libnids-1.23/ 0000700 0000764 0000764 00000000000 10760071771 013631 5 ustar nergal nergal 0000000 0000000 libnids-1.23/src/ 0000700 0000764 0000764 00000000000 10757253770 014427 5 ustar nergal nergal 0000000 0000000 libnids-1.23/src/checksum.c 0000600 0000764 0000764 00000016211 10202157303 016354 0 ustar nergal nergal 0000000 0000000
#include
#include
#include
#include
#include
#include
#include "nids.h"
static struct nids_chksum_ctl * nchk;
static int nrnochksum=0;
void nids_register_chksum_ctl(struct nids_chksum_ctl * ptr, int nr)
{
nchk=ptr;
nrnochksum=nr;
}
static int dontchksum(unsigned int ip)
{
int i;
for (i=0;i, adapted for linux by Arnt
Gulbrandsen.
*/
inline u_short ip_fast_csum(u_char * iph, u_int ihl)
{
u_int sum;
if (dontchksum(((struct ip*)iph)->ip_src.s_addr))
return 0;
__asm__ __volatile__(
" movl (%1), %0 \n"
" subl $4, %2 \n"
" jbe 2f \n"
" addl 4(%1), %0 \n"
" adcl 8(%1), %0 \n"
" adcl 12(%1), %0 \n"
"1: adcl 16(%1), %0 \n"
" lea 4(%1), %1 \n"
" decl %2 \n"
" jne 1b \n"
" adcl $0, %0 \n"
" movl %0, %2 \n"
" shrl $16, %0 \n"
" addw %w2, %w0 \n"
" adcl $0, %0 \n"
" notl %0 \n"
"2: \n"
/*
Since the input registers which are loaded with iph and ipl
are modified, we must also specify them as outputs, or gcc
will assume they contain their original values.
*/
: "=r" (sum), "=r" (iph), "=r" (ihl)
: "1" (iph), "2" (ihl)
: "cc");
return (sum);
}
/* Fold a partial checksum. */
static inline u_int
csum_fold(u_int sum)
{
__asm__(
" addl %1, %0 \n"
" adcl $0xffff, %0 \n"
: "=r" (sum)
: "r" (sum << 16), "0" (sum & 0xffff0000)
: "cc" );
return ((~sum) >> 16);
}
/*
computes the checksum of the TCP/UDP pseudo-header
returns a 16-bit checksum, already complemented
*/
static inline u_short
csum_tcpudp_magic(u_int saddr, u_int daddr, u_short len,
u_short proto, u_int sum)
{
__asm__(
" addl %1, %0 \n"
" adcl %2, %0 \n"
" adcl %3, %0 \n"
" adcl $0, %0 \n"
: "=r" (sum)
: "g" (daddr), "g"(saddr), "g"((ntohs(len) << 16) + proto * 256), "0"(sum)
: "cc");
return (csum_fold(sum));
}
/*
this routine is used for miscellaneous IP-like checksums, mainly in
icmp.c
*/
inline u_short
ip_compute_csum(u_char * buff, int len)
{
return (csum_fold(csum_partial(buff, len, 0)));
}
inline u_short
my_tcp_check(struct tcphdr *th, int len, u_int saddr, u_int daddr)
{
if (dontchksum(saddr))
return 0;
return csum_tcpudp_magic(saddr, daddr, len, IPPROTO_TCP,
csum_partial((char *)th, len, 0));
}
inline u_short
my_udp_check(void *u, int len, u_int saddr, u_int daddr)
{
if (dontchksum(saddr))
return 0;
return csum_tcpudp_magic(saddr, daddr, len, IPPROTO_UDP,
csum_partial((char *)u, len, 0));
}
#else /* !i386 */
struct psuedo_hdr
{
u_int saddr;
u_int daddr;
u_char zero;
u_char protocol;
u_short len;
};
u_short
ip_check_ext(register u_short *addr, register int len, int addon)
{
register int nleft = len;
register u_short *w = addr;
register int sum = addon;
u_short answer = 0;
/*
* Our algorithm is simple, using a 32 bit accumulator (sum),
* we add sequential 16 bit words to it, and at the end, fold
* back all the carry bits from the top 16 bits into the lower
* 16 bits.
*/
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
/* mop up an odd byte, if necessary */
if (nleft == 1) {
*(u_char *)(&answer) = *(u_char *)w;
sum += answer;
}
/* add back carry outs from top 16 bits to low 16 bits */
sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* truncate to 16 bits */
return (answer);
}
u_short
ip_fast_csum(u_short *addr, int len)
{
if (dontchksum(((struct ip*)addr)->ip_src.s_addr))
return 0;
return ip_check_ext(addr, len << 2, 0);
}
u_short
ip_compute_csum(u_short *addr, int len)
{
return ip_check_ext(addr, len, 0);
}
u_short
my_tcp_check(struct tcphdr *th, int len, u_int saddr, u_int daddr)
{
unsigned int i;
int sum = 0;
struct psuedo_hdr hdr;
if (dontchksum(saddr))
return 0;
hdr.saddr = saddr;
hdr.daddr = daddr;
hdr.zero = 0;
hdr.protocol = IPPROTO_TCP;
hdr.len = htons(len);
for (i = 0; i < sizeof(hdr); i += 2)
sum += *(u_short *)((char *)(&hdr) + i);
return (ip_check_ext((u_short *)th, len, sum));
}
u_short
my_udp_check(void *u, int len, u_int saddr, u_int daddr)
{
unsigned int i;
int sum = 0;
struct psuedo_hdr hdr;
if (dontchksum(saddr))
return 0;
hdr.saddr = saddr;
hdr.daddr = daddr;
hdr.zero = 0;
hdr.protocol = IPPROTO_UDP;
hdr.len = htons(len);
for (i = 0; i < sizeof(hdr); i += 2)
sum += *(u_short *)((char *)(&hdr) + i);
return (ip_check_ext((u_short *)u, len, sum));
}
#endif /* !i386 */
libnids-1.23/src/ip_fragment.c 0000600 0000764 0000764 00000044625 10757251327 017077 0 ustar nergal nergal 0000000 0000000 /*
This file is taken from Linux 2.0.36 kernel source.
Modified in Jun 99 by Nergal.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "checksum.h"
#include "ip_fragment.h"
#include "tcp.h"
#include "util.h"
#include "nids.h"
#define IP_CE 0x8000 /* Flag: "Congestion" */
#define IP_DF 0x4000 /* Flag: "Don't Fragment" */
#define IP_MF 0x2000 /* Flag: "More Fragments" */
#define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
#define IP_FRAG_TIME (30 * 1000) /* fragment lifetime */
#define UNUSED 314159
#define FREE_READ UNUSED
#define FREE_WRITE UNUSED
#define GFP_ATOMIC UNUSED
#define NETDEBUG(x)
struct sk_buff {
char *data;
int truesize;
};
struct timer_list {
struct timer_list *prev;
struct timer_list *next;
int expires;
void (*function)();
unsigned long data;
// struct ipq *frags;
};
struct hostfrags {
struct ipq *ipqueue;
int ip_frag_mem;
u_int ip;
int hash_index;
struct hostfrags *prev;
struct hostfrags *next;
};
/* Describe an IP fragment. */
struct ipfrag {
int offset; /* offset of fragment in IP datagram */
int end; /* last byte of data in datagram */
int len; /* length of this fragment */
struct sk_buff *skb; /* complete received fragment */
unsigned char *ptr; /* pointer into real fragment data */
struct ipfrag *next; /* linked list pointers */
struct ipfrag *prev;
};
/* Describe an entry in the "incomplete datagrams" queue. */
struct ipq {
unsigned char *mac; /* pointer to MAC header */
struct ip *iph; /* pointer to IP header */
int len; /* total length of original datagram */
short ihlen; /* length of the IP header */
short maclen; /* length of the MAC header */
struct timer_list timer; /* when will this queue expire? */
struct ipfrag *fragments; /* linked list of received fragments */
struct hostfrags *hf;
struct ipq *next; /* linked list pointers */
struct ipq *prev;
// struct device *dev; /* Device - for icmp replies */
};
/*
Fragment cache limits. We will commit 256K at one time. Should we
cross that limit we will prune down to 192K. This should cope with
even the most extreme cases without allowing an attacker to
measurably harm machine performance.
*/
#define IPFRAG_HIGH_THRESH (256*1024)
#define IPFRAG_LOW_THRESH (192*1024)
/*
This fragment handler is a bit of a heap. On the other hand it works
quite happily and handles things quite well.
*/
static struct hostfrags **fragtable;
static struct hostfrags *this_host;
static int numpack = 0;
static int hash_size;
static int timenow;
static unsigned int time0;
static struct timer_list *timer_head = 0, *timer_tail = 0;
#define int_ntoa(x) inet_ntoa(*((struct in_addr *)&x))
static int
jiffies()
{
struct timeval tv;
if (timenow)
return timenow;
gettimeofday(&tv, 0);
timenow = (tv.tv_sec - time0) * 1000 + tv.tv_usec / 1000;
return timenow;
}
/* Memory Tracking Functions */
static void
atomic_sub(int ile, int *co)
{
*co -= ile;
}
static void
atomic_add(int ile, int *co)
{
*co += ile;
}
static void
kfree_skb(struct sk_buff * skb, int type)
{
(void)type;
free(skb);
}
static void
panic(char *str)
{
fprintf(stderr, "%s", str);
exit(1);
}
static void
add_timer(struct timer_list * x)
{
if (timer_tail) {
timer_tail->next = x;
x->prev = timer_tail;
x->next = 0;
timer_tail = x;
}
else {
x->prev = 0;
x->next = 0;
timer_tail = timer_head = x;
}
}
static void
del_timer(struct timer_list * x)
{
if (x->prev)
x->prev->next = x->next;
else
timer_head = x->next;
if (x->next)
x->next->prev = x->prev;
else
timer_tail = x->prev;
}
static void
frag_kfree_skb(struct sk_buff * skb, int type)
{
if (this_host)
atomic_sub(skb->truesize, &this_host->ip_frag_mem);
kfree_skb(skb, type);
}
static void
frag_kfree_s(void *ptr, int len)
{
if (this_host)
atomic_sub(len, &this_host->ip_frag_mem);
free(ptr);
}
static void *
frag_kmalloc(int size, int dummy)
{
void *vp = (void *) malloc(size);
(void)dummy;
if (!vp)
return NULL;
atomic_add(size, &this_host->ip_frag_mem);
return vp;
}
/* Create a new fragment entry. */
static struct ipfrag *
ip_frag_create(int offset, int end, struct sk_buff * skb, unsigned char *ptr)
{
struct ipfrag *fp;
fp = (struct ipfrag *) frag_kmalloc(sizeof(struct ipfrag), GFP_ATOMIC);
if (fp == NULL) {
// NETDEBUG(printk("IP: frag_create: no memory left !\n"));
nids_params.no_mem("ip_frag_create");
return (NULL);
}
memset(fp, 0, sizeof(struct ipfrag));
/* Fill in the structure. */
fp->offset = offset;
fp->end = end;
fp->len = end - offset;
fp->skb = skb;
fp->ptr = ptr;
/* Charge for the SKB as well. */
this_host->ip_frag_mem += skb->truesize;
return (fp);
}
static int
frag_index(struct ip * iph)
{
unsigned int ip = ntohl(iph->ip_dst.s_addr);
return (ip % hash_size);
}
static int
hostfrag_find(struct ip * iph)
{
int hash_index = frag_index(iph);
struct hostfrags *hf;
this_host = 0;
for (hf = fragtable[hash_index]; hf; hf = hf->next)
if (hf->ip == iph->ip_dst.s_addr) {
this_host = hf;
break;
}
if (!this_host)
return 0;
else
return 1;
}
static void
hostfrag_create(struct ip * iph)
{
struct hostfrags *hf = mknew(struct hostfrags);
int hash_index = frag_index(iph);
hf->prev = 0;
hf->next = fragtable[hash_index];
if (hf->next)
hf->next->prev = hf;
fragtable[hash_index] = hf;
hf->ip = iph->ip_dst.s_addr;
hf->ipqueue = 0;
hf->ip_frag_mem = 0;
hf->hash_index = hash_index;
this_host = hf;
}
static void
rmthis_host()
{
int hash_index = this_host->hash_index;
if (this_host->prev) {
this_host->prev->next = this_host->next;
if (this_host->next)
this_host->next->prev = this_host->prev;
}
else {
fragtable[hash_index] = this_host->next;
if (this_host->next)
this_host->next->prev = 0;
}
free(this_host);
this_host = 0;
}
/*
Find the correct entry in the "incomplete datagrams" queue for this
IP datagram, and return the queue entry address if found.
*/
static struct ipq *
ip_find(struct ip * iph)
{
struct ipq *qp;
struct ipq *qplast;
qplast = NULL;
for (qp = this_host->ipqueue; qp != NULL; qplast = qp, qp = qp->next) {
if (iph->ip_id == qp->iph->ip_id &&
iph->ip_src.s_addr == qp->iph->ip_src.s_addr &&
iph->ip_dst.s_addr == qp->iph->ip_dst.s_addr &&
iph->ip_p == qp->iph->ip_p) {
del_timer(&qp->timer); /* So it doesn't vanish on us. The timer will
be reset anyway */
return (qp);
}
}
return (NULL);
}
/*
Remove an entry from the "incomplete datagrams" queue, either
because we completed, reassembled and processed it, or because it
timed out.
*/
static void
ip_free(struct ipq * qp)
{
struct ipfrag *fp;
struct ipfrag *xp;
/* Stop the timer for this entry. */
del_timer(&qp->timer);
/* Remove this entry from the "incomplete datagrams" queue. */
if (qp->prev == NULL) {
this_host->ipqueue = qp->next;
if (this_host->ipqueue != NULL)
this_host->ipqueue->prev = NULL;
else
rmthis_host();
}
else {
qp->prev->next = qp->next;
if (qp->next != NULL)
qp->next->prev = qp->prev;
}
/* Release all fragment data. */
fp = qp->fragments;
while (fp != NULL) {
xp = fp->next;
frag_kfree_skb(fp->skb, FREE_READ);
frag_kfree_s(fp, sizeof(struct ipfrag));
fp = xp;
}
/* Release the IP header. */
frag_kfree_s(qp->iph, 64 + 8);
/* Finally, release the queue descriptor itself. */
frag_kfree_s(qp, sizeof(struct ipq));
}
/* Oops- a fragment queue timed out. Kill it and send an ICMP reply. */
static void
ip_expire(unsigned long arg)
{
struct ipq *qp;
qp = (struct ipq *) arg;
/* Nuke the fragment queue. */
ip_free(qp);
}
/*
Memory limiting on fragments. Evictor trashes the oldest fragment
queue until we are back under the low threshold.
*/
static void
ip_evictor(void)
{
// fprintf(stderr, "ip_evict:numpack=%i\n", numpack);
while (this_host->ip_frag_mem > IPFRAG_LOW_THRESH) {
if (!this_host->ipqueue)
panic("ip_evictor: memcount");
ip_free(this_host->ipqueue);
}
}
/*
Add an entry to the 'ipq' queue for a newly received IP datagram.
We will (hopefully :-) receive all other fragments of this datagram
in time, so we just create a queue for this datagram, in which we
will insert the received fragments at their respective positions.
*/
static struct ipq *
ip_create(struct ip * iph)
{
struct ipq *qp;
int ihlen;
qp = (struct ipq *) frag_kmalloc(sizeof(struct ipq), GFP_ATOMIC);
if (qp == NULL) {
// NETDEBUG(printk("IP: create: no memory left !\n"));
nids_params.no_mem("ip_create");
return (NULL);
}
memset(qp, 0, sizeof(struct ipq));
/* Allocate memory for the IP header (plus 8 octets for ICMP). */
ihlen = iph->ip_hl * 4;
qp->iph = (struct ip *) frag_kmalloc(64 + 8, GFP_ATOMIC);
if (qp->iph == NULL) {
//NETDEBUG(printk("IP: create: no memory left !\n"));
nids_params.no_mem("ip_create");
frag_kfree_s(qp, sizeof(struct ipq));
return (NULL);
}
memcpy(qp->iph, iph, ihlen + 8);
qp->len = 0;
qp->ihlen = ihlen;
qp->fragments = NULL;
qp->hf = this_host;
/* Start a timer for this entry. */
qp->timer.expires = jiffies() + IP_FRAG_TIME; /* about 30 seconds */
qp->timer.data = (unsigned long) qp; /* pointer to queue */
qp->timer.function = ip_expire; /* expire function */
add_timer(&qp->timer);
/* Add this entry to the queue. */
qp->prev = NULL;
qp->next = this_host->ipqueue;
if (qp->next != NULL)
qp->next->prev = qp;
this_host->ipqueue = qp;
return (qp);
}
/* See if a fragment queue is complete. */
static int
ip_done(struct ipq * qp)
{
struct ipfrag *fp;
int offset;
/* Only possible if we received the final fragment. */
if (qp->len == 0)
return (0);
/* Check all fragment offsets to see if they connect. */
fp = qp->fragments;
offset = 0;
while (fp != NULL) {
if (fp->offset > offset)
return (0); /* fragment(s) missing */
offset = fp->end;
fp = fp->next;
}
/* All fragments are present. */
return (1);
}
/*
Build a new IP datagram from all its fragments.
FIXME: We copy here because we lack an effective way of handling
lists of bits on input. Until the new skb data handling is in I'm
not going to touch this with a bargepole.
*/
static char *
ip_glue(struct ipq * qp)
{
char *skb;
struct ip *iph;
struct ipfrag *fp;
unsigned char *ptr;
int count, len;
/* Allocate a new buffer for the datagram. */
len = qp->ihlen + qp->len;
if (len > 65535) {
// NETDEBUG(printk("Oversized IP packet from %s.\n", int_ntoa(qp->iph->ip_src.s_addr)));
nids_params.syslog(NIDS_WARN_IP, NIDS_WARN_IP_OVERSIZED, qp->iph, 0);
ip_free(qp);
return NULL;
}
if ((skb = (char *) malloc(len)) == NULL) {
// NETDEBUG(printk("IP: queue_glue: no memory for gluing queue %p\n", qp));
nids_params.no_mem("ip_glue");
ip_free(qp);
return (NULL);
}
/* Fill in the basic details. */
ptr = skb;
memcpy(ptr, ((unsigned char *) qp->iph), qp->ihlen);
ptr += qp->ihlen;
count = 0;
/* Copy the data portions of all fragments into the new buffer. */
fp = qp->fragments;
while (fp != NULL) {
if (fp->len < 0 || fp->offset + qp->ihlen + fp->len > len) {
//NETDEBUG(printk("Invalid fragment list: Fragment over size.\n"));
nids_params.syslog(NIDS_WARN_IP, NIDS_WARN_IP_INVLIST, qp->iph, 0);
ip_free(qp);
//kfree_skb(skb, FREE_WRITE);
//ip_statistics.IpReasmFails++;
free(skb);
return NULL;
}
memcpy((ptr + fp->offset), fp->ptr, fp->len);
count += fp->len;
fp = fp->next;
}
/* We glued together all fragments, so remove the queue entry. */
ip_free(qp);
/* Done with all fragments. Fixup the new IP header. */
iph = (struct ip *) skb;
iph->ip_off = 0;
iph->ip_len = htons((iph->ip_hl * 4) + count);
// skb->ip_hdr = iph;
return (skb);
}
/* Process an incoming IP datagram fragment. */
static char *
ip_defrag(struct ip *iph, struct sk_buff *skb)
{
struct ipfrag *prev, *next, *tmp;
struct ipfrag *tfp;
struct ipq *qp;
char *skb2;
unsigned char *ptr;
int flags, offset;
int i, ihl, end;
if (!hostfrag_find(iph) && skb)
hostfrag_create(iph);
/* Start by cleaning up the memory. */
if (this_host)
if (this_host->ip_frag_mem > IPFRAG_HIGH_THRESH)
ip_evictor();
/* Find the entry of this IP datagram in the "incomplete datagrams" queue. */
if (this_host)
qp = ip_find(iph);
else
qp = 0;
/* Is this a non-fragmented datagram? */
offset = ntohs(iph->ip_off);
flags = offset & ~IP_OFFSET;
offset &= IP_OFFSET;
if (((flags & IP_MF) == 0) && (offset == 0)) {
if (qp != NULL)
ip_free(qp); /* Fragmented frame replaced by full
unfragmented copy */
return 0;
}
/* ip_evictor() could have removed all queues for the current host */
if (!this_host)
hostfrag_create(iph);
offset <<= 3; /* offset is in 8-byte chunks */
ihl = iph->ip_hl * 4;
/*
If the queue already existed, keep restarting its timer as long as
we still are receiving fragments. Otherwise, create a fresh queue
entry.
*/
if (qp != NULL) {
/* ANK. If the first fragment is received, we should remember the correct
IP header (with options) */
if (offset == 0) {
qp->ihlen = ihl;
memcpy(qp->iph, iph, ihl + 8);
}
del_timer(&qp->timer);
qp->timer.expires = jiffies() + IP_FRAG_TIME; /* about 30 seconds */
qp->timer.data = (unsigned long) qp; /* pointer to queue */
qp->timer.function = ip_expire; /* expire function */
add_timer(&qp->timer);
}
else {
/* If we failed to create it, then discard the frame. */
if ((qp = ip_create(iph)) == NULL) {
kfree_skb(skb, FREE_READ);
return NULL;
}
}
/* Attempt to construct an oversize packet. */
if (ntohs(iph->ip_len) + (int) offset > 65535) {
// NETDEBUG(printk("Oversized packet received from %s\n", int_ntoa(iph->ip_src.s_addr)));
nids_params.syslog(NIDS_WARN_IP, NIDS_WARN_IP_OVERSIZED, iph, 0);
kfree_skb(skb, FREE_READ);
return NULL;
}
/* Determine the position of this fragment. */
end = offset + ntohs(iph->ip_len) - ihl;
/* Point into the IP datagram 'data' part. */
ptr = skb->data + ihl;
/* Is this the final fragment? */
if ((flags & IP_MF) == 0)
qp->len = end;
/*
Find out which fragments are in front and at the back of us in the
chain of fragments so far. We must know where to put this
fragment, right?
*/
prev = NULL;
for (next = qp->fragments; next != NULL; next = next->next) {
if (next->offset >= offset)
break; /* bingo! */
prev = next;
}
/*
We found where to put this one. Check for overlap with preceding
fragment, and, if needed, align things so that any overlaps are
eliminated.
*/
if (prev != NULL && offset < prev->end) {
nids_params.syslog(NIDS_WARN_IP, NIDS_WARN_IP_OVERLAP, iph, 0);
i = prev->end - offset;
offset += i; /* ptr into datagram */
ptr += i; /* ptr into fragment data */
}
/*
Look for overlap with succeeding segments.
If we can merge fragments, do it.
*/
for (tmp = next; tmp != NULL; tmp = tfp) {
tfp = tmp->next;
if (tmp->offset >= end)
break; /* no overlaps at all */
nids_params.syslog(NIDS_WARN_IP, NIDS_WARN_IP_OVERLAP, iph, 0);
i = end - next->offset; /* overlap is 'i' bytes */
tmp->len -= i; /* so reduce size of */
tmp->offset += i; /* next fragment */
tmp->ptr += i;
/*
If we get a frag size of <= 0, remove it and the packet that it
goes with. We never throw the new frag away, so the frag being
dumped has always been charged for.
*/
if (tmp->len <= 0) {
if (tmp->prev != NULL)
tmp->prev->next = tmp->next;
else
qp->fragments = tmp->next;
if (tmp->next != NULL)
tmp->next->prev = tmp->prev;
next = tfp; /* We have killed the original next frame */
frag_kfree_skb(tmp->skb, FREE_READ);
frag_kfree_s(tmp, sizeof(struct ipfrag));
}
}
/* Insert this fragment in the chain of fragments. */
tfp = NULL;
tfp = ip_frag_create(offset, end, skb, ptr);
/*
No memory to save the fragment - so throw the lot. If we failed
the frag_create we haven't charged the queue.
*/
if (!tfp) {
nids_params.no_mem("ip_defrag");
kfree_skb(skb, FREE_READ);
return NULL;
}
/* From now on our buffer is charged to the queues. */
tfp->prev = prev;
tfp->next = next;
if (prev != NULL)
prev->next = tfp;
else
qp->fragments = tfp;
if (next != NULL)
next->prev = tfp;
/*
OK, so we inserted this new fragment into the chain. Check if we
now have a full IP datagram which we can bump up to the IP
layer...
*/
if (ip_done(qp)) {
skb2 = ip_glue(qp); /* glue together the fragments */
return (skb2);
}
return (NULL);
}
int
ip_defrag_stub(struct ip *iph, struct ip **defrag)
{
int offset, flags, tot_len;
struct sk_buff *skb;
numpack++;
timenow = 0;
while (timer_head && timer_head->expires < jiffies()) {
this_host = ((struct ipq *) (timer_head->data))->hf;
timer_head->function(timer_head->data);
}
offset = ntohs(iph->ip_off);
flags = offset & ~IP_OFFSET;
offset &= IP_OFFSET;
if (((flags & IP_MF) == 0) && (offset == 0)) {
ip_defrag(iph, 0);
return IPF_NOTF;
}
tot_len = ntohs(iph->ip_len);
skb = (struct sk_buff *) malloc(tot_len + sizeof(struct sk_buff));
if (!skb)
nids_params.no_mem("ip_defrag_stub");
skb->data = (char *) (skb + 1);
memcpy(skb->data, iph, tot_len);
skb->truesize = tot_len + 16 + nids_params.dev_addon;
skb->truesize = (skb->truesize + 15) & ~15;
skb->truesize += nids_params.sk_buff_size;
if ((*defrag = (struct ip *)ip_defrag((struct ip *) (skb->data), skb)))
return IPF_NEW;
return IPF_ISF;
}
void
ip_frag_init(int n)
{
struct timeval tv;
gettimeofday(&tv, 0);
time0 = tv.tv_sec;
fragtable = (struct hostfrags **) calloc(n, sizeof(struct hostfrags *));
if (!fragtable)
nids_params.no_mem("ip_frag_init");
hash_size = n;
}
void
ip_frag_exit(void)
{
if (fragtable) {
free(fragtable);
fragtable = NULL;
}
/* FIXME: do we need to free anything else? */
}
libnids-1.23/src/ip_fragment.h 0000600 0000764 0000764 00000000566 10425437110 017064 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#ifndef _NIDS_IP_FRAGMENT_H
#define _NIDS_IP_FRAGMENT_H
#define IPF_NOTF 1
#define IPF_NEW 2
#define IPF_ISF 3
void ip_frag_init(int);
void ip_frag_exit(void);
int ip_defrag_stub(struct ip *, struct ip **);
#endif /* _NIDS_IP_FRAGMENT_H */
libnids-1.23/src/ip_options.c 0000600 0000764 0000764 00000014034 07525262201 016746 0 ustar nergal nergal 0000000 0000000 /*
This file is taken from Linux 2.0.36 kernel source.
Modified in Jun 99 by Nergal.
*/
#include
#include
#define __u8 unsigned char
#define __u16 unsigned short
#define __u32 unsigned int
#define IPOPT_END 0
#define IPOPT_NOOP 1
#define IPOPT_SEC 130
#define IPOPT_LSRR 131
#define IPOPT_SSRR 137
#define IPOPT_RR 7
#define IPOPT_SID 136
#define IPOPT_TIMESTAMP 68
#define MAXTTL 255
struct timestamp {
__u8 len;
__u8 ptr;
#ifdef WORDS_BIGENDIAN
__u8 overflow:4, flags:4;
#else
__u8 flags:4, overflow:4;
#endif
__u32 data[9];
};
#define MAX_ROUTE 16
struct route {
char route_size;
char pointer;
unsigned long route[MAX_ROUTE];
};
#define IPOPT_OPTVAL 0
#define IPOPT_OLEN 1
#define IPOPT_OFFSET 2
#define IPOPT_MINOFF 4
#define MAX_IPOPTLEN 40
#define IPOPT_NOP IPOPT_NOOP
#define IPOPT_EOL IPOPT_END
#define IPOPT_TS IPOPT_TIMESTAMP
#define IPOPT_TS_TSONLY 0 /* timestamps only */
#define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
#define IPOPT_TS_PRESPEC 3 /* specified modules only */
struct options {
__u32 faddr; /* Saved first hop address */
unsigned char optlen;
unsigned char srr;
unsigned char rr;
unsigned char ts;
unsigned char is_setbyuser:1, /* Set by setsockopt? */
is_data:1, /* Options in __data, rather than skb */
is_strictroute:1, /* Strict source route */
srr_is_hit:1, /* Packet destination addr was our one */
is_changed:1, /* IP checksum more not valid */
rr_needaddr:1, /* Need to record addr of outgoing dev */
ts_needtime:1, /* Need to record timestamp */
ts_needaddr:1; /* Need to record addr of outgoing dev */
unsigned char __pad1;
unsigned char __pad2;
unsigned char __pad3;
unsigned char __data[0];
};
struct iphdr {
#ifdef WORDS_BIGENDIAN
__u8 version:4, ihl:4;
#else
__u8 ihl:4, version:4;
#endif
__u8 tos;
__u16 tot_len;
__u16 id;
__u16 frag_off;
__u8 ttl;
__u8 protocol;
__u16 check;
__u32 saddr;
__u32 daddr;
/* The options start here. */
};
#define ip_chk_addr(x) 0
int
ip_options_compile(unsigned char *iph)
{
int l;
unsigned char *optptr;
int optlen;
unsigned char *pp_ptr = 0;
char optholder[16];
struct options *opt;
int skb = 1;
int skb_pa_addr = 314159;
opt = (struct options *) optholder;
memset(opt, 0, sizeof(struct options));
opt->optlen = ((struct iphdr *) iph)->ihl * 4 - sizeof(struct iphdr);
optptr = iph + sizeof(struct iphdr);
opt->is_data = 0;
for (l = opt->optlen; l > 0;) {
switch (*optptr) {
case IPOPT_END:
for (optptr++, l--; l > 0; l--) {
if (*optptr != IPOPT_END) {
*optptr = IPOPT_END;
opt->is_changed = 1;
}
}
goto eol;
case IPOPT_NOOP:
l--;
optptr++;
continue;
}
optlen = optptr[1];
if (optlen < 2 || optlen > l) {
pp_ptr = optptr;
goto error;
}
switch (*optptr) {
case IPOPT_SSRR:
case IPOPT_LSRR:
if (optlen < 3) {
pp_ptr = optptr + 1;
goto error;
}
if (optptr[2] < 4) {
pp_ptr = optptr + 2;
goto error;
}
/* NB: cf RFC-1812 5.2.4.1 */
if (opt->srr) {
pp_ptr = optptr;
goto error;
}
if (!skb) {
if (optptr[2] != 4 || optlen < 7 || ((optlen - 3) & 3)) {
pp_ptr = optptr + 1;
goto error;
}
memcpy(&opt->faddr, &optptr[3], 4);
if (optlen > 7)
memmove(&optptr[3], &optptr[7], optlen - 7);
}
opt->is_strictroute = (optptr[0] == IPOPT_SSRR);
opt->srr = optptr - iph;
break;
case IPOPT_RR:
if (opt->rr) {
pp_ptr = optptr;
goto error;
}
if (optlen < 3) {
pp_ptr = optptr + 1;
goto error;
}
if (optptr[2] < 4) {
pp_ptr = optptr + 2;
goto error;
}
if (optptr[2] <= optlen) {
if (optptr[2] + 3 > optlen) {
pp_ptr = optptr + 2;
goto error;
}
if (skb) {
memcpy(&optptr[optptr[2] - 1], &skb_pa_addr, 4);
opt->is_changed = 1;
}
optptr[2] += 4;
opt->rr_needaddr = 1;
}
opt->rr = optptr - iph;
break;
case IPOPT_TIMESTAMP:
if (opt->ts) {
pp_ptr = optptr;
goto error;
}
if (optlen < 4) {
pp_ptr = optptr + 1;
goto error;
}
if (optptr[2] < 5) {
pp_ptr = optptr + 2;
goto error;
}
if (optptr[2] <= optlen) {
struct timestamp *ts = (struct timestamp *) (optptr + 1);
__u32 *timeptr = 0;
if (ts->ptr + 3 > ts->len) {
pp_ptr = optptr + 2;
goto error;
}
switch (ts->flags) {
case IPOPT_TS_TSONLY:
opt->ts = optptr - iph;
if (skb)
timeptr = (__u32 *) & optptr[ts->ptr - 1];
opt->ts_needtime = 1;
ts->ptr += 4;
break;
case IPOPT_TS_TSANDADDR:
if (ts->ptr + 7 > ts->len) {
pp_ptr = optptr + 2;
goto error;
}
opt->ts = optptr - iph;
if (skb) {
memcpy(&optptr[ts->ptr - 1], &skb_pa_addr, 4);
timeptr = (__u32 *) & optptr[ts->ptr + 3];
}
opt->ts_needaddr = 1;
opt->ts_needtime = 1;
ts->ptr += 8;
break;
case IPOPT_TS_PRESPEC:
if (ts->ptr + 7 > ts->len) {
pp_ptr = optptr + 2;
goto error;
}
opt->ts = optptr - iph;
{
__u32 addr;
memcpy(&addr, &optptr[ts->ptr - 1], 4);
if (ip_chk_addr(addr) == 0)
break;
if (skb)
timeptr = (__u32 *) & optptr[ts->ptr + 3];
}
opt->ts_needaddr = 1;
opt->ts_needtime = 1;
ts->ptr += 8;
break;
default:
pp_ptr = optptr + 3;
goto error;
}
if (timeptr) {
//struct timeval tv;
__u32 midtime = 1;
//do_gettimeofday(&tv);
//midtime = htonl((tv.tv_sec % 86400) * 1000 + tv.tv_usec / 1000);
memcpy(timeptr, &midtime, sizeof(__u32));
opt->is_changed = 1;
}
}
else {
struct timestamp *ts = (struct timestamp *) (optptr + 1);
if (ts->overflow == 15) {
pp_ptr = optptr + 3;
goto error;
}
opt->ts = optptr - iph;
if (skb) {
ts->overflow++;
opt->is_changed = 1;
}
}
break;
case IPOPT_SEC:
case IPOPT_SID:
default:
if (!skb) {
pp_ptr = optptr;
goto error;
}
break;
}
l -= optlen;
optptr += optlen;
}
eol:
if (!pp_ptr)
if (!((struct options *) optholder)->srr)
return 0;
error:
return -1;
}
libnids-1.23/src/killtcp.c 0000600 0000764 0000764 00000006433 10427722237 016236 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#include
#include
#include "tcp.h"
#include "util.h"
#include "nids.h"
#if LIBNET_VER == 0
#include
static int libnetsock = 0;
void nids_killtcp_seq(struct tcp_stream *a_tcp, int seqoff)
{
char buf[IP_H + TCP_H];
if (libnetsock == 0)
return;
libnet_build_ip(TCP_H, 0, 12345, 0, 64, IPPROTO_TCP, a_tcp->addr.saddr,
a_tcp->addr.daddr, 0, 0, buf);
libnet_build_tcp(a_tcp->addr.source, a_tcp->addr.dest,
a_tcp->client.first_data_seq +
a_tcp->server.count + a_tcp->server.urg_count +
(seqoff?(a_tcp->server.window/2):0),
0, 0x4, 32000, 0, 0, 0, buf + IP_H);
libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);
libnet_write_ip(libnetsock, buf, TCP_H + IP_H);
libnet_build_ip(TCP_H, 0, 12345, 0, 64, IPPROTO_TCP, a_tcp->addr.daddr,
a_tcp->addr.saddr, 0, 0, buf);
libnet_build_tcp(a_tcp->addr.dest, a_tcp->addr.source,
a_tcp->server.first_data_seq +
a_tcp->client.count + a_tcp->client.urg_count +
(seqoff?(a_tcp->client.window/2):0),
0, 0x4, 32000, 0, 0, 0, buf + IP_H);
libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);
libnet_write_ip(libnetsock, buf, TCP_H + IP_H);
}
void nids_killtcp(struct tcp_stream *a_tcp)
{
nids_killtcp_seq(a_tcp, 0);
nids_killtcp_seq(a_tcp, 1);
}
int raw_init()
{
libnetsock = libnet_open_raw_sock(IPPROTO_RAW);
if (libnetsock <= 0)
return 0;
else
return 1;
}
#elif LIBNET_VER == 1
#include
static libnet_ptag_t tcp_tag = LIBNET_PTAG_INITIALIZER,
ip_tag = LIBNET_PTAG_INITIALIZER;
static libnet_t *l = 0;
int raw_init()
{
char errbuf[1024];
l = libnet_init(LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (!l) {
printf("%s\n", errbuf);
return 0;
} else
return 1;
}
void nids_killtcp_seq(struct tcp_stream *a_tcp, int seqoff)
{
if (!l)
return;
tcp_tag = libnet_build_tcp(a_tcp->addr.source, a_tcp->addr.dest,
a_tcp->client.first_data_seq +
a_tcp->server.count + a_tcp->server.urg_count +
(seqoff?(a_tcp->server.window/2):0),
0, 0x4, 32000, 0, 0, LIBNET_TCP_H, NULL, 0, l, tcp_tag);
ip_tag =
libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, 0, 12345, 0, 64,
IPPROTO_TCP, 0, a_tcp->addr.saddr,
a_tcp->addr.daddr, 0, 0, l, ip_tag);
libnet_write(l);
tcp_tag = libnet_build_tcp(a_tcp->addr.dest, a_tcp->addr.source,
a_tcp->server.first_data_seq +
a_tcp->client.count + a_tcp->client.urg_count +
(seqoff?(a_tcp->client.window/2):0),
0, 0x4, 32000, 0,
0, LIBNET_TCP_H, NULL, 0, l, tcp_tag);
ip_tag =
libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, 0, 12345, 0, 64,
IPPROTO_TCP, 0, a_tcp->addr.daddr,
a_tcp->addr.saddr, 0, 0, l, ip_tag);
libnet_write(l);
}
void nids_killtcp(struct tcp_stream *a_tcp)
{
nids_killtcp_seq(a_tcp, 0);
nids_killtcp_seq(a_tcp, 1);
}
#elif LIBNET_VER == -1
static int initialized = 0;
int raw_init()
{
initialized = 1;
return 1;
}
void nids_killtcp(struct tcp_stream *a_tcp)
{
(void)a_tcp;
if (initialized)
abort();
}
#elif
#error Something wrong with LIBNET_VER
#endif
libnids-1.23/src/libnids.c 0000600 0000764 0000764 00000047161 10757253260 016224 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#if (HAVE_UNISTD_H)
#include
#endif
#include
#include "checksum.h"
#include "ip_fragment.h"
#include "scan.h"
#include "tcp.h"
#include "util.h"
#include "nids.h"
#ifdef HAVE_LIBGTHREAD_2_0
#include
#endif
#ifdef __linux__
extern int set_all_promisc();
#endif
#define int_ntoa(x) inet_ntoa(*((struct in_addr *)&x))
extern int ip_options_compile(char *);
extern int raw_init();
static void nids_syslog(int, int, struct ip *, void *);
static int nids_ip_filter(struct ip *, int);
static struct proc_node *ip_frag_procs;
static struct proc_node *ip_procs;
static struct proc_node *udp_procs;
struct proc_node *tcp_procs;
static int linktype;
static pcap_t *desc = NULL;
#ifdef HAVE_LIBGTHREAD_2_0
/* async queue for multiprocessing - mcree */
static GAsyncQueue *cap_queue;
/* items in the queue */
struct cap_queue_item {
void *data;
bpf_u_int32 caplen;
};
/* marks end of queue */
static struct cap_queue_item EOF_item;
/* error buffer for glib calls */
static GError *gerror = NULL;
#endif
char nids_errbuf[PCAP_ERRBUF_SIZE];
struct pcap_pkthdr * nids_last_pcap_header = NULL;
u_char *nids_last_pcap_data = NULL;
u_int nids_linkoffset = 0;
char *nids_warnings[] = {
"Murphy - you never should see this message !",
"Oversized IP packet",
"Invalid IP fragment list: fragment over size",
"Overlapping IP fragments",
"Invalid IP header",
"Source routed IP frame",
"Max number of TCP streams reached",
"Invalid TCP header",
"Too much data in TCP receive queue",
"Invalid TCP flags"
};
struct nids_prm nids_params = {
1040, /* n_tcp_streams */
256, /* n_hosts */
NULL, /* device */
NULL, /* filename */
168, /* sk_buff_size */
-1, /* dev_addon */
nids_syslog, /* syslog() */
LOG_ALERT, /* syslog_level */
256, /* scan_num_hosts */
3000, /* scan_delay */
10, /* scan_num_ports */
nids_no_mem, /* no_mem() */
nids_ip_filter, /* ip_filter() */
NULL, /* pcap_filter */
1, /* promisc */
0, /* one_loop_less */
1024, /* pcap_timeout */
0, /* multiproc */
20000, /* queue_limit */
0, /* tcp_workarounds */
NULL /* pcap_desc */
};
static int nids_ip_filter(struct ip *x, int len)
{
(void)x;
(void)len;
return 1;
}
static void nids_syslog(int type, int errnum, struct ip *iph, void *data)
{
char saddr[20], daddr[20];
char buf[1024];
struct host *this_host;
unsigned char flagsand = 255, flagsor = 0;
int i;
switch (type) {
case NIDS_WARN_IP:
if (errnum != NIDS_WARN_IP_HDR) {
strcpy(saddr, int_ntoa(iph->ip_src.s_addr));
strcpy(daddr, int_ntoa(iph->ip_dst.s_addr));
syslog(nids_params.syslog_level,
"%s, packet (apparently) from %s to %s\n",
nids_warnings[errnum], saddr, daddr);
} else
syslog(nids_params.syslog_level, "%s\n",
nids_warnings[errnum]);
break;
case NIDS_WARN_TCP:
strcpy(saddr, int_ntoa(iph->ip_src.s_addr));
strcpy(daddr, int_ntoa(iph->ip_dst.s_addr));
if (errnum != NIDS_WARN_TCP_HDR)
syslog(nids_params.syslog_level,
"%s,from %s:%hu to %s:%hu\n", nids_warnings[errnum],
saddr, ntohs(((struct tcphdr *) data)->th_sport), daddr,
ntohs(((struct tcphdr *) data)->th_dport));
else
syslog(nids_params.syslog_level, "%s,from %s to %s\n",
nids_warnings[errnum], saddr, daddr);
break;
case NIDS_WARN_SCAN:
this_host = (struct host *) data;
sprintf(buf, "Scan from %s. Scanned ports: ",
int_ntoa(this_host->addr));
for (i = 0; i < this_host->n_packets; i++) {
strcat(buf, int_ntoa(this_host->packets[i].addr));
sprintf(buf + strlen(buf), ":%hu,",
this_host->packets[i].port);
flagsand &= this_host->packets[i].flags;
flagsor |= this_host->packets[i].flags;
}
if (flagsand == flagsor) {
i = flagsand;
switch (flagsand) {
case 2:
strcat(buf, "scan type: SYN");
break;
case 0:
strcat(buf, "scan type: NULL");
break;
case 1:
strcat(buf, "scan type: FIN");
break;
default:
sprintf(buf + strlen(buf), "flags=0x%x", i);
}
} else
strcat(buf, "various flags");
syslog(nids_params.syslog_level, "%s", buf);
break;
default:
syslog(nids_params.syslog_level, "Unknown warning number ?\n");
}
}
/* called either directly from pcap_hand() or from cap_queue_process_thread()
* depending on the value of nids_params.multiproc - mcree
*/
static void call_ip_frag_procs(void *data,bpf_u_int32 caplen)
{
struct proc_node *i;
for (i = ip_frag_procs; i; i = i->next)
(i->item) (data, caplen);
}
/* wireless frame types, mostly from tcpdump (wam) */
#define FC_TYPE(fc) (((fc) >> 2) & 0x3)
#define FC_SUBTYPE(fc) (((fc) >> 4) & 0xF)
#define DATA_FRAME_IS_QOS(x) ((x) & 0x08)
#define FC_WEP(fc) ((fc) & 0x4000)
#define FC_TO_DS(fc) ((fc) & 0x0100)
#define FC_FROM_DS(fc) ((fc) & 0x0200)
#define T_MGMT 0x0 /* management */
#define T_CTRL 0x1 /* control */
#define T_DATA 0x2 /* data */
#define T_RESV 0x3 /* reserved */
#define EXTRACT_LE_16BITS(p) \
((unsigned short)*((const unsigned char *)(p) + 1) << 8 | \
(unsigned short)*((const unsigned char *)(p) + 0))
#define EXTRACT_16BITS(p) ((unsigned short)ntohs(*(const unsigned short *)(p)))
#define LLC_FRAME_SIZE 8
#define LLC_OFFSET_TO_TYPE_FIELD 6
#define ETHERTYPE_IP 0x0800
void nids_pcap_handler(u_char * par, struct pcap_pkthdr *hdr, u_char * data)
{
u_char *data_aligned;
#ifdef HAVE_LIBGTHREAD_2_0
struct cap_queue_item *qitem;
#endif
#ifdef DLT_IEEE802_11
unsigned short fc;
int linkoffset_tweaked_by_prism_code = 0;
int linkoffset_tweaked_by_radio_code = 0;
#endif
/*
* Check for savagely closed TCP connections. Might
* happen only when nids_params.tcp_workarounds is non-zero;
* otherwise nids_tcp_timeouts is always NULL.
*/
if (NULL != nids_tcp_timeouts)
tcp_check_timeouts(&hdr->ts);
nids_last_pcap_header = hdr;
nids_last_pcap_data = data;
(void)par; /* warnings... */
switch (linktype) {
case DLT_EN10MB:
if (hdr->caplen < 14)
return;
/* Only handle IP packets and 802.1Q VLAN tagged packets below. */
if (data[12] == 8 && data[13] == 0) {
/* Regular ethernet */
nids_linkoffset = 14;
} else if (data[12] == 0x81 && data[13] == 0) {
/* Skip 802.1Q VLAN and priority information */
nids_linkoffset = 18;
} else
/* non-ip frame */
return;
break;
#ifdef DLT_PRISM_HEADER
#ifndef DLT_IEEE802_11
#error DLT_PRISM_HEADER is defined, but DLT_IEEE802_11 is not ???
#endif
case DLT_PRISM_HEADER:
nids_linkoffset = 144; //sizeof(prism2_hdr);
linkoffset_tweaked_by_prism_code = 1;
//now let DLT_IEEE802_11 do the rest
#endif
#ifdef DLT_IEEE802_11_RADIO
case DLT_IEEE802_11_RADIO:
// just get rid of the radio tap header
if (!linkoffset_tweaked_by_prism_code) {
nids_linkoffset = 25; // sizeof(radio tap header)
linkoffset_tweaked_by_radio_code = 1;
}
//now let DLT_IEEE802_11 do the rest
#endif
#ifdef DLT_IEEE802_11
case DLT_IEEE802_11:
/* I don't know why frame control is always little endian, but it
* works for tcpdump, so who am I to complain? (wam)
*/
if (!linkoffset_tweaked_by_prism_code && !linkoffset_tweaked_by_radio_code)
nids_linkoffset = 0;
fc = EXTRACT_LE_16BITS(data + nids_linkoffset);
if (FC_TYPE(fc) != T_DATA || FC_WEP(fc)) {
return;
}
if (FC_TO_DS(fc) && FC_FROM_DS(fc)) {
/* a wireless distribution system packet will have another
* MAC addr in the frame
*/
nids_linkoffset += 30;
} else {
nids_linkoffset += 24;
}
if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc)))
nids_linkoffset += 2;
if (hdr->len < nids_linkoffset + LLC_FRAME_SIZE)
return;
if (ETHERTYPE_IP !=
EXTRACT_16BITS(data + nids_linkoffset + LLC_OFFSET_TO_TYPE_FIELD)) {
/* EAP, LEAP, and other 802.11 enhancements can be
* encapsulated within a data packet too. Look only at
* encapsulated IP packets (Type field of the LLC frame).
*/
return;
}
nids_linkoffset += LLC_FRAME_SIZE;
break;
#endif
default:;
}
if (hdr->caplen < nids_linkoffset)
return;
/*
* sure, memcpy costs. But many EXTRACT_{SHORT, LONG} macros cost, too.
* Anyway, libpcap tries to ensure proper layer 3 alignment (look for
* handle->offset in pcap sources), so memcpy should not be called.
*/
#ifdef LBL_ALIGN
if ((unsigned long) (data + nids_linkoffset) & 0x3) {
data_aligned = alloca(hdr->caplen - nids_linkoffset + 4);
data_aligned -= (unsigned long) data_aligned % 4;
memcpy(data_aligned, data + nids_linkoffset, hdr->caplen - nids_linkoffset);
} else
#endif
data_aligned = data + nids_linkoffset;
#ifdef HAVE_LIBGTHREAD_2_0
if(nids_params.multiproc) {
/*
* Insert received fragment into the async capture queue.
* We hope that the overhead of memcpy
* will be saturated by the benefits of SMP - mcree
*/
qitem=malloc(sizeof(struct cap_queue_item));
if (qitem && (qitem->data=malloc(hdr->caplen - nids_linkoffset))) {
qitem->caplen=hdr->caplen - nids_linkoffset;
memcpy(qitem->data,data_aligned,qitem->caplen);
g_async_queue_lock(cap_queue);
/* ensure queue does not overflow */
if(g_async_queue_length_unlocked(cap_queue) > nids_params.queue_limit) {
/* queue limit reached: drop packet - should we notify user via syslog? */
free(qitem->data);
free(qitem);
} else {
/* insert packet to queue */
g_async_queue_push_unlocked(cap_queue,qitem);
}
g_async_queue_unlock(cap_queue);
}
} else { /* user requested simple passthru - no threading */
call_ip_frag_procs(data_aligned,hdr->caplen - nids_linkoffset);
}
#else
call_ip_frag_procs(data_aligned,hdr->caplen - nids_linkoffset);
#endif
}
static void gen_ip_frag_proc(u_char * data, int len)
{
struct proc_node *i;
struct ip *iph = (struct ip *) data;
int need_free = 0;
int skblen;
void (*glibc_syslog_h_workaround)(int, int, struct ip *, void*)=
nids_params.syslog;
if (!nids_params.ip_filter(iph, len))
return;
if (len < (int)sizeof(struct ip) || iph->ip_hl < 5 || iph->ip_v != 4 ||
ip_fast_csum((unsigned char *) iph, iph->ip_hl) != 0 ||
len < ntohs(iph->ip_len) || ntohs(iph->ip_len) < iph->ip_hl << 2) {
glibc_syslog_h_workaround(NIDS_WARN_IP, NIDS_WARN_IP_HDR, iph, 0);
return;
}
if (iph->ip_hl > 5 && ip_options_compile(data)) {
glibc_syslog_h_workaround(NIDS_WARN_IP, NIDS_WARN_IP_SRR, iph, 0);
return;
}
switch (ip_defrag_stub((struct ip *) data, &iph)) {
case IPF_ISF:
return;
case IPF_NOTF:
need_free = 0;
iph = (struct ip *) data;
break;
case IPF_NEW:
need_free = 1;
break;
default:;
}
skblen = ntohs(iph->ip_len) + 16;
if (!need_free)
skblen += nids_params.dev_addon;
skblen = (skblen + 15) & ~15;
skblen += nids_params.sk_buff_size;
for (i = ip_procs; i; i = i->next)
(i->item) (iph, skblen);
if (need_free)
free(iph);
}
#if HAVE_BSD_UDPHDR
#define UH_ULEN uh_ulen
#define UH_SPORT uh_sport
#define UH_DPORT uh_dport
#else
#define UH_ULEN len
#define UH_SPORT source
#define UH_DPORT dest
#endif
static void process_udp(char *data)
{
struct proc_node *ipp = udp_procs;
struct ip *iph = (struct ip *) data;
struct udphdr *udph;
struct tuple4 addr;
int hlen = iph->ip_hl << 2;
int len = ntohs(iph->ip_len);
int ulen;
if (len - hlen < (int)sizeof(struct udphdr))
return;
udph = (struct udphdr *) (data + hlen);
ulen = ntohs(udph->UH_ULEN);
if (len - hlen < ulen || ulen < (int)sizeof(struct udphdr))
return;
/* According to RFC768 a checksum of 0 is not an error (Sebastien Raveau) */
if (udph->uh_sum && my_udp_check
((void *) udph, ulen, iph->ip_src.s_addr,
iph->ip_dst.s_addr)) return;
addr.source = ntohs(udph->UH_SPORT);
addr.dest = ntohs(udph->UH_DPORT);
addr.saddr = iph->ip_src.s_addr;
addr.daddr = iph->ip_dst.s_addr;
while (ipp) {
ipp->item(&addr, ((char *) udph) + sizeof(struct udphdr),
ulen - sizeof(struct udphdr), data);
ipp = ipp->next;
}
}
static void gen_ip_proc(u_char * data, int skblen)
{
switch (((struct ip *) data)->ip_p) {
case IPPROTO_TCP:
process_tcp(data, skblen);
break;
case IPPROTO_UDP:
process_udp(data);
break;
case IPPROTO_ICMP:
if (nids_params.n_tcp_streams)
process_icmp(data);
break;
default:
break;
}
}
static void init_procs()
{
ip_frag_procs = mknew(struct proc_node);
ip_frag_procs->item = gen_ip_frag_proc;
ip_frag_procs->next = 0;
ip_procs = mknew(struct proc_node);
ip_procs->item = gen_ip_proc;
ip_procs->next = 0;
tcp_procs = 0;
udp_procs = 0;
}
void nids_register_udp(void (*x))
{
register_callback(&udp_procs, x);
}
void nids_unregister_udp(void (*x))
{
unregister_callback(&udp_procs, x);
}
void nids_register_ip(void (*x))
{
register_callback(&ip_procs, x);
}
void nids_unregister_ip(void (*x))
{
unregister_callback(&ip_procs, x);
}
void nids_register_ip_frag(void (*x))
{
register_callback(&ip_frag_procs, x);
}
void nids_unregister_ip_frag(void (*x))
{
unregister_callback(&ip_frag_procs, x);
}
static int open_live()
{
char *device;
int promisc = 0;
if (nids_params.device == NULL)
nids_params.device = pcap_lookupdev(nids_errbuf);
if (nids_params.device == NULL)
return 0;
device = nids_params.device;
if (!strcmp(device, "all"))
device = "any";
else
promisc = (nids_params.promisc != 0);
if ((desc = pcap_open_live(device, 16384, promisc,
nids_params.pcap_timeout, nids_errbuf)) == NULL)
return 0;
#ifdef __linux__
if (!strcmp(device, "any") && nids_params.promisc
&& !set_all_promisc()) {
nids_errbuf[0] = 0;
strncat(nids_errbuf, strerror(errno), sizeof(nids_errbuf) - 1);
return 0;
}
#endif
if (!raw_init()) {
nids_errbuf[0] = 0;
strncat(nids_errbuf, strerror(errno), sizeof(nids_errbuf) - 1);
return 0;
}
return 1;
}
#ifdef HAVE_LIBGTHREAD_2_0
#define START_CAP_QUEUE_PROCESS_THREAD() \
if(nids_params.multiproc) { /* threading... */ \
if(!(g_thread_create_full((GThreadFunc)cap_queue_process_thread,NULL,0,FALSE,TRUE,G_THREAD_PRIORITY_LOW,&gerror))) { \
strcpy(nids_errbuf, "thread: "); \
strncat(nids_errbuf, gerror->message, sizeof(nids_errbuf) - 8); \
return 0; \
}; \
}
#define STOP_CAP_QUEUE_PROCESS_THREAD() \
if(nids_params.multiproc) { /* stop the capture process thread */ \
g_async_queue_push(cap_queue,&EOF_item); \
}
/* thread entry point
* pops capture queue items and feeds them to
* the ip fragment processors - mcree
*/
static void cap_queue_process_thread()
{
struct cap_queue_item *qitem;
while(1) { /* loop "forever" */
qitem=g_async_queue_pop(cap_queue);
if (qitem==&EOF_item) break; /* EOF item received: we should exit */
call_ip_frag_procs(qitem->data,qitem->caplen);
free(qitem->data);
free(qitem);
}
g_thread_exit(NULL);
}
#else
#define START_CAP_QUEUE_PROCESS_THREAD()
#define STOP_CAP_QUEUE_PROCESS_THREAD()
#endif
int nids_init()
{
/* free resources that previous usages might have allocated */
nids_exit();
if (nids_params.pcap_desc)
desc = nids_params.pcap_desc;
else if (nids_params.filename) {
if ((desc = pcap_open_offline(nids_params.filename,
nids_errbuf)) == NULL)
return 0;
} else if (!open_live())
return 0;
if (nids_params.pcap_filter != NULL) {
u_int mask = 0;
struct bpf_program fcode;
if (pcap_compile(desc, &fcode, nids_params.pcap_filter, 1, mask) <
0) return 0;
if (pcap_setfilter(desc, &fcode) == -1)
return 0;
}
switch ((linktype = pcap_datalink(desc))) {
#ifdef DLT_IEEE802_11
#ifdef DLT_PRISM_HEADER
case DLT_PRISM_HEADER:
#endif
#ifdef DLT_IEEE802_11_RADIO
case DLT_IEEE802_11_RADIO:
#endif
case DLT_IEEE802_11:
/* wireless, need to calculate offset per frame */
break;
#endif
#ifdef DLT_NULL
case DLT_NULL:
nids_linkoffset = 4;
break;
#endif
case DLT_EN10MB:
nids_linkoffset = 14;
break;
case DLT_PPP:
nids_linkoffset = 4;
break;
/* Token Ring Support by vacuum@technotronic.com, thanks dugsong! */
case DLT_IEEE802:
nids_linkoffset = 22;
break;
case DLT_RAW:
case DLT_SLIP:
nids_linkoffset = 0;
break;
#define DLT_LINUX_SLL 113
case DLT_LINUX_SLL:
nids_linkoffset = 16;
break;
#ifdef DLT_FDDI
case DLT_FDDI:
nids_linkoffset = 21;
break;
#endif
#ifdef DLT_PPP_SERIAL
case DLT_PPP_SERIAL:
nids_linkoffset = 4;
break;
#endif
default:
strcpy(nids_errbuf, "link type unknown");
return 0;
}
if (nids_params.dev_addon == -1) {
if (linktype == DLT_EN10MB)
nids_params.dev_addon = 16;
else
nids_params.dev_addon = 0;
}
if (nids_params.syslog == nids_syslog)
openlog("libnids", 0, LOG_LOCAL0);
init_procs();
tcp_init(nids_params.n_tcp_streams);
ip_frag_init(nids_params.n_hosts);
scan_init();
if(nids_params.multiproc) {
#ifdef HAVE_LIBGTHREAD_2_0
g_thread_init(NULL);
cap_queue=g_async_queue_new();
#else
strcpy(nids_errbuf, "libnids was compiled without threads support");
return 0;
#endif
}
return 1;
}
int nids_run()
{
if (!desc) {
strcpy(nids_errbuf, "Libnids not initialized");
return 0;
}
START_CAP_QUEUE_PROCESS_THREAD(); /* threading... */
pcap_loop(desc, -1, (pcap_handler) nids_pcap_handler, 0);
/* FIXME: will this code ever be called? Don't think so - mcree */
STOP_CAP_QUEUE_PROCESS_THREAD();
nids_exit();
return 0;
}
void nids_exit()
{
if (!desc) {
strcpy(nids_errbuf, "Libnids not initialized");
return;
}
#ifdef HAVE_LIBGTHREAD_2_0
if (nids_params.multiproc) {
/* I have no portable sys_sched_yield,
and I don't want to add more synchronization...
*/
while (g_async_queue_length(cap_queue)>0)
usleep(100000);
}
#endif
tcp_exit();
ip_frag_exit();
scan_exit();
strcpy(nids_errbuf, "loop: ");
strncat(nids_errbuf, pcap_geterr(desc), sizeof nids_errbuf - 7);
if (!nids_params.pcap_desc)
pcap_close(desc);
desc = NULL;
}
int nids_getfd()
{
if (!desc) {
strcpy(nids_errbuf, "Libnids not initialized");
return -1;
}
return pcap_fileno(desc);
}
int nids_next()
{
struct pcap_pkthdr h;
char *data;
if (!desc) {
strcpy(nids_errbuf, "Libnids not initialized");
return 0;
}
if (!(data = (char *) pcap_next(desc, &h))) {
strcpy(nids_errbuf, "next: ");
strncat(nids_errbuf, pcap_geterr(desc), sizeof(nids_errbuf) - 7);
return 0;
}
/* threading is quite useless (harmful) in this case - should we do an API change? */
START_CAP_QUEUE_PROCESS_THREAD();
nids_pcap_handler(0, &h, data);
STOP_CAP_QUEUE_PROCESS_THREAD();
return 1;
}
int nids_dispatch(int cnt)
{
int r;
if (!desc) {
strcpy(nids_errbuf, "Libnids not initialized");
return -1;
}
START_CAP_QUEUE_PROCESS_THREAD(); /* threading... */
if ((r = pcap_dispatch(desc, cnt, (pcap_handler) nids_pcap_handler,
NULL)) == -1) {
strcpy(nids_errbuf, "dispatch: ");
strncat(nids_errbuf, pcap_geterr(desc), sizeof(nids_errbuf) - 11);
}
STOP_CAP_QUEUE_PROCESS_THREAD();
return r;
}
libnids-1.23/src/scan.c 0000600 0000764 0000764 00000005753 10425437110 015513 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include "nids.h"
#include "scan.h"
static struct host **hashhost;
static int time0;
static int timenow;
static int
gettime()
{
struct timeval tv;
if (timenow)
return timenow;
gettimeofday(&tv, 0);
timenow = (tv.tv_sec - time0) * 1000 + tv.tv_usec / 1000;
return timenow;
}
void
scan_init(void)
{
struct timeval tv;
if (nids_params.scan_num_hosts > 0) {
gettimeofday(&tv, 0);
time0 = tv.tv_sec;
hashhost = (struct host **) calloc(nids_params.scan_num_hosts, sizeof(struct host *));
if (!hashhost)
nids_params.no_mem("scan_init");
}
}
void
scan_exit(void)
{
if (hashhost) {
free(hashhost);
hashhost = NULL;
}
}
static int
scan_hash(int addr)
{
return ((addr % 65536) ^ (addr >> 16)) % (nids_params.scan_num_hosts);
}
void
detect_scan(struct ip * iph)
{
int i;
struct tcphdr *th;
int hash;
struct host *this_host;
struct host *oldest;
int mtime = 2147483647;
if (nids_params.scan_num_hosts <= 0)
return;
th = (struct tcphdr *) (((char *) iph) + 4 * iph->ip_hl);
hash = scan_hash(iph->ip_src.s_addr);
this_host = hashhost[hash];
oldest = 0;
timenow = 0;
for (i = 0; this_host && this_host->addr != iph->ip_src.s_addr; i++) {
if (this_host->modtime < mtime) {
mtime = this_host->modtime;
oldest = this_host;
}
this_host = this_host->next;
}
if (!this_host) {
if (i == 10)
this_host = oldest;
else {
this_host = (struct host *) malloc(sizeof(struct host) + \
(nids_params.scan_num_ports + 1) * sizeof(struct scan));
if (!this_host)
nids_params.no_mem("detect_scan");
this_host->packets = (struct scan *) (((char *) this_host) + sizeof(struct host));
if (hashhost[hash]) {
hashhost[hash]->prev = this_host;
this_host->next = hashhost[hash];
}
else
this_host->next = 0;
this_host->prev = 0;
hashhost[hash] = this_host;
}
this_host->addr = iph->ip_src.s_addr;
this_host->modtime = gettime();
this_host->n_packets = 0;
}
if (this_host->modtime - gettime() > nids_params.scan_delay)
this_host->n_packets = 0;
this_host->modtime = gettime();
for (i = 0; i < this_host->n_packets; i++)
if (this_host->packets[i].addr == iph->ip_dst.s_addr &&
this_host->packets[i].port == ntohs(th->th_dport))
return;
this_host->packets[this_host->n_packets].addr = iph->ip_dst.s_addr;
this_host->packets[this_host->n_packets].port = ntohs(th->th_dport);
this_host->packets[this_host->n_packets].flags = *((unsigned char *) (th) + 13);
this_host->n_packets++;
if (this_host->n_packets > nids_params.scan_num_ports) {
nids_params.syslog(NIDS_WARN_SCAN, 0, 0, this_host);
this_host->n_packets = 0;
}
}
libnids-1.23/src/scan.h 0000600 0000764 0000764 00000000734 10425437110 015512 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#ifndef _NIDS_SCAN_H
#define _NIDS_SCAN_H
struct scan {
u_int addr;
unsigned short port;
u_char flags;
};
struct host {
struct host *next;
struct host *prev;
u_int addr;
int modtime;
int n_packets;
struct scan *packets;
};
void scan_init(void);
void scan_exit(void);
void detect_scan(struct ip *);
#endif /* _NIDS_SCAN_H */
libnids-1.23/src/tcp.c 0000600 0000764 0000764 00000064330 10757251100 015352 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "checksum.h"
#include "scan.h"
#include "tcp.h"
#include "util.h"
#include "nids.h"
#include "hash.h"
#if ! HAVE_TCP_STATES
enum {
TCP_ESTABLISHED = 1,
TCP_SYN_SENT,
TCP_SYN_RECV,
TCP_FIN_WAIT1,
TCP_FIN_WAIT2,
TCP_TIME_WAIT,
TCP_CLOSE,
TCP_CLOSE_WAIT,
TCP_LAST_ACK,
TCP_LISTEN,
TCP_CLOSING /* now a valid state */
};
#endif
#define FIN_SENT 120
#define FIN_CONFIRMED 121
#define COLLECT_cc 1
#define COLLECT_sc 2
#define COLLECT_ccu 4
#define COLLECT_scu 8
#define EXP_SEQ (snd->first_data_seq + rcv->count + rcv->urg_count)
extern struct proc_node *tcp_procs;
static struct tcp_stream **tcp_stream_table;
static struct tcp_stream *streams_pool;
static int tcp_num = 0;
static int tcp_stream_table_size;
static int max_stream;
static struct tcp_stream *tcp_latest = 0, *tcp_oldest = 0;
static struct tcp_stream *free_streams;
static struct ip *ugly_iphdr;
struct tcp_timeout *nids_tcp_timeouts = 0;
static void purge_queue(struct half_stream * h)
{
struct skbuff *tmp, *p = h->list;
while (p) {
free(p->data);
tmp = p->next;
free(p);
p = tmp;
}
h->list = h->listtail = 0;
h->rmem_alloc = 0;
}
static void
add_tcp_closing_timeout(struct tcp_stream * a_tcp)
{
struct tcp_timeout *to;
struct tcp_timeout *newto;
if (!nids_params.tcp_workarounds)
return;
newto = malloc(sizeof (struct tcp_timeout));
if (!newto)
nids_params.no_mem("add_tcp_closing_timeout");
newto->a_tcp = a_tcp;
newto->timeout.tv_sec = nids_last_pcap_header->ts.tv_sec + 10;
newto->prev = 0;
for (newto->next = to = nids_tcp_timeouts; to; newto->next = to = to->next) {
if (to->a_tcp == a_tcp) {
free(newto);
return;
}
if (to->timeout.tv_sec > newto->timeout.tv_sec)
break;
newto->prev = to;
}
if (!newto->prev)
nids_tcp_timeouts = newto;
else
newto->prev->next = newto;
if (newto->next)
newto->next->prev = newto;
}
static void
del_tcp_closing_timeout(struct tcp_stream * a_tcp)
{
struct tcp_timeout *to;
if (!nids_params.tcp_workarounds)
return;
for (to = nids_tcp_timeouts; to; to = to->next)
if (to->a_tcp == a_tcp)
break;
if (!to)
return;
if (!to->prev)
nids_tcp_timeouts = to->next;
else
to->prev->next = to->next;
if (to->next)
to->next->prev = to->prev;
free(to);
}
void
nids_free_tcp_stream(struct tcp_stream * a_tcp)
{
int hash_index = a_tcp->hash_index;
struct lurker_node *i, *j;
del_tcp_closing_timeout(a_tcp);
purge_queue(&a_tcp->server);
purge_queue(&a_tcp->client);
if (a_tcp->next_node)
a_tcp->next_node->prev_node = a_tcp->prev_node;
if (a_tcp->prev_node)
a_tcp->prev_node->next_node = a_tcp->next_node;
else
tcp_stream_table[hash_index] = a_tcp->next_node;
if (a_tcp->client.data)
free(a_tcp->client.data);
if (a_tcp->server.data)
free(a_tcp->server.data);
if (a_tcp->next_time)
a_tcp->next_time->prev_time = a_tcp->prev_time;
if (a_tcp->prev_time)
a_tcp->prev_time->next_time = a_tcp->next_time;
if (a_tcp == tcp_oldest)
tcp_oldest = a_tcp->prev_time;
if (a_tcp == tcp_latest)
tcp_latest = a_tcp->next_time;
i = a_tcp->listeners;
while (i) {
j = i->next;
free(i);
i = j;
}
a_tcp->next_free = free_streams;
free_streams = a_tcp;
tcp_num--;
}
void
tcp_check_timeouts(struct timeval *now)
{
struct tcp_timeout *to;
struct tcp_timeout *next;
struct lurker_node *i;
for (to = nids_tcp_timeouts; to; to = next) {
if (now->tv_sec < to->timeout.tv_sec)
return;
to->a_tcp->nids_state = NIDS_TIMED_OUT;
for (i = to->a_tcp->listeners; i; i = i->next)
(i->item) (to->a_tcp, &i->data);
next = to->next;
nids_free_tcp_stream(to->a_tcp);
}
}
static int
mk_hash_index(struct tuple4 addr)
{
int hash=mkhash(addr.saddr, addr.source, addr.daddr, addr.dest);
return hash % tcp_stream_table_size;
}
static int get_ts(struct tcphdr * this_tcphdr, unsigned int * ts)
{
int len = 4 * this_tcphdr->th_off;
unsigned int tmp_ts;
unsigned char * options = (char*)(this_tcphdr + 1);
int ind = 0, ret = 0;
while (ind <= len - (int)sizeof (struct tcphdr) - 10 )
switch (options[ind]) {
case 0: /* TCPOPT_EOL */
return ret;
case 1: /* TCPOPT_NOP */
ind++;
continue;
case 8: /* TCPOPT_TIMESTAMP */
memcpy((char*)&tmp_ts, options + ind + 2, 4);
*ts=ntohl(tmp_ts);
ret = 1;
/* no break, intentionally */
default:
if (options[ind+1] < 2 ) /* "silly option" */
return ret;
ind += options[ind+1];
}
return ret;
}
static int get_wscale(struct tcphdr * this_tcphdr, unsigned int * ws)
{
int len = 4 * this_tcphdr->th_off;
unsigned int tmp_ws;
unsigned char * options = (char*)(this_tcphdr + 1);
int ind = 0, ret = 0;
*ws=1;
while (ind <= len - (int)sizeof (struct tcphdr) - 3 )
switch (options[ind]) {
case 0: /* TCPOPT_EOL */
return ret;
case 1: /* TCPOPT_NOP */
ind++;
continue;
case 3: /* TCPOPT_WSCALE */
tmp_ws=options[ind+2];
if (tmp_ws>14)
tmp_ws=14;
*ws=1<th_sport);
addr.dest = ntohs(this_tcphdr->th_dport);
addr.saddr = this_iphdr->ip_src.s_addr;
addr.daddr = this_iphdr->ip_dst.s_addr;
hash_index = mk_hash_index(addr);
if (tcp_num > max_stream) {
struct lurker_node *i;
int orig_client_state=tcp_oldest->client.state;
tcp_oldest->nids_state = NIDS_TIMED_OUT;
for (i = tcp_oldest->listeners; i; i = i->next)
(i->item) (tcp_oldest, &i->data);
nids_free_tcp_stream(tcp_oldest);
if (orig_client_state!=TCP_SYN_SENT)
nids_params.syslog(NIDS_WARN_TCP, NIDS_WARN_TCP_TOOMUCH, ugly_iphdr, this_tcphdr);
}
a_tcp = free_streams;
if (!a_tcp) {
fprintf(stderr, "gdb me ...\n");
pause();
}
free_streams = a_tcp->next_free;
tcp_num++;
tolink = tcp_stream_table[hash_index];
memset(a_tcp, 0, sizeof(struct tcp_stream));
a_tcp->hash_index = hash_index;
a_tcp->addr = addr;
a_tcp->client.state = TCP_SYN_SENT;
a_tcp->client.seq = ntohl(this_tcphdr->th_seq) + 1;
a_tcp->client.first_data_seq = a_tcp->client.seq;
a_tcp->client.window = ntohs(this_tcphdr->th_win);
a_tcp->client.ts_on = get_ts(this_tcphdr, &a_tcp->client.curr_ts);
a_tcp->client.wscale_on = get_wscale(this_tcphdr, &a_tcp->client.wscale);
a_tcp->server.state = TCP_CLOSE;
a_tcp->next_node = tolink;
a_tcp->prev_node = 0;
if (tolink)
tolink->prev_node = a_tcp;
tcp_stream_table[hash_index] = a_tcp;
a_tcp->next_time = tcp_latest;
a_tcp->prev_time = 0;
if (!tcp_oldest)
tcp_oldest = a_tcp;
if (tcp_latest)
tcp_latest->prev_time = a_tcp;
tcp_latest = a_tcp;
}
static void
add2buf(struct half_stream * rcv, char *data, int datalen)
{
int toalloc;
if (datalen + rcv->count - rcv->offset > rcv->bufsize) {
if (!rcv->data) {
if (datalen < 2048)
toalloc = 4096;
else
toalloc = datalen * 2;
rcv->data = malloc(toalloc);
rcv->bufsize = toalloc;
}
else {
if (datalen < rcv->bufsize)
toalloc = 2 * rcv->bufsize;
else
toalloc = rcv->bufsize + 2*datalen;
rcv->data = realloc(rcv->data, toalloc);
rcv->bufsize = toalloc;
}
if (!rcv->data)
nids_params.no_mem("add2buf");
}
memcpy(rcv->data + rcv->count - rcv->offset, data, datalen);
rcv->count_new = datalen;
rcv->count += datalen;
}
static void
ride_lurkers(struct tcp_stream * a_tcp, char mask)
{
struct lurker_node *i;
char cc, sc, ccu, scu;
for (i = a_tcp->listeners; i; i = i->next)
if (i->whatto & mask) {
cc = a_tcp->client.collect;
sc = a_tcp->server.collect;
ccu = a_tcp->client.collect_urg;
scu = a_tcp->server.collect_urg;
(i->item) (a_tcp, &i->data);
if (cc < a_tcp->client.collect)
i->whatto |= COLLECT_cc;
if (ccu < a_tcp->client.collect_urg)
i->whatto |= COLLECT_ccu;
if (sc < a_tcp->server.collect)
i->whatto |= COLLECT_sc;
if (scu < a_tcp->server.collect_urg)
i->whatto |= COLLECT_scu;
if (cc > a_tcp->client.collect)
i->whatto &= ~COLLECT_cc;
if (ccu > a_tcp->client.collect_urg)
i->whatto &= ~COLLECT_ccu;
if (sc > a_tcp->server.collect)
i->whatto &= ~COLLECT_sc;
if (scu > a_tcp->server.collect_urg)
i->whatto &= ~COLLECT_scu;
}
}
static void
notify(struct tcp_stream * a_tcp, struct half_stream * rcv)
{
struct lurker_node *i, **prev_addr;
char mask;
if (rcv->count_new_urg) {
if (!rcv->collect_urg)
return;
if (rcv == &a_tcp->client)
mask = COLLECT_ccu;
else
mask = COLLECT_scu;
ride_lurkers(a_tcp, mask);
goto prune_listeners;
}
if (rcv->collect) {
if (rcv == &a_tcp->client)
mask = COLLECT_cc;
else
mask = COLLECT_sc;
do {
int total;
a_tcp->read = rcv->count - rcv->offset;
total=a_tcp->read;
ride_lurkers(a_tcp, mask);
if (a_tcp->read>total-rcv->count_new)
rcv->count_new=total-a_tcp->read;
if (a_tcp->read > 0) {
memmove(rcv->data, rcv->data + a_tcp->read, rcv->count - rcv->offset - a_tcp->read);
rcv->offset += a_tcp->read;
}
}while (nids_params.one_loop_less && a_tcp->read>0 && rcv->count_new);
// we know that if one_loop_less!=0, we have only one callback to notify
rcv->count_new=0;
}
prune_listeners:
prev_addr = &a_tcp->listeners;
i = a_tcp->listeners;
while (i)
if (!i->whatto) {
*prev_addr = i->next;
free(i);
i = *prev_addr;
}
else {
prev_addr = &i->next;
i = i->next;
}
}
static void
add_from_skb(struct tcp_stream * a_tcp, struct half_stream * rcv,
struct half_stream * snd,
u_char *data, int datalen,
u_int this_seq, char fin, char urg, u_int urg_ptr)
{
u_int lost = EXP_SEQ - this_seq;
int to_copy, to_copy2;
if (urg && after(urg_ptr, EXP_SEQ - 1) &&
(!rcv->urg_seen || after(urg_ptr, rcv->urg_ptr))) {
rcv->urg_ptr = urg_ptr;
rcv->urg_seen = 1;
}
if (rcv->urg_seen && after(rcv->urg_ptr + 1, this_seq + lost) &&
before(rcv->urg_ptr, this_seq + datalen)) {
to_copy = rcv->urg_ptr - (this_seq + lost);
if (to_copy > 0) {
if (rcv->collect) {
add2buf(rcv, data + lost, to_copy);
notify(a_tcp, rcv);
}
else {
rcv->count += to_copy;
rcv->offset = rcv->count; /* clear the buffer */
}
}
rcv->urgdata = data[rcv->urg_ptr - this_seq];
rcv->count_new_urg = 1;
notify(a_tcp, rcv);
rcv->count_new_urg = 0;
rcv->urg_seen = 0;
rcv->urg_count++;
to_copy2 = this_seq + datalen - rcv->urg_ptr - 1;
if (to_copy2 > 0) {
if (rcv->collect) {
add2buf(rcv, data + lost + to_copy + 1, to_copy2);
notify(a_tcp, rcv);
}
else {
rcv->count += to_copy2;
rcv->offset = rcv->count; /* clear the buffer */
}
}
}
else {
if (datalen - lost > 0) {
if (rcv->collect) {
add2buf(rcv, data + lost, datalen - lost);
notify(a_tcp, rcv);
}
else {
rcv->count += datalen - lost;
rcv->offset = rcv->count; /* clear the buffer */
}
}
}
if (fin) {
snd->state = FIN_SENT;
if (rcv->state == TCP_CLOSING)
add_tcp_closing_timeout(a_tcp);
}
}
static void
tcp_queue(struct tcp_stream * a_tcp, struct tcphdr * this_tcphdr,
struct half_stream * snd, struct half_stream * rcv,
char *data, int datalen, int skblen
)
{
u_int this_seq = ntohl(this_tcphdr->th_seq);
struct skbuff *pakiet, *tmp;
/*
* Did we get anything new to ack?
*/
if (!after(this_seq, EXP_SEQ)) {
if (after(this_seq + datalen + (this_tcphdr->th_flags & TH_FIN), EXP_SEQ)) {
/* the packet straddles our window end */
get_ts(this_tcphdr, &snd->curr_ts);
add_from_skb(a_tcp, rcv, snd, data, datalen, this_seq,
(this_tcphdr->th_flags & TH_FIN),
(this_tcphdr->th_flags & TH_URG),
ntohs(this_tcphdr->th_urp) + this_seq - 1);
/*
* Do we have any old packets to ack that the above
* made visible? (Go forward from skb)
*/
pakiet = rcv->list;
while (pakiet) {
if (after(pakiet->seq, EXP_SEQ))
break;
if (after(pakiet->seq + pakiet->len + pakiet->fin, EXP_SEQ)) {
add_from_skb(a_tcp, rcv, snd, pakiet->data,
pakiet->len, pakiet->seq, pakiet->fin, pakiet->urg,
pakiet->urg_ptr + pakiet->seq - 1);
}
rcv->rmem_alloc -= pakiet->truesize;
if (pakiet->prev)
pakiet->prev->next = pakiet->next;
else
rcv->list = pakiet->next;
if (pakiet->next)
pakiet->next->prev = pakiet->prev;
else
rcv->listtail = pakiet->prev;
tmp = pakiet->next;
free(pakiet->data);
free(pakiet);
pakiet = tmp;
}
}
else
return;
}
else {
struct skbuff *p = rcv->listtail;
pakiet = mknew(struct skbuff);
pakiet->truesize = skblen;
rcv->rmem_alloc += pakiet->truesize;
pakiet->len = datalen;
pakiet->data = malloc(datalen);
if (!pakiet->data)
nids_params.no_mem("tcp_queue");
memcpy(pakiet->data, data, datalen);
pakiet->fin = (this_tcphdr->th_flags & TH_FIN);
/* Some Cisco - at least - hardware accept to close a TCP connection
* even though packets were lost before the first TCP FIN packet and
* never retransmitted; this violates RFC 793, but since it really
* happens, it has to be dealt with... The idea is to introduce a 10s
* timeout after TCP FIN packets were sent by both sides so that
* corresponding libnids resources can be released instead of waiting
* for retransmissions which will never happen. -- Sebastien Raveau
*/
if (pakiet->fin) {
snd->state = TCP_CLOSING;
if (rcv->state == FIN_SENT || rcv->state == FIN_CONFIRMED)
add_tcp_closing_timeout(a_tcp);
}
pakiet->seq = this_seq;
pakiet->urg = (this_tcphdr->th_flags & TH_URG);
pakiet->urg_ptr = ntohs(this_tcphdr->th_urp);
for (;;) {
if (!p || !after(p->seq, this_seq))
break;
p = p->prev;
}
if (!p) {
pakiet->prev = 0;
pakiet->next = rcv->list;
if (rcv->list)
rcv->list->prev = pakiet;
rcv->list = pakiet;
if (!rcv->listtail)
rcv->listtail = pakiet;
}
else {
pakiet->next = p->next;
p->next = pakiet;
pakiet->prev = p;
if (pakiet->next)
pakiet->next->prev = pakiet;
else
rcv->listtail = pakiet;
}
}
}
static void
prune_queue(struct half_stream * rcv, struct tcphdr * this_tcphdr)
{
struct skbuff *tmp, *p = rcv->list;
nids_params.syslog(NIDS_WARN_TCP, NIDS_WARN_TCP_BIGQUEUE, ugly_iphdr, this_tcphdr);
while (p) {
free(p->data);
tmp = p->next;
free(p);
p = tmp;
}
rcv->list = rcv->listtail = 0;
rcv->rmem_alloc = 0;
}
static void
handle_ack(struct half_stream * snd, u_int acknum)
{
int ackdiff;
ackdiff = acknum - snd->ack_seq;
if (ackdiff > 0) {
snd->ack_seq = acknum;
}
}
#if 0
static void
check_flags(struct ip * iph, struct tcphdr * th)
{
u_char flag = *(((u_char *) th) + 13);
if (flag & 0x40 || flag & 0x80)
nids_params.syslog(NIDS_WARN_TCP, NIDS_WARN_TCP_BADFLAGS, iph, th);
//ECN is really the only cause of these warnings...
}
#endif
struct tcp_stream *
find_stream(struct tcphdr * this_tcphdr, struct ip * this_iphdr,
int *from_client)
{
struct tuple4 this_addr, reversed;
struct tcp_stream *a_tcp;
this_addr.source = ntohs(this_tcphdr->th_sport);
this_addr.dest = ntohs(this_tcphdr->th_dport);
this_addr.saddr = this_iphdr->ip_src.s_addr;
this_addr.daddr = this_iphdr->ip_dst.s_addr;
a_tcp = nids_find_tcp_stream(&this_addr);
if (a_tcp) {
*from_client = 1;
return a_tcp;
}
reversed.source = ntohs(this_tcphdr->th_dport);
reversed.dest = ntohs(this_tcphdr->th_sport);
reversed.saddr = this_iphdr->ip_dst.s_addr;
reversed.daddr = this_iphdr->ip_src.s_addr;
a_tcp = nids_find_tcp_stream(&reversed);
if (a_tcp) {
*from_client = 0;
return a_tcp;
}
return 0;
}
struct tcp_stream *
nids_find_tcp_stream(struct tuple4 *addr)
{
int hash_index;
struct tcp_stream *a_tcp;
hash_index = mk_hash_index(*addr);
for (a_tcp = tcp_stream_table[hash_index];
a_tcp && memcmp(&a_tcp->addr, addr, sizeof (struct tuple4));
a_tcp = a_tcp->next_node);
return a_tcp ? a_tcp : 0;
}
void tcp_exit(void)
{
int i;
struct lurker_node *j;
struct tcp_stream *a_tcp;
if (!tcp_stream_table || !streams_pool)
return;
for (i = 0; i < tcp_stream_table_size; i++) {
for (a_tcp = tcp_stream_table[i];
a_tcp;
a_tcp = a_tcp->next_node) {
for (j = a_tcp->listeners; j; j = j->next) {
a_tcp->nids_state = NIDS_EXITING;
(j->item)(a_tcp, &j->data);
}
}
}
free(tcp_stream_table);
tcp_stream_table = NULL;
free(streams_pool);
streams_pool = NULL;
/* FIXME: anything else we should free? */
}
void
process_tcp(u_char * data, int skblen)
{
struct ip *this_iphdr = (struct ip *)data;
struct tcphdr *this_tcphdr = (struct tcphdr *)(data + 4 * this_iphdr->ip_hl);
int datalen, iplen;
int from_client = 1;
unsigned int tmp_ts;
struct tcp_stream *a_tcp;
struct half_stream *snd, *rcv;
ugly_iphdr = this_iphdr;
iplen = ntohs(this_iphdr->ip_len);
if ((unsigned)iplen < 4 * this_iphdr->ip_hl + sizeof(struct tcphdr)) {
nids_params.syslog(NIDS_WARN_TCP, NIDS_WARN_TCP_HDR, this_iphdr,
this_tcphdr);
return;
} // ktos sie bawi
datalen = iplen - 4 * this_iphdr->ip_hl - 4 * this_tcphdr->th_off;
if (datalen < 0) {
nids_params.syslog(NIDS_WARN_TCP, NIDS_WARN_TCP_HDR, this_iphdr,
this_tcphdr);
return;
} // ktos sie bawi
if ((this_iphdr->ip_src.s_addr | this_iphdr->ip_dst.s_addr) == 0) {
nids_params.syslog(NIDS_WARN_TCP, NIDS_WARN_TCP_HDR, this_iphdr,
this_tcphdr);
return;
}
if (!(this_tcphdr->th_flags & TH_ACK))
detect_scan(this_iphdr);
if (!nids_params.n_tcp_streams) return;
if (my_tcp_check(this_tcphdr, iplen - 4 * this_iphdr->ip_hl,
this_iphdr->ip_src.s_addr, this_iphdr->ip_dst.s_addr)) {
nids_params.syslog(NIDS_WARN_TCP, NIDS_WARN_TCP_HDR, this_iphdr,
this_tcphdr);
return;
}
#if 0
check_flags(this_iphdr, this_tcphdr);
//ECN
#endif
if (!(a_tcp = find_stream(this_tcphdr, this_iphdr, &from_client))) {
if ((this_tcphdr->th_flags & TH_SYN) &&
!(this_tcphdr->th_flags & TH_ACK) &&
!(this_tcphdr->th_flags & TH_RST))
add_new_tcp(this_tcphdr, this_iphdr);
return;
}
if (from_client) {
snd = &a_tcp->client;
rcv = &a_tcp->server;
}
else {
rcv = &a_tcp->client;
snd = &a_tcp->server;
}
if ((this_tcphdr->th_flags & TH_SYN)) {
if (from_client || a_tcp->client.state != TCP_SYN_SENT ||
a_tcp->server.state != TCP_CLOSE || !(this_tcphdr->th_flags & TH_ACK))
return;
if (a_tcp->client.seq != ntohl(this_tcphdr->th_ack))
return;
a_tcp->server.state = TCP_SYN_RECV;
a_tcp->server.seq = ntohl(this_tcphdr->th_seq) + 1;
a_tcp->server.first_data_seq = a_tcp->server.seq;
a_tcp->server.ack_seq = ntohl(this_tcphdr->th_ack);
a_tcp->server.window = ntohs(this_tcphdr->th_win);
if (a_tcp->client.ts_on) {
a_tcp->server.ts_on = get_ts(this_tcphdr, &a_tcp->server.curr_ts);
if (!a_tcp->server.ts_on)
a_tcp->client.ts_on = 0;
} else a_tcp->server.ts_on = 0;
if (a_tcp->client.wscale_on) {
a_tcp->server.wscale_on = get_wscale(this_tcphdr, &a_tcp->server.wscale);
if (!a_tcp->server.wscale_on) {
a_tcp->client.wscale_on = 0;
a_tcp->client.wscale = 1;
a_tcp->server.wscale = 1;
}
} else {
a_tcp->server.wscale_on = 0;
a_tcp->server.wscale = 1;
}
return;
}
if (
! ( !datalen && ntohl(this_tcphdr->th_seq) == rcv->ack_seq )
&&
( !before(ntohl(this_tcphdr->th_seq), rcv->ack_seq + rcv->window*rcv->wscale) ||
before(ntohl(this_tcphdr->th_seq) + datalen, rcv->ack_seq)
)
)
return;
if ((this_tcphdr->th_flags & TH_RST)) {
if (a_tcp->nids_state == NIDS_DATA) {
struct lurker_node *i;
a_tcp->nids_state = NIDS_RESET;
for (i = a_tcp->listeners; i; i = i->next)
(i->item) (a_tcp, &i->data);
}
nids_free_tcp_stream(a_tcp);
return;
}
/* PAWS check */
if (rcv->ts_on && get_ts(this_tcphdr, &tmp_ts) &&
before(tmp_ts, snd->curr_ts))
return;
if ((this_tcphdr->th_flags & TH_ACK)) {
if (from_client && a_tcp->client.state == TCP_SYN_SENT &&
a_tcp->server.state == TCP_SYN_RECV) {
if (ntohl(this_tcphdr->th_ack) == a_tcp->server.seq) {
a_tcp->client.state = TCP_ESTABLISHED;
a_tcp->client.ack_seq = ntohl(this_tcphdr->th_ack);
{
struct proc_node *i;
struct lurker_node *j;
void *data;
a_tcp->server.state = TCP_ESTABLISHED;
a_tcp->nids_state = NIDS_JUST_EST;
for (i = tcp_procs; i; i = i->next) {
char whatto = 0;
char cc = a_tcp->client.collect;
char sc = a_tcp->server.collect;
char ccu = a_tcp->client.collect_urg;
char scu = a_tcp->server.collect_urg;
(i->item) (a_tcp, &data);
if (cc < a_tcp->client.collect)
whatto |= COLLECT_cc;
if (ccu < a_tcp->client.collect_urg)
whatto |= COLLECT_ccu;
if (sc < a_tcp->server.collect)
whatto |= COLLECT_sc;
if (scu < a_tcp->server.collect_urg)
whatto |= COLLECT_scu;
if (nids_params.one_loop_less) {
if (a_tcp->client.collect >=2) {
a_tcp->client.collect=cc;
whatto&=~COLLECT_cc;
}
if (a_tcp->server.collect >=2 ) {
a_tcp->server.collect=sc;
whatto&=~COLLECT_sc;
}
}
if (whatto) {
j = mknew(struct lurker_node);
j->item = i->item;
j->data = data;
j->whatto = whatto;
j->next = a_tcp->listeners;
a_tcp->listeners = j;
}
}
if (!a_tcp->listeners) {
nids_free_tcp_stream(a_tcp);
return;
}
a_tcp->nids_state = NIDS_DATA;
}
}
// return;
}
}
if ((this_tcphdr->th_flags & TH_ACK)) {
handle_ack(snd, ntohl(this_tcphdr->th_ack));
if (rcv->state == FIN_SENT)
rcv->state = FIN_CONFIRMED;
if (rcv->state == FIN_CONFIRMED && snd->state == FIN_CONFIRMED) {
struct lurker_node *i;
a_tcp->nids_state = NIDS_CLOSE;
for (i = a_tcp->listeners; i; i = i->next)
(i->item) (a_tcp, &i->data);
nids_free_tcp_stream(a_tcp);
return;
}
}
if (datalen + (this_tcphdr->th_flags & TH_FIN) > 0)
tcp_queue(a_tcp, this_tcphdr, snd, rcv,
(char *) (this_tcphdr) + 4 * this_tcphdr->th_off,
datalen, skblen);
snd->window = ntohs(this_tcphdr->th_win);
if (rcv->rmem_alloc > 65535)
prune_queue(rcv, this_tcphdr);
if (!a_tcp->listeners)
nids_free_tcp_stream(a_tcp);
}
void
nids_discard(struct tcp_stream * a_tcp, int num)
{
if (num < a_tcp->read)
a_tcp->read = num;
}
void
nids_register_tcp(void (*x))
{
register_callback(&tcp_procs, x);
}
void
nids_unregister_tcp(void (*x))
{
unregister_callback(&tcp_procs, x);
}
int
tcp_init(int size)
{
int i;
struct tcp_timeout *tmp;
if (!size) return 0;
tcp_stream_table_size = size;
tcp_stream_table = calloc(tcp_stream_table_size, sizeof(char *));
if (!tcp_stream_table) {
nids_params.no_mem("tcp_init");
return -1;
}
max_stream = 3 * tcp_stream_table_size / 4;
streams_pool = (struct tcp_stream *) malloc((max_stream + 1) * sizeof(struct tcp_stream));
if (!streams_pool) {
nids_params.no_mem("tcp_init");
return -1;
}
for (i = 0; i < max_stream; i++)
streams_pool[i].next_free = &(streams_pool[i + 1]);
streams_pool[max_stream].next_free = 0;
free_streams = streams_pool;
init_hash();
while (nids_tcp_timeouts) {
tmp = nids_tcp_timeouts->next;
free(nids_tcp_timeouts);
nids_tcp_timeouts = tmp;
}
return 0;
}
#if HAVE_ICMPHDR
#define STRUCT_ICMP struct icmphdr
#define ICMP_CODE code
#define ICMP_TYPE type
#else
#define STRUCT_ICMP struct icmp
#define ICMP_CODE icmp_code
#define ICMP_TYPE icmp_type
#endif
#ifndef ICMP_DEST_UNREACH
#define ICMP_DEST_UNREACH ICMP_UNREACH
#define ICMP_PROT_UNREACH ICMP_UNREACH_PROTOCOL
#define ICMP_PORT_UNREACH ICMP_UNREACH_PORT
#define NR_ICMP_UNREACH ICMP_MAXTYPE
#endif
void
process_icmp(u_char * data)
{
struct ip *iph = (struct ip *) data;
struct ip *orig_ip;
STRUCT_ICMP *pkt;
struct tcphdr *th;
struct half_stream *hlf;
int match_addr;
struct tcp_stream *a_tcp;
struct lurker_node *i;
int from_client;
/* we will use unsigned, to suppress warning; we must be careful with
possible wrap when substracting
the following is ok, as the ip header has already been sanitized */
unsigned int len = ntohs(iph->ip_len) - (iph->ip_hl << 2);
if (len < sizeof(STRUCT_ICMP))
return;
pkt = (STRUCT_ICMP *) (data + (iph->ip_hl << 2));
if (ip_compute_csum((char *) pkt, len))
return;
if (pkt->ICMP_TYPE != ICMP_DEST_UNREACH)
return;
/* ok due to check 7 lines above */
len -= sizeof(STRUCT_ICMP);
// sizeof(struct icmp) is not what we want here
if (len < sizeof(struct ip))
return;
orig_ip = (struct ip *) (((char *) pkt) + 8);
if (len < (unsigned)(orig_ip->ip_hl << 2) + 8)
return;
/* subtraction ok due to the check above */
len -= orig_ip->ip_hl << 2;
if ((pkt->ICMP_CODE & 15) == ICMP_PROT_UNREACH ||
(pkt->ICMP_CODE & 15) == ICMP_PORT_UNREACH)
match_addr = 1;
else
match_addr = 0;
if (pkt->ICMP_CODE > NR_ICMP_UNREACH)
return;
if (match_addr && (iph->ip_src.s_addr != orig_ip->ip_dst.s_addr))
return;
if (orig_ip->ip_p != IPPROTO_TCP)
return;
th = (struct tcphdr *) (((char *) orig_ip) + (orig_ip->ip_hl << 2));
if (!(a_tcp = find_stream(th, orig_ip, &from_client)))
return;
if (a_tcp->addr.dest == iph->ip_dst.s_addr)
hlf = &a_tcp->server;
else
hlf = &a_tcp->client;
if (hlf->state != TCP_SYN_SENT && hlf->state != TCP_SYN_RECV)
return;
a_tcp->nids_state = NIDS_RESET;
for (i = a_tcp->listeners; i; i = i->next)
(i->item) (a_tcp, &i->data);
nids_free_tcp_stream(a_tcp);
}
libnids-1.23/src/tcp.h 0000600 0000764 0000764 00000001041 10430075177 015353 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#ifndef _NIDS_TCP_H
#define _NIDS_TCP_H
#include
struct skbuff {
struct skbuff *next;
struct skbuff *prev;
void *data;
u_int len;
u_int truesize;
u_int urg_ptr;
char fin;
char urg;
u_int seq;
u_int ack;
};
int tcp_init(int);
void tcp_exit(void);
void process_tcp(u_char *, int);
void process_icmp(u_char *);
void tcp_check_timeouts(struct timeval *);
#endif /* _NIDS_TCP_H */
libnids-1.23/src/util.c 0000600 0000764 0000764 00000002316 10425437110 015534 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#include
#include
#include
#include "tcp.h"
#include "util.h"
#include "nids.h"
void
nids_no_mem(char *func)
{
fprintf(stderr, "Out of memory in %s.\n", func);
exit(1);
}
char *
test_malloc(int x)
{
char *ret = malloc(x);
if (!ret)
nids_params.no_mem("test_malloc");
return ret;
}
inline int
before(u_int seq1, u_int seq2)
{
return ((int)(seq1 - seq2) < 0);
}
inline int
after(u_int seq1, u_int seq2)
{
return ((int)(seq2 - seq1) < 0);
}
void
register_callback(struct proc_node **procs, void (*x))
{
struct proc_node *ipp;
for (ipp = *procs; ipp; ipp = ipp->next)
if (x == ipp->item)
return;
ipp = mknew(struct proc_node);
ipp->item = x;
ipp->next = *procs;
*procs = ipp;
}
void
unregister_callback(struct proc_node **procs, void (*x))
{
struct proc_node *ipp;
struct proc_node *ipp_prev = 0;
for (ipp = *procs; ipp; ipp = ipp->next) {
if (x == ipp->item) {
if (ipp_prev)
ipp_prev->next = ipp->next;
else
*procs = ipp->next;
free(ipp);
return;
}
ipp_prev = ipp;
}
}
libnids-1.23/src/util.h 0000600 0000764 0000764 00000001325 10425437110 015540 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#ifndef _NIDS_UTIL_H
#define _NIDS_UTIL_H
#define mknew(x) (x *)test_malloc(sizeof(x))
#define b_comp(x,y) (!memcmp(&(x), &(y), sizeof(x)))
struct proc_node {
void (*item)();
struct proc_node *next;
};
struct lurker_node {
void (*item)();
void *data;
char whatto;
struct lurker_node *next;
};
void nids_no_mem(char *);
char *test_malloc(int);
inline int before(u_int seq1, u_int seq2);
inline int after(u_int seq1, u_int seq2);
void register_callback(struct proc_node **procs, void (*x));
void unregister_callback(struct proc_node **procs, void (*x));
#endif /* _NIDS_UTIL_H */
libnids-1.23/src/Makefile.in 0000600 0000764 0000764 00000005217 10757252423 016475 0 ustar nergal nergal 0000000 0000000 #
# Makefile for libnids.
#
# Dug Song
srcdir = @srcdir@
VPATH = @srcdir@
install_prefix =
prefix = @prefix@
exec_prefix = @exec_prefix@
includedir = @includedir@
libdir = @libdir@
mandir = @mandir@
LIBSTATIC = libnids.a
LIBSHARED = libnids.so.1.23
CC = @CC@
CFLAGS = @CFLAGS@ -W -Wall -DLIBNET_VER=@LIBNET_VER@ -DHAVE_ICMPHDR=@ICMPHEADER@ -DHAVE_TCP_STATES=@TCPSTATES@ -DHAVE_BSD_UDPHDR=@HAVE_BSD_UDPHDR@
LDFLAGS = @LDFLAGS@
PCAP_CFLAGS = @PCAP_CFLAGS@
PCAPLIB = @PCAPLIB@
LNET_CFLAGS = @LNET_CFLAGS@
LNETLIB = @LNETLIB@
LIBS_CFLAGS = $(PCAP_CFLAGS) $(LNET_CFLAGS) @GLIB_CFLAGS@ @GTHREAD_CFLAGS@
LIBS = @LIBS@ @GLIB_LIBS@ @GTHREAD_LIBS@
RANLIB = @RANLIB@
INSTALL = @INSTALL@
OBJS = checksum.o ip_fragment.o ip_options.o killtcp.o \
libnids.o scan.o tcp.o util.o allpromisc.o hash.o
OBJS_SHARED = $(OBJS:.o=_pic.o)
.c.o:
$(CC) -c $(CFLAGS) -I. $(LIBS_CFLAGS) $<
static: $(LIBSTATIC)
shared: $(LIBSHARED)
# How to write the following rules compactly and portably ?
# gmake accepts "%_pic.o: %.c", bsd make does not.
checksum_pic.o: checksum.c
$(CC) -fPIC $(CFLAGS) -I. $(LIBS_CFLAGS) -c checksum.c -o $@
ip_fragment_pic.o: ip_fragment.c
$(CC) -fPIC $(CFLAGS) -I. $(LIBS_CFLAGS) -c ip_fragment.c -o $@
ip_options_pic.o: ip_options.c
$(CC) -fPIC $(CFLAGS) -I. $(LIBS_CFLAGS) -c ip_options.c -o $@
killtcp_pic.o: killtcp.c
$(CC) -fPIC $(CFLAGS) -I. $(LIBS_CFLAGS) -c killtcp.c -o $@
libnids_pic.o: libnids.c
$(CC) -fPIC $(CFLAGS) -I. $(LIBS_CFLAGS) -c libnids.c -o $@
scan_pic.o: scan.c
$(CC) -fPIC $(CFLAGS) -I. $(LIBS_CFLAGS) -c scan.c -o $@
tcp_pic.o: tcp.c
$(CC) -fPIC $(CFLAGS) -I. $(LIBS_CFLAGS) -c tcp.c -o $@
util_pic.o: util.c
$(CC) -fPIC $(CFLAGS) -I. $(LIBS_CFLAGS) -c util.c -o $@
allpromisc_pic.o: allpromisc.c
$(CC) -fPIC $(CFLAGS) -I. $(LIBS_CFLAGS) -c allpromisc.c -o $@
hash_pic.o: hash.c
$(CC) -fPIC $(CFLAGS) -I. $(LIBS_CFLAGS) -c hash.c -o $@
$(LIBSTATIC): $(OBJS)
ar -cr $@ $(OBJS)
$(RANLIB) $@
$(LIBSHARED): $(OBJS_SHARED)
$(CC) -shared -Wl,-soname,$(LIBSHARED) -o $(LIBSHARED) $(OBJS_SHARED) $(LIBS) $(LNETLIB) $(PCAPLIB)
_install install: $(LIBSTATIC)
../mkinstalldirs $(install_prefix)$(libdir)
../mkinstalldirs $(install_prefix)$(includedir)
../mkinstalldirs $(install_prefix)$(mandir)/man3
$(INSTALL) -c -m 644 libnids.a $(install_prefix)$(libdir)
$(INSTALL) -c -m 644 nids.h $(install_prefix)$(includedir)
$(INSTALL) -c -m 644 libnids.3 $(install_prefix)$(mandir)/man3
_installshared installshared: install $(LIBSHARED)
$(INSTALL) -c -m 755 $(LIBSHARED) $(install_prefix)$(libdir)
ln -s -f $(LIBSHARED) $(install_prefix)$(libdir)/libnids.so
clean:
rm -f *.o *~ $(LIBSTATIC) $(LIBSHARED)
# EOF
libnids-1.23/src/libnids.3 0000600 0000764 0000764 00000033222 10426426050 016125 0 ustar nergal nergal 0000000 0000000 .\" libnids manpage by Dug Song
.\" tmac.an sux, tmac.doc rules
.TH LIBNIDS 3
.SH NAME
libnids \- network intrusion detection system E-box library
.SH SYNOPSIS
.nf
#include
extern struct nids_prm \fInids_params\fR;
extern char \fInids_errbuf\fR[];
int
\fBnids_init\fR(void);
void
\fBnids_register_ip_frag\fR(void (*ip_frag_func)(struct ip *pkt, int len));
void
\fBnids_unregister_ip_frag\fR(void (*ip_frag_func)(struct ip *pkt, int len));
void
\fBnids_register_ip\fR(void (*ip_func)(struct ip *pkt, int len));
void
\fBnids_unregister_ip\fR(void (*ip_func)(struct ip *pkt, int len));
void
\fBnids_register_udp\fR(void (*udp_func)(struct tuple4 *addr, u_char *data, int len, struct ip *pkt));
void
\fBnids_unregister_udp\fR(void (*udp_func)(struct tuple4 *addr, u_char *data, int len, struct ip *pkt));
void
\fBnids_register_tcp\fR(void (*tcp_func)(struct tcp_stream *ts, void **param));
void
\fBnids_unregister_tcp\fR(void (*tcp_func)(struct tcp_stream *ts, void **param));
void
\fBnids_killtcp\fR(struct tcp_stream *ts);
void
\fBnids_discard\fR(struct tcp_stream *ts, int numbytes);
void
\fBnids_run\fR(void);
int
\fBnids_dispatch\fR(int cnt);
int
\fBnids_next\fR(void);
int
\fBnids_getfd\fR(void);
int
\fBnids_register_chksum_ctl\fR(struct nids_chksum_ctl *, int);
void
\fBnids_pcap_handler\fR(u_char *par, struct pcap_pkthdr *hdr, u_char *data);
struct tcp_stream *
\fBnids_find_tcp_stream\fR(struct tuple4 *addr);
.fi
.SH DESCRIPTION
.B libnids
provides the functionality of a network intrusion detection system
(NIDS) E-box component. It currently performs:
.LP
.nf
1. IP defragmentation
2. TCP stream reassembly
3. TCP port scan detection
.fi
.PP
.B libnids
performs TCP/IP reassembly in exactly the same way as Linux
2.0.36 kernels, and correctly handles all of the attacks implemented
in fragrouter(8) (plus many other attacks as well).
.SH ROUTINES
.PP
.BR nids_init ()
initializes the application for sniffing, based on the values set in the
global variable \fInids_params\fR, declared as follows:
.LP
.nf
struct nids_prm {
int n_tcp_streams;
int n_hosts;
char *device;
char *filename;
int sk_buff_size;
int dev_addon;
void (*syslog)(int type, int err, struct ip *iph, void *data);
int syslog_level;
int scan_num_hosts;
int scan_num_ports;
int scan_delay;
void (*no_mem)(void);
int (*ip_filter)(struct ip *iph);
char *pcap_filter;
int promisc;
int one_loop_less;
int pcap_timeout;
int multiproc;
int queue_limit;
int tcp_workarounds;
pcap_t *pcap_desc;
} nids_params;
.fi
.PP
The members of this structure are:
.TP
.I n_tcp_streams
Size of the hash table used for storing TCP connection information (
a maximum of 3/4 * \fIn_tcp_streams\fR TCP connections will be
followed simultaneously). Default value: 1024
.TP
.I n_hosts
Size of the hash table used for storing IP defragmentation
information. Default value: 256
.TP
.I filename
It this variable is set, libnids will call pcap_open_offline with this
variable as the argument (instead of pcap_open_live()). Default value: NULL
.TP
.I device
Interface to monitor. Default value: NULL (in which case an
appropriate device is determined automatically). If this variable is assigned
value \fBall\fR, libnids will attempt to capture packets on all interfaces
(which works on Linux only)
.TP
.I sk_buff_size
Size of \fIstruct sk_buff\fR (used for queuing packets), which should
be set to match the value on the hosts being monitored. Default value: 168
.TP
.I dev_addon
Number of bytes in \fIstruct sk_buff\fR reserved for link-layer
information. Default value: -1 (in which case an appropriate offset if
determined automatically based on link-layer type)
.TP
.I syslog
Syslog callback function, used to report unusual conditions, such as
port scan attempts, invalid TCP header flags, etc. Default value:
\fInids_syslog\fR (which logs messages via syslog(3) without regard
for message rate per second or free disk space)
.TP
.I syslog_level
Log level used by \fInids_syslog\fR for reporting events via
syslog(3). Default value: LOG_ALERT
.TP
.I scan_num_hosts
Size of hash table used for storing portscan information (the maximum
number portscans that will be detected simultaneously). If set to 0,
portscan detection will be disabled. Default value: 256
.TP
.I scan_num_ports
Minimum number of ports that must be scanned from the same source
host before it is identifed as a portscan. Default value: 10
.TP
.I scan_delay
Maximum delay (in milliseconds) between connections to different
ports for them to be identified as part of a portscan. Default value:
3000
.TP
.I no_mem
Out-of-memory callback function, used to terminate the calling process
gracefully.
.TP
.I ip_filter
IP filtering callback function, used to selectively discard IP
packets, inspected after reassembly. If the function returns a
non-zero value, the packet is processed; otherwise, it is
discarded. Default value: \fInids_ip_filter\fR (which always returns
1)
.TP
.I pcap_filter
pcap(3) filter string applied to the link-layer (raw, unassembled)
packets. \fBNote\fR: filters like ``tcp dst port 23'' will NOT
correctly handle appropriately fragmented traffic, e.g. 8-byte IP
fragments; one should add "or (ip[6:2] & 0x1fff != 0)" at the end of the
filter to process reassembled packets. Default value: NULL
.TP
.I promisc
If non-zero, libnids will set the interface(s) it listens on to
promiscuous mode. Default value: 1
.TP
.I one_loop_less
Disabled by default; see comments in API.html file
.TP
.I pcap_timeout
Sets the pcap read timeout, which may or may not be supported by your
platform. Default value: 1024.
.TP
.I multiproc
If nonzero, creates a separate thread for packets processing. See API.html.
Default value: 0.
.TP
.I queue_limit
If multiproc is nonzero, this is the maximum number of packets queued in the
thread which reads packets from libpcap. Default value: 20000
.TP
.I tcp_workarounds
Enables extra checks for faulty implementations of TCP such as the ones
which allow connections to be closed despite the fact that there should be
retransmissions for lost packets first (as stated by RFC 793, section 3.5).
If non-zero, libnids will set the NIDS_TIMED_OUT state for savagely closed
connections. Default value: 0
.TP
.I pcap_desc
It this variable is set, libnids will call neither pcap_open_live nor
pcap_open_offline, but will use a pre-opened PCAP descriptor; use this
with nids_pcap_handler() in order to interactively feed packets to
libnids. Default value: NULL
.PP
Returns 1 on success, 0 on failure (in which case \fBnids_errbuf\fR
contains an appropriate error message).
.PP
.BR nids_register_ip_frag ()
registers a user-defined callback function to process all incoming IP
packets (including IP fragments, packets with invalid checksums, etc.).
.PP
.BR nids_unregister_ip_frag ()
unregisters a user-defined callback function to process all incoming IP
packets.
.PP
.BR nids_register_ip ()
registers a user-defined callback function to process IP packets
validated and reassembled by \fBlibnids\fR.
.PP
.BR nids_unregister_ip ()
unregisters a user-defined callback function to process IP packets.
.PP
.BR nids_register_udp ()
registers a user-defined callback function to process UDP packets
validated and reassembled by \fBlibnids\fR.
.PP
.BR nids_unregister_udp ()
unregisters a user-defined callback function to process UDP packets.
.PP
.BR nids_register_tcp ()
registers a user-defined callback function to process TCP streams
validated and reassembled by \fBlibnids\fR. The \fItcp_stream\fR
structure is defined as follows:
.LP
.nf
struct tcp_stream {
struct tuple4 {
u_short source;
u_short dest;
u_int saddr;
u_int daddr;
} addr;
char nids_state;
struct half_stream {
char state;
char collect;
char collect_urg;
char *data;
u_char urgdata;
int count;
int offset;
int count_new;
char count_new_urg;
...
} client;
struct half_stream server;
...
void *user;
};
.fi
.PP
The members of the \fItuple4\fR structure identify a unique TCP
connection:
.TP
\fIsource\fR, \fIdest\fR
Client and server port numbers
.TP
\fIsaddr\fR, \fIdaddr\fR
Client and server IP addresses
.PP
The members of the \fIhalf_stream\fR structure describe each half of a
TCP connection (client and server):
.TP
.I state
Socket state (e.g. TCP_ESTABLISHED).
.TP
.I collect
A boolean which specifies whether to collect data for this half of the
connection in the \fIdata\fR buffer.
.TP
.I collect_urg
A boolean which specifies whether to collect urgent data pointed to by
the TCP urgent pointer for this half of the connection in the
\fIurgdata\fR buffer.
.TP
.I data
Buffer for normal data.
.TP
.I urgdata
One-byte buffer for urgent data.
.TP
.I count
The number of bytes appended to \fIdata\fR since the creation of the
connection.
.TP
.I offset
The current offset from the first byte stored in the \fIdata\fR
buffer, identifying the start of newly received data.
.TP
.I count_new
The number of bytes appended to \fIdata\fR since the last invocation
of the TCP callback function (if 0, no new data arrived).
.TP
.I count_new_urg
The number of bytes appended to \fIurgdata\fR since the last
invocation of the TCP callback function (if 0, no new urgent data
arrived).
.PP
The value of the \fInids_state\fR field provides information about the
state of the TCP connection, to be used by the TCP callback function:
.TP
NIDS_JUST_EST
Connection just established. Connection parameters in the \fIaddr\fR
structure are available for inspection. If the connection is
interesting, the TCP callback function may specify which data it
wishes to receive in the future by setting non-zero values for the
\fIcollect\fR or \fIcollect_urg\fR variables in the appropriate
\fIclient\fR or \fIserver\fR half_stream structure members.
.TP
NIDS_DATA
New data has arrived on a connection. The \fIhalf_stream\fR structures
contain buffers of data.
.TP
NIDS_CLOSE, NIDS_RESET, NIDS_TIMED_OUT
Connection has closed. The TCP callback function should free any
resources it may have allocated for this connection.
.PP
The \fIparam\fR pointer passed by libnids as argument to the TCP callback
function may be set to save a pointer to user-defined
connection-specific data to pass to subsequent invocations of the TCP
callback function (ex. the current working directory for an FTP
control connection, etc.).
.PP
The \fIuser\fR pointer in the tcp_stream structure has the same purpose
except it is global to the stream, whereas the \fIparam\fR pointer is
different from one callback function to the other even though they were
called for the same stream.
.PP
.BR nids_unregister_tcp ()
unregisters a user-defined callback function to process TCP streams.
.PP
.BR nids_killtcp ()
tears down the specified TCP connection with symmetric RST packets
between client and server.
.PP
.BR nids_discard ()
may be called from the TCP callback function to specify the number of
bytes to discard from the beginning of the \fIdata\fR buffer (updating
the \fIoffset\fR value accordingly) after the TCP callback function
exits. Otherwise, the new data (totalling \fIcount_new\fR bytes) will
be discarded by default.
.PP
.BR nids_run ()
starts the packet-driven application, reading packets in an endless
loop, and invoking registered callback functions to handle new data as
it arrives. This function does not return.
.PP
.BR nids_dispatch ()
attempts to process \fBcnt\fR packets before returning, with a cnt of -1
understood as all packets available in one pcap buffer, or all packets in
a file when reading offline. On success, returns the count of packets
processed, which may be zero upon EOF (offline read) or upon hitting
\fIpcap_timeout\fR (if supported by your platform). On failure, returns
-1, putting an appropriate error message in \fBnids_errbuf\fR.
.PP
.BR nids_next ()
process the next available packet before returning. Returns 1 on success,
0 if no packet was processed, setting \fBnids_effbuf\fR appropriately if
an error prevented packet processing.
.PP
.BR nids_getfd ()
may be used by an application sleeping in select(2) to snoop for a
socket file descriptor present in the read fd_set. Returns the file
descriptor on success, -1 on failure (in which case \fBnids_errbuf\fR
contains an appropriate error message).
.PP
.BR nids_register_chksum_ctl ()
takes as arguments an array of \fIstruct nids_chksum_ctl\fR elements and
the number of elements in the array. A \fInids_chksum_ctl\fR element is
defined as follows:
.LP
.nf
struct nids_chksum_ctl {
u_int netaddr;
u_int mask;
u_int action;
/* private members */
};
.fi
.PP
Internal checksumming functions will first check elements of this array one
by one, and if the source ip SRCIP of the current packet satisfies condition
(SRCIP&chksum_ctl_array[i].mask)==chksum_ctl_array[i].netaddr
then if the \fIaction\fR field is \fBNIDS_DO_CHKSUM\fR, the packet will be
checksummed; if the \fIaction\fR field is \fBNIDS_DONT_CHKSUM\fR, the packet
will not be checksummed. If the packet matches none of the array elements,
the default action is to perform checksumming.
.PP
.BR nids_pcap_handler ()
may be used by an application already running a capture with libpcap, in order
to pass frames to libnids interactively (frame per frame) instead of having
libnids itself do the capture.
.PP
.BR nids_find_tcp_stream ()
returns a pointer to the tcp_stream structure corresponding to the tuple
passed as argument if libnids knows about this TCP connection already,
otherwise it returns NULL.
.PP
.BR nids_free_tcp_stream ()
removes the given tcp_stream from the list of streams tracked by libnids.
Warning: its usage can result in crashes! See comments in the API.html file.
.SH SEE ALSO
pcap(3), libnet(3), fragrouter(8)
.SH AUTHOR
Rafal Wojtczuk
.PP
Manpage by Dug Song , minor updates by Michael Pomraning
libnids-1.23/src/libnids.3.mdoc 0000600 0000764 0000764 00000025574 10202144530 017051 0 ustar nergal nergal 0000000 0000000 .\" libnids manpage by Dug Song
.Dd Dec 21, 1999
.Dt PCAP 3
.Os
.Sh NAME
.Nm libnids
.Nd network intrusion detection system E-box library
.Sh SYNOPSIS
.Fd #include
.Pp
.Dv extern struct nids_prm nids_params;
.Lp
.Dv extern char *nids_warnings[];
.Lp
.Dv extern char nids_errbuf[];
.Ft int
.Fn nids_init "void"
.Ft void
.Fn nids_register_ip_frag "void (*ip_frag_func)(struct ip *pkt)"
.Ft void
.Fn nids_register_ip "void (*ip_func)(struct ip *pkt)"
.Ft void
.Fn nids_register_udp "void (*udp_func)(struct tuple4 *addr, u_char *data, int len, struct ip *pkt))"
.Ft void
.Fn nids_register_tcp "void (*tcp_func)(struct tcp_stream *ts, void **param)"
.Ft void
.Fn nids_killtcp "struct tcp_stream *ts"
.Ft void
.Fn nids_discard "struct tcp_stream *ts, int numbytes"
.Ft void
.Fn nids_run "void"
.Ft int
.Fn nids_dispatch "int"
.Ft int
.Fn nids_next "void"
.Ft int
.Fn nids_getfd "void"
.Ft void
.Fn nids_register_chksum_ctl "struct nids_chksum_ctl *, int"
.Sh DESCRIPTION
.Nm
provides the functionality of a network intrusion detection system
(NIDS) E-box component. It currently performs
.Lp
.Bl -enum -offset indent -compact
.It
IP defragmentation
.It
TCP stream reassembly
.It
TCP port scan detection
.El
.Lp
.Nm
performs TCP/IP reassembly in exactly the same way as Linux
2.0.36 kernels, and correctly handles all of the attacks implemented
in
.Xr fragrouter 8
(plus many other attacks as well).
.Sh ROUTINES
.Fn nids_init
initializes the application for sniffing, based on the values set in the
global variable
.Va nids_params ,
declared as follows:
.Bd -literal
struct nids_prm {
int n_tcp_streams;
int n_hosts;
char *device;
int sk_buff_size;
int dev_addon;
void (*syslog)(int type, int err, struct ip *iph, void *data);
int syslog_level;
int scan_num_hosts;
int scan_num_ports;
int scan_delay;
void (*no_mem)(void);
int (*ip_filter)(struct ip *iph);
char *pcap_filter;
int pcap_timeout;
} nids_params;
.Ed
.Pp
The members of this structure are:
.Bl -tag -width scan_num_hosts
.It Fa n_tcp_streams
Size of the hash table used for storing TCP connection information (
a maximum of 3/4 *
.Fa n_tcp_streams
TCP connections will be followed simultaneously). Default value: 1024
.It Fa n_hosts
Size of the hash table used for storing IP defragmentation
information. Default value: 256
.It Fa filename
It this variable is set, libnids will call pcap_open_offline with this
variable as the argument (instead of pcap_open_live()). Default value: NULL
.It Fa device
Interface to monitor. Default value:
.Dv NULL
(in which case an appropriate device is determined automatically). If this
variable is assigned value
.Nm all, libnids will attempt to capture packets on all interfaces (which
works on Linux only)
.It Fa sk_buff_size
Size of
.Fa struct sk_buff
(used for queuing packets), which should be set to match the value on
the hosts being monitored. Default value: 168
.It Fa dev_addon
Number of bytes in
.Fa struct sk_buff
reserved for link-layer information. Default value: -1 (in which case
an appropriate offset if determined automatically based on link-layer
type)
.It Fa syslog
Syslog callback function, used to report unusual conditions, such as
port scan attempts, invalid TCP header flags, etc. Default value:
.Fa nids_syslog
(which logs messages via
.Xr syslog 3
without regard for message rate per second or free disk space)
.It Fa syslog_level
Log level used by
.Fa nids_syslog
for reporting events via
.Xr syslog 3 .
Default value:
.Dv LOG_ALERT
.It Fa scan_num_hosts
Size of hash table used for storing portscan information (the maximum
number portscans that will be detected simultaneously). If set to 0,
portscan detection will be disabled. Default value: 256
.It Fa scan_num_ports
Minimum number of ports that must be scanned from the same source
host before it is identifed as a portscan. Default value: 10
.It Fa scan_delay
Maximum delay (in milliseconds) between connections to different
ports for them to be identified as part of a portscan. Default value:
3000
.It Fa no_mem
Out-of-memory callback function, used to terminate the calling process
gracefully.
.It Fa ip_filter
IP filtering callback function, used to selectively discard
IP packets, inspected after reassembly. If
the function returns a non-zero value, the packet is processed;
otherwise, it is discarded. Default value:
.Fn nids_ip_filter
(which always returns 1)
.It Fa pcap_filter
.Xr pcap 3
filter string applied to the link-layer (raw, unassembled) packets.
.Sy Note:
filters like ``tcp dst port 23'' will NOT correctly handle
appropriately fragmented traffic, e.g. 8-byte IP fragments. One should add
"or (ip[6:2] & 0x1fff != 0)" at the end of the filter to process reassembled
packets. Default value:
.Dv NULL
.lt Fa promisc
If non-zero, libnids will set the interface(s) it listens on to
promiscuous mode. Default value: 1
.It Fa one_loop_less
Disabled by default see comments in API.html file
.It Fa pcap_timeout
Sets the pcap read timeout, which may or may not be supported by your
platform. Default value: 1024.
.El
.Pp
Returns 1 on success, 0 on failure (in which case
.Va nids_errbuf
contains an appropriate error message).
.Pp
.Fn nids_register_ip_frag
registers a user-defined callback function to process all incoming IP
packets (including IP fragments, packets with invalid checksums, etc.).
.Pp
.Fn nids_register_ip
registers a user-defined callback function to process IP packets
validated and reassembled by
.Nm libnids .
.Pp
.Fn nids_register_udp
registers a user-defined callback function to process UDP packets
validated and reassembled by
.Nm libnids .
.Pp
.Fn nids_register_tcp
registers a user-defined callback function to process TCP streams
validated and reassembled by
.Nm libnids .
The
.Va tcp_stream
structure is defined as follows:
.Bd -literal
struct tcp_stream {
struct tuple4 {
u_short source;
u_short dest;
u_int saddr;
u_int daddr;
} addr;
char nids_state;
struct half_stream {
char state;
char collect;
char collect_urg;
char *data;
u_char urgdata;
int count;
int offset;
int count_new;
char count_new_urg;
...
} client;
struct half_stream server;
...
};
.Ed
.Pp
The members of the
.Va tuple4
structure identify a unique TCP connection:
.Bl -tag -width source_,_dest
.It Fa source , dest
Client and server port numbers
.It Fa saddr , daddr
Client and server IP addresses
.El
.Pp
The members of the
.Va half_stream
structure describe each half of a TCP connection (client and server):
.Bl -tag -width count_new_urg
.It Fa state
Socket state (e.g.
.Dv TCP_ESTABLISHED
).
.It Fa collect
A boolean which specifies whether to collect data for this half of the
connection in the
.Va data
buffer.
.It Fa collect_urg
A boolean which specifies whether to collect urgent data pointed to by
the TCP urgent pointer for this half of the connection in the
.Va urgdata
buffer.
.It Fa data
Buffer for normal data.
.It Fa urgdata
One-byte buffer for urgent data.
.It Fa count
The number of bytes appended to
.Va data
since the creation of the connection.
.It Fa offset
The current offset from the first byte stored in the
.Va data
buffer, identifying the start of newly received data.
.It Fa count_new
The number of bytes appended to
.Va data
since the last invocation of the TCP callback function (if 0, no new
data arrived).
.It Fa count_new_urg
The number of bytes appended to
.Va urgdata
since the last invocation of the TCP callback function (if 0, no new
urgent data arrived).
.El
.Pp
The
.Va nids_state
field provides information about the state of the TCP connection, to
be used by the TCP callback function:
.Bl -tag -width NIDS_TIMED_OUT
.It Dv NIDS_JUST_EST
Connection just established. Connection parameters in the
.Va addr
structure are available for inspection. If the connection is
interesting, the TCP callback function may specify which data it
wishes to receive in the future by setting non-zero values for the
.Va collect
or
.Va collect_urg
variables in the appropriate
.Va client
or
.Va server half_stream
structure members.
.It Dv NIDS_DATA
New data has arrived on a connection. The
.Va half_stream
structures contain buffers of data.
.It Dv NIDS_CLOSE , NIDS_RESET , NIDS_TIMED_OUT
Connection has closed. The TCP callback function should free any
resources it may have allocated for this connection.
.El
.Pp
The
.Va param
pointer may be set to save a pointer to user-defined
connection-specific data to pass to subsequent invocations of the TCP
callback function (ex. the current working directory for an FTP
control connection, etc.).
.Pp
.Fn nids_killtcp
tears down the specified TCP connection with symmetric
.Dv RST
packets between client and server.
.Pp
.Fn nids_discard
may be called from the TCP callback function to specify the number of
bytes to discard from the beginning of the
.Va data
buffer (updating the
.Va offset
value accordingly) after the TCP callback function exists. Otherwise,
the new data (totalling
.Va count_new
bytes) will be discarded by default.
.Pp
.Fn nids_run
starts the packet-driven application, reading packets in an endless
loop, and invoking registered callback functions to handle new data as
it arrives. This function does not return.
.Pp
.Fn nids_dispatch
attempts to process
.Va cnt
packets before returning, with a cnt of -1 understood as all packets
available in one pcap buffer, or all packets in a file when reading
offline. On success, returns the count of packets processed, which may
be zero upon EOF (offline read) or upon hitting
.Va pcap_timeout
(if supported by your platform). On failure, returns -1, putting an
appropriate error message in
.Va nids_errbuf .
.Pp
.Fn nids_next
process the next available packet before returning. Returns 1 on success,
0 if no packet was processed, setting
.Va nids_effbuf
appropriately if an error prevented packet processing.
.Pp
.Fn nids_getfd
may be used by an application sleeping in
.Xr select 2
to snoop for a socket file descriptor present in the read
.Dv fd_set .
Returns the file descriptor on success, -1 on failure (in which case
.Va nids_errbuf
contains an appropriate error message).
.Pp
.Fn nids_register_chksum_ctl
takes as arguments an array of
.Va struct nids_chksum_ctl
elements and the number of elements in the array. A
.Va nids_chksum_ctl
element is defined as follows:
.Bd -literal
struct nids_chksum_ctl {
u_int netaddr;
u_int mask;
u_int action;
/* private members */
};
.Ed
.Pp
Internal checksumming functions will first check elements of this array one
by one, and if the source ip SRCIP of the current packet satisfies condition
(SRCIP&chksum_ctl_array[i].mask)==chksum_ctl_array[i].netaddr
then if the
.Va action
field is NIDS_DO_CHKSUM, the packet will be checksummed; if the
.Va action
field is NIDS_DONT_CHKSUM, the packet will not be checksummed. If the packet
matches none of the array elements, the default action is to perform
checksumming.
.Sh SEE ALSO
.Xr pcap 3 ,
.Xr libnet 3 ,
.Xr fragrouter 8
.Sh AUTHOR
Rafal Wojtczuk
.Pp
Manpage by Dug Song , minor updates by Michael Pomraning
libnids-1.23/src/checksum.h 0000600 0000764 0000764 00000000426 07123756245 016404 0 ustar nergal nergal 0000000 0000000
#ifndef _NIDS_CHECKSUM_H
#define _NIDS_CHECKSUM_H
u_short ip_fast_csum(u_char *, u_int);
extern u_short ip_compute_csum(char *, int len);
u_short my_tcp_check(struct tcphdr *, int, u_int, u_int);
u_short my_udp_check(void *, int, u_int, u_int);
#endif /* _NIDS_CHECKSUM_H */
libnids-1.23/src/config.h.in 0000600 0000764 0000764 00000004512 10425441013 016433 0 ustar nergal nergal 0000000 0000000 /* src/config.h.in. Generated from configure.in by autoheader. */
/* Define to 1 if you have the `gettimeofday' function. */
#undef HAVE_GETTIMEOFDAY
/* Define to 1 if you have the header file. */
#undef HAVE_INTTYPES_H
/* Define to 1 if you have the `gthread-2.0' library (-lgthread-2.0). */
#undef HAVE_LIBGTHREAD_2_0
/* Define to 1 if you have the `nsl' library (-lnsl). */
#undef HAVE_LIBNSL
/* Define to 1 if you have the `socket' library (-lsocket). */
#undef HAVE_LIBSOCKET
/* Define to 1 if you have the header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the header file. */
#undef HAVE_STDLIB_H
/* Define to 1 if you have the header file. */
#undef HAVE_STRINGS_H
/* Define to 1 if you have the header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the header file. */
#undef HAVE_SYSLOG_H
/* Define to 1 if you have the header file. */
#undef HAVE_SYS_STAT_H
/* Define to 1 if you have the header file. */
#undef HAVE_SYS_TIME_H
/* Define to 1 if you have the header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have the header file. */
#undef HAVE_UNISTD_H
/* if unaligned access fails */
#undef LBL_ALIGN
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to the full name of this package. */
#undef PACKAGE_NAME
/* Define to the full name and version of this package. */
#undef PACKAGE_STRING
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define to 1 if you can safely include both and . */
#undef TIME_WITH_SYS_TIME
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
/* Define to `__inline__' or `__inline' if that's what the C compiler
calls it, or to nothing if 'inline' is not supported under any name. */
#ifndef __cplusplus
#undef inline
#endif
libnids-1.23/src/hash.c 0000600 0000764 0000764 00000002304 07576105255 015516 0 ustar nergal nergal 0000000 0000000 #include
#include
#include
#include
#include
#include
static u_char xor[12];
static u_char perm[12];
static void
getrnd ()
{
struct timeval s;
u_int *ptr;
int fd = open ("/dev/urandom", O_RDONLY);
if (fd > 0)
{
read (fd, xor, 12);
read (fd, perm, 12);
close (fd);
return;
}
gettimeofday (&s, 0);
srand (s.tv_usec);
ptr = (u_int *) xor;
*ptr = rand ();
*(ptr + 1) = rand ();
*(ptr + 2) = rand ();
ptr = (u_int *) perm;
*ptr = rand ();
*(ptr + 1) = rand ();
*(ptr + 2) = rand ();
}
void
init_hash ()
{
int i, n, j;
int p[12];
getrnd ();
for (i = 0; i < 12; i++)
p[i] = i;
for (i = 0; i < 12; i++)
{
n = perm[i] % (12 - i);
perm[i] = p[n];
for (j = 0; j < 11 - n; j++)
p[n + j] = p[n + j + 1];
}
}
u_int
mkhash (u_int src, u_short sport, u_int dest, u_short dport)
{
u_int res = 0;
int i;
u_char data[12];
*(u_int *) (data) = src;
*(u_int *) (data + 4) = dest;
*(u_short *) (data + 8) = sport;
*(u_short *) (data + 10) = dport;
for (i = 0; i < 12; i++)
res = ( (res << 8) + (data[perm[i]] ^ xor[i])) % 0xff100f;
return res;
}
libnids-1.23/src/allpromisc.c 0000600 0000764 0000764 00000001572 10100162037 016720 0 ustar nergal nergal 0000000 0000000 #include "nids.h"
#ifdef __linux__
#include
#include
#include
#include
#include
#include
int set_all_promisc()
{
struct ifreq * ifaces;
int ifaces_size=8 * sizeof(struct ifreq);
struct ifconf param;
int sock;
unsigned int i;
sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
if (sock <= 0)
return 0;
do {
ifaces_size*=2;
ifaces=alloca(ifaces_size);
param.ifc_len = ifaces_size;
param.ifc_req = ifaces;
if (ioctl(sock, SIOCGIFCONF, ¶m))
goto err;
} while (param.ifc_len>=ifaces_size);
for (i = 0; i < param.ifc_len / sizeof(struct ifreq); i++) {
if (ioctl(sock, SIOCGIFFLAGS, ifaces + i))
goto err;
ifaces[i].ifr_flags |= IFF_PROMISC;
if (ioctl(sock, SIOCSIFFLAGS, ifaces + i))
goto err;
}
close(sock);
return 1;
err:
close(sock);
return 0;
}
#endif
libnids-1.23/src/hash.h 0000600 0000764 0000764 00000000104 07123756503 015513 0 ustar nergal nergal 0000000 0000000 void init_hash();
u_int
mkhash (u_int , u_short , u_int , u_short);
libnids-1.23/src/nids.h 0000600 0000764 0000764 00000006636 10757252234 015544 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#ifndef _NIDS_NIDS_H
# define _NIDS_NIDS_H
# include
#include
#include
# include
# include
# include
# ifdef __cplusplus
extern "C" {
# endif
# define NIDS_MAJOR 1
# define NIDS_MINOR 23
enum
{
NIDS_WARN_IP = 1,
NIDS_WARN_TCP,
NIDS_WARN_UDP,
NIDS_WARN_SCAN
};
enum
{
NIDS_WARN_UNDEFINED = 0,
NIDS_WARN_IP_OVERSIZED,
NIDS_WARN_IP_INVLIST,
NIDS_WARN_IP_OVERLAP,
NIDS_WARN_IP_HDR,
NIDS_WARN_IP_SRR,
NIDS_WARN_TCP_TOOMUCH,
NIDS_WARN_TCP_HDR,
NIDS_WARN_TCP_BIGQUEUE,
NIDS_WARN_TCP_BADFLAGS
};
# define NIDS_JUST_EST 1
# define NIDS_DATA 2
# define NIDS_CLOSE 3
# define NIDS_RESET 4
# define NIDS_TIMED_OUT 5
# define NIDS_EXITING 6 /* nids is exiting; last chance to get data */
# define NIDS_DO_CHKSUM 0
# define NIDS_DONT_CHKSUM 1
struct tuple4
{
u_short source;
u_short dest;
u_int saddr;
u_int daddr;
};
struct half_stream
{
char state;
char collect;
char collect_urg;
char *data;
int offset;
int count;
int count_new;
int bufsize;
int rmem_alloc;
int urg_count;
u_int acked;
u_int seq;
u_int ack_seq;
u_int first_data_seq;
u_char urgdata;
u_char count_new_urg;
u_char urg_seen;
u_int urg_ptr;
u_short window;
u_char ts_on;
u_char wscale_on;
u_int curr_ts;
u_int wscale;
struct skbuff *list;
struct skbuff *listtail;
};
struct tcp_stream
{
struct tuple4 addr;
char nids_state;
struct lurker_node *listeners;
struct half_stream client;
struct half_stream server;
struct tcp_stream *next_node;
struct tcp_stream *prev_node;
int hash_index;
struct tcp_stream *next_time;
struct tcp_stream *prev_time;
int read;
struct tcp_stream *next_free;
void *user;
};
struct nids_prm
{
int n_tcp_streams;
int n_hosts;
char *device;
char *filename;
int sk_buff_size;
int dev_addon;
void (*syslog) ();
int syslog_level;
int scan_num_hosts;
int scan_delay;
int scan_num_ports;
void (*no_mem) (char *);
int (*ip_filter) ();
char *pcap_filter;
int promisc;
int one_loop_less;
int pcap_timeout;
int multiproc;
int queue_limit;
int tcp_workarounds;
pcap_t *pcap_desc;
};
struct tcp_timeout
{
struct tcp_stream *a_tcp;
struct timeval timeout;
struct tcp_timeout *next;
struct tcp_timeout *prev;
};
int nids_init (void);
void nids_register_ip_frag (void (*));
void nids_register_ip (void (*));
void nids_register_tcp (void (*));
void nids_register_udp (void (*));
void nids_killtcp (struct tcp_stream *);
void nids_discard (struct tcp_stream *, int);
int nids_run (void);
void nids_exit(void);
int nids_getfd (void);
int nids_dispatch (int);
int nids_next (void);
void nids_pcap_handler(u_char *, struct pcap_pkthdr *, u_char *);
struct tcp_stream *nids_find_tcp_stream(struct tuple4 *);
void nids_free_tcp_stream(struct tcp_stream *);
extern struct nids_prm nids_params;
extern char *nids_warnings[];
extern char nids_errbuf[];
extern struct pcap_pkthdr *nids_last_pcap_header;
extern u_char *nids_last_pcap_data;
extern u_int nids_linkoffset;
extern struct tcp_timeout *nids_tcp_timeouts;
struct nids_chksum_ctl {
u_int netaddr;
u_int mask;
u_int action;
u_int reserved;
};
extern void nids_register_chksum_ctl(struct nids_chksum_ctl *, int);
# ifdef __cplusplus
}
# endif
#endif /* _NIDS_NIDS_H */
libnids-1.23/doc/ 0000700 0000764 0000764 00000000000 10757253105 014375 5 ustar nergal nergal 0000000 0000000 libnids-1.23/doc/PATCH 0000644 0000764 0000764 00000001543 07123151340 015163 0 ustar nergal nergal 0000000 0000000 --- linux-2.0.37/net/ipv4/tcp_input.c.orig Fri Jul 23 17:25:14 1999
+++ linux/net/ipv4/tcp_input.c Fri Jul 23 17:29:43 1999
@@ -2764,7 +2764,18 @@
kfree_skb(skb, FREE_READ);
return 0;
}
-
+
+ if (sk->state==TCP_SYN_RECV && th->ack && skb->ack_seq!=sk->sent_seq)
+ {
+ /*
+ * Quick fix to detect too small ack_seq
+ * in 3rd packet of 3ws and force a RST segment.
+ */
+ tcp_send_reset(daddr, saddr, th,sk->prot, opt, dev,0,255);
+ kfree_skb(skb, FREE_READ);
+ return 0;
+ }
+
rfc_step6:
/*
* If the accepted buffer put us over our queue size we
libnids-1.23/doc/TESTS 0000644 0000764 0000764 00000012426 10757252550 015244 0 ustar nergal nergal 0000000 0000000
====================
libnids-1.23
====================
In order to verify reliability of libnids, a number of tests were
conducted. A small applications were composed, which displayed on stdout data
received from libnids (contents of IP packets or data exchanged in TCP
connections). Test packets were sent to a host running Linux 2.0.36. As we
will see, libnids accurately emulated behaviour of the target host.
As mentioned in README, libnids resisted all attack implemented by
fragrouter 1.3. The following tests were conducted with custom tools.
1. IP defragmentation
Libnids was put to the following tests:
a) sending overlapping and/or duplicate IP fragments. All possible combinations
of fragments positions in the final packet were tried.
b) sending multiple fragments with the flag "no more fragments"
c) sending a fragmented packet, pause for 30+epsilon second, then sending
remaining fragments. If epsilon has been greater than zero, Linux
discarded the first fragment (and ICMP message of type TIME_EXCEEDED was
generated). In the other case, defragmentation succeeded.
d) two fragments F1 and F2 of a packet P with header id X were build. A packet
P' with header id X, but contents different to P was build as well.
Finally, packets F1, P', F2 were sent (in the mentioned order).
e) as a last test, resource managing was abused. Linux 2.0.x queues fragments
until they consume 256 KB of kernel memory, than some of queued fragments
are discarded so that less than 192 KB of kernel memory is consumed. A
helper program, sendtcpfrag, was built. It accepts two command line
parameters, x and y. Sendtcpfrag builds a certain TCP packet, which is
than split into two fragments, named A and B. Next x random IP fragments
carrying 8 data bytes are sent, than fragment A, than y random IP fragments
carrying 8 data bytes are sent, finally fragment B.
If all sent packets consume less than 256 KB of kernel memory, no packet
is dropped, and the target host will assemble packets A and B. Otherwise,
packet A can be dropped.
After execution of
# ./sendtcpfrag 650 61
target host received a TCP segment. The situation looked similarly when
second parameter was less than 61. After execution of
# ./sendtcpfrag 650 62
target host received no TCP segments. As we can see, 650+1+61 was the
threshold number of packets, which could be queued.
In the last test, libnids had to be fed a correct value of parameter
sk_buff_size (see more on libnids parameters in file API).
Libnids passed all above tests.
2) TCP segments assembly
Libnids was put to the following tests:
a) sending overlapping and/or duplicate segments. All possible
combinations of segments sequence numbers precedence were tried.
b) sending segments with sequence numbers ahead of expected values (test of
segments queuing)
c) sending segments [partially] out of connection window
d) sending segments carrying invalid TCP flags
e) sending segments carrying SYN flags after the sockets reached ESTABLISHED
state
f) sending segments carrying urgent data
g) closing of previously established TCP connection with a RST segment, then
setting up another connection with the same tuple (saddr, daddr, sport,
dport), but different sequence numbers
h) sending segments with incorrect IP or TCP checksum
i) sequence numbers wrap
j) initializing a TCP connection with a segment carrying not only SYN flag
k) resource managing. Linux queues TCP segments which fit in the connection
window until kernel memory used for this purpose reaches SK_RMEM_MAX
(typically 64 KB). Queuing uses lots of auxiliary data structures;
therefore Linux can discard TCP segments, which belong to the connection
window.
Another tool was written, tcpqueue. It sends a flow of TCP segments
carrying 1 byte of data. Segments have got consecutive, decreasing
sequence numbers (so they're sent in reversed order than any OS do).
Tcpqueue accepts two command line parameters: S - the last segment sequence
number, and N - number of segments to be sent. If S is the expected
sequence number of the connection and N is not big, all sent segments are
queued, then after the arrival of the last segments data from all segments
is passed to the application. If N is large, some of segments will be
discarded.
After execution of
# ./tcpqueue 2 283
(connection was set up with initial sequence number equal 1) application
(namely netcat) run on the target host received all 283 bytes of data.
After execution of
# ./tcpqueue 285 284
application received data from the last segment only. As we can see,
Linux queues up to 283 one-byte TCP segments, though it announces window
close to 32768.
Analogically to the last IP fragmentation test, libnids had to be fed a
correct value of parameter sk_buff_size.
Libnids passed all above tests, with one exception of test f. However, it is
due to a bug in Linux kernel, not libnids. In certain conditions, a byte of
urgent data can be included in normal data flow. Kernel developers were
notified, perhaps the bug will be squashed soon.
3. Additionally, libnids handles properly ICMP Destination Unreachable
packets. Source routed IP packets are discarded.
libnids-1.23/doc/bugtraq_post 0000644 0000764 0000764 00000010771 07123151340 017041 0 ustar nergal nergal 0000000 0000000 [cut]
Libnids was implemented with regard to results of Linux kernel 2.0.x
networking code analysis, included in my Master Thesis. This analysis was
conducted from NIDS developer's point of view. Of course, 2.0.x family is
obsolete now (still widely used though), but some points mentioned below are
worth checking against any OS.
1) In their famous paper, Ptacek and Newsham mention that a packet can
be discarded by a kernel if OS resources are low (e.g. too many packets arrives
in a unit of time), which makes an insertion attack possible. However, it was
not stated that an attacker can create such a condition deterministicly and
repeatably.
One obvious target is IP defragmentation. If many IP fragments arrive,
kernel has to drop some of them to avoid a DOS attack (IP fragment bomb). NIDS
has to employ the same defragmentation algorithm (including the order in
which fragments are discarded) which is used by protected systems; otherwise,
all discrepancies can be exploited by an attacker to construct an insertion or
evasion attack. The above statement is valid considering any OS type; what
makes things even worse in case of Linux is the fact that the behaviour of the
defragmentation algorithm used by Linux depends on kernel compilation options
(size of struct sk_buff is critical).
TCP segments queuing algorithm used by Linux 2.0.x is vulnerable to a
similar attack. Linux queues TCP segments that fit in a connection window until
the kernel memory consumed for this purpose (counted by rmem_alloc variable)
reaches 64 KB; when it happens, all unacknowledged segments are discarded. TCP
segments queuing requires a lot of auxiliary structures; as a result, TCP
segments can be dropped, even if their sequence numbers are acceptable. For
example, a tested 2.0.36 kernel could queue only 284 TCP segments carrying one
byte of data each (announced connection window was about 32K). Again, the
succesful emulation of this algorithm by NIDS requires knowledge of size of
struct sk_buff.
To sum up, it is obvious that DOS attacks against NIDS are a threat,
but that's not all. A mild DOS attack against a monitored host can trigger
some OS-dependent resource management algorithm, which can be tough to
emulate by NIDS.
Another nasty feature of Linux TCP queuing was found. If an
application doesn't receive data from kernel (doesn't perform read calls on a
socket for some time) all acknowledged (that is, ready to be passed to an app),
buffered segments still consume kernel memory (rmem_alloc counter is not zero).
As a result, even less packets can be queued (because some of 64KB pool is
still in use). It means that the number of queued packets (and consequently,
received data) depends on an application behaviour (!). To verify such
possibility, the same stream of packets was sent twice. First, the receiving
application A performed immediate read call. In the second case, the receiving
application B executed
sleep(1);
read(sockfd, buffer, num);
sequence of system calls. App A received different data than app B. The
delay imposed by sleep(1) call was unnecessarily large; a delay resulting
from a context switch can be big enough.
Libnids uses algorithms equivalent to or taken directly from Linux
kernel sources. If libnids is given a correct value of struct sk_buff size (it
is configurable in run-time, along with many other parameters) the above
mentioned attacks will not bypass libnids (with an exception of the last
one; libnids has no way to determine frequency of read calls performed by an
app). It also mean that at least IP defragmentation performed by libnids is
as reliable as one offered by Linux 2.0.36 kernel.
2) Linux firewall implementation includes one hard-coded rule. Quoting
from ip_fw.c:
/*
* Don't allow a fragment of TCP 8 bytes in. Nobody
* normal causes this. Its a cracker trying to break
* in by doing a flag overwrite to pass the direction
* checks.
*/
if (offset == 1 && ip->protocol == IPPROTO_TCP)
return FW_BLOCK;
So, if the kernel was compiled with CONFIG_FIREWALL (for instance, Redhat
install kernels are), it can block some packets (short fragmented TCP
segments), even if no firewall rules was defined by the administrator. If NIDS
accepts such a packet for further processing, an insertion attack is possible.
It's another example that NIDS has to know the compilation options of
monitored kernels.
[cut]
The description of other tests on libnids is included in libnids
distribution.
Save yourself,
Nergal
libnids-1.23/doc/NEW_LIBPCAP 0000644 0000764 0000764 00000000307 10757253100 016110 0 ustar nergal nergal 0000000 0000000
====================
libnids-1.23
====================
This document is obsolete; read LINUX instead !
libnids-1.23/doc/API.html 0000644 0000764 0000764 00000101462 10757252467 015724 0 ustar nergal nergal 0000000 0000000
Libnids-1.23 API
====================
libnids-1.23
====================
- Introduction
- IP defragmentation
- TCP stream assembly
- A sample application
- Basic libnids structures and functions
- Misc useful hacks
- New features in version 1.21
Declarations of data structures and functions defined by libnids are
gathered in include file "nids.h". An application which uses libnids must
include this file and must be linked with libnids.a (or libnids.so.x.x).
An application's function main usually looks this way:
main()
{
application private processing, not related to libnids
optional modification of libnids parameters
if (!nids_init() ) something's wrong, terminate;
registration of callback functions
nids_run();
// not reached in normal situation
}
Another method is mentioned later.
In order to receive all IP packets seen by libnids (including
fragmented ones, packets with invalid checksum et cetera) a programmer should
define a callback function of the following type
void ip_frag_func(struct ip * a_packet, int len)
After calling nids_init
, this function should be registered with
libnids:
nids_register_ip_frag(ip_frag_func);
Function ip_frag_func
will be called from libnids; parameter
a_packet
will
point to a received datagram, len
is the packet length.
Analogically, in order to receive only packets, which will be accepted
by a target host (that is, packets not fragmented or packets assembled from
fragments; a header correctness is verified) one should define a callback
function
void ip_func(struct ip * a_packet, int len)
and register it with
nids_register_ip(ip_func);
In order to receive data exchanged in a TCP stream, one must declare a
callback function
void tcp_callback(struct tcp_stream * ns, void ** param)
Structure tcp_stream
provides all info on a TCP connection. For instance, it
contains two fields of type struct half_stream
(named
client
and server
), each
of them describing one side of a connection. We'll explain all its fields
later.
One of tcp_stream
field is named
nids_state
. Behaviour of tcp_callback
depends on value of this field.
ns->nids_state==NIDS_JUST_EST
In this case, ns
describes a connection
which has just been established. Tcp_callback must decide if it wishes to be
notified in future of arrival of data in this connection. All the connection
parameters are available (IP addresses, ports numbers etc). If the
connection is interesting, tcp_callback informs libnids which data it wishes
to receive (data to client, to server, urgent data to client, urgent data to
server). Then the function returns.
ns->nids_state==NIDS_DATA
In this case, new data has arrived.
Structures
half_stream
(members of tcp_stream
) contain buffers
with data.
- The following values of
nids_state
field :
- NIDS_CLOSE
- NIDS_RESET
- NIDS_TIMED_OUT
mean that the connection has been closed. Tcp_callback should free
allocated resources, if any.
-
ns->nids_state==NIDS_EXITING
In this case, libnids is exiting. This is the applications
last opportunity to make use of any data left stored in the
half_stream buffers. When reading traffic from a capture file
rather than the network, libnids may never see a close, reset, or
timeout. If the application has unprocessed data (e.g., from
using nids_discard(), this allows the application to process it.
Now let's have a look at a simple application, which displays on stderr data
exchanged in all TCP connections seen by libnids.
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <arpa/inet.h>
#include <string.h>
#include <stdio.h>
#include "nids.h"
#define int_ntoa(x) inet_ntoa(*((struct in_addr *)&x))
// struct tuple4 contains addresses and port numbers of the TCP connections
// the following auxiliary function produces a string looking like
// 10.0.0.1,1024,10.0.0.2,23
char *
adres (struct tuple4 addr)
{
static char buf[256];
strcpy (buf, int_ntoa (addr.saddr));
sprintf (buf + strlen (buf), ",%i,", addr.source);
strcat (buf, int_ntoa (addr.daddr));
sprintf (buf + strlen (buf), ",%i", addr.dest);
return buf;
}
void
tcp_callback (struct tcp_stream *a_tcp, void ** this_time_not_needed)
{
char buf[1024];
strcpy (buf, adres (a_tcp->addr)); // we put conn params into buf
if (a_tcp->nids_state == NIDS_JUST_EST)
{
// connection described by a_tcp is established
// here we decide, if we wish to follow this stream
// sample condition: if (a_tcp->addr.dest!=23) return;
// in this simple app we follow each stream, so..
a_tcp->client.collect++; // we want data received by a client
a_tcp->server.collect++; // and by a server, too
a_tcp->server.collect_urg++; // we want urgent data received by a
// server
#ifdef WE_WANT_URGENT_DATA_RECEIVED_BY_A_CLIENT
a_tcp->client.collect_urg++; // if we don't increase this value,
// we won't be notified of urgent data
// arrival
#endif
fprintf (stderr, "%s established\n", buf);
return;
}
if (a_tcp->nids_state == NIDS_CLOSE)
{
// connection has been closed normally
fprintf (stderr, "%s closing\n", buf);
return;
}
if (a_tcp->nids_state == NIDS_RESET)
{
// connection has been closed by RST
fprintf (stderr, "%s reset\n", buf);
return;
}
if (a_tcp->nids_state == NIDS_DATA)
{
// new data has arrived; gotta determine in what direction
// and if it's urgent or not
struct half_stream *hlf;
if (a_tcp->server.count_new_urg)
{
// new byte of urgent data has arrived
strcat(buf,"(urgent->)");
buf[strlen(buf)+1]=0;
buf[strlen(buf)]=a_tcp->server.urgdata;
write(1,buf,strlen(buf));
return;
}
// We don't have to check if urgent data to client has arrived,
// because we haven't increased a_tcp->client.collect_urg variable.
// So, we have some normal data to take care of.
if (a_tcp->client.count_new)
{
// new data for the client
hlf = &a_tcp->client; // from now on, we will deal with hlf var,
// which will point to client side of conn
strcat (buf, "(<-)"); // symbolic direction of data
}
else
{
hlf = &a_tcp->server; // analogical
strcat (buf, "(->)");
}
fprintf(stderr,"%s",buf); // we print the connection parameters
// (saddr, daddr, sport, dport) accompanied
// by data flow direction (-> or <-)
write(2,hlf->data,hlf->count_new); // we print the newly arrived data
}
return ;
}
int
main ()
{
// here we can alter libnids params, for instance:
// nids_params.n_hosts=256;
if (!nids_init ())
{
fprintf(stderr,"%s\n",nids_errbuf);
exit(1);
}
nids_register_tcp (tcp_callback);
nids_run ();
return 0;
}
Now it's time for more systematic description of libnids structures. As
mentioned, they're all declared in nids.h
struct tuple4 // TCP connection parameters
{
unsigned short source,dest; // client and server port numbers
unsigned long saddr,daddr; // client and server IP addresses
};
struct half_stream // structure describing one side of a TCP connection
{
char state; // socket state (ie TCP_ESTABLISHED )
char collect; // if >0, then data should be stored in
// "data" buffer; else
// data flowing in this direction will be ignored
// have a look at samples/sniff.c for an example
// how one can use this field
char collect_urg; // analogically, determines if to collect urgent
// data
char * data; // buffer for normal data
unsigned char urgdata; // one-byte buffer for urgent data
int count; // how many bytes has been appended to buffer "data"
// since the creation of a connection
int offset; // offset (in data stream) of first byte stored in
// the "data" buffer; additional explanations
// follow
int count_new; // how many bytes were appended to "data" buffer
// last (this) time; if == 0, no new data arrived
char count_new_urg; // if != 0, new urgent data arrived
... // other fields are auxiliary for libnids
};
struct tcp_stream
{
struct tuple4 addr; // connections params (saddr, daddr, sport, dport)
char nids_state; // logical state of the connection
struct half_stream client,server; // structures describing client and
// server side of the connection
... // other fields are auxiliary for libnids
};
In the above sample program function tcp_callback printed data from
hlf->data
buffer on stderr, and this data was no longer needed. After
tcp_callback return, libnids by default frees space occupied by this data.
Field hlf->offset
will be increased by number of discarded bytes,
and new data
will be stored at the beginning of "data" buffer.
If the above is not the desired behaviour (for instance, data processor
needs at least N bytes of input to operate, and so far libnids received
count_new<N
bytes) one should call
function
void nids_discard(struct tcp_stream * a_tcp, int num_bytes)
before tcp_callback returns. As a result, after tcp_callback return libnids
will discard at most num_bytes
first bytes from buffer "data"
(updating
"offset" field accordingly, and moving rest of the data to the beginning of
the buffer).
If nids_discard
function is never called (like in above sample program),
buffer hlf->data
contains exactly
hlf->count_new
bytes. Generally, number of
bytes in buffer hlf->data
equals
hlf->count-hlf->offset
.
Thanks to nids_discard function, a programmer doesn't have to copy
received bytes into a separate buffer - hlf->data
will always contain as many
bytes, as possible. However, often arises a need to maintain auxiliary data
structures per each pair (libnids_callback, tcp stream). For instance, if we
wish to detect an attack against wu-ftpd (this attack involves creating deep
directory on the server), we need to store somewhere current directory of a
ftpd daemon. It will be changed by "CWD" instructions sent by ftp client.
That's what the second parameter of tcp_callback is for. It is a pointer to a
pointer to data private for each (libnids_callback, tcp stream) pair.
Typically, one should use it as follows:
void
tcp_callback_2 (struct tcp_stream * a_tcp, struct conn_param **ptr)
{
if (a_tcp->nids_state==NIDS_JUST_EST)
{
struct conn_param * a_conn;
if the connection is uninteresting, return;
a_conn=malloc of some data structure
init of a_conn
*ptr=a_conn // this value will be passed to tcp_callback_2 in future
// calls
increase some of "collect" fields
return;
}
if (a_tcp->nids_state==NIDS_DATA)
{
struct conn_param *current_conn_param=*ptr;
using current_conn_param and the newly received data from the net
we search for attack signatures, possibly modyfying
current_conn_param
return ;
}
Functions nids_register_tcp
and
nids_register_ip*
can be called
arbitrary number of times. Two different functions (similar to tcp_callback)
are allowed to follow the same TCP stream (with
a certain non-default exception).
Libnids parameters can be changed by modification of fields of the
global variable nids_params
, declared as follows:
struct nids_prm
{
int n_tcp_streams; // size of the hash table used for storing structures
// tcp_stream; libnis will follow no more than
// 3/4 * n_tcp_streams connections simultaneously
// default value: 1040. If set to 0, libnids will
// not assemble TCP streams.
int n_hosts; // size of the hash table used for storing info on
// IP defragmentation; default value: 256
char * filename; // capture filename from which to read packets;
// file must be in libpcap format and device must
// be set to NULL; default value: NULL
char * device; // interface on which libnids will listen for packets;
// default value == NULL, in which case device will
// be determined by call to pcap_lookupdev; special
// value of "all" results in libnids trying to
// capture packets on all interfaces (this works only
// with Linux kernel > 2.2.0 and libpcap >= 0.6.0);
// see also doc/LINUX
int sk_buff_size; // size of struct sk_buff, a structure defined by
// Linux kernel, used by kernel for packets queuing. If
// this parameter has different value from
// sizeof(struct sk_buff), libnids can be bypassed
// by attacking resource managing of libnis (see TEST
// file). If you are paranoid, check sizeof(sk_buff)
// on the hosts on your network, and correct this
// parameter. Default value: 168
int dev_addon; // how many bytes in structure sk_buff is reserved for
// information on net interface; if dev_addon==-1, it
// will be corrected during nids_init() according to
// type of the interface libnids will listen on.
// Default value: -1.
void (*syslog)(); // see description below the nids_params definition
int syslog_level; // if nids_params.syslog==nids_syslog, then this field
// determines loglevel used by reporting events by
// system daemon syslogd; default value: LOG_ALERT
int scan_num_hosts;// size of hash table used for storing info on port
// scanning; the number of simultaneuos port
// scan attempts libnids will detect. if set to
// 0, port scanning detection will be turned
// off. Default value: 256.
int scan_num_ports;// how many TCP ports has to be scanned from the same
// source. Default value: 10.
int scan_delay; // with no more than scan_delay milisecond pause
// between two ports, in order to make libnids report
// portscan attempt. Default value: 3000
void (*no_mem)(); // called when libnids runs out of memory; it should
// terminate the current process
int (*ip_filter)(struct ip*); // this function is consulted when an IP
// packet arrives; if ip_filter returns non-zero, the
// packet is processed, else it is discarded. This way
// one can monitor traffic directed at selected hosts
// only, not entire subnet. Default function
// (nids_ip_filter) always returns 1
char *pcap_filter; // filter string to hand to pcap(3). Default is
// NULL. be aware that this applies to the
// link-layer, so filters like "tcp dst port 23"
// will NOT correctly handle fragmented traffic; one
// should add "or (ip[6:2] & 0x1fff != 0)" to process
// all fragmented packets
int promisc; // if non-zero, the device(s) libnids reads packets
// from will be put in promiscuous mode. Default: 1
int one_loop_less; // disabled by default; see the explanation
int pcap_timeout; // the "timeout" parameter to pcap_open_live
// 1024 (ms) by default ; change to a lower value
// if you want a quick reaction to traffic; this
// is present starting with libnids-1.20
int multiproc; // start ip defragmentation and tcp stream assembly in a
// different thread parameter to a nonzero value and
// compiling libnids in an environment where glib-2.0 is
// available enables libnids to use two different threads
// - one for receiving IP fragments from libpcap,
// and one, with lower priority, to process fragments,
// streams and to notify callbacks. Preferrably using
// nids_run() this behavior is invisible to the user.
// Using this functionality with nids_next() is quite
// useless since the thread must be started and stopped
// for every packet received.
// Also, if it is enabled, global variables (nids_last_pcap_header
// and nids_last_pcap_data) may not point to the
// packet currently processed by a callback
int queue_limit; // limit on the number of packets to be queued;
// used only when multiproc=true; 20000 by default
int tcp_workarounds; // enable (hopefully harmless) workarounds for some
// non-rfc-compliant TCP/IP stacks
pcap_t *pcap_desc; // pcap descriptor
} nids_params;
The field syslog of nids_params variable by default contains the
address of function nids_syslog
, declared as:
void nids_syslog (int type, int errnum, struct ip *iph, void *data);
Function nids_params.syslog
is used to report unusual condition, such as
port scan attempts, invalid TCP header flags and other. This field should be
assigned the address of a custom event logging function. Function
nids_syslog
(defined in libnids.c) can be an example on how to decode parameters passed
to nids_params.syslog
. Nids_syslog
logs messages to
system daemon syslogd,
disregarding such things like message rate per second or free disk space
(that is why it should be replaced).
If one is interested in UDP datagrams, one should
declare
void udp_callback(struct tuple4 * addr, char * buf, int len,
struct ip * iph);
and register it with
nids_register_udp(udp_callback)
Parameter addr
contains address info, buf
points to data carried
by UDP
packet, len
is the data length, and iph
points to the IP packet which
contained the UDP packet. The checksum is verified.
As a nice toy :) function
void nids_killtcp(struct tcp_stream * a_tcp)
is implemented. It terminates TCP connection described by a_tcp by sending
RST segments.
Originally the RST segments sent by libnids were given a sequence number
in the half of the
TCP window of the destination. MS Windows systems with MS05-019 patch
applied do not seem to tear down a connection upon receiving such RSTs, so
now libnids sends two RSTs in each direction - additional one has the lowest
(expected) seq. Unfortunately, it is somewhat unreliable: if due to traffic
burst, your application is a few miliseconds delayed behind the current
traffic, its view of what the current/expected seq is may be incorrect.
Naturaly, sending a RST as a defensive measure is unreliable by design,
unless deployed on an "inline NIDS", or NIPS, as a few call it; therefore
the "toy" label.
Using nids_run()
has one disadvantage - the application becomes
totally packets driven. Sometimes it is necessary to perform some task even
when no packets arrive. Instead of nids_run()
, one
can use function
int nids_next()
It calls pcap_next()
instead of pcap_loop
, that is it processes
only one
packet. If no packet is available, the process will sleep.
Nids_next()
returns
1 on success, 0 on error (nids_errbuf
contains appropriate
message then).
Typically, when using nids_next()
, an aplication will
sleep in a
select()
function, with a snooping socket fd present in
read fd_set
. This fd
can be obtained via a call to
int nids_getfd()
It returns a file descriptor when succeeded and -1 on error (
nids_errbuf
is filled then).
Similarly, function
int nids_dispatch(int cnt)
is a wrapper around pcap_dispatch. It maybe advantageous to use it instead
of nids_next() when we want to distinguish between return values (ie
end-of-file vs error).
There are a few reasons why you may want to skip checksum processing on
certain packets:
-
Nowadays, some NIC drivers are capable of computing checksums of outgoing
packets. In such case, outgoing packets passed to libpcap can have
uncomputed checksums. So, you may want to not check checksums on outgoing
packets.
-
In order to improve performance, you may wish to not compute checksums for
hosts one trusts (or protects), e.g. one's server farm.
In order to let libnids know which packets should not be checksummed, you
should allocate an array of struct nids_chksum_ctl (defined in nids.h):
struct nids_chksum_ctl
{ u_int netaddr;
u_int mask;
u_int action;
/* reserved fields */
};
and register it with
nids_register_chksum_ctl(struct nids_chksum_ctl *, int);
where the second parameter indicates the number of elements in the
array.
Checksumming functions will first check elements of this array one by
one, and if
the source ip SRCIP of the current packet satisfies condition
(SRCIP&chksum_ctl_array[i].mask)==chksum_ctl_array[i].netaddr
then if the "action" field is NIDS_DO_CHKSUM, the packet will be checksummed; if the "action"
field is NIDS_DONT_CHKSUM, the packet will not be checksummed. If the packet matches none
of the array elements, the default action is to perform checksumming.
The example of usage is available in the samples/chksum_ctl.c file.
The include file nids.h defines the constants NIDS_MAJOR (1) and
NIDS_MINOR (21), which can be used to determine in runtime the version of
libnids. Nids.h used to define HAVE_NEW_PCAP as well, but since 1.19 it is
nonsupported as obsolete.
Typically, data carried by a tcp stream can be divided into
protocol-dependent records (say, lines of input). A tcp callback can receive
an amount of data, which contains more then one record. Therefore, a tcp
callback should iterate its protocol parsing routine over the whole amount
of data received. This adds complexity to the code.
If nids_params.one_loop_less
is non-zero, libnids behaviour changes
slightly. If a callback consumes some (but not all) of newly arrived data,
libnids calls it immediately again. Only non-processed data remain in the
buffer, and rcv->count_new
is decreased appropriately. Thus,
a callback can
process only one record at the time - libnids will call it again, until no
new data remain or no data can be processed.
Unfortunately, this behaviour introduces horrible semantics problems in case
of 2+ callbacks reading the same half of a tcp stream. Therefore, if
nids_params.one_loop_less
is non-zero, you are not allowed to
attach two or
more callbacks to the same half of tcp stream. Unfortunately, the existing
interface is unable to propagate the error to the callback - therefore, you
must watch it yourself. You have been warned.
The pcap header of the last seen packet is exported as
extern struct pcap_pkthdr *nids_last_pcap_header;
It is wise to use it to get timestamp, to get a better accuracy and save a syscall.
Other applications using libnids can be found in "samples" directory.
Version 1.21 brings several bugfixes, optimizations and a few new features, but mostly
extra external variables and functions to access libnids' intrinsics from the outside.
nids_last_pcap_data is a new external variable to get the data of the last
PCAP frame, like it was already possible to use nids_last_pcap_header in order to
get the header of the last PCAP frame.
nids_linkoffset is a new external variable to get the computed offset
between the link layer and the network layer for the current PCAP device. It is useful
to reconstruct PCAP frames from IP defragmented packets which you get in your
ip_func (see chapter on IP defragmentation)
by copying the same amount of bytes from the beginning of nids_last_pcap_data
representing the link layer, like this:
void ip_callback(struct ip *pkt, int len)
{
u_char *frame;
struct pcap_pkthdr ph;
frame = malloc(len + nids_linkoffset);
memcpy(frame, nids_last_pcap_data, nids_linkoffset);
memcpy(frame + nids_linkoffset, pkt, len);
ph.ts = nids_last_pcap_header->ts;
ph.caplen = ph.len = len + nids_linkoffset;
pcap_dump(nids_params.pcap_desc, &ph, frame);
free(frame);
}
In versions prior to 1.21 it was only possible to give libnids a device or file name
and have it take total control over libpcap operations when using nids_run() or
nids_next(). Now, with nids_params.pcap_desc it is possible to
have your pcap_handler outside libnids and choose which frames you want to be
processed by libnids (e.g. only TCP packets to keep track of TCP connections whilst
this is not your only objective); all you have to do is copy your pointer to the
pcap_t structure (returned by pcap_open_live(), pcap_open_dead()
or pcap_open_offline()) to nids_params.pcap_desc and call
nids_pcap_handler(), normally with the same parameters as your own
pcap_handler (the one you registered with pcap_dispatch() or pcap_loop())
was called with. NOTE: since libnids cannot know when
you are finished if you interactively pass packets to it with
nids_pcap_handler(), you must tell it when to free the allocated resources
by calling nids_exit().
nids_params.tcp_workarounds is a new libnids runtime option which can be used
to enable extra checks for faulty implementations of TCP such as the ones which allow
connections to be closed despite the fact that there should be retransmissions for lost
packets first, thus violating section 3.5 of RFC 793. In those cases, and if this option
is non-zero, libnids will set the NIDS_TIMED_OUT state for TCP connections that
were savagely closed.
nids_find_tcp_stream() is a new external function that can be used
to find the corresponding tcp_stream structure for a given pointer to a
tuple4 structure.
nids_free_tcp_stream() is a new external function that can be used
for example to force libnids into not following a TCP stream anymore.
BEWARE! Calling nids_free_tcp_stream()
from inside one of your registered tcp_callbacks on a TCP stream that is already
in a closing state (NIDS_CLOSE, NIDS_TIMED_OUT, NIDS_RESET or
NIDS_EXITING) will result in a double free (because libnids will call
nids_free_tcp_stream() internally when your tcp_callback returns) and
your program will crash.
nids_unregister_ip_frag(), nids_unregister_ip(),
nids_unregister_udp() and nids_unregister_tcp() are
new external functions that can be used to unregister callbacks previous registed with
the corresponding nids_register_*(), at any time.
tcp_stream.user is a new field in the structure passed to TCP callbacks.
It is similar to their void **param argument, except that it is global to all
the TCP callbacks for the same stream, whereas param is specific to each
callback.
libnids-1.23/doc/API.txt 0000600 0000764 0000764 00000071500 10757252477 015567 0 ustar nergal nergal 0000000 0000000
====================
libnids-1.23
====================
1. Introduction
2. IP defragmentation
3. TCP stream assembly
4. A sample application
5. Basic libnids structures and functions
6. Misc useful hacks
7. New features in version 1.21
1. Introduction
Declarations of data structures and functions defined by libnids are
gathered in include file "nids.h". An application which uses libnids must
include this file and must be linked with libnids.a (or libnids.so.x.x).
An application's function main usually looks this way:
main()
{
application private processing, not related to libnids
optional modification of libnids parameters
if (!nids_init() ) something's wrong, terminate;
registration of callback functions
nids_run();
// not reached in normal situation
}
Another method is mentioned later.
2. IP defragmentation
In order to receive all IP packets seen by libnids (including fragmented
ones, packets with invalid checksum et cetera) a programmer should define a
callback function of the following type
void ip_frag_func(struct ip * a_packet, int len)
After calling nids_init, this function should be registered with libnids:
nids_register_ip_frag(ip_frag_func);
Function ip_frag_func will be called from libnids; parameter a_packet will
point to a received datagram, len is the packet length.
Analogically, in order to receive only packets, which will be accepted by a
target host (that is, packets not fragmented or packets assembled from
fragments; a header correctness is verified) one should define a callback
function
void ip_func(struct ip * a_packet, int len)
and register it with
nids_register_ip(ip_func);
3. TCP stream assembly
In order to receive data exchanged in a TCP stream, one must declare a
callback function
void tcp_callback(struct tcp_stream * ns, void ** param)
Structure tcp_stream provides all info on a TCP connection. For instance, it
contains two fields of type struct half_stream (named client and server),
each of them describing one side of a connection. We'll explain all its
fields later.
One of tcp_stream field is named nids_state. Behaviour of tcp_callback
depends on value of this field.
*
ns->nids_state==NIDS_JUST_EST
In this case, ns describes a connection which has just been established.
Tcp_callback must decide if it wishes to be notified in future of
arrival of data in this connection. All the connection parameters are
available (IP addresses, ports numbers etc). If the connection is
interesting, tcp_callback informs libnids which data it wishes to
receive (data to client, to server, urgent data to client, urgent data
to server). Then the function returns.
*
ns->nids_state==NIDS_DATA
In this case, new data has arrived. Structures half_stream (members of
tcp_stream) contain buffers with data.
* The following values of nids_state field :
+ NIDS_CLOSE
+ NIDS_RESET
+ NIDS_TIMED_OUT
mean that the connection has been closed. Tcp_callback should free
allocated resources, if any.
*
ns->nids_state==NIDS_EXITING
In this case, libnids is exiting. This is the applications last
opportunity to make use of any data left stored in the half_stream
buffers. When reading traffic from a capture file rather than the
network, libnids may never see a close, reset, or timeout. If the
application has unprocessed data (e.g., from using nids_discard(), this
allows the application to process it.
4. A sample application
Now let's have a look at a simple application, which displays on stderr data
exchanged in all TCP connections seen by libnids.
#include
#include
#include
#include
#include
#include
#include
#include "nids.h"
#define int_ntoa(x) inet_ntoa(*((struct in_addr *)&x))
// struct tuple4 contains addresses and port numbers of the TCP connections
// the following auxiliary function produces a string looking like
// 10.0.0.1,1024,10.0.0.2,23
char *
adres (struct tuple4 addr)
{
static char buf[256];
strcpy (buf, int_ntoa (addr.saddr));
sprintf (buf + strlen (buf), ",%i,", addr.source);
strcat (buf, int_ntoa (addr.daddr));
sprintf (buf + strlen (buf), ",%i", addr.dest);
return buf;
}
void
tcp_callback (struct tcp_stream *a_tcp, void ** this_time_not_needed)
{
char buf[1024];
strcpy (buf, adres (a_tcp->addr)); // we put conn params into buf
if (a_tcp->nids_state == NIDS_JUST_EST)
{
// connection described by a_tcp is established
// here we decide, if we wish to follow this stream
// sample condition: if (a_tcp->addr.dest!=23) return;
// in this simple app we follow each stream, so..
a_tcp->client.collect++; // we want data received by a client
a_tcp->server.collect++; // and by a server, too
a_tcp->server.collect_urg++; // we want urgent data received by a
// server
#ifdef WE_WANT_URGENT_DATA_RECEIVED_BY_A_CLIENT
a_tcp->client.collect_urg++; // if we don't increase this value,
// we won't be notified of urgent data
// arrival
#endif
fprintf (stderr, "%s established\n", buf);
return;
}
if (a_tcp->nids_state == NIDS_CLOSE)
{
// connection has been closed normally
fprintf (stderr, "%s closing\n", buf);
return;
}
if (a_tcp->nids_state == NIDS_RESET)
{
// connection has been closed by RST
fprintf (stderr, "%s reset\n", buf);
return;
}
if (a_tcp->nids_state == NIDS_DATA)
{
// new data has arrived; gotta determine in what direction
// and if it's urgent or not
struct half_stream *hlf;
if (a_tcp->server.count_new_urg)
{
// new byte of urgent data has arrived
strcat(buf,"(urgent->)");
buf[strlen(buf)+1]=0;
buf[strlen(buf)]=a_tcp->server.urgdata;
write(1,buf,strlen(buf));
return;
}
// We don't have to check if urgent data to client has arrived,
// because we haven't increased a_tcp->client.collect_urg variable.
// So, we have some normal data to take care of.
if (a_tcp->client.count_new)
{
// new data for the client
hlf = &a_tcp->client; // from now on, we will deal with hlf var,
// which will point to client side of conn
strcat (buf, "(<-)"); // symbolic direction of data
}
else
{
hlf = &a_tcp->server; // analogical
strcat (buf, "(->)");
}
fprintf(stderr,"%s",buf); // we print the connection parameters
// (saddr, daddr, sport, dport) accompanied
// by data flow direction (-> or <-)
write(2,hlf->data,hlf->count_new); // we print the newly arrived data
}
return ;
}
int
main ()
{
// here we can alter libnids params, for instance:
// nids_params.n_hosts=256;
if (!nids_init ())
{
fprintf(stderr,"%s\n",nids_errbuf);
exit(1);
}
nids_register_tcp (tcp_callback);
nids_run ();
return 0;
}
5. Basic libnids structures and functions
Now it's time for more systematic description of libnids structures. As
mentioned, they're all declared in nids.h
struct tuple4 // TCP connection parameters
{
unsigned short source,dest; // client and server port numbers
unsigned long saddr,daddr; // client and server IP addresses
};
struct half_stream // structure describing one side of a TCP connection
{
char state; // socket state (ie TCP_ESTABLISHED )
char collect; // if >0, then data should be stored in
// "data" buffer; else
// data flowing in this direction will be ignored
// have a look at samples/sniff.c for an example
// how one can use this field
char collect_urg; // analogically, determines if to collect urgent
// data
char * data; // buffer for normal data
unsigned char urgdata; // one-byte buffer for urgent data
int count; // how many bytes has been appended to buffer "data"
// since the creation of a connection
int offset; // offset (in data stream) of first byte stored in
// the "data" buffer; additional explanations
// follow
int count_new; // how many bytes were appended to "data" buffer
// last (this) time; if == 0, no new data arrived
char count_new_urg; // if != 0, new urgent data arrived
... // other fields are auxiliary for libnids
};
struct tcp_stream
{
struct tuple4 addr; // connections params (saddr, daddr, sport, dport)
char nids_state; // logical state of the connection
struct half_stream client,server; // structures describing client and
// server side of the connection
... // other fields are auxiliary for libnids
};
In the above sample program function tcp_callback printed data from
hlf->data buffer on stderr, and this data was no longer needed. After
tcp_callback return, libnids by default frees space occupied by this data.
Field hlf->offset will be increased by number of discarded bytes, and new
data will be stored at the beginning of "data" buffer. If the above is not
the desired behaviour (for instance, data processor needs at least N bytes
of input to operate, and so far libnids received count_newdata contains exactly hlf->count_new bytes. Generally,
number of bytes in buffer hlf->data equals hlf->count-hlf->offset.
Thanks to nids_discard function, a programmer doesn't have to copy received
bytes into a separate buffer - hlf->data will always contain as many bytes,
as possible. However, often arises a need to maintain auxiliary data
structures per each pair (libnids_callback, tcp stream). For instance, if we
wish to detect an attack against wu-ftpd (this attack involves creating deep
directory on the server), we need to store somewhere current directory of a
ftpd daemon. It will be changed by "CWD" instructions sent by ftp client.
That's what the second parameter of tcp_callback is for. It is a pointer to
a pointer to data private for each (libnids_callback, tcp stream) pair.
Typically, one should use it as follows:
void
tcp_callback_2 (struct tcp_stream * a_tcp, struct conn_param **ptr)
{
if (a_tcp->nids_state==NIDS_JUST_EST)
{
struct conn_param * a_conn;
if the connection is uninteresting, return;
a_conn=malloc of some data structure
init of a_conn
*ptr=a_conn // this value will be passed to tcp_callback_2 in future
// calls
increase some of "collect" fields
return;
}
if (a_tcp->nids_state==NIDS_DATA)
{
struct conn_param *current_conn_param=*ptr;
using current_conn_param and the newly received data from the net
we search for attack signatures, possibly modyfying
current_conn_param
return ;
}
Functions nids_register_tcp and nids_register_ip* can be called arbitrary
number of times. Two different functions (similar to tcp_callback) are
allowed to follow the same TCP stream (with a certain non-default
exception).
Libnids parameters can be changed by modification of fields of the global
variable nids_params, declared as follows:
struct nids_prm
{
int n_tcp_streams; // size of the hash table used for storing structures
// tcp_stream; libnis will follow no more than
// 3/4 * n_tcp_streams connections simultaneously
// default value: 1040. If set to 0, libnids will
// not assemble TCP streams.
int n_hosts; // size of the hash table used for storing info on
// IP defragmentation; default value: 256
char * filename; // capture filename from which to read packets;
// file must be in libpcap format and device must
// be set to NULL; default value: NULL
char * device; // interface on which libnids will listen for packets;
// default value == NULL, in which case device will
// be determined by call to pcap_lookupdev; special
// value of "all" results in libnids trying to
// capture packets on all interfaces (this works only
// with Linux kernel > 2.2.0 and libpcap >= 0.6.0);
// see also doc/LINUX
int sk_buff_size; // size of struct sk_buff, a structure defined by
// Linux kernel, used by kernel for packets queuing. If
// this parameter has different value from
// sizeof(struct sk_buff), libnids can be bypassed
// by attacking resource managing of libnis (see TEST
// file). If you are paranoid, check sizeof(sk_buff)
// on the hosts on your network, and correct this
// parameter. Default value: 168
int dev_addon; // how many bytes in structure sk_buff is reserved for
// information on net interface; if dev_addon==-1, it
// will be corrected during nids_init() according to
// type of the interface libnids will listen on.
// Default value: -1.
void (*syslog)(); // see description below the nids_params definition
int syslog_level; // if nids_params.syslog==nids_syslog, then this field
// determines loglevel used by reporting events by
// system daemon syslogd; default value: LOG_ALERT
int scan_num_hosts;// size of hash table used for storing info on port
// scanning; the number of simultaneuos port
// scan attempts libnids will detect. if set to
// 0, port scanning detection will be turned
// off. Default value: 256.
int scan_num_ports;// how many TCP ports has to be scanned from the same
// source. Default value: 10.
int scan_delay; // with no more than scan_delay milisecond pause
// between two ports, in order to make libnids report
// portscan attempt. Default value: 3000
void (*no_mem)(); // called when libnids runs out of memory; it should
// terminate the current process
int (*ip_filter)(struct ip*); // this function is consulted when an IP
// packet arrives; if ip_filter returns non-zero, the
// packet is processed, else it is discarded. This way
// one can monitor traffic directed at selected hosts
// only, not entire subnet. Default function
// (nids_ip_filter) always returns 1
char *pcap_filter; // filter string to hand to pcap(3). Default is
// NULL. be aware that this applies to the
// link-layer, so filters like "tcp dst port 23"
// will NOT correctly handle fragmented traffic; one
// should add "or (ip[6:2] & 0x1fff != 0)" to process
// all fragmented packets
int promisc; // if non-zero, the device(s) libnids reads packets
// from will be put in promiscuous mode. Default: 1
int one_loop_less; // disabled by default; see the explanation
int pcap_timeout; // the "timeout" parameter to pcap_open_live
// 1024 (ms) by default ; change to a lower value
// if you want a quick reaction to traffic; this
// is present starting with libnids-1.20
int multiproc; // start ip defragmentation and tcp stream assembly in a
// different thread parameter to a nonzero value and
// compiling libnids in an environment where glib-2.0 is
// available enables libnids to use two different threads
// - one for receiving IP fragments from libpcap,
// and one, with lower priority, to process fragments,
// streams and to notify callbacks. Preferrably using
// nids_run() this behavior is invisible to the user.
// Using this functionality with nids_next() is quite
// useless since the thread must be started and stopped
// for every packet received.
// Also, if it is enabled, global variables (nids_last_pc
ap_header
// and nids_last_pcap_data) may not point to the
// packet currently processed by a callback
int queue_limit; // limit on the number of packets to be queued;
// used only when multiproc=true; 20000 by default
int tcp_workarounds; // enable (hopefully harmless) workarounds for some
// non-rfc-compliant TCP/IP stacks
pcap_t *pcap_desc; // pcap descriptor
} nids_params;
The field syslog of nids_params variable by default contains the address of
function nids_syslog, declared as:
void nids_syslog (int type, int errnum, struct ip *iph, void *data);
Function nids_params.syslog is used to report unusual condition, such as
port scan attempts, invalid TCP header flags and other. This field should be
assigned the address of a custom event logging function. Function
nids_syslog (defined in libnids.c) can be an example on how to decode
parameters passed to nids_params.syslog. Nids_syslog logs messages to system
daemon syslogd, disregarding such things like message rate per second or
free disk space (that is why it should be replaced).
If one is interested in UDP datagrams, one should declare
void udp_callback(struct tuple4 * addr, char * buf, int len, struct ip *
iph);
and register it with
nids_register_udp(udp_callback)
Parameter addr contains address info, buf points to data carried by UDP
packet, len is the data length, and iph points to the IP packet which
contained the UDP packet. The checksum is verified.
6. Misc useful hacks
As a nice toy :) function
void nids_killtcp(struct tcp_stream * a_tcp)
is implemented. It terminates TCP connection described by a_tcp by sending
RST segments.
Originally the RST segments sent by libnids were given a sequence number in
the half of the TCP window of the destination. MS Windows systems with
MS05-019 patch applied do not seem to tear down a connection upon receiving
such RSTs, so now libnids sends two RSTs in each direction - additional one
has the lowest (expected) seq. Unfortunately, it is somewhat unreliable: if
due to traffic burst, your application is a few miliseconds delayed behind
the current traffic, its view of what the current/expected seq is may be
incorrect.
Naturaly, sending a RST as a defensive measure is unreliable by design,
unless deployed on an "inline NIDS", or NIPS, as a few call it; therefore
the "toy" label.
_________________________________________________________________
Using nids_run() has one disadvantage - the application becomes totally
packets driven. Sometimes it is necessary to perform some task even when no
packets arrive. Instead of nids_run(), one can use function
int nids_next()
It calls pcap_next() instead of pcap_loop, that is it processes only one
packet. If no packet is available, the process will sleep. Nids_next()
returns 1 on success, 0 on error (nids_errbuf contains appropriate message
then).
Typically, when using nids_next(), an aplication will sleep in a select()
function, with a snooping socket fd present in read fd_set. This fd can be
obtained via a call to
int nids_getfd()
It returns a file descriptor when succeeded and -1 on error ( nids_errbuf is
filled then).
Similarly, function
int nids_dispatch(int cnt)
is a wrapper around pcap_dispatch. It maybe advantageous to use it instead
of nids_next() when we want to distinguish between return values (ie
end-of-file vs error).
_________________________________________________________________
There are a few reasons why you may want to skip checksum processing on
certain packets:
1. Nowadays, some NIC drivers are capable of computing checksums of
outgoing packets. In such case, outgoing packets passed to libpcap can
have uncomputed checksums. So, you may want to not check checksums on
outgoing packets.
2. In order to improve performance, you may wish to not compute checksums
for hosts one trusts (or protects), e.g. one's server farm.
In order to let libnids know which packets should not be checksummed, you
should allocate an array of struct nids_chksum_ctl (defined in nids.h):
struct nids_chksum_ctl
{ u_int netaddr;
u_int mask;
u_int action;
/* reserved fields */
};
and register it with
nids_register_chksum_ctl(struct nids_chksum_ctl *, int);
where the second parameter indicates the number of elements in the array.
Checksumming functions will first check elements of this array one by one,
and if the source ip SRCIP of the current packet satisfies condition
(SRCIP&chksum_ctl_array[i].mask)==chksum_ctl_array[i].netaddr
then if the "action" field is NIDS_DO_CHKSUM, the packet will be
checksummed; if the "action" field is NIDS_DONT_CHKSUM, the packet will not
be checksummed. If the packet matches none of the array elements, the
default action is to perform checksumming.
The example of usage is available in the samples/chksum_ctl.c file.
_________________________________________________________________
The include file nids.h defines the constants NIDS_MAJOR (1) and NIDS_MINOR
(21), which can be used to determine in runtime the version of libnids.
Nids.h used to define HAVE_NEW_PCAP as well, but since 1.19 it is
nonsupported as obsolete.
_________________________________________________________________
Typically, data carried by a tcp stream can be divided into
protocol-dependent records (say, lines of input). A tcp callback can receive
an amount of data, which contains more then one record. Therefore, a tcp
callback should iterate its protocol parsing routine over the whole amount
of data received. This adds complexity to the code.
If nids_params.one_loop_less is non-zero, libnids behaviour changes
slightly. If a callback consumes some (but not all) of newly arrived data,
libnids calls it immediately again. Only non-processed data remain in the
buffer, and rcv->count_new is decreased appropriately. Thus, a callback can
process only one record at the time - libnids will call it again, until no
new data remain or no data can be processed. Unfortunately, this behaviour
introduces horrible semantics problems in case of 2+ callbacks reading the
same half of a tcp stream. Therefore, if nids_params.one_loop_less is
non-zero, you are not allowed to attach two or more callbacks to the same
half of tcp stream. Unfortunately, the existing interface is unable to
propagate the error to the callback - therefore, you must watch it yourself.
You have been warned.
_________________________________________________________________
The pcap header of the last seen packet is exported as
extern struct pcap_pkthdr *nids_last_pcap_header;
It is wise to use it to get timestamp, to get a better accuracy and save a
syscall.
_________________________________________________________________
Other applications using libnids can be found in "samples" directory.
6. New features in version 1.21
Version 1.21 brings several bugfixes, optimizations and a few new features,
but mostly extra external variables and functions to access libnids'
intrinsics from the outside.
nids_last_pcap_data is a new external variable to get the data of the last
PCAP frame, like it was already possible to use nids_last_pcap_header in
order to get the header of the last PCAP frame.
nids_linkoffset is a new external variable to get the computed offset
between the link layer and the network layer for the current PCAP device. It
is useful to reconstruct PCAP frames from IP defragmented packets which you
get in your ip_func (see chapter on IP defragmentation) by copying the same
amount of bytes from the beginning of nids_last_pcap_data representing the
link layer, like this:
void ip_callback(struct ip *pkt, int len)
{
u_char *frame;
struct pcap_pkthdr ph;
frame = malloc(len + nids_linkoffset);
memcpy(frame, nids_last_pcap_data, nids_linkoffset);
memcpy(frame + nids_linkoffset, pkt, len);
ph.ts = nids_last_pcap_header->ts;
ph.caplen = ph.len = len + nids_linkoffset;
pcap_dump(nids_params.pcap_desc, &ph, frame);
free(frame);
}
In versions prior to 1.21 it was only possible to give libnids a device or
file name and have it take total control over libpcap operations when using
nids_run() or nids_next(). Now, with nids_params.pcap_desc it is possible to
have your pcap_handler outside libnids and choose which frames you want to
be processed by libnids (e.g. only TCP packets to keep track of TCP
connections whilst this is not your only objective); all you have to do is
copy your pointer to the pcap_t structure (returned by pcap_open_live(),
pcap_open_dead() or pcap_open_offline()) to nids_params.pcap_desc and call
nids_pcap_handler(), normally with the same parameters as your own
pcap_handler (the one you registered with pcap_dispatch() or pcap_loop())
was called with. NOTE: since libnids cannot know when you are finished if
you interactively pass packets to it with nids_pcap_handler(), you must tell
it when to free the allocated resources by calling nids_exit().
nids_params.tcp_workarounds is a new libnids runtime option which can be
used to enable extra checks for faulty implementations of TCP such as the
ones which allow connections to be closed despite the fact that there should
be retransmissions for lost packets first, thus violating section 3.5 of RFC
793. In those cases, and if this option is non-zero, libnids will set the
NIDS_TIMED_OUT state for TCP connections that were savagely closed.
nids_find_tcp_stream() is a new external function that can be used to find
the corresponding tcp_stream structure for a given pointer to a tuple4
structure.
nids_free_tcp_stream() is a new external function that can be used for
example to force libnids into not following a TCP stream anymore. BEWARE!
Calling nids_free_tcp_stream() from inside one of your registered
tcp_callbacks on a TCP stream that is already in a closing state
(NIDS_CLOSE, NIDS_TIMED_OUT, NIDS_RESET or NIDS_EXITING) will result in a
double free (because libnids will call nids_free_tcp_stream() internally
when your tcp_callback returns) and your program will crash.
nids_unregister_ip_frag(), nids_unregister_ip(), nids_unregister_udp() and
nids_unregister_tcp() are new external functions that can be used to
unregister callbacks previous registed with the corresponding
nids_register_*(), at any time.
tcp_stream.user is a new field in the structure passed to TCP callbacks. It
is similar to their void **param argument, except that it is global to all
the TCP callbacks for the same stream, whereas param is specific to each
callback.
libnids-1.23/doc/LINUX 0000644 0000764 0000764 00000002136 10757252525 015240 0 ustar nergal nergal 0000000 0000000
====================
libnids-1.23
====================
The following applies to Linux only.
Linux 2.0.x kernels introduces sockets of family PF_PACKET which
allow to gather packets from all devices, including loopback (!). Recent
libpcap versions (0.6.x for sure) support this feature; you have to pass
device "any" to pcap_open_live in order to listen on such a socket. For
backwards compatibility with libnids <= 1.16, you can also assign device "all"
to nids_params.device. If nids_params.promisc is nonzero, libnids (because
libpcap does not support it) will try to set all interfaces into promiscuous
mode, one by one.
A certain problem may arise, if the machine routes packets among its
interfaces. Libpcap will pass to userspace a copy of a packet per each
interface this packet travels through. This is no problem for libnids TCP
reassembly, as it deals perfectly with duplicate packets - tcp callback
functions will not notice anything unusual. However, UDP and IP callbacks
will receive duplicate packets.
libnids-1.23/doc/PERFORMANCE 0000644 0000764 0000764 00000006035 10757253054 016102 0 ustar nergal nergal 0000000 0000000
====================
libnids-1.23
====================
Libnids uses efficient data structures (hash tables), so it imposes as
little overhead on packets processing as possible. However, in some cases,
packet content must be copies several times, which can result in burst of
CPU activity. The following notes refer rather to libpcap, not libnids, but
because many people seem to encounter similar performance-related problems
when running libnids on fast network, this may be worth reading.
Keep in mind that even if a single packet, belonging to TCP connection
X, is not delivered to libnids, libnids will likely loose all the following
data in X. Therefore you must avoid packet loss, at all cost. If you use the
default syslog routine and see messages like "Max number of TCP streams
reached" or "Too much data in TCP receive queue" then (assuming you are not
under sophisticated NIDS evasion attack) most likely you are loosing packets.
The packet loss usually happens when CPU is busy and cannot handle
all incoming packets. It must be stressed that even if CPU seems to be fairly
idle (say, load average 10%), during traffic burst it may be unable to queue
all the packets, if the buffer space reserved for packets queuing is too
small. And this is where the problem with libpcap is. It uses rather small
buffers, and there is no API to enlarge them.
So, we are left with unofficial methods. In case of Linux, libpcap
0.7.1, one can call
int rcvbuf=100*1024;
setsockopt(nids_getfd(),SOL_SOCKET, SO_RCVBUF, &rcvbuf, sizeof(rcvbuf));
This setsockopt doubles (approximately) the default kernel buffers size.
Unfortunately, there seems to be a limit (about 100KB) for buffers
allocated this way, which is way too small.
Recent Linux 2.4 kernels offer PACKET_RX_RING setsockopt, which is
supposed to allow to specify arbitrary buffer size. 640 K^H^H^H^H^H 10 MB
buffer ought to be enough for everyone ;) This feature has not yet been
integrated into libpcap (not in 0.7.1). There are floating some libpcap
patches which merge this capability. See
http://public.lanl.gov/cpw/
or
http://pusa.uv.es/~ulisses/packet_mmap/
In case of BSD, you may play with BIOCSBLEN, but I have no experience
with it.
If you know how to enlarge libpcap buffers on other OS, let me know.
A portable solution has been suggested by Yoav Weiss
. Especially on SMP, it could be beneficial to split a
libpcap application into two processes. The first one would receive packets
via libpcap interface, and store them in arbitrarily large buffer; this process
should run with high priority, perhaps even real time one. The second
process, running with low priority, would retrieve packets from the first
process and pass them to higher layers (for example to libnids). However, the
efficient implementation is nontrivial.
UPDATE: the current version of libnids adds experimental support for
the solution mentioned above. See the documentation for nids_prm.multiproc for
more information.
libnids-1.23/COPYING 0000600 0000764 0000764 00000043076 07123151340 014666 0 ustar nergal nergal 0000000 0000000 GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
675 Mass Ave, Cambridge, MA 02139, USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
Appendix: How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
Copyright (C) 19yy
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) 19yy name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.
libnids-1.23/MISC 0000600 0000764 0000764 00000006547 10426425334 014322 0 ustar nergal nergal 0000000 0000000
====================
libnids-1.21
====================
1. Building
-----------
Libnids uses libpcap (can be retrieved from
http://www.tcpdump.org/release/) and libnet (available at
http://www.packetfactory.net/libnet). All credits to autors of these libs.
As already mentioned in README, currently libnids will compile on
Linux, any *BSD and Solaris. WIN32 port is mantained separately.
In order to build libnids, issue "./configure;make" command in top
directory. Library files libnids.so and libnids.a should be created in "src"
directory. "make install" will install library and header files. You may
wish to consult "./configure --help" output for available options.
2. Limitations
--------------
In their paper, T. Ptacek and T. Newsham observed that various
operating systems implement IP stack differently and can interpret
differently the same packet. It means that having seen a IP packet, NIDS has
to interpret it with regard to receiving operating system type. A perfect NIDS
E-component should possess knowledge on all operating systems network
implementation oddities. I don't know any actual NIDS implementation that
takes the previous into consideration.
Libnids 1.0 was meant to reliably emulate behavior of Linux 2.0.36
kernel. Thanks to libnids testing, some bugs in 2.0.36 networking code were
found. One of them enabled an attacker to perform blind TCP spoofing against
2.0.x kernels, including 2.0.36 and 2.0.37 (that is NOT the vulnerability
discovered by NAI; see my posting to Bugtrag from beginning of August 99). Info
on spotted bugs was submitted to Linux kernel mantainers on 25th May 99 (before
the release of 2.0.37), but none of them got fixed. File PATCH contains diffs
against 2.0.37, which stop blind spoofing attack and one of data insertion
attacks (now its equivalent is incorporated into Solar Designer's
secure-linux-0.9 patch). Currently, libnids predicts 2.0.37 behavior as
accurately as possible (with some unevitable exceptions - see my postings to
Bugtraq from beginning of August 99). In extreme conditions, libnids can
incorrectly emulate actions of other operating systems. However, libnids
should cope with simple attacks (like these implemented in fragrouter 1.3)
targetted at any OS type.
All NIDS are vulnerable to DOS attacks. Libnids uses efficient data
structures (i.e. hash tables) to minimize risk of CPU saturation. However, all
NIDS (including ones based on libnids) has to define some resources (most
notably, memory) limits. A determined attacker can attempt to make libnids use
up all of its memory, which can result in dropping some data. Libnids will
report such condition via its D-component interface.
3. Why does libnids emulate 2.0.x kernel instead of 2.2.x ?
-------------------------------------------------------
First of all, libnids development started when 2.0.36 was the current
stable kernel. Moreover, some people still prefer to use 2.0.x kernels, one of
the reasons being the fact that there is still no Solar Designer
non-executable stack patch for 2.2.x (not released oficially until July 99).
Finally, 2.2.x kernels are highly configurable during run-time (for instance
it's possible to change via proc interface the amount of kernel memory devoted
for IP fragments queuing), which generally makes them unpredictable.
libnids-1.23/README 0000600 0000764 0000764 00000005276 10426425242 014520 0 ustar nergal nergal 0000000 0000000
====================
libnids-1.21
====================
1. What is libnids ?
------------------------
Libnids is a library that provides a functionality of one of NIDS
(Network Intrusion Detection System) components, namely E-component. It means
that libnids code watches all local network traffic, cooks received datagrams
a bit (quite a bit ;)), and provides convenient information on them to
analyzing modules of NIDS. Libnids performs:
a) assembly of TCP segments into TCP streams
b) IP defragmentation
c) TCP port scan detection
More technical info can be found in MISC file.
So, if you intend to develop a custom NIDS, you don't have to build
low-level network code. If you decide to use libnids, you have got
E-component ready - you can focus on implementing other parts of NIDS.
2. Why is libnids valuable ?
----------------------------
On January 98, Thomas H. Ptacek and Timothy N. Newsham published an
excellent paper entitled "Eluding Network Intrusion Detection". It's a
must-read for all security concerned people, available from
http://www.robertgraham.com/mirror/Ptacek-Newsham-Evasion-98.html
In this paper one can find description of variety of attack against NIDS.
During libnids development a lot of effort was made to make libnids immune
to these attacks. During tests libnids performed TCP assembly and IP
defragmentation in exactly the same way as Linux 2.0.36 hosts
(targets of test packets). For details, see file TESTS; here let's just
mention two things:
a) libnids passed all tests implemented in fragrouter by Dug Song (see
http://www.anzen.com/research/nidsbench/ ). In fact, fragrouter's tests were
fairly simple when compared with other, custom ones.
b) libnids IP defragmenting module contains slightly modified Linux 2.0.36
kernel source files ip_fragment.c and ip_options.c. It means that libnids IP
defragmentation is as reliable as one implemented in Linux 2.0.36.
Libnids is easy to use and highly configurable - see API file for details.
3. On what platform does it run ?
---------------------------------
Currently libnids will compile on Linux, Solaris, any *BSD. WIN32 port is
available at http://www.datanerds.net/~mike/libnids.html, but currently only
obsoleted versions are present there; newer ports may appear at
http://www.checksum.org (in "downloads" section).
4. Who is allowed to use it ?
-----------------------------
Libnids is licensed under GPL. See the file COPYING for details.
5. Contact info ?
-----------------
The primary libnids site is
http://libnids.sourceforge.net/
Please send bug reports, comments, or questions about this software to
.
libnids-1.23/samples/ 0000700 0000764 0000764 00000000000 10202153123 015254 5 ustar nergal nergal 0000000 0000000 libnids-1.23/samples/overflows.c 0000600 0000764 0000764 00000013125 07123151340 017461 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
/*
This code attempts to detect attack against imapd (AUTHENTICATE hole) and
wuftpd (creation of deep directory). This code is to ilustrate use of libnids;
in order to improve readability, some simplifications were made, which enables
an attacker to bypass this code (note, the below routines should be improved,
not libnids)
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "nids.h"
#define int_ntoa(x) inet_ntoa(*((struct in_addr *)&x))
char *
adres (struct tuple4 addr)
{
static char buf[256];
strcpy (buf, int_ntoa (addr.saddr));
sprintf (buf + strlen (buf), ",%i,", addr.source);
strcat (buf, int_ntoa (addr.daddr));
sprintf (buf + strlen (buf), ",%i", addr.dest);
return buf;
}
/*
if we find a pattern AUTHENTICATE {an_int} in data stream sent to an imap
server, where an_int >1024, it means an buffer overflow attempt. We kill the
connection.
*/
#define PATTERN "AUTHENTICATE {"
#define PATLEN strlen(PATTERN)
void
detect_imap (struct tcp_stream *a_tcp)
{
char numbuf[30];
int i, j, datalen, numberlen;
struct half_stream *hlf;
if (a_tcp->nids_state == NIDS_JUST_EST)
{
if (a_tcp->addr.dest == 143)
{
a_tcp->server.collect++;
return;
}
else
return;
}
if (a_tcp->nids_state != NIDS_DATA)
return;
hlf = &a_tcp->server;
datalen = hlf->count - hlf->offset;
if (datalen < PATLEN)
{
// we have too small amount of data to work on. Keep all data in buffer.
nids_discard (a_tcp, 0);
return;
}
for (i = 0; i <= datalen - PATLEN; i++)
if (!memcmp (PATTERN, hlf->data + i, PATLEN)) //searching for a pattern
break;
if (i > datalen - PATLEN)
{
// retain PATLEN bytes in buffer
nids_discard (a_tcp, datalen - PATLEN);
return;
}
for (j = i + PATLEN; j < datalen; j++) // searching for a closing '}'
if (*(hlf->data + j) == '}')
break;
if (j > datalen)
{
if (datalen > 20)
{
//number too long, perhaps we should log it, too
}
return;
}
numberlen = j - i - PATLEN;
memcpy (numbuf, hlf->data + i + PATLEN, numberlen); //numbuf contains
// AUTH argument
numbuf[numberlen] = 0;
if (atoi (numbuf) > 1024)
{
// notify admin
syslog(nids_params.syslog_level,
"Imapd exploit attempt, connection %s\n",adres(a_tcp->addr));
// kill the connection
nids_killtcp (a_tcp);
}
nids_discard (a_tcp, datalen - PATLEN);
return;
}
// auxiliary structure, needed to keep current dir of ftpd daemon
struct supp
{
char *currdir;
int last_newline;
};
// the below function adds "elem" string to "path" string, taking care of
// ".." and multiple '/'. If the resulting path is longer than 768,
// return value is 1, otherwise 0
int
add_to_path (char *path, char *elem, int len)
{
int plen;
char * ptr;
if (len > 768)
return 1;
if (len == 2 && elem[0] == '.' && elem[1] == '.')
{
ptr = rindex (path, '/');
if (ptr != path)
*ptr = 0;
}
else if (len > 0)
{
plen = strlen (path);
if (plen + len + 1 > 768)
return 1;
if (plen==1)
{
strncpy(path+1,elem,len);
path[1+len]=0;
}
else
{
path[plen] = '/';
strncpy (path + plen + 1, elem, len);
path[plen + 1 + len] = 0;
}
}
return 0;
}
void
do_detect_ftp (struct tcp_stream *a_tcp, struct supp **param_ptr)
{
struct supp *p = *param_ptr;
int index = p->last_newline + 1;
char *buf = a_tcp->server.data;
int offset = a_tcp->server.offset;
int n_bytes = a_tcp->server.count - offset;
int path_index, pi2, index2, remcaret;
for (;;)
{
index2 = index;
while (index2 - offset < n_bytes && buf[index2 - offset] != '\n')
index2++;
if (index2 - offset >= n_bytes)
break;
if (!strncasecmp (buf + index - offset, "cwd ", 4))
{
path_index = index + 4;
if (buf[path_index - offset] == '/')
{
strcpy (p->currdir, "/");
path_index++;
}
for (;;)
{
pi2 = path_index;
while (buf[pi2 - offset] != '\n' && buf[pi2 - offset] != '/')
pi2++;
if (buf[pi2-offset]=='\n' && buf[pi2-offset-1]=='\r')
remcaret=1;
else remcaret=0;
if (add_to_path (p->currdir, buf + path_index-offset, pi2 - path_index-remcaret))
{
// notify admin
syslog(nids_params.syslog_level,
"Ftpd exploit attempt, connection %s\n",adres(a_tcp->addr));
nids_killtcp (a_tcp);
return;
}
if (buf[pi2 - offset] == '\n')
break;
path_index = pi2 + 1;
}
}
index = index2 + 1;
}
p->last_newline = index - 1;
nids_discard (a_tcp, index - offset);
}
void
detect_ftpd (struct tcp_stream *a_tcp, struct supp **param)
{
if (a_tcp->nids_state == NIDS_JUST_EST)
{
if (a_tcp->addr.dest == 21)
{
struct supp *one_for_conn;
a_tcp->server.collect++;
one_for_conn = (struct supp *) malloc (sizeof (struct supp));
one_for_conn->currdir = malloc (1024);
strcpy (one_for_conn->currdir, "/");
one_for_conn->last_newline = 0;
*param=one_for_conn;
}
return;
}
if (a_tcp->nids_state != NIDS_DATA)
{
free ((*param)->currdir);
free (*param);
return;
}
do_detect_ftp (a_tcp, param);
}
int
main ()
{
if (!nids_init ())
{
fprintf(stderr,"%s\n",nids_errbuf);
exit(1);
}
nids_register_tcp (detect_imap);
nids_register_tcp (detect_ftpd);
nids_run ();
return 0;
}
libnids-1.23/samples/printall.c 0000600 0000764 0000764 00000007065 07733146056 017305 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#include
#include
#include
#include
#include
#include
#include
#include "nids.h"
#define int_ntoa(x) inet_ntoa(*((struct in_addr *)&x))
// struct tuple4 contains addresses and port numbers of the TCP connections
// the following auxiliary function produces a string looking like
// 10.0.0.1,1024,10.0.0.2,23
char *
adres (struct tuple4 addr)
{
static char buf[256];
strcpy (buf, int_ntoa (addr.saddr));
sprintf (buf + strlen (buf), ",%i,", addr.source);
strcat (buf, int_ntoa (addr.daddr));
sprintf (buf + strlen (buf), ",%i", addr.dest);
return buf;
}
void
tcp_callback (struct tcp_stream *a_tcp, void ** this_time_not_needed)
{
char buf[1024];
strcpy (buf, adres (a_tcp->addr)); // we put conn params into buf
if (a_tcp->nids_state == NIDS_JUST_EST)
{
// connection described by a_tcp is established
// here we decide, if we wish to follow this stream
// sample condition: if (a_tcp->addr.dest!=23) return;
// in this simple app we follow each stream, so..
a_tcp->client.collect++; // we want data received by a client
a_tcp->server.collect++; // and by a server, too
a_tcp->server.collect_urg++; // we want urgent data received by a
// server
#ifdef WE_WANT_URGENT_DATA_RECEIVED_BY_A_CLIENT
a_tcp->client.collect_urg++; // if we don't increase this value,
// we won't be notified of urgent data
// arrival
#endif
fprintf (stderr, "%s established\n", buf);
return;
}
if (a_tcp->nids_state == NIDS_CLOSE)
{
// connection has been closed normally
fprintf (stderr, "%s closing\n", buf);
return;
}
if (a_tcp->nids_state == NIDS_RESET)
{
// connection has been closed by RST
fprintf (stderr, "%s reset\n", buf);
return;
}
if (a_tcp->nids_state == NIDS_DATA)
{
// new data has arrived; gotta determine in what direction
// and if it's urgent or not
struct half_stream *hlf;
if (a_tcp->server.count_new_urg)
{
// new byte of urgent data has arrived
strcat(buf,"(urgent->)");
buf[strlen(buf)+1]=0;
buf[strlen(buf)]=a_tcp->server.urgdata;
write(1,buf,strlen(buf));
return;
}
// We don't have to check if urgent data to client has arrived,
// because we haven't increased a_tcp->client.collect_urg variable.
// So, we have some normal data to take care of.
if (a_tcp->client.count_new)
{
// new data for client
hlf = &a_tcp->client; // from now on, we will deal with hlf var,
// which will point to client side of conn
strcat (buf, "(<-)"); // symbolic direction of data
}
else
{
hlf = &a_tcp->server; // analogical
strcat (buf, "(->)");
}
fprintf(stderr,"%s",buf); // we print the connection parameters
// (saddr, daddr, sport, dport) accompanied
// by data flow direction (-> or <-)
write(2,hlf->data,hlf->count_new); // we print the newly arrived data
}
return ;
}
int
main ()
{
// here we can alter libnids params, for instance:
// nids_params.n_hosts=256;
if (!nids_init ())
{
fprintf(stderr,"%s\n",nids_errbuf);
exit(1);
}
nids_register_tcp (tcp_callback);
nids_run ();
return 0;
}
libnids-1.23/samples/nids_next.c 0000600 0000764 0000764 00000001613 07123151340 017425 0 ustar nergal nergal 0000000 0000000 /*
This is an example how one can use nids_getfd() and nids_next() functions.
You can replace printall.c's function main with this file.
*/
#include
#include
#include
int
main ()
{
// here we can alter libnids params, for instance:
// nids_params.n_hosts=256;
int fd;
int time = 0;
fd_set rset;
struct timeval tv;
if (!nids_init ())
{
fprintf(stderr,"%s\n",nids_errbuf);
exit(1);
}
nids_register_tcp (tcp_callback);
fd = nids_getfd ();
for (;;)
{
tv.tv_sec = 1;
tv.tv_usec = 0;
FD_ZERO (&rset);
FD_SET (fd, &rset);
// add any other fd we need to take care of
if (select (fd + 1, &rset, 0, 0, &tv))
{
if (FD_ISSET(fd,&rset) // need to test it if there are other
// fd in rset
if (!nids_next ()) break;
}
else
fprintf (stderr, "%i ", time++);
}
return 0;
}
libnids-1.23/samples/sniff.c 0000600 0000764 0000764 00000004376 07123151340 016550 0 ustar nergal nergal 0000000 0000000 /*
Copyright (c) 1999 Rafal Wojtczuk . All rights reserved.
See the file COPYING for license details.
*/
#include
#include
#include
#include
#include
#include
#include
#include "nids.h"
#define LOG_MAX 100
#define SZLACZEK "\n--------------------------------------------------\n"
#define int_ntoa(x) inet_ntoa(*((struct in_addr *)&x))
char *
adres (struct tuple4 addr)
{
static char buf[256];
strcpy (buf, int_ntoa (addr.saddr));
sprintf (buf + strlen (buf), ",%i,", addr.source);
strcat (buf, int_ntoa (addr.daddr));
sprintf (buf + strlen (buf), ",%i : ", addr.dest);
return buf;
}
int logfd;
void
do_log (char *adres_txt, char *data, int ile)
{
write (logfd, adres_txt, strlen (adres_txt));
write (logfd, data, ile);
write (logfd, SZLACZEK, strlen (SZLACZEK));
}
void
sniff_callback (struct tcp_stream *a_tcp, void **this_time_not_needed)
{
int dest;
if (a_tcp->nids_state == NIDS_JUST_EST)
{
dest = a_tcp->addr.dest;
if (dest == 21 || dest == 23 || dest == 110 || dest == 143 || dest == 513)
a_tcp->server.collect++;
return;
}
if (a_tcp->nids_state != NIDS_DATA)
{
// seems the stream is closing, log as much as possible
do_log (adres (a_tcp->addr), a_tcp->server.data,
a_tcp->server.count - a_tcp->server.offset);
return;
}
if (a_tcp->server.count - a_tcp->server.offset < LOG_MAX)
{
// we haven't got enough data yet; keep all of it
nids_discard (a_tcp, 0);
return;
}
// enough data
do_log (adres (a_tcp->addr), a_tcp->server.data, LOG_MAX);
// Now procedure sniff_callback doesn't want to see this stream anymore.
// So, we decrease all the "collect" fields we have previously increased.
// If there were other callbacks following a_tcp stream, they would still
// receive data
a_tcp->server.collect--;
}
int
main ()
{
logfd = open ("./logfile", O_WRONLY | O_CREAT | O_TRUNC, 0600);
if (logfd < 0)
{
perror ("opening ./logfile:");
exit (1);
}
if (!nids_init ())
{
fprintf (stderr, "%s\n", nids_errbuf);
exit (1);
}
nids_register_tcp (sniff_callback);
nids_run ();
return 0;
}
libnids-1.23/samples/Makefile.in 0000600 0000764 0000764 00000001360 07533653530 017347 0 ustar nergal nergal 0000000 0000000 #
# Makefile for libnids samples.
#
# Dug Song
srcdir = @srcdir@
VPATH = @srcdir@
CC = @CC@
CFLAGS = @CFLAGS@
LDFLAGS = @LDFLAGS@
PCAP_CFLAGS = @PCAP_CFLAGS@
PCAPLIB = @PCAPLIB@
LNET_CFLAGS = @LNET_CFLAGS@
LNETLIB = @LNETLIB@
LIBS_CFLAGS = -I../src $(PCAP_CFLAGS) $(LNET_CFLAGS)
LIBS = -L../src -lnids $(PCAPLIB) $(LNETLIB) @LIBS@
.c.o:
$(CC) -c $(CFLAGS) -I. $(LIBS_CFLAGS) $<
all: overflows printall sniff
static shared: all
overflows: overflows.o
$(CC) -o $@ overflows.o $(LDFLAGS) $(LIBS)
printall: printall.o
$(CC) -o $@ printall.o $(LDFLAGS) $(LIBS)
sniff: sniff.o
$(CC) -o $@ sniff.o $(LDFLAGS) $(LIBS)
static shared install installshared:
@true
clean:
rm -f *.o *~ overflows printall sniff
# EOF
libnids-1.23/samples/chksum_ctl.c 0000600 0000764 0000764 00000004216 10202152725 017570 0 ustar nergal nergal 0000000 0000000 #include "nids.h"
#include
#include
#include
#include
#include
#include
/* Example 1: simple disabling of checksums on a predefined network */
void simple_chksum_ctl_example()
{
static struct nids_chksum_ctl ctl;
ctl.netaddr = inet_addr("172.16.99.0");
ctl.mask = inet_addr("255.255.255.0");
ctl.action = NIDS_DONT_CHKSUM;
nids_register_chksum_ctl(&ctl, 1);
}
/* Example 2: disabling checksums of packets with src ip of any local interface */
static int get_all_ifaces(struct ifreq **, int *);
static unsigned int get_addr_from_ifreq(struct ifreq *);
int all_local_ipaddrs_chksum_disable()
{
struct ifreq *ifaces;
int ifaces_count;
int i, ind = 0;
struct nids_chksum_ctl *ctlp;
unsigned int tmp;
if (!get_all_ifaces(&ifaces, &ifaces_count))
return -1;
ctlp =
(struct nids_chksum_ctl *) malloc(ifaces_count *
sizeof(struct
nids_chksum_ctl));
if (!ctlp)
return -1;
for (i = 0; i < ifaces_count; i++) {
tmp = get_addr_from_ifreq(ifaces + i);
if (tmp) {
ctlp[ind].netaddr = tmp;
ctlp[ind].mask = inet_addr("255.255.255.255");
ctlp[ind].action = NIDS_DONT_CHKSUM;
ind++;
}
}
free(ifaces);
nids_register_chksum_ctl(ctlp, ind);
}
/* helper functions for Example 2 */
unsigned int get_addr_from_ifreq(struct ifreq *iface)
{
if (iface->ifr_addr.sa_family == AF_INET)
return ((struct sockaddr_in *) &(iface->ifr_addr))->
sin_addr.s_addr;
return 0;
}
static int get_all_ifaces(struct ifreq **ifaces, int *count)
{
int ifaces_size = 8 * sizeof(struct ifreq);
struct ifconf param;
int sock;
unsigned int i;
*ifaces = malloc(ifaces_size);
sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
if (sock <= 0)
return 0;
for (;;) {
param.ifc_len = ifaces_size;
param.ifc_req = *ifaces;
if (ioctl(sock, SIOCGIFCONF, ¶m))
goto err;
if (param.ifc_len < ifaces_size)
break;
free(*ifaces);
ifaces_size *= 2;
ifaces = malloc(ifaces_size);
}
*count = param.ifc_len / sizeof(struct ifreq);
close(sock);
return 1;
err:
close(sock);
return 0;
}
#ifdef TESTING
main()
{
all_local_ipaddrs_chksum_disable();
}
#endif
libnids-1.23/CREDITS 0000600 0000764 0000764 00000013352 10757251532 014660 0 ustar nergal nergal 0000000 0000000
Libnids author:
Nergal
Corrections to make libnids build on *BSD; bugfixes, GNU autoconf support,
libnids(3) manpage, alpha platform problems solved:
Dug Song
The fix of the problem with gcc 2.95 and 2.0.x asm code; the ideas of
nids_getfd(), nids_next():
Adam Langley
The idea of ip_filter function
Sebastian
WIN32 support
Michael Davis
Memory leak in tcp.c reported
billzh , Rob Willis
Possible improper behaviour of notify()
Rob Willis
Stupid bug found in nids_register_ip_frag()
Gabe Wachob , Solar Designer
Patches to support libc5
Solar Designer , Denis Ducamp
Requests for features, constructive critics
Solar Designer
Support for token ring
Vacuum
Alignment bug in hash.c
Anders Thulin
Ken Mandelberg
in.h missing in "configure" test programs. Damn, if a include file X needs
structures defined in Y, why doesn't X include Y ? Stupid Solaris.
Raymond Scott
dangerous typo found in libpcap.c, in code handling source routed frames
Keiji Takeda
support for wireless frames (DLT_IEEE802_11)
William McVey
support for libpcap save files
Scott Renfro
actually, many people sent their save file patches; I picked Scott's one
DLT_LINUX_SLL
Robin Redeker
support for 802.1Q VLAN
Jason Ackley
added AM_MAKEFLAGS
Brad
added a working link to Ptacek-Newsham paper
Nick Drage
replaced %hi with %hu
Kazennov Vladimir
report on configure unable to find libraries
Eric Darchis
DLT_FDDI
jkrage@buser.net
random() -> rand()
Davide Madrisan
provided pcap dump file triggering a bug in TCP reassembly
Yoav Weiss
reported a problem with fragroute "tcp_chaff paws",
reported a problem with "collect" fields handling,
exec_prefix patch,
reported a problem with short snaplen pcapfiles
Russ Fink
reported a problem with memory corruption
Robert Watson
reported a problem with multiline literals and gcc 3.3
many folks; the first report from Arkadiusz Patyk
reported a problem with signed/unsigned in get_ts()
many folks; the first report from Russ Fink
suggestion to export the pcap header of the last packet
Arthur Bergman
suggestion to make pcap_timeout parameter settable in params
Pedro Paulo Jr
prism wireless cards support
snax
reported a problem which revealed that dataless acks are not let through
Russ Fink
reported raw_init() breakage
Brian Wesley Dillard
DLT_PPP_SERIAL
Jean-Edouard BABIN
Reported a problem with gcc 3.5 and csum_partial
Jon Oberheide
man page fixes
Solar Designer
suggested inline asm fixes to reflect the usage of registers
Solar Designer
nids_dispatch(), API/documentation improvements
Mike Pomraning
submission of pcap files containing tcp stream with wscale
Marc A. Lehmann
Robin Redeker
manpage suggestions, valuable discussions
Marc A. Lehmann
two threads patch (one for packet capture, other for packets processing)
Erno Rigo
more externals to access libnids' intrinsics from the outside
(nids_last_pcap_data, nids_linkoffset, nids_prm.pcap_desc,
nids_find_tcp_stream(), nids_free_tcp_stream(), nids_pcap_handler()
and nids_exit()), more API functions (nids_unregister_*()),
fix to prevent adding several times the same user-defined callback
function with nids_register_*()), UDP checksumming fix (0 is not an error
according to RFC768), timeout'ing of TCP streams closed despite
needed retransmissions if nids_params.tcp_workarounds is non-zero,
tcp_stream.user for connection-wide user-defined parameter,
and updated manpage & API docs :)
Sebastien Raveau
Persistent quering about nonworking nids_killtcp() against XP SP2:
"Pedro Paulo de Magalhaes Oliveira Junior"
"Rafael Donnici de Azevedo"
"absolute offset 0 byte" bug report
Treker Chen
DLT_IEEE802_11_RADIO support
crass@berlios.de
fix DLT_PRISM_HEADER linkoffset calculation;
check for DATA_FRAME_IS_QOS in wireless frames (code from tcpdump)
spotted by xenion
free queued tcp segments with too old seq
"Xiang, Lin" wallyymir@yahoo.com
reported possible NULL dereference in ip_fragment.c
"Alfred E. Heggestad"
notes about global variables in case of multiproc operation
"Ben, Wu CheokMan"
Libnids uses libpcap and libnet libraries:
LBNL Network Research Group
ftp://ftp.ee.lbl.gov/libpcap.tar.Z
new versions available at http://www.tcpdump.org/release/
Mike D. Schiffman
route|daemon9
http://www.packetfactory.net/libnet
Libnids emulates algorithms present in Linux 2.0.36 kernel. The files
ip_fragment.c and ip_options.c are the modified respective files from Linux
2.0.36 kernel source. The asm code used for checksums computing is taken
from Linux 2.2.10 kernel source.
libnids-1.23/CHANGES 0000600 0000764 0000764 00000013613 10760071761 014631 0 ustar nergal nergal 0000000 0000000 v1.23 Feb 23 2008
- fixed remotely triggerable NULL dereference in ip_fragment.c
- fix DLT_PRISM_HEADER linkoffset calculation
- check for DATA_FRAME_IS_QOS in wireless frames
- free queued tcp segments with too old seq
v1.22 Jul 22 2007
- in TCP stream, the byte with absolute offset 0 was treated as urgent data;
fixed
- DLT_IEEE802_11_RADIO handling
- added a few missing checks for failed malloc
v1.21 May 10 2006
- more externals to access libnids' intrinsics from the outside
- nids_unregister_*()
- UDP checksumming fix (0 is not an error according to RFC768)
- nids_params.tcp_workarounds
- nids_params.multiproc and queue_limit: merged a patch which creates a
separate thread for packet capture;
- in killtcp.c, send two more RST packets (required because of MS05-019
patch)
- glibc 2.4 syslog.h disaster workaround
v1.20 Feb 4 2005
- added wscale option parsing; surprisingly, it seems to be in some use
- added nids_dispatch(), for systems which do not ignore pcap timeout
- ability to specify hosts/networks for which we do not check checksums
v1.19 Aug 08 2004
- fixed signed/unsigned comparisons; 1.18 could be possibly crashed in tcp
options parsing (though an unlikely to happen memory layout is required);
now the source is compiled with -W -Wall
- export pcap header of the last received packet (to get timestamp etc)
- export the timeout parameter to pcap_open_live in params
- support DLT_PRISM_HEADER
- support DLT_PPP_SERIAL
- let through dataless acks
- fixed raw_init() prototype
- switched to use %edi instead of %ebx in csum_partial to make gcc-3.5 happy
when compiling with -fPIC; cleaned inline asm
- fixed a bug when a queued FIN segment was not processed properly, which
resulted in not closing a stream
v1.18 Oct 15 2003
- reject tcp packets with old timestamp; needed to pass fragroute test;
well, linux 2.0.36 did not support this ;)
- fixed memory corruption which could be caused by overlarge TCP packets
- adjusted checksum.c to not use multiline literals (for gcc 3.3)
- in configure.in, even if found libnet files, try compilation; there is
another library with the same name
- fix a bug in "collect" field handling; if you did collect-- and then
collect++ (which is rare), you would get a single junk packet
- correct handling of exec_prefix in configure.in
- unlink config.status in "make distclean"
- use pcap_hdr->caplen instead pcap_hdr->len; the only gain seems to be to
gracefully handle pcap files with too short snaplen
- changed soname to libnids.so.1.x, as binary compatibility is not
guaranteed
- switched to sourceforge as homepage
v1.17 Dec 12 2002
- fixed a stupid bug in TCP reassembly; having received a particular order
of TCP out of frame segments, libnids could lost track of the current
seq, and miss the following data stream
- DLT_FDDI
- benign typo in hash.c
- mentioned usefulness of two process buffering on a fast network
v1.17rc1 Aug 30 2002
- support for libnet-1.1 and --with-libnet=no
- added support for libpcap save files
- finally, DLT_LINUX_SLL is recognized
- removed a horrible assumption on sizeof(pointer); it could result in
segfault in scan.c
- --enable-shared
- __i386 -> __i386__ || __i386 :(
- support for 802.1Q VLAN
- support for wireless frames (DLT_IEEE802_11)
- got rid of (obsolete) pcap_open_live_new
- bail out if link type is unknown, instead of pretending it is ethernet
- $(MAKE) -> $(MAKE) $(AM_MAKEFLAGS)
- added a working link to Ptacek-Newsham paper
- %hi -> %hu :)
- align IP header if necessary (should not be)
- improved libraries detection
- mentioned usefulness od setsockopt(...SO_RCVBUF...) on a fast network
v1.16 Nov 3 2000
- nah, at least a release forced by a security bug. A typo in libnids.c
could cause libnids to segfault when source routed frame has been received.
v1.15 Oct 9 2000
- token ring support
- new configurable option (non-default): if a tcp callback hasn't processed
all available data, it is called immediately again
- fixed alignment in hash.c, which caused sigsegv on Sparc
- another _obviously_ redundant include file added to configure test progs
- html version of the API documentation
v1.14 Jun 28 2000
- fixed memory leak in tcp.c (queued tcp segments used to be not freed
after connection termination)
- added support to capture packets on all interfaces, including loopback
(linux only, using new libpcap features - autoconf changed)
- added nids_register_udp(); if anyone cares for UDP checksums...
- stupid bug in nids_register_ip_frag() fixed
- removed comments from asm code in checksum.c; Solaris compiler didn't
recognized them - sigh
- signed/unsigned bug in scan.c fixed
- tcp callback could be notified even if no nw data arrived - fixed
- added ability to disable tcp processing
- added ability to refrain from setting promisc flag
- libc5 support
- alpha platform support
- now it's possible to do setuid(nobody) after nids_init() with no loss
of functionality (killtcp works)
- removed pcap_lookupnet() call - one can capture packets from an interface
with no IP assigned
- hash function in tcp.c with pseudorandom parameters
- #define NIDS_MAJOR 1, #define NIDS_MINOR 14 in nids.h
v1.13 Jan 18 2000
- Changes by Dug Song:
- GNU autoconf support
- code cleanup and new libnids(3) manpage
- disable portscan detection if scan_num_hosts == 0
- new field in nids_params for pcap(3) support: pcap_filter
- subtle bugfix in ip_check_ext()
- Solaris support (endianness fixes, etc.)
- another tiny check in tcp.c
v1.12 Sep 15 1999
- processing of ICMP Destination Unreachable
- nids_next() and nids_getfd() functions added; new fields in nids_params:
no_mem, ip_filter
- clean error reporting via nids_errbuf; used by nids_init(), nids_next(),
nids_getfd()
- some more samples
v1.11 Aug 20 1999
- some stupid bugs removed (hopefully no more segfaults)
v1.1 Aug 10 1999
- *BSD support added by Dug Song
- some minor cleanups in libnids.c
- changed the license to GPL
v1.0 July 30 1999
- Initial public release
libnids-1.23/install-sh 0000700 0000764 0000764 00000011244 07123151340 015625 0 ustar nergal nergal 0000000 0000000 #! /bin/sh
#
# install - install a program, script, or datafile
# This comes from X11R5.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# `make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch.
#
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit="${DOITPROG-}"
# put in absolute paths if you don't have them in your path; or use env. vars.
mvprog="${MVPROG-mv}"
cpprog="${CPPROG-cp}"
chmodprog="${CHMODPROG-chmod}"
chownprog="${CHOWNPROG-chown}"
chgrpprog="${CHGRPPROG-chgrp}"
stripprog="${STRIPPROG-strip}"
rmprog="${RMPROG-rm}"
mkdirprog="${MKDIRPROG-mkdir}"
tranformbasename=""
transform_arg=""
instcmd="$mvprog"
chmodcmd="$chmodprog 0755"
chowncmd=""
chgrpcmd=""
stripcmd=""
rmcmd="$rmprog -f"
mvcmd="$mvprog"
src=""
dst=""
dir_arg=""
while [ x"$1" != x ]; do
case $1 in
-c) instcmd="$cpprog"
shift
continue;;
-d) dir_arg=true
shift
continue;;
-m) chmodcmd="$chmodprog $2"
shift
shift
continue;;
-o) chowncmd="$chownprog $2"
shift
shift
continue;;
-g) chgrpcmd="$chgrpprog $2"
shift
shift
continue;;
-s) stripcmd="$stripprog"
shift
continue;;
-t=*) transformarg=`echo $1 | sed 's/-t=//'`
shift
continue;;
-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
shift
continue;;
*) if [ x"$src" = x ]
then
src=$1
else
# this colon is to work around a 386BSD /bin/sh bug
:
dst=$1
fi
shift
continue;;
esac
done
if [ x"$src" = x ]
then
echo "install: no input file specified"
exit 1
else
true
fi
if [ x"$dir_arg" != x ]; then
dst=$src
src=""
if [ -d $dst ]; then
instcmd=:
else
instcmd=mkdir
fi
else
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if [ -f $src -o -d $src ]
then
true
else
echo "install: $src does not exist"
exit 1
fi
if [ x"$dst" = x ]
then
echo "install: no destination specified"
exit 1
else
true
fi
# If destination is a directory, append the input filename; if your system
# does not like double slashes in filenames, you may need to add some logic
if [ -d $dst ]
then
dst="$dst"/`basename $src`
else
true
fi
fi
## this sed command emulates the dirname command
dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
# Make sure that the destination directory exists.
# this part is taken from Noah Friedman's mkinstalldirs script
# Skip lots of stat calls in the usual case.
if [ ! -d "$dstdir" ]; then
defaultIFS='
'
IFS="${IFS-${defaultIFS}}"
oIFS="${IFS}"
# Some sh's can't handle IFS=/ for some reason.
IFS='%'
set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
IFS="${oIFS}"
pathcomp=''
while [ $# -ne 0 ] ; do
pathcomp="${pathcomp}${1}"
shift
if [ ! -d "${pathcomp}" ] ;
then
$mkdirprog "${pathcomp}"
else
true
fi
pathcomp="${pathcomp}/"
done
fi
if [ x"$dir_arg" != x ]
then
$doit $instcmd $dst &&
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
else
# If we're going to rename the final executable, determine the name now.
if [ x"$transformarg" = x ]
then
dstfile=`basename $dst`
else
dstfile=`basename $dst $transformbasename |
sed $transformarg`$transformbasename
fi
# don't allow the sed command to completely eliminate the filename
if [ x"$dstfile" = x ]
then
dstfile=`basename $dst`
else
true
fi
# Make a temp file name in the proper directory.
dsttmp=$dstdir/#inst.$$#
# Move or copy the file name to the temp name
$doit $instcmd $src $dsttmp &&
trap "rm -f ${dsttmp}" 0 &&
# and set any options; do chmod last to preserve setuid bits
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $instcmd $src $dsttmp" command.
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
# Now rename the file to the real destination.
$doit $rmcmd -f $dstdir/$dstfile &&
$doit $mvcmd $dsttmp $dstdir/$dstfile
fi &&
exit 0
libnids-1.23/configure.in 0000600 0000764 0000764 00000014344 10425441013 016136 0 ustar nergal nergal 0000000 0000000 dnl
dnl configure.in for libnids.
dnl
dnl Dug Song
dnl ... mantained by Nergal
AC_INIT(src/libnids.c)
AC_CANONICAL_SYSTEM
AC_CONFIG_HEADER(src/config.h)
dnl Initialize prefix.
if test "$prefix" = "NONE" ; then
prefix="/usr/local"
fi
dnl Initialize exec_prefix.
if test "$exec_prefix" = "NONE" ; then
exec_prefix=$prefix
fi
dnl Checks for programs.
AC_PROG_CC
AC_PROG_RANLIB
AC_PROG_INSTALL
dnl Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS(sys/time.h syslog.h unistd.h)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_C_INLINE
AC_HEADER_TIME
AC_C_BIGENDIAN
dnl XXX - Linux sux.
CFLAGS="$CFLAGS -D_BSD_SOURCE"
dnl Checks for library functions.
AC_CHECK_FUNCS(gettimeofday)
dnl XXX - Solaris sux.
AC_CHECK_LIB(socket, socket)
AC_CHECK_LIB(nsl, gethostbyname)
case "$target_cpu" in
alpha*|arm*|hp*|mips*|sparc*)
ac_cv_lbl_unaligned_fail=yes
;;
*)
ac_cv_lbl_unaligned_fail=no
;;
esac
if test $ac_cv_lbl_unaligned_fail = yes ; then
AC_DEFINE(LBL_ALIGN,1,[if unaligned access fails])
fi
dnl Checks for libpcap
AC_MSG_CHECKING(for libpcap)
AC_ARG_WITH(libpcap,
[ --with-libpcap=DIR use libpcap build directory],
[ case "$withval" in
yes|no)
AC_MSG_RESULT(no)
;;
*)
AC_MSG_RESULT($withval)
if test -f $withval/pcap.h -a -f $withval/libpcap.a; then
owd=`pwd`
if cd $withval; then withval=`pwd`; cd $owd; fi
PCAP_CFLAGS="-I$withval -I$withval/bpf"
PCAPLIB="-L$withval -lpcap"
else
AC_ERROR(pcap.h or libpcap.a not found in $withval)
fi
;;
esac ],
[ if test -f ${prefix}/include/pcap.h; then
PCAP_CFLAGS="-I${prefix}/include"
PCAPLIB="-L${exec_prefix}/lib -lpcap"
elif test -f /usr/include/pcap/pcap.h; then
PCAP_CFLAGS="-I/usr/include/pcap"
PCAPLIB="-lpcap"
else
TMP=$LIBS
LIBS="-lpcap $LIBS"
AC_TRY_LINK([#include ], pcap_open_offline("",""),
LIBPCAP_FOUND=1,LIBPCAP_FOUND=0)
LIBS=$TMP
if test $LIBPCAP_FOUND = 1 ; then
PCAPLIB="-lpcap"
else
AC_ERROR(libpcap not found)
fi
fi
AC_MSG_RESULT(yes) ]
)
AC_SUBST(PCAP_CFLAGS)
AC_SUBST(PCAPLIB)
dnl Checks for libglib2.8
AC_ARG_ENABLE(libglib,
[ --disable-libglib use glib2 for multiprocessing support],
[
AC_MSG_RESULT(skipping glib2 support)
],
[
PKG_PROG_PKG_CONFIG
PKG_CHECK_MODULES(GLIB, glib-2.0 >= 2.2.0,[
PKG_CHECK_MODULES(GTHREAD, gthread-2.0 >= 2.2.0,,)
AC_CHECK_LIB(gthread-2.0,g_thread_init,,,$GTHREAD_LIBS)
],)
]
)
dnl Checks for libnet
AC_MSG_CHECKING(for libnet)
AC_ARG_ENABLE(libnet,
[ --disable-libnet whether to include code requiring libnet],
[ case "$enableval" in
yes)
AC_MSG_RESULT(yes)
;;
no)
AC_MSG_RESULT(no)
LIBNET_VER=-1
;;
*)
AC_ERROR(no arguments expected for --disable-libnet)
;;
esac ]
)
AC_ARG_WITH(libnet,
[ --with-libnet=DIR use libnet build directory],
[ case "$withval" in
yes)
;;
no)
LIBNET_VER=-1
AC_MSG_RESULT(no)
;;
*)
AC_MSG_RESULT($withval)
if test -f $withval/include/libnet.h -a -f $withval/lib/libnet.a -a -f $withval/libnet-config ; then
owd=`pwd`
if cd $withval; then withval=`pwd`; cd $owd; fi
LNET_CFLAGS="-I$withval/include `$withval/libnet-config --defines`"
LNETLIB="-L$withval/lib -lnet"
elif test -f $withval/include/libnet.h -a -f $withval/src/libnet.a; then
owd=`pwd`
if cd $withval; then withval=`pwd`; cd $owd; fi
LNET_CFLAGS="-I$withval/include"
LNETLIB="-L$withval/src -lnet"
else
echo "A working combination of libnet.h, libnet.a and libnet-config not found in $withval; get libnet from www.packetfactory.net/projects/libnet and reinstall"
AC_ERROR(libnet)
fi
;;
esac ],
[ if test "x"$LIBNET_VER = "x"-1 ; then
AC_MSG_RESULT(skipping libnet)
else
if test -f ${prefix}/include/libnet.h -a ${exec_prefix}/lib/libnet.a ; then
LNET_CFLAGS="-I${prefix}/include `${exec_prefix}/bin/libnet-config --defines 2>/dev/null`"
LNETLIB="-L${exec_prefix}/lib -lnet"
else
LNET_CFLAGS="`libnet-config --defines 2>/dev/null`"
LNETLIB="-lnet"
fi
fi ]
)
if test "x"$LIBNET_VER != "x"-1 ; then
TMPC="$CFLAGS"
TMPL="$LIBS"
CFLAGS="$CFLAGS $LNET_CFLAGS"
LIBS="$LNETLIB $LIBS"
AC_TRY_LINK([#include ], libnet_get_prand(0),
LIBNET_FOUND=1,LIBNET_FOUND=0)
CFLAGS="$TMPC"
LIBS="$TMPL"
if test $LIBNET_FOUND = 1 ; then
LNETLIB="-lnet"
AC_MSG_RESULT(yes)
else
echo "Working libnet not found; get it from www.packetfactory.net/projects/libnet and reinstall"
AC_ERROR(libnet)
fi
fi
AC_SUBST(LNET_CFLAGS)
AC_SUBST(LNETLIB)
BUILD_SHARED=
AC_MSG_CHECKING(whether to build shared library)
AC_ARG_ENABLE(shared,
[ --enable-shared enable building shared libraries],
[ case "$enableval" in
yes)
AC_MSG_RESULT(yes)
BUILD_SHARED=shared
;;
no)
AC_MSG_RESULT(no)
;;
*)
AC_ERROR(no arguments expected for --enable-shared)
;;
esac ],
[AC_MSG_RESULT(no)]
)
AC_SUBST(BUILD_SHARED)
AC_MSG_CHECKING(the name of struct icmp)
AC_TRY_COMPILE([#include
#include
#include
#include ], struct icmphdr h;int c=h.type, ICMPHEADER=1,ICMPHEADER=0)
AC_SUBST(ICMPHEADER)
if test $ICMPHEADER = 1 ; then
AC_MSG_RESULT(struct icmphdr) ; else AC_MSG_RESULT(struct icmp)
fi
AC_MSG_CHECKING(if tcp states are defined)
AC_TRY_COMPILE([#include
#include
#include ], int c=TCP_ESTABLISHED,TCPSTATES=1,TCPSTATES=0)
AC_SUBST(TCPSTATES)
if test $TCPSTATES = 1 ; then
AC_MSG_RESULT(yes) ; else AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(for bsd-ish struct udphdr)
AC_TRY_COMPILE([#include
#include
#include ], struct udphdr h;int c=h.uh_ulen,HAVE_BSD_UDPHDR=1,HAVE_BSD_UDPHDR=0)
AC_SUBST(HAVE_BSD_UDPHDR)
if test $HAVE_BSD_UDPHDR = 1 ; then
AC_MSG_RESULT(yes) ; else AC_MSG_RESULT(no)
fi
if test "x"$LIBNET_VER != "x"-1 ; then
TMP=$CFLAGS
CFLAGS="$CFLAGS $LNET_CFLAGS"
AC_MSG_CHECKING(libnet version)
AC_TRY_COMPILE([#include ], int c=LIBNET_PTAG_INITIALIZER,
LIBNET_VER=1,LIBNET_VER=0)
CFLAGS=$TMP
if test $LIBNET_VER = 1 ; then
AC_MSG_RESULT(looks new) ; else AC_MSG_RESULT(looks old)
fi
fi
AC_SUBST(LIBNET_VER)
AC_OUTPUT(Makefile src/Makefile samples/Makefile)
libnids-1.23/Makefile.in 0000600 0000764 0000764 00000000654 07743113201 015675 0 ustar nergal nergal 0000000 0000000 #
# Makefile for libnids.
#
# Dug Song
all: static @BUILD_SHARED@
install: _install@BUILD_SHARED@
static shared _install _installshared:
cd src ; $(MAKE) $(AM_MAKEFLAGS) $@
# cd samples; $(MAKE) $(AM_MAKEFLAGS) $@
clean:
cd src ; $(MAKE) $(AM_MAKEFLAGS) $@
cd samples; $(MAKE) $(AM_MAKEFLAGS) $@
distclean: clean
rm -f Makefile */Makefile */config.h config.status config.cache config.log *~
# EOF
libnids-1.23/configure 0000755 0000764 0000764 00000526726 10425441013 015560 0 ustar nergal nergal 0000000 0000000 #! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.59.
#
# Copyright (C) 2003 Free Software Foundation, Inc.
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.
## --------------------- ##
## M4sh Initialization. ##
## --------------------- ##
# Be Bourne compatible
if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
emulate sh
NULLCMD=:
# Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
set -o posix
fi
DUALCASE=1; export DUALCASE # for MKS sh
# Support unset when possible.
if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
as_unset=unset
else
as_unset=false
fi
# Work around bugs in pre-3.0 UWIN ksh.
$as_unset ENV MAIL MAILPATH
PS1='$ '
PS2='> '
PS4='+ '
# NLS nuisances.
for as_var in \
LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
LC_TELEPHONE LC_TIME
do
if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
eval $as_var=C; export $as_var
else
$as_unset $as_var
fi
done
# Required to use basename.
if expr a : '\(a\)' >/dev/null 2>&1; then
as_expr=expr
else
as_expr=false
fi
if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
as_basename=basename
else
as_basename=false
fi
# Name of the executable.
as_me=`$as_basename "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
X"$0" : 'X\(/\)$' \| \
. : '\(.\)' 2>/dev/null ||
echo X/"$0" |
sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
/^X\/\(\/\/\)$/{ s//\1/; q; }
/^X\/\(\/\).*/{ s//\1/; q; }
s/.*/./; q'`
# PATH needs CR, and LINENO needs CR and PATH.
# Avoid depending upon Character Ranges.
as_cr_letters='abcdefghijklmnopqrstuvwxyz'
as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
as_cr_Letters=$as_cr_letters$as_cr_LETTERS
as_cr_digits='0123456789'
as_cr_alnum=$as_cr_Letters$as_cr_digits
# The user is always right.
if test "${PATH_SEPARATOR+set}" != set; then
echo "#! /bin/sh" >conf$$.sh
echo "exit 0" >>conf$$.sh
chmod +x conf$$.sh
if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
PATH_SEPARATOR=';'
else
PATH_SEPARATOR=:
fi
rm -f conf$$.sh
fi
as_lineno_1=$LINENO
as_lineno_2=$LINENO
as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
test "x$as_lineno_1" != "x$as_lineno_2" &&
test "x$as_lineno_3" = "x$as_lineno_2" || {
# Find who we are. Look in the path if we contain no path at all
# relative or not.
case $0 in
*[\\/]* ) as_myself=$0 ;;
*) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
done
;;
esac
# We did not find ourselves, most probably we were run as `sh COMMAND'
# in which case we are not to be found in the path.
if test "x$as_myself" = x; then
as_myself=$0
fi
if test ! -f "$as_myself"; then
{ echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2
{ (exit 1); exit 1; }; }
fi
case $CONFIG_SHELL in
'')
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for as_base in sh bash ksh sh5; do
case $as_dir in
/*)
if ("$as_dir/$as_base" -c '
as_lineno_1=$LINENO
as_lineno_2=$LINENO
as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
test "x$as_lineno_1" != "x$as_lineno_2" &&
test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
$as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
$as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
CONFIG_SHELL=$as_dir/$as_base
export CONFIG_SHELL
exec "$CONFIG_SHELL" "$0" ${1+"$@"}
fi;;
esac
done
done
;;
esac
# Create $as_me.lineno as a copy of $as_myself, but with $LINENO
# uniformly replaced by the line number. The first 'sed' inserts a
# line-number line before each line; the second 'sed' does the real
# work. The second script uses 'N' to pair each line-number line
# with the numbered line, and appends trailing '-' during
# substitution so that $LINENO is not a special case at line end.
# (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
# second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
sed '=' <$as_myself |
sed '
N
s,$,-,
: loop
s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
t loop
s,-$,,
s,^['$as_cr_digits']*\n,,
' >$as_me.lineno &&
chmod +x $as_me.lineno ||
{ echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
{ (exit 1); exit 1; }; }
# Don't try to exec as it changes $[0], causing all sort of problems
# (the dirname of $[0] is not the place where we might find the
# original and so on. Autoconf is especially sensible to this).
. ./$as_me.lineno
# Exit status is that of the last command.
exit
}
case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
*c*,-n*) ECHO_N= ECHO_C='
' ECHO_T=' ' ;;
*c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
*) ECHO_N= ECHO_C='\c' ECHO_T= ;;
esac
if expr a : '\(a\)' >/dev/null 2>&1; then
as_expr=expr
else
as_expr=false
fi
rm -f conf$$ conf$$.exe conf$$.file
echo >conf$$.file
if ln -s conf$$.file conf$$ 2>/dev/null; then
# We could just check for DJGPP; but this test a) works b) is more generic
# and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
if test -f conf$$.exe; then
# Don't use ln at all; we don't have any links
as_ln_s='cp -p'
else
as_ln_s='ln -s'
fi
elif ln conf$$.file conf$$ 2>/dev/null; then
as_ln_s=ln
else
as_ln_s='cp -p'
fi
rm -f conf$$ conf$$.exe conf$$.file
if mkdir -p . 2>/dev/null; then
as_mkdir_p=:
else
test -d ./-p && rmdir ./-p
as_mkdir_p=false
fi
as_executable_p="test -f"
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
# Sed expression to map a string onto a valid variable name.
as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
# IFS
# We need space, tab and new line, in precisely that order.
as_nl='
'
IFS=" $as_nl"
# CDPATH.
$as_unset CDPATH
# Name of the host.
# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
# so uname gets run too.
ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
exec 6>&1
#
# Initializations.
#
ac_default_prefix=/usr/local
ac_config_libobj_dir=.
cross_compiling=no
subdirs=
MFLAGS=
MAKEFLAGS=
SHELL=${CONFIG_SHELL-/bin/sh}
# Maximum number of lines to put in a shell here document.
# This variable seems obsolete. It should probably be removed, and
# only ac_max_sed_lines should be used.
: ${ac_max_here_lines=38}
# Identity of this package.
PACKAGE_NAME=
PACKAGE_TARNAME=
PACKAGE_VERSION=
PACKAGE_STRING=
PACKAGE_BUGREPORT=
ac_unique_file="src/libnids.c"
# Factoring default headers for most tests.
ac_includes_default="\
#include
#if HAVE_SYS_TYPES_H
# include
#endif
#if HAVE_SYS_STAT_H
# include
#endif
#if STDC_HEADERS
# include
# include
#else
# if HAVE_STDLIB_H
# include
# endif
#endif
#if HAVE_STRING_H
# if !STDC_HEADERS && HAVE_MEMORY_H
# include
# endif
# include
#endif
#if HAVE_STRINGS_H
# include
#endif
#if HAVE_INTTYPES_H
# include
#else
# if HAVE_STDINT_H
# include
# endif
#endif
#if HAVE_UNISTD_H
# include
#endif"
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CPP EGREP PCAP_CFLAGS PCAPLIB PKG_CONFIG ac_pt_PKG_CONFIG GLIB_CFLAGS GLIB_LIBS GTHREAD_CFLAGS GTHREAD_LIBS LNET_CFLAGS LNETLIB BUILD_SHARED ICMPHEADER TCPSTATES HAVE_BSD_UDPHDR LIBNET_VER LIBOBJS LTLIBOBJS'
ac_subst_files=''
# Initialize some variables set by options.
ac_init_help=
ac_init_version=false
# The variables have the same names as the options, with
# dashes changed to underlines.
cache_file=/dev/null
exec_prefix=NONE
no_create=
no_recursion=
prefix=NONE
program_prefix=NONE
program_suffix=NONE
program_transform_name=s,x,x,
silent=
site=
srcdir=
verbose=
x_includes=NONE
x_libraries=NONE
# Installation directory options.
# These are left unexpanded so users can "make install exec_prefix=/foo"
# and all the variables that are supposed to be based on exec_prefix
# by default will actually change.
# Use braces instead of parens because sh, perl, etc. also accept them.
bindir='${exec_prefix}/bin'
sbindir='${exec_prefix}/sbin'
libexecdir='${exec_prefix}/libexec'
datadir='${prefix}/share'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
libdir='${exec_prefix}/lib'
includedir='${prefix}/include'
oldincludedir='/usr/include'
infodir='${prefix}/info'
mandir='${prefix}/man'
ac_prev=
for ac_option
do
# If the previous option needs an argument, assign it.
if test -n "$ac_prev"; then
eval "$ac_prev=\$ac_option"
ac_prev=
continue
fi
ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'`
# Accept the important Cygnus configure options, so we can diagnose typos.
case $ac_option in
-bindir | --bindir | --bindi | --bind | --bin | --bi)
ac_prev=bindir ;;
-bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
bindir=$ac_optarg ;;
-build | --build | --buil | --bui | --bu)
ac_prev=build_alias ;;
-build=* | --build=* | --buil=* | --bui=* | --bu=*)
build_alias=$ac_optarg ;;
-cache-file | --cache-file | --cache-fil | --cache-fi \
| --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
ac_prev=cache_file ;;
-cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
| --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
cache_file=$ac_optarg ;;
--config-cache | -C)
cache_file=config.cache ;;
-datadir | --datadir | --datadi | --datad | --data | --dat | --da)
ac_prev=datadir ;;
-datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
| --da=*)
datadir=$ac_optarg ;;
-disable-* | --disable-*)
ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
{ echo "$as_me: error: invalid feature name: $ac_feature" >&2
{ (exit 1); exit 1; }; }
ac_feature=`echo $ac_feature | sed 's/-/_/g'`
eval "enable_$ac_feature=no" ;;
-enable-* | --enable-*)
ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
{ echo "$as_me: error: invalid feature name: $ac_feature" >&2
{ (exit 1); exit 1; }; }
ac_feature=`echo $ac_feature | sed 's/-/_/g'`
case $ac_option in
*=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
*) ac_optarg=yes ;;
esac
eval "enable_$ac_feature='$ac_optarg'" ;;
-exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
| --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
| --exec | --exe | --ex)
ac_prev=exec_prefix ;;
-exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
| --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
| --exec=* | --exe=* | --ex=*)
exec_prefix=$ac_optarg ;;
-gas | --gas | --ga | --g)
# Obsolete; use --with-gas.
with_gas=yes ;;
-help | --help | --hel | --he | -h)
ac_init_help=long ;;
-help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
ac_init_help=recursive ;;
-help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
ac_init_help=short ;;
-host | --host | --hos | --ho)
ac_prev=host_alias ;;
-host=* | --host=* | --hos=* | --ho=*)
host_alias=$ac_optarg ;;
-includedir | --includedir | --includedi | --included | --include \
| --includ | --inclu | --incl | --inc)
ac_prev=includedir ;;
-includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
| --includ=* | --inclu=* | --incl=* | --inc=*)
includedir=$ac_optarg ;;
-infodir | --infodir | --infodi | --infod | --info | --inf)
ac_prev=infodir ;;
-infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
infodir=$ac_optarg ;;
-libdir | --libdir | --libdi | --libd)
ac_prev=libdir ;;
-libdir=* | --libdir=* | --libdi=* | --libd=*)
libdir=$ac_optarg ;;
-libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
| --libexe | --libex | --libe)
ac_prev=libexecdir ;;
-libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
| --libexe=* | --libex=* | --libe=*)
libexecdir=$ac_optarg ;;
-localstatedir | --localstatedir | --localstatedi | --localstated \
| --localstate | --localstat | --localsta | --localst \
| --locals | --local | --loca | --loc | --lo)
ac_prev=localstatedir ;;
-localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
| --localstate=* | --localstat=* | --localsta=* | --localst=* \
| --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
localstatedir=$ac_optarg ;;
-mandir | --mandir | --mandi | --mand | --man | --ma | --m)
ac_prev=mandir ;;
-mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
mandir=$ac_optarg ;;
-nfp | --nfp | --nf)
# Obsolete; use --without-fp.
with_fp=no ;;
-no-create | --no-create | --no-creat | --no-crea | --no-cre \
| --no-cr | --no-c | -n)
no_create=yes ;;
-no-recursion | --no-recursion | --no-recursio | --no-recursi \
| --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
no_recursion=yes ;;
-oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
| --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
| --oldin | --oldi | --old | --ol | --o)
ac_prev=oldincludedir ;;
-oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
| --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
| --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
oldincludedir=$ac_optarg ;;
-prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
ac_prev=prefix ;;
-prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
prefix=$ac_optarg ;;
-program-prefix | --program-prefix | --program-prefi | --program-pref \
| --program-pre | --program-pr | --program-p)
ac_prev=program_prefix ;;
-program-prefix=* | --program-prefix=* | --program-prefi=* \
| --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
program_prefix=$ac_optarg ;;
-program-suffix | --program-suffix | --program-suffi | --program-suff \
| --program-suf | --program-su | --program-s)
ac_prev=program_suffix ;;
-program-suffix=* | --program-suffix=* | --program-suffi=* \
| --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
program_suffix=$ac_optarg ;;
-program-transform-name | --program-transform-name \
| --program-transform-nam | --program-transform-na \
| --program-transform-n | --program-transform- \
| --program-transform | --program-transfor \
| --program-transfo | --program-transf \
| --program-trans | --program-tran \
| --progr-tra | --program-tr | --program-t)
ac_prev=program_transform_name ;;
-program-transform-name=* | --program-transform-name=* \
| --program-transform-nam=* | --program-transform-na=* \
| --program-transform-n=* | --program-transform-=* \
| --program-transform=* | --program-transfor=* \
| --program-transfo=* | --program-transf=* \
| --program-trans=* | --program-tran=* \
| --progr-tra=* | --program-tr=* | --program-t=*)
program_transform_name=$ac_optarg ;;
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
| --sbi=* | --sb=*)
sbindir=$ac_optarg ;;
-sharedstatedir | --sharedstatedir | --sharedstatedi \
| --sharedstated | --sharedstate | --sharedstat | --sharedsta \
| --sharedst | --shareds | --shared | --share | --shar \
| --sha | --sh)
ac_prev=sharedstatedir ;;
-sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
| --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
| --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
| --sha=* | --sh=*)
sharedstatedir=$ac_optarg ;;
-site | --site | --sit)
ac_prev=site ;;
-site=* | --site=* | --sit=*)
site=$ac_optarg ;;
-srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
ac_prev=srcdir ;;
-srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
srcdir=$ac_optarg ;;
-sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
| --syscon | --sysco | --sysc | --sys | --sy)
ac_prev=sysconfdir ;;
-sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
| --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
sysconfdir=$ac_optarg ;;
-target | --target | --targe | --targ | --tar | --ta | --t)
ac_prev=target_alias ;;
-target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
target_alias=$ac_optarg ;;
-v | -verbose | --verbose | --verbos | --verbo | --verb)
verbose=yes ;;
-version | --version | --versio | --versi | --vers | -V)
ac_init_version=: ;;
-with-* | --with-*)
ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
{ echo "$as_me: error: invalid package name: $ac_package" >&2
{ (exit 1); exit 1; }; }
ac_package=`echo $ac_package| sed 's/-/_/g'`
case $ac_option in
*=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
*) ac_optarg=yes ;;
esac
eval "with_$ac_package='$ac_optarg'" ;;
-without-* | --without-*)
ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
{ echo "$as_me: error: invalid package name: $ac_package" >&2
{ (exit 1); exit 1; }; }
ac_package=`echo $ac_package | sed 's/-/_/g'`
eval "with_$ac_package=no" ;;
--x)
# Obsolete; use --with-x.
with_x=yes ;;
-x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
| --x-incl | --x-inc | --x-in | --x-i)
ac_prev=x_includes ;;
-x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
| --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
x_includes=$ac_optarg ;;
-x-libraries | --x-libraries | --x-librarie | --x-librari \
| --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
ac_prev=x_libraries ;;
-x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
| --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
x_libraries=$ac_optarg ;;
-*) { echo "$as_me: error: unrecognized option: $ac_option
Try \`$0 --help' for more information." >&2
{ (exit 1); exit 1; }; }
;;
*=*)
ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
# Reject names that are not valid shell variable names.
expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
{ echo "$as_me: error: invalid variable name: $ac_envvar" >&2
{ (exit 1); exit 1; }; }
ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
eval "$ac_envvar='$ac_optarg'"
export $ac_envvar ;;
*)
# FIXME: should be removed in autoconf 3.0.
echo "$as_me: WARNING: you should use --build, --host, --target" >&2
expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
echo "$as_me: WARNING: invalid host type: $ac_option" >&2
: ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
;;
esac
done
if test -n "$ac_prev"; then
ac_option=--`echo $ac_prev | sed 's/_/-/g'`
{ echo "$as_me: error: missing argument to $ac_option" >&2
{ (exit 1); exit 1; }; }
fi
# Be sure to have absolute paths.
for ac_var in exec_prefix prefix
do
eval ac_val=$`echo $ac_var`
case $ac_val in
[\\/$]* | ?:[\\/]* | NONE | '' ) ;;
*) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
{ (exit 1); exit 1; }; };;
esac
done
# Be sure to have absolute paths.
for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \
localstatedir libdir includedir oldincludedir infodir mandir
do
eval ac_val=$`echo $ac_var`
case $ac_val in
[\\/$]* | ?:[\\/]* ) ;;
*) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
{ (exit 1); exit 1; }; };;
esac
done
# There might be people who depend on the old broken behavior: `$host'
# used to hold the argument of --host etc.
# FIXME: To remove some day.
build=$build_alias
host=$host_alias
target=$target_alias
# FIXME: To remove some day.
if test "x$host_alias" != x; then
if test "x$build_alias" = x; then
cross_compiling=maybe
echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
If a cross compiler is detected then cross compile mode will be used." >&2
elif test "x$build_alias" != "x$host_alias"; then
cross_compiling=yes
fi
fi
ac_tool_prefix=
test -n "$host_alias" && ac_tool_prefix=$host_alias-
test "$silent" = yes && exec 6>/dev/null
# Find the source files, if location was not specified.
if test -z "$srcdir"; then
ac_srcdir_defaulted=yes
# Try the directory containing this script, then its parent.
ac_confdir=`(dirname "$0") 2>/dev/null ||
$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$0" : 'X\(//\)[^/]' \| \
X"$0" : 'X\(//\)$' \| \
X"$0" : 'X\(/\)' \| \
. : '\(.\)' 2>/dev/null ||
echo X"$0" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
/^X\(\/\/\)[^/].*/{ s//\1/; q; }
/^X\(\/\/\)$/{ s//\1/; q; }
/^X\(\/\).*/{ s//\1/; q; }
s/.*/./; q'`
srcdir=$ac_confdir
if test ! -r $srcdir/$ac_unique_file; then
srcdir=..
fi
else
ac_srcdir_defaulted=no
fi
if test ! -r $srcdir/$ac_unique_file; then
if test "$ac_srcdir_defaulted" = yes; then
{ echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2
{ (exit 1); exit 1; }; }
else
{ echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
{ (exit 1); exit 1; }; }
fi
fi
(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null ||
{ echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2
{ (exit 1); exit 1; }; }
srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`
ac_env_build_alias_set=${build_alias+set}
ac_env_build_alias_value=$build_alias
ac_cv_env_build_alias_set=${build_alias+set}
ac_cv_env_build_alias_value=$build_alias
ac_env_host_alias_set=${host_alias+set}
ac_env_host_alias_value=$host_alias
ac_cv_env_host_alias_set=${host_alias+set}
ac_cv_env_host_alias_value=$host_alias
ac_env_target_alias_set=${target_alias+set}
ac_env_target_alias_value=$target_alias
ac_cv_env_target_alias_set=${target_alias+set}
ac_cv_env_target_alias_value=$target_alias
ac_env_CC_set=${CC+set}
ac_env_CC_value=$CC
ac_cv_env_CC_set=${CC+set}
ac_cv_env_CC_value=$CC
ac_env_CFLAGS_set=${CFLAGS+set}
ac_env_CFLAGS_value=$CFLAGS
ac_cv_env_CFLAGS_set=${CFLAGS+set}
ac_cv_env_CFLAGS_value=$CFLAGS
ac_env_LDFLAGS_set=${LDFLAGS+set}
ac_env_LDFLAGS_value=$LDFLAGS
ac_cv_env_LDFLAGS_set=${LDFLAGS+set}
ac_cv_env_LDFLAGS_value=$LDFLAGS
ac_env_CPPFLAGS_set=${CPPFLAGS+set}
ac_env_CPPFLAGS_value=$CPPFLAGS
ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set}
ac_cv_env_CPPFLAGS_value=$CPPFLAGS
ac_env_CPP_set=${CPP+set}
ac_env_CPP_value=$CPP
ac_cv_env_CPP_set=${CPP+set}
ac_cv_env_CPP_value=$CPP
ac_env_PKG_CONFIG_set=${PKG_CONFIG+set}
ac_env_PKG_CONFIG_value=$PKG_CONFIG
ac_cv_env_PKG_CONFIG_set=${PKG_CONFIG+set}
ac_cv_env_PKG_CONFIG_value=$PKG_CONFIG
ac_env_GLIB_CFLAGS_set=${GLIB_CFLAGS+set}
ac_env_GLIB_CFLAGS_value=$GLIB_CFLAGS
ac_cv_env_GLIB_CFLAGS_set=${GLIB_CFLAGS+set}
ac_cv_env_GLIB_CFLAGS_value=$GLIB_CFLAGS
ac_env_GLIB_LIBS_set=${GLIB_LIBS+set}
ac_env_GLIB_LIBS_value=$GLIB_LIBS
ac_cv_env_GLIB_LIBS_set=${GLIB_LIBS+set}
ac_cv_env_GLIB_LIBS_value=$GLIB_LIBS
ac_env_GTHREAD_CFLAGS_set=${GTHREAD_CFLAGS+set}
ac_env_GTHREAD_CFLAGS_value=$GTHREAD_CFLAGS
ac_cv_env_GTHREAD_CFLAGS_set=${GTHREAD_CFLAGS+set}
ac_cv_env_GTHREAD_CFLAGS_value=$GTHREAD_CFLAGS
ac_env_GTHREAD_LIBS_set=${GTHREAD_LIBS+set}
ac_env_GTHREAD_LIBS_value=$GTHREAD_LIBS
ac_cv_env_GTHREAD_LIBS_set=${GTHREAD_LIBS+set}
ac_cv_env_GTHREAD_LIBS_value=$GTHREAD_LIBS
#
# Report the --help message.
#
if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures this package to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print \`checking...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for \`--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or \`..']
_ACEOF
cat <<_ACEOF
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[$ac_default_prefix]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, \`make install' will install all the files in
\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
an installation prefix other than \`$ac_default_prefix' using \`--prefix',
for instance \`--prefix=\$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--datadir=DIR read-only architecture-independent data [PREFIX/share]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--infodir=DIR info documentation [PREFIX/info]
--mandir=DIR man documentation [PREFIX/man]
_ACEOF
cat <<\_ACEOF
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
--target=TARGET configure for building compilers for TARGET [HOST]
_ACEOF
fi
if test -n "$ac_init_help"; then
cat <<\_ACEOF
Optional Features:
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-libglib use glib2 for multiprocessing support
--disable-libnet whether to include code requiring libnet
--enable-shared enable building shared libraries
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-libpcap=DIR use libpcap build directory
--with-libnet=DIR use libnet build directory
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L if you have libraries in a
nonstandard directory
CPPFLAGS C/C++ preprocessor flags, e.g. -I if you have
headers in a nonstandard directory
CPP C preprocessor
PKG_CONFIG path to pkg-config utility
GLIB_CFLAGS C compiler flags for GLIB, overriding pkg-config
GLIB_LIBS linker flags for GLIB, overriding pkg-config
GTHREAD_CFLAGS
C compiler flags for GTHREAD, overriding pkg-config
GTHREAD_LIBS
linker flags for GTHREAD, overriding pkg-config
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
_ACEOF
fi
if test "$ac_init_help" = "recursive"; then
# If there are subdirs, report their specific --help.
ac_popdir=`pwd`
for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
test -d $ac_dir || continue
ac_builddir=.
if test "$ac_dir" != .; then
ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
# A "../" for each directory in $ac_dir_suffix.
ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
else
ac_dir_suffix= ac_top_builddir=
fi
case $srcdir in
.) # No --srcdir option. We are building in place.
ac_srcdir=.
if test -z "$ac_top_builddir"; then
ac_top_srcdir=.
else
ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
fi ;;
[\\/]* | ?:[\\/]* ) # Absolute path.
ac_srcdir=$srcdir$ac_dir_suffix;
ac_top_srcdir=$srcdir ;;
*) # Relative path.
ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
ac_top_srcdir=$ac_top_builddir$srcdir ;;
esac
# Do not use `cd foo && pwd` to compute absolute paths, because
# the directories may not exist.
case `pwd` in
.) ac_abs_builddir="$ac_dir";;
*)
case "$ac_dir" in
.) ac_abs_builddir=`pwd`;;
[\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
*) ac_abs_builddir=`pwd`/"$ac_dir";;
esac;;
esac
case $ac_abs_builddir in
.) ac_abs_top_builddir=${ac_top_builddir}.;;
*)
case ${ac_top_builddir}. in
.) ac_abs_top_builddir=$ac_abs_builddir;;
[\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
*) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
esac;;
esac
case $ac_abs_builddir in
.) ac_abs_srcdir=$ac_srcdir;;
*)
case $ac_srcdir in
.) ac_abs_srcdir=$ac_abs_builddir;;
[\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
*) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
esac;;
esac
case $ac_abs_builddir in
.) ac_abs_top_srcdir=$ac_top_srcdir;;
*)
case $ac_top_srcdir in
.) ac_abs_top_srcdir=$ac_abs_builddir;;
[\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
*) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
esac;;
esac
cd $ac_dir
# Check for guested configure; otherwise get Cygnus style configure.
if test -f $ac_srcdir/configure.gnu; then
echo
$SHELL $ac_srcdir/configure.gnu --help=recursive
elif test -f $ac_srcdir/configure; then
echo
$SHELL $ac_srcdir/configure --help=recursive
elif test -f $ac_srcdir/configure.ac ||
test -f $ac_srcdir/configure.in; then
echo
$ac_configure --help
else
echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
fi
cd "$ac_popdir"
done
fi
test -n "$ac_init_help" && exit 0
if $ac_init_version; then
cat <<\_ACEOF
Copyright (C) 2003 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
exit 0
fi
exec 5>config.log
cat >&5 <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by $as_me, which was
generated by GNU Autoconf 2.59. Invocation command line was
$ $0 $@
_ACEOF
{
cat <<_ASUNAME
## --------- ##
## Platform. ##
## --------- ##
hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
uname -m = `(uname -m) 2>/dev/null || echo unknown`
uname -r = `(uname -r) 2>/dev/null || echo unknown`
uname -s = `(uname -s) 2>/dev/null || echo unknown`
uname -v = `(uname -v) 2>/dev/null || echo unknown`
/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
hostinfo = `(hostinfo) 2>/dev/null || echo unknown`
/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
_ASUNAME
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
echo "PATH: $as_dir"
done
} >&5
cat >&5 <<_ACEOF
## ----------- ##
## Core tests. ##
## ----------- ##
_ACEOF
# Keep a trace of the command line.
# Strip out --no-create and --no-recursion so they do not pile up.
# Strip out --silent because we don't want to record it for future runs.
# Also quote any args containing shell meta-characters.
# Make two passes to allow for proper duplicate-argument suppression.
ac_configure_args=
ac_configure_args0=
ac_configure_args1=
ac_sep=
ac_must_keep_next=false
for ac_pass in 1 2
do
for ac_arg
do
case $ac_arg in
-no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil)
continue ;;
*" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
esac
case $ac_pass in
1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
2)
ac_configure_args1="$ac_configure_args1 '$ac_arg'"
if test $ac_must_keep_next = true; then
ac_must_keep_next=false # Got value, back to normal.
else
case $ac_arg in
*=* | --config-cache | -C | -disable-* | --disable-* \
| -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
| -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
| -with-* | --with-* | -without-* | --without-* | --x)
case "$ac_configure_args0 " in
"$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
esac
;;
-* ) ac_must_keep_next=true ;;
esac
fi
ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'"
# Get rid of the leading space.
ac_sep=" "
;;
esac
done
done
$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
# When interrupted or exit'd, cleanup temporary files, and complete
# config.log. We remove comments because anyway the quotes in there
# would cause problems or look ugly.
# WARNING: Be sure not to use single quotes in there, as some shells,
# such as our DU 5.0 friend, will then `close' the trap.
trap 'exit_status=$?
# Save into config.log some information that might help in debugging.
{
echo
cat <<\_ASBOX
## ---------------- ##
## Cache variables. ##
## ---------------- ##
_ASBOX
echo
# The following way of writing the cache mishandles newlines in values,
{
(set) 2>&1 |
case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in
*ac_space=\ *)
sed -n \
"s/'"'"'/'"'"'\\\\'"'"''"'"'/g;
s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p"
;;
*)
sed -n \
"s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
;;
esac;
}
echo
cat <<\_ASBOX
## ----------------- ##
## Output variables. ##
## ----------------- ##
_ASBOX
echo
for ac_var in $ac_subst_vars
do
eval ac_val=$`echo $ac_var`
echo "$ac_var='"'"'$ac_val'"'"'"
done | sort
echo
if test -n "$ac_subst_files"; then
cat <<\_ASBOX
## ------------- ##
## Output files. ##
## ------------- ##
_ASBOX
echo
for ac_var in $ac_subst_files
do
eval ac_val=$`echo $ac_var`
echo "$ac_var='"'"'$ac_val'"'"'"
done | sort
echo
fi
if test -s confdefs.h; then
cat <<\_ASBOX
## ----------- ##
## confdefs.h. ##
## ----------- ##
_ASBOX
echo
sed "/^$/d" confdefs.h | sort
echo
fi
test "$ac_signal" != 0 &&
echo "$as_me: caught signal $ac_signal"
echo "$as_me: exit $exit_status"
} >&5
rm -f core *.core &&
rm -rf conftest* confdefs* conf$$* $ac_clean_files &&
exit $exit_status
' 0
for ac_signal in 1 2 13 15; do
trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
done
ac_signal=0
# confdefs.h avoids OS command line length limits that DEFS can exceed.
rm -rf conftest* confdefs.h
# AIX cpp loses on an empty file, so make sure it contains at least a newline.
echo >confdefs.h
# Predefined preprocessor variables.
cat >>confdefs.h <<_ACEOF
#define PACKAGE_NAME "$PACKAGE_NAME"
_ACEOF
cat >>confdefs.h <<_ACEOF
#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
_ACEOF
cat >>confdefs.h <<_ACEOF
#define PACKAGE_VERSION "$PACKAGE_VERSION"
_ACEOF
cat >>confdefs.h <<_ACEOF
#define PACKAGE_STRING "$PACKAGE_STRING"
_ACEOF
cat >>confdefs.h <<_ACEOF
#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
_ACEOF
# Let the site file select an alternate cache file if it wants to.
# Prefer explicitly selected file to automatically selected ones.
if test -z "$CONFIG_SITE"; then
if test "x$prefix" != xNONE; then
CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
else
CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
fi
fi
for ac_site_file in $CONFIG_SITE; do
if test -r "$ac_site_file"; then
{ echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
echo "$as_me: loading site script $ac_site_file" >&6;}
sed 's/^/| /' "$ac_site_file" >&5
. "$ac_site_file"
fi
done
if test -r "$cache_file"; then
# Some versions of bash will fail to source /dev/null (special
# files actually), so we avoid doing that.
if test -f "$cache_file"; then
{ echo "$as_me:$LINENO: loading cache $cache_file" >&5
echo "$as_me: loading cache $cache_file" >&6;}
case $cache_file in
[\\/]* | ?:[\\/]* ) . $cache_file;;
*) . ./$cache_file;;
esac
fi
else
{ echo "$as_me:$LINENO: creating cache $cache_file" >&5
echo "$as_me: creating cache $cache_file" >&6;}
>$cache_file
fi
# Check that the precious variables saved in the cache have kept the same
# value.
ac_cache_corrupted=false
for ac_var in `(set) 2>&1 |
sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do
eval ac_old_set=\$ac_cv_env_${ac_var}_set
eval ac_new_set=\$ac_env_${ac_var}_set
eval ac_old_val="\$ac_cv_env_${ac_var}_value"
eval ac_new_val="\$ac_env_${ac_var}_value"
case $ac_old_set,$ac_new_set in
set,)
{ echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
ac_cache_corrupted=: ;;
,set)
{ echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
ac_cache_corrupted=: ;;
,);;
*)
if test "x$ac_old_val" != "x$ac_new_val"; then
{ echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
{ echo "$as_me:$LINENO: former value: $ac_old_val" >&5
echo "$as_me: former value: $ac_old_val" >&2;}
{ echo "$as_me:$LINENO: current value: $ac_new_val" >&5
echo "$as_me: current value: $ac_new_val" >&2;}
ac_cache_corrupted=:
fi;;
esac
# Pass precious variables to config.status.
if test "$ac_new_set" = set; then
case $ac_new_val in
*" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
*) ac_arg=$ac_var=$ac_new_val ;;
esac
case " $ac_configure_args " in
*" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
*) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
esac
fi
done
if $ac_cache_corrupted; then
{ echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
echo "$as_me: error: changes in the environment can compromise the build" >&2;}
{ { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
{ (exit 1); exit 1; }; }
fi
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
ac_aux_dir=
for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
if test -f $ac_dir/install-sh; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install-sh -c"
break
elif test -f $ac_dir/install.sh; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install.sh -c"
break
elif test -f $ac_dir/shtool; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/shtool install -c"
break
fi
done
if test -z "$ac_aux_dir"; then
{ { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
{ (exit 1); exit 1; }; }
fi
ac_config_guess="$SHELL $ac_aux_dir/config.guess"
ac_config_sub="$SHELL $ac_aux_dir/config.sub"
ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
# Make sure we can run config.sub.
$ac_config_sub sun4 >/dev/null 2>&1 ||
{ { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5
echo "$as_me: error: cannot run $ac_config_sub" >&2;}
{ (exit 1); exit 1; }; }
echo "$as_me:$LINENO: checking build system type" >&5
echo $ECHO_N "checking build system type... $ECHO_C" >&6
if test "${ac_cv_build+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_cv_build_alias=$build_alias
test -z "$ac_cv_build_alias" &&
ac_cv_build_alias=`$ac_config_guess`
test -z "$ac_cv_build_alias" &&
{ { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
{ (exit 1); exit 1; }; }
ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
{ { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5
echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;}
{ (exit 1); exit 1; }; }
fi
echo "$as_me:$LINENO: result: $ac_cv_build" >&5
echo "${ECHO_T}$ac_cv_build" >&6
build=$ac_cv_build
build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
echo "$as_me:$LINENO: checking host system type" >&5
echo $ECHO_N "checking host system type... $ECHO_C" >&6
if test "${ac_cv_host+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_cv_host_alias=$host_alias
test -z "$ac_cv_host_alias" &&
ac_cv_host_alias=$ac_cv_build_alias
ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
{ { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5
echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
{ (exit 1); exit 1; }; }
fi
echo "$as_me:$LINENO: result: $ac_cv_host" >&5
echo "${ECHO_T}$ac_cv_host" >&6
host=$ac_cv_host
host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
echo "$as_me:$LINENO: checking target system type" >&5
echo $ECHO_N "checking target system type... $ECHO_C" >&6
if test "${ac_cv_target+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_cv_target_alias=$target_alias
test "x$ac_cv_target_alias" = "x" &&
ac_cv_target_alias=$ac_cv_host_alias
ac_cv_target=`$ac_config_sub $ac_cv_target_alias` ||
{ { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_target_alias failed" >&5
echo "$as_me: error: $ac_config_sub $ac_cv_target_alias failed" >&2;}
{ (exit 1); exit 1; }; }
fi
echo "$as_me:$LINENO: result: $ac_cv_target" >&5
echo "${ECHO_T}$ac_cv_target" >&6
target=$ac_cv_target
target_cpu=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
target_vendor=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
target_os=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
# The aliases save the names the user supplied, while $host etc.
# will get canonicalized.
test -n "$target_alias" &&
test "$program_prefix$program_suffix$program_transform_name" = \
NONENONEs,x,x, &&
program_prefix=${target_alias}-
ac_config_headers="$ac_config_headers src/config.h"
if test "$prefix" = "NONE" ; then
prefix="/usr/local"
fi
if test "$exec_prefix" = "NONE" ; then
exec_prefix=$prefix
fi
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
set dummy ${ac_tool_prefix}gcc; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_prog_CC+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}gcc"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
echo "$as_me:$LINENO: result: $CC" >&5
echo "${ECHO_T}$CC" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
fi
if test -z "$ac_cv_prog_CC"; then
ac_ct_CC=$CC
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="gcc"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
echo "${ECHO_T}$ac_ct_CC" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
CC=$ac_ct_CC
else
CC="$ac_cv_prog_CC"
fi
if test -z "$CC"; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
set dummy ${ac_tool_prefix}cc; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_prog_CC+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}cc"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
echo "$as_me:$LINENO: result: $CC" >&5
echo "${ECHO_T}$CC" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
fi
if test -z "$ac_cv_prog_CC"; then
ac_ct_CC=$CC
# Extract the first word of "cc", so it can be a program name with args.
set dummy cc; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="cc"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
echo "${ECHO_T}$ac_ct_CC" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
CC=$ac_ct_CC
else
CC="$ac_cv_prog_CC"
fi
fi
if test -z "$CC"; then
# Extract the first word of "cc", so it can be a program name with args.
set dummy cc; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_prog_CC+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
ac_prog_rejected=no
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
ac_prog_rejected=yes
continue
fi
ac_cv_prog_CC="cc"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
if test $ac_prog_rejected = yes; then
# We found a bogon in the path, so make sure we never use it.
set dummy $ac_cv_prog_CC
shift
if test $# != 0; then
# We chose a different compiler from the bogus one.
# However, it has the same basename, so the bogon will be chosen
# first if we set CC to just the basename; use the full file name.
shift
ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
fi
fi
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
echo "$as_me:$LINENO: result: $CC" >&5
echo "${ECHO_T}$CC" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
fi
if test -z "$CC"; then
if test -n "$ac_tool_prefix"; then
for ac_prog in cl
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_prog_CC+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
echo "$as_me:$LINENO: result: $CC" >&5
echo "${ECHO_T}$CC" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
test -n "$CC" && break
done
fi
if test -z "$CC"; then
ac_ct_CC=$CC
for ac_prog in cl
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="$ac_prog"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
echo "${ECHO_T}$ac_ct_CC" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
test -n "$ac_ct_CC" && break
done
CC=$ac_ct_CC
fi
fi
test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
See \`config.log' for more details." >&5
echo "$as_me: error: no acceptable C compiler found in \$PATH
See \`config.log' for more details." >&2;}
{ (exit 1); exit 1; }; }
# Provide some information about the compiler.
echo "$as_me:$LINENO:" \
"checking for C compiler version" >&5
ac_compiler=`set X $ac_compile; echo $2`
{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5
(eval $ac_compiler --version &5) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }
{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v &5\"") >&5
(eval $ac_compiler -v &5) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }
{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V &5\"") >&5
(eval $ac_compiler -V &5) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
int
main ()
{
;
return 0;
}
_ACEOF
ac_clean_files_save=$ac_clean_files
ac_clean_files="$ac_clean_files a.out a.exe b.out"
# Try to create an executable without -o first, disregard a.out.
# It will help us diagnose broken compilers, and finding out an intuition
# of exeext.
echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6
ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5
(eval $ac_link_default) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; then
# Find the output, starting from the most likely. This scheme is
# not robust to junk in `.', hence go to wildcards (a.*) only as a last
# resort.
# Be careful to initialize this variable, since it used to be cached.
# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile.
ac_cv_exeext=
# b.out is created by i960 compilers.
for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out
do
test -f "$ac_file" || continue
case $ac_file in
*.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj )
;;
conftest.$ac_ext )
# This is the source file.
;;
[ab].out )
# We found the default executable, but exeext='' is most
# certainly right.
break;;
*.* )
ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
# FIXME: I believe we export ac_cv_exeext for Libtool,
# but it would be cool to find out if it's true. Does anybody
# maintain Libtool? --akim.
export ac_cv_exeext
break;;
* )
break;;
esac
done
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
{ { echo "$as_me:$LINENO: error: C compiler cannot create executables
See \`config.log' for more details." >&5
echo "$as_me: error: C compiler cannot create executables
See \`config.log' for more details." >&2;}
{ (exit 77); exit 77; }; }
fi
ac_exeext=$ac_cv_exeext
echo "$as_me:$LINENO: result: $ac_file" >&5
echo "${ECHO_T}$ac_file" >&6
# Check the compiler produces executables we can run. If not, either
# the compiler is broken, or we cross compile.
echo "$as_me:$LINENO: checking whether the C compiler works" >&5
echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6
# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
# If not cross compiling, check that we can run a simple program.
if test "$cross_compiling" != yes; then
if { ac_try='./$ac_file'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
cross_compiling=no
else
if test "$cross_compiling" = maybe; then
cross_compiling=yes
else
{ { echo "$as_me:$LINENO: error: cannot run C compiled programs.
If you meant to cross compile, use \`--host'.
See \`config.log' for more details." >&5
echo "$as_me: error: cannot run C compiled programs.
If you meant to cross compile, use \`--host'.
See \`config.log' for more details." >&2;}
{ (exit 1); exit 1; }; }
fi
fi
fi
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6
rm -f a.out a.exe conftest$ac_cv_exeext b.out
ac_clean_files=$ac_clean_files_save
# Check the compiler produces executables we can run. If not, either
# the compiler is broken, or we cross compile.
echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
echo "$as_me:$LINENO: result: $cross_compiling" >&5
echo "${ECHO_T}$cross_compiling" >&6
echo "$as_me:$LINENO: checking for suffix of executables" >&5
echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; then
# If both `conftest.exe' and `conftest' are `present' (well, observable)
# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
# work properly (i.e., refer to `conftest.exe'), while it won't with
# `rm'.
for ac_file in conftest.exe conftest conftest.*; do
test -f "$ac_file" || continue
case $ac_file in
*.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;;
*.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
export ac_cv_exeext
break;;
* ) break;;
esac
done
else
{ { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
See \`config.log' for more details." >&5
echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
See \`config.log' for more details." >&2;}
{ (exit 1); exit 1; }; }
fi
rm -f conftest$ac_cv_exeext
echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
echo "${ECHO_T}$ac_cv_exeext" >&6
rm -f conftest.$ac_ext
EXEEXT=$ac_cv_exeext
ac_exeext=$EXEEXT
echo "$as_me:$LINENO: checking for suffix of object files" >&5
echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6
if test "${ac_cv_objext+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
int
main ()
{
;
return 0;
}
_ACEOF
rm -f conftest.o conftest.obj
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; then
for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
case $ac_file in
*.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;;
*) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
break;;
esac
done
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
See \`config.log' for more details." >&5
echo "$as_me: error: cannot compute suffix of object files: cannot compile
See \`config.log' for more details." >&2;}
{ (exit 1); exit 1; }; }
fi
rm -f conftest.$ac_cv_objext conftest.$ac_ext
fi
echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
echo "${ECHO_T}$ac_cv_objext" >&6
OBJEXT=$ac_cv_objext
ac_objext=$OBJEXT
echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
if test "${ac_cv_c_compiler_gnu+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
int
main ()
{
#ifndef __GNUC__
choke me
#endif
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_compiler_gnu=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_compiler_gnu=no
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
ac_cv_c_compiler_gnu=$ac_compiler_gnu
fi
echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
GCC=`test $ac_compiler_gnu = yes && echo yes`
ac_test_CFLAGS=${CFLAGS+set}
ac_save_CFLAGS=$CFLAGS
CFLAGS="-g"
echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
if test "${ac_cv_prog_cc_g+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
int
main ()
{
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_prog_cc_g=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_cv_prog_cc_g=no
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
fi
echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
if test "$ac_test_CFLAGS" = set; then
CFLAGS=$ac_save_CFLAGS
elif test $ac_cv_prog_cc_g = yes; then
if test "$GCC" = yes; then
CFLAGS="-g -O2"
else
CFLAGS="-g"
fi
else
if test "$GCC" = yes; then
CFLAGS="-O2"
else
CFLAGS=
fi
fi
echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
if test "${ac_cv_prog_cc_stdc+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_cv_prog_cc_stdc=no
ac_save_CC=$CC
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
#include
#include
#include
/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
struct buf { int x; };
FILE * (*rcsopen) (struct buf *, struct stat *, int);
static char *e (p, i)
char **p;
int i;
{
return p[i];
}
static char *f (char * (*g) (char **, int), char **p, ...)
{
char *s;
va_list v;
va_start (v,p);
s = g (p, va_arg (v,int));
va_end (v);
return s;
}
/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
function prototypes and stuff, but not '\xHH' hex character constants.
These don't provoke an error unfortunately, instead are silently treated
as 'x'. The following induces an error, until -std1 is added to get
proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
array size at least. It's necessary to write '\x00'==0 to get something
that's true only with -std1. */
int osf4_cc_array ['\x00' == 0 ? 1 : -1];
int test (int i, double x);
struct s1 {int (*f) (int a);};
struct s2 {int (*f) (double a);};
int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
int argc;
char **argv;
int
main ()
{
return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
;
return 0;
}
_ACEOF
# Don't try gcc -ansi; that turns off useful extensions and
# breaks some systems' header files.
# AIX -qlanglvl=ansi
# Ultrix and OSF/1 -std1
# HP-UX 10.20 and later -Ae
# HP-UX older versions -Aa -D_HPUX_SOURCE
# SVR4 -Xc -D__EXTENSIONS__
for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
do
CC="$ac_save_CC $ac_arg"
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_prog_cc_stdc=$ac_arg
break
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
fi
rm -f conftest.err conftest.$ac_objext
done
rm -f conftest.$ac_ext conftest.$ac_objext
CC=$ac_save_CC
fi
case "x$ac_cv_prog_cc_stdc" in
x|xno)
echo "$as_me:$LINENO: result: none needed" >&5
echo "${ECHO_T}none needed" >&6 ;;
*)
echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5
echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
CC="$CC $ac_cv_prog_cc_stdc" ;;
esac
# Some people use a C++ compiler to compile C. Since we use `exit',
# in C++ we need to declare it. In case someone uses the same compiler
# for both compiling C and C++ we need to have the C++ compiler decide
# the declaration of exit, since it's the most demanding environment.
cat >conftest.$ac_ext <<_ACEOF
#ifndef __cplusplus
choke me
#endif
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
for ac_declaration in \
'' \
'extern "C" void std::exit (int) throw (); using std::exit;' \
'extern "C" void std::exit (int); using std::exit;' \
'extern "C" void exit (int) throw ();' \
'extern "C" void exit (int);' \
'void exit (int);'
do
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
$ac_declaration
#include
int
main ()
{
exit (42);
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
:
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
continue
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
$ac_declaration
int
main ()
{
exit (42);
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
break
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
done
rm -f conftest*
if test -n "$ac_declaration"; then
echo '#ifdef __cplusplus' >>confdefs.h
echo $ac_declaration >>confdefs.h
echo '#endif' >>confdefs.h
fi
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
set dummy ${ac_tool_prefix}ranlib; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_prog_RANLIB+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test -n "$RANLIB"; then
ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
fi
fi
RANLIB=$ac_cv_prog_RANLIB
if test -n "$RANLIB"; then
echo "$as_me:$LINENO: result: $RANLIB" >&5
echo "${ECHO_T}$RANLIB" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
fi
if test -z "$ac_cv_prog_RANLIB"; then
ac_ct_RANLIB=$RANLIB
# Extract the first word of "ranlib", so it can be a program name with args.
set dummy ranlib; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test -n "$ac_ct_RANLIB"; then
ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_RANLIB="ranlib"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
test -z "$ac_cv_prog_ac_ct_RANLIB" && ac_cv_prog_ac_ct_RANLIB=":"
fi
fi
ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
if test -n "$ac_ct_RANLIB"; then
echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
echo "${ECHO_T}$ac_ct_RANLIB" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
RANLIB=$ac_ct_RANLIB
else
RANLIB="$ac_cv_prog_RANLIB"
fi
# Find a good install program. We prefer a C program (faster),
# so one script is as good as another. But avoid the broken or
# incompatible versions:
# SysV /etc/install, /usr/sbin/install
# SunOS /usr/etc/install
# IRIX /sbin/install
# AIX /bin/install
# AmigaOS /C/install, which installs bootblocks on floppy discs
# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
# AFS /usr/afsws/bin/install, which mishandles nonexistent args
# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
# OS/2's system install, which has a completely different semantic
# ./install, which can be erroneously created by make from ./install.sh.
echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6
if test -z "$INSTALL"; then
if test "${ac_cv_path_install+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
# Account for people who put trailing slashes in PATH elements.
case $as_dir/ in
./ | .// | /cC/* | \
/etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
/usr/ucb/* ) ;;
*)
# OSF1 and SCO ODT 3.0 have their own names for install.
# Don't use installbsd from OSF since it installs stuff as root
# by default.
for ac_prog in ginstall scoinst install; do
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
if test $ac_prog = install &&
grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# AIX install. It has an incompatible calling convention.
:
elif test $ac_prog = install &&
grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# program-specific install script used by HP pwplus--don't use.
:
else
ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
break 3
fi
fi
done
done
;;
esac
done
fi
if test "${ac_cv_path_install+set}" = set; then
INSTALL=$ac_cv_path_install
else
# As a last resort, use the slow shell script. We don't cache a
# path for INSTALL within a source directory, because that will
# break other packages using the cache if that directory is
# removed, or if the path is relative.
INSTALL=$ac_install_sh
fi
fi
echo "$as_me:$LINENO: result: $INSTALL" >&5
echo "${ECHO_T}$INSTALL" >&6
# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
# It thinks the first close brace ends the variable substitution.
test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
# On Suns, sometimes $CPP names a directory.
if test -n "$CPP" && test -d "$CPP"; then
CPP=
fi
if test -z "$CPP"; then
if test "${ac_cv_prog_CPP+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
# Double quotes because CPP needs to be expanded
for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
do
ac_preproc_ok=false
for ac_c_preproc_warn_flag in '' yes
do
# Use a header file that comes with gcc, so configuring glibc
# with a fresh cross-compiler works.
# Prefer to if __STDC__ is defined, since
# exists even on freestanding compilers.
# On the NeXT, cc -E runs the code through the compiler's parser,
# not just through cpp. "Syntax error" is here to catch this case.
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#ifdef __STDC__
# include
#else
# include
#endif
Syntax error
_ACEOF
if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
(eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } >/dev/null; then
if test -s conftest.err; then
ac_cpp_err=$ac_c_preproc_warn_flag
ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
else
ac_cpp_err=
fi
else
ac_cpp_err=yes
fi
if test -z "$ac_cpp_err"; then
:
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
# Broken: fails on valid input.
continue
fi
rm -f conftest.err conftest.$ac_ext
# OK, works on sane cases. Now check whether non-existent headers
# can be detected and how.
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
_ACEOF
if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
(eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } >/dev/null; then
if test -s conftest.err; then
ac_cpp_err=$ac_c_preproc_warn_flag
ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
else
ac_cpp_err=
fi
else
ac_cpp_err=yes
fi
if test -z "$ac_cpp_err"; then
# Broken: success on invalid input.
continue
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
# Passes both tests.
ac_preproc_ok=:
break
fi
rm -f conftest.err conftest.$ac_ext
done
# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
rm -f conftest.err conftest.$ac_ext
if $ac_preproc_ok; then
break
fi
done
ac_cv_prog_CPP=$CPP
fi
CPP=$ac_cv_prog_CPP
else
ac_cv_prog_CPP=$CPP
fi
echo "$as_me:$LINENO: result: $CPP" >&5
echo "${ECHO_T}$CPP" >&6
ac_preproc_ok=false
for ac_c_preproc_warn_flag in '' yes
do
# Use a header file that comes with gcc, so configuring glibc
# with a fresh cross-compiler works.
# Prefer to if __STDC__ is defined, since
# exists even on freestanding compilers.
# On the NeXT, cc -E runs the code through the compiler's parser,
# not just through cpp. "Syntax error" is here to catch this case.
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#ifdef __STDC__
# include
#else
# include
#endif
Syntax error
_ACEOF
if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
(eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } >/dev/null; then
if test -s conftest.err; then
ac_cpp_err=$ac_c_preproc_warn_flag
ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
else
ac_cpp_err=
fi
else
ac_cpp_err=yes
fi
if test -z "$ac_cpp_err"; then
:
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
# Broken: fails on valid input.
continue
fi
rm -f conftest.err conftest.$ac_ext
# OK, works on sane cases. Now check whether non-existent headers
# can be detected and how.
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
_ACEOF
if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
(eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } >/dev/null; then
if test -s conftest.err; then
ac_cpp_err=$ac_c_preproc_warn_flag
ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
else
ac_cpp_err=
fi
else
ac_cpp_err=yes
fi
if test -z "$ac_cpp_err"; then
# Broken: success on invalid input.
continue
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
# Passes both tests.
ac_preproc_ok=:
break
fi
rm -f conftest.err conftest.$ac_ext
done
# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
rm -f conftest.err conftest.$ac_ext
if $ac_preproc_ok; then
:
else
{ { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
See \`config.log' for more details." >&5
echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
See \`config.log' for more details." >&2;}
{ (exit 1); exit 1; }; }
fi
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
echo "$as_me:$LINENO: checking for egrep" >&5
echo $ECHO_N "checking for egrep... $ECHO_C" >&6
if test "${ac_cv_prog_egrep+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if echo a | (grep -E '(a|b)') >/dev/null 2>&1
then ac_cv_prog_egrep='grep -E'
else ac_cv_prog_egrep='egrep'
fi
fi
echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5
echo "${ECHO_T}$ac_cv_prog_egrep" >&6
EGREP=$ac_cv_prog_egrep
echo "$as_me:$LINENO: checking for ANSI C header files" >&5
echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
if test "${ac_cv_header_stdc+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
#include
#include
#include
int
main ()
{
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_header_stdc=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_cv_header_stdc=no
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
if test $ac_cv_header_stdc = yes; then
# SunOS 4.x string.h does not declare mem*, contrary to ANSI.
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
$EGREP "memchr" >/dev/null 2>&1; then
:
else
ac_cv_header_stdc=no
fi
rm -f conftest*
fi
if test $ac_cv_header_stdc = yes; then
# ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
$EGREP "free" >/dev/null 2>&1; then
:
else
ac_cv_header_stdc=no
fi
rm -f conftest*
fi
if test $ac_cv_header_stdc = yes; then
# /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
if test "$cross_compiling" = yes; then
:
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
#if ((' ' & 0x0FF) == 0x020)
# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
#else
# define ISLOWER(c) \
(('a' <= (c) && (c) <= 'i') \
|| ('j' <= (c) && (c) <= 'r') \
|| ('s' <= (c) && (c) <= 'z'))
# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
#endif
#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
int
main ()
{
int i;
for (i = 0; i < 256; i++)
if (XOR (islower (i), ISLOWER (i))
|| toupper (i) != TOUPPER (i))
exit(2);
exit (0);
}
_ACEOF
rm -f conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && { ac_try='./conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
:
else
echo "$as_me: program exited with status $ac_status" >&5
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
( exit $ac_status )
ac_cv_header_stdc=no
fi
rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
fi
fi
fi
echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
echo "${ECHO_T}$ac_cv_header_stdc" >&6
if test $ac_cv_header_stdc = yes; then
cat >>confdefs.h <<\_ACEOF
#define STDC_HEADERS 1
_ACEOF
fi
# On IRIX 5.3, sys/types and inttypes.h are conflicting.
for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
inttypes.h stdint.h unistd.h
do
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_header" >&5
echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
if eval "test \"\${$as_ac_Header+set}\" = set"; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
$ac_includes_default
#include <$ac_header>
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
eval "$as_ac_Header=yes"
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
eval "$as_ac_Header=no"
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
fi
echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
if test `eval echo '${'$as_ac_Header'}'` = yes; then
cat >>confdefs.h <<_ACEOF
#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
done
for ac_header in sys/time.h syslog.h unistd.h
do
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
if eval "test \"\${$as_ac_Header+set}\" = set"; then
echo "$as_me:$LINENO: checking for $ac_header" >&5
echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
if eval "test \"\${$as_ac_Header+set}\" = set"; then
echo $ECHO_N "(cached) $ECHO_C" >&6
fi
echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
else
# Is the header compilable?
echo "$as_me:$LINENO: checking $ac_header usability" >&5
echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
$ac_includes_default
#include <$ac_header>
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_header_compiler=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_header_compiler=no
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
echo "${ECHO_T}$ac_header_compiler" >&6
# Is the header present?
echo "$as_me:$LINENO: checking $ac_header presence" >&5
echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include <$ac_header>
_ACEOF
if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
(eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } >/dev/null; then
if test -s conftest.err; then
ac_cpp_err=$ac_c_preproc_warn_flag
ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
else
ac_cpp_err=
fi
else
ac_cpp_err=yes
fi
if test -z "$ac_cpp_err"; then
ac_header_preproc=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_header_preproc=no
fi
rm -f conftest.err conftest.$ac_ext
echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
echo "${ECHO_T}$ac_header_preproc" >&6
# So? What about this header?
case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
yes:no: )
{ echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
ac_header_preproc=yes
;;
no:yes:* )
{ echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
(
cat <<\_ASBOX
## ------------------------------------------ ##
## Report this to the AC_PACKAGE_NAME lists. ##
## ------------------------------------------ ##
_ASBOX
) |
sed "s/^/$as_me: WARNING: /" >&2
;;
esac
echo "$as_me:$LINENO: checking for $ac_header" >&5
echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
if eval "test \"\${$as_ac_Header+set}\" = set"; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
eval "$as_ac_Header=\$ac_header_preproc"
fi
echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
fi
if test `eval echo '${'$as_ac_Header'}'` = yes; then
cat >>confdefs.h <<_ACEOF
#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
done
echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
if test "${ac_cv_c_const+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
int
main ()
{
/* FIXME: Include the comments suggested by Paul. */
#ifndef __cplusplus
/* Ultrix mips cc rejects this. */
typedef int charset[2];
const charset x;
/* SunOS 4.1.1 cc rejects this. */
char const *const *ccp;
char **p;
/* NEC SVR4.0.2 mips cc rejects this. */
struct point {int x, y;};
static struct point const zero = {0,0};
/* AIX XL C 1.02.0.0 rejects this.
It does not let you subtract one const X* pointer from another in
an arm of an if-expression whose if-part is not a constant
expression */
const char *g = "string";
ccp = &g + (g ? g-g : 0);
/* HPUX 7.0 cc rejects these. */
++ccp;
p = (char**) ccp;
ccp = (char const *const *) p;
{ /* SCO 3.2v4 cc rejects this. */
char *t;
char const *s = 0 ? (char *) 0 : (char const *) 0;
*t++ = 0;
}
{ /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
int x[] = {25, 17};
const int *foo = &x[0];
++foo;
}
{ /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
typedef const int *iptr;
iptr p = 0;
++p;
}
{ /* AIX XL C 1.02.0.0 rejects this saying
"k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
struct s { int j; const int *ap[3]; };
struct s *b; b->j = 5;
}
{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
const int foo = 10;
}
#endif
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_c_const=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_cv_c_const=no
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
fi
echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
echo "${ECHO_T}$ac_cv_c_const" >&6
if test $ac_cv_c_const = no; then
cat >>confdefs.h <<\_ACEOF
#define const
_ACEOF
fi
echo "$as_me:$LINENO: checking for inline" >&5
echo $ECHO_N "checking for inline... $ECHO_C" >&6
if test "${ac_cv_c_inline+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_cv_c_inline=no
for ac_kw in inline __inline__ __inline; do
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#ifndef __cplusplus
typedef int foo_t;
static $ac_kw foo_t static_foo () {return 0; }
$ac_kw foo_t foo () {return 0; }
#endif
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_c_inline=$ac_kw; break
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
done
fi
echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5
echo "${ECHO_T}$ac_cv_c_inline" >&6
case $ac_cv_c_inline in
inline | yes) ;;
*)
case $ac_cv_c_inline in
no) ac_val=;;
*) ac_val=$ac_cv_c_inline;;
esac
cat >>confdefs.h <<_ACEOF
#ifndef __cplusplus
#define inline $ac_val
#endif
_ACEOF
;;
esac
echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
if test "${ac_cv_header_time+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
#include
#include
int
main ()
{
if ((struct tm *) 0)
return 0;
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_header_time=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_cv_header_time=no
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
fi
echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
echo "${ECHO_T}$ac_cv_header_time" >&6
if test $ac_cv_header_time = yes; then
cat >>confdefs.h <<\_ACEOF
#define TIME_WITH_SYS_TIME 1
_ACEOF
fi
echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5
echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6
if test "${ac_cv_c_bigendian+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
# See if sys/param.h defines the BYTE_ORDER macro.
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
#include
int
main ()
{
#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
bogus endian macros
#endif
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
# It does; now see whether it defined to BIG_ENDIAN or not.
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
#include
int
main ()
{
#if BYTE_ORDER != BIG_ENDIAN
not big endian
#endif
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_c_bigendian=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_cv_c_bigendian=no
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
# It does not; compile a test program.
if test "$cross_compiling" = yes; then
# try to guess the endianness by grepping values into an object file
ac_cv_c_bigendian=unknown
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
short ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
short ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; }
short ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
short ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; }
int
main ()
{
_ascii (); _ebcdic ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then
ac_cv_c_bigendian=yes
fi
if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
if test "$ac_cv_c_bigendian" = unknown; then
ac_cv_c_bigendian=no
else
# finding both strings is unlikely to happen, but who knows?
ac_cv_c_bigendian=unknown
fi
fi
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
int
main ()
{
/* Are we little or big endian? From Harbison&Steele. */
union
{
long l;
char c[sizeof (long)];
} u;
u.l = 1;
exit (u.c[sizeof (long) - 1] == 1);
}
_ACEOF
rm -f conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && { ac_try='./conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_c_bigendian=no
else
echo "$as_me: program exited with status $ac_status" >&5
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
( exit $ac_status )
ac_cv_c_bigendian=yes
fi
rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
fi
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
fi
echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5
echo "${ECHO_T}$ac_cv_c_bigendian" >&6
case $ac_cv_c_bigendian in
yes)
cat >>confdefs.h <<\_ACEOF
#define WORDS_BIGENDIAN 1
_ACEOF
;;
no)
;;
*)
{ { echo "$as_me:$LINENO: error: unknown endianness
presetting ac_cv_c_bigendian=no (or yes) will help" >&5
echo "$as_me: error: unknown endianness
presetting ac_cv_c_bigendian=no (or yes) will help" >&2;}
{ (exit 1); exit 1; }; } ;;
esac
CFLAGS="$CFLAGS -D_BSD_SOURCE"
for ac_func in gettimeofday
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
if eval "test \"\${$as_ac_var+set}\" = set"; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
/* Define $ac_func to an innocuous variant, in case declares $ac_func.
For example, HP-UX 11i declares gettimeofday. */
#define $ac_func innocuous_$ac_func
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func (); below.
Prefer to if __STDC__ is defined, since
exists even on freestanding compilers. */
#ifdef __STDC__
# include
#else
# include
#endif
#undef $ac_func
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
{
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char $ac_func ();
/* The GNU C library defines this for functions which it implements
to always fail with ENOSYS. Some functions are actually named
something starting with __ and the normal name is an alias. */
#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
choke me
#else
char (*f) () = $ac_func;
#endif
#ifdef __cplusplus
}
#endif
int
main ()
{
return f != $ac_func;
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
eval "$as_ac_var=yes"
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
eval "$as_ac_var=no"
fi
rm -f conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi
echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
if test `eval echo '${'$as_ac_var'}'` = yes; then
cat >>confdefs.h <<_ACEOF
#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
fi
done
echo "$as_me:$LINENO: checking for socket in -lsocket" >&5
echo $ECHO_N "checking for socket in -lsocket... $ECHO_C" >&6
if test "${ac_cv_lib_socket_socket+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lsocket $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char socket ();
int
main ()
{
socket ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_lib_socket_socket=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_cv_lib_socket_socket=no
fi
rm -f conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket" >&5
echo "${ECHO_T}$ac_cv_lib_socket_socket" >&6
if test $ac_cv_lib_socket_socket = yes; then
cat >>confdefs.h <<_ACEOF
#define HAVE_LIBSOCKET 1
_ACEOF
LIBS="-lsocket $LIBS"
fi
echo "$as_me:$LINENO: checking for gethostbyname in -lnsl" >&5
echo $ECHO_N "checking for gethostbyname in -lnsl... $ECHO_C" >&6
if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lnsl $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char gethostbyname ();
int
main ()
{
gethostbyname ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_lib_nsl_gethostbyname=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_cv_lib_nsl_gethostbyname=no
fi
rm -f conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_gethostbyname" >&5
echo "${ECHO_T}$ac_cv_lib_nsl_gethostbyname" >&6
if test $ac_cv_lib_nsl_gethostbyname = yes; then
cat >>confdefs.h <<_ACEOF
#define HAVE_LIBNSL 1
_ACEOF
LIBS="-lnsl $LIBS"
fi
case "$target_cpu" in
alpha*|arm*|hp*|mips*|sparc*)
ac_cv_lbl_unaligned_fail=yes
;;
*)
ac_cv_lbl_unaligned_fail=no
;;
esac
if test $ac_cv_lbl_unaligned_fail = yes ; then
cat >>confdefs.h <<\_ACEOF
#define LBL_ALIGN 1
_ACEOF
fi
echo "$as_me:$LINENO: checking for libpcap" >&5
echo $ECHO_N "checking for libpcap... $ECHO_C" >&6
# Check whether --with-libpcap or --without-libpcap was given.
if test "${with_libpcap+set}" = set; then
withval="$with_libpcap"
case "$withval" in
yes|no)
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
;;
*)
echo "$as_me:$LINENO: result: $withval" >&5
echo "${ECHO_T}$withval" >&6
if test -f $withval/pcap.h -a -f $withval/libpcap.a; then
owd=`pwd`
if cd $withval; then withval=`pwd`; cd $owd; fi
PCAP_CFLAGS="-I$withval -I$withval/bpf"
PCAPLIB="-L$withval -lpcap"
else
{ { echo "$as_me:$LINENO: error: pcap.h or libpcap.a not found in $withval" >&5
echo "$as_me: error: pcap.h or libpcap.a not found in $withval" >&2;}
{ (exit 1); exit 1; }; }
fi
;;
esac
else
if test -f ${prefix}/include/pcap.h; then
PCAP_CFLAGS="-I${prefix}/include"
PCAPLIB="-L${exec_prefix}/lib -lpcap"
elif test -f /usr/include/pcap/pcap.h; then
PCAP_CFLAGS="-I/usr/include/pcap"
PCAPLIB="-lpcap"
else
TMP=$LIBS
LIBS="-lpcap $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
int
main ()
{
pcap_open_offline("","")
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
LIBPCAP_FOUND=1
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
LIBPCAP_FOUND=0
fi
rm -f conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$TMP
if test $LIBPCAP_FOUND = 1 ; then
PCAPLIB="-lpcap"
else
{ { echo "$as_me:$LINENO: error: libpcap not found" >&5
echo "$as_me: error: libpcap not found" >&2;}
{ (exit 1); exit 1; }; }
fi
fi
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6
fi;
# Check whether --enable-libglib or --disable-libglib was given.
if test "${enable_libglib+set}" = set; then
enableval="$enable_libglib"
echo "$as_me:$LINENO: result: skipping glib2 support" >&5
echo "${ECHO_T}skipping glib2 support" >&6
else
if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
case $PKG_CONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
;;
*)
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
;;
esac
fi
PKG_CONFIG=$ac_cv_path_PKG_CONFIG
if test -n "$PKG_CONFIG"; then
echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
echo "${ECHO_T}$PKG_CONFIG" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
fi
if test -z "$ac_cv_path_PKG_CONFIG"; then
ac_pt_PKG_CONFIG=$PKG_CONFIG
# Extract the first word of "pkg-config", so it can be a program name with args.
set dummy pkg-config; ac_word=$2
echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
case $ac_pt_PKG_CONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
;;
*)
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
;;
esac
fi
ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
if test -n "$ac_pt_PKG_CONFIG"; then
echo "$as_me:$LINENO: result: $ac_pt_PKG_CONFIG" >&5
echo "${ECHO_T}$ac_pt_PKG_CONFIG" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
PKG_CONFIG=$ac_pt_PKG_CONFIG
else
PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
fi
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=0.9.0
echo "$as_me:$LINENO: checking pkg-config is at least version $_pkg_min_version" >&5
echo $ECHO_N "checking pkg-config is at least version $_pkg_min_version... $ECHO_C" >&6
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
PKG_CONFIG=""
fi
fi
pkg_failed=no
echo "$as_me:$LINENO: checking for GLIB" >&5
echo $ECHO_N "checking for GLIB... $ECHO_C" >&6
if test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"glib-2.0 >= 2.2.0\"") >&5
($PKG_CONFIG --exists --print-errors "glib-2.0 >= 2.2.0") 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; then
pkg_cv_GLIB_CFLAGS=`$PKG_CONFIG --cflags "glib-2.0 >= 2.2.0" 2>/dev/null`
else
pkg_failed=yes
fi
else
pkg_failed=untried
fi
if test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"glib-2.0 >= 2.2.0\"") >&5
($PKG_CONFIG --exists --print-errors "glib-2.0 >= 2.2.0") 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; then
pkg_cv_GLIB_LIBS=`$PKG_CONFIG --libs "glib-2.0 >= 2.2.0" 2>/dev/null`
else
pkg_failed=yes
fi
else
pkg_failed=untried
fi
if test $pkg_failed = yes; then
GLIB_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "glib-2.0 >= 2.2.0"`
# Put the nasty error message in config.log where it belongs
echo "$GLIB_PKG_ERRORS" 1>&5
{ { echo "$as_me:$LINENO: error: Package requirements (glib-2.0 >= 2.2.0) were not met.
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively you may set the GLIB_CFLAGS and GLIB_LIBS environment variables
to avoid the need to call pkg-config. See the pkg-config man page for
more details." >&5
echo "$as_me: error: Package requirements (glib-2.0 >= 2.2.0) were not met.
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively you may set the GLIB_CFLAGS and GLIB_LIBS environment variables
to avoid the need to call pkg-config. See the pkg-config man page for
more details." >&2;}
{ (exit 1); exit 1; }; }
elif test $pkg_failed = untried; then
{ { echo "$as_me:$LINENO: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Alternatively you may set the GLIB_CFLAGS and GLIB_LIBS environment variables
to avoid the need to call pkg-config. See the pkg-config man page for
more details.
To get pkg-config, see .
See \`config.log' for more details." >&5
echo "$as_me: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Alternatively you may set the GLIB_CFLAGS and GLIB_LIBS environment variables
to avoid the need to call pkg-config. See the pkg-config man page for
more details.
To get pkg-config, see .
See \`config.log' for more details." >&2;}
{ (exit 1); exit 1; }; }
else
GLIB_CFLAGS=$pkg_cv_GLIB_CFLAGS
GLIB_LIBS=$pkg_cv_GLIB_LIBS
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6
pkg_failed=no
echo "$as_me:$LINENO: checking for GTHREAD" >&5
echo $ECHO_N "checking for GTHREAD... $ECHO_C" >&6
if test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gthread-2.0 >= 2.2.0\"") >&5
($PKG_CONFIG --exists --print-errors "gthread-2.0 >= 2.2.0") 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; then
pkg_cv_GTHREAD_CFLAGS=`$PKG_CONFIG --cflags "gthread-2.0 >= 2.2.0" 2>/dev/null`
else
pkg_failed=yes
fi
else
pkg_failed=untried
fi
if test -n "$PKG_CONFIG"; then
if test -n "$PKG_CONFIG" && \
{ (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gthread-2.0 >= 2.2.0\"") >&5
($PKG_CONFIG --exists --print-errors "gthread-2.0 >= 2.2.0") 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; then
pkg_cv_GTHREAD_LIBS=`$PKG_CONFIG --libs "gthread-2.0 >= 2.2.0" 2>/dev/null`
else
pkg_failed=yes
fi
else
pkg_failed=untried
fi
if test $pkg_failed = yes; then
GTHREAD_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "gthread-2.0 >= 2.2.0"`
# Put the nasty error message in config.log where it belongs
echo "$GTHREAD_PKG_ERRORS" 1>&5
{ { echo "$as_me:$LINENO: error: Package requirements (gthread-2.0 >= 2.2.0) were not met.
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively you may set the GTHREAD_CFLAGS and GTHREAD_LIBS environment variables
to avoid the need to call pkg-config. See the pkg-config man page for
more details." >&5
echo "$as_me: error: Package requirements (gthread-2.0 >= 2.2.0) were not met.
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively you may set the GTHREAD_CFLAGS and GTHREAD_LIBS environment variables
to avoid the need to call pkg-config. See the pkg-config man page for
more details." >&2;}
{ (exit 1); exit 1; }; }
elif test $pkg_failed = untried; then
{ { echo "$as_me:$LINENO: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Alternatively you may set the GTHREAD_CFLAGS and GTHREAD_LIBS environment variables
to avoid the need to call pkg-config. See the pkg-config man page for
more details.
To get pkg-config, see .
See \`config.log' for more details." >&5
echo "$as_me: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Alternatively you may set the GTHREAD_CFLAGS and GTHREAD_LIBS environment variables
to avoid the need to call pkg-config. See the pkg-config man page for
more details.
To get pkg-config, see .
See \`config.log' for more details." >&2;}
{ (exit 1); exit 1; }; }
else
GTHREAD_CFLAGS=$pkg_cv_GTHREAD_CFLAGS
GTHREAD_LIBS=$pkg_cv_GTHREAD_LIBS
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6
:
fi
echo "$as_me:$LINENO: checking for g_thread_init in -lgthread-2.0" >&5
echo $ECHO_N "checking for g_thread_init in -lgthread-2.0... $ECHO_C" >&6
if test "${ac_cv_lib_gthread_2_0_g_thread_init+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lgthread-2.0 $GTHREAD_LIBS $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char g_thread_init ();
int
main ()
{
g_thread_init ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_lib_gthread_2_0_g_thread_init=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_cv_lib_gthread_2_0_g_thread_init=no
fi
rm -f conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
echo "$as_me:$LINENO: result: $ac_cv_lib_gthread_2_0_g_thread_init" >&5
echo "${ECHO_T}$ac_cv_lib_gthread_2_0_g_thread_init" >&6
if test $ac_cv_lib_gthread_2_0_g_thread_init = yes; then
cat >>confdefs.h <<_ACEOF
#define HAVE_LIBGTHREAD_2_0 1
_ACEOF
LIBS="-lgthread-2.0 $LIBS"
fi
fi
fi;
echo "$as_me:$LINENO: checking for libnet" >&5
echo $ECHO_N "checking for libnet... $ECHO_C" >&6
# Check whether --enable-libnet or --disable-libnet was given.
if test "${enable_libnet+set}" = set; then
enableval="$enable_libnet"
case "$enableval" in
yes)
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6
;;
no)
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
LIBNET_VER=-1
;;
*)
{ { echo "$as_me:$LINENO: error: no arguments expected for --disable-libnet" >&5
echo "$as_me: error: no arguments expected for --disable-libnet" >&2;}
{ (exit 1); exit 1; }; }
;;
esac
fi;
# Check whether --with-libnet or --without-libnet was given.
if test "${with_libnet+set}" = set; then
withval="$with_libnet"
case "$withval" in
yes)
;;
no)
LIBNET_VER=-1
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
;;
*)
echo "$as_me:$LINENO: result: $withval" >&5
echo "${ECHO_T}$withval" >&6
if test -f $withval/include/libnet.h -a -f $withval/lib/libnet.a -a -f $withval/libnet-config ; then
owd=`pwd`
if cd $withval; then withval=`pwd`; cd $owd; fi
LNET_CFLAGS="-I$withval/include `$withval/libnet-config --defines`"
LNETLIB="-L$withval/lib -lnet"
elif test -f $withval/include/libnet.h -a -f $withval/src/libnet.a; then
owd=`pwd`
if cd $withval; then withval=`pwd`; cd $owd; fi
LNET_CFLAGS="-I$withval/include"
LNETLIB="-L$withval/src -lnet"
else
echo "A working combination of libnet.h, libnet.a and libnet-config not found in $withval; get libnet from www.packetfactory.net/projects/libnet and reinstall"
{ { echo "$as_me:$LINENO: error: libnet" >&5
echo "$as_me: error: libnet" >&2;}
{ (exit 1); exit 1; }; }
fi
;;
esac
else
if test "x"$LIBNET_VER = "x"-1 ; then
echo "$as_me:$LINENO: result: skipping libnet" >&5
echo "${ECHO_T}skipping libnet" >&6
else
if test -f ${prefix}/include/libnet.h -a ${exec_prefix}/lib/libnet.a ; then
LNET_CFLAGS="-I${prefix}/include `${exec_prefix}/bin/libnet-config --defines 2>/dev/null`"
LNETLIB="-L${exec_prefix}/lib -lnet"
else
LNET_CFLAGS="`libnet-config --defines 2>/dev/null`"
LNETLIB="-lnet"
fi
fi
fi;
if test "x"$LIBNET_VER != "x"-1 ; then
TMPC="$CFLAGS"
TMPL="$LIBS"
CFLAGS="$CFLAGS $LNET_CFLAGS"
LIBS="$LNETLIB $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
int
main ()
{
libnet_get_prand(0)
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
LIBNET_FOUND=1
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
LIBNET_FOUND=0
fi
rm -f conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
CFLAGS="$TMPC"
LIBS="$TMPL"
if test $LIBNET_FOUND = 1 ; then
LNETLIB="-lnet"
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6
else
echo "Working libnet not found; get it from www.packetfactory.net/projects/libnet and reinstall"
{ { echo "$as_me:$LINENO: error: libnet" >&5
echo "$as_me: error: libnet" >&2;}
{ (exit 1); exit 1; }; }
fi
fi
BUILD_SHARED=
echo "$as_me:$LINENO: checking whether to build shared library" >&5
echo $ECHO_N "checking whether to build shared library... $ECHO_C" >&6
# Check whether --enable-shared or --disable-shared was given.
if test "${enable_shared+set}" = set; then
enableval="$enable_shared"
case "$enableval" in
yes)
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6
BUILD_SHARED=shared
;;
no)
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
;;
*)
{ { echo "$as_me:$LINENO: error: no arguments expected for --enable-shared" >&5
echo "$as_me: error: no arguments expected for --enable-shared" >&2;}
{ (exit 1); exit 1; }; }
;;
esac
else
echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi;
echo "$as_me:$LINENO: checking the name of struct icmp" >&5
echo $ECHO_N "checking the name of struct icmp... $ECHO_C" >&6
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
#include
#include
#include
int
main ()
{
struct icmphdr h;int c=h.type
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ICMPHEADER=1
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ICMPHEADER=0
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
if test $ICMPHEADER = 1 ; then
echo "$as_me:$LINENO: result: struct icmphdr" >&5
echo "${ECHO_T}struct icmphdr" >&6 ; else echo "$as_me:$LINENO: result: struct icmp" >&5
echo "${ECHO_T}struct icmp" >&6
fi
echo "$as_me:$LINENO: checking if tcp states are defined" >&5
echo $ECHO_N "checking if tcp states are defined... $ECHO_C" >&6
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
#include
#include
int
main ()
{
int c=TCP_ESTABLISHED
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
TCPSTATES=1
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
TCPSTATES=0
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
if test $TCPSTATES = 1 ; then
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6 ; else echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
echo "$as_me:$LINENO: checking for bsd-ish struct udphdr" >&5
echo $ECHO_N "checking for bsd-ish struct udphdr... $ECHO_C" >&6
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
#include
#include
int
main ()
{
struct udphdr h;int c=h.uh_ulen
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
HAVE_BSD_UDPHDR=1
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
HAVE_BSD_UDPHDR=0
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
if test $HAVE_BSD_UDPHDR = 1 ; then
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6 ; else echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi
if test "x"$LIBNET_VER != "x"-1 ; then
TMP=$CFLAGS
CFLAGS="$CFLAGS $LNET_CFLAGS"
echo "$as_me:$LINENO: checking libnet version" >&5
echo $ECHO_N "checking libnet version... $ECHO_C" >&6
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
int
main ()
{
int c=LIBNET_PTAG_INITIALIZER
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
{ ac_try='test -s conftest.$ac_objext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
LIBNET_VER=1
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
LIBNET_VER=0
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
CFLAGS=$TMP
if test $LIBNET_VER = 1 ; then
echo "$as_me:$LINENO: result: looks new" >&5
echo "${ECHO_T}looks new" >&6 ; else echo "$as_me:$LINENO: result: looks old" >&5
echo "${ECHO_T}looks old" >&6
fi
fi
ac_config_files="$ac_config_files Makefile src/Makefile samples/Makefile"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
# tests run on this system so they can be shared between configure
# scripts and configure runs, see configure's option --config-cache.
# It is not useful on other systems. If it contains results you don't
# want to keep, you may remove or edit it.
#
# config.status only pays attention to the cache file if you give it
# the --recheck option to rerun configure.
#
# `ac_cv_env_foo' variables (set or unset) will be overridden when
# loading this file, other *unset* `ac_cv_foo' will be assigned the
# following values.
_ACEOF
# The following way of writing the cache mishandles newlines in values,
# but we know of no workaround that is simple, portable, and efficient.
# So, don't put newlines in cache variables' values.
# Ultrix sh set writes to stderr and can't be redirected directly,
# and sets the high bit in the cache file unless we assign to the vars.
{
(set) 2>&1 |
case `(ac_space=' '; set | grep ac_space) 2>&1` in
*ac_space=\ *)
# `set' does not quote correctly, so add quotes (double-quote
# substitution turns \\\\ into \\, and sed turns \\ into \).
sed -n \
"s/'/'\\\\''/g;
s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
;;
*)
# `set' quotes correctly as required by POSIX, so do not add quotes.
sed -n \
"s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
;;
esac;
} |
sed '
t clear
: clear
s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
t end
/^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
: end' >>confcache
if diff $cache_file confcache >/dev/null 2>&1; then :; else
if test -w $cache_file; then
test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file"
cat confcache >$cache_file
else
echo "not updating unwritable cache $cache_file"
fi
fi
rm -f confcache
test "x$prefix" = xNONE && prefix=$ac_default_prefix
# Let make expand exec_prefix.
test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
# VPATH may cause trouble with some makes, so we remove $(srcdir),
# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
# trailing colons and then remove the whole line if VPATH becomes empty
# (actually we leave an empty line to preserve line numbers).
if test "x$srcdir" = x.; then
ac_vpsub='/^[ ]*VPATH[ ]*=/{
s/:*\$(srcdir):*/:/;
s/:*\${srcdir}:*/:/;
s/:*@srcdir@:*/:/;
s/^\([^=]*=[ ]*\):*/\1/;
s/:*$//;
s/^[^=]*=[ ]*$//;
}'
fi
DEFS=-DHAVE_CONFIG_H
ac_libobjs=
ac_ltlibobjs=
for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
# 1. Remove the extension, and $U if already installed.
ac_i=`echo "$ac_i" |
sed 's/\$U\././;s/\.o$//;s/\.obj$//'`
# 2. Add them.
ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext"
ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo'
done
LIBOBJS=$ac_libobjs
LTLIBOBJS=$ac_ltlibobjs
: ${CONFIG_STATUS=./config.status}
ac_clean_files_save=$ac_clean_files
ac_clean_files="$ac_clean_files $CONFIG_STATUS"
{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
echo "$as_me: creating $CONFIG_STATUS" >&6;}
cat >$CONFIG_STATUS <<_ACEOF
#! $SHELL
# Generated by $as_me.
# Run this file to recreate the current configuration.
# Compiler output produced by configure, useful for debugging
# configure, is in config.log if it exists.
debug=false
ac_cs_recheck=false
ac_cs_silent=false
SHELL=\${CONFIG_SHELL-$SHELL}
_ACEOF
cat >>$CONFIG_STATUS <<\_ACEOF
## --------------------- ##
## M4sh Initialization. ##
## --------------------- ##
# Be Bourne compatible
if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
emulate sh
NULLCMD=:
# Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
set -o posix
fi
DUALCASE=1; export DUALCASE # for MKS sh
# Support unset when possible.
if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
as_unset=unset
else
as_unset=false
fi
# Work around bugs in pre-3.0 UWIN ksh.
$as_unset ENV MAIL MAILPATH
PS1='$ '
PS2='> '
PS4='+ '
# NLS nuisances.
for as_var in \
LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
LC_TELEPHONE LC_TIME
do
if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
eval $as_var=C; export $as_var
else
$as_unset $as_var
fi
done
# Required to use basename.
if expr a : '\(a\)' >/dev/null 2>&1; then
as_expr=expr
else
as_expr=false
fi
if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
as_basename=basename
else
as_basename=false
fi
# Name of the executable.
as_me=`$as_basename "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
X"$0" : 'X\(/\)$' \| \
. : '\(.\)' 2>/dev/null ||
echo X/"$0" |
sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
/^X\/\(\/\/\)$/{ s//\1/; q; }
/^X\/\(\/\).*/{ s//\1/; q; }
s/.*/./; q'`
# PATH needs CR, and LINENO needs CR and PATH.
# Avoid depending upon Character Ranges.
as_cr_letters='abcdefghijklmnopqrstuvwxyz'
as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
as_cr_Letters=$as_cr_letters$as_cr_LETTERS
as_cr_digits='0123456789'
as_cr_alnum=$as_cr_Letters$as_cr_digits
# The user is always right.
if test "${PATH_SEPARATOR+set}" != set; then
echo "#! /bin/sh" >conf$$.sh
echo "exit 0" >>conf$$.sh
chmod +x conf$$.sh
if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
PATH_SEPARATOR=';'
else
PATH_SEPARATOR=:
fi
rm -f conf$$.sh
fi
as_lineno_1=$LINENO
as_lineno_2=$LINENO
as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
test "x$as_lineno_1" != "x$as_lineno_2" &&
test "x$as_lineno_3" = "x$as_lineno_2" || {
# Find who we are. Look in the path if we contain no path at all
# relative or not.
case $0 in
*[\\/]* ) as_myself=$0 ;;
*) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
done
;;
esac
# We did not find ourselves, most probably we were run as `sh COMMAND'
# in which case we are not to be found in the path.
if test "x$as_myself" = x; then
as_myself=$0
fi
if test ! -f "$as_myself"; then
{ { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
{ (exit 1); exit 1; }; }
fi
case $CONFIG_SHELL in
'')
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for as_base in sh bash ksh sh5; do
case $as_dir in
/*)
if ("$as_dir/$as_base" -c '
as_lineno_1=$LINENO
as_lineno_2=$LINENO
as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
test "x$as_lineno_1" != "x$as_lineno_2" &&
test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
$as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
$as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
CONFIG_SHELL=$as_dir/$as_base
export CONFIG_SHELL
exec "$CONFIG_SHELL" "$0" ${1+"$@"}
fi;;
esac
done
done
;;
esac
# Create $as_me.lineno as a copy of $as_myself, but with $LINENO
# uniformly replaced by the line number. The first 'sed' inserts a
# line-number line before each line; the second 'sed' does the real
# work. The second script uses 'N' to pair each line-number line
# with the numbered line, and appends trailing '-' during
# substitution so that $LINENO is not a special case at line end.
# (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
# second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
sed '=' <$as_myself |
sed '
N
s,$,-,
: loop
s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
t loop
s,-$,,
s,^['$as_cr_digits']*\n,,
' >$as_me.lineno &&
chmod +x $as_me.lineno ||
{ { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
{ (exit 1); exit 1; }; }
# Don't try to exec as it changes $[0], causing all sort of problems
# (the dirname of $[0] is not the place where we might find the
# original and so on. Autoconf is especially sensible to this).
. ./$as_me.lineno
# Exit status is that of the last command.
exit
}
case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
*c*,-n*) ECHO_N= ECHO_C='
' ECHO_T=' ' ;;
*c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
*) ECHO_N= ECHO_C='\c' ECHO_T= ;;
esac
if expr a : '\(a\)' >/dev/null 2>&1; then
as_expr=expr
else
as_expr=false
fi
rm -f conf$$ conf$$.exe conf$$.file
echo >conf$$.file
if ln -s conf$$.file conf$$ 2>/dev/null; then
# We could just check for DJGPP; but this test a) works b) is more generic
# and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
if test -f conf$$.exe; then
# Don't use ln at all; we don't have any links
as_ln_s='cp -p'
else
as_ln_s='ln -s'
fi
elif ln conf$$.file conf$$ 2>/dev/null; then
as_ln_s=ln
else
as_ln_s='cp -p'
fi
rm -f conf$$ conf$$.exe conf$$.file
if mkdir -p . 2>/dev/null; then
as_mkdir_p=:
else
test -d ./-p && rmdir ./-p
as_mkdir_p=false
fi
as_executable_p="test -f"
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
# Sed expression to map a string onto a valid variable name.
as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
# IFS
# We need space, tab and new line, in precisely that order.
as_nl='
'
IFS=" $as_nl"
# CDPATH.
$as_unset CDPATH
exec 6>&1
# Open the log real soon, to keep \$[0] and so on meaningful, and to
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling. Logging --version etc. is OK.
exec 5>>config.log
{
echo
sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
## Running $as_me. ##
_ASBOX
} >&5
cat >&5 <<_CSEOF
This file was extended by $as_me, which was
generated by GNU Autoconf 2.59. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
CONFIG_HEADERS = $CONFIG_HEADERS
CONFIG_LINKS = $CONFIG_LINKS
CONFIG_COMMANDS = $CONFIG_COMMANDS
$ $0 $@
_CSEOF
echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
echo >&5
_ACEOF
# Files that config.status was made for.
if test -n "$ac_config_files"; then
echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
fi
if test -n "$ac_config_headers"; then
echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
fi
if test -n "$ac_config_links"; then
echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
fi
if test -n "$ac_config_commands"; then
echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
fi
cat >>$CONFIG_STATUS <<\_ACEOF
ac_cs_usage="\
\`$as_me' instantiates files from templates according to the
current configuration.
Usage: $0 [OPTIONS] [FILE]...
-h, --help print this help, then exit
-V, --version print version number, then exit
-q, --quiet do not print progress messages
-d, --debug don't remove temporary files
--recheck update $as_me by reconfiguring in the same conditions
--file=FILE[:TEMPLATE]
instantiate the configuration file FILE
--header=FILE[:TEMPLATE]
instantiate the configuration header FILE
Configuration files:
$config_files
Configuration headers:
$config_headers
Report bugs to ."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
config.status
configured by $0, generated by GNU Autoconf 2.59,
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
Copyright (C) 2003 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."
srcdir=$srcdir
INSTALL="$INSTALL"
_ACEOF
cat >>$CONFIG_STATUS <<\_ACEOF
# If no file are specified by the user, then we need to provide default
# value. By we need to know if files were specified by the user.
ac_need_defaults=:
while test $# != 0
do
case $1 in
--*=*)
ac_option=`expr "x$1" : 'x\([^=]*\)='`
ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
ac_shift=:
;;
-*)
ac_option=$1
ac_optarg=$2
ac_shift=shift
;;
*) # This is not an option, so the user has probably given explicit
# arguments.
ac_option=$1
ac_need_defaults=false;;
esac
case $ac_option in
# Handling of the options.
_ACEOF
cat >>$CONFIG_STATUS <<\_ACEOF
-recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
ac_cs_recheck=: ;;
--version | --vers* | -V )
echo "$ac_cs_version"; exit 0 ;;
--he | --h)
# Conflict between --help and --header
{ { echo "$as_me:$LINENO: error: ambiguous option: $1
Try \`$0 --help' for more information." >&5
echo "$as_me: error: ambiguous option: $1
Try \`$0 --help' for more information." >&2;}
{ (exit 1); exit 1; }; };;
--help | --hel | -h )
echo "$ac_cs_usage"; exit 0 ;;
--debug | --d* | -d )
debug=: ;;
--file | --fil | --fi | --f )
$ac_shift
CONFIG_FILES="$CONFIG_FILES $ac_optarg"
ac_need_defaults=false;;
--header | --heade | --head | --hea )
$ac_shift
CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
ac_need_defaults=false;;
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil | --si | --s)
ac_cs_silent=: ;;
# This is an error.
-*) { { echo "$as_me:$LINENO: error: unrecognized option: $1
Try \`$0 --help' for more information." >&5
echo "$as_me: error: unrecognized option: $1
Try \`$0 --help' for more information." >&2;}
{ (exit 1); exit 1; }; } ;;
*) ac_config_targets="$ac_config_targets $1" ;;
esac
shift
done
ac_configure_extra_args=
if $ac_cs_silent; then
exec 6>/dev/null
ac_configure_extra_args="$ac_configure_extra_args --silent"
fi
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
if \$ac_cs_recheck; then
echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
fi
_ACEOF
cat >>$CONFIG_STATUS <<\_ACEOF
for ac_config_target in $ac_config_targets
do
case "$ac_config_target" in
# Handling of arguments.
"Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
"samples/Makefile" ) CONFIG_FILES="$CONFIG_FILES samples/Makefile" ;;
"src/config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS src/config.h" ;;
*) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
{ (exit 1); exit 1; }; };;
esac
done
# If the user did not use the arguments to specify the items to instantiate,
# then the envvar interface is used. Set only those that are not.
# We use the long form for the default assignment because of an extremely
# bizarre bug on SunOS 4.1.3.
if $ac_need_defaults; then
test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
fi
# Have a temporary directory for convenience. Make it in the build tree
# simply because there is no reason to put it here, and in addition,
# creating and moving files from /tmp can sometimes cause problems.
# Create a temporary directory, and hook for its removal unless debugging.
$debug ||
{
trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
trap '{ (exit 1); exit 1; }' 1 2 13 15
}
# Create a (secure) tmp directory for tmp files.
{
tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` &&
test -n "$tmp" && test -d "$tmp"
} ||
{
tmp=./confstat$$-$RANDOM
(umask 077 && mkdir $tmp)
} ||
{
echo "$me: cannot create a temporary directory in ." >&2
{ (exit 1); exit 1; }
}
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
#
# CONFIG_FILES section.
#
# No need to generate the scripts if there are no CONFIG_FILES.
# This happens for instance when ./config.status config.h
if test -n "\$CONFIG_FILES"; then
# Protect against being on the right side of a sed subst in config.status.
sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
s,@SHELL@,$SHELL,;t t
s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t
s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t
s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
s,@exec_prefix@,$exec_prefix,;t t
s,@prefix@,$prefix,;t t
s,@program_transform_name@,$program_transform_name,;t t
s,@bindir@,$bindir,;t t
s,@sbindir@,$sbindir,;t t
s,@libexecdir@,$libexecdir,;t t
s,@datadir@,$datadir,;t t
s,@sysconfdir@,$sysconfdir,;t t
s,@sharedstatedir@,$sharedstatedir,;t t
s,@localstatedir@,$localstatedir,;t t
s,@libdir@,$libdir,;t t
s,@includedir@,$includedir,;t t
s,@oldincludedir@,$oldincludedir,;t t
s,@infodir@,$infodir,;t t
s,@mandir@,$mandir,;t t
s,@build_alias@,$build_alias,;t t
s,@host_alias@,$host_alias,;t t
s,@target_alias@,$target_alias,;t t
s,@DEFS@,$DEFS,;t t
s,@ECHO_C@,$ECHO_C,;t t
s,@ECHO_N@,$ECHO_N,;t t
s,@ECHO_T@,$ECHO_T,;t t
s,@LIBS@,$LIBS,;t t
s,@build@,$build,;t t
s,@build_cpu@,$build_cpu,;t t
s,@build_vendor@,$build_vendor,;t t
s,@build_os@,$build_os,;t t
s,@host@,$host,;t t
s,@host_cpu@,$host_cpu,;t t
s,@host_vendor@,$host_vendor,;t t
s,@host_os@,$host_os,;t t
s,@target@,$target,;t t
s,@target_cpu@,$target_cpu,;t t
s,@target_vendor@,$target_vendor,;t t
s,@target_os@,$target_os,;t t
s,@CC@,$CC,;t t
s,@CFLAGS@,$CFLAGS,;t t
s,@LDFLAGS@,$LDFLAGS,;t t
s,@CPPFLAGS@,$CPPFLAGS,;t t
s,@ac_ct_CC@,$ac_ct_CC,;t t
s,@EXEEXT@,$EXEEXT,;t t
s,@OBJEXT@,$OBJEXT,;t t
s,@RANLIB@,$RANLIB,;t t
s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
s,@INSTALL_DATA@,$INSTALL_DATA,;t t
s,@CPP@,$CPP,;t t
s,@EGREP@,$EGREP,;t t
s,@PCAP_CFLAGS@,$PCAP_CFLAGS,;t t
s,@PCAPLIB@,$PCAPLIB,;t t
s,@PKG_CONFIG@,$PKG_CONFIG,;t t
s,@ac_pt_PKG_CONFIG@,$ac_pt_PKG_CONFIG,;t t
s,@GLIB_CFLAGS@,$GLIB_CFLAGS,;t t
s,@GLIB_LIBS@,$GLIB_LIBS,;t t
s,@GTHREAD_CFLAGS@,$GTHREAD_CFLAGS,;t t
s,@GTHREAD_LIBS@,$GTHREAD_LIBS,;t t
s,@LNET_CFLAGS@,$LNET_CFLAGS,;t t
s,@LNETLIB@,$LNETLIB,;t t
s,@BUILD_SHARED@,$BUILD_SHARED,;t t
s,@ICMPHEADER@,$ICMPHEADER,;t t
s,@TCPSTATES@,$TCPSTATES,;t t
s,@HAVE_BSD_UDPHDR@,$HAVE_BSD_UDPHDR,;t t
s,@LIBNET_VER@,$LIBNET_VER,;t t
s,@LIBOBJS@,$LIBOBJS,;t t
s,@LTLIBOBJS@,$LTLIBOBJS,;t t
CEOF
_ACEOF
cat >>$CONFIG_STATUS <<\_ACEOF
# Split the substitutions into bite-sized pieces for seds with
# small command number limits, like on Digital OSF/1 and HP-UX.
ac_max_sed_lines=48
ac_sed_frag=1 # Number of current file.
ac_beg=1 # First line for current file.
ac_end=$ac_max_sed_lines # Line after last line for current file.
ac_more_lines=:
ac_sed_cmds=
while $ac_more_lines; do
if test $ac_beg -gt 1; then
sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
else
sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
fi
if test ! -s $tmp/subs.frag; then
ac_more_lines=false
else
# The purpose of the label and of the branching condition is to
# speed up the sed processing (if there are no `@' at all, there
# is no need to browse any of the substitutions).
# These are the two extra sed commands mentioned above.
(echo ':t
/@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
if test -z "$ac_sed_cmds"; then
ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
else
ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
fi
ac_sed_frag=`expr $ac_sed_frag + 1`
ac_beg=$ac_end
ac_end=`expr $ac_end + $ac_max_sed_lines`
fi
done
if test -z "$ac_sed_cmds"; then
ac_sed_cmds=cat
fi
fi # test -n "$CONFIG_FILES"
_ACEOF
cat >>$CONFIG_STATUS <<\_ACEOF
for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
# Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
case $ac_file in
- | *:- | *:-:* ) # input from stdin
cat >$tmp/stdin
ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
*:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
* ) ac_file_in=$ac_file.in ;;
esac
# Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
ac_dir=`(dirname "$ac_file") 2>/dev/null ||
$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$ac_file" : 'X\(//\)[^/]' \| \
X"$ac_file" : 'X\(//\)$' \| \
X"$ac_file" : 'X\(/\)' \| \
. : '\(.\)' 2>/dev/null ||
echo X"$ac_file" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
/^X\(\/\/\)[^/].*/{ s//\1/; q; }
/^X\(\/\/\)$/{ s//\1/; q; }
/^X\(\/\).*/{ s//\1/; q; }
s/.*/./; q'`
{ if $as_mkdir_p; then
mkdir -p "$ac_dir"
else
as_dir="$ac_dir"
as_dirs=
while test ! -d "$as_dir"; do
as_dirs="$as_dir $as_dirs"
as_dir=`(dirname "$as_dir") 2>/dev/null ||
$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$as_dir" : 'X\(//\)[^/]' \| \
X"$as_dir" : 'X\(//\)$' \| \
X"$as_dir" : 'X\(/\)' \| \
. : '\(.\)' 2>/dev/null ||
echo X"$as_dir" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
/^X\(\/\/\)[^/].*/{ s//\1/; q; }
/^X\(\/\/\)$/{ s//\1/; q; }
/^X\(\/\).*/{ s//\1/; q; }
s/.*/./; q'`
done
test ! -n "$as_dirs" || mkdir $as_dirs
fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
{ (exit 1); exit 1; }; }; }
ac_builddir=.
if test "$ac_dir" != .; then
ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
# A "../" for each directory in $ac_dir_suffix.
ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
else
ac_dir_suffix= ac_top_builddir=
fi
case $srcdir in
.) # No --srcdir option. We are building in place.
ac_srcdir=.
if test -z "$ac_top_builddir"; then
ac_top_srcdir=.
else
ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
fi ;;
[\\/]* | ?:[\\/]* ) # Absolute path.
ac_srcdir=$srcdir$ac_dir_suffix;
ac_top_srcdir=$srcdir ;;
*) # Relative path.
ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
ac_top_srcdir=$ac_top_builddir$srcdir ;;
esac
# Do not use `cd foo && pwd` to compute absolute paths, because
# the directories may not exist.
case `pwd` in
.) ac_abs_builddir="$ac_dir";;
*)
case "$ac_dir" in
.) ac_abs_builddir=`pwd`;;
[\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
*) ac_abs_builddir=`pwd`/"$ac_dir";;
esac;;
esac
case $ac_abs_builddir in
.) ac_abs_top_builddir=${ac_top_builddir}.;;
*)
case ${ac_top_builddir}. in
.) ac_abs_top_builddir=$ac_abs_builddir;;
[\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
*) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
esac;;
esac
case $ac_abs_builddir in
.) ac_abs_srcdir=$ac_srcdir;;
*)
case $ac_srcdir in
.) ac_abs_srcdir=$ac_abs_builddir;;
[\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
*) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
esac;;
esac
case $ac_abs_builddir in
.) ac_abs_top_srcdir=$ac_top_srcdir;;
*)
case $ac_top_srcdir in
.) ac_abs_top_srcdir=$ac_abs_builddir;;
[\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
*) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
esac;;
esac
case $INSTALL in
[\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
*) ac_INSTALL=$ac_top_builddir$INSTALL ;;
esac
# Let's still pretend it is `configure' which instantiates (i.e., don't
# use $as_me), people would be surprised to read:
# /* config.h. Generated by config.status. */
if test x"$ac_file" = x-; then
configure_input=
else
configure_input="$ac_file. "
fi
configure_input=$configure_input"Generated from `echo $ac_file_in |
sed 's,.*/,,'` by configure."
# First look for the input files in the build tree, otherwise in the
# src tree.
ac_file_inputs=`IFS=:
for f in $ac_file_in; do
case $f in
-) echo $tmp/stdin ;;
[\\/$]*)
# Absolute (can't be DOS-style, as IFS=:)
test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
echo "$as_me: error: cannot find input file: $f" >&2;}
{ (exit 1); exit 1; }; }
echo "$f";;
*) # Relative
if test -f "$f"; then
# Build tree
echo "$f"
elif test -f "$srcdir/$f"; then
# Source tree
echo "$srcdir/$f"
else
# /dev/null tree
{ { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
echo "$as_me: error: cannot find input file: $f" >&2;}
{ (exit 1); exit 1; }; }
fi;;
esac
done` || { (exit 1); exit 1; }
if test x"$ac_file" != x-; then
{ echo "$as_me:$LINENO: creating $ac_file" >&5
echo "$as_me: creating $ac_file" >&6;}
rm -f "$ac_file"
fi
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
sed "$ac_vpsub
$extrasub
_ACEOF
cat >>$CONFIG_STATUS <<\_ACEOF
:t
/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
s,@configure_input@,$configure_input,;t t
s,@srcdir@,$ac_srcdir,;t t
s,@abs_srcdir@,$ac_abs_srcdir,;t t
s,@top_srcdir@,$ac_top_srcdir,;t t
s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t
s,@builddir@,$ac_builddir,;t t
s,@abs_builddir@,$ac_abs_builddir,;t t
s,@top_builddir@,$ac_top_builddir,;t t
s,@abs_top_builddir@,$ac_abs_top_builddir,;t t
s,@INSTALL@,$ac_INSTALL,;t t
" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
rm -f $tmp/stdin
if test x"$ac_file" != x-; then
mv $tmp/out $ac_file
else
cat $tmp/out
rm -f $tmp/out
fi
done
_ACEOF
cat >>$CONFIG_STATUS <<\_ACEOF
#
# CONFIG_HEADER section.
#
# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
# NAME is the cpp macro being defined and VALUE is the value it is being given.
#
# ac_d sets the value in "#define NAME VALUE" lines.
ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)'
ac_dB='[ ].*$,\1#\2'
ac_dC=' '
ac_dD=',;t'
# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)'
ac_uB='$,\1#\2define\3'
ac_uC=' '
ac_uD=',;t'
for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
# Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
case $ac_file in
- | *:- | *:-:* ) # input from stdin
cat >$tmp/stdin
ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
*:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
* ) ac_file_in=$ac_file.in ;;
esac
test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5
echo "$as_me: creating $ac_file" >&6;}
# First look for the input files in the build tree, otherwise in the
# src tree.
ac_file_inputs=`IFS=:
for f in $ac_file_in; do
case $f in
-) echo $tmp/stdin ;;
[\\/$]*)
# Absolute (can't be DOS-style, as IFS=:)
test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
echo "$as_me: error: cannot find input file: $f" >&2;}
{ (exit 1); exit 1; }; }
# Do quote $f, to prevent DOS paths from being IFS'd.
echo "$f";;
*) # Relative
if test -f "$f"; then
# Build tree
echo "$f"
elif test -f "$srcdir/$f"; then
# Source tree
echo "$srcdir/$f"
else
# /dev/null tree
{ { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
echo "$as_me: error: cannot find input file: $f" >&2;}
{ (exit 1); exit 1; }; }
fi;;
esac
done` || { (exit 1); exit 1; }
# Remove the trailing spaces.
sed 's/[ ]*$//' $ac_file_inputs >$tmp/in
_ACEOF
# Transform confdefs.h into two sed scripts, `conftest.defines' and
# `conftest.undefs', that substitutes the proper values into
# config.h.in to produce config.h. The first handles `#define'
# templates, and the second `#undef' templates.
# And first: Protect against being on the right side of a sed subst in
# config.status. Protect against being in an unquoted here document
# in config.status.
rm -f conftest.defines conftest.undefs
# Using a here document instead of a string reduces the quoting nightmare.
# Putting comments in sed scripts is not portable.
#
# `end' is used to avoid that the second main sed command (meant for
# 0-ary CPP macros) applies to n-ary macro definitions.
# See the Autoconf documentation for `clear'.
cat >confdef2sed.sed <<\_ACEOF
s/[\\&,]/\\&/g
s,[\\$`],\\&,g
t clear
: clear
s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
t end
s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
: end
_ACEOF
# If some macros were called several times there might be several times
# the same #defines, which is useless. Nevertheless, we may not want to
# sort them, since we want the *last* AC-DEFINE to be honored.
uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
rm -f confdef2sed.sed
# This sed command replaces #undef with comments. This is necessary, for
# example, in the case of _POSIX_SOURCE, which is predefined and required
# on some systems where configure will not decide to define it.
cat >>conftest.undefs <<\_ACEOF
s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
_ACEOF
# Break up conftest.defines because some shells have a limit on the size
# of here documents, and old seds have small limits too (100 cmds).
echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
echo ' :' >>$CONFIG_STATUS
rm -f conftest.tail
while grep . conftest.defines >/dev/null
do
# Write a limited-size here document to $tmp/defines.sed.
echo ' cat >$tmp/defines.sed <>$CONFIG_STATUS
# Speed up: don't consider the non `#define' lines.
echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS
# Work around the forget-to-reset-the-flag bug.
echo 't clr' >>$CONFIG_STATUS
echo ': clr' >>$CONFIG_STATUS
sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
echo 'CEOF
sed -f $tmp/defines.sed $tmp/in >$tmp/out
rm -f $tmp/in
mv $tmp/out $tmp/in
' >>$CONFIG_STATUS
sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
rm -f conftest.defines
mv conftest.tail conftest.defines
done
rm -f conftest.defines
echo ' fi # grep' >>$CONFIG_STATUS
echo >>$CONFIG_STATUS
# Break up conftest.undefs because some shells have a limit on the size
# of here documents, and old seds have small limits too (100 cmds).
echo ' # Handle all the #undef templates' >>$CONFIG_STATUS
rm -f conftest.tail
while grep . conftest.undefs >/dev/null
do
# Write a limited-size here document to $tmp/undefs.sed.
echo ' cat >$tmp/undefs.sed <>$CONFIG_STATUS
# Speed up: don't consider the non `#undef'
echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS
# Work around the forget-to-reset-the-flag bug.
echo 't clr' >>$CONFIG_STATUS
echo ': clr' >>$CONFIG_STATUS
sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
echo 'CEOF
sed -f $tmp/undefs.sed $tmp/in >$tmp/out
rm -f $tmp/in
mv $tmp/out $tmp/in
' >>$CONFIG_STATUS
sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
rm -f conftest.undefs
mv conftest.tail conftest.undefs
done
rm -f conftest.undefs
cat >>$CONFIG_STATUS <<\_ACEOF
# Let's still pretend it is `configure' which instantiates (i.e., don't
# use $as_me), people would be surprised to read:
# /* config.h. Generated by config.status. */
if test x"$ac_file" = x-; then
echo "/* Generated by configure. */" >$tmp/config.h
else
echo "/* $ac_file. Generated by configure. */" >$tmp/config.h
fi
cat $tmp/in >>$tmp/config.h
rm -f $tmp/in
if test x"$ac_file" != x-; then
if diff $ac_file $tmp/config.h >/dev/null 2>&1; then
{ echo "$as_me:$LINENO: $ac_file is unchanged" >&5
echo "$as_me: $ac_file is unchanged" >&6;}
else
ac_dir=`(dirname "$ac_file") 2>/dev/null ||
$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$ac_file" : 'X\(//\)[^/]' \| \
X"$ac_file" : 'X\(//\)$' \| \
X"$ac_file" : 'X\(/\)' \| \
. : '\(.\)' 2>/dev/null ||
echo X"$ac_file" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
/^X\(\/\/\)[^/].*/{ s//\1/; q; }
/^X\(\/\/\)$/{ s//\1/; q; }
/^X\(\/\).*/{ s//\1/; q; }
s/.*/./; q'`
{ if $as_mkdir_p; then
mkdir -p "$ac_dir"
else
as_dir="$ac_dir"
as_dirs=
while test ! -d "$as_dir"; do
as_dirs="$as_dir $as_dirs"
as_dir=`(dirname "$as_dir") 2>/dev/null ||
$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$as_dir" : 'X\(//\)[^/]' \| \
X"$as_dir" : 'X\(//\)$' \| \
X"$as_dir" : 'X\(/\)' \| \
. : '\(.\)' 2>/dev/null ||
echo X"$as_dir" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
/^X\(\/\/\)[^/].*/{ s//\1/; q; }
/^X\(\/\/\)$/{ s//\1/; q; }
/^X\(\/\).*/{ s//\1/; q; }
s/.*/./; q'`
done
test ! -n "$as_dirs" || mkdir $as_dirs
fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
{ (exit 1); exit 1; }; }; }
rm -f $ac_file
mv $tmp/config.h $ac_file
fi
else
cat $tmp/config.h
rm -f $tmp/config.h
fi
done
_ACEOF
cat >>$CONFIG_STATUS <<\_ACEOF
{ (exit 0); exit 0; }
_ACEOF
chmod +x $CONFIG_STATUS
ac_clean_files=$ac_clean_files_save
# configure is writing to config.log, and then calls config.status.
# config.status does its own redirection, appending to config.log.
# Unfortunately, on DOS this fails, as config.log is still kept open
# by configure, so config.status won't be able to write to it; its
# output is simply discarded. So we exec the FD to /dev/null,
# effectively closing config.log, so it can be properly (re)opened and
# appended to by config.status. When coming back to configure, we
# need to make the FD available again.
if test "$no_create" != yes; then
ac_cs_success=:
ac_config_status_args=
test "$silent" = yes &&
ac_config_status_args="$ac_config_status_args --quiet"
exec 5>/dev/null
$SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
exec 5>>config.log
# Use ||, not &&, to avoid exiting from the if with $? = 1, which
# would make configure fail if this is the last instruction.
$ac_cs_success || { (exit 1); exit 1; }
fi
libnids-1.23/mkinstalldirs 0000700 0000764 0000764 00000001211 07123151340 016420 0 ustar nergal nergal 0000000 0000000 #!/bin/sh
# mkinstalldirs --- make directory hierarchy
# Author: Noah Friedman
# Created: 1993-05-16
# Last modified: 1994-03-25
# Public domain
errstatus=0
for file in ${1+"$@"} ; do
set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
shift
pathcomp=
for d in ${1+"$@"} ; do
pathcomp="$pathcomp$d"
case "$pathcomp" in
-* ) pathcomp=./$pathcomp ;;
esac
if test ! -d "$pathcomp"; then
echo "mkdir $pathcomp" 1>&2
mkdir "$pathcomp" || errstatus=$?
fi
pathcomp="$pathcomp/"
done
done
exit $errstatus
# mkinstalldirs ends here
libnids-1.23/config.guess 0000755 0000764 0000764 00000113716 07530734760 016201 0 ustar nergal nergal 0000000 0000000 #! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
timestamp='2000-12-15'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Written by Per Bothner .
# Please send patches to .
#
# This script attempts to guess a canonical system name similar to
# config.sub. If it succeeds, it prints the system name on stdout, and
# exits with 0. Otherwise, it exits with 1.
#
# The plan is that this can be called by configure scripts if you
# don't specify an explicit build system type.
#
# Only a few systems have been added to this list; please add others
# (but try to keep the structure clean).
#
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
Usage: $0 [OPTION]
Output the configuration name of the system \`$me' is run on.
Operation modes:
-h, --help print this help, then exit
-t, --time-stamp print date of last modification, then exit
-v, --version print version number, then exit
Report bugs and patches to ."
version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright (C) 1992, 93, 94, 95, 96, 97, 98, 99, 2000
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
help="
Try \`$me --help' for more information."
# Parse command line
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
echo "$timestamp" ; exit 0 ;;
--version | -v )
echo "$version" ; exit 0 ;;
--help | --h* | -h )
echo "$usage"; exit 0 ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
break ;;
-* )
echo "$me: invalid option $1$help" >&2
exit 1 ;;
* )
break ;;
esac
done
if test $# != 0; then
echo "$me: too many arguments$help" >&2
exit 1
fi
dummy=dummy-$$
trap 'rm -f $dummy.c $dummy.o $dummy; exit 1' 1 2 15
# CC_FOR_BUILD -- compiler used by this script.
# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
# use `HOST_CC' if defined, but it is deprecated.
case $CC_FOR_BUILD,$HOST_CC,$CC in
,,) echo "int dummy(){}" > $dummy.c
for c in cc gcc c89 ; do
($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1
if test $? = 0 ; then
CC_FOR_BUILD="$c"; break
fi
done
rm -f $dummy.c $dummy.o
if test x"$CC_FOR_BUILD" = x ; then
CC_FOR_BUILD=no_compiler_found
fi
;;
,,*) CC_FOR_BUILD=$CC ;;
,*,*) CC_FOR_BUILD=$HOST_CC ;;
esac
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 8/24/94.)
if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
PATH=$PATH:/.attbin ; export PATH
fi
UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
# Note: order is significant - the case branches are not exclusive.
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:NetBSD:*:*)
# Netbsd (nbsd) targets should (where applicable) match one or
# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
# switched to ELF, *-*-netbsd* would select the old
# object file format. This provides both forward
# compatibility and a consistent mechanism for selecting the
# object file format.
# Determine the machine/vendor (is the vendor relevant).
case "${UNAME_MACHINE}" in
amiga) machine=m68k-unknown ;;
arm32) machine=arm-unknown ;;
atari*) machine=m68k-atari ;;
sun3*) machine=m68k-sun ;;
mac68k) machine=m68k-apple ;;
macppc) machine=powerpc-apple ;;
hp3[0-9][05]) machine=m68k-hp ;;
ibmrt|romp-ibm) machine=romp-ibm ;;
*) machine=${UNAME_MACHINE}-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently, or will in the future.
case "${UNAME_MACHINE}" in
i386|sparc|amiga|arm*|hp300|mvme68k|vax|atari|luna68k|mac68k|news68k|next68k|pc532|sun3*|x68k)
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep __ELF__ >/dev/null
then
# Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
# Return netbsd for either. FIX?
os=netbsd
else
os=netbsdelf
fi
;;
*)
os=netbsd
;;
esac
# The OS release
release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}"
exit 0 ;;
alpha:OSF1:*:*)
if test $UNAME_RELEASE = "V4.0"; then
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
fi
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
cat <$dummy.s
.data
\$Lformat:
.byte 37,100,45,37,120,10,0 # "%d-%x\n"
.text
.globl main
.align 4
.ent main
main:
.frame \$30,16,\$26,0
ldgp \$29,0(\$27)
.prologue 1
.long 0x47e03d80 # implver \$0
lda \$2,-1
.long 0x47e20c21 # amask \$2,\$1
lda \$16,\$Lformat
mov \$0,\$17
not \$1,\$18
jsr \$26,printf
ldgp \$29,0(\$26)
mov 0,\$16
jsr \$26,exit
.end main
EOF
$CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
if test "$?" = 0 ; then
case `./$dummy` in
0-0)
UNAME_MACHINE="alpha"
;;
1-0)
UNAME_MACHINE="alphaev5"
;;
1-1)
UNAME_MACHINE="alphaev56"
;;
1-101)
UNAME_MACHINE="alphapca56"
;;
2-303)
UNAME_MACHINE="alphaev6"
;;
2-307)
UNAME_MACHINE="alphaev67"
;;
esac
fi
rm -f $dummy.s $dummy
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
exit 0 ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
# of the specific Alpha model?
echo alpha-pc-interix
exit 0 ;;
21064:Windows_NT:50:3)
echo alpha-dec-winnt3.5
exit 0 ;;
Amiga*:UNIX_System_V:4.0:*)
echo m68k-unknown-sysv4
exit 0;;
amiga:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
*:[Aa]miga[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-amigaos
exit 0 ;;
arc64:OpenBSD:*:*)
echo mips64el-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
arc:OpenBSD:*:*)
echo mipsel-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
hkmips:OpenBSD:*:*)
echo mips-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
pmax:OpenBSD:*:*)
echo mipsel-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
sgi:OpenBSD:*:*)
echo mips-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
wgrisc:OpenBSD:*:*)
echo mipsel-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
*:OS/390:*:*)
echo i370-ibm-openedition
exit 0 ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
exit 0;;
SR2?01:HI-UX/MPP:*:*)
echo hppa1.1-hitachi-hiuxmpp
exit 0;;
Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
if test "`(/bin/universe) 2>/dev/null`" = att ; then
echo pyramid-pyramid-sysv3
else
echo pyramid-pyramid-bsd
fi
exit 0 ;;
NILE*:*:*:dcosx)
echo pyramid-pyramid-svr4
exit 0 ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
i86pc:SunOS:5.*:*)
echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
# it's likely to be more like Solaris than SunOS4.
echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
sun4*:SunOS:*:*)
case "`/usr/bin/arch -k`" in
Series*|S4*)
UNAME_RELEASE=`uname -v`
;;
esac
# Japanese Language versions have a version number like `4.1.3-JL'.
echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
exit 0 ;;
sun3*:SunOS:*:*)
echo m68k-sun-sunos${UNAME_RELEASE}
exit 0 ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
case "`/bin/arch`" in
sun3)
echo m68k-sun-sunos${UNAME_RELEASE}
;;
sun4)
echo sparc-sun-sunos${UNAME_RELEASE}
;;
esac
exit 0 ;;
aushp:SunOS:*:*)
echo sparc-auspex-sunos${UNAME_RELEASE}
exit 0 ;;
atari*:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
# The situation for MiNT is a little confusing. The machine name
# can be virtually everything (everything which is not
# "atarist" or "atariste" at least should have a processor
# > m68000). The system name ranges from "MiNT" over "FreeMiNT"
# to the lowercase version "mint" (or "freemint"). Finally
# the system name "TOS" denotes a system which is actually not
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
echo m68k-milan-mint${UNAME_RELEASE}
exit 0 ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
echo m68k-hades-mint${UNAME_RELEASE}
exit 0 ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
echo m68k-unknown-mint${UNAME_RELEASE}
exit 0 ;;
sun3*:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
mac68k:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
mvme68k:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
mvme88k:OpenBSD:*:*)
echo m88k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
powerpc:machten:*:*)
echo powerpc-apple-machten${UNAME_RELEASE}
exit 0 ;;
RISC*:Mach:*:*)
echo mips-dec-mach_bsd4.3
exit 0 ;;
RISC*:ULTRIX:*:*)
echo mips-dec-ultrix${UNAME_RELEASE}
exit 0 ;;
VAX*:ULTRIX*:*:*)
echo vax-dec-ultrix${UNAME_RELEASE}
exit 0 ;;
2020:CLIX:*:* | 2430:CLIX:*:*)
echo clipper-intergraph-clix${UNAME_RELEASE}
exit 0 ;;
mips:*:*:UMIPS | mips:*:*:RISCos)
sed 's/^ //' << EOF >$dummy.c
#ifdef __cplusplus
#include /* for printf() prototype */
int main (int argc, char *argv[]) {
#else
int main (argc, argv) int argc; char *argv[]; {
#endif
#if defined (host_mips) && defined (MIPSEB)
#if defined (SYSTYPE_SYSV)
printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
#endif
#if defined (SYSTYPE_SVR4)
printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
#endif
#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
#endif
#endif
exit (-1);
}
EOF
$CC_FOR_BUILD $dummy.c -o $dummy \
&& ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
&& rm $dummy.c $dummy && exit 0
rm -f $dummy.c $dummy
echo mips-mips-riscos${UNAME_RELEASE}
exit 0 ;;
Night_Hawk:Power_UNIX:*:*)
echo powerpc-harris-powerunix
exit 0 ;;
m88k:CX/UX:7*:*)
echo m88k-harris-cxux7
exit 0 ;;
m88k:*:4*:R4*)
echo m88k-motorola-sysv4
exit 0 ;;
m88k:*:3*:R3*)
echo m88k-motorola-sysv3
exit 0 ;;
AViiON:dgux:*:*)
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
[ ${TARGET_BINARY_INTERFACE}x = x ]
then
echo m88k-dg-dgux${UNAME_RELEASE}
else
echo m88k-dg-dguxbcs${UNAME_RELEASE}
fi
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
exit 0 ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
exit 0 ;;
M88*:*:R3*:*)
# Delta 88k system running SVR3
echo m88k-motorola-sysv3
exit 0 ;;
XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
echo m88k-tektronix-sysv3
exit 0 ;;
Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
echo m68k-tektronix-bsd
exit 0 ;;
*:IRIX*:*:*)
echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
exit 0 ;;
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
i?86:AIX:*:*)
echo i386-ibm-aix
exit 0 ;;
*:AIX:2:3)
if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
sed 's/^ //' << EOF >$dummy.c
#include
main()
{
if (!__power_pc())
exit(1);
puts("powerpc-ibm-aix3.2.5");
exit(0);
}
EOF
$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm $dummy.c $dummy && exit 0
rm -f $dummy.c $dummy
echo rs6000-ibm-aix3.2.5
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
echo rs6000-ibm-aix3.2.4
else
echo rs6000-ibm-aix3.2
fi
exit 0 ;;
*:AIX:*:4)
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'`
if /usr/sbin/lsattr -EHl ${IBM_CPU_ID} | grep POWER >/dev/null 2>&1; then
IBM_ARCH=rs6000
else
IBM_ARCH=powerpc
fi
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
else
IBM_REV=4.${UNAME_RELEASE}
fi
echo ${IBM_ARCH}-ibm-aix${IBM_REV}
exit 0 ;;
*:AIX:*:5)
case "`lsattr -El proc0 -a type -F value`" in
PowerPC*) IBM_ARCH=powerpc
IBM_MANUF=ibm ;;
Itanium) IBM_ARCH=ia64
IBM_MANUF=unknown ;;
POWER*) IBM_ARCH=power
IBM_MANUF=ibm ;;
*) IBM_ARCH=powerpc
IBM_MANUF=ibm ;;
esac
echo ${IBM_ARCH}-${IBM_MANUF}-aix${UNAME_VERSION}.${UNAME_RELEASE}
exit 0 ;;
*:AIX:*:*)
echo rs6000-ibm-aix
exit 0 ;;
ibmrt:4.4BSD:*|romp-ibm:BSD:*)
echo romp-ibm-bsd4.4
exit 0 ;;
ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
exit 0 ;; # report: romp-ibm BSD 4.3
*:BOSX:*:*)
echo rs6000-bull-bosx
exit 0 ;;
DPX/2?00:B.O.S.:*:*)
echo m68k-bull-sysv3
exit 0 ;;
9000/[34]??:4.3bsd:1.*:*)
echo m68k-hp-bsd
exit 0 ;;
hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
echo m68k-hp-bsd4.4
exit 0 ;;
9000/[34678]??:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
case "${UNAME_MACHINE}" in
9000/31? ) HP_ARCH=m68000 ;;
9000/[34]?? ) HP_ARCH=m68k ;;
9000/[678][0-9][0-9])
case "${HPUX_REV}" in
11.[0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
32) HP_ARCH="hppa2.0n" ;;
64) HP_ARCH="hppa2.0w" ;;
esac ;;
esac
fi ;;
esac
if [ "${HP_ARCH}" = "" ]; then
sed 's/^ //' << EOF >$dummy.c
#define _HPUX_SOURCE
#include
#include
int main ()
{
#if defined(_SC_KERNEL_BITS)
long bits = sysconf(_SC_KERNEL_BITS);
#endif
long cpu = sysconf (_SC_CPU_VERSION);
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
case CPU_PA_RISC2_0:
#if defined(_SC_KERNEL_BITS)
switch (bits)
{
case 64: puts ("hppa2.0w"); break;
case 32: puts ("hppa2.0n"); break;
default: puts ("hppa2.0"); break;
} break;
#else /* !defined(_SC_KERNEL_BITS) */
puts ("hppa2.0"); break;
#endif
default: puts ("hppa1.0"); break;
}
exit (0);
}
EOF
(CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null ) && HP_ARCH=`./$dummy`
if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
rm -f $dummy.c $dummy
fi ;;
esac
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
exit 0 ;;
3050*:HI-UX:*:*)
sed 's/^ //' << EOF >$dummy.c
#include
int
main ()
{
long cpu = sysconf (_SC_CPU_VERSION);
/* The order matters, because CPU_IS_HP_MC68K erroneously returns
true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
results, however. */
if (CPU_IS_PA_RISC (cpu))
{
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
default: puts ("hppa-hitachi-hiuxwe2"); break;
}
}
else if (CPU_IS_HP_MC68K (cpu))
puts ("m68k-hitachi-hiuxwe2");
else puts ("unknown-hitachi-hiuxwe2");
exit (0);
}
EOF
$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm $dummy.c $dummy && exit 0
rm -f $dummy.c $dummy
echo unknown-hitachi-hiuxwe2
exit 0 ;;
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
echo hppa1.1-hp-bsd
exit 0 ;;
9000/8??:4.3bsd:*:*)
echo hppa1.0-hp-bsd
exit 0 ;;
*9??*:MPE/iX:*:*)
echo hppa1.0-hp-mpeix
exit 0 ;;
hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
echo hppa1.1-hp-osf
exit 0 ;;
hp8??:OSF1:*:*)
echo hppa1.0-hp-osf
exit 0 ;;
i?86:OSF1:*:*)
if [ -x /usr/sbin/sysversion ] ; then
echo ${UNAME_MACHINE}-unknown-osf1mk
else
echo ${UNAME_MACHINE}-unknown-osf1
fi
exit 0 ;;
parisc*:Lites*:*:*)
echo hppa1.1-hp-lites
exit 0 ;;
hppa*:OpenBSD:*:*)
echo hppa-unknown-openbsd
exit 0 ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
exit 0 ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit 0 ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
exit 0 ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
exit 0 ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
exit 0 ;;
CRAY*X-MP:*:*:*)
echo xmp-cray-unicos
exit 0 ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE}
exit 0 ;;
CRAY*[A-Z]90:*:*:*)
echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/
exit 0 ;;
CRAY*TS:*:*:*)
echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*T3D:*:*:*)
echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*T3E:*:*:*)
echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY*SV1:*:*:*)
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
CRAY-2:*:*:*)
echo cray2-cray-unicos
exit 0 ;;
F300:UNIX_System_V:*:*)
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit 0 ;;
F301:UNIX_System_V:*:*)
echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'`
exit 0 ;;
hp300:OpenBSD:*:*)
echo m68k-unknown-openbsd${UNAME_RELEASE}
exit 0 ;;
i?86:BSD/386:*:* | i?86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
exit 0 ;;
sparc*:BSD/OS:*:*)
echo sparc-unknown-bsdi${UNAME_RELEASE}
exit 0 ;;
*:BSD/OS:*:*)
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
exit 0 ;;
*:FreeBSD:*:*)
echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
exit 0 ;;
*:OpenBSD:*:*)
echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
exit 0 ;;
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
exit 0 ;;
i*:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit 0 ;;
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
exit 0 ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
# UNAME_MACHINE based on the output of uname instead of i386?
echo i386-pc-interix
exit 0 ;;
i*:UWIN*:*)
echo ${UNAME_MACHINE}-pc-uwin
exit 0 ;;
p*:CYGWIN*:*)
echo powerpcle-unknown-cygwin
exit 0 ;;
prep*:SunOS:5.*:*)
echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit 0 ;;
*:GNU:*:*)
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
exit 0 ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
exit 0 ;;
*:Linux:*:*)
# The BFD linker knows what the default object file format is, so
# first see if it will tell us. cd to the root directory to prevent
# problems with other programs or directories called `ld' in the path.
ld_supported_emulations=`cd /; ld --help 2>&1 \
| sed -ne '/supported emulations:/!d
s/[ ][ ]*/ /g
s/.*supported emulations: *//
s/ .*//
p'`
case "$ld_supported_emulations" in
*ia64)
echo "${UNAME_MACHINE}-unknown-linux"
exit 0
;;
i?86linux)
echo "${UNAME_MACHINE}-pc-linux-gnuaout"
exit 0
;;
elf_i?86)
TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
;;
i?86coff)
echo "${UNAME_MACHINE}-pc-linux-gnucoff"
exit 0
;;
sparclinux)
echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
exit 0
;;
elf32_sparc)
echo "${UNAME_MACHINE}-unknown-linux-gnu"
exit 0
;;
armlinux)
echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
exit 0
;;
elf32arm*)
echo "${UNAME_MACHINE}-unknown-linux-gnuoldld"
exit 0
;;
armelf_linux*)
echo "${UNAME_MACHINE}-unknown-linux-gnu"
exit 0
;;
m68klinux)
echo "${UNAME_MACHINE}-unknown-linux-gnuaout"
exit 0
;;
elf32ppc | elf32ppclinux)
# Determine Lib Version
cat >$dummy.c <
#if defined(__GLIBC__)
extern char __libc_version[];
extern char __libc_release[];
#endif
main(argc, argv)
int argc;
char *argv[];
{
#if defined(__GLIBC__)
printf("%s %s\n", __libc_version, __libc_release);
#else
printf("unkown\n");
#endif
return 0;
}
EOF
LIBC=""
$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null
if test "$?" = 0 ; then
./$dummy | grep 1\.99 > /dev/null
if test "$?" = 0 ; then
LIBC="libc1"
fi
fi
rm -f $dummy.c $dummy
echo powerpc-unknown-linux-gnu${LIBC}
exit 0
;;
shelf_linux)
echo "${UNAME_MACHINE}-unknown-linux-gnu"
exit 0
;;
esac
if test "${UNAME_MACHINE}" = "alpha" ; then
cat <$dummy.s
.data
\$Lformat:
.byte 37,100,45,37,120,10,0 # "%d-%x\n"
.text
.globl main
.align 4
.ent main
main:
.frame \$30,16,\$26,0
ldgp \$29,0(\$27)
.prologue 1
.long 0x47e03d80 # implver \$0
lda \$2,-1
.long 0x47e20c21 # amask \$2,\$1
lda \$16,\$Lformat
mov \$0,\$17
not \$1,\$18
jsr \$26,printf
ldgp \$29,0(\$26)
mov 0,\$16
jsr \$26,exit
.end main
EOF
LIBC=""
$CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
if test "$?" = 0 ; then
case `./$dummy` in
0-0)
UNAME_MACHINE="alpha"
;;
1-0)
UNAME_MACHINE="alphaev5"
;;
1-1)
UNAME_MACHINE="alphaev56"
;;
1-101)
UNAME_MACHINE="alphapca56"
;;
2-303)
UNAME_MACHINE="alphaev6"
;;
2-307)
UNAME_MACHINE="alphaev67"
;;
esac
objdump --private-headers $dummy | \
grep ld.so.1 > /dev/null
if test "$?" = 0 ; then
LIBC="libc1"
fi
fi
rm -f $dummy.s $dummy
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} ; exit 0
elif test "${UNAME_MACHINE}" = "mips" ; then
cat >$dummy.c < /* for printf() prototype */
int main (int argc, char *argv[]) {
#else
int main (argc, argv) int argc; char *argv[]; {
#endif
#ifdef __MIPSEB__
printf ("%s-unknown-linux-gnu\n", argv[1]);
#endif
#ifdef __MIPSEL__
printf ("%sel-unknown-linux-gnu\n", argv[1]);
#endif
return 0;
}
EOF
$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm $dummy.c $dummy && exit 0
rm -f $dummy.c $dummy
elif test "${UNAME_MACHINE}" = "s390"; then
echo s390-ibm-linux && exit 0
elif test "${UNAME_MACHINE}" = "x86_64"; then
echo x86_64-unknown-linux-gnu && exit 0
elif test "${UNAME_MACHINE}" = "parisc" -o "${UNAME_MACHINE}" = "hppa"; then
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
PA7*)
echo hppa1.1-unknown-linux-gnu
;;
PA8*)
echo hppa2.0-unknown-linux-gnu
;;
*)
echo hppa-unknown-linux-gnu
;;
esac
exit 0
else
# Either a pre-BFD a.out linker (linux-gnuoldld)
# or one that does not give us useful --help.
# GCC wants to distinguish between linux-gnuoldld and linux-gnuaout.
# If ld does not provide *any* "supported emulations:"
# that means it is gnuoldld.
test -z "$ld_supported_emulations" \
&& echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0
case "${UNAME_MACHINE}" in
i?86)
VENDOR=pc;
;;
*)
VENDOR=unknown;
;;
esac
# Determine whether the default compiler is a.out or elf
cat >$dummy.c <
#ifdef __cplusplus
#include /* for printf() prototype */
int main (int argc, char *argv[]) {
#else
int main (argc, argv) int argc; char *argv[]; {
#endif
#ifdef __ELF__
# ifdef __GLIBC__
# if __GLIBC__ >= 2
printf ("%s-${VENDOR}-linux-gnu\n", argv[1]);
# else
printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]);
# endif
# else
printf ("%s-${VENDOR}-linux-gnulibc1\n", argv[1]);
# endif
#else
printf ("%s-${VENDOR}-linux-gnuaout\n", argv[1]);
#endif
return 0;
}
EOF
$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm $dummy.c $dummy && exit 0
rm -f $dummy.c $dummy
test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
fi ;;
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions
# are messed up and put the nodename in both sysname and nodename.
i?86:DYNIX/ptx:4*:*)
echo i386-sequent-sysv4
exit 0 ;;
i?86:UNIX_SV:4.2MP:2.*)
# Unixware is an offshoot of SVR4, but it has its own version
# number series starting with 2...
# I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
# Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
exit 0 ;;
i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*)
UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
else
echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
fi
exit 0 ;;
i?86:*:5:7*)
# Fixed at (any) Pentium or better
UNAME_MACHINE=i586
if [ ${UNAME_SYSTEM} = "UnixWare" ] ; then
echo ${UNAME_MACHINE}-sco-sysv${UNAME_RELEASE}uw${UNAME_VERSION}
else
echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE}
fi
exit 0 ;;
i?86:*:3.2:*)
if test -f /usr/options/cb.name; then
UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then
UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')`
(/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486
(/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
&& UNAME_MACHINE=i586
(/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \
&& UNAME_MACHINE=i686
(/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \
&& UNAME_MACHINE=i686
echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
else
echo ${UNAME_MACHINE}-pc-sysv32
fi
exit 0 ;;
i?86:*DOS:*:*)
echo ${UNAME_MACHINE}-pc-msdosdjgpp
exit 0 ;;
pc:*:*:*)
# Left here for compatibility:
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i386.
echo i386-pc-msdosdjgpp
exit 0 ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
exit 0 ;;
paragon:*:*:*)
echo i860-intel-osf1
exit 0 ;;
i860:*:4.*:*) # i860-SVR4
if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
else # Add other i860-SVR4 vendors below as they are discovered.
echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
fi
exit 0 ;;
mini*:CTIX:SYS*5:*)
# "miniframe"
echo m68010-convergent-sysv
exit 0 ;;
M68*:*:R3V[567]*:*)
test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0)
OS_REL=''
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4.3${OS_REL} && exit 0
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4 && exit 0 ;;
m68*:LynxOS:2.*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
mc68030:UNIX_System_V:4.*:*)
echo m68k-atari-sysv4
exit 0 ;;
i?86:LynxOS:2.*:* | i?86:LynxOS:3.[01]*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
TSUNAMI:LynxOS:2.*:*)
echo sparc-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*)
echo rs6000-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
SM[BE]S:UNIX_SV:*:*)
echo mips-dde-sysv${UNAME_RELEASE}
exit 0 ;;
RM*:ReliantUNIX-*:*:*)
echo mips-sni-sysv4
exit 0 ;;
RM*:SINIX-*:*:*)
echo mips-sni-sysv4
exit 0 ;;
*:SINIX-*:*:*)
if uname -p 2>/dev/null >/dev/null ; then
UNAME_MACHINE=`(uname -p) 2>/dev/null`
echo ${UNAME_MACHINE}-sni-sysv4
else
echo ns32k-sni-sysv
fi
exit 0 ;;
PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
# says
echo i586-unisys-sysv4
exit 0 ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes .
# How about differentiating between stratus architectures? -djm
echo hppa1.1-stratus-sysv4
exit 0 ;;
*:*:*:FTX*)
# From seanf@swdc.stratus.com.
echo i860-stratus-sysv4
exit 0 ;;
mc68*:A/UX:*:*)
echo m68k-apple-aux${UNAME_RELEASE}
exit 0 ;;
news*:NEWS-OS:6*:*)
echo mips-sony-newsos6
exit 0 ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
echo mips-nec-sysv${UNAME_RELEASE}
else
echo mips-unknown-sysv${UNAME_RELEASE}
fi
exit 0 ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
exit 0 ;;
BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
echo powerpc-apple-beos
exit 0 ;;
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
echo i586-pc-beos
exit 0 ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
exit 0 ;;
SX-5:SUPER-UX:*:*)
echo sx5-nec-superux${UNAME_RELEASE}
exit 0 ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit 0 ;;
*:Rhapsody:*:*)
echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
exit 0 ;;
*:Darwin:*:*)
echo `uname -p`-apple-darwin${UNAME_RELEASE}
exit 0 ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
if test "${UNAME_MACHINE}" = "x86pc"; then
UNAME_MACHINE=pc
fi
echo `uname -p`-${UNAME_MACHINE}-nto-qnx
exit 0 ;;
*:QNX:*:4*)
echo i386-pc-qnx
exit 0 ;;
NSR-[KW]:NONSTOP_KERNEL:*:*)
echo nsr-tandem-nsk${UNAME_RELEASE}
exit 0 ;;
*:NonStop-UX:*:*)
echo mips-compaq-nonstopux
exit 0 ;;
BS2000:POSIX*:*:*)
echo bs2000-siemens-sysv
exit 0 ;;
DS/*:UNIX_System_V:*:*)
echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
exit 0 ;;
*:Plan9:*:*)
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
if test "$cputype" = "386"; then
UNAME_MACHINE=i386
else
UNAME_MACHINE="$cputype"
fi
echo ${UNAME_MACHINE}-unknown-plan9
exit 0 ;;
i?86:OS/2:*:*)
# If we were able to find `uname', then EMX Unix compatibility
# is probably installed.
echo ${UNAME_MACHINE}-pc-os2-emx
exit 0 ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
cat >$dummy.c <
# include
#endif
main ()
{
#if defined (sony)
#if defined (MIPSEB)
/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
I don't know.... */
printf ("mips-sony-bsd\n"); exit (0);
#else
#include
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
"4"
#else
""
#endif
); exit (0);
#endif
#endif
#if defined (__arm) && defined (__acorn) && defined (__unix)
printf ("arm-acorn-riscix"); exit (0);
#endif
#if defined (hp300) && !defined (hpux)
printf ("m68k-hp-bsd\n"); exit (0);
#endif
#if defined (NeXT)
#if !defined (__ARCHITECTURE__)
#define __ARCHITECTURE__ "m68k"
#endif
int version;
version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
if (version < 4)
printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
else
printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
exit (0);
#endif
#if defined (MULTIMAX) || defined (n16)
#if defined (UMAXV)
printf ("ns32k-encore-sysv\n"); exit (0);
#else
#if defined (CMU)
printf ("ns32k-encore-mach\n"); exit (0);
#else
printf ("ns32k-encore-bsd\n"); exit (0);
#endif
#endif
#endif
#if defined (__386BSD__)
printf ("i386-pc-bsd\n"); exit (0);
#endif
#if defined (sequent)
#if defined (i386)
printf ("i386-sequent-dynix\n"); exit (0);
#endif
#if defined (ns32000)
printf ("ns32k-sequent-dynix\n"); exit (0);
#endif
#endif
#if defined (_SEQUENT_)
struct utsname un;
uname(&un);
if (strncmp(un.version, "V2", 2) == 0) {
printf ("i386-sequent-ptx2\n"); exit (0);
}
if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
printf ("i386-sequent-ptx1\n"); exit (0);
}
printf ("i386-sequent-ptx\n"); exit (0);
#endif
#if defined (vax)
#if !defined (ultrix)
printf ("vax-dec-bsd\n"); exit (0);
#else
printf ("vax-dec-ultrix\n"); exit (0);
#endif
#endif
#if defined (alliant) && defined (i860)
printf ("i860-alliant-bsd\n"); exit (0);
#endif
exit (1);
}
EOF
$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm $dummy.c $dummy && exit 0
rm -f $dummy.c $dummy
# Apollos put the system type in the environment.
test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
# Convex versions that predate uname can use getsysinfo(1)
if [ -x /usr/convex/getsysinfo ]
then
case `getsysinfo -f cpu_type` in
c1*)
echo c1-convex-bsd
exit 0 ;;
c2*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit 0 ;;
c34*)
echo c34-convex-bsd
exit 0 ;;
c38*)
echo c38-convex-bsd
exit 0 ;;
c4*)
echo c4-convex-bsd
exit 0 ;;
esac
fi
cat >&2 < in order to provide the needed
information to handle your system.
config.guess version = $version
uname -m = `(uname -m) 2>/dev/null || echo unknown`
uname -r = `(uname -r) 2>/dev/null || echo unknown`
uname -s = `(uname -s) 2>/dev/null || echo unknown`
uname -v = `(uname -v) 2>/dev/null || echo unknown`
/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
hostinfo = `(hostinfo) 2>/dev/null`
/bin/universe = `(/bin/universe) 2>/dev/null`
/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
/bin/arch = `(/bin/arch) 2>/dev/null`
/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
UNAME_MACHINE = ${UNAME_MACHINE}
UNAME_RELEASE = ${UNAME_RELEASE}
UNAME_SYSTEM = ${UNAME_SYSTEM}
UNAME_VERSION = ${UNAME_VERSION}
EOF
exit 1
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
# End:
libnids-1.23/config.sub 0000755 0000764 0000764 00000065016 07530734764 015647 0 ustar nergal nergal 0000000 0000000 #! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
timestamp='2000-12-15'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
# can handle that machine. It does not imply ALL GNU software can.
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Please send patches to .
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
# If it is invalid, we print an error message on stderr and exit with code 1.
# Otherwise, we print the canonical config type on stdout and succeed.
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
# that are meaningful with *any* GNU software.
# Each package is responsible for reporting which valid configurations
# it does not support. The user should be able to distinguish
# a failure to support a valid configuration from a meaningless
# configuration.
# The goal of this file is to map all the various variations of a given
# machine specification into a single specification in the form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
# or in some cases, the newer four-part form:
# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
# It is wrong to echo any other type of specification.
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
Usage: $0 [OPTION] CPU-MFR-OPSYS
$0 [OPTION] ALIAS
Canonicalize a configuration name.
Operation modes:
-h, --help print this help, then exit
-t, --time-stamp print date of last modification, then exit
-v, --version print version number, then exit
Report bugs and patches to ."
version="\
GNU config.sub ($timestamp)
Copyright (C) 1992, 93, 94, 95, 96, 97, 98, 99, 2000
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
help="
Try \`$me --help' for more information."
# Parse command line
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
echo "$timestamp" ; exit 0 ;;
--version | -v )
echo "$version" ; exit 0 ;;
--help | --h* | -h )
echo "$usage"; exit 0 ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
break ;;
-* )
echo "$me: invalid option $1$help"
exit 1 ;;
*local*)
# First pass through any local machine types.
echo $1
exit 0;;
* )
break ;;
esac
done
case $# in
0) echo "$me: missing argument$help" >&2
exit 1;;
1) ;;
*) echo "$me: too many arguments$help" >&2
exit 1;;
esac
# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | storm-chaos*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
*)
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
if [ $basic_machine != $1 ]
then os=`echo $1 | sed 's/.*-/-/'`
else os=; fi
;;
esac
### Let's recognize common machines as not being operating systems so
### that things like config.sub decstation-3100 work. We also
### recognize some manufacturers as not being operating systems, so we
### can provide default operating systems below.
case $os in
-sun*os*)
# Prevent following clause from handling this invalid input.
;;
-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-apple | -axis)
os=
basic_machine=$1
;;
-sim | -cisco | -oki | -wec | -winbond)
os=
basic_machine=$1
;;
-scout)
;;
-wrs)
os=-vxworks
basic_machine=$1
;;
-hiux*)
os=-hiuxwe2
;;
-sco5)
os=-sco3.2v5
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco4)
os=-sco3.2v4
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco3.2.[4-9]*)
os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco3.2v[4-9]*)
# Don't forget version if it is 3.2v4 or newer.
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco*)
os=-sco3.2v2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-udk*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-isc)
os=-isc2.2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-clix*)
basic_machine=clipper-intergraph
;;
-isc*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-lynx*)
os=-lynxos
;;
-ptx*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
;;
-windowsnt*)
os=`echo $os | sed -e 's/windowsnt/winnt/'`
;;
-psos*)
os=-psos
;;
-mint | -mint[0-9]*)
basic_machine=m68k-atari
os=-mint
;;
esac
# Decode aliases for certain CPU-COMPANY combinations.
case $basic_machine in
# Recognize the basic CPU types without company name.
# Some are omitted here because they have special meanings below.
tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc \
| arm | arme[lb] | arm[bl]e | armv[2345] | armv[345][lb] | strongarm | xscale \
| pyramid | mn10200 | mn10300 | tron | a29k \
| 580 | i960 | h8300 \
| x86 | ppcbe | mipsbe | mipsle | shbe | shle \
| hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \
| hppa64 \
| alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \
| alphaev6[78] \
| we32k | ns16k | clipper | i370 | sh | sh[34] \
| powerpc | powerpcle \
| 1750a | dsp16xx | pdp11 | mips16 | mips64 | mipsel | mips64el \
| mips64orion | mips64orionel | mipstx39 | mipstx39el \
| mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \
| mips64vr5000 | miprs64vr5000el | mcore \
| sparc | sparclet | sparclite | sparc64 | sparcv9 | v850 | c4x \
| thumb | d10v | d30v | fr30 | avr)
basic_machine=$basic_machine-unknown
;;
m6811 | m68hc11 | m6812 | m68hc12)
# Motorola 68HC11/12.
basic_machine=$basic_machine-unknown
os=-none
;;
m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | z8k | v70 | h8500 | w65 | pj | pjl)
;;
# We use `pc' rather than `unknown'
# because (1) that's what they normally are, and
# (2) the word "unknown" tends to confuse beginning users.
i[234567]86 | x86_64)
basic_machine=$basic_machine-pc
;;
# Object if more than one company name word.
*-*-*)
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
exit 1
;;
# Recognize the basic CPU types with company name.
# FIXME: clean up the formatting here.
vax-* | tahoe-* | i[234567]86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \
| m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | c[123]* \
| arm-* | armbe-* | armle-* | armv*-* | strongarm-* | xscale-* \
| mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \
| power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \
| xmp-* | ymp-* \
| x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* \
| hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \
| hppa2.0n-* | hppa64-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \
| alphaev6[78]-* \
| we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \
| clipper-* | orion-* \
| sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \
| sparc64-* | sparcv9-* | sparc86x-* | mips16-* | mips64-* | mipsel-* \
| mips64el-* | mips64orion-* | mips64orionel-* \
| mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \
| mipstx39-* | mipstx39el-* | mcore-* \
| f30[01]-* | s390-* | sv1-* | t3e-* \
| m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \
| thumb-* | v850-* | d30v-* | tic30-* | c30-* | fr30-* \
| bs2000-* | tic54x-* | c54x-* | x86_64-*)
;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
386bsd)
basic_machine=i386-unknown
os=-bsd
;;
3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
basic_machine=m68000-att
;;
3b*)
basic_machine=we32k-att
;;
a29khif)
basic_machine=a29k-amd
os=-udi
;;
adobe68k)
basic_machine=m68010-adobe
os=-scout
;;
alliant | fx80)
basic_machine=fx80-alliant
;;
altos | altos3068)
basic_machine=m68k-altos
;;
am29k)
basic_machine=a29k-none
os=-bsd
;;
amdahl)
basic_machine=580-amdahl
os=-sysv
;;
amiga | amiga-*)
basic_machine=m68k-unknown
;;
amigaos | amigados)
basic_machine=m68k-unknown
os=-amigaos
;;
amigaunix | amix)
basic_machine=m68k-unknown
os=-sysv4
;;
apollo68)
basic_machine=m68k-apollo
os=-sysv
;;
apollo68bsd)
basic_machine=m68k-apollo
os=-bsd
;;
aux)
basic_machine=m68k-apple
os=-aux
;;
balance)
basic_machine=ns32k-sequent
os=-dynix
;;
convex-c1)
basic_machine=c1-convex
os=-bsd
;;
convex-c2)
basic_machine=c2-convex
os=-bsd
;;
convex-c32)
basic_machine=c32-convex
os=-bsd
;;
convex-c34)
basic_machine=c34-convex
os=-bsd
;;
convex-c38)
basic_machine=c38-convex
os=-bsd
;;
cray | ymp)
basic_machine=ymp-cray
os=-unicos
;;
cray2)
basic_machine=cray2-cray
os=-unicos
;;
[ctj]90-cray)
basic_machine=c90-cray
os=-unicos
;;
crds | unos)
basic_machine=m68k-crds
;;
cris | cris-* | etrax*)
basic_machine=cris-axis
;;
da30 | da30-*)
basic_machine=m68k-da30
;;
decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
basic_machine=mips-dec
;;
delta | 3300 | motorola-3300 | motorola-delta \
| 3300-motorola | delta-motorola)
basic_machine=m68k-motorola
;;
delta88)
basic_machine=m88k-motorola
os=-sysv3
;;
dpx20 | dpx20-*)
basic_machine=rs6000-bull
os=-bosx
;;
dpx2* | dpx2*-bull)
basic_machine=m68k-bull
os=-sysv3
;;
ebmon29k)
basic_machine=a29k-amd
os=-ebmon
;;
elxsi)
basic_machine=elxsi-elxsi
os=-bsd
;;
encore | umax | mmax)
basic_machine=ns32k-encore
;;
es1800 | OSE68k | ose68k | ose | OSE)
basic_machine=m68k-ericsson
os=-ose
;;
fx2800)
basic_machine=i860-alliant
;;
genix)
basic_machine=ns32k-ns
;;
gmicro)
basic_machine=tron-gmicro
os=-sysv
;;
h3050r* | hiux*)
basic_machine=hppa1.1-hitachi
os=-hiuxwe2
;;
h8300hms)
basic_machine=h8300-hitachi
os=-hms
;;
h8300xray)
basic_machine=h8300-hitachi
os=-xray
;;
h8500hms)
basic_machine=h8500-hitachi
os=-hms
;;
harris)
basic_machine=m88k-harris
os=-sysv3
;;
hp300-*)
basic_machine=m68k-hp
;;
hp300bsd)
basic_machine=m68k-hp
os=-bsd
;;
hp300hpux)
basic_machine=m68k-hp
os=-hpux
;;
hp3k9[0-9][0-9] | hp9[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hp9k2[0-9][0-9] | hp9k31[0-9])
basic_machine=m68000-hp
;;
hp9k3[2-9][0-9])
basic_machine=m68k-hp
;;
hp9k6[0-9][0-9] | hp6[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hp9k7[0-79][0-9] | hp7[0-79][0-9])
basic_machine=hppa1.1-hp
;;
hp9k78[0-9] | hp78[0-9])
# FIXME: really hppa2.0-hp
basic_machine=hppa1.1-hp
;;
hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
# FIXME: really hppa2.0-hp
basic_machine=hppa1.1-hp
;;
hp9k8[0-9][13679] | hp8[0-9][13679])
basic_machine=hppa1.1-hp
;;
hp9k8[0-9][0-9] | hp8[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hppa-next)
os=-nextstep3
;;
hppaosf)
basic_machine=hppa1.1-hp
os=-osf
;;
hppro)
basic_machine=hppa1.1-hp
os=-proelf
;;
i370-ibm* | ibm*)
basic_machine=i370-ibm
;;
# I'm not sure what "Sysv32" means. Should this be sysv3.2?
i[34567]86v32)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv32
;;
i[34567]86v4*)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv4
;;
i[34567]86v)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv
;;
i[34567]86sol2)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-solaris2
;;
i386mach)
basic_machine=i386-mach
os=-mach
;;
i386-vsta | vsta)
basic_machine=i386-unknown
os=-vsta
;;
i386-go32 | go32)
basic_machine=i386-unknown
os=-go32
;;
i386-mingw32 | mingw32)
basic_machine=i386-unknown
os=-mingw32
;;
i[34567]86-pw32 | pw32)
basic_machine=i586-unknown
os=-pw32
;;
iris | iris4d)
basic_machine=mips-sgi
case $os in
-irix*)
;;
*)
os=-irix4
;;
esac
;;
isi68 | isi)
basic_machine=m68k-isi
os=-sysv
;;
m88k-omron*)
basic_machine=m88k-omron
;;
magnum | m3230)
basic_machine=mips-mips
os=-sysv
;;
merlin)
basic_machine=ns32k-utek
os=-sysv
;;
miniframe)
basic_machine=m68000-convergent
;;
*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
basic_machine=m68k-atari
os=-mint
;;
mipsel*-linux*)
basic_machine=mipsel-unknown
os=-linux-gnu
;;
mips*-linux*)
basic_machine=mips-unknown
os=-linux-gnu
;;
mips3*-*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
;;
mips3*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
;;
mmix*)
basic_machine=mmix-knuth
os=-mmixware
;;
monitor)
basic_machine=m68k-rom68k
os=-coff
;;
msdos)
basic_machine=i386-unknown
os=-msdos
;;
mvs)
basic_machine=i370-ibm
os=-mvs
;;
ncr3000)
basic_machine=i486-ncr
os=-sysv4
;;
netbsd386)
basic_machine=i386-unknown
os=-netbsd
;;
netwinder)
basic_machine=armv4l-rebel
os=-linux
;;
news | news700 | news800 | news900)
basic_machine=m68k-sony
os=-newsos
;;
news1000)
basic_machine=m68030-sony
os=-newsos
;;
news-3600 | risc-news)
basic_machine=mips-sony
os=-newsos
;;
necv70)
basic_machine=v70-nec
os=-sysv
;;
next | m*-next )
basic_machine=m68k-next
case $os in
-nextstep* )
;;
-ns2*)
os=-nextstep2
;;
*)
os=-nextstep3
;;
esac
;;
nh3000)
basic_machine=m68k-harris
os=-cxux
;;
nh[45]000)
basic_machine=m88k-harris
os=-cxux
;;
nindy960)
basic_machine=i960-intel
os=-nindy
;;
mon960)
basic_machine=i960-intel
os=-mon960
;;
nonstopux)
basic_machine=mips-compaq
os=-nonstopux
;;
np1)
basic_machine=np1-gould
;;
nsr-tandem)
basic_machine=nsr-tandem
;;
op50n-* | op60c-*)
basic_machine=hppa1.1-oki
os=-proelf
;;
OSE68000 | ose68000)
basic_machine=m68000-ericsson
os=-ose
;;
os68k)
basic_machine=m68k-none
os=-os68k
;;
pa-hitachi)
basic_machine=hppa1.1-hitachi
os=-hiuxwe2
;;
paragon)
basic_machine=i860-intel
os=-osf
;;
pbd)
basic_machine=sparc-tti
;;
pbb)
basic_machine=m68k-tti
;;
pc532 | pc532-*)
basic_machine=ns32k-pc532
;;
pentium | p5 | k5 | k6 | nexgen)
basic_machine=i586-pc
;;
pentiumpro | p6 | 6x86 | athlon)
basic_machine=i686-pc
;;
pentiumii | pentium2)
basic_machine=i686-pc
;;
pentium-* | p5-* | k5-* | k6-* | nexgen-*)
basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumpro-* | p6-* | 6x86-* | athlon-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumii-* | pentium2-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pn)
basic_machine=pn-gould
;;
power) basic_machine=power-ibm
;;
ppc) basic_machine=powerpc-unknown
;;
ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
basic_machine=powerpcle-unknown
;;
ppcle-* | powerpclittle-*)
basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ps2)
basic_machine=i386-ibm
;;
rom68k)
basic_machine=m68k-rom68k
os=-coff
;;
rm[46]00)
basic_machine=mips-siemens
;;
rtpc | rtpc-*)
basic_machine=romp-ibm
;;
sa29200)
basic_machine=a29k-amd
os=-udi
;;
sequent)
basic_machine=i386-sequent
;;
sh)
basic_machine=sh-hitachi
os=-hms
;;
sparclite-wrs)
basic_machine=sparclite-wrs
os=-vxworks
;;
sps7)
basic_machine=m68k-bull
os=-sysv2
;;
spur)
basic_machine=spur-unknown
;;
st2000)
basic_machine=m68k-tandem
;;
stratus)
basic_machine=i860-stratus
os=-sysv4
;;
sun2)
basic_machine=m68000-sun
;;
sun2os3)
basic_machine=m68000-sun
os=-sunos3
;;
sun2os4)
basic_machine=m68000-sun
os=-sunos4
;;
sun3os3)
basic_machine=m68k-sun
os=-sunos3
;;
sun3os4)
basic_machine=m68k-sun
os=-sunos4
;;
sun4os3)
basic_machine=sparc-sun
os=-sunos3
;;
sun4os4)
basic_machine=sparc-sun
os=-sunos4
;;
sun4sol2)
basic_machine=sparc-sun
os=-solaris2
;;
sun3 | sun3-*)
basic_machine=m68k-sun
;;
sun4)
basic_machine=sparc-sun
;;
sun386 | sun386i | roadrunner)
basic_machine=i386-sun
;;
sv1)
basic_machine=sv1-cray
os=-unicos
;;
symmetry)
basic_machine=i386-sequent
os=-dynix
;;
t3e)
basic_machine=t3e-cray
os=-unicos
;;
tic54x | c54x*)
basic_machine=tic54x-unknown
os=-coff
;;
tx39)
basic_machine=mipstx39-unknown
;;
tx39el)
basic_machine=mipstx39el-unknown
;;
tower | tower-32)
basic_machine=m68k-ncr
;;
udi29k)
basic_machine=a29k-amd
os=-udi
;;
ultra3)
basic_machine=a29k-nyu
os=-sym1
;;
v810 | necv810)
basic_machine=v810-nec
os=-none
;;
vaxv)
basic_machine=vax-dec
os=-sysv
;;
vms)
basic_machine=vax-dec
os=-vms
;;
vpp*|vx|vx-*)
basic_machine=f301-fujitsu
;;
vxworks960)
basic_machine=i960-wrs
os=-vxworks
;;
vxworks68)
basic_machine=m68k-wrs
os=-vxworks
;;
vxworks29k)
basic_machine=a29k-wrs
os=-vxworks
;;
w65*)
basic_machine=w65-wdc
os=-none
;;
w89k-*)
basic_machine=hppa1.1-winbond
os=-proelf
;;
xmp)
basic_machine=xmp-cray
os=-unicos
;;
xps | xps100)
basic_machine=xps100-honeywell
;;
z8k-*-coff)
basic_machine=z8k-unknown
os=-sim
;;
none)
basic_machine=none-none
os=-none
;;
# Here we handle the default manufacturer of certain CPU types. It is in
# some cases the only manufacturer, in others, it is the most popular.
w89k)
basic_machine=hppa1.1-winbond
;;
op50n)
basic_machine=hppa1.1-oki
;;
op60c)
basic_machine=hppa1.1-oki
;;
mips)
if [ x$os = x-linux-gnu ]; then
basic_machine=mips-unknown
else
basic_machine=mips-mips
fi
;;
romp)
basic_machine=romp-ibm
;;
rs6000)
basic_machine=rs6000-ibm
;;
vax)
basic_machine=vax-dec
;;
pdp11)
basic_machine=pdp11-dec
;;
we32k)
basic_machine=we32k-att
;;
sh3 | sh4)
basic_machine=sh-unknown
;;
sparc | sparcv9)
basic_machine=sparc-sun
;;
cydra)
basic_machine=cydra-cydrome
;;
orion)
basic_machine=orion-highlevel
;;
orion105)
basic_machine=clipper-highlevel
;;
mac | mpw | mac-mpw)
basic_machine=m68k-apple
;;
pmac | pmac-mpw)
basic_machine=powerpc-apple
;;
c4x*)
basic_machine=c4x-none
os=-coff
;;
*)
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
exit 1
;;
esac
# Here we canonicalize certain aliases for manufacturers.
case $basic_machine in
*-digital*)
basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
;;
*-commodore*)
basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
;;
*)
;;
esac
# Decode manufacturer-specific aliases for certain operating systems.
if [ x"$os" != x"" ]
then
case $os in
# First match some system type aliases
# that might get confused with valid system types.
# -solaris* is a basic system type, with this one exception.
-solaris1 | -solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'`
;;
-solaris)
os=-solaris2
;;
-svr4*)
os=-sysv4
;;
-unixware*)
os=-sysv4.2uw
;;
-gnu/linux*)
os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
;;
# First accept the basic system types.
# The portable systems comes first.
# Each alternative MUST END IN A *, to match a version number.
# -sysv* is not here because it comes later, after sysvr4.
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* | -storm-chaos*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
case $basic_machine in
x86-* | i[34567]86-*)
;;
*)
os=-nto$os
;;
esac
;;
-nto*)
os=-nto-qnx
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
| -windows* | -osx | -abug | -netware* | -os9* | -beos* \
| -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
;;
-mac*)
os=`echo $os | sed -e 's|mac|macos|'`
;;
-linux*)
os=`echo $os | sed -e 's|linux|linux-gnu|'`
;;
-sunos5*)
os=`echo $os | sed -e 's|sunos5|solaris2|'`
;;
-sunos6*)
os=`echo $os | sed -e 's|sunos6|solaris3|'`
;;
-opened*)
os=-openedition
;;
-wince*)
os=-wince
;;
-osfrose*)
os=-osfrose
;;
-osf*)
os=-osf
;;
-utek*)
os=-bsd
;;
-dynix*)
os=-bsd
;;
-acis*)
os=-aos
;;
-386bsd)
os=-bsd
;;
-ctix* | -uts*)
os=-sysv
;;
-ns2 )
os=-nextstep2
;;
-nsk*)
os=-nsk
;;
# Preserve the version number of sinix5.
-sinix5.*)
os=`echo $os | sed -e 's|sinix|sysv|'`
;;
-sinix*)
os=-sysv4
;;
-triton*)
os=-sysv3
;;
-oss*)
os=-sysv3
;;
-svr4)
os=-sysv4
;;
-svr3)
os=-sysv3
;;
-sysvr4)
os=-sysv4
;;
# This must come after -sysvr4.
-sysv*)
;;
-ose*)
os=-ose
;;
-es1800*)
os=-ose
;;
-xenix)
os=-xenix
;;
-*mint | -*MiNT)
os=-mint
;;
-none)
;;
*)
# Get rid of the `-' at the beginning of $os.
os=`echo $os | sed 's/[^-]*-//'`
echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
exit 1
;;
esac
else
# Here we handle the default operating systems that come with various machines.
# The value should be what the vendor currently ships out the door with their
# machine or put another way, the most popular os provided with the machine.
# Note that if you're going to try to match "-MANUFACTURER" here (say,
# "-sun"), then you have to tell the case statement up towards the top
# that MANUFACTURER isn't an operating system. Otherwise, code above
# will signal an error saying that MANUFACTURER isn't an operating
# system, and we'll never get to this point.
case $basic_machine in
*-acorn)
os=-riscix1.2
;;
arm*-rebel)
os=-linux
;;
arm*-semi)
os=-aout
;;
pdp11-*)
os=-none
;;
*-dec | vax-*)
os=-ultrix4.2
;;
m68*-apollo)
os=-domain
;;
i386-sun)
os=-sunos4.0.2
;;
m68000-sun)
os=-sunos3
# This also exists in the configure program, but was not the
# default.
# os=-sunos4
;;
m68*-cisco)
os=-aout
;;
mips*-cisco)
os=-elf
;;
mips*-*)
os=-elf
;;
*-tti) # must be before sparc entry or we get the wrong os.
os=-sysv3
;;
sparc-* | *-sun)
os=-sunos4.1.1
;;
*-be)
os=-beos
;;
*-ibm)
os=-aix
;;
*-wec)
os=-proelf
;;
*-winbond)
os=-proelf
;;
*-oki)
os=-proelf
;;
*-hp)
os=-hpux
;;
*-hitachi)
os=-hiux
;;
i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
os=-sysv
;;
*-cbm)
os=-amigaos
;;
*-dg)
os=-dgux
;;
*-dolphin)
os=-sysv3
;;
m68k-ccur)
os=-rtu
;;
m88k-omron*)
os=-luna
;;
*-next )
os=-nextstep
;;
*-sequent)
os=-ptx
;;
*-crds)
os=-unos
;;
*-ns)
os=-genix
;;
i370-*)
os=-mvs
;;
*-next)
os=-nextstep3
;;
*-gould)
os=-sysv
;;
*-highlevel)
os=-bsd
;;
*-encore)
os=-bsd
;;
*-sgi)
os=-irix
;;
*-siemens)
os=-sysv4
;;
*-masscomp)
os=-rtu
;;
f30[01]-fujitsu)
os=-uxpv
;;
*-rom68k)
os=-coff
;;
*-*bug)
os=-coff
;;
*-apple)
os=-macos
;;
*-atari*)
os=-mint
;;
*)
os=-none
;;
esac
fi
# Here we handle the case where we know the os, and the CPU type, but not the
# manufacturer. We pick the logical manufacturer.
vendor=unknown
case $basic_machine in
*-unknown)
case $os in
-riscix*)
vendor=acorn
;;
-sunos*)
vendor=sun
;;
-aix*)
vendor=ibm
;;
-beos*)
vendor=be
;;
-hpux*)
vendor=hp
;;
-mpeix*)
vendor=hp
;;
-hiux*)
vendor=hitachi
;;
-unos*)
vendor=crds
;;
-dgux*)
vendor=dg
;;
-luna*)
vendor=omron
;;
-genix*)
vendor=ns
;;
-mvs* | -opened*)
vendor=ibm
;;
-ptx*)
vendor=sequent
;;
-vxsim* | -vxworks*)
vendor=wrs
;;
-aux*)
vendor=apple
;;
-hms*)
vendor=hitachi
;;
-mpw* | -macos*)
vendor=apple
;;
-*mint | -*MiNT)
vendor=atari
;;
esac
basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
;;
esac
echo $basic_machine$os
exit 0
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
# End:
libnids-1.23/aclocal.m4 0000664 0000764 0000764 00000110665 10425441013 015502 0 ustar nergal nergal 0000000 0000000 dnl aclocal.m4 generated automatically by aclocal 1.4-p6
dnl Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl This program is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without
dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A
dnl PARTICULAR PURPOSE.
# lib-prefix.m4 serial 4 (gettext-0.14.2)
dnl Copyright (C) 2001-2005 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl From Bruno Haible.
dnl AC_LIB_ARG_WITH is synonymous to AC_ARG_WITH in autoconf-2.13, and
dnl similar to AC_ARG_WITH in autoconf 2.52...2.57 except that is doesn't
dnl require excessive bracketing.
ifdef([AC_HELP_STRING],
[AC_DEFUN([AC_LIB_ARG_WITH], [AC_ARG_WITH([$1],[[$2]],[$3],[$4])])],
[AC_DEFUN([AC_][LIB_ARG_WITH], [AC_ARG_WITH([$1],[$2],[$3],[$4])])])
dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed
dnl to access previously installed libraries. The basic assumption is that
dnl a user will want packages to use other packages he previously installed
dnl with the same --prefix option.
dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate
dnl libraries, but is otherwise very convenient.
AC_DEFUN([AC_LIB_PREFIX],
[
AC_BEFORE([$0], [AC_LIB_LINKFLAGS])
AC_REQUIRE([AC_PROG_CC])
AC_REQUIRE([AC_CANONICAL_HOST])
AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
dnl By default, look in $includedir and $libdir.
use_additional=yes
AC_LIB_WITH_FINAL_PREFIX([
eval additional_includedir=\"$includedir\"
eval additional_libdir=\"$libdir\"
])
AC_LIB_ARG_WITH([lib-prefix],
[ --with-lib-prefix[=DIR] search for libraries in DIR/include and DIR/lib
--without-lib-prefix don't search for libraries in includedir and libdir],
[
if test "X$withval" = "Xno"; then
use_additional=no
else
if test "X$withval" = "X"; then
AC_LIB_WITH_FINAL_PREFIX([
eval additional_includedir=\"$includedir\"
eval additional_libdir=\"$libdir\"
])
else
additional_includedir="$withval/include"
additional_libdir="$withval/lib"
fi
fi
])
if test $use_additional = yes; then
dnl Potentially add $additional_includedir to $CPPFLAGS.
dnl But don't add it
dnl 1. if it's the standard /usr/include,
dnl 2. if it's already present in $CPPFLAGS,
dnl 3. if it's /usr/local/include and we are using GCC on Linux,
dnl 4. if it doesn't exist as a directory.
if test "X$additional_includedir" != "X/usr/include"; then
haveit=
for x in $CPPFLAGS; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-I$additional_includedir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
if test "X$additional_includedir" = "X/usr/local/include"; then
if test -n "$GCC"; then
case $host_os in
linux* | gnu* | k*bsd*-gnu) haveit=yes;;
esac
fi
fi
if test -z "$haveit"; then
if test -d "$additional_includedir"; then
dnl Really add $additional_includedir to $CPPFLAGS.
CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir"
fi
fi
fi
fi
dnl Potentially add $additional_libdir to $LDFLAGS.
dnl But don't add it
dnl 1. if it's the standard /usr/lib,
dnl 2. if it's already present in $LDFLAGS,
dnl 3. if it's /usr/local/lib and we are using GCC on Linux,
dnl 4. if it doesn't exist as a directory.
if test "X$additional_libdir" != "X/usr/lib"; then
haveit=
for x in $LDFLAGS; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-L$additional_libdir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
if test "X$additional_libdir" = "X/usr/local/lib"; then
if test -n "$GCC"; then
case $host_os in
linux*) haveit=yes;;
esac
fi
fi
if test -z "$haveit"; then
if test -d "$additional_libdir"; then
dnl Really add $additional_libdir to $LDFLAGS.
LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir"
fi
fi
fi
fi
fi
])
dnl AC_LIB_PREPARE_PREFIX creates variables acl_final_prefix,
dnl acl_final_exec_prefix, containing the values to which $prefix and
dnl $exec_prefix will expand at the end of the configure script.
AC_DEFUN([AC_LIB_PREPARE_PREFIX],
[
dnl Unfortunately, prefix and exec_prefix get only finally determined
dnl at the end of configure.
if test "X$prefix" = "XNONE"; then
acl_final_prefix="$ac_default_prefix"
else
acl_final_prefix="$prefix"
fi
if test "X$exec_prefix" = "XNONE"; then
acl_final_exec_prefix='${prefix}'
else
acl_final_exec_prefix="$exec_prefix"
fi
acl_save_prefix="$prefix"
prefix="$acl_final_prefix"
eval acl_final_exec_prefix=\"$acl_final_exec_prefix\"
prefix="$acl_save_prefix"
])
dnl AC_LIB_WITH_FINAL_PREFIX([statement]) evaluates statement, with the
dnl variables prefix and exec_prefix bound to the values they will have
dnl at the end of the configure script.
AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX],
[
acl_save_prefix="$prefix"
prefix="$acl_final_prefix"
acl_save_exec_prefix="$exec_prefix"
exec_prefix="$acl_final_exec_prefix"
$1
exec_prefix="$acl_save_exec_prefix"
prefix="$acl_save_prefix"
])
# lib-link.m4 serial 6 (gettext-0.14.3)
dnl Copyright (C) 2001-2005 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl From Bruno Haible.
AC_PREREQ(2.50)
dnl AC_LIB_LINKFLAGS(name [, dependencies]) searches for libname and
dnl the libraries corresponding to explicit and implicit dependencies.
dnl Sets and AC_SUBSTs the LIB${NAME} and LTLIB${NAME} variables and
dnl augments the CPPFLAGS variable.
AC_DEFUN([AC_LIB_LINKFLAGS],
[
AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
AC_REQUIRE([AC_LIB_RPATH])
define([Name],[translit([$1],[./-], [___])])
define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
[ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
AC_CACHE_CHECK([how to link with lib[]$1], [ac_cv_lib[]Name[]_libs], [
AC_LIB_LINKFLAGS_BODY([$1], [$2])
ac_cv_lib[]Name[]_libs="$LIB[]NAME"
ac_cv_lib[]Name[]_ltlibs="$LTLIB[]NAME"
ac_cv_lib[]Name[]_cppflags="$INC[]NAME"
])
LIB[]NAME="$ac_cv_lib[]Name[]_libs"
LTLIB[]NAME="$ac_cv_lib[]Name[]_ltlibs"
INC[]NAME="$ac_cv_lib[]Name[]_cppflags"
AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
AC_SUBST([LIB]NAME)
AC_SUBST([LTLIB]NAME)
dnl Also set HAVE_LIB[]NAME so that AC_LIB_HAVE_LINKFLAGS can reuse the
dnl results of this search when this library appears as a dependency.
HAVE_LIB[]NAME=yes
undefine([Name])
undefine([NAME])
])
dnl AC_LIB_HAVE_LINKFLAGS(name, dependencies, includes, testcode)
dnl searches for libname and the libraries corresponding to explicit and
dnl implicit dependencies, together with the specified include files and
dnl the ability to compile and link the specified testcode. If found, it
dnl sets and AC_SUBSTs HAVE_LIB${NAME}=yes and the LIB${NAME} and
dnl LTLIB${NAME} variables and augments the CPPFLAGS variable, and
dnl #defines HAVE_LIB${NAME} to 1. Otherwise, it sets and AC_SUBSTs
dnl HAVE_LIB${NAME}=no and LIB${NAME} and LTLIB${NAME} to empty.
AC_DEFUN([AC_LIB_HAVE_LINKFLAGS],
[
AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
AC_REQUIRE([AC_LIB_RPATH])
define([Name],[translit([$1],[./-], [___])])
define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
[ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
dnl Search for lib[]Name and define LIB[]NAME, LTLIB[]NAME and INC[]NAME
dnl accordingly.
AC_LIB_LINKFLAGS_BODY([$1], [$2])
dnl Add $INC[]NAME to CPPFLAGS before performing the following checks,
dnl because if the user has installed lib[]Name and not disabled its use
dnl via --without-lib[]Name-prefix, he wants to use it.
ac_save_CPPFLAGS="$CPPFLAGS"
AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
AC_CACHE_CHECK([for lib[]$1], [ac_cv_lib[]Name], [
ac_save_LIBS="$LIBS"
LIBS="$LIBS $LIB[]NAME"
AC_TRY_LINK([$3], [$4], [ac_cv_lib[]Name=yes], [ac_cv_lib[]Name=no])
LIBS="$ac_save_LIBS"
])
if test "$ac_cv_lib[]Name" = yes; then
HAVE_LIB[]NAME=yes
AC_DEFINE([HAVE_LIB]NAME, 1, [Define if you have the $1 library.])
AC_MSG_CHECKING([how to link with lib[]$1])
AC_MSG_RESULT([$LIB[]NAME])
else
HAVE_LIB[]NAME=no
dnl If $LIB[]NAME didn't lead to a usable library, we don't need
dnl $INC[]NAME either.
CPPFLAGS="$ac_save_CPPFLAGS"
LIB[]NAME=
LTLIB[]NAME=
fi
AC_SUBST([HAVE_LIB]NAME)
AC_SUBST([LIB]NAME)
AC_SUBST([LTLIB]NAME)
undefine([Name])
undefine([NAME])
])
dnl Determine the platform dependent parameters needed to use rpath:
dnl libext, shlibext, hardcode_libdir_flag_spec, hardcode_libdir_separator,
dnl hardcode_direct, hardcode_minus_L.
AC_DEFUN([AC_LIB_RPATH],
[
dnl Tell automake >= 1.10 to complain if config.rpath is missing.
m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([config.rpath])])
AC_REQUIRE([AC_PROG_CC]) dnl we use $CC, $GCC, $LDFLAGS
AC_REQUIRE([AC_LIB_PROG_LD]) dnl we use $LD, $with_gnu_ld
AC_REQUIRE([AC_CANONICAL_HOST]) dnl we use $host
AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT]) dnl we use $ac_aux_dir
AC_CACHE_CHECK([for shared library run path origin], acl_cv_rpath, [
CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \
${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh
. ./conftest.sh
rm -f ./conftest.sh
acl_cv_rpath=done
])
wl="$acl_cv_wl"
libext="$acl_cv_libext"
shlibext="$acl_cv_shlibext"
hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec"
hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator"
hardcode_direct="$acl_cv_hardcode_direct"
hardcode_minus_L="$acl_cv_hardcode_minus_L"
dnl Determine whether the user wants rpath handling at all.
AC_ARG_ENABLE(rpath,
[ --disable-rpath do not hardcode runtime library paths],
:, enable_rpath=yes)
])
dnl AC_LIB_LINKFLAGS_BODY(name [, dependencies]) searches for libname and
dnl the libraries corresponding to explicit and implicit dependencies.
dnl Sets the LIB${NAME}, LTLIB${NAME} and INC${NAME} variables.
AC_DEFUN([AC_LIB_LINKFLAGS_BODY],
[
define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
[ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
dnl By default, look in $includedir and $libdir.
use_additional=yes
AC_LIB_WITH_FINAL_PREFIX([
eval additional_includedir=\"$includedir\"
eval additional_libdir=\"$libdir\"
])
AC_LIB_ARG_WITH([lib$1-prefix],
[ --with-lib$1-prefix[=DIR] search for lib$1 in DIR/include and DIR/lib
--without-lib$1-prefix don't search for lib$1 in includedir and libdir],
[
if test "X$withval" = "Xno"; then
use_additional=no
else
if test "X$withval" = "X"; then
AC_LIB_WITH_FINAL_PREFIX([
eval additional_includedir=\"$includedir\"
eval additional_libdir=\"$libdir\"
])
else
additional_includedir="$withval/include"
additional_libdir="$withval/lib"
fi
fi
])
dnl Search the library and its dependencies in $additional_libdir and
dnl $LDFLAGS. Using breadth-first-seach.
LIB[]NAME=
LTLIB[]NAME=
INC[]NAME=
rpathdirs=
ltrpathdirs=
names_already_handled=
names_next_round='$1 $2'
while test -n "$names_next_round"; do
names_this_round="$names_next_round"
names_next_round=
for name in $names_this_round; do
already_handled=
for n in $names_already_handled; do
if test "$n" = "$name"; then
already_handled=yes
break
fi
done
if test -z "$already_handled"; then
names_already_handled="$names_already_handled $name"
dnl See if it was already located by an earlier AC_LIB_LINKFLAGS
dnl or AC_LIB_HAVE_LINKFLAGS call.
uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
eval value=\"\$HAVE_LIB$uppername\"
if test -n "$value"; then
if test "$value" = yes; then
eval value=\"\$LIB$uppername\"
test -z "$value" || LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$value"
eval value=\"\$LTLIB$uppername\"
test -z "$value" || LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$value"
else
dnl An earlier call to AC_LIB_HAVE_LINKFLAGS has determined
dnl that this library doesn't exist. So just drop it.
:
fi
else
dnl Search the library lib$name in $additional_libdir and $LDFLAGS
dnl and the already constructed $LIBNAME/$LTLIBNAME.
found_dir=
found_la=
found_so=
found_a=
if test $use_additional = yes; then
if test -n "$shlibext" && test -f "$additional_libdir/lib$name.$shlibext"; then
found_dir="$additional_libdir"
found_so="$additional_libdir/lib$name.$shlibext"
if test -f "$additional_libdir/lib$name.la"; then
found_la="$additional_libdir/lib$name.la"
fi
else
if test -f "$additional_libdir/lib$name.$libext"; then
found_dir="$additional_libdir"
found_a="$additional_libdir/lib$name.$libext"
if test -f "$additional_libdir/lib$name.la"; then
found_la="$additional_libdir/lib$name.la"
fi
fi
fi
fi
if test "X$found_dir" = "X"; then
for x in $LDFLAGS $LTLIB[]NAME; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
case "$x" in
-L*)
dir=`echo "X$x" | sed -e 's/^X-L//'`
if test -n "$shlibext" && test -f "$dir/lib$name.$shlibext"; then
found_dir="$dir"
found_so="$dir/lib$name.$shlibext"
if test -f "$dir/lib$name.la"; then
found_la="$dir/lib$name.la"
fi
else
if test -f "$dir/lib$name.$libext"; then
found_dir="$dir"
found_a="$dir/lib$name.$libext"
if test -f "$dir/lib$name.la"; then
found_la="$dir/lib$name.la"
fi
fi
fi
;;
esac
if test "X$found_dir" != "X"; then
break
fi
done
fi
if test "X$found_dir" != "X"; then
dnl Found the library.
LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$found_dir -l$name"
if test "X$found_so" != "X"; then
dnl Linking with a shared library. We attempt to hardcode its
dnl directory into the executable's runpath, unless it's the
dnl standard /usr/lib.
if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/lib"; then
dnl No hardcoding is needed.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
else
dnl Use an explicit option to hardcode DIR into the resulting
dnl binary.
dnl Potentially add DIR to ltrpathdirs.
dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
haveit=
for x in $ltrpathdirs; do
if test "X$x" = "X$found_dir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
ltrpathdirs="$ltrpathdirs $found_dir"
fi
dnl The hardcoding into $LIBNAME is system dependent.
if test "$hardcode_direct" = yes; then
dnl Using DIR/libNAME.so during linking hardcodes DIR into the
dnl resulting binary.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
else
if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then
dnl Use an explicit option to hardcode DIR into the resulting
dnl binary.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
dnl Potentially add DIR to rpathdirs.
dnl The rpathdirs will be appended to $LIBNAME at the end.
haveit=
for x in $rpathdirs; do
if test "X$x" = "X$found_dir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
rpathdirs="$rpathdirs $found_dir"
fi
else
dnl Rely on "-L$found_dir".
dnl But don't add it if it's already contained in the LDFLAGS
dnl or the already constructed $LIBNAME
haveit=
for x in $LDFLAGS $LIB[]NAME; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-L$found_dir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir"
fi
if test "$hardcode_minus_L" != no; then
dnl FIXME: Not sure whether we should use
dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
dnl here.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
else
dnl We cannot use $hardcode_runpath_var and LD_RUN_PATH
dnl here, because this doesn't fit in flags passed to the
dnl compiler. So give up. No hardcoding. This affects only
dnl very old systems.
dnl FIXME: Not sure whether we should use
dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
dnl here.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
fi
fi
fi
fi
else
if test "X$found_a" != "X"; then
dnl Linking with a static library.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_a"
else
dnl We shouldn't come here, but anyway it's good to have a
dnl fallback.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir -l$name"
fi
fi
dnl Assume the include files are nearby.
additional_includedir=
case "$found_dir" in
*/lib | */lib/)
basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e 's,/lib/*$,,'`
additional_includedir="$basedir/include"
;;
esac
if test "X$additional_includedir" != "X"; then
dnl Potentially add $additional_includedir to $INCNAME.
dnl But don't add it
dnl 1. if it's the standard /usr/include,
dnl 2. if it's /usr/local/include and we are using GCC on Linux,
dnl 3. if it's already present in $CPPFLAGS or the already
dnl constructed $INCNAME,
dnl 4. if it doesn't exist as a directory.
if test "X$additional_includedir" != "X/usr/include"; then
haveit=
if test "X$additional_includedir" = "X/usr/local/include"; then
if test -n "$GCC"; then
case $host_os in
linux* | gnu* | k*bsd*-gnu) haveit=yes;;
esac
fi
fi
if test -z "$haveit"; then
for x in $CPPFLAGS $INC[]NAME; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-I$additional_includedir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
if test -d "$additional_includedir"; then
dnl Really add $additional_includedir to $INCNAME.
INC[]NAME="${INC[]NAME}${INC[]NAME:+ }-I$additional_includedir"
fi
fi
fi
fi
fi
dnl Look for dependencies.
if test -n "$found_la"; then
dnl Read the .la file. It defines the variables
dnl dlname, library_names, old_library, dependency_libs, current,
dnl age, revision, installed, dlopen, dlpreopen, libdir.
save_libdir="$libdir"
case "$found_la" in
*/* | *\\*) . "$found_la" ;;
*) . "./$found_la" ;;
esac
libdir="$save_libdir"
dnl We use only dependency_libs.
for dep in $dependency_libs; do
case "$dep" in
-L*)
additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
dnl Potentially add $additional_libdir to $LIBNAME and $LTLIBNAME.
dnl But don't add it
dnl 1. if it's the standard /usr/lib,
dnl 2. if it's /usr/local/lib and we are using GCC on Linux,
dnl 3. if it's already present in $LDFLAGS or the already
dnl constructed $LIBNAME,
dnl 4. if it doesn't exist as a directory.
if test "X$additional_libdir" != "X/usr/lib"; then
haveit=
if test "X$additional_libdir" = "X/usr/local/lib"; then
if test -n "$GCC"; then
case $host_os in
linux* | gnu* | k*bsd*-gnu) haveit=yes;;
esac
fi
fi
if test -z "$haveit"; then
haveit=
for x in $LDFLAGS $LIB[]NAME; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-L$additional_libdir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
if test -d "$additional_libdir"; then
dnl Really add $additional_libdir to $LIBNAME.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$additional_libdir"
fi
fi
haveit=
for x in $LDFLAGS $LTLIB[]NAME; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-L$additional_libdir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
if test -d "$additional_libdir"; then
dnl Really add $additional_libdir to $LTLIBNAME.
LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$additional_libdir"
fi
fi
fi
fi
;;
-R*)
dir=`echo "X$dep" | sed -e 's/^X-R//'`
if test "$enable_rpath" != no; then
dnl Potentially add DIR to rpathdirs.
dnl The rpathdirs will be appended to $LIBNAME at the end.
haveit=
for x in $rpathdirs; do
if test "X$x" = "X$dir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
rpathdirs="$rpathdirs $dir"
fi
dnl Potentially add DIR to ltrpathdirs.
dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
haveit=
for x in $ltrpathdirs; do
if test "X$x" = "X$dir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
ltrpathdirs="$ltrpathdirs $dir"
fi
fi
;;
-l*)
dnl Handle this in the next round.
names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
;;
*.la)
dnl Handle this in the next round. Throw away the .la's
dnl directory; it is already contained in a preceding -L
dnl option.
names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
;;
*)
dnl Most likely an immediate library name.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$dep"
LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$dep"
;;
esac
done
fi
else
dnl Didn't find the library; assume it is in the system directories
dnl known to the linker and runtime loader. (All the system
dnl directories known to the linker should also be known to the
dnl runtime loader, otherwise the system is severely misconfigured.)
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-l$name"
fi
fi
fi
done
done
if test "X$rpathdirs" != "X"; then
if test -n "$hardcode_libdir_separator"; then
dnl Weird platform: only the last -rpath option counts, the user must
dnl pass all path elements in one option. We can arrange that for a
dnl single library, but not when more than one $LIBNAMEs are used.
alldirs=
for found_dir in $rpathdirs; do
alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$found_dir"
done
dnl Note: hardcode_libdir_flag_spec uses $libdir and $wl.
acl_save_libdir="$libdir"
libdir="$alldirs"
eval flag=\"$hardcode_libdir_flag_spec\"
libdir="$acl_save_libdir"
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
else
dnl The -rpath options are cumulative.
for found_dir in $rpathdirs; do
acl_save_libdir="$libdir"
libdir="$found_dir"
eval flag=\"$hardcode_libdir_flag_spec\"
libdir="$acl_save_libdir"
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
done
fi
fi
if test "X$ltrpathdirs" != "X"; then
dnl When using libtool, the option that works for both libraries and
dnl executables is -R. The -R options are cumulative.
for found_dir in $ltrpathdirs; do
LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-R$found_dir"
done
fi
])
dnl AC_LIB_APPENDTOVAR(VAR, CONTENTS) appends the elements of CONTENTS to VAR,
dnl unless already present in VAR.
dnl Works only for CPPFLAGS, not for LIB* variables because that sometimes
dnl contains two or three consecutive elements that belong together.
AC_DEFUN([AC_LIB_APPENDTOVAR],
[
for element in [$2]; do
haveit=
for x in $[$1]; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X$element"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
[$1]="${[$1]}${[$1]:+ }$element"
fi
done
])
# lib-ld.m4 serial 3 (gettext-0.13)
dnl Copyright (C) 1996-2003 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl Subroutines of libtool.m4,
dnl with replacements s/AC_/AC_LIB/ and s/lt_cv/acl_cv/ to avoid collision
dnl with libtool.m4.
dnl From libtool-1.4. Sets the variable with_gnu_ld to yes or no.
AC_DEFUN([AC_LIB_PROG_LD_GNU],
[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], acl_cv_prog_gnu_ld,
[# I'd rather use --version here, but apparently some GNU ld's only accept -v.
case `$LD -v 2>&1 conf$$.sh
echo "exit 0" >>conf$$.sh
chmod +x conf$$.sh
if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
PATH_SEPARATOR=';'
else
PATH_SEPARATOR=:
fi
rm -f conf$$.sh
fi
ac_prog=ld
if test "$GCC" = yes; then
# Check if gcc -print-prog-name=ld gives a path.
AC_MSG_CHECKING([for ld used by GCC])
case $host in
*-*-mingw*)
# gcc leaves a trailing carriage return which upsets mingw
ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
*)
ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
esac
case $ac_prog in
# Accept absolute paths.
[[\\/]* | [A-Za-z]:[\\/]*)]
[re_direlt='/[^/][^/]*/\.\./']
# Canonicalize the path of ld
ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
done
test -z "$LD" && LD="$ac_prog"
;;
"")
# If it fails, then pretend we aren't using GCC.
ac_prog=ld
;;
*)
# If it is relative, then search for the first ld in PATH.
with_gnu_ld=unknown
;;
esac
elif test "$with_gnu_ld" = yes; then
AC_MSG_CHECKING([for GNU ld])
else
AC_MSG_CHECKING([for non-GNU ld])
fi
AC_CACHE_VAL(acl_cv_path_LD,
[if test -z "$LD"; then
IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
for ac_dir in $PATH; do
test -z "$ac_dir" && ac_dir=.
if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
acl_cv_path_LD="$ac_dir/$ac_prog"
# Check to see if the program is GNU ld. I'd rather use --version,
# but apparently some GNU ld's only accept -v.
# Break only if it was the GNU/non-GNU ld that we prefer.
case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in
*GNU* | *'with BFD'*)
test "$with_gnu_ld" != no && break ;;
*)
test "$with_gnu_ld" != yes && break ;;
esac
fi
done
IFS="$ac_save_ifs"
else
acl_cv_path_LD="$LD" # Let the user override the test with a path.
fi])
LD="$acl_cv_path_LD"
if test -n "$LD"; then
AC_MSG_RESULT($LD)
else
AC_MSG_RESULT(no)
fi
test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
AC_LIB_PROG_LD_GNU
])
# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
#
# Copyright © 2004 Scott James Remnant .
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# PKG_PROG_PKG_CONFIG([MIN-VERSION])
# ----------------------------------
AC_DEFUN([PKG_PROG_PKG_CONFIG],
[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
m4_pattern_allow([^PKG_CONFIG(_PATH)?$])
AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl
if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=m4_ifval([$1], [$1], [0.9.0])
AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
PKG_CONFIG=""
fi
fi[]dnl
])# PKG_PROG_PKG_CONFIG
# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
#
# Check to see whether a particular set of modules exists. Similar
# to PKG_CHECK_MODULES(), but does not set variables or print errors.
#
#
# Similar to PKG_CHECK_MODULES, make sure that the first instance of
# this or PKG_CHECK_MODULES is called, or make sure to call
# PKG_CHECK_EXISTS manually
# --------------------------------------------------------------
AC_DEFUN([PKG_CHECK_EXISTS],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
if test -n "$PKG_CONFIG" && \
AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
m4_ifval([$2], [$2], [:])
m4_ifvaln([$3], [else
$3])dnl
fi])
# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
# ---------------------------------------------
m4_define([_PKG_CONFIG],
[if test -n "$PKG_CONFIG"; then
PKG_CHECK_EXISTS([$3],
[pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`],
[pkg_failed=yes])
else
pkg_failed=untried
fi[]dnl
])# _PKG_CONFIG
# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
# [ACTION-IF-NOT-FOUND])
#
#
# Note that if there is a possibility the first call to
# PKG_CHECK_MODULES might not happen, you should be sure to include an
# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
#
#
# --------------------------------------------------------------
AC_DEFUN([PKG_CHECK_MODULES],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
pkg_failed=no
AC_MSG_CHECKING([for $1])
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
if test $pkg_failed = yes; then
$1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"`
# Put the nasty error message in config.log where it belongs
echo "$$1[]_PKG_ERRORS" 1>&AS_MESSAGE_LOG_FD
ifelse([$4], , [AC_MSG_ERROR(dnl
[Package requirements ($2) were not met.
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively you may set the $1_CFLAGS and $1_LIBS environment variables
to avoid the need to call pkg-config. See the pkg-config man page for
more details.])],
[$4])
elif test $pkg_failed = untried; then
ifelse([$4], , [AC_MSG_FAILURE(dnl
[The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Alternatively you may set the $1_CFLAGS and $1_LIBS environment variables
to avoid the need to call pkg-config. See the pkg-config man page for
more details.
To get pkg-config, see .])],
[$4])
else
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
AC_MSG_RESULT([yes])
ifelse([$3], , :, [$3])
fi[]dnl
])# PKG_CHECK_MODULES