ++j) { + const limb bit = byte >> 7; + + swap_conditional(nqx, nqpqx, bit); + swap_conditional(nqz, nqpqz, bit); + fmonty(nqx2, nqz2, + nqpqx2, nqpqz2, + nqx, nqz, + nqpqx, nqpqz, + q); + swap_conditional(nqx2, nqpqx2, bit); + swap_conditional(nqz2, nqpqz2, bit); + + t = nqx; + nqx = nqx2; + nqx2 = t; + t = nqz; + nqz = nqz2; + nqz2 = t; + t = nqpqx; + nqpqx = nqpqx2; + nqpqx2 = t; + t = nqpqz; + nqpqz = nqpqz2; + nqpqz2 = t; + + byte <<= 1; + } + } + + memcpy(resultx, nqx, sizeof(limb) * 10); + memcpy(resultz, nqz, sizeof(limb) * 10); +} + +// ----------------------------------------------------------------------------- +// Shamelessly copied from djb's code +// ----------------------------------------------------------------------------- +static void +crecip(limb *out, const limb *z) { + limb z2[10]; + limb z9[10]; + limb z11[10]; + limb z2_5_0[10]; + limb z2_10_0[10]; + limb z2_20_0[10]; + limb z2_50_0[10]; + limb z2_100_0[10]; + limb t0[10]; + limb t1[10]; + int i; + + /* 2 */ fsquare(z2,z); + /* 4 */ fsquare(t1,z2); + /* 8 */ fsquare(t0,t1); + /* 9 */ fmul(z9,t0,z); + /* 11 */ fmul(z11,z9,z2); + /* 22 */ fsquare(t0,z11); + /* 2^5 - 2^0 = 31 */ fmul(z2_5_0,t0,z9); + + /* 2^6 - 2^1 */ fsquare(t0,z2_5_0); + /* 2^7 - 2^2 */ fsquare(t1,t0); + /* 2^8 - 2^3 */ fsquare(t0,t1); + /* 2^9 - 2^4 */ fsquare(t1,t0); + /* 2^10 - 2^5 */ fsquare(t0,t1); + /* 2^10 - 2^0 */ fmul(z2_10_0,t0,z2_5_0); + + /* 2^11 - 2^1 */ fsquare(t0,z2_10_0); + /* 2^12 - 2^2 */ fsquare(t1,t0); + /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^20 - 2^0 */ fmul(z2_20_0,t1,z2_10_0); + + /* 2^21 - 2^1 */ fsquare(t0,z2_20_0); + /* 2^22 - 2^2 */ fsquare(t1,t0); + /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^40 - 2^0 */ fmul(t0,t1,z2_20_0); + + /* 2^41 - 2^1 */ fsquare(t1,t0); + /* 2^42 - 2^2 */ fsquare(t0,t1); + /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t1,t0); fsquare(t0,t1); } + /* 2^50 - 2^0 */ fmul(z2_50_0,t0,z2_10_0); + + /* 2^51 - 2^1 */ fsquare(t0,z2_50_0); + /* 2^52 - 2^2 */ fsquare(t1,t0); + /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^100 - 2^0 */ fmul(z2_100_0,t1,z2_50_0); + + /* 2^101 - 2^1 */ fsquare(t1,z2_100_0); + /* 2^102 - 2^2 */ fsquare(t0,t1); + /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fsquare(t1,t0); fsquare(t0,t1); } + /* 2^200 - 2^0 */ fmul(t1,t0,z2_100_0); + + /* 2^201 - 2^1 */ fsquare(t0,t1); + /* 2^202 - 2^2 */ fsquare(t1,t0); + /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); } + /* 2^250 - 2^0 */ fmul(t0,t1,z2_50_0); + + /* 2^251 - 2^1 */ fsquare(t1,t0); + /* 2^252 - 2^2 */ fsquare(t0,t1); + /* 2^253 - 2^3 */ fsquare(t1,t0); + /* 2^254 - 2^4 */ fsquare(t0,t1); + /* 2^255 - 2^5 */ fsquare(t1,t0); + /* 2^255 - 21 */ fmul(out,t1,z11); +} + +int +curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) { + limb bp[10], x[10], z[11], zmone[10]; + uint8_t e[32]; + int i; + + for (i = 0; i < 32; ++i) e[i] = secret[i]; + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + + fexpand(bp, basepoint); + cmult(x, z, e, bp); + crecip(zmone, z); + fmul(z, x, zmone); + fcontract(mypublic, z); + return 0; +} diff -Nru gvpe-2.25/src/curve25519-donna-c64.c gvpe-3.0/src/curve25519-donna-c64.c --- gvpe-2.25/src/curve25519-donna-c64.c 1969-12-31 19:00:00.000000000 -0500 +++ gvpe-3.0/src/curve25519-donna-c64.c 2015-01-17 03:31:30.000000000 -0500 @@ -0,0 +1,449 @@ +/* Copyright 2008, Google Inc. + * All rights reserved. + * + * Code released into the public domain. + * + * curve25519-donna: Curve25519 elliptic curve, public key function + * + * http://code.google.com/p/curve25519-donna/ + * + * Adam Langley + * + * Derived from public domain C code by Daniel J. Bernstein + * + * More information about curve25519 can be found here + * http://cr.yp.to/ecdh.html + * + * djb's sample implementation of curve25519 is written in a special assembly + * language called qhasm and uses the floating point registers. + * + * This is, almost, a clean room reimplementation from the curve25519 paper. It + * uses many of the tricks described therein. Only the crecip function is taken + * from the sample implementation. + */ + +#include +#include + +typedef uint8_t u8; +typedef uint64_t limb; +typedef limb felem[5]; +// This is a special gcc mode for 128-bit integers. It's implemented on 64-bit +// platforms only as far as I know. +typedef unsigned uint128_t __attribute__((mode(TI))); + +#undef force_inline +#define force_inline __attribute__((always_inline)) + +/* Sum two numbers: output += in */ +static inline void force_inline +fsum(limb *output, const limb *in) { + output[0] += in[0]; + output[1] += in[1]; + output[2] += in[2]; + output[3] += in[3]; + output[4] += in[4]; +} + +/* Find the difference of two numbers: output = in - output + * (note the order of the arguments!) + * + * Assumes that out[i] < 2**52 + * On return, out[i] < 2**55 + */ +static inline void force_inline +fdifference_backwards(felem out, const felem in) { + /* 152 is 19 << 3 */ + static const limb two54m152 = (((limb)1) << 54) - 152; + static const limb two54m8 = (((limb)1) << 54) - 8; + + out[0] = in[0] + two54m152 - out[0]; + out[1] = in[1] + two54m8 - out[1]; + out[2] = in[2] + two54m8 - out[2]; + out[3] = in[3] + two54m8 - out[3]; + out[4] = in[4] + two54m8 - out[4]; +} + +/* Multiply a number by a scalar: output = in * scalar */ +static inline void force_inline +fscalar_product(felem output, const felem in, const limb scalar) { + uint128_t a; + + a = ((uint128_t) in[0]) * scalar; + output[0] = ((limb)a) & 0x7ffffffffffff; + + a = ((uint128_t) in[1]) * scalar + ((limb) (a >> 51)); + output[1] = ((limb)a) & 0x7ffffffffffff; + + a = ((uint128_t) in[2]) * scalar + ((limb) (a >> 51)); + output[2] = ((limb)a) & 0x7ffffffffffff; + + a = ((uint128_t) in[3]) * scalar + ((limb) (a >> 51)); + output[3] = ((limb)a) & 0x7ffffffffffff; + + a = ((uint128_t) in[4]) * scalar + ((limb) (a >> 51)); + output[4] = ((limb)a) & 0x7ffffffffffff; + + output[0] += (a >> 51) * 19; +} + +/* Multiply two numbers: output = in2 * in + * + * output must be distinct to both inputs. The inputs are reduced coefficient + * form, the output is not. + * + * Assumes that in[i] < 2**55 and likewise for in2. + * On return, output[i] < 2**52 + */ +static inline void force_inline +fmul(felem output, const felem in2, const felem in) { + uint128_t t[5]; + limb r0,r1,r2,r3,r4,s0,s1,s2,s3,s4,c; + + r0 = in[0]; + r1 = in[1]; + r2 = in[2]; + r3 = in[3]; + r4 = in[4]; + + s0 = in2[0]; + s1 = in2[1]; + s2 = in2[2]; + s3 = in2[3]; + s4 = in2[4]; + + t[0] = ((uint128_t) r0) * s0; + t[1] = ((uint128_t) r0) * s1 + ((uint128_t) r1) * s0; + t[2] = ((uint128_t) r0) * s2 + ((uint128_t) r2) * s0 + ((uint128_t) r1) * s1; + t[3] = ((uint128_t) r0) * s3 + ((uint128_t) r3) * s0 + ((uint128_t) r1) * s2 + ((uint128_t) r2) * s1; + t[4] = ((uint128_t) r0) * s4 + ((uint128_t) r4) * s0 + ((uint128_t) r3) * s1 + ((uint128_t) r1) * s3 + ((uint128_t) r2) * s2; + + r4 *= 19; + r1 *= 19; + r2 *= 19; + r3 *= 19; + + t[0] += ((uint128_t) r4) * s1 + ((uint128_t) r1) * s4 + ((uint128_t) r2) * s3 + ((uint128_t) r3) * s2; + t[1] += ((uint128_t) r4) * s2 + ((uint128_t) r2) * s4 + ((uint128_t) r3) * s3; + t[2] += ((uint128_t) r4) * s3 + ((uint128_t) r3) * s4; + t[3] += ((uint128_t) r4) * s4; + + r0 = (limb)t[0] & 0x7ffffffffffff; c = (limb)(t[0] >> 51); + t[1] += c; r1 = (limb)t[1] & 0x7ffffffffffff; c = (limb)(t[1] >> 51); + t[2] += c; r2 = (limb)t[2] & 0x7ffffffffffff; c = (limb)(t[2] >> 51); + t[3] += c; r3 = (limb)t[3] & 0x7ffffffffffff; c = (limb)(t[3] >> 51); + t[4] += c; r4 = (limb)t[4] & 0x7ffffffffffff; c = (limb)(t[4] >> 51); + r0 += c * 19; c = r0 >> 51; r0 = r0 & 0x7ffffffffffff; + r1 += c; c = r1 >> 51; r1 = r1 & 0x7ffffffffffff; + r2 += c; + + output[0] = r0; + output[1] = r1; + output[2] = r2; + output[3] = r3; + output[4] = r4; +} + +static inline void force_inline +fsquare_times(felem output, const felem in, limb count) { + uint128_t t[5]; + limb r0,r1,r2,r3,r4,c; + limb d0,d1,d2,d4,d419; + + r0 = in[0]; + r1 = in[1]; + r2 = in[2]; + r3 = in[3]; + r4 = in[4]; + + do { + d0 = r0 * 2; + d1 = r1 * 2; + d2 = r2 * 2 * 19; + d419 = r4 * 19; + d4 = d419 * 2; + + t[0] = ((uint128_t) r0) * r0 + ((uint128_t) d4) * r1 + (((uint128_t) d2) * (r3 )); + t[1] = ((uint128_t) d0) * r1 + ((uint128_t) d4) * r2 + (((uint128_t) r3) * (r3 * 19)); + t[2] = ((uint128_t) d0) * r2 + ((uint128_t) r1) * r1 + (((uint128_t) d4) * (r3 )); + t[3] = ((uint128_t) d0) * r3 + ((uint128_t) d1) * r2 + (((uint128_t) r4) * (d419 )); + t[4] = ((uint128_t) d0) * r4 + ((uint128_t) d1) * r3 + (((uint128_t) r2) * (r2 )); + + r0 = (limb)t[0] & 0x7ffffffffffff; c = (limb)(t[0] >> 51); + t[1] += c; r1 = (limb)t[1] & 0x7ffffffffffff; c = (limb)(t[1] >> 51); + t[2] += c; r2 = (limb)t[2] & 0x7ffffffffffff; c = (limb)(t[2] >> 51); + t[3] += c; r3 = (limb)t[3] & 0x7ffffffffffff; c = (limb)(t[3] >> 51); + t[4] += c; r4 = (limb)t[4] & 0x7ffffffffffff; c = (limb)(t[4] >> 51); + r0 += c * 19; c = r0 >> 51; r0 = r0 & 0x7ffffffffffff; + r1 += c; c = r1 >> 51; r1 = r1 & 0x7ffffffffffff; + r2 += c; + } while(--count); + + output[0] = r0; + output[1] = r1; + output[2] = r2; + output[3] = r3; + output[4] = r4; +} + +/* Load a little-endian 64-bit number */ +static limb +load_limb(const u8 *in) { + return + ((limb)in[0]) | + (((limb)in[1]) << 8) | + (((limb)in[2]) << 16) | + (((limb)in[3]) << 24) | + (((limb)in[4]) << 32) | + (((limb)in[5]) << 40) | + (((limb)in[6]) << 48) | + (((limb)in[7]) << 56); +} + +static void +store_limb(u8 *out, limb in) { + out[0] = in & 0xff; + out[1] = (in >> 8) & 0xff; + out[2] = (in >> 16) & 0xff; + out[3] = (in >> 24) & 0xff; + out[4] = (in >> 32) & 0xff; + out[5] = (in >> 40) & 0xff; + out[6] = (in >> 48) & 0xff; + out[7] = (in >> 56) & 0xff; +} + +/* Take a little-endian, 32-byte number and expand it into polynomial form */ +static void +fexpand(limb *output, const u8 *in) { + output[0] = load_limb(in) & 0x7ffffffffffff; + output[1] = (load_limb(in+6) >> 3) & 0x7ffffffffffff; + output[2] = (load_limb(in+12) >> 6) & 0x7ffffffffffff; + output[3] = (load_limb(in+19) >> 1) & 0x7ffffffffffff; + output[4] = (load_limb(in+24) >> 12) & 0x7ffffffffffff; +} + +/* Take a fully reduced polynomial form number and contract it into a + * little-endian, 32-byte array + */ +static void +fcontract(u8 *output, const felem input) { + uint128_t t[5]; + + t[0] = input[0]; + t[1] = input[1]; + t[2] = input[2]; + t[3] = input[3]; + t[4] = input[4]; + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff; + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff; + + /* now t is between 0 and 2^255-1, properly carried. */ + /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ + + t[0] += 19; + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff; + + /* now between 19 and 2^255-1 in both cases, and offset by 19. */ + + t[0] += 0x8000000000000 - 19; + t[1] += 0x8000000000000 - 1; + t[2] += 0x8000000000000 - 1; + t[3] += 0x8000000000000 - 1; + t[4] += 0x8000000000000 - 1; + + /* now between 2^255 and 2^256-20, and offset by 2^255. */ + + t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff; + t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff; + t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff; + t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff; + t[4] &= 0x7ffffffffffff; + + store_limb(output, t[0] | (t[1] << 51)); + store_limb(output+8, (t[1] >> 13) | (t[2] << 38)); + store_limb(output+16, (t[2] >> 26) | (t[3] << 25)); + store_limb(output+24, (t[3] >> 39) | (t[4] << 12)); +} + +/* Input: Q, Q', Q-Q' + * Output: 2Q, Q+Q' + * + * x2 z3: long form + * x3 z3: long form + * x z: short form, destroyed + * xprime zprime: short form, destroyed + * qmqp: short form, preserved + */ +static void +fmonty(limb *x2, limb *z2, /* output 2Q */ + limb *x3, limb *z3, /* output Q + Q' */ + limb *x, limb *z, /* input Q */ + limb *xprime, limb *zprime, /* input Q' */ + const limb *qmqp /* input Q - Q' */) { + limb origx[5], origxprime[5], zzz[5], xx[5], zz[5], xxprime[5], + zzprime[5], zzzprime[5]; + + memcpy(origx, x, 5 * sizeof(limb)); + fsum(x, z); + fdifference_backwards(z, origx); // does x - z + + memcpy(origxprime, xprime, sizeof(limb) * 5); + fsum(xprime, zprime); + fdifference_backwards(zprime, origxprime); + fmul(xxprime, xprime, z); + fmul(zzprime, x, zprime); + memcpy(origxprime, xxprime, sizeof(limb) * 5); + fsum(xxprime, zzprime); + fdifference_backwards(zzprime, origxprime); + fsquare_times(x3, xxprime, 1); + fsquare_times(zzzprime, zzprime, 1); + fmul(z3, zzzprime, qmqp); + + fsquare_times(xx, x, 1); + fsquare_times(zz, z, 1); + fmul(x2, xx, zz); + fdifference_backwards(zz, xx); // does zz = xx - zz + fscalar_product(zzz, zz, 121665); + fsum(zzz, xx); + fmul(z2, zz, zzz); +} + +// ----------------------------------------------------------------------------- +// Maybe swap the contents of two limb arrays (@a and @b), each @len elements +// long. Perform the swap iff @swap is non-zero. +// +// This function performs the swap without leaking any side-channel +// information. +// ----------------------------------------------------------------------------- +static void +swap_conditional(limb a[5], limb b[5], limb iswap) { + unsigned i; + const limb swap = -iswap; + + for (i = 0; i < 5; ++i) { + const limb x = swap & (a[i] ^ b[i]); + a[i] ^= x; + b[i] ^= x; + } +} + +/* Calculates nQ where Q is the x-coordinate of a point on the curve + * + * resultx/resultz: the x coordinate of the resulting curve point (short form) + * n: a little endian, 32-byte number + * q: a point of the curve (short form) + */ +static void +cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) { + limb a[5] = {0}, b[5] = {1}, c[5] = {1}, d[5] = {0}; + limb *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t; + limb e[5] = {0}, f[5] = {1}, g[5] = {0}, h[5] = {1}; + limb *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h; + + unsigned i, j; + + memcpy(nqpqx, q, sizeof(limb) * 5); + + for (i = 0; i < 32; ++i) { + u8 byte = n[31 - i]; + for (j = 0; j < 8; ++j) { + const limb bit = byte >> 7; + + swap_conditional(nqx, nqpqx, bit); + swap_conditional(nqz, nqpqz, bit); + fmonty(nqx2, nqz2, + nqpqx2, nqpqz2, + nqx, nqz, + nqpqx, nqpqz, + q); + swap_conditional(nqx2, nqpqx2, bit); + swap_conditional(nqz2, nqpqz2, bit); + + t = nqx; + nqx = nqx2; + nqx2 = t; + t = nqz; + nqz = nqz2; + nqz2 = t; + t = nqpqx; + nqpqx = nqpqx2; + nqpqx2 = t; + t = nqpqz; + nqpqz = nqpqz2; + nqpqz2 = t; + + byte <<= 1; + } + } + + memcpy(resultx, nqx, sizeof(limb) * 5); + memcpy(resultz, nqz, sizeof(limb) * 5); +} + + +// ----------------------------------------------------------------------------- +// Shamelessly copied from djb's code, tightened a little +// ----------------------------------------------------------------------------- +static void +crecip(felem out, const felem z) { + felem a,t0,b,c; + + /* 2 */ fsquare_times(a, z, 1); // a = 2 + /* 8 */ fsquare_times(t0, a, 2); + /* 9 */ fmul(b, t0, z); // b = 9 + /* 11 */ fmul(a, b, a); // a = 11 + /* 22 */ fsquare_times(t0, a, 1); + /* 2^5 - 2^0 = 31 */ fmul(b, t0, b); + /* 2^10 - 2^5 */ fsquare_times(t0, b, 5); + /* 2^10 - 2^0 */ fmul(b, t0, b); + /* 2^20 - 2^10 */ fsquare_times(t0, b, 10); + /* 2^20 - 2^0 */ fmul(c, t0, b); + /* 2^40 - 2^20 */ fsquare_times(t0, c, 20); + /* 2^40 - 2^0 */ fmul(t0, t0, c); + /* 2^50 - 2^10 */ fsquare_times(t0, t0, 10); + /* 2^50 - 2^0 */ fmul(b, t0, b); + /* 2^100 - 2^50 */ fsquare_times(t0, b, 50); + /* 2^100 - 2^0 */ fmul(c, t0, b); + /* 2^200 - 2^100 */ fsquare_times(t0, c, 100); + /* 2^200 - 2^0 */ fmul(t0, t0, c); + /* 2^250 - 2^50 */ fsquare_times(t0, t0, 50); + /* 2^250 - 2^0 */ fmul(t0, t0, b); + /* 2^255 - 2^5 */ fsquare_times(t0, t0, 5); + /* 2^255 - 21 */ fmul(out, t0, a); +} + +int curve25519_donna(u8 *, const u8 *, const u8 *); + +int +curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) { + limb bp[5], x[5], z[5], zmone[5]; + uint8_t e[32]; + int i; + + for (i = 0;i < 32;++i) e[i] = secret[i]; + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + + fexpand(bp, basepoint); + cmult(x, z, e, bp); + crecip(zmone, z); + fmul(z, x, zmone); + fcontract(mypublic, z); + return 0; +} diff -Nru gvpe-2.25/src/curve25519.h gvpe-3.0/src/curve25519.h --- gvpe-2.25/src/curve25519.h 1969-12-31 19:00:00.000000000 -0500 +++ gvpe-3.0/src/curve25519.h 2015-10-31 02:14:32.000000000 -0400 @@ -0,0 +1,44 @@ +/* + curve25519.h -- diffie hellman key exchange + Copyright (C) 2013 Marc Lehmann + + This file is part of GVPE. + + GVPE is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, see . + + Additional permission under GNU GPL version 3 section 7 + + If you modify this Program, or any covered work, by linking or + combining it with the OpenSSL project's OpenSSL library (or a modified + version of that library), containing parts covered by the terms of the + OpenSSL or SSLeay licenses, the licensors of this Program grant you + additional permission to convey the resulting work. Corresponding + Source for a non-source form of such a combination shall include the + source code for the parts of OpenSSL used as well as that of the + covered work. +*/ + +#ifndef CURVE25519_H__ +#define CURVE25519_H__ + +#define CURVE25519_SIZE 32 + +typedef unsigned char curve25519_key[CURVE25519_SIZE]; + +void curve25519_generate (curve25519_key &a, curve25519_key &b); +void curve25519_combine (const curve25519_key &a, const curve25519_key &b, curve25519_key &s); +void curve25519_verify (); + +#endif + diff -Nru gvpe-2.25/src/device-linux.C gvpe-3.0/src/device-linux.C --- gvpe-2.25/src/device-linux.C 2013-07-09 21:50:26.000000000 -0400 +++ gvpe-3.0/src/device-linux.C 2015-10-31 02:14:32.000000000 -0400 @@ -176,7 +176,7 @@ #else if (write (fd, &((*pkt)[0]), pkt->len) < 0) #endif - slog (L_ERR, _("can't write to %s %s: %s"), info (), DEFAULT_DEVICE, + slog (L_ERR, _("can't write %d byte packet to %s %s: %s"), pkt->len, info (), DEFAULT_DEVICE, strerror (errno)); } diff -Nru gvpe-2.25/src/global.h gvpe-3.0/src/global.h --- gvpe-2.25/src/global.h 2013-07-13 00:10:20.000000000 -0400 +++ gvpe-3.0/src/global.h 2016-03-30 00:01:09.000000000 -0400 @@ -36,42 +36,74 @@ #include +#define HASH_BITS(hash) hashbits_ ## hash +#define HASH_SIZE(hash) (HASH_BITS (hash) >> 3) +#define hashbits_EVP_ripemd160 160 +#define hashbits_EVP_sha1 160 +#define hashbits_EVP_sha224 224 +#define hashbits_EVP_sha256 256 +#define hashbits_EVP_sha384 384 +#define hashbits_EVP_sha512 512 +#define hashbits_EVP_whirlpool 512 + +#define KEY_BITS(cipher) keybits_ ## cipher +#define KEY_SIZE(cipher) (KEY_BITS (cipher) >> 3) +//#define keybits_EVP_bf_ctr 128 // actually 32-448 +#define keybits_EVP_aes_128_ctr 128 +#define keybits_EVP_aes_192_ctr 192 +#define keybits_EVP_aes_256_ctr 256 + +#define BLOCK_BITS(cipher) blockbits_ ## cipher +#define BLOCK_SIZE(cipher) (BLOCK_BITS (cipher) >> 3) +//#define blockbits_EVP_bf_ctr 64 +#define blockbits_EVP_aes_128_ctr 8 +#define blockbits_EVP_aes_192_ctr 8 +#define blockbits_EVP_aes_256_ctr 8 + +#define IV_BITS(cipher) ivbits_ ## cipher +#define IV_SIZE(cipher) (IV_BITS (cipher) >> 3) +//#define ivbits_EVP_bf_ctr 64 +#define ivbits_EVP_aes_128_ctr 128 +#define ivbits_EVP_aes_192_ctr 128 +#define ivbits_EVP_aes_256_ctr 128 + /* Protocol version. Different major versions are incompatible, * different minor versions probably are compatible ;) */ -#define PROTOCOL_MAJOR 0 -#define PROTOCOL_MINOR 1 +#define PROTOCOL_MAJOR 1 +#define PROTOCOL_MINOR 0 + +#define SERIAL_SIZE 16 #define SEED_SIZE 64 // how many octets to seed rng with -#define RSA_KEYBITS 1280 // must be >= 1280 and divisible by 8 -#define RSA_KEYLEN ((RSA_KEYBITS) >> 3) -#define RSA_OVERHEAD (41 + 1) // well, no define for OAEP in openssl - -#define RSA_HASH EVP_ripemd160 ()// speed don't matter, boy, safety does.. I need sha256 :( -#define RSA_HASHLEN (160 >> 3) -#define RSA_RESLEN RSA_HASHLEN - -#define RSA_IDLEN 16 // how many bytes are used to identify the challenge -#define RSA_TTL 120 // challenge bytes timeout after n seconds - -#define CIPHER ENABLE_CIPHER () -#define CIPHER_KEYLEN (EVP_CIPHER_key_length (CIPHER)) -#define DIGEST ENABLE_DIGEST () -#define HMAC_KEYLEN (256 >> 3) // number of bits used for the HMAC key +#define RSA_OAEP_SIZE 41 -#define WINDOWSIZE 512 // sliding window size -#define MAX_SEQNO (0xfffffff0U - WINDOWSIZE * 8) +#define HKDF_XTR_HASH EVP_sha512 +#define HKDF_PRF_HASH EVP_sha256 + +#define HKDF_SALT 24 // how many bytes for the hkdf salt + +#define RSA_KEYLEN (RSABITS >> 3) -#define CHG_SEQNO 0 // where the seqno starts within the rsa challenge -#define CHG_CIPHER_KEY (CHG_SEQNO + 4) // where the key starts within the rsa challenge -//#define CHG_HMAC_KEY (CHG_CIPHER_KEY + CIPHER_KEYLEN) // where the key starts within the rsa challenge -#define CHG_HMAC_KEY 86 // where the key starts within the rsa challenge -// 872 rsa bits used +#define AUTH_DIGEST ENABLE_AUTH +#define AUTH_SIZE (HASH_SIZE (AUTH_DIGEST)) +#define AUTH_TTL 12 // challenge bytes timeout after n seconds of non-use + +#define CIPHER ENABLE_CIPHER +#define CIPHER_KEYSIZE (KEY_SIZE (CIPHER)) +#define CIPHER_IKMSIZE (CIPHER_KEYSIZE * 3 / 2) // randomness in rsa challenge + +#define MAC_DIGEST ENABLE_HMAC +#define MAC_KEYSIZE HASH_SIZE (ENABLE_HMAC) // number of bits used for the HMAC key +#define MAC_IKMSIZE (MAC_KEYSIZE * 3 / 2) // randomness in rsa challenge + +#define WINDOWSIZE 65536 // sliding window size +#define MAX_SEQNO (0xfffffff0U - WINDOWSIZE * 8) -// hdr seq len hmac MAC MAC -#define VPE_OVERHEAD (4 + 4 + 4 + RAND_SIZE + HMACLENGTH - 6 - 6) +// hdr seq len hmac MAC MAC +#define VPE_OVERHEAD (4 + 4 + 4 + HMACLENGTH - 6 - 6) #define IP_OVERHEAD 20 // size of a (normal) ip header #define GRE_OVERHEAD (IP_OVERHEAD + 4) #define ICMP_OVERHEAD (IP_OVERHEAD + 4) @@ -79,9 +111,9 @@ #define TCP_OVERHEAD (IP_OVERHEAD + 22) // size of a (normal) ip + tcp header + packetlength #define MAX_OVERHEAD UDP_OVERHEAD // the max. overhead of any protocol (ok, tcp doesn't count) #define ETH_OVERHEAD 14 // the size of an ethernet header -#define MAXSIZE (MAX_MTU + VPE_OVERHEAD) // slightly too large, but who cares +#define MAXSIZE (MAX_MTU + IP_OVERHEAD) // slightly too large, but who cares -#define PKTCACHESIZE 16 // the size of the memory pool for packets +#define PKTCACHESIZE 128 // the size of the memory pool for packets extern char *confbase; // directory in which all config files are extern char *thisnode; // config for current node (TODO: remove) diff -Nru gvpe-2.25/src/gvpe.C gvpe-3.0/src/gvpe.C --- gvpe-2.25/src/gvpe.C 2013-07-12 22:33:21.000000000 -0400 +++ gvpe-3.0/src/gvpe.C 2015-10-31 02:14:32.000000000 -0400 @@ -62,6 +62,7 @@ #include "util.h" #include "vpn.h" #include "ev_cpp.h" +#include "hkdf.h" static loglevel llevel = L_NONE; @@ -260,6 +261,17 @@ { ERR_load_crypto_strings (); // we have the RAM + // m,ake sure openssl agrees with us on the important bits + require (EVP_MD_size (MAC_DIGEST ()) == HASH_SIZE (MAC_DIGEST )); + require (EVP_MD_size (AUTH_DIGEST ()) == HASH_SIZE (AUTH_DIGEST)); + require (EVP_CIPHER_key_length (CIPHER ()) == KEY_SIZE (CIPHER )); + require (EVP_CIPHER_block_size (CIPHER ()) == BLOCK_SIZE (CIPHER )); + require (EVP_CIPHER_iv_length (CIPHER ()) == IV_SIZE (CIPHER )); + require (EVP_CIPHER_mode (CIPHER ()) == EVP_CIPH_CTR_MODE); + + curve25519_verify (); + hkdf::verify (); + set_loglevel (L_INFO); set_identity (argv[0]); log_to (LOGTO_SYSLOG | LOGTO_STDERR); diff -Nru gvpe-2.25/src/gvpectrl.C gvpe-3.0/src/gvpectrl.C --- gvpe-2.25/src/gvpectrl.C 2013-07-12 22:05:12.000000000 -0400 +++ gvpe-3.0/src/gvpectrl.C 2016-11-02 02:55:43.000000000 -0400 @@ -2,7 +2,7 @@ gvpectrl.C -- the main file for gvpectrl Copyright (C) 1998-2002 Ivo Timmermans 2000-2002 Guus Sliepen - 2003-2013 Marc Lehmann + 2003-2016 Marc Lehmann This file is part of GVPE. @@ -74,18 +74,26 @@ /* If nonzero, do not output anything but warnings/errors/very unusual conditions */ static int quiet; +/* If nonzero, generate single public/private keypair. */ +static const char *generate_key; + /* If nonzero, generate public/private keypair for this net. */ static int generate_keys; +// output some debugging info, interna constants &c +static int debug_info; + static struct option const long_options[] = { {"config", required_argument, NULL, 'c'}, {"kill", optional_argument, NULL, 'k'}, {"help", no_argument, &show_help, 1}, {"version", no_argument, &show_version, 1}, - {"generate-keys", no_argument, NULL, 'g'}, + {"generate-key", required_argument, NULL, 'g'}, + {"generate-keys", no_argument, NULL, 'G'}, {"quiet", no_argument, &quiet, 1}, {"show-config", no_argument, &show_config, 's'}, + {"debug-info", no_argument, &debug_info, 1}, {NULL, 0, NULL, 0} }; @@ -100,7 +108,8 @@ printf (_ (" -c, --config=DIR Read configuration options from DIR.\n" " -k, --kill[=SIGNAL] Attempt to kill a running gvpe and exit.\n" - " -g, --generate-keys Generate public/private RSA keypair.\n" + " -g, --generate-key=file Generate public/private RSA keypair.\n" + " -G, --generate-keys Generate all public/private RSA keypairs.\n" " -s, --show-config Display the configuration information.\n" " -q, --quiet Be quite quiet.\n" " --help Display this help and exit.\n" @@ -117,7 +126,7 @@ int r; int option_index = 0; - while ((r = getopt_long (argc, argv, "c:k::qgs", long_options, &option_index)) != EOF) + while ((r = getopt_long (argc, argv, "c:k::qg:Gs", long_options, &option_index)) != EOF) { switch (r) { @@ -165,7 +174,11 @@ break; case 'g': /* generate public/private keypair */ - generate_keys = RSA_KEYBITS; + generate_key = optarg; + break; + + case 'G': /* generate public/private keypairs */ + generate_keys = 1; break; case 's': @@ -233,15 +246,73 @@ * generate public/private RSA keypairs for all hosts that don't have one. */ static int -keygen (int bits) +keygen (const char *pub, const char *priv) { - FILE *f; - char *name = NULL; - char *fname; - asprintf (&fname, "%s/hostkeys", confbase); - mkdir (fname, 0700); - free (fname); + FILE *pubf = fopen (pub, "ab"); + if (!pubf || fseek (pubf, 0, SEEK_END)) + { + perror (pub); + exit (EXIT_FAILURE); + } + + if (ftell (pubf)) + { + fclose (pubf); + return 1; + } + + FILE *privf = fopen (priv, "ab"); + + /* some libcs are buggy and require an extra seek to the end */ + if (!privf || fseek (privf, 0, SEEK_END)) + { + perror (priv); + exit (EXIT_FAILURE); + } + + if (ftell (privf)) + { + fclose (pubf); + fclose (privf); + return 1; + } + + RSA *rsa = RSA_new (); + BIGNUM *e = BN_new (); + BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537 + +#if 0 +#if OPENSSL_VERSION_NUMBER < 0x10100000 + BN_GENCB cb_100; + BN_GENCB *cb = &cb_100; +#else + BN_GENCB *cb = BN_GENCB_new (); + require (cb); +#endif + + BN_GENCB_set (cb, indicator, 0); + require (RSA_generate_key_ex (rsa, RSABITS, e, cb)); +#else + require (RSA_generate_key_ex (rsa, RSABITS, e, 0)); +#endif + + require (PEM_write_RSAPublicKey (pubf, rsa)); + require (PEM_write_RSAPrivateKey (privf, rsa, NULL, NULL, 0, NULL, NULL)); + + fclose (pubf); + fclose (privf); + + BN_free (e); + RSA_free (rsa); + + return 0; +} + +static int +keygen_all () +{ + char *fname; asprintf (&fname, "%s/pubkey", confbase); mkdir (fname, 0700); @@ -251,62 +322,49 @@ { conf_node *node = *i; - asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); + ::thisnode = node->nodename; - f = fopen (fname, "a"); + char *pub = conf.config_filename ("pubkey/%s", 0); + char *priv = conf.config_filename (conf.prikeyfile, "hostkey"); - /* some libcs are buggy and require an extra seek to the end */ - if (!f || fseek (f, 0, SEEK_END)) - { - perror (fname); - exit (EXIT_FAILURE); - } + int status = keygen (pub, priv); - if (ftell (f)) + if (status == 0) { if (!quiet) - fprintf (stderr, "'%s' already exists, skipping this node %d\n", - fname, quiet); - - fclose (f); - continue; + fprintf (stderr, _("generated %d bits key for %s.\n"), RSABITS, node->nodename); } + else if (status == 1) + fprintf (stderr, _("'%s' keypair already exists, skipping node %s.\n"), pub, node->nodename); - fprintf (stderr, _("generating %d bits key for %s:\n"), bits, - node->nodename); - - RSA *rsa = RSA_new (); - BIGNUM *e = BN_new (); - BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537 - BN_GENCB cb; - BN_GENCB_set (&cb, indicator, 0); - - require (RSA_generate_key_ex (rsa, bits, e, &cb)); - - fprintf (stderr, _("Done.\n")); + free (priv); + free (pub); + } - require (PEM_write_RSAPublicKey (f, rsa)); - fclose (f); - free (fname); + return 0; +} - asprintf (&fname, "%s/hostkeys/%s", confbase, node->nodename); +static int +keygen_one (const char *pubname) +{ + char *privname; - f = fopen (fname, "a"); - if (!f) - { - perror (fname); - exit (EXIT_FAILURE); - } + asprintf (&privname, "%s.privkey", pubname); - require (PEM_write_RSAPrivateKey (f, rsa, NULL, NULL, 0, NULL, NULL)); - fclose (f); - free (fname); + int status = keygen (pubname, privname); - BN_free (e); - RSA_free (rsa); + if (status == 0) + { + if (!quiet) + fprintf (stderr, _("generated %d bits key as %s.\n"), RSABITS, pubname); + } + else if (status == 1) + { + fprintf (stderr, _("'%s' keypair already exists, not generating key.\n"), pubname); + exit (EXIT_FAILURE); } - return 0; + free(privname); } int @@ -343,10 +401,30 @@ configuration_parser (conf, false, 0, 0); } + if (debug_info) + { + printf ("cipher_nid=%d\n", EVP_CIPHER_nid (CIPHER ())); + printf ("mac_nid=%d\n", EVP_MD_type (MAC_DIGEST ())); + printf ("auth_nid=%d\n", EVP_MD_type (AUTH_DIGEST ())); + printf ("sizeof_auth_data=%d\n", sizeof (auth_data)); + printf ("sizeof_rsa_data=%d\n", sizeof (rsa_data)); + printf ("sizeof_rsa_data_extra_auth=%d\n", sizeof (((rsa_data *)0)->extra_auth)); + printf ("raw_overhead=%d\n", VPE_OVERHEAD); + printf ("vpn_overhead=%d\n", VPE_OVERHEAD + 6 + 6); + printf ("udp_overhead=%d\n", UDP_OVERHEAD + VPE_OVERHEAD + 6 + 6); + exit (EXIT_SUCCESS); + } + + if (generate_key) + { + RAND_load_file (conf.seed_dev, SEED_SIZE); + exit (keygen_one (generate_key)); + } + if (generate_keys) { RAND_load_file (conf.seed_dev, SEED_SIZE); - exit (keygen (generate_keys)); + exit (keygen_all ()); } if (kill_gvpe) @@ -360,3 +438,4 @@ usage (1); } + diff -Nru gvpe-2.25/src/hkdf.C gvpe-3.0/src/hkdf.C --- gvpe-2.25/src/hkdf.C 1969-12-31 19:00:00.000000000 -0500 +++ gvpe-3.0/src/hkdf.C 2016-06-30 12:29:01.000000000 -0400 @@ -0,0 +1,254 @@ +/* + hkdf.C -- RFC 5869 HKDF implementation + Copyright (C) 2013,2016 Marc Lehmann + + This file is part of GVPE. + + GVPE is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, see . + + Additional permission under GNU GPL version 3 section 7 + + If you modify this Program, or any covered work, by linking or + combining it with the OpenSSL project's OpenSSL library (or a modified + version of that library), containing parts covered by the terms of the + OpenSSL or SSLeay licenses, the licensors of this Program grant you + additional permission to convey the resulting work. Corresponding + Source for a non-source form of such a combination shall include the + source code for the parts of OpenSSL used as well as that of the + covered work. +*/ + +#include "config.h" + +#include + +#include +#include +#include + +#include "crypto.h" +#include "util.h" +#include "hkdf.h" + +hkdf::hkdf (const void *salt, int len, const EVP_MD *xtr_hash) +: salt (salt), salt_len (len) +{ + ctx.init (salt, salt_len, xtr_hash); +} + +void +hkdf::extract (const void *ikm, int len) +{ + ctx.add (ikm, len); +} + +void +hkdf::extract_done (const EVP_MD *prf_hash) +{ + ctx.digest (prk); + ctx.init (salt, salt_len, prf_hash); +} + +void +hkdf::expand (void *okm, int len, const void *info, int infolen) +{ + u8 tn[sizeof prk]; + u8 iter = 0; + int md_size = ctx.size (); + + while (len) + { + ctx.init (prk, md_size); + + if (iter) + ctx.add (tn, md_size); + + ctx.add (info, infolen); + + ++iter; + require (iter); + + ctx.add (&iter, 1); + ctx.digest (tn); + + int ol = len > md_size ? md_size : len; + + memcpy (okm, tn, ol); + + okm = (void *)(ol + (char *)okm); + len -= ol; + } +} + +// try to verify all test vectors from the RFC +// since I implemented the hkdf myself, and I am no crypto expert, +// we run verification on every startup. +void +hkdf::verify () +{ + struct unhex + { + u8 *p; + int l; + + u8 s[256]; + + unhex (const char *hs) + { + l = 0; + p = s; + + if (!hs) + return; + + while (*hs) + { + int d1 = *hs >= '0' && *hs <= '9' ? *hs - '0' : *hs - 'a' + 10; ++hs; + int d2 = *hs >= '0' && *hs <= '9' ? *hs - '0' : *hs - 'a' + 10; ++hs; + + *p++ = d1 * 16 + d2; + ++l; + } + + p = s; + } + }; + + const struct hkdf_test + { + int hash; + const char *IKM, *salt, *info; + const char *PRK, *OKM; + } tests[] = { + { // 0 + 256, + "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", + "000102030405060708090a0b0c", + "f0f1f2f3f4f5f6f7f8f9", + "077709362c2e32df0ddc3f0dc47bba63" + "90b6c73bb50f9c3122ec844ad7c2b3e5", + "3cb25f25faacd57a90434f64d0362f2a" + "2d2d0a90cf1a5a4c5db02d56ecc4c5bf" + "34007208d5b887185865" + }, { // 1 + 256, + "000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f" + "202122232425262728292a2b2c2d2e2f" + "303132333435363738393a3b3c3d3e3f" + "404142434445464748494a4b4c4d4e4f", + "606162636465666768696a6b6c6d6e6f" + "707172737475767778797a7b7c7d7e7f" + "808182838485868788898a8b8c8d8e8f" + "909192939495969798999a9b9c9d9e9f" + "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", + "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf" + "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf" + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf" + "e0e1e2e3e4e5e6e7e8e9eaebecedeeef" + "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", + "06a6b88c5853361a06104c9ceb35b45c" + "ef760014904671014a193f40c15fc244", + "b11e398dc80327a1c8e7f78c596a4934" + "4f012eda2d4efad8a050cc4c19afa97c" + "59045a99cac7827271cb41c65e590e09" + "da3275600c2f09b8367793a9aca3db71" + "cc30c58179ec3e87c14c01d5c1f3434f" + "1d87" + }, { // 2 + 256, + "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", + "", + "", + "19ef24a32c717b167f33a91d6f648bdf" + "96596776afdb6377ac434c1c293ccb04", + "8da4e775a563c18f715f802a063c5a31" + "b8a11f5c5ee1879ec3454e5f3c738d2d" + "9d201395faa4b61a96c8" + }, { // 3 + 1, + "0b0b0b0b0b0b0b0b0b0b0b", + "000102030405060708090a0b0c", + "f0f1f2f3f4f5f6f7f8f9", + "9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243", + "085a01ea1b10f36933068b56efa5ad81" + "a4f14b822f5b091568a9cdd4f155fda2" + "c22e422478d305f3f896" + }, { // 4 + 1, + "000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f" + "202122232425262728292a2b2c2d2e2f" + "303132333435363738393a3b3c3d3e3f" + "404142434445464748494a4b4c4d4e4f", + "606162636465666768696a6b6c6d6e6f" + "707172737475767778797a7b7c7d7e7f" + "808182838485868788898a8b8c8d8e8f" + "909192939495969798999a9b9c9d9e9f" + "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", + "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf" + "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf" + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf" + "e0e1e2e3e4e5e6e7e8e9eaebecedeeef" + "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", + "8adae09a2a307059478d309b26c4115a224cfaf6", + "0bd770a74d1160f7c9f12cd5912a06eb" + "ff6adcae899d92191fe4305673ba2ffe" + "8fa3f1a4e5ad79f3f334b3b202b2173c" + "486ea37ce3d397ed034c7f9dfeb15c5e" + "927336d0441f4c4300e2cff0d0900b52" + "d3b4" + }, { // 5 + 1, + "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", + "", + "", + "da8c8a73c7fa77288ec6f5e7c297786aa0d32d01", + "0ac1af7002b3d761d1e55298da9d0506" + "b9ae52057220a306e07b6b87e8df21d0" + "ea00033de03984d34918" + }, { // 6 + 1, + "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c", + 0, + "", + "2adccada18779e7c2077ad2eb19d3f3e731385dd", + "2c91117204d745f3500d636a62f64f0a" + "b3bae548aa53d423b0d1f27ebba6f5e5" + "673a081d70cce7acfc48" + } + }; + + for (int i = 0; i < sizeof (tests) / sizeof (tests[0]); ++i) + { + const hkdf_test &test = tests[i]; + + unhex salt (test.salt); + unhex ikm (test.IKM); + unhex info (test.info); + unhex prk_correct (test.PRK); + unhex okm_correct (test.OKM); + + char okm[256]; + + hkdf h (salt.p, salt.l, test.hash == 1 ? EVP_sha1 () : EVP_sha256 ()); + h.extract (ikm.p, ikm.l); + h.extract_done (); + h.expand (okm, okm_correct.l, info.p, info.l); + + require (!memcmp (h.prk, prk_correct.p, prk_correct.l)); + require (!memcmp (okm , okm_correct.p, okm_correct.l)); + } +} + diff -Nru gvpe-2.25/src/hkdf.h gvpe-3.0/src/hkdf.h --- gvpe-2.25/src/hkdf.h 1969-12-31 19:00:00.000000000 -0500 +++ gvpe-3.0/src/hkdf.h 2016-06-30 12:30:31.000000000 -0400 @@ -0,0 +1,58 @@ +/* + hkdf.h -- RFC 5869 HKDF implementation + Copyright (C) 2013,2016 Marc Lehmann + + This file is part of GVPE. + + GVPE is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, see . + + Additional permission under GNU GPL version 3 section 7 + + If you modify this Program, or any covered work, by linking or + combining it with the OpenSSL project's OpenSSL library (or a modified + version of that library), containing parts covered by the terms of the + OpenSSL or SSLeay licenses, the licensors of this Program grant you + additional permission to convey the resulting work. Corresponding + Source for a non-source form of such a combination shall include the + source code for the parts of OpenSSL used as well as that of the + covered work. +*/ + +#ifndef HKDF_H__ +#define HKDF_H__ + +#include "global.h" + +#include "crypto.h" + +// see RFC5869 +struct hkdf +{ + hmac ctx; + u8 prk[EVP_MAX_MD_SIZE]; + const void *salt; + int salt_len; + + hkdf (const void *salt = 0, int len = 0, const EVP_MD *xtr_hash = EVP_sha512 ()); + + void extract (const void *ikm, int len); + void extract_done (const EVP_MD *prf_hash = 0); + + void expand (void *okm, int len, const void *info = 0, int infolen = 0); + + static void verify (); +}; + +#endif + diff -Nru gvpe-2.25/src/iv_gen.C gvpe-3.0/src/iv_gen.C --- gvpe-2.25/src/iv_gen.C 1969-12-31 19:00:00.000000000 -0500 +++ gvpe-3.0/src/iv_gen.C 2015-10-31 02:14:32.000000000 -0400 @@ -0,0 +1,75 @@ +/* + iv_gen.C -- efficiently generate IV values using AES + Copyright (C) 2013 Marc Lehmann + + This file is part of GVPE. + + GVPE is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, see . + + Additional permission under GNU GPL version 3 section 7 + + If you modify this Program, or any covered work, by linking or + combining it with the OpenSSL project's OpenSSL library (or a modified + version of that library), containing parts covered by the terms of the + OpenSSL or SSLeay licenses, the licensors of this Program grant you + additional permission to convey the resulting work. Corresponding + Source for a non-source form of such a combination shall include the + source code for the parts of OpenSSL used as well as that of the + covered work. +*/ + +#include "config.h" + +#include + +#include "util.h" +#include "iv_gen.h" + +#if 0 +void +iv_gen::reset () +{ + u8 key[128/8]; + + rand_fill (key); + require (AES_set_encrypt_key (key, 128, &ctx) >= 0); + + rand_fill (count); +} + +void +iv_gen::get (void *buf, int len) +{ + u8 *ptr = (u8 *)buf; + + // we currently do not reuse partial blocks + for (;;) + { + u32 block[4] = { 0x5c5c5c5c, 0x36363636, 0x88442211, ++count }; + + AES_encrypt ((u8 *)block, (u8 *)block, &ctx); + + if (len <= AES_BLOCK_SIZE) + { + memcpy (ptr, block, len); + return; + } + + memcpy (ptr, block, AES_BLOCK_SIZE); + ptr += AES_BLOCK_SIZE; + len -= AES_BLOCK_SIZE; + } +} +#endif + diff -Nru gvpe-2.25/src/iv_gen.h gvpe-3.0/src/iv_gen.h --- gvpe-2.25/src/iv_gen.h 1969-12-31 19:00:00.000000000 -0500 +++ gvpe-3.0/src/iv_gen.h 2015-10-31 02:14:32.000000000 -0400 @@ -0,0 +1,52 @@ +/* + iv_gen.h -- efficiently generate IV values using AES + Copyright (C) 2013 Marc Lehmann + + This file is part of GVPE. + + GVPE is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 3 of the License, or (at your + option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, see . + + Additional permission under GNU GPL version 3 section 7 + + If you modify this Program, or any covered work, by linking or + combining it with the OpenSSL project's OpenSSL library (or a modified + version of that library), containing parts covered by the terms of the + OpenSSL or SSLeay licenses, the licensors of this Program grant you + additional permission to convey the resulting work. Corresponding + Source for a non-source form of such a combination shall include the + source code for the parts of OpenSSL used as well as that of the + covered work. +*/ + +#ifndef IV_GEN_H__ +#define IV_GEN_H__ + +#include "global.h" + +#include + +#if 0 +// only good for up to 2**31 sequence numbers +struct iv_gen +{ + AES_KEY ctx; + u32 count; // low 32 bit of counter value + + void reset (); + void get (void *buf, int len); +}; +#endif + +#endif + diff -Nru gvpe-2.25/src/Makefile.am gvpe-3.0/src/Makefile.am --- gvpe-2.25/src/Makefile.am 2011-02-11 23:27:39.000000000 -0500 +++ gvpe-3.0/src/Makefile.am 2016-06-30 07:15:44.000000000 -0400 @@ -11,7 +11,8 @@ tincd/linux/device.c tincd/mingw/common.h tincd/mingw/device.c tincd/netbsd/device.c \ tincd/openbsd/device.c tincd/raw_socket/device.c tincd/solaris/device.c \ tincd/uml_socket/device.c tincd/bsd/device.c \ - ether_emu.C lzf/lzf_c.c lzf/lzf_d.c + ether_emu.C lzf/lzf_c.c lzf/lzf_d.c \ + curve25519-donna.c curve25519-donna-c64.c INCLUDES = -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/libev @INCLUDES@ @@ -23,11 +24,14 @@ ROHCLIB = endif -COMMON = global.h conf.h conf.C util.h util.C \ - slog.h slog.C netcompat.h ev_cpp.h ev_cpp.C +COMMON = global.h conf.h conf.C util.h util.C slog.h slog.C netcompat.h \ + ev_cpp.h ev_cpp.C crypto.h crypto.C gvpe_SOURCES = gvpe.C vpn.h vpn.C vpn_tcp.C vpn_dns.C \ sockinfo.h sockinfo.C \ + curve25519.h curve25519.C \ + iv_gen.h iv_gen.C \ + hkdf.h hkdf.C \ lzf/lzf.h lzf/lzfP.h \ connection.h connection.C callback.h device.h device.C \ $(COMMON) diff -Nru gvpe-2.25/src/Makefile.in gvpe-3.0/src/Makefile.in --- gvpe-2.25/src/Makefile.in 2013-07-13 00:42:55.000000000 -0400 +++ gvpe-3.0/src/Makefile.in 2016-11-10 09:40:18.000000000 -0500 @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.6 from Makefile.am. +# Makefile.in generated by automake 1.7.9 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -17,29 +16,16 @@ #SUBDIRS = rohc +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ VPATH = @srcdir@ -am__make_dryrun = \ - { \ - am__dry=no; \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ - | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ - *) \ - for am__flg in $$MAKEFLAGS; do \ - case $$am__flg in \ - *=*|--*) ;; \ - *n*) am__dry=yes; break;; \ - esac; \ - done;; \ - esac; \ - test $$am__dry = yes; \ - } pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = .. + am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c @@ -51,67 +37,11 @@ NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : -build_triplet = @build@ host_triplet = @host@ -target_triplet = @target@ -sbin_PROGRAMS = gvpe$(EXEEXT) -bin_PROGRAMS = gvpectrl$(EXEEXT) -subdir = src -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/m4/tuntap.m4 $(top_srcdir)/libev/libev.m4 \ - $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" -PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS) -am__objects_1 = conf.$(OBJEXT) util.$(OBJEXT) slog.$(OBJEXT) \ - ev_cpp.$(OBJEXT) -am_gvpe_OBJECTS = gvpe.$(OBJEXT) vpn.$(OBJEXT) vpn_tcp.$(OBJEXT) \ - vpn_dns.$(OBJEXT) sockinfo.$(OBJEXT) connection.$(OBJEXT) \ - device.$(OBJEXT) $(am__objects_1) -gvpe_OBJECTS = $(am_gvpe_OBJECTS) -@ROHC_TRUE@am__DEPENDENCIES_1 = rohc/librohc.a -gvpe_DEPENDENCIES = $(top_builddir)/lib/libgvpe.a \ - $(am__DEPENDENCIES_1) -gvpe_LINK = $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(gvpe_LDFLAGS) \ - $(LDFLAGS) -o $@ -am_gvpectrl_OBJECTS = gvpectrl.$(OBJEXT) $(am__objects_1) -gvpectrl_OBJECTS = $(am_gvpectrl_OBJECTS) -gvpectrl_DEPENDENCIES = $(top_builddir)/lib/libgvpe.a -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -CXXLD = $(CXX) -CXXLINK = $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ - -o $@ -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -SOURCES = $(gvpe_SOURCES) $(gvpectrl_SOURCES) -DIST_SOURCES = $(gvpe_SOURCES) $(gvpectrl_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -139,8 +69,8 @@ HAVE_TUNTAP = @HAVE_TUNTAP@ IFSUBTYPE = @IFSUBTYPE@ IFTYPE = @IFTYPE@ + INCLUDES = -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/libev @INCLUDES@ -INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ @@ -151,6 +81,7 @@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ + LIBS = @LIBS@ @LIBINTL@ LINUX_IF_TUN_H = @LINUX_IF_TUN_H@ LN_S = @LN_S@ @@ -158,8 +89,9 @@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ +MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ +MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ MKINSTALLDIRS = @MKINSTALLDIRS@ MSGFMT = @MSGFMT@ MSGMERGE = @MSGMERGE@ @@ -174,30 +106,29 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ POSUB = @POSUB@ RANLIB = @RANLIB@ +ROHC_FALSE = @ROHC_FALSE@ +ROHC_TRUE = @ROHC_TRUE@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ +am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ -builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ @@ -214,189 +145,195 @@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ + localedir = $(datadir)/locale localstatedir = @localstatedir@ mandir = @mandir@ -mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ + +sbin_PROGRAMS = gvpe +bin_PROGRAMS = gvpectrl + EXTRA_DIST = device-linux.C device-cygwin.C device-tincd.C device-darwin.C callback.pl \ tincd/apply tincd/fixit \ tincd/cygwin/device.c tincd/darwin/device.c tincd/freebsd/device.c \ tincd/linux/device.c tincd/mingw/common.h tincd/mingw/device.c tincd/netbsd/device.c \ tincd/openbsd/device.c tincd/raw_socket/device.c tincd/solaris/device.c \ tincd/uml_socket/device.c tincd/bsd/device.c \ - ether_emu.C lzf/lzf_c.c lzf/lzf_d.c + ether_emu.C lzf/lzf_c.c lzf/lzf_d.c \ + curve25519-donna.c curve25519-donna-c64.c @ROHC_FALSE@ROHCLIB = + @ROHC_TRUE@ROHCLIB = rohc/librohc.a -COMMON = global.h conf.h conf.C util.h util.C \ - slog.h slog.C netcompat.h ev_cpp.h ev_cpp.C + +COMMON = global.h conf.h conf.C util.h util.C slog.h slog.C netcompat.h \ + ev_cpp.h ev_cpp.C crypto.h crypto.C + gvpe_SOURCES = gvpe.C vpn.h vpn.C vpn_tcp.C vpn_dns.C \ sockinfo.h sockinfo.C \ + curve25519.h curve25519.C \ + iv_gen.h iv_gen.C \ + hkdf.h hkdf.C \ lzf/lzf.h lzf/lzfP.h \ connection.h connection.C callback.h device.h device.C \ $(COMMON) gvpe_LDADD = $(top_builddir)/lib/libgvpe.a $(ROHCLIB) gvpe_LDFLAGS = @LDFLAGS_DAEMON@ + gvpectrl_SOURCES = gvpectrl.C $(COMMON) gvpectrl_LDADD = $(top_builddir)/lib/libgvpe.a + DEFINES = -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"$(sysconfdir)\" \ -DLOCALEDIR=\"$(localedir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" \ -DIFTYPE_@IFTYPE@=1 -DIF_@IFSUBTYPE@=1 + AM_CFLAGS = $(DEFINES) AM_CXXFLAGS = $(DEFINES) +subdir = src +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +bin_PROGRAMS = gvpectrl$(EXEEXT) +sbin_PROGRAMS = gvpe$(EXEEXT) +PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS) + +am__objects_1 = conf.$(OBJEXT) util.$(OBJEXT) slog.$(OBJEXT) \ + ev_cpp.$(OBJEXT) crypto.$(OBJEXT) +am_gvpe_OBJECTS = gvpe.$(OBJEXT) vpn.$(OBJEXT) vpn_tcp.$(OBJEXT) \ + vpn_dns.$(OBJEXT) sockinfo.$(OBJEXT) curve25519.$(OBJEXT) \ + iv_gen.$(OBJEXT) hkdf.$(OBJEXT) connection.$(OBJEXT) \ + device.$(OBJEXT) $(am__objects_1) +gvpe_OBJECTS = $(am_gvpe_OBJECTS) +@ROHC_TRUE@gvpe_DEPENDENCIES = $(top_builddir)/lib/libgvpe.a \ +@ROHC_TRUE@ rohc/librohc.a +@ROHC_FALSE@gvpe_DEPENDENCIES = $(top_builddir)/lib/libgvpe.a +am_gvpectrl_OBJECTS = gvpectrl.$(OBJEXT) $(am__objects_1) +gvpectrl_OBJECTS = $(am_gvpectrl_OBJECTS) +gvpectrl_DEPENDENCIES = $(top_builddir)/lib/libgvpe.a +gvpectrl_LDFLAGS = + +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/conf.Po ./$(DEPDIR)/connection.Po \ +@AMDEP_TRUE@ ./$(DEPDIR)/crypto.Po ./$(DEPDIR)/curve25519.Po \ +@AMDEP_TRUE@ ./$(DEPDIR)/device.Po ./$(DEPDIR)/ev_cpp.Po \ +@AMDEP_TRUE@ ./$(DEPDIR)/gvpe.Po ./$(DEPDIR)/gvpectrl.Po \ +@AMDEP_TRUE@ ./$(DEPDIR)/hkdf.Po ./$(DEPDIR)/iv_gen.Po \ +@AMDEP_TRUE@ ./$(DEPDIR)/slog.Po ./$(DEPDIR)/sockinfo.Po \ +@AMDEP_TRUE@ ./$(DEPDIR)/util.Po ./$(DEPDIR)/vpn.Po \ +@AMDEP_TRUE@ ./$(DEPDIR)/vpn_dns.Po ./$(DEPDIR)/vpn_tcp.Po +CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) +CXXLD = $(CXX) +CXXLINK = $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ + -o $@ +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DIST_SOURCES = $(gvpe_SOURCES) $(gvpectrl_SOURCES) +DIST_COMMON = $(srcdir)/Makefile.in Makefile.am +SOURCES = $(gvpe_SOURCES) $(gvpectrl_SOURCES) + all: all-am .SUFFIXES: .SUFFIXES: .C .o .obj -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.ac $(ACLOCAL_M4) + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/Makefile +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) +binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) - @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ - fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ - while read p p1; do if test -f $$p; \ - then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ - sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ - { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ - if ($$2 == $$4) files[d] = files[d] " " $$1; \ - else { print "f", $$3 "/" $$4, $$1; } } \ - END { for (d in files) print "f", d, files[d] }' | \ - while read type dir files; do \ - if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ - test -z "$$files" || { \ - echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ - $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ - } \ - ; done + $(mkinstalldirs) $(DESTDIR)$(bindir) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ + if test -f $$p \ + ; then \ + f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " $(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f"; \ + $(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) $$p $(DESTDIR)$(bindir)/$$f || exit 1; \ + else :; fi; \ + done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ - -e 's/$$/$(EXEEXT)/' `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(bindir)" && rm -f $$files + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " rm -f $(DESTDIR)$(bindir)/$$f"; \ + rm -f $(DESTDIR)$(bindir)/$$f; \ + done clean-binPROGRAMS: -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) +sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ - fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ - while read p p1; do if test -f $$p; \ - then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ - sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ - { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ - if ($$2 == $$4) files[d] = files[d] " " $$1; \ - else { print "f", $$3 "/" $$4, $$1; } } \ - END { for (d in files) print "f", d, files[d] }' | \ - while read type dir files; do \ - if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ - test -z "$$files" || { \ - echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ - $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ - } \ - ; done + $(mkinstalldirs) $(DESTDIR)$(sbindir) + @list='$(sbin_PROGRAMS)'; for p in $$list; do \ + p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ + if test -f $$p \ + ; then \ + f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " $(INSTALL_PROGRAM_ENV) $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f"; \ + $(INSTALL_PROGRAM_ENV) $(sbinPROGRAMS_INSTALL) $$p $(DESTDIR)$(sbindir)/$$f || exit 1; \ + else :; fi; \ + done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ - -e 's/$$/$(EXEEXT)/' `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files + @list='$(sbin_PROGRAMS)'; for p in $$list; do \ + f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " rm -f $(DESTDIR)$(sbindir)/$$f"; \ + rm -f $(DESTDIR)$(sbindir)/$$f; \ + done clean-sbinPROGRAMS: -test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS) -gvpe$(EXEEXT): $(gvpe_OBJECTS) $(gvpe_DEPENDENCIES) $(EXTRA_gvpe_DEPENDENCIES) +gvpe$(EXEEXT): $(gvpe_OBJECTS) $(gvpe_DEPENDENCIES) @rm -f gvpe$(EXEEXT) - $(gvpe_LINK) $(gvpe_OBJECTS) $(gvpe_LDADD) $(LIBS) -gvpectrl$(EXEEXT): $(gvpectrl_OBJECTS) $(gvpectrl_DEPENDENCIES) $(EXTRA_gvpectrl_DEPENDENCIES) + $(CXXLINK) $(gvpe_LDFLAGS) $(gvpe_OBJECTS) $(gvpe_LDADD) $(LIBS) +gvpectrl$(EXEEXT): $(gvpectrl_OBJECTS) $(gvpectrl_DEPENDENCIES) @rm -f gvpectrl$(EXEEXT) - $(CXXLINK) $(gvpectrl_OBJECTS) $(gvpectrl_LDADD) $(LIBS) + $(CXXLINK) $(gvpectrl_LDFLAGS) $(gvpectrl_OBJECTS) $(gvpectrl_LDADD) $(LIBS) mostlyclean-compile: - -rm -f *.$(OBJEXT) + -rm -f *.$(OBJEXT) core *.core distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/conf.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connection.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curve25519.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/device.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ev_cpp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gvpe.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gvpectrl.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hkdf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iv_gen.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/slog.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sockinfo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Po@am__quote@ @@ -405,98 +342,111 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vpn_tcp.Po@am__quote@ .C.o: -@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCXX_TRUE@ if $(CXXCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" \ +@am__fastdepCXX_TRUE@ -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<; \ +@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; \ +@am__fastdepCXX_TRUE@ else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; \ +@am__fastdepCXX_TRUE@ fi @AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ $< +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$< .C.obj: -@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCXX_TRUE@ if $(CXXCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" \ +@am__fastdepCXX_TRUE@ -c -o $@ `if test -f '$<'; then $(CYGPATH_W) '$<'; else $(CYGPATH_W) '$(srcdir)/$<'; fi`; \ +@am__fastdepCXX_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; \ +@am__fastdepCXX_TRUE@ else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; \ +@am__fastdepCXX_TRUE@ fi @AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'` +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ `if test -f '$<'; then $(CYGPATH_W) '$<'; else $(CYGPATH_W) '$(srcdir)/$<'; fi` +uninstall-info-am: + +ETAGS = etags +ETAGSFLAGS = + +CTAGS = ctags +CTAGSFLAGS = + +tags: TAGS ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ mkid -fID $$unique -tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - set x; \ + tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$tags$$unique" \ + || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique + ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique + $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +top_distdir = .. +distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ + $(mkinstalldirs) $(distdir)/lzf $(distdir)/tincd $(distdir)/tincd/bsd $(distdir)/tincd/cygwin $(distdir)/tincd/darwin $(distdir)/tincd/freebsd $(distdir)/tincd/linux $(distdir)/tincd/mingw $(distdir)/tincd/netbsd $(distdir)/tincd/openbsd $(distdir)/tincd/raw_socket $(distdir)/tincd/solaris $(distdir)/tincd/uml_socket + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkinstalldirs) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done @@ -506,10 +456,9 @@ check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) + installdirs: - for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done + $(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(sbindir) install: install-am install-exec: install-exec-am install-data: install-data-am @@ -520,22 +469,16 @@ installcheck: installcheck-am install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -555,40 +498,18 @@ dvi-am: -html: html-am - -html-am: - info: info-am info-am: install-data-am: -install-dvi: install-dvi-am - -install-dvi-am: - install-exec-am: install-binPROGRAMS install-sbinPROGRAMS -install-html: install-html-am - -install-html-am: - install-info: install-info-am -install-info-am: - install-man: -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - installcheck-am: maintainer-clean: maintainer-clean-am @@ -608,28 +529,24 @@ ps-am: -uninstall-am: uninstall-binPROGRAMS uninstall-sbinPROGRAMS - -.MAKE: install-am install-strip +uninstall-am: uninstall-binPROGRAMS uninstall-info-am \ + uninstall-sbinPROGRAMS .PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ - clean-generic clean-sbinPROGRAMS ctags dist-hook distclean \ + clean-generic clean-sbinPROGRAMS ctags distclean \ distclean-compile distclean-generic distclean-tags distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-binPROGRAMS install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-sbinPROGRAMS install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \ - uninstall-am uninstall-binPROGRAMS uninstall-sbinPROGRAMS + dvi-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-exec install-exec-am \ + install-info install-info-am install-man install-sbinPROGRAMS \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-binPROGRAMS \ + uninstall-info-am uninstall-sbinPROGRAMS dist-hook: rm -f `find . -type l` - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru gvpe-2.25/src/slog.C gvpe-3.0/src/slog.C --- gvpe-2.25/src/slog.C 2013-07-09 21:50:26.000000000 -0400 +++ gvpe-3.0/src/slog.C 2015-10-31 02:14:32.000000000 -0400 @@ -100,7 +100,7 @@ write (2, "\n", 1); } - delete msg; + delete [] msg; } } diff -Nru gvpe-2.25/src/util.C gvpe-3.0/src/util.C --- gvpe-2.25/src/util.C 2013-07-09 21:50:26.000000000 -0400 +++ gvpe-3.0/src/util.C 2015-10-31 02:14:32.000000000 -0400 @@ -50,6 +50,8 @@ # include #endif +#include + #include "netcompat.h" #include "gettext.h" @@ -294,6 +296,20 @@ /*****************************************************************************/ +void hexdump (const char *header, void *data, int len) +{ + u8 *p = (u8 *)data; + + printf ("%s:", header); + + while (len--) + printf (" %02x", *p++); + + printf ("\n"); +} + +/*****************************************************************************/ + #if ENABLE_HTTP_PROXY // works like strdup u8 * @@ -342,6 +358,19 @@ } #endif +bool +slow_memeq (const void *a, const void *b, int len) +{ + volatile const u8 *pa = (const u8 *)a; + volatile const u8 *pb = (const u8 *)b; + u8 diff = 0; + + while (len--) + diff |= *pa++ ^ *pb++; + + return !diff; +} + void id2mac (unsigned int id, void *m) { @@ -367,3 +396,17 @@ } } +/*****************************************************************************/ + +void rand_fill (void *data, int len) +{ + int l = RAND_bytes ((unsigned char *)data, len); + + if (l > 0) + return; + else if (l == 0) + slog (L_WARN, _("Not enough random entropy to generate secure keys. Using weaker pseudo-random session keys.")); + else + fatal (_("RAND_bytes failed, aborting.")); +} + diff -Nru gvpe-2.25/src/util.h gvpe-3.0/src/util.h --- gvpe-2.25/src/util.h 2013-07-09 21:50:26.000000000 -0400 +++ gvpe-3.0/src/util.h 2015-10-31 02:14:32.000000000 -0400 @@ -2,7 +2,7 @@ util.h -- process management and other utility functions Copyright (C) 1998-2002 Ivo Timmermans 2000-2002 Guus Sliepen - 2003-2011 Marc Lehmann + 2003-2013 Marc Lehmann This file is part of GVPE. @@ -37,13 +37,12 @@ #include #include -#include - #include "gettext.h" #include "slog.h" #include "ev_cpp.h" #include "callback.h" +#include "global.h" typedef ev_tstamp tstamp; @@ -126,30 +125,23 @@ // run a shell script (or actually an external program). pid_t run_script (const run_script_cb &cb, bool wait); +void hexdump (const char *header, void *data, int len); + #if ENABLE_HTTP_PROXY u8 *base64_encode (const u8 *data, unsigned int len); #endif -/*****************************************************************************/ +/* always take more or less the same time to compare */ +bool slow_memeq (const void *a, const void *b, int len); -typedef u8 rsaclear[RSA_KEYLEN - RSA_OVERHEAD]; // challenge data; -typedef u8 rsacrypt[RSA_KEYLEN]; // encrypted challenge +/*****************************************************************************/ -static inline void -rsa_encrypt (RSA *key, const rsaclear &chg, rsacrypt &encr) -{ - if (RSA_public_encrypt (sizeof chg, - (unsigned char *)&chg, (unsigned char *)&encr, - key, RSA_PKCS1_OAEP_PADDING) < 0) - fatal ("RSA_public_encrypt error"); -} +void rand_fill (void *data, int len); -static inline bool -rsa_decrypt (RSA *key, const rsacrypt &encr, rsaclear &chg) +template +inline void rand_fill (T &t) { - return RSA_private_decrypt (sizeof encr, - (unsigned char *)&encr, (unsigned char *)&chg, - key, RSA_PKCS1_OAEP_PADDING) > 0; + rand_fill (&t, sizeof (T)); } /*****************************************************************************/ diff -Nru gvpe-2.25/src/vpn.C gvpe-3.0/src/vpn.C --- gvpe-2.25/src/vpn.C 2013-07-09 21:50:26.000000000 -0400 +++ gvpe-3.0/src/vpn.C 2015-10-31 02:14:32.000000000 -0400 @@ -1,6 +1,6 @@ /* vpn.C -- handle the protocol, encryption, handshaking etc. - Copyright (C) 2003-2008,2010,2011 Marc Lehmann + Copyright (C) 2003-2008,2010,2011,2013 Marc Lehmann This file is part of GVPE. @@ -61,6 +61,32 @@ ///////////////////////////////////////////////////////////////////////////// +// hopefully temporary workaround for rare buffer full conditions +// if it happens, usually instantly retrying or retrying ~5ms later +// is good enough with current network technologies/kernels + +static ssize_t +xsendto (int fd, const void *buf, size_t len, int flags, + const struct sockaddr *sa, socklen_t salen) +{ + ssize_t res; + + for (int retry = 0; retry <= 13; ++retry) // ~100ms + { + res = sendto (fd, buf, len, flags, sa, salen); + + if (res >= 0 || errno != ENOBUFS) + break; + + struct timespec ts = { 0, 1000 * retry }; + nanosleep (&ts, 0); + } + + return res; +} + +///////////////////////////////////////////////////////////////////////////// + static void inline set_tos (int fd, int &tos_prev, int tos) { @@ -80,7 +106,7 @@ // the tricky part is rounding to the cipher key blocksize int mtu = conf.mtu - ETH_OVERHEAD - VPE_OVERHEAD - MAX_OVERHEAD; mtu += ETH_OVERHEAD - 6 - 6; // now we have the data portion - mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round + mtu -= mtu % BLOCK_SIZE (CIPHER); // round mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again char *env; @@ -115,13 +141,7 @@ { script_init_env (); - char *filename; - asprintf (&filename, - "%s/%s", - confbase, - ::conf.script_if_up ? ::conf.script_if_up : "if-up"); - - return filename; + return conf.config_filename (::conf.script_if_up, "if-up"); } int @@ -412,7 +432,7 @@ if (mkdir (dir, 0700)) { - slog (L_CRIT, _("unable to crate anonymous root directory.")); + slog (L_CRIT, _("unable to create anonymous root directory.")); return false; } @@ -468,7 +488,7 @@ vpn::send_ipv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) { set_tos (ipv4_fd, ipv4_tos, tos); - sendto (ipv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); + xsendto (ipv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); return true; } @@ -509,7 +529,7 @@ hdr->checksum = ipv4_checksum ((u16 *)hdr, pkt->len); set_tos (icmpv4_fd, icmpv4_tos, tos); - sendto (icmpv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); + xsendto (icmpv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); return true; } @@ -519,7 +539,7 @@ vpn::send_udpv4_packet (vpn_packet *pkt, const sockinfo &si, int tos) { set_tos (udpv4_fd, udpv4_tos, tos); - sendto (udpv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); + xsendto (udpv4_fd, &((*pkt)[0]), pkt->len, 0, si.sav4 (), si.salenv4 ()); return true; } @@ -897,10 +917,10 @@ { connection *o = *i; - if (!o->is_direct - && o->si.valid () + if (o->si.valid () && c->si != o->si - && c == find_router_for (o)) + && c == find_router_for (o) + && !can_direct (THISNODE, o->conf)) { slog (L_DEBUG, _("%s: can now route packets via %s, re-keying connection."), o->conf->nodename, c->conf->nodename); diff -Nru gvpe-2.25/TODO gvpe-3.0/TODO --- gvpe-2.25/TODO 2008-08-07 13:39:26.000000000 -0400 +++ gvpe-3.0/TODO 2016-11-02 00:48:11.000000000 -0400 @@ -1,52 +1,13 @@ -TODO items: - -:establish_connection_cb might call send_connect_request -which might call :establish_connection_cb recursively. - -#4 0x000000000040af01 in time_watcher::trigger (this=0x52e198) at callback.h:141 -#5 0x0000000000403e7a in vpn::send_connect_request (this=0x51a6e0, id=5436496) at iom.h:154 -#6 0x000000000040e2b7 in connection::establish_connection_cb (this=0x52dff0, w=@0x52e198) at connection.C:764 -#7 0x000000000040fa59 in callback1::proxy::call (this=0x52e2a0, obj=0x52e2a0, meth= - (void ( struct callback1::object::*)(time_watcher &,)) 531452, a1=@0x52f450) at callback.h:122 -#8 0x000000000040af01 in time_watcher::trigger (this=0x52e198) at callback.h:141 -#9 0x0000000000403e7a in vpn::send_connect_request (this=0x51a6e0, id=5436496) at iom.h:154 -#10 0x000000000040e2b7 in connection::establish_connection_cb (this=0x52dff0, w=@0x52e198) at connection.C:764 -#11 0x000000000040fa59 in callback1::proxy::call (this=0x52e2a0, obj=0x52e2a0, meth= - (void ( struct callback1::object::*)(time_watcher &,)) 531452, a1=@0x52f450) at callback.h:122 -#12 0x000000000040af01 in time_watcher::trigger (this=0x52e198) at callback.h:141 -#13 0x0000000000403e7a in vpn::send_connect_request (this=0x51a6e0, id=5436496) at iom.h:154 -#14 0x000000000040e2b7 in connection::establish_connection_cb (this=0x52dff0, w=@0x52e198) at connection.C:764 -#15 0x000000000040fa59 in callback1::proxy::call (this=0x52e2a0, obj=0x52e2a0, meth= - (void ( struct callback1::object::*)(time_watcher &,)) 531452, a1=@0x52f450) at callback.h:122 -#16 0x000000000040af01 in time_watcher::trigger (this=0x52e198) at callback.h:141 -#17 0x0000000000403e7a in vpn::send_connect_request (this=0x51a6e0, id=5436496) at iom.h:154 -#18 0x000000000040e2b7 in connection::establish_connection_cb (this=0x52dff0, w=@0x52e198) at connection.C:764 -#19 0x000000000040fa59 in callback1::proxy::call (this=0x52e2a0, obj=0x52e2a0, meth= - (void ( struct callback1::object::*)(time_watcher &,)) 531452, a1=@0x52f450) at callback.h:122 -#20 0x000000000040af01 in time_watcher::trigger (this=0x52e198) at callback.h:141 -#21 0x0000000000403e7a in vpn::send_connect_request (this=0x51a6e0, id=5436496) at iom.h:154 -#22 0x000000000040e2b7 in connection::establish_connection_cb (this=0x52dff0, w=@0x52e198) at connection.C:764 -#23 0x000000000040fa59 in callback1::proxy::call (this=0x52e2a0, obj=0x52e2a0, meth= - (void ( struct callback1::object::*)(time_watcher &,)) 531452, a1=@0x52f450) at callback.h:122 -#24 0x000000000040af01 in time_watcher::trigger (this=0x52e198) at callback.h:141 -#25 0x0000000000403e7a in vpn::send_connect_request (this=0x51a6e0, id=5436496) at iom.h:154 -#26 0x000000000040e2b7 in connection::establish_connection_cb (this=0x52dff0, w=@0x52e198) at connection.C:764 -#27 0x000000000040fa59 in callback1::proxy::call (this=0x52e2a0, obj=0x52e2a0, meth= - (void ( struct callback1::object::*)(time_watcher &,)) 531452, a1=@0x52f450) at callback.h:122 -#28 0x000000000040af01 in time_watcher::trigger (this=0x52e198) at callback.h:141 -#29 0x0000000000403e7a in vpn::send_connect_request (this=0x51a6e0, id=5436496) at iom.h:154 -#30 0x000000000040e2b7 in connection::establish_connection_cb (this=0x52dff0, w=@0x52e198) at connection.C:764 - - -- kill -USR1 should not reconnect but just refresh with pinging -- mac=xxxxx config directive, to allow windows etc. -- on shell xyz -- add a general vpn introduction to the manual -- reformat the texinfo manual to look less manpagish -- use gnutls instead of openssl - -- vped => starts without error message but fails to connect -- should tets own hostkey for validity -- re-bind() on HUP -- Feb 26 18:48:31 (none) modprobe: modprobe: Can't locate module  (^E^H( +TODO: bridge mode, finally? +TODO: gcm mode? +TODO: replace transport bits by transport endpoint structs? +TODO: http://incog-izick.blogspot.de/2011/08/using-openssl-aes-gcm.html +TODO: http://stackoverflow.com/questions/12153009/openssl-c-example-of-aes-gcm-using-evp-interfaces + +TODO: verify +TODO: make sense of overhead calculation +TODO: if-up &c should not be scripts? +TODO: ipv6 +TODO: gvpectrl should not use default privatekey,. or maybe document it better +TODO: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828336