ipkungfu-0.6.1/0000777000175000017500000000000010555031736010360 500000000000000ipkungfu-0.6.1/FAQ0000644000175000017500000001715610555031665010641 00000000000000=============================================================================== $Id: FAQ 151 2006-09-11 21:50:40Z trappist $ =============================================================================== TROUBLESHOOTING IPKUNGFU First, did you read the README? Did you check your configuration files in /etc/ipkungfu/ ? Did you re-run ipkungfu after changing a configuration file? Some common problems people have had are covered here: "When I run ipkungfu I get 'ipkungfu: command not found'" - first, make sure you have installed ipkungfu by running the installer (just type ./install in the unpacked ipkungfu directory. If you have done this, ipkungfu is probably not in your PATH. ipkungfu is installed to /usr/local/sbin. You can type /usr/local/sbin/ipkungfu instead, or add /usr/local/sbin to your $PATH environment variable: export PATH=$PATH:/usr/local/sbin "I get an ERROR: Root check FAILED" - This one is quite simple, you must be root to install, configure and run ipkungfu. Log in as root or su to root. "I ran the installer, but the firewall did not come up" - Installing ipkungfu and running ipkungfu are two different things. You should run the ipkungfu script located in the /usr/local/sbin directory after editing any configuration files you want to customize. "I changed a configuration file, but nothing changed" - The likely answer is that you did not re-run ipkungfu. ipkungfu builds the rules for the firewall based on the configuration files. Once rules are created, the contents of the configuration files are irrelevant unless you run ipkungfu again. "How can I get ipkungfu to start at boot?" - Most Linux distributions make it possible to run init scripts. If so, you have a script called ipkungfu in /etc/init.d or /etc/rc.d/init.d that you can add to your startup configuration. If your distribution is chkconfig-compatible like Redhat or Mandrake, the ipkungfu install script does this for you. If this doesn't work for you, add the following line to an existing init script, such as rc.local or ifup-post: /usr/local/sbin/ipkungfu --init "How can I check to see if my firewall is running?" - As root, type: ipkungfu -c or ipkungfu --check "I'm trying to run a game server, but people can't connect" - First make sure you have allowed connections to the correct port(s). Check the configuration in /etc/ipkungfu/ipkungfu.conf and re run ipkungfu if changes are made. If it is correct, or still does not work, edit /etc/ipkungfu/advanced.conf and set LOOSE_UDP_PATCH to 1. "I can't play Microsoft games through my firewall" - Don't worry, it's not ipkungfu's fault! Many newer Microsoft applications, including games, use Universal Plug N Play technology, and Linux isn't very good at doing the right things with that traffic. But all is not lost! There is a product called linux-igd, a UPnP gateway for linux, available which makes these things possible. Check out http://sourceforge.net/projects/linux-igd for details. I have reports that this also makes it possible to transfer files using MSN Messenger using this product. Alternatively, it may be possible to play the games by forwarding the appropriate ports to the client machine by editing /etc/ipkungfu/vhosts.conf. Several examples are provided. "I can't send files via dcc in IRC!" - Some file transfer mechanisms, like dcc, use random ports. You must have ip_conntrack and ip_conntrack_irc either inserted into the running kernel as modules, or compiled into the kernel itself. The purpose of these modules is to track the dcc connection and associate it with your existing irc connection so that it can be allowed through your firewall without explicitly allowing it or opening unnecessary holes in your firewall. "When people connect to my ftp server and try to get a list of files, it just kinda sits there" - This is essentially the same issue as the dcc situation described above. You need the ftp conntrack helper module (ip_conntrack_ftp). Refer to the dcc question above for details. As with dcc, ftp by default uses random ports, and the kernel's packet filtering code needs this helper module to track the connection across these ports to allow established ftp connections through them. The relevant modules are ip_conntrack_ftp and ip_nat_ftp. "I run an fxp server, and people can connect but they can't transfer files" - the ftp conntrack and nat modules (described above) contain fxp functionality that's disabled by default - do: modprobe ip_conntrack_ftp fxp=1 Substitute ip_nat_ftp as appropriate if the ipkungfu box is not the same machine as the fxp server. "I can't connect to my Windows VPN server, or the connection gets dropped." - This, too, is likely a connection tracking issue. The last time I checked, the pptp conntrack module wasn't in the stock kernel, and this may be what you need. If you don't have it, get the latest patch-o- matic from http://netfilter.org. I don't know why, but the module doesn't work for me unless I compile it as a module, rather than into the kernel ("m" as opposed to "y"). Don't forget to rebuild iptables after patching. Then, modprobe ip_conntrack_pptp (and ip_nat_pptp if applicable). "Will ipkungfu work with ipchains?" - Let me put it this way: No. ipkungfu only works on Linux kernels 2.4 and higher that have iptables support. "How can I temporarily turn off the firewall or stop all access?" - Although disabling the firewall when you are connected to an external network such as the Internet is not recommended, if it is necessary, then you have 2 options. Disable the firewall so all access is allowed (not recommended) or shut off all access, internal and external (panic mode) For panic mode: ipkungfu --panic To just disable: ipkungfu -d or ipkungfu --disable To turn the firewall back on, simply rerun the ipkungfu script: ipkungfu There is no need to turn off the firewall to make a change to a configuration file, but the script must be rerun for changes to take effect. "Where is the firewall log located?" - Many systems use /var/log/syslog to log kernel messages. Since packets are filtered at the kernel level, this is where they are most likely located, along with other kernel messages. All ipkungfu log entries contain the string "IPKF", so you can, for example: grep IPKF /var/log/syslog to see recent firewall logs, unless you have selected ulog as your logging facility in log.conf, in which case the location of your log will depend on your configuration of the ulogd utility. "I'm working remotely; what are the odds that ipkungfu will lock me out?" - Well that depends. If you fail to allow access to sshd, or telnet, or whatever you're using, or you block the IP address you're connecting from, you're out of luck. But as of 0.5.1 there is a new command line option, --failsafe, that will set default policies on all builtin chains in the filter table to ACCEPT, in the event that ipkungfu fails. This can also be accomplished by setting FAILSAFE=1 in ipkungfu.conf. As an additional measure, you may add a custom rule to /etc/ipkungfu/post.conf to, say, allow tcp port 22 from the IP address you're working from no matter what happens. "I've just installed a new kernel, and when I run ipkungfu I get all kinds of errors" - In many (most) cases, when you install a new kernel, you must also recompile iptables against the source of the new kernel. Obtain the iptables source from netfilter.org or from your distribution vendor and recompile. "I'm getting firewall on my console, and it's really screwing me up. How can I stop this?" - as root, try this: sysctl kernel.printk="4 4 1 7" ipkungfu-0.6.1/man/0000777000175000017500000000000010555031736011133 500000000000000ipkungfu-0.6.1/man/ipkungfu.80000644000175000017500000000553610555031736013001 00000000000000.TH ipkungfu 8 "January 2003" .SH NAME ipkungfu \- An iptables-based firewall for Linux .SH SYNOPSIS .B ipkungfu [ .B \-c ] [ .B \-t ] [ .B \-d ] [ .B \-h ] [ .B \-v ] [ .BI \-\-quiet ] [ .BI \-\-panic ] [ .BI \-\-no\-caching .SH DESCRIPTION .B ipkungfu is an iptables-based Linux firewall. The primary design goals are security, ease of use, and performance, in that order. It takes advantage of advanced features of iptables, tcpwrappers, and the Linux kernel. It also simplifies the configuration of internet connection sharing, advanced routing, and other networking needs. .SH OPTIONS .TP 12 .B \-c " (or " \-\-check) Check whether \fIipkungfu\fP is loaded, and report any command line options it may have been loaded with. .TP .B \-t " (or " \-\-test) Runs a configuration test, and displays the results. Note that this does not test or display all configuration options. This gives you an opportunity to verify that major configuration options are correct before putting them into action. .TP .B \-d " (or " \-\-disable) Disables the firewall. It is important to know exactly what this option does. All traffic is allowed in and out, and in the case of a gateway, all NATed traffic is forwarded (the option retains your connection sharing options). Custom rules are not implemented, and \fIdeny_hosts.conf\fP is ignored. .TP .B \-f " (or " \-\-flush) Disables the firewall COMPLETELY. All rules are flushed, all chains are removed. Any port forwarding or internet connection sharing will cease to work. .TP .B \-h " (or " \-\-help) Displays brief usage information and exits. .TP .B \-v " (or " \-\-version) Displays version information and exits. .TP .B \-\-quiet Runs ipkungfu with no standard output .TP .B \-\-panic Drops ALL traffic in all directions on all network interfaces. You should probably never use this option. The \fI--panic\fP option is available for the highly unusual situation where you know that an attack is underway but you know of no other way to stop it. .TP .B \-\-failsafe If ipkungfu fails, \fI--failsafe\fP will cause all firewall policies to revert to ACCEPT. This is useful when working with ipkungfu remotely, to prevent loss of remote access due to firewall failure. .TP .B \-\-no\-caching Disables rules caching feature. .SH FILES .PD 0 .B /etc/ipkungfu/ipkungfu.conf .br .B /etc/ipkungfu/advanced.conf .br .B /etc/ipkungfu/accept_hosts.conf .br .B /etc/ipkungfu/deny_hosts.conf .br .B /etc/ipkungfu/custom.conf .br .B /etc/ipkungfu/log.conf .br .B /etc/ipkungfu/redirect.conf .br .B /etc/ipkungfu/services.conf .br .B /usr/local/sbin/ipkungfu .br .B /usr/local/share/doc/ipkungfu-0.6.1/AUTHORS .br .B /usr/local/share/doc/ipkungfu-0.6.1/README .br .B /usr/local/share/doc/ipkungfu-0.6.1/FAQ .br .B /usr/local/share/doc/ipkungfu-0.6.1/ChangeLog .br .B /usr/local/share/doc/ipkungfu-0.6.1/COPYING .PD .SH SEE ALSO .BR iptables (8). ipkungfu-0.6.1/man/ipkungfu.8.in0000644000175000017500000000561610555031665013406 00000000000000.TH ipkungfu 8 "January 2003" .SH NAME ipkungfu \- An iptables-based firewall for Linux .SH SYNOPSIS .B ipkungfu [ .B \-c ] [ .B \-t ] [ .B \-d ] [ .B \-h ] [ .B \-v ] [ .BI \-\-quiet ] [ .BI \-\-panic ] [ .BI \-\-no\-caching .SH DESCRIPTION .B ipkungfu is an iptables-based Linux firewall. The primary design goals are security, ease of use, and performance, in that order. It takes advantage of advanced features of iptables, tcpwrappers, and the Linux kernel. It also simplifies the configuration of internet connection sharing, advanced routing, and other networking needs. .SH OPTIONS .TP 12 .B \-c " (or " \-\-check) Check whether \fIipkungfu\fP is loaded, and report any command line options it may have been loaded with. .TP .B \-t " (or " \-\-test) Runs a configuration test, and displays the results. Note that this does not test or display all configuration options. This gives you an opportunity to verify that major configuration options are correct before putting them into action. .TP .B \-d " (or " \-\-disable) Disables the firewall. It is important to know exactly what this option does. All traffic is allowed in and out, and in the case of a gateway, all NATed traffic is forwarded (the option retains your connection sharing options). Custom rules are not implemented, and \fIdeny_hosts.conf\fP is ignored. .TP .B \-f " (or " \-\-flush) Disables the firewall COMPLETELY. All rules are flushed, all chains are removed. Any port forwarding or internet connection sharing will cease to work. .TP .B \-h " (or " \-\-help) Displays brief usage information and exits. .TP .B \-v " (or " \-\-version) Displays version information and exits. .TP .B \-\-quiet Runs ipkungfu with no standard output .TP .B \-\-panic Drops ALL traffic in all directions on all network interfaces. You should probably never use this option. The \fI--panic\fP option is available for the highly unusual situation where you know that an attack is underway but you know of no other way to stop it. .TP .B \-\-failsafe If ipkungfu fails, \fI--failsafe\fP will cause all firewall policies to revert to ACCEPT. This is useful when working with ipkungfu remotely, to prevent loss of remote access due to firewall failure. .TP .B \-\-no\-caching Disables rules caching feature. .SH FILES .PD 0 .B /etc/ipkungfu/ipkungfu.conf .br .B /etc/ipkungfu/advanced.conf .br .B /etc/ipkungfu/accept_hosts.conf .br .B /etc/ipkungfu/deny_hosts.conf .br .B /etc/ipkungfu/custom.conf .br .B /etc/ipkungfu/log.conf .br .B /etc/ipkungfu/redirect.conf .br .B /etc/ipkungfu/services.conf .br .B @prefix@/sbin/ipkungfu .br .B @prefix@/share/doc/ipkungfu-@PACKAGE_VERSION@/AUTHORS .br .B @prefix@/share/doc/ipkungfu-@PACKAGE_VERSION@/README .br .B @prefix@/share/doc/ipkungfu-@PACKAGE_VERSION@/FAQ .br .B @prefix@/share/doc/ipkungfu-@PACKAGE_VERSION@/ChangeLog .br .B @prefix@/share/doc/ipkungfu-@PACKAGE_VERSION@/COPYING .PD .SH SEE ALSO .BR iptables (8). ipkungfu-0.6.1/NEWS0000644000175000017500000000054210555031666010776 00000000000000# ======================================================================= # $Id: NEWS 94 2005-11-10 23:53:23Z s0undt3ch $ # ======================================================================= # Here we add the news to comply to the GNU specifications More News at: http://www.linuxkungfu.org Or at its development site: http://ipkungfu.ufsoft.org ipkungfu-0.6.1/compile0000755000175000017500000000717310555031727011662 00000000000000#! /bin/sh # Wrapper for compilers which do not understand `-c -o'. scriptversion=2005-05-14.22 # Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # This file is maintained in Automake, please report # bugs to or send patches to # . case $1 in '') echo "$0: No command. Try \`$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: compile [--help] [--version] PROGRAM [ARGS] Wrapper for compilers which do not understand `-c -o'. Remove `-o dest.o' from ARGS, run PROGRAM with the remaining arguments, and rename the output as expected. If you are trying to build a whole package this is not the right script to run: please start by reading the file `INSTALL'. Report bugs to . EOF exit $? ;; -v | --v*) echo "compile $scriptversion" exit $? ;; esac ofile= cfile= eat= for arg do if test -n "$eat"; then eat= else case $1 in -o) # configure might choose to run compile as `compile cc -o foo foo.c'. # So we strip `-o arg' only if arg is an object. eat=1 case $2 in *.o | *.obj) ofile=$2 ;; *) set x "$@" -o "$2" shift ;; esac ;; *.c) cfile=$1 set x "$@" "$1" shift ;; *) set x "$@" "$1" shift ;; esac fi shift done if test -z "$ofile" || test -z "$cfile"; then # If no `-o' option was seen then we might have been invoked from a # pattern rule where we don't need one. That is ok -- this is a # normal compilation that the losing compiler can handle. If no # `.c' file was seen then we are probably linking. That is also # ok. exec "$@" fi # Name of file we expect compiler to create. cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'` # Create the lock directory. # Note: use `[/.-]' here to ensure that we don't use the same name # that we are using for the .o file. Also, base the name on the expected # object file name, since that is what matters with a parallel build. lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d while true; do if mkdir "$lockdir" >/dev/null 2>&1; then break fi sleep 1 done # FIXME: race condition here if user kills between mkdir and trap. trap "rmdir '$lockdir'; exit 1" 1 2 15 # Run the compile. "$@" ret=$? if test -f "$cofile"; then mv "$cofile" "$ofile" elif test -f "${cofile}bj"; then mv "${cofile}bj" "$ofile" fi rmdir "$lockdir" exit $ret # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-end: "$" # End: ipkungfu-0.6.1/depcomp0000755000175000017500000003710010555031727011652 00000000000000#! /bin/sh # depcomp - compile a program generating dependencies as side-effects scriptversion=2005-07-09.11 # Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Alexandre Oliva . case $1 in '') echo "$0: No command. Try \`$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: depcomp [--help] [--version] PROGRAM [ARGS] Run PROGRAMS ARGS to compile a file, generating dependencies as side-effects. Environment variables: depmode Dependency tracking mode. source Source file read by `PROGRAMS ARGS'. object Object file output by `PROGRAMS ARGS'. DEPDIR directory where to store dependencies. depfile Dependency file to output. tmpdepfile Temporary file to use when outputing dependencies. libtool Whether libtool is used (yes/no). Report bugs to . EOF exit $? ;; -v | --v*) echo "depcomp $scriptversion" exit $? ;; esac if test -z "$depmode" || test -z "$source" || test -z "$object"; then echo "depcomp: Variables source, object and depmode must be set" 1>&2 exit 1 fi # Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. depfile=${depfile-`echo "$object" | sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} rm -f "$tmpdepfile" # Some modes work just like other modes, but use different flags. We # parameterize here, but still list the modes in the big case below, # to make depend.m4 easier to write. Note that we *cannot* use a case # here, because this file can only contain one case statement. if test "$depmode" = hp; then # HP compiler uses -M and no extra arg. gccflag=-M depmode=gcc fi if test "$depmode" = dashXmstdout; then # This is just like dashmstdout with a different argument. dashmflag=-xM depmode=dashmstdout fi case "$depmode" in gcc3) ## gcc 3 implements dependency tracking that does exactly what ## we want. Yay! Note: for some reason libtool 1.4 doesn't like ## it if -MD -MP comes after the -MF stuff. Hmm. "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi mv "$tmpdepfile" "$depfile" ;; gcc) ## There are various ways to get dependency output from gcc. Here's ## why we pick this rather obscure method: ## - Don't want to use -MD because we'd like the dependencies to end ## up in a subdir. Having to rename by hand is ugly. ## (We might end up doing this anyway to support other compilers.) ## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like ## -MM, not -M (despite what the docs say). ## - Using -M directly means running the compiler twice (even worse ## than renaming). if test -z "$gccflag"; then gccflag=-MD, fi "$@" -Wp,"$gccflag$tmpdepfile" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ## The second -e expression handles DOS-style file names with drive letters. sed -e 's/^[^:]*: / /' \ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" ## This next piece of magic avoids the `deleted header file' problem. ## The problem is that when a header file which appears in a .P file ## is deleted, the dependency causes make to die (because there is ## typically no way to rebuild the header). We avoid this by adding ## dummy dependencies for each header file. Too bad gcc doesn't do ## this for us directly. tr ' ' ' ' < "$tmpdepfile" | ## Some versions of gcc put a space before the `:'. On the theory ## that the space means something, we add a space to the output as ## well. ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; hp) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; sgi) if test "$libtool" = yes; then "$@" "-Wp,-MDupdate,$tmpdepfile" else "$@" -MDupdate "$tmpdepfile" fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files echo "$object : \\" > "$depfile" # Clip off the initial element (the dependent). Don't try to be # clever and replace this with sed code, as IRIX sed won't handle # lines with more than a fixed number of characters (4096 in # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; # the IRIX cc adds comments like `#:fec' to the end of the # dependency line. tr ' ' ' ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ tr ' ' ' ' >> $depfile echo >> $depfile # The second pass generates a dummy entry for each header file. tr ' ' ' ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ >> $depfile else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile # "include basename.Plo" scheme. echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; aix) # The C for AIX Compiler uses -M and outputs the dependencies # in a .u file. In older versions, this file always lives in the # current directory. Also, the AIX compiler puts `$object:' at the # start of each line; $object doesn't have directory information. # Version 6 uses the directory in both cases. stripped=`echo "$object" | sed 's/\(.*\)\..*$/\1/'` tmpdepfile="$stripped.u" if test "$libtool" = yes; then "$@" -Wc,-M else "$@" -M fi stat=$? if test -f "$tmpdepfile"; then : else stripped=`echo "$stripped" | sed 's,^.*/,,'` tmpdepfile="$stripped.u" fi if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi if test -f "$tmpdepfile"; then outname="$stripped.o" # Each line is of the form `foo.o: dependent.h'. # Do two passes, one to just change these to # `$object: dependent.h' and one to simply `dependent.h:'. sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile" sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile # "include basename.Plo" scheme. echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; icc) # Intel's C compiler understands `-MD -MF file'. However on # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c # ICC 7.0 will fill foo.d with something like # foo.o: sub/foo.c # foo.o: sub/foo.h # which is wrong. We want: # sub/foo.o: sub/foo.c # sub/foo.o: sub/foo.h # sub/foo.c: # sub/foo.h: # ICC 7.1 will output # foo.o: sub/foo.c sub/foo.h # and will wrap long lines using \ : # foo.o: sub/foo.c ... \ # sub/foo.h ... \ # ... "$@" -MD -MF "$tmpdepfile" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" # Each line is of the form `foo.o: dependent.h', # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. # Do two passes, one to just change these to # `$object: dependent.h' and one to simply `dependent.h:'. sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" # Some versions of the HPUX 10.20 sed can't process this invocation # correctly. Breaking it into two sed invocations is a workaround. sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; tru64) # The Tru64 compiler uses -MD to generate dependencies as a side # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put # dependencies in `foo.d' instead, so we check for that too. # Subdirectories are respected. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then # With Tru64 cc, shared objects can also be used to make a # static library. This mecanism is used in libtool 1.4 series to # handle both shared and static libraries in a single compilation. # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d. # # With libtool 1.5 this exception was removed, and libtool now # generates 2 separate objects for the 2 libraries. These two # compilations output dependencies in in $dir.libs/$base.o.d and # in $dir$base.o.d. We have to check for both files, because # one of the two compilations can be disabled. We should prefer # $dir$base.o.d over $dir.libs/$base.o.d because the latter is # automatically cleaned when .libs/ is deleted, while ignoring # the former would cause a distcleancheck panic. tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4 tmpdepfile2=$dir$base.o.d # libtool 1.5 tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5 tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504 "$@" -Wc,-MD else tmpdepfile1=$dir$base.o.d tmpdepfile2=$dir$base.d tmpdepfile3=$dir$base.d tmpdepfile4=$dir$base.d "$@" -MD fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" # That's a tab and a space in the []. sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; #nosideeffect) # This comment above is used by automake to tell side-effect # dependency tracking mechanisms from slower ones. dashmstdout) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout, regardless of -o. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test $1 != '--mode=compile'; do shift done shift fi # Remove `-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done test -z "$dashmflag" && dashmflag=-M # Require at least two characters before searching for `:' # in the target name. This is to cope with DOS-style filenames: # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise. "$@" $dashmflag | sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" tr ' ' ' ' < "$tmpdepfile" | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; dashXmstdout) # This case only exists to satisfy depend.m4. It is never actually # run, as this mode is specially recognized in the preamble. exit 1 ;; makedepend) "$@" || exit $? # Remove any Libtool call if test "$libtool" = yes; then while test $1 != '--mode=compile'; do shift done shift fi # X makedepend shift cleared=no for arg in "$@"; do case $cleared in no) set ""; shift cleared=yes ;; esac case "$arg" in -D*|-I*) set fnord "$@" "$arg"; shift ;; # Strip any option that makedepend may not understand. Remove # the object too, otherwise makedepend will parse it as a source file. -*|$object) ;; *) set fnord "$@" "$arg"; shift ;; esac done obj_suffix="`echo $object | sed 's/^.*\././'`" touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" sed '1,2d' "$tmpdepfile" | tr ' ' ' ' | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" "$tmpdepfile".bak ;; cpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test $1 != '--mode=compile'; do shift done shift fi # Remove `-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done "$@" -E | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | sed '$ s: \\$::' > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" cat < "$tmpdepfile" >> "$depfile" sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; msvisualcpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout, regardless of -o, # because we must use -o when running libtool. "$@" || exit $? IFS=" " for arg do case "$arg" in "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") set fnord "$@" shift shift ;; *) set fnord "$@" "$arg" shift shift ;; esac done "$@" -E | sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" echo " " >> "$depfile" . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; none) exec "$@" ;; *) echo "Unknown depmode $depmode" 1>&2 exit 1 ;; esac exit 0 # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-end: "$" # End: ipkungfu-0.6.1/aclocal.m40000644000175000017500000007661110555031723012143 00000000000000# generated automatically by aclocal 1.9.6 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. # Copyright (C) 2002, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version="1.9"]) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION so it can be traced. # This function is AC_REQUIREd by AC_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.9.6])]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- # Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to # `$srcdir', `$srcdir/..', or `$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and # therefore $ac_aux_dir as well) can be either absolute or relative, # depending on how configure is run. This is pretty annoying, since # it makes $ac_aux_dir quite unusable in subdirectories: in the top # source directory, any form will work fine, but in subdirectories a # relative path needs to be adjusted first. # # $ac_aux_dir/missing # fails when called from a subdirectory if $ac_aux_dir is relative # $top_srcdir/$ac_aux_dir/missing # fails if $ac_aux_dir is absolute, # fails when called from a subdirectory in a VPATH build with # a relative $ac_aux_dir # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually # harmless because $srcdir is `.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, # iff we strip the leading $srcdir from $ac_aux_dir. That would be: # am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` # and then we would define $MISSING as # MISSING="\${SHELL} $am_aux_dir/missing" # This will work as long as MISSING is not called from configure, because # unfortunately $(top_srcdir) has no meaning in configure. # However there are other variables, like CC, which are often used in # configure, and could therefore not use this "fixed" $ac_aux_dir. # # Another solution, used here, is to always expand $ac_aux_dir to an # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], [dnl Rely on autoconf to set up CDPATH properly. AC_PREREQ([2.50])dnl # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 7 # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ(2.52)dnl ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE]) AC_SUBST([$1_FALSE]) if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi AC_CONFIG_COMMANDS_PRE( [if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then AC_MSG_ERROR([[conditional "$1" was never defined. Usually this means the macro was only invoked conditionally.]]) fi])]) # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 8 # There are a few dirty hacks below to avoid letting `AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing # CC etc. in the Makefile, will ask for an AC_PROG_CC use... # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. # NAME is "CC", "CXX", "GCJ", or "OBJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was # modified to invoke _AM_DEPENDENCIES(CC); we would have a circular # dependency, and given that the user is not expected to run this macro, # just rely on AC_PROG_CC. AC_DEFUN([_AM_DEPENDENCIES], [AC_REQUIRE([AM_SET_DEPDIR])dnl AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl ifelse([$1], CC, [depcc="$CC" am_compiler_list=], [$1], CXX, [depcc="$CXX" am_compiler_list=], [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], [if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_$1_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` fi for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf case $depmode in nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; none) break ;; esac # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. if depmode=$depmode \ source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_$1_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_$1_dependencies_compiler_type=none fi ]) AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) AM_CONDITIONAL([am__fastdep$1], [ test "x$enable_dependency_tracking" != xno \ && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) ]) # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. # This macro is AC_REQUIREd in _AM_DEPENDENCIES AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl ]) # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE(dependency-tracking, [ --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' fi AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) AC_SUBST([AMDEPBACKSLASH]) ]) # Generate code to set up dependency tracking. -*- Autoconf -*- # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. #serial 3 # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [for mf in $CONFIG_FILES; do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # So let's grep whole file. if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then dirpart=`AS_DIRNAME("$mf")` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # When using ansi2knr, U may be empty or an underscore; expand it U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`AS_DIRNAME(["$file"])` AS_MKDIR_P([$dirpart/$fdir]) # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done ])# _AM_OUTPUT_DEPENDENCY_COMMANDS # AM_OUTPUT_DEPENDENCY_COMMANDS # ----------------------------- # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking # is enabled. FIXME. This creates each `.P' file that we will # need in order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) ]) # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 12 # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- # The call with PACKAGE and VERSION arguments is the old style # call (pre autoconf-2.50), which is being phased out. PACKAGE # and VERSION should now be passed to AC_INIT and removed from # the call to AM_INIT_AUTOMAKE. # We support both call styles for the transition. After # the next Automake release, Autoconf can make the AC_INIT # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.58])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl # test to see if srcdir already configured if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], [m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, [AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) AM_MISSING_PROG(AUTOCONF, autoconf) AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) AM_MISSING_PROG(AUTOHEADER, autoheader) AM_MISSING_PROG(MAKEINFO, makeinfo) AM_PROG_INSTALL_SH AM_PROG_INSTALL_STRIP AC_REQUIRE([AM_PROG_MKDIR_P])dnl # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], [_AM_DEPENDENCIES(CC)], [define([AC_PROG_CC], defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], [_AM_DEPENDENCIES(CXX)], [define([AC_PROG_CXX], defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl ]) ]) # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. # Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the # loop where config.status creates the headers, so we can generate # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $1 | $1:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count]) # Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl install_sh=${install_sh-"$am_aux_dir/install-sh"} AC_SUBST(install_sh)]) # Copyright (C) 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null AC_SUBST([am__leading_dot])]) # Check to see how 'make' treats includes. -*- Autoconf -*- # Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 3 # AM_MAKE_INCLUDE() # ----------------- # Check to see how make treats includes. AC_DEFUN([AM_MAKE_INCLUDE], [am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo done .PHONY: am__doit END # If we don't find an include directive, just comment out the code. AC_MSG_CHECKING([for style of include used by $am_make]) am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # We grep out `Entering directory' and `Leaving directory' # messages which can occur if `w' ends up in MAKEFLAGS. # In particular we don't look at `^make:' because GNU make might # be invoked under some other name (usually "gmake"), in which # case it prints its new name instead of `make'. if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then am__include=include am__quote= _am_result=GNU fi # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then am__include=.include am__quote="\"" _am_result=BSD fi fi AC_SUBST([am__include]) AC_SUBST([am__quote]) AC_MSG_RESULT([$_am_result]) rm -f confinc confmf ]) # Copyright (C) 1999, 2000, 2001, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 3 # AM_PROG_CC_C_O # -------------- # Like AC_PROG_CC_C_O, but changed for automake. AC_DEFUN([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC_C_O])dnl AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl # FIXME: we rely on the cache variable name because # there is no other way. set dummy $CC ac_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']` if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__CC in this case, # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" CC="$am_aux_dir/compile $CC" fi ]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997, 1999, 2000, 2001, 2003, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 4 # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN]) $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it supports --run. # If it does, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= AC_MSG_WARN([`missing' script is too old or missing]) fi ]) # Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_MKDIR_P # --------------- # Check whether `mkdir -p' is supported, fallback to mkinstalldirs otherwise. # # Automake 1.8 used `mkdir -m 0755 -p --' to ensure that directories # created by `make install' are always world readable, even if the # installer happens to have an overly restrictive umask (e.g. 077). # This was a mistake. There are at least two reasons why we must not # use `-m 0755': # - it causes special bits like SGID to be ignored, # - it may be too restrictive (some setups expect 775 directories). # # Do not use -m 0755 and let people choose whatever they expect by # setting umask. # # We cannot accept any implementation of `mkdir' that recognizes `-p'. # Some implementations (such as Solaris 8's) are not thread-safe: if a # parallel make tries to run `mkdir -p a/b' and `mkdir -p a/c' # concurrently, both version can detect that a/ is missing, but only # one can create it and the other will error out. Consequently we # restrict ourselves to GNU make (using the --version option ensures # this.) AC_DEFUN([AM_PROG_MKDIR_P], [if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then # We used to keeping the `.' as first argument, in order to # allow $(mkdir_p) to be used without argument. As in # $(mkdir_p) $(somedir) # where $(somedir) is conditionally defined. However this is wrong # for two reasons: # 1. if the package is installed by a user who cannot write `.' # make install will fail, # 2. the above comment should most certainly read # $(mkdir_p) $(DESTDIR)$(somedir) # so it does not work when $(somedir) is undefined and # $(DESTDIR) is not. # To support the latter case, we have to write # test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir), # so the `.' trick is pointless. mkdir_p='mkdir -p --' else # On NextStep and OpenStep, the `mkdir' command does not # recognize any option. It will interpret all options as # directories to create, and then abort because `.' already # exists. for d in ./-p ./--version; do test -d $d && rmdir $d done # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists. if test -f "$ac_aux_dir/mkinstalldirs"; then mkdir_p='$(mkinstalldirs)' else mkdir_p='$(install_sh) -d' fi fi AC_SUBST([mkdir_p])]) # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 3 # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) # _AM_SET_OPTION(NAME) # ------------------------------ # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), 1)]) # _AM_SET_OPTIONS(OPTIONS) # ---------------------------------- # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], [AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) # Check to make sure that the build environment is sane. -*- Autoconf -*- # Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 4 # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) # Just in case sleep 1 echo timestamp > conftest.file # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. set X `ls -t $srcdir/configure conftest.file` fi rm -f conftest.file if test "$[*]" != "X $srcdir/configure conftest.file" \ && test "$[*]" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken alias in your environment]) fi test "$[2]" = conftest.file ) then # Ok. : else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi AC_MSG_RESULT(yes)]) # Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_STRIP # --------------------- # One issue with vendor `install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we # always use install-sh in `make install-strip', and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl # Installed binaries are usually stripped using `strip' when the user # run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the `STRIP' environment variable to overrule this program. dnl Don't test for $cross_compiling = yes, because it might be `maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. # FORMAT should be one of `v7', `ustar', or `pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory # $tardir. # tardir=directory && $(am__tar) > result.tar # # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. AM_MISSING_PROG([AMTAR], [tar]) m4_if([$1], [v7], [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'], [m4_case([$1], [ustar],, [pax],, [m4_fatal([Unknown tar format])]) AC_MSG_CHECKING([how to create a $1 tar archive]) # Loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' _am_tools=${am_cv_prog_tar_$1-$_am_tools} # Do not fold the above two line into one, because Tru64 sh and # Solaris sh will not grok spaces in the rhs of `-'. for _am_tool in $_am_tools do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do AM_RUN_LOG([$_am_tar --version]) && break done am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x $1 -w "$$tardir"' am__tar_='pax -L -x $1 -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H $1 -L' am__tar_='find "$tardir" -print | cpio -o -H $1 -L' am__untar='cpio -i -H $1 -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_$1}" && break # tar/untar a dummy directory, and stop if the command works rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) rm -rf conftest.dir if test -s conftest.tar; then AM_RUN_LOG([$am__untar /dev/null 2>&1 && break fi done rm -rf conftest.dir AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR ipkungfu-0.6.1/files/0000777000175000017500000000000010555031736011462 500000000000000ipkungfu-0.6.1/files/conf/0000777000175000017500000000000010555031736012407 500000000000000ipkungfu-0.6.1/files/conf/forward.conf0000644000175000017500000000632410555031670014640 00000000000000# ========================================================================= # $Id: forward.conf 41 2005-10-30 23:39:47Z s0undt3ch $ # ========================================================================= # The FORWARD chain in iptables dictates the fate of any packet # that wants to travel past this machine, in either direction. # The defaults here are reasonable for machines acting as routers # for a *private* subnet, or standalone machines connected to the # internet without a local network. You should edit this file if # any of the following are true: # # - the machine running ipkungfu is a firewall/gateway for machines # with *public* ip addresses # - you want to customize what parts of your local network are to # be allowed access to what internet services # - you simply want more granular control of traffic passing # through your firewall/gateway # # The syntax of most of this file is similar to that of vhosts.conf # and it serves a similar purpose. You cannot forward ports in # this file, though. Only packets already destined for a machine # on your network will be affected by this file. For that reason # this file can be used to customize how traffic is filtered that # has already been forwarded by vhosts.conf. # This sets the default policy for the FORWARD chain. The default # setting here is "ACCEPT" for standalone machines and private # subnets, since no packets will reach the FORWARD chain in the # first case, and outside forces cannot route packets on a private # network in the second case. Valid choices here are ACCEPT # and DROP (I recently learned that for reasons I don't understand # REJECT is not a valid policy for the FORWARD chain). FORWARD_POLICY=ACCEPT # Here is where you specify what hosts or nets on the Internet are # to be allowed to access what hosts or nets on your network, or # the other way around. The syntax is for this part of the file # is source:destination:port:protocol:target. All the colons are # required. If any part of the sequence is left blank, it will # not be matched. For example: # # :192.168.0.10:::ACCEPT # # The source host, port, and protocol have all been left blank, # meaning that any type of traffic from any source is permitted # to go to 192.168.0.10. Valid protocols can be found in # /etc/protocols. Valid targets are ACCEPT, REJECT, DROP, and # LOG. In the case of LOG, an optional sixth parameter may be # used to specify the log prefix. For example: # # 208.14.0.0/255.255.0.0:192.168.0.7:80:tcp:LOG:Webserver Hit # 208.14.0.0/255.255.0.0:192.168.0.7:80:tcp:ACCEPT # # In this case, all traffic from 208.14.*.* destined for # 192.168.0.7 on tcp port 80 is logged and accepted. Note # that both these rules are required, in this order, for the # traffic to be logged and accepted (unless your default # FORWARD policy is ACCEPT, in which case it will be # accepted unless otherwise specified). If a rule other than # LOG is encountered, the packet will be assigned the fate # of the specified target and stop traversing the FORWARD # chain. For this reason, logging rules must come before # any rule that specifies a type of filter, such as DROP, # REJECT, or ACCEPT. #0/0:192.168.0.10:23:tcp:LOG:Telnet #0/0:192.168.0.10:23:tcp:ACCEPT ipkungfu-0.6.1/files/conf/deny_hosts.conf0000644000175000017500000000066210555031670015352 00000000000000# ========================================================================= # $Id: deny_hosts.conf 41 2005-10-30 23:39:47Z s0undt3ch $ # ========================================================================= # Please see the README and FAQ for more information # # IP addresses of hosts or nets to always send to $KNOWN_BAD # Think of this as a blacklist. # Example: #208.13.100.12 #6.4.13.0/255.255.255.0 #MSN Messenger servers ipkungfu-0.6.1/files/conf/advanced.conf0000644000175000017500000000704010555031670014735 00000000000000# ======================================================================= # $Id: advanced.conf 127 2005-12-08 02:41:56Z trappist $ # ======================================================================= #### Advanced Configuration Options ############################# ############################################################# ## Feel free to modify these settings if you know what you ## ## are doing, but most people won't need to mess with this ## ## section. Please read the README and FAQ for more info. ## ############################################################# # If you are trying to get an internet game to work # through your IP MASQ box, and you have set it up to # the best of your ability without it working, try # enabling this option. This option is disabled by # default due to possible internal machine UDP port # scanning vulnerabilities. # Set to 1 for yes 0 for no LOOSE_UDP_PATCH=0 # Log spoofed packets coming in on your external interface # This is not done via iptables, so the logs will be in # the syslog file for your kernel even if you use ulogd. LOG_MARTIANS=1 # There is a bug in current (at the time of this release) # Linux kernels that may allow some packets to leave the # local network with their original source IP address # intact. This does not pose a significant risk, but by # default we try to prevent it with this rule by # disallowing packets whose conntrack state is 'INVALID' # in the FORWARD chain. Comment this directive or set it # to 0 to disable. MASQUERADE_FIX=1 # From the tcp man page: # How many seconds to wait for a final FIN packet # before the socket is forcibly closed. This is # strictly a violation of the TCP specification, but # required to prevent denial-of-service attacks. FIN_TIMEOUT=30 # The number of seconds after no data has been trans- # mitted before a keep-alive will be sent on a con- # nection. TCP_KEEPALIVE=1800 # See rfc 1323 # http://rfc.net/rfc1323.html TCP_WINDOW_SCALING=1 # See rfc 2018 # http://rfc.net/rfc2018.html TCP_SACK=0 # man tcp for more info MAX_SYN_BACKLOG=1280 # man icmp ICMP_ECHO_IGNORE_BROADCASTS=1 # See http://www.linuxia.de/netfilter.en.html#221 # This setting won't have any effect right now # since ipkungfu doesn't use the QUEUE target IP_QUEUE_MAXLEN=2048 # man tcp TCP_TIMESTAMPS=0 # This option will cause the kernel to drop packets with malformed # headers, bad checksums, etc. The default is 0 because it is # considered experimental and can possible drop legal packets. DROP_UNCLEAN=0 # You may want to increase this number for servers SYN_FLOOD=10 SYN_FLOOD_BURST=24 # Support for tcp syn cookies (must be enabled in your # kernel, check kernel docs for details) SYN_COOKIES=1 # Uncomment this field to set the TTL for outgoing packets. This # helps to foil ISPs (or anyone else) who's trying to determine # whether this machine is a gateway for other machines on your # network. # A too low value will effectively break your internet connection. # See also: # http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TTLTARGET #TTL=126 # By default ipkungfu uses the multiport match from iptables to # match multiple ports for a number of situations. This is more # efficient, since a single rule is parsed rather than one for # each port. If your kernel lacks this functionality, or if you # need to use more ports than are supported (15), ipkungfu can # create a rule for each port instead, with some cost to # efficiency. ALLOWED_TCP_IN_USE_MULTIPORT=1 ALLOWED_UDP_IN_USE_MULTIPORT=1 DONT_LOG_TCP_USE_MULTIPORT=1 DONT_LOG_UDP_USE_MULTIPORT=1 ipkungfu-0.6.1/files/conf/services.conf0000644000175000017500000000174710555031670015023 00000000000000# ======================================================================= # $Id: services.conf 146 2006-01-25 21:13:38Z trappist $ # ======================================================================= # Services needed for TOS. # Do NOT change the list bellow, unless you run these services on diferent ports, # or you want to accept their traffic. In this case add ':ACCEPT' or any # other valid target. # # Service Names and Protocols are lowercase, Targets are UPPERCASE. # # Example: # ssh:22:tcp:ACCEPT ftp-data:20:tcp ftp:21:tcp ssh:22:tcp telnet:23:tcp smtp:25:tcp domain:53:tcp bootps:63:tcp http:80:tcp pop3:110:tcp auth:113:tcp ntp:123:tcp imap:143:tcp https:443:tcp imaps:993:tcp pop3s:995:tcp socks:1080:tcp # Some Examples #msn_messenger:1863:tcp:ACCEPT #msn_voice:6901:tcp:ACCEPT #msn_voice:6901:udp:ACCEPT #msn_files:6891-6900:tcp:ACCEPT # Add your services bellow. The rule is: # ServiceName:ServicePort:Protocol[:ACCEPT|DROP|REJECT|or any valid target)] # extra comments ipkungfu-0.6.1/files/conf/accept_hosts.conf0000644000175000017500000000070610555031670015651 00000000000000# ======================================================================= # $Id: accept_hosts.conf 41 2005-10-30 23:39:47Z s0undt3ch $ # ======================================================================= # Please see the README and FAQ for more information # # IP addresses of hosts or nets to always ACCEPT # and optionally, ports they are allowed to access # Format: host[:port:protocol] # Example: #208.13.100.12 #64.3.0.0/255.255.255.0:22:tcp ipkungfu-0.6.1/files/conf/custom.conf0000644000175000017500000000251610555031670014505 00000000000000# ========================================================================= # $Id: custom.conf 113 2005-11-24 01:57:02Z s0undt3ch $ # ========================================================================= # Please read the README and FAQ for more info. # # Insert your own iptables rules here. They will be added before all other # rules. If you have a good custom rule that would be beneficial to others, # email me about it so I can incorporate it into the next release. Please # send email to grasshopper@linuxkungfu.org # # If the machine that is running ipkungfu also serves as a DHCP server to other # machines on your local network, then uncomment the line below to allow them # access. This is for internal network only. #$IPTABLES -A INPUT -i $INT_NET -s 0.0.0.0 -j ACCEPT # For the Slapper worm #$IPTABLES -A OUTPUT -p udp --dport 2002 $LOG_CMD "SLAPPER!_rm_-f_/tmp/*bugtraq*" #$IPTABLES -A OUTPUT -p udp --dport 2002 -j DROP # Drop every other ping packet (just because we can) # You need the "nth" patch from patch-o-matic for this #$IPTABLES -A INPUT -p icmp --icmp-type echo-request -m nth --every 2 -j DROP #$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT # Trust these mac addresses #$IPTABLES -A INPUT -m mac --mac-source 00:C0:F0:6C:36:4D -j ACCEPT #$IPTABLES -A INPUT -m mac --mac-source 00:50:2C:04:84:08 -j ACCEPT ipkungfu-0.6.1/files/conf/post.conf0000644000175000017500000000053510555031670014157 00000000000000# ========================================================================= # $Id: post.conf 41 2005-10-30 23:39:47Z s0undt3ch $ # ========================================================================= # This file is parsed and executed after ipkungfu has run. # This can contain iptables rules, or anything else you want # run after ipkungfu. ipkungfu-0.6.1/files/conf/pre.conf0000644000175000017500000000077210555031670013763 00000000000000# ========================================================================= # $Id: pre.conf 41 2005-10-30 23:39:47Z s0undt3ch $ # ========================================================================= # This is a script that will be run at the very beginning # of ipkungfu's execution. Anything you want to run before # the firewall is loaded, every time it is loaded, can be # added here. It is parsed exactly like a bash script. # Example: #/bin/echo "`date`: ipkungfu started" >> /root/mylogs ipkungfu-0.6.1/files/conf/redirect.conf0000644000175000017500000000123510555031670014771 00000000000000# ========================================================================= # $Id: redirect.conf 41 2005-10-30 23:39:47Z s0undt3ch $ # ========================================================================= #Please read the README and FAQ for more information # # Redirect ports on THIS machine. Format is protocol:originalport:newport[:direction] # where direction is internal or external and is optional. Should traffic coming from # the internal network be affected (internal) or traffic from the internet (external)? # Leave empty to apply to all traffic. # Example: # tcp:443:10000 # redirect https to webmin # tcp:80:3128:internal # transparent squid proxy ipkungfu-0.6.1/files/conf/log.conf0000644000175000017500000000245310555031670013754 00000000000000# ========================================================================= # $Id: log.conf 41 2005-10-30 23:39:47Z s0undt3ch $ # ========================================================================= # Please read the README for more info. # # Many systems use /var/log/syslog for logging # # Logging facility to use. Default is syslog, as you # must have ulog support in your kernel, and your # userspace iptables, as well as have ulogd properly # configured and running to use ulog. LOG_FACILITY=syslog #LOG_FACILITY=ulog # This will make a log of all new connections established # on the external device LOG_EST_EXT=0 # This will log all new connections established on your # internal device(s) LOG_EST_INT=0 # Log packets that aren't caught by any specific rules LOG_CATCH_ALL=1 # Log port scans LOG_PORT_SCANS=1 # How many syslog entries per second (or minute) per rule? LOG_FLOOD="3/s" #LOG_FLOOD="1/m" # Log dropped icmp echo request packets beyond what you have # specified in PING_FLOOD LOG_PING=1 # Log packets potentially related to a Denial of Service attack LOG_DOS=1 # Log invalid packets LOG_INVALID=1 # Log fragmented packets LOG_FRAGMENTS=1 # Drop packets on these tcp ports without logging DONT_LOG_TCP="137 6666" # Drop packets on these udp ports without logging DONT_LOG_UDP="1434" ipkungfu-0.6.1/files/conf/ipkungfu.conf0000644000175000017500000001275710555031670015033 00000000000000# ========================================================================= # $Id: ipkungfu.conf 57 2005-11-02 17:04:20Z s0undt3ch $ # ========================================================================= # Please read the README and FAQ for more information # Some distros (most notably Redhat) don't have # everything we need in $PATH so we specify it here. # Make sure modprobe, iptables, and route are here, # as well as ordinary items such as echo and grep. # Default is as shown in the example below. #PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin # Set the path to ipkungfu's runtime error log. # Default: /var/log/ipkungfu.log #IPKUNGFU_LOG= # Your external interface # This is the one that connects to the internet. # Ipkungfu will detect this if you don't specify. #EXT_NET="eth0" #EXT_NET="eth1" #EXT_NET="ppp0" # Your internal interfaces, if any. If you have more # than 1 internal interface, separate them with # spaces. If you only have one interface, put "lo" # here. Default is auto-detected. #INT_NET="eth0" #INT_NET="eth1" #INT_NET="lo" # IP Range of your internal network. Use "127.0.0.1" # for a standalone machine. Default is a reasonable # guess. Separate multiple ranges with spaces. #LOCAL_NET="192.168.0.0/255.255.0.0 10.0.0.0/255.0.0.0" # Set this to 0 for a standalone machine, or 1 for # a gateway device to share an Internet connection. # Default is 1. #GATEWAY=1 # TCP ports you want to allow for incoming traffic # Don't add ports here that you intend to forward. # This should be a list of tcp ports that have # servers listening on them on THIS machine, # separated by spaces. You can add port ranges # delimited by hyphens, such as "20-22". Default # is none. #ALLOWED_TCP_IN="21 22" # UDP ports to allow for incoming traffic # See the comments above for ALLOWED_TCP_IN #ALLOWED_UDP_IN="" # Temporarily block future connection attempts from an # IP that hits these ports (If module is present) # Hits to these ports will be logged as "BADGUY" hits # regardless of log.conf settings. #FORBIDDEN_PORTS="135 137 139" # Drop all ping packets? # Set to 1 for yes, 0 for no. Default is no. #BLOCK_PINGS=0 # Possible values here are "DROP", "REJECT", or "MIRROR" # # "DROP" means your computer will not respond at all. "Stealth mode" # # "REJECT" means your computer will respond with a # message that the packet was rejected. # # "MIRROR", if your kernel supports it, will swap the source and # destination IP addresses, and send the offending packet back # where it came from. USE WITH EXTREME CAUTION! Only use this if you fully # understand the consequences. # # The safest option, and the default in each case,, is "DROP". Don't change # unless you fully understand this. # What to do with 'probably malicious' packets #SUSPECT="REJECT" #SUSPECT="DROP" # What to do with obviously invalid traffic # This is also the action for FORBIDDEN_PORTS #KNOWN_BAD="REJECT" #KNOWN_BAD="DROP" # What to do with port scans #PORT_SCAN="REJECT" #PORT_SCAN="DROP" # How should ipkungfu determine your IP address? The default # answer, "NONE", will cause ipkungfu to not use the few # features that require it to know your external IP address. # This option is good for dialup users who run ipkungfu on # bootup, since dialup users rarely use the features that # require this, and the IP address for a dialup connection # generally isn't known at bootup. "AUTO" will cause # ipkungfu to automatically determine the IP address of # $EXT_NET when it is started. If you have a static IP # address you can simply enter your IP address here. # If you do port forwarding and your ISP changes your IP # address, choose NONE here, or your port forwarding # will break when your IP address changes. Default is # "NONE". #GET_IP="NONE" #GET_IP="AUTO" #GET_IP="128.238.244.16" # If the target for identd (113/tcp) is DROP, it can take # a long time to connect to some IRC servers. Set this to # 1 to speed up these connections with a negligible cost # to security. Identd probes will be rejected with the # 'reject-with-tcp-reset' option to close the connection # gracefully. If you want to actually allow ident probes, # and you're running an identd, and you've allowed port # 113 in ALLOWED_TCP_IN, set this to 0. Default is 0. #DONT_DROP_IDENTD=0 # Set this to 0 if you're running ipkungfu on a machine # inside your LAN. This will cause private IP addresses # coming in on $EXT_NET to be identified as a spoof, # which would be inaccurate on intra-LAN traffic # This will cause private IP addresses coming in on # $EXT_NET to be identified as a spoof. Default is 1. #DISALLOW_PRIVATE=1 # For reasons unknown to me, ipkungfu sometimes causes # kernel panics when run at init time. This is my # attempt to work around that. Ipkungfu will wait # the specified number of seconds before starting, to # let userspace/kernel traffic catch up before executing. # Default is 0. #WAIT_SECONDS=5 # This option, if enabled, will cause ipkungfu to set # the default policy on all builtin chains in the filter # table to ACCEPT in the event of a failure. This is # intended for remote administrators who may be locked # out of the firewall if ipkungfu fails. A warning to # this effect will be echoed so that the situation can be # rectified quickly. This is the same as running # ipkungfu with --failsafe. Default is 0. #FAILSAFE=0 # Configurable list of kernel modules to load at runtime. # If no list is provided, the default and needed ones, # ip_nat_irc, ip_conntrack_ftp ip_nat_ftp ip_conntrack_irc, # will still be loaded. #MODULES_LIST="" ipkungfu-0.6.1/files/conf/vhosts.conf0000644000175000017500000000326110555031670014517 00000000000000# ========================================================================= # $Id: vhosts.conf 43 2005-10-31 00:10:10Z s0undt3ch $ # ========================================================================= # Please read the README and FAQ for more info. # # Use this file to set up servers on machines behind your # gateway. Use this format: # allowedhost:virtualhostIP:originalport:destinationport:protocol # where allowedhost is an IP address or subnet, or 0/0 to # allow the whole world access. # # Ports and protocols are semi-optional. If you omit originalport # you must also omit destinationport, and all traffic matching # protocol will be forwarded, and protocol is not optional. If # originalport and destinationport are specified but protocol is # not, both tcp and udp ports will be forwarded. # # Examples: #0/0:192.168.0.10:7777-7788:7777-7788:udp # UT or UT2k3 on 192.168.0.10 #0/0:192.168.0.10:28902:28902:udp # UT or UT2k3 on 192.168.0.10 #0/0:192.168.0.10:8000:8000:tcp # UT or UT2k3 on 192.168.0.10 (web admin) #0/0:192.168.0.10:5120-5300:5121:udp # NWN server #0/0:192.168.0.10:6881-6889:6881-6889:tcp # Bittorrent #0/0:192.168.0.10:1241:1241:tcp # nessus server #0/0:192.168.0.10:28765:28765: # cube #0/0:192.168.0.10:6436:6436:tcp # gnutella #0/0:192.168.0.10:2234-2235:2234-2235: # Operation FlashPoint #0/0:192.168.0.10:2300-2400:2300-2400:tcp # m$fs and OFP #0/0:192.168.0.10:6073:6073:tcp # m$fs and OFP #0/0:192.168.0.10:47624:47624:tcp # m$fs and OFP #0/0:192.168.0.10:49000:49000: # xplane #0/0:192.168.0.10:4000:4000:tcp # To enable file icq file xfer, config #0/0:192.168.0.10:4000-4100:4000-4100:tcp # icq to listen on ports 4000-4100 (default) ipkungfu-0.6.1/files/rc.ipkungfu0000755000175000017500000000437710555031670013567 00000000000000#!/bin/sh # ========================================================================= # $Id: rc.ipkungfu 42 2005-10-30 23:48:11Z s0undt3ch $ # ========================================================================= # $URL: http://ipkungfu.ufsoft.org/svn/tags/ipkungfu-0.6.1/files/rc.ipkungfu $ # $LastChangedDate: 2005-10-30 17:48:11 -0600 (Sun, 30 Oct 2005) $ # $Rev: 42 $ # $LastChangedBy: s0undt3ch $ # ========================================================================= # ipkungfu startup script # # chkconfig: 2345 98 92 # # description: Starts the ipkungfu firewall # # by Rocco Stanzione, based on the iptables script: # Script Author: Rocco Stanzione # # Source 'em up #. /etc/init.d/functions IPKF_CONFIG=/etc/ipkungfu/ipkungfu.conf IPKF_EXE=/usr/local/sbin/ipkungfu if [ ! -x $IPKF_EXE ]; then exit 0 fi KERNELMAJ=`uname -r | sed -e 's,\..*,,'` KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'` if [ "$KERNELMAJ" -lt 2 ] ; then exit 0 fi if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then exit 0 fi if /sbin/lsmod 2>/dev/null |grep -q ipchains ; then echo "ipchains module loaded. Aborting. Try rmmod ipchains and try again." exit 0 fi status="$IPKF_EXE --init" start() { # don't do squat if we don't have the config file if [ -f $IPKF_CONFIG ]; then printf "Starting ipkungfu: " #status="$IPKF_EXE --init" if $status; then echo -e " [\\033[1;32m OK\\033[0;39m ]" else echo -e " [\\033[1;31m FAILED\\033[0;39m ]" fi else echo -e " [\\033[1;31m FAILED\\033[0;39m ]" fi } stop() { $IPKF_EXE --disable #rm -f /var/lock/subsys/ipkungfu } case "$1" in start) start ;; stop) stop ;; restart|reload) # "restart" is really just "start" as this isn't a daemon, # and "start" clears any pre-defined rules anyway. # This is really only here to make those who expect it happy start ;; status) $IPKF_EXE --check ;; panic) $IPKF_EXE --panic ;; *) printf "Usage: %s {start|stop|restart|status|panic}\n" "$0" exit 1 esac exit 0 ipkungfu-0.6.1/README0000644000175000017500000002753210555031670011162 00000000000000=============================================================================== $Id: README 137 2006-01-04 08:31:23Z trappist $ =============================================================================== IPKungFu version 0.6.0 Notes and configuration information on IPKungFu Please see the FAQ for troubleshooting. IPKungFu man page available after installation man ipkungfu WHAT IS IPKUNGFU? Ipkungfu is an iptables-based Linux firewall. The primary design goals are security, ease of use, and performance, in that order. It takes advantage of advanced features of iptables and the Linux kernel. Ipkungfu can handle a wide array of configurations, and supports Internet connection sharing, multiple virtual hosts, IP forwarding, IP masquerading, configurable logging, string matching and much more. It is designed with both the novice and the expert in mind with its simple configuration interface. WHO SHOULD USE IPKUNGFU? Anyone who wishes to simplify the creation of an iptables-based firewall. Additionally, anyone who would like a simple method of configuring a Linux machine to share its Internet connection. HOW DOES IT WORK? It takes configuration directives from the files in /etc/ipkungfu and uses them, along with some information gathered from your system, to build a firewall using iptables and sysctl. It is primarily an interface to iptables. which in turn is an interface to the Linux kernel's netfilter code. WHERE CAN I GET THE LATEST VERSION? IPKungFu can be obtained from http://freshmeat.net/ipkungfu Please send bug reports to bugreport@linuxkungfu.org Or, submit them to ipkungfu's development site: http://ipkungfu.ufsoft.org I HAVE A QUESTION THAT IS NOT ANSWERED IN THIS DOCUMENT. First read the FAQ, your question may be answered there. You may post questions at http://freshmeat.net/ipkungfu, you may be able to find me on IRC at: irc.freenode.net channel: #ipkungfu, or you can subscribe to our users mailing list: To subscribe to the list, send a message to: ipkungfu-users-subscribe@ufsoft.org To remove your address from the list, just send a message to the address in the "List-Unsubscribe" header of any list message. If you haven't changed addresses since subscribing, you can also send a message to: ipkungfu-users-unsubscribe@ufsoft.org HOW DO I RUN IPKUNGFU? Running ipkungfu is done in a few simple steps. (as root) 1) Download and unpack the source. 2) Install per the installation instructions (./configure && make && sudo make install) 3) Edit configuration files in /etc/ipkungfu to taste. 4) Execute ipkungfu. WHAT COMMAND LINE OPTIONS ARE AVAILABLE? -t or --test Test the configuration, listing some of the optional kernel support installed, the interfaces in use, IP addresses, whether or not you have chosen IP forwarding, IP masquerading, subnet and ports you have chosen to allow. -d or --disable Disables the firewall and sets the default policies back to ACCEPT. Internet connection sharing is not disabled. -h or --help Displays all options available to ipkungfu. -v or --version Displays the version number of ipkungfu and exits. -l or --list Displays the iptables rule sets and exits. -c or --check Check to see if ipkungfu is loaded and display if it is in disable mode or panic mode if either. -f or --flush Flush all iptables rules and delete custom chains. This completely takes down the firewall, and will also disable Internet connection sharing. --panic Panic mode. All internal and external access is denied. Nothing is allowed, in or out. --quiet Runs ipkungfu with no standard output. --show-vars Shows main configuration options (whether specified or auto detected) and exits. --failsafe If ipkungfu fails, default policy for all builtin chains will revert to ACCEPT. This essentially means the firewall will be disabled if it fails. This is useful for working with ipkungfu remotely, to prevent loss of access to the machine. --no-caching As of version 0.6.0, ipkungfu now supports rules caching support which in case rules haven't changed, will make ipkungfu load way faster. Passing this argument disables this feature. WHAT DO I NEED TO RUN IPKUNGFU? ipkungfu requires a Linux kernel of 2.4.x or higher. The following should be compiled into your kernel or as a module. Note that most Linux distributions already have much of this already, especially the required section. If you have other firewalls running, you should disable or uninstall them first to avoid conflict. Required: connection tracking IP tables support connection state match support REJECT target support full NAT MASQUERADE target support packet mangling TOS target support LOG (and/or ULOG) target support multiple port match support Highly recommended: FTP protocol support IRC protocol support limit match support REDIRECT target support NAT of local connections Optional: ULOG target support MIRROR target support string match support iplimit support recent match support psd match support nth match support tcp syncookie support Currently IPKungFu does not support IPv6 INSTALLING IPKUNGFU Installation of ipkungfu is designed to be as simple as possible. Unlike previous (and future) versions, ipkungfu does not ship with a configurator, and no configuration is done automatically at install time. To install, download the ipkungfu-.tgz file and run: tar zxvf ipkungfu-.tgz Or if you have the ipkungfu-.tar.bz2 file: tar jxvf ipkungfu-.tar.bz2 This will unpack and extract the files to a subdirectory named ipkungfu- Then change into that directory: cd ipkungfu- And then do: ./configure && make And then su to root. (You must be root to be able to install) Then do: make install If this is the first time you install ipkungfu on your system also do: make install-config This will install the default configuration files. You MUST edit these files before you run ipkungfu. DO NOT run the above command if you have installed ipkungfu before and you want you current configuration files, if you do, your old configuration files will be overrriden. CONFIGURATION FILES There are several configuration files, each one corresponding to a specific function or set of functions. Advanced users or those with more complex networks will want to edit most or all of these files. They are located in /etc/ipkungfu/ and are: accept_hosts.conf : IP addresses of hosts or nets to always ACCEPT and optionally the ports they are allowed to access advanced.conf : Configuration settings for advanced users. custom.conf : Here you will find sample rules several sample rules already predefined. This is where you would add any custom rules you want applied to your firewall. This file is parsed first, before any other rules are added by ipkungfu, to ensure that none of ipkungfu's rules override the rules in this file. deny_hosts.conf : You can list IP addresses/subnets:ports:protocols you wish to block completely. This file is parsed before accept_hosts.conf and takes precedence over it. ipkungfu.conf : This is the main configuration file. Edit this file, if nothing else. For most people, this is the only file that needs to be edited to set up a decent firewall, with or without Internet connection sharing. WARNING: ALLOW_TCP_IN and ALLOW_UDP_IN are now deprecated and mantained only for backward compatability. Now use services.conf. log.conf : This file specifies what the firewall will log and the rate at which it is logged. By default, nearly all dropped packets are logged. To turn logging off on a particular item, change the 1 (log) to a 0 (don't log). The default location of the log on most systems is /var/log/syslog. Consult your syslogd configuration to find out where kernel logs are stored. redirect.conf : Use this file to specify where certain traffic should be routed on the SAME machine. If you want to redirect ports that come in on one port, and should go to another, set them up here. There is a single entry here that is commented out by default- tcp:443:10000 which redirects incoming https traffic on port 443 to webmin on port 10000. Please see the file for more information. vhosts.conf : If you have virtual hosts, (servers on machines behind your gateway), define the routing rules here. This file makes it possible to have servers behind the firewall, with private IP addresses, accessible from the Internet. pre.conf : This is parsed and executed as a bash script prior to running ipkungfu. post.conf : This is parsed and executed as a bash script after ipkungfu has completed execution. services.conf : Here you keep all of your rules previously defined in ipkungfu.conf as ALLOW_TCP_IN and ALLOW_UDP_IN, plus more. Edit the file, it's self explanatory. MANUALLY EDITING FILES Most people, especially those with very simple configurations, will only need to edit /etc/ipkungfu/ipkungfu.conf if anything at all. As of 0.5.1 ipkungfu does a lot of detecting and guessing for the main configuration parameters unless you specify their values in ipkungfu.conf. This should work for most people. To go over the list of variables as ipkungfu knows them, run ipkungfu --show-vars. If anything looks wrong, edit the appropriate configuration file accordingly. A "#" is a comment. When a line begins with #, the whole line is ignored. If you want enable an option in a configuration file that is commented out, simply remove the leading #. If you wish to remove an option, place a # in front of that line. Note that anytime you edit a configuration file, you MUST rerun the script as outlined below in order for changes to take effect. RUNNING THE SCRIPT Now that you have ipkungfu configured, you must run the ipkungfu script as root to enable the firewall. /usr/local/sbin/ipkungfu or, if /usr/local/sbin is in your PATH, simply ipkungfu or, if your system is chkconfig-compatible, try /etc/init.d/ipkungfu start or /etc/rc.d/init.d/ipkungfu start You should see several lines explaining what is being done, unless you started ipkungfu using the init script. If you would like ipkungfu to start at boot time, and your system is chkconfig compatable, then do (as root) chkconfig --level 2345 ipkungfu on This turns ipkungfu on for runlevels 2, 3, 4 and 5. Put whatever levels you like, with the obvious exceptions of levels 0, 1 or 6. That's it! You can check to verify that the firewall is loaded: ipkungfu -c or --check You can also check to see if the firewall is running by ipkungfu -l or --list You should see several lines or pages of chains and rules. If you only see a few lines, or an error message, then the firewall is probably not enabled. Any time you make a change to any of your configuration files, you MUST run ipkungfu again for your changes to take effect. TROUBLESHOOTING Most problems can be resolved by checking your settings in your configuration files. Many users overlook certain settings, so you may want to double-check them to be sure. Remember to run ipkungfu again (/usr/local/sbin/ipkungfu) after making any changes to the configuration files (located in /etc/ipkungfu/). Please see the FAQ for more troubleshooting issues and resolutions. If all else fails, you can ask for help via IRC at: irc.freenode.net channel #ipkungfu, or use the users mailing list show on the top of this document. UNINSTALLING IPKUNGFU Although uninstalling IPKungFu is not recommended, you may safely uninstall it. Run: ipkungfu --disable Your iptables rules will be flushed and reset to the default ACCEPT policy. Go to the directory where you unpacked ipkungfu and run: make uninstall If an error is outputed, do: ./configure && make uninstall ipkungfu-0.6.1/configure0000755000175000017500000055620110555031725012212 00000000000000#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.61 for IPKungFu 0.6.1. # # Report bugs to . # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, # 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi # PATH needs CR # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Support unset when possible. if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) as_nl=' ' IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 { (exit 1); exit 1; } fi # Work around bugs in pre-3.0 UWIN ksh. for as_var in ENV MAIL MAILPATH do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. for as_var in \ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ LC_TELEPHONE LC_TIME do if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then eval $as_var=C; export $as_var else ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var fi done # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # CDPATH. $as_unset CDPATH if test "x$CONFIG_SHELL" = x; then if (eval ":") 2>/dev/null; then as_have_required=yes else as_have_required=no fi if test $as_have_required = yes && (eval ": (as_func_return () { (exit \$1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = \"\$1\" ); then : else exitcode=1 echo positional parameters were not saved. fi test \$exitcode = 0) || { (exit 1); exit 1; } ( as_lineno_1=\$LINENO as_lineno_2=\$LINENO test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" && test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; } ") 2> /dev/null; then : else as_candidate_shells= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. case $as_dir in /*) for as_base in sh bash ksh sh5; do as_candidate_shells="$as_candidate_shells $as_dir/$as_base" done;; esac done IFS=$as_save_IFS for as_shell in $as_candidate_shells $SHELL; do # Try only shells that exist, to save several forks. if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { ("$as_shell") 2> /dev/null <<\_ASEOF if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi : _ASEOF }; then CONFIG_SHELL=$as_shell as_have_required=yes if { "$as_shell" 2> /dev/null <<\_ASEOF if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi : (as_func_return () { (exit $1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = "$1" ); then : else exitcode=1 echo positional parameters were not saved. fi test $exitcode = 0) || { (exit 1); exit 1; } ( as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; } _ASEOF }; then break fi fi done if test "x$CONFIG_SHELL" != x; then for as_var in BASH_ENV ENV do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done export CONFIG_SHELL exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} fi if test $as_have_required = no; then echo This script requires a shell more modern than all the echo shells that I found on your system. Please install a echo modern shell, or manually run the script under such a echo shell if you do have one. { (exit 1); exit 1; } fi fi fi (eval "as_func_return () { (exit \$1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = \"\$1\" ); then : else exitcode=1 echo positional parameters were not saved. fi test \$exitcode = 0") || { echo No shell found that supports shell functions. echo Please tell autoconf@gnu.org about your system, echo including any error possibly output before this echo message } as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line after each line using $LINENO; the second 'sed' # does the real work. The second script uses 'N' to pair each # line-number line with the line containing $LINENO, and appends # trailing '-' during substitution so that $LINENO is not a special # case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # scripts with optimization help from Paolo Bonzini. Blame Lee # E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in -n*) case `echo 'x\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. *) ECHO_C='\c';; esac;; *) ECHO_N='-n';; esac if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir fi echo >conf$$.file if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p=: else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='IPKungFu' PACKAGE_TARNAME='ipkungfu' PACKAGE_VERSION='0.6.1' PACKAGE_STRING='IPKungFu 0.6.1' PACKAGE_BUGREPORT='http://ipkungfu.ufsoft.org' ac_unique_file="dummy_server.c" # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datarootdir datadir sysconfdir sharedstatedir localstatedir includedir oldincludedir docdir infodir htmldir dvidir pdfdir psdir libdir localedir mandir DEFS ECHO_C ECHO_N ECHO_T LIBS build_alias host_alias target_alias INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE IPTABLES MD5SUM MODPROBE RMMOD DEPMOD LSMOD CUT TR GREP SED SU KILLALL NETSTAT CHOWN CPP EGREP pkgsysconfdir pkgdatadir pkgdocdir LIBOBJS LTLIBOBJS' ac_subst_files='' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP' # Initialize some variables set by options. ac_init_help= ac_init_version=false # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid feature name: $ac_feature" >&2 { (exit 1); exit 1; }; } ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` eval enable_$ac_feature=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid feature name: $ac_feature" >&2 { (exit 1); exit 1; }; } ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` eval enable_$ac_feature=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid package name: $ac_package" >&2 { (exit 1); exit 1; }; } ac_package=`echo $ac_package | sed 's/[-.]/_/g'` eval with_$ac_package=\$ac_optarg ;; -without-* | --without-*) ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid package name: $ac_package" >&2 { (exit 1); exit 1; }; } ac_package=`echo $ac_package | sed 's/[-.]/_/g'` eval with_$ac_package=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) { echo "$as_me: error: unrecognized option: $ac_option Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; } ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 { (exit 1); exit 1; }; } eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` { echo "$as_me: error: missing argument to $ac_option" >&2 { (exit 1); exit 1; }; } fi # Be sure to have absolute directory names. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 { (exit 1); exit 1; }; } done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used." >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || { echo "$as_me: error: Working directory cannot be determined" >&2 { (exit 1); exit 1; }; } test "X$ac_ls_di" = "X$ac_pwd_ls_di" || { echo "$as_me: error: pwd does not report name of working directory" >&2 { (exit 1); exit 1; }; } # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$0" || $as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$0" : 'X\(//\)[^/]' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || echo X"$0" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 { (exit 1); exit 1; }; } fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2 { (exit 1); exit 1; }; } pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures IPKungFu 0.6.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/ipkungfu] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of IPKungFu 0.6.1:";; esac cat <<\_ACEOF Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF IPKungFu configure 0.6.1 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by IPKungFu $as_me 0.6.1, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; 2) ac_configure_args1="$ac_configure_args1 '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi ac_configure_args="$ac_configure_args '$ac_arg'" ;; esac done done $as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } $as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo cat <<\_ASBOX ## ---------------- ## ## Cache variables. ## ## ---------------- ## _ASBOX echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( *) $as_unset $ac_var ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo cat <<\_ASBOX ## ----------------- ## ## Output variables. ## ## ----------------- ## _ASBOX echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then cat <<\_ASBOX ## ------------------- ## ## File substitutions. ## ## ------------------- ## _ASBOX echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then cat <<\_ASBOX ## ----------- ## ## confdefs.h. ## ## ----------- ## _ASBOX echo cat confdefs.h echo fi test "$ac_signal" != 0 && echo "$as_me: caught signal $ac_signal" echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer explicitly selected file to automatically selected ones. if test -n "$CONFIG_SITE"; then set x "$CONFIG_SITE" elif test "x$prefix" != xNONE; then set x "$prefix/share/config.site" "$prefix/etc/config.site" else set x "$ac_default_prefix/share/config.site" \ "$ac_default_prefix/etc/config.site" fi shift for ac_site_file do if test -r "$ac_site_file"; then { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special # files actually), so we avoid doing that. if test -f "$cache_file"; then { echo "$as_me:$LINENO: loading cache $cache_file" >&5 echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { echo "$as_me:$LINENO: creating cache $cache_file" >&5 echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 echo "$as_me: former value: $ac_old_val" >&2;} { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 echo "$as_me: current value: $ac_new_val" >&2;} ac_cache_corrupted=: fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 echo "$as_me: error: changes in the environment can compromise the build" >&2;} { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} { (exit 1); exit 1; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu am__api_version="1.9" ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5 echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;} { (exit 1); exit 1; }; } fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. { echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; } if test -z "$INSTALL"; then if test "${ac_cv_path_install+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in ./ | .// | /cC/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi done done ;; esac done IFS=$as_save_IFS fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { echo "$as_me:$LINENO: result: $INSTALL" >&5 echo "${ECHO_T}$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { echo "$as_me:$LINENO: checking whether build environment is sane" >&5 echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6; } # Just in case sleep 1 echo timestamp > conftest.file # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. set X `ls -t $srcdir/configure conftest.file` fi rm -f conftest.file if test "$*" != "X $srcdir/configure conftest.file" \ && test "$*" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken alias in your environment" >&5 echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken alias in your environment" >&2;} { (exit 1); exit 1; }; } fi test "$2" = conftest.file ) then # Ok. : else { { echo "$as_me:$LINENO: error: newly created file is older than distributed files! Check your system clock" >&5 echo "$as_me: error: newly created file is older than distributed files! Check your system clock" >&2;} { (exit 1); exit 1; }; } fi { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. echo might interpret backslashes. # By default was `s,x,x', remove it if useless. cat <<\_ACEOF >conftest.sed s/[\\$]/&&/g;s/;s,x,x,$// _ACEOF program_transform_name=`echo $program_transform_name | sed -f conftest.sed` rm -f conftest.sed # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5 echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} fi if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then # We used to keeping the `.' as first argument, in order to # allow $(mkdir_p) to be used without argument. As in # $(mkdir_p) $(somedir) # where $(somedir) is conditionally defined. However this is wrong # for two reasons: # 1. if the package is installed by a user who cannot write `.' # make install will fail, # 2. the above comment should most certainly read # $(mkdir_p) $(DESTDIR)$(somedir) # so it does not work when $(somedir) is undefined and # $(DESTDIR) is not. # To support the latter case, we have to write # test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir), # so the `.' trick is pointless. mkdir_p='mkdir -p --' else # On NextStep and OpenStep, the `mkdir' command does not # recognize any option. It will interpret all options as # directories to create, and then abort because `.' already # exists. for d in ./-p ./--version; do test -d $d && rmdir $d done # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists. if test -f "$ac_aux_dir/mkinstalldirs"; then mkdir_p='$(mkinstalldirs)' else mkdir_p='$(install_sh) -d' fi fi for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_AWK+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AWK="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { echo "$as_me:$LINENO: result: $AWK" >&5 echo "${ECHO_T}$AWK" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$AWK" && break done { echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6; } set x ${MAKE-make}; ac_make=`echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } SET_MAKE= else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null # test to see if srcdir already configured if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5 echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;} { (exit 1); exit 1; }; } fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE='ipkungfu' VERSION='0.6.1' cat >>confdefs.h <<_ACEOF #define PACKAGE "$PACKAGE" _ACEOF cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF # Some tools Automake needs. ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} install_sh=${install_sh-"$am_aux_dir/install-sh"} # Installed binaries are usually stripped using `strip' when the user # run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the `STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_STRIP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { echo "$as_me:$LINENO: result: $STRIP" >&5 echo "${ECHO_T}$STRIP" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_STRIP="strip" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 echo "${ECHO_T}$ac_ct_STRIP" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi fi INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s" # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. AMTAR=${AMTAR-"${am_missing_run}tar"} am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -' ac_config_headers="$ac_config_headers config.h" # Checks for programs ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="gcc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { echo "$as_me:$LINENO: result: $CC" >&5 echo "${ECHO_T}$CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="$ac_prog" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&5 echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoconf@gnu.org." >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&5 echo "$as_me: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } # Provide some information about the compiler. echo "$as_me:$LINENO: checking for C compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` { (ac_try="$ac_compiler --version >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler --version >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -v >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler -v >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -V >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compiler -V >&5") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; } ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # # List of possible output files, starting from the most likely. # The algorithm is not robust to junk in `.', hence go to wildcards (a.*) # only as a last resort. b.out is created by i960 compilers. ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out' # # The IRIX 6 linker writes into existing files which may not be # executable, retaining their permissions. Remove them first so a # subsequent execution test works. ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { (ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link_default") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi { echo "$as_me:$LINENO: result: $ac_file" >&5 echo "${ECHO_T}$ac_file" >&6; } if test -z "$ac_file"; then echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { echo "$as_me:$LINENO: error: C compiler cannot create executables See \`config.log' for more details." >&5 echo "$as_me: error: C compiler cannot create executables See \`config.log' for more details." >&2;} { (exit 77); exit 77; }; } fi ac_exeext=$ac_cv_exeext # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { echo "$as_me:$LINENO: checking whether the C compiler works" >&5 echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; } # FIXME: These cross compiler hacks should be removed for Autoconf 3.0 # If not cross compiling, check that we can run a simple program. if test "$cross_compiling" != yes; then if { ac_try='./$ac_file' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { echo "$as_me:$LINENO: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&5 echo "$as_me: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi fi fi { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } rm -f a.out a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; } { echo "$as_me:$LINENO: result: $cross_compiling" >&5 echo "${ECHO_T}$cross_compiling" >&6; } { echo "$as_me:$LINENO: checking for suffix of executables" >&5 echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; } if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&5 echo "$as_me: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi rm -f conftest$ac_cv_exeext { echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 echo "${ECHO_T}$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT { echo "$as_me:$LINENO: checking for suffix of object files" >&5 echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; } if test "${ac_cv_objext+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&5 echo "$as_me: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 echo "${ECHO_T}$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; } if test "${ac_cv_c_compiler_gnu+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_compiler_gnu=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; } GCC=`test $ac_compiler_gnu = yes && echo yes` ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; } if test "${ac_cv_prog_cc_g+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_g=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 CFLAGS="" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_g=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; } if test "${ac_cv_prog_cc_c89+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_c89=$ac_arg else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { echo "$as_me:$LINENO: result: none needed" >&5 echo "${ECHO_T}none needed" >&6; } ;; xno) { echo "$as_me:$LINENO: result: unsupported" >&5 echo "${ECHO_T}unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;; esac ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu DEPDIR="${am__leading_dot}deps" ac_config_commands="$ac_config_commands depfiles" am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo done .PHONY: am__doit END # If we don't find an include directive, just comment out the code. { echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5 echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6; } am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # We grep out `Entering directory' and `Leaving directory' # messages which can occur if `w' ends up in MAKEFLAGS. # In particular we don't look at `^make:' because GNU make might # be invoked under some other name (usually "gmake"), in which # case it prints its new name instead of `make'. if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then am__include=include am__quote= _am_result=GNU fi # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then am__include=.include am__quote="\"" _am_result=BSD fi fi { echo "$as_me:$LINENO: result: $_am_result" >&5 echo "${ECHO_T}$_am_result" >&6; } rm -f confinc confmf # Check whether --enable-dependency-tracking was given. if test "${enable_dependency_tracking+set}" = set; then enableval=$enable_dependency_tracking; fi if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' fi if test "x$enable_dependency_tracking" != xno; then AMDEP_TRUE= AMDEP_FALSE='#' else AMDEP_TRUE='#' AMDEP_FALSE= fi depcc="$CC" am_compiler_list= { echo "$as_me:$LINENO: checking dependency style of $depcc" >&5 echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6; } if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_CC_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf case $depmode in nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; none) break ;; esac # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. if depmode=$depmode \ source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_CC_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_CC_dependencies_compiler_type=none fi fi { echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5 echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then am__fastdepCC_TRUE= am__fastdepCC_FALSE='#' else am__fastdepCC_TRUE='#' am__fastdepCC_FALSE= fi # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. { echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; } if test -z "$INSTALL"; then if test "${ac_cv_path_install+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in ./ | .// | /cC/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi done done ;; esac done IFS=$as_save_IFS fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { echo "$as_me:$LINENO: result: $INSTALL" >&5 echo "${ECHO_T}$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' # Compiler if test "x$CC" != xcc; then { echo "$as_me:$LINENO: checking whether $CC and cc understand -c and -o together" >&5 echo $ECHO_N "checking whether $CC and cc understand -c and -o together... $ECHO_C" >&6; } else { echo "$as_me:$LINENO: checking whether cc understands -c and -o together" >&5 echo $ECHO_N "checking whether cc understands -c and -o together... $ECHO_C" >&6; } fi set dummy $CC; ac_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` if { as_var=ac_cv_prog_cc_${ac_cc}_c_o; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF # Make sure it works both with $CC and with simple cc. # We do the test twice because some compilers refuse to overwrite an # existing .o file with -o, though they will create one. ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5' rm -f conftest2.* if { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && test -f conftest2.$ac_objext && { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then eval ac_cv_prog_cc_${ac_cc}_c_o=yes if test "x$CC" != xcc; then # Test first that cc exists at all. if { ac_try='cc -c conftest.$ac_ext >&5' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5' rm -f conftest2.* if { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && test -f conftest2.$ac_objext && { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # cc works too. : else # cc exists but doesn't like -o. eval ac_cv_prog_cc_${ac_cc}_c_o=no fi fi fi else eval ac_cv_prog_cc_${ac_cc}_c_o=no fi rm -f core conftest* fi if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then { echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } cat >>confdefs.h <<\_ACEOF #define NO_MINUS_C_MINUS_O 1 _ACEOF fi # FIXME: we rely on the cache variable name because # there is no other way. set dummy $CC ac_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__CC in this case, # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" CC="$am_aux_dir/compile $CC" fi # Check our needed program paths wich will replace @VAR@ # Extract the first word of "iptables", so it can be a program name with args. set dummy iptables; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_IPTABLES+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $IPTABLES in [\\/]* | ?:[\\/]*) ac_cv_path_IPTABLES="$IPTABLES" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_dummy="$PATH:/sbin:/usr/sbin:/usr/local/sbin" for as_dir in $as_dummy do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_IPTABLES="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi IPTABLES=$ac_cv_path_IPTABLES if test -n "$IPTABLES"; then { echo "$as_me:$LINENO: result: $IPTABLES" >&5 echo "${ECHO_T}$IPTABLES" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "md5sum", so it can be a program name with args. set dummy md5sum; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_MD5SUM+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $MD5SUM in [\\/]* | ?:[\\/]*) ac_cv_path_MD5SUM="$MD5SUM" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_MD5SUM="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi MD5SUM=$ac_cv_path_MD5SUM if test -n "$MD5SUM"; then { echo "$as_me:$LINENO: result: $MD5SUM" >&5 echo "${ECHO_T}$MD5SUM" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "modprobe", so it can be a program name with args. set dummy modprobe; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_MODPROBE+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $MODPROBE in [\\/]* | ?:[\\/]*) ac_cv_path_MODPROBE="$MODPROBE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_dummy="$PATH:/sbin:/usr/sbin:/usr/local/sbin" for as_dir in $as_dummy do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_MODPROBE="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi MODPROBE=$ac_cv_path_MODPROBE if test -n "$MODPROBE"; then { echo "$as_me:$LINENO: result: $MODPROBE" >&5 echo "${ECHO_T}$MODPROBE" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "rmmod", so it can be a program name with args. set dummy rmmod; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_RMMOD+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $RMMOD in [\\/]* | ?:[\\/]*) ac_cv_path_RMMOD="$RMMOD" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_dummy="$PATH:/sbin:/usr/sbin:/usr/local/sbin" for as_dir in $as_dummy do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_RMMOD="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi RMMOD=$ac_cv_path_RMMOD if test -n "$RMMOD"; then { echo "$as_me:$LINENO: result: $RMMOD" >&5 echo "${ECHO_T}$RMMOD" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "depmod", so it can be a program name with args. set dummy depmod; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_DEPMOD+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $DEPMOD in [\\/]* | ?:[\\/]*) ac_cv_path_DEPMOD="$DEPMOD" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_dummy="$PATH:/sbin:/usr/sbin:/usr/local/sbin" for as_dir in $as_dummy do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_DEPMOD="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi DEPMOD=$ac_cv_path_DEPMOD if test -n "$DEPMOD"; then { echo "$as_me:$LINENO: result: $DEPMOD" >&5 echo "${ECHO_T}$DEPMOD" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "lsmod", so it can be a program name with args. set dummy lsmod; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_LSMOD+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $LSMOD in [\\/]* | ?:[\\/]*) ac_cv_path_LSMOD="$LSMOD" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_LSMOD="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi LSMOD=$ac_cv_path_LSMOD if test -n "$LSMOD"; then { echo "$as_me:$LINENO: result: $LSMOD" >&5 echo "${ECHO_T}$LSMOD" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "cut", so it can be a program name with args. set dummy cut; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_CUT+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $CUT in [\\/]* | ?:[\\/]*) ac_cv_path_CUT="$CUT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_CUT="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi CUT=$ac_cv_path_CUT if test -n "$CUT"; then { echo "$as_me:$LINENO: result: $CUT" >&5 echo "${ECHO_T}$CUT" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "tr", so it can be a program name with args. set dummy tr; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_TR+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $TR in [\\/]* | ?:[\\/]*) ac_cv_path_TR="$TR" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_TR="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi TR=$ac_cv_path_TR if test -n "$TR"; then { echo "$as_me:$LINENO: result: $TR" >&5 echo "${ECHO_T}$TR" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "grep", so it can be a program name with args. set dummy grep; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_GREP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $GREP in [\\/]* | ?:[\\/]*) ac_cv_path_GREP="$GREP" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_GREP="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi GREP=$ac_cv_path_GREP if test -n "$GREP"; then { echo "$as_me:$LINENO: result: $GREP" >&5 echo "${ECHO_T}$GREP" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "sed", so it can be a program name with args. set dummy sed; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_SED+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $SED in [\\/]* | ?:[\\/]*) ac_cv_path_SED="$SED" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi SED=$ac_cv_path_SED if test -n "$SED"; then { echo "$as_me:$LINENO: result: $SED" >&5 echo "${ECHO_T}$SED" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "awk", so it can be a program name with args. set dummy awk; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_AWK+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $AWK in [\\/]* | ?:[\\/]*) ac_cv_path_AWK="$AWK" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_AWK="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi AWK=$ac_cv_path_AWK if test -n "$AWK"; then { echo "$as_me:$LINENO: result: $AWK" >&5 echo "${ECHO_T}$AWK" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Needed for dummy_server # Extract the first word of "su", so it can be a program name with args. set dummy su; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_SU+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $SU in [\\/]* | ?:[\\/]*) ac_cv_path_SU="$SU" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_SU="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi SU=$ac_cv_path_SU if test -n "$SU"; then { echo "$as_me:$LINENO: result: $SU" >&5 echo "${ECHO_T}$SU" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "killall", so it can be a program name with args. set dummy killall; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_KILLALL+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $KILLALL in [\\/]* | ?:[\\/]*) ac_cv_path_KILLALL="$KILLALL" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_KILLALL="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi KILLALL=$ac_cv_path_KILLALL if test -n "$KILLALL"; then { echo "$as_me:$LINENO: result: $KILLALL" >&5 echo "${ECHO_T}$KILLALL" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "netstat", so it can be a program name with args. set dummy netstat; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_NETSTAT+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $NETSTAT in [\\/]* | ?:[\\/]*) ac_cv_path_NETSTAT="$NETSTAT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_NETSTAT="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi NETSTAT=$ac_cv_path_NETSTAT if test -n "$NETSTAT"; then { echo "$as_me:$LINENO: result: $NETSTAT" >&5 echo "${ECHO_T}$NETSTAT" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi # Extract the first word of "chown", so it can be a program name with args. set dummy chown; ac_word=$2 { echo "$as_me:$LINENO: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } if test "${ac_cv_path_CHOWN+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else case $CHOWN in [\\/]* | ?:[\\/]*) ac_cv_path_CHOWN="$CHOWN" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_CHOWN="$as_dir/$ac_word$ac_exec_ext" echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi CHOWN=$ac_cv_path_CHOWN if test -n "$CHOWN"; then { echo "$as_me:$LINENO: result: $CHOWN" >&5 echo "${ECHO_T}$CHOWN" >&6; } else { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi if [ -z $IPTABLES ]; then { { echo "$as_me:$LINENO: error: Couldn't find 'iptables' in your path. You can find it at http://www.iptables.org" >&5 echo "$as_me: error: Couldn't find 'iptables' in your path. You can find it at http://www.iptables.org" >&2;} { (exit 1); exit 1; }; } fi if [ -z $MD5SUM ]; then { { echo "$as_me:$LINENO: error: Couldn't find 'md5sum' in your path. You can find it at http://www.gnu.org/software/coreutils" >&5 echo "$as_me: error: Couldn't find 'md5sum' in your path. You can find it at http://www.gnu.org/software/coreutils" >&2;} { (exit 1); exit 1; }; } fi if [ -z $MODPROBE ]; then { { echo "$as_me:$LINENO: error: Couldn't find 'modprobe' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules" >&5 echo "$as_me: error: Couldn't find 'modprobe' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules" >&2;} { (exit 1); exit 1; }; } fi if [ -z $RMMOD ]; then { echo "$as_me:$LINENO: WARNING: Couldn't find 'rmmod' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules" >&5 echo "$as_me: WARNING: Couldn't find 'rmmod' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules" >&2;} fi if [ -z $DEPMOD ]; then { echo "$as_me:$LINENO: WARNING: Couldn't find 'depmod' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules" >&5 echo "$as_me: WARNING: Couldn't find 'depmod' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules" >&2;} fi if [ -z $LSMOD ]; then { echo "$as_me:$LINENO: WARNING: Couldn't find 'lsmod' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules" >&5 echo "$as_me: WARNING: Couldn't find 'lsmod' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules" >&2;} fi if [ -z $CUT ]; then { { echo "$as_me:$LINENO: error: Couldn't find 'cut' in your path. You can find it at http://www.gnu.org/software/coreutils/" >&5 echo "$as_me: error: Couldn't find 'cut' in your path. You can find it at http://www.gnu.org/software/coreutils/" >&2;} { (exit 1); exit 1; }; } fi if [ -z $GREP ]; then { { echo "$as_me:$LINENO: error: Couldn't find 'grep' in your path. You can find it at http://www.gnu.org/software/grep/grep.html" >&5 echo "$as_me: error: Couldn't find 'grep' in your path. You can find it at http://www.gnu.org/software/grep/grep.html" >&2;} { (exit 1); exit 1; }; } fi if [ -z $SED ]; then { { echo "$as_me:$LINENO: error: Couldn't find 'sed' in your path. You can find it at http://sed.sourceforge.net/" >&5 echo "$as_me: error: Couldn't find 'sed' in your path. You can find it at http://sed.sourceforge.net/" >&2;} { (exit 1); exit 1; }; } fi if [ -z $AWK ]; then { { echo "$as_me:$LINENO: error: Couldn't find 'awk' in your path. You can find it at http://www.gnu.org/software/gawk/gawk.html" >&5 echo "$as_me: error: Couldn't find 'awk' in your path. You can find it at http://www.gnu.org/software/gawk/gawk.html" >&2;} { (exit 1); exit 1; }; } fi # Needed for dummy_server if [ -z $SU ]; then { echo "$as_me:$LINENO: WARNING: Couldn't find 'su' in your path. You can find it at http://shadow.pld.org.pl" >&5 echo "$as_me: WARNING: Couldn't find 'su' in your path. You can find it at http://shadow.pld.org.pl" >&2;} fi if [ -z $KILLALL ]; then { echo "$as_me:$LINENO: WARNING: Couldn't find 'killall' in your path. You can find it at http://psmisc.sourceforge.net" >&5 echo "$as_me: WARNING: Couldn't find 'killall' in your path. You can find it at http://psmisc.sourceforge.net" >&2;} fi if [ -z $NETSTAT ]; then { echo "$as_me:$LINENO: WARNING: Couldn't find 'netstat' in your path. You can find it at http://sites.inka.de/lina/linux/NetTools" >&5 echo "$as_me: WARNING: Couldn't find 'netstat' in your path. You can find it at http://sites.inka.de/lina/linux/NetTools" >&2;} fi if [ -z $CHOWN ]; then { echo "$as_me:$LINENO: WARNING: Couldn't find 'chown' in your path. You can find it at http://www.gnu.org/software/coreutils" >&5 echo "$as_me: WARNING: Couldn't find 'chown' in your path. You can find it at http://www.gnu.org/software/coreutils" >&2;} fi # Checks for header files. ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if test "${ac_cv_prog_CPP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then # Broken: success on invalid input. continue else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { echo "$as_me:$LINENO: result: $CPP" >&5 echo "${ECHO_T}$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then # Broken: success on invalid input. continue else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&5 echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5 echo $ECHO_N "checking for grep that handles long lines and -e... $ECHO_C" >&6; } if test "${ac_cv_path_GREP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # Extract the first word of "grep ggrep" to use in msg output if test -z "$GREP"; then set dummy grep ggrep; ac_prog_name=$2 if test "${ac_cv_path_GREP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break ac_count=`expr $ac_count + 1` if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS fi GREP="$ac_cv_path_GREP" if test -z "$GREP"; then { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} { (exit 1); exit 1; }; } fi else ac_cv_path_GREP=$GREP fi fi { echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5 echo "${ECHO_T}$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { echo "$as_me:$LINENO: checking for egrep" >&5 echo $ECHO_N "checking for egrep... $ECHO_C" >&6; } if test "${ac_cv_path_EGREP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else # Extract the first word of "egrep" to use in msg output if test -z "$EGREP"; then set dummy egrep; ac_prog_name=$2 if test "${ac_cv_path_EGREP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break ac_count=`expr $ac_count + 1` if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS fi EGREP="$ac_cv_path_EGREP" if test -z "$EGREP"; then { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} { (exit 1); exit 1; }; } fi else ac_cv_path_EGREP=$EGREP fi fi fi { echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 echo "${ECHO_T}$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { echo "$as_me:$LINENO: checking for ANSI C header files" >&5 echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; } if test "${ac_cv_header_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_header_stdc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_try") 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi fi { echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 echo "${ECHO_T}$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then cat >>confdefs.h <<\_ACEOF #define STDC_HEADERS 1 _ACEOF fi { echo "$as_me:$LINENO: checking for sys/wait.h that is POSIX.1 compatible" >&5 echo $ECHO_N "checking for sys/wait.h that is POSIX.1 compatible... $ECHO_C" >&6; } if test "${ac_cv_header_sys_wait_h+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #ifndef WEXITSTATUS # define WEXITSTATUS(stat_val) ((unsigned int) (stat_val) >> 8) #endif #ifndef WIFEXITED # define WIFEXITED(stat_val) (((stat_val) & 255) == 0) #endif int main () { int s; wait (&s); s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_header_sys_wait_h=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_sys_wait_h=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { echo "$as_me:$LINENO: result: $ac_cv_header_sys_wait_h" >&5 echo "${ECHO_T}$ac_cv_header_sys_wait_h" >&6; } if test $ac_cv_header_sys_wait_h = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_SYS_WAIT_H 1 _ACEOF fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then eval "$as_ac_Header=yes" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_Header=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in arpa/inet.h netinet/in.h stdlib.h string.h sys/socket.h unistd.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } else # Is the header compilable? { echo "$as_me:$LINENO: checking $ac_header usability" >&5 echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 echo "${ECHO_T}$ac_header_compiler" >&6; } # Is the header present? { echo "$as_me:$LINENO: checking $ac_header presence" >&5 echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 echo "${ECHO_T}$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX ## ----------------------------------------- ## ## Report this to http://ipkungfu.ufsoft.org ## ## ----------------------------------------- ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { echo "$as_me:$LINENO: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval echo '${'$as_ac_Header'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } fi if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done # Checks for library functions. for ac_func in memset socket strtol do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define $ac_func to an innocuous variant, in case declares $ac_func. For example, HP-UX 11i declares gettimeofday. */ #define $ac_func innocuous_$ac_func /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$ac_func || defined __stub___$ac_func choke me #endif int main () { return $ac_func (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then eval "$as_ac_var=yes" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval echo '${'$as_ac_var'}'` { echo "$as_me:$LINENO: result: $ac_res" >&5 echo "${ECHO_T}$ac_res" >&6; } if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done # Define our config dir to use in Makefile.am # And replace all occurrences #pkgsysconfdir="${sysconfdir}/${PACKAGE}" # Because of autoconf's imposed restrictions, we can't substitute based on # the above definition of pkgsysconfig, for example, # @pkgsysconfdir@, it will expand to ${exec_prefix}/etc/ipkungfu # which won't do to tweak our ipkungfu script to source from another dir. # So we hardcode it to where it's always been. pkgsysconfdir="/etc/ipkungfu" pkgsysconfdir=$pkgsysconfdir # Define our share dir to use in Makefile.am # And replace all ocurrences pkgdatadir="${datadir}/${PACKAGE}" pkgdatadir=$pkgdatadir # Define our docs dir, since it's not working for me. # Maybe only CVS version of autoconf supports it docdir="${datadir}/doc/" # Now we define our own pkgdocdir="${docdir}/${PACKAGE}-${PACKAGE_VERSION}" pkgdocdir=$pkgdocdir ac_config_files="$ac_config_files Makefile ipkungfu man/ipkungfu.8" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( *) $as_unset $ac_var ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote # substitution turns \\\\ into \\, and sed turns \\ into \). sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then test "x$cache_file" != "x/dev/null" && { echo "$as_me:$LINENO: updating cache $cache_file" >&5 echo "$as_me: updating cache $cache_file" >&6;} cat confcache >$cache_file else { echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." >&5 echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi : ${CONFIG_STATUS=./config.status} ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 echo "$as_me: creating $CONFIG_STATUS" >&6;} cat >$CONFIG_STATUS <<_ACEOF #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi # PATH needs CR # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Support unset when possible. if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) as_nl=' ' IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 { (exit 1); exit 1; } fi # Work around bugs in pre-3.0 UWIN ksh. for as_var in ENV MAIL MAILPATH do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. for as_var in \ LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ LC_TELEPHONE LC_TIME do if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then eval $as_var=C; export $as_var else ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var fi done # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # CDPATH. $as_unset CDPATH as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line after each line using $LINENO; the second 'sed' # does the real work. The second script uses 'N' to pair each # line-number line with the line containing $LINENO, and appends # trailing '-' during substitution so that $LINENO is not a special # case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # scripts with optimization help from Paolo Bonzini. Blame Lee # E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in -n*) case `echo 'x\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. *) ECHO_C='\c';; esac;; *) ECHO_N='-n';; esac if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir fi echo >conf$$.file if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p=: else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 # Save the log message, to keep $[0] and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by IPKungFu $as_me 0.6.1, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF cat >>$CONFIG_STATUS <<_ACEOF # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF ac_cs_usage="\ \`$as_me' instantiates files from templates according to the current configuration. Usage: $0 [OPTIONS] [FILE]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit -q, --quiet do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Configuration commands: $config_commands Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ IPKungFu config.status 0.6.1 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" Copyright (C) 2006 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # If no file are specified by the user, then we need to provide default # value. By we need to know if files were specified by the user. ac_need_defaults=: while test $# != 0 do case $1 in --*=*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) echo "$ac_cs_version"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift CONFIG_FILES="$CONFIG_FILES $ac_optarg" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header { echo "$as_me: error: ambiguous option: $1 Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; };; --help | --hel | -h ) echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) { echo "$as_me: error: unrecognized option: $1 Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; } ;; *) ac_config_targets="$ac_config_targets $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF if \$ac_cs_recheck; then echo "running CONFIG_SHELL=$SHELL $SHELL $0 "$ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 CONFIG_SHELL=$SHELL export CONFIG_SHELL exec $SHELL "$0"$ac_configure_args \$ac_configure_extra_args --no-create --no-recursion fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF # # INIT-COMMANDS # AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "ipkungfu") CONFIG_FILES="$CONFIG_FILES ipkungfu" ;; "man/ipkungfu.8") CONFIG_FILES="$CONFIG_FILES man/ipkungfu.8" ;; *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 echo "$as_me: error: invalid argument: $ac_config_target" >&2;} { (exit 1); exit 1; }; };; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= trap 'exit_status=$? { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status ' 0 trap '{ (exit 1); exit 1; }' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || { echo "$me: cannot create a temporary directory in ." >&2 { (exit 1); exit 1; } } # # Set up the sed scripts for CONFIG_FILES section. # # No need to generate the scripts if there are no CONFIG_FILES. # This happens for instance when ./config.status config.h if test -n "$CONFIG_FILES"; then _ACEOF ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF SHELL!$SHELL$ac_delim PATH_SEPARATOR!$PATH_SEPARATOR$ac_delim PACKAGE_NAME!$PACKAGE_NAME$ac_delim PACKAGE_TARNAME!$PACKAGE_TARNAME$ac_delim PACKAGE_VERSION!$PACKAGE_VERSION$ac_delim PACKAGE_STRING!$PACKAGE_STRING$ac_delim PACKAGE_BUGREPORT!$PACKAGE_BUGREPORT$ac_delim exec_prefix!$exec_prefix$ac_delim prefix!$prefix$ac_delim program_transform_name!$program_transform_name$ac_delim bindir!$bindir$ac_delim sbindir!$sbindir$ac_delim libexecdir!$libexecdir$ac_delim datarootdir!$datarootdir$ac_delim datadir!$datadir$ac_delim sysconfdir!$sysconfdir$ac_delim sharedstatedir!$sharedstatedir$ac_delim localstatedir!$localstatedir$ac_delim includedir!$includedir$ac_delim oldincludedir!$oldincludedir$ac_delim docdir!$docdir$ac_delim infodir!$infodir$ac_delim htmldir!$htmldir$ac_delim dvidir!$dvidir$ac_delim pdfdir!$pdfdir$ac_delim psdir!$psdir$ac_delim libdir!$libdir$ac_delim localedir!$localedir$ac_delim mandir!$mandir$ac_delim DEFS!$DEFS$ac_delim ECHO_C!$ECHO_C$ac_delim ECHO_N!$ECHO_N$ac_delim ECHO_T!$ECHO_T$ac_delim LIBS!$LIBS$ac_delim build_alias!$build_alias$ac_delim host_alias!$host_alias$ac_delim target_alias!$target_alias$ac_delim INSTALL_PROGRAM!$INSTALL_PROGRAM$ac_delim INSTALL_SCRIPT!$INSTALL_SCRIPT$ac_delim INSTALL_DATA!$INSTALL_DATA$ac_delim CYGPATH_W!$CYGPATH_W$ac_delim PACKAGE!$PACKAGE$ac_delim VERSION!$VERSION$ac_delim ACLOCAL!$ACLOCAL$ac_delim AUTOCONF!$AUTOCONF$ac_delim AUTOMAKE!$AUTOMAKE$ac_delim AUTOHEADER!$AUTOHEADER$ac_delim MAKEINFO!$MAKEINFO$ac_delim install_sh!$install_sh$ac_delim STRIP!$STRIP$ac_delim INSTALL_STRIP_PROGRAM!$INSTALL_STRIP_PROGRAM$ac_delim mkdir_p!$mkdir_p$ac_delim AWK!$AWK$ac_delim SET_MAKE!$SET_MAKE$ac_delim am__leading_dot!$am__leading_dot$ac_delim AMTAR!$AMTAR$ac_delim am__tar!$am__tar$ac_delim am__untar!$am__untar$ac_delim CC!$CC$ac_delim CFLAGS!$CFLAGS$ac_delim LDFLAGS!$LDFLAGS$ac_delim CPPFLAGS!$CPPFLAGS$ac_delim ac_ct_CC!$ac_ct_CC$ac_delim EXEEXT!$EXEEXT$ac_delim OBJEXT!$OBJEXT$ac_delim DEPDIR!$DEPDIR$ac_delim am__include!$am__include$ac_delim am__quote!$am__quote$ac_delim AMDEP_TRUE!$AMDEP_TRUE$ac_delim AMDEP_FALSE!$AMDEP_FALSE$ac_delim AMDEPBACKSLASH!$AMDEPBACKSLASH$ac_delim CCDEPMODE!$CCDEPMODE$ac_delim am__fastdepCC_TRUE!$am__fastdepCC_TRUE$ac_delim am__fastdepCC_FALSE!$am__fastdepCC_FALSE$ac_delim IPTABLES!$IPTABLES$ac_delim MD5SUM!$MD5SUM$ac_delim MODPROBE!$MODPROBE$ac_delim RMMOD!$RMMOD$ac_delim DEPMOD!$DEPMOD$ac_delim LSMOD!$LSMOD$ac_delim CUT!$CUT$ac_delim TR!$TR$ac_delim GREP!$GREP$ac_delim SED!$SED$ac_delim SU!$SU$ac_delim KILLALL!$KILLALL$ac_delim NETSTAT!$NETSTAT$ac_delim CHOWN!$CHOWN$ac_delim CPP!$CPP$ac_delim EGREP!$EGREP$ac_delim pkgsysconfdir!$pkgsysconfdir$ac_delim pkgdatadir!$pkgdatadir$ac_delim pkgdocdir!$pkgdocdir$ac_delim LIBOBJS!$LIBOBJS$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 95; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} { (exit 1); exit 1; }; } else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed` if test -n "$ac_eof"; then ac_eof=`echo "$ac_eof" | sort -nru | sed 1q` ac_eof=`expr $ac_eof + 1` fi cat >>$CONFIG_STATUS <<_ACEOF cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof /@[a-zA-Z_][a-zA-Z_0-9]*@/!b end _ACEOF sed ' s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g s/^/s,@/; s/!/@,|#_!!_#|/ :n t n s/'"$ac_delim"'$/,g/; t s/$/\\/; p N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n ' >>$CONFIG_STATUS >$CONFIG_STATUS <<_ACEOF :end s/|#_!!_#|//g CEOF$ac_eof _ACEOF # VPATH may cause trouble with some makes, so we remove $(srcdir), # ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=/{ s/:*\$(srcdir):*/:/ s/:*\${srcdir}:*/:/ s/:*@srcdir@:*/:/ s/^\([^=]*=[ ]*\):*/\1/ s/:*$// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF fi # test -n "$CONFIG_FILES" for ac_tag in :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) { { echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5 echo "$as_me: error: Invalid tag $ac_tag." >&2;} { (exit 1); exit 1; }; };; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || { { echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5 echo "$as_me: error: cannot find input file: $ac_f" >&2;} { (exit 1); exit 1; }; };; esac ac_file_inputs="$ac_file_inputs $ac_f" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input="Generated from "`IFS=: echo $* | sed 's|^[^:]*/||;s|:[^:]*/|, |g'`" by configure." if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { echo "$as_me:$LINENO: creating $ac_file" >&5 echo "$as_me: creating $ac_file" >&6;} fi case $ac_tag in *:-:* | *:-) cat >"$tmp/stdin";; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` { as_dir="$ac_dir" case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 echo "$as_me: error: cannot create directory $as_dir" >&2;} { (exit 1); exit 1; }; }; } ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= case `sed -n '/datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p ' $ac_file_inputs` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF sed "$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s&@configure_input@&$configure_input&;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t $ac_datarootdir_hack " $ac_file_inputs | sed -f "$tmp/subs-1.sed" >$tmp/out test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && { echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&5 echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&2;} rm -f "$tmp/stdin" case $ac_file in -) cat "$tmp/out"; rm -f "$tmp/out";; *) rm -f "$ac_file"; mv "$tmp/out" $ac_file;; esac ;; :H) # # CONFIG_HEADER # _ACEOF # Transform confdefs.h into a sed script `conftest.defines', that # substitutes the proper values into config.h.in to produce config.h. rm -f conftest.defines conftest.tail # First, append a space to every undef/define line, to ease matching. echo 's/$/ /' >conftest.defines # Then, protect against being on the right side of a sed subst, or in # an unquoted here document, in config.status. If some macros were # called several times there might be several #defines for the same # symbol, which is useless. But do not sort them, since the last # AC_DEFINE must be honored. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* # These sed commands are passed to sed as "A NAME B PARAMS C VALUE D", where # NAME is the cpp macro being defined, VALUE is the value it is being given. # PARAMS is the parameter list in the macro definition--in most cases, it's # just an empty string. ac_dA='s,^\\([ #]*\\)[^ ]*\\([ ]*' ac_dB='\\)[ (].*,\\1define\\2' ac_dC=' ' ac_dD=' ,' uniq confdefs.h | sed -n ' t rset :rset s/^[ ]*#[ ]*define[ ][ ]*// t ok d :ok s/[\\&,]/\\&/g s/^\('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/ '"$ac_dA"'\1'"$ac_dB"'\2'"${ac_dC}"'\3'"$ac_dD"'/p s/^\('"$ac_word_re"'\)[ ]*\(.*\)/'"$ac_dA"'\1'"$ac_dB$ac_dC"'\2'"$ac_dD"'/p ' >>conftest.defines # Remove the space that was appended to ease matching. # Then replace #undef with comments. This is necessary, for # example, in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. # (The regexp can be short, since the line contains either #define or #undef.) echo 's/ $// s,^[ #]*u.*,/* & */,' >>conftest.defines # Break up conftest.defines: ac_max_sed_lines=50 # First sed command is: sed -f defines.sed $ac_file_inputs >"$tmp/out1" # Second one is: sed -f defines.sed "$tmp/out1" >"$tmp/out2" # Third one will be: sed -f defines.sed "$tmp/out2" >"$tmp/out1" # et cetera. ac_in='$ac_file_inputs' ac_out='"$tmp/out1"' ac_nxt='"$tmp/out2"' while : do # Write a here document: cat >>$CONFIG_STATUS <<_ACEOF # First, check the format of the line: cat >"\$tmp/defines.sed" <<\\CEOF /^[ ]*#[ ]*undef[ ][ ]*$ac_word_re[ ]*\$/b def /^[ ]*#[ ]*define[ ][ ]*$ac_word_re[( ]/b def b :def _ACEOF sed ${ac_max_sed_lines}q conftest.defines >>$CONFIG_STATUS echo 'CEOF sed -f "$tmp/defines.sed"' "$ac_in >$ac_out" >>$CONFIG_STATUS ac_in=$ac_out; ac_out=$ac_nxt; ac_nxt=$ac_in sed 1,${ac_max_sed_lines}d conftest.defines >conftest.tail grep . conftest.tail >/dev/null || break rm -f conftest.defines mv conftest.tail conftest.defines done rm -f conftest.defines conftest.tail echo "ac_result=$ac_in" >>$CONFIG_STATUS cat >>$CONFIG_STATUS <<\_ACEOF if test x"$ac_file" != x-; then echo "/* $configure_input */" >"$tmp/config.h" cat "$ac_result" >>"$tmp/config.h" if diff $ac_file "$tmp/config.h" >/dev/null 2>&1; then { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 echo "$as_me: $ac_file is unchanged" >&6;} else rm -f $ac_file mv "$tmp/config.h" $ac_file fi else echo "/* $configure_input */" cat "$ac_result" fi rm -f "$tmp/out12" # Compute $ac_file's index in $config_headers. _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $ac_file | $ac_file:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $ac_file" >`$as_dirname -- $ac_file || $as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X$ac_file : 'X\(//\)[^/]' \| \ X$ac_file : 'X\(//\)$' \| \ X$ac_file : 'X\(/\)' \| . 2>/dev/null || echo X$ac_file | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'`/stamp-h$_am_stamp_count ;; :C) { echo "$as_me:$LINENO: executing $ac_file commands" >&5 echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "depfiles":C) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # So let's grep whole file. if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then dirpart=`$as_dirname -- "$mf" || $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$mf" : 'X\(//\)[^/]' \| \ X"$mf" : 'X\(//\)$' \| \ X"$mf" : 'X\(/\)' \| . 2>/dev/null || echo X"$mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # When using ansi2knr, U may be empty or an underscore; expand it U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`$as_dirname -- "$file" || $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$file" : 'X\(//\)[^/]' \| \ X"$file" : 'X\(//\)$' \| \ X"$file" : 'X\(/\)' \| . 2>/dev/null || echo X"$file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` { as_dir=$dirpart/$fdir case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 echo "$as_me: error: cannot create directory $as_dir" >&2;} { (exit 1); exit 1; }; }; } # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done ;; esac done # for ac_tag { (exit 0); exit 0; } _ACEOF chmod +x $CONFIG_STATUS ac_clean_files=$ac_clean_files_save # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || { (exit 1); exit 1; } fi echo "----" echo "" echo " Prefix: $prefix" echo "" echo "" echo " Binaries Path:" echo "" echo " iptables: $IPTABLES" echo " md5sum: $MD5SUM" echo " modprobe: $MODPROBE" echo " rmmod: $RMMOD" echo " lsmod: $LSMOD" echo " depmod: $DEPMOD" echo " su: $SU" echo " killall: $KILLALL" echo " netstat: $NETSTAT" echo " chown: $CHOWN" echo " sed: $SED" echo " grep: $GREP" echo " cut: $CUT" echo "" echo "----" # Check for ipkungfu's cache dir, and tells the user to remove it. #if [[ -d /etc/ipkungfu/cache ]]; then # echo "/etc/ipkungfu/cache directory exists. You should remove it before you run this newly installed ipkungfu script" # echo "----" #fi ipkungfu-0.6.1/configure.ac0000644000175000017500000001255410555031670012566 00000000000000# ========================================================================= # $Id: configure.ac 155 2006-09-14 23:41:15Z s0undt3ch $ # ========================================================================= # $URL: http://ipkungfu.ufsoft.org/svn/tags/ipkungfu-0.6.1/configure.ac $ # $LastChangedDate: 2006-09-14 18:41:15 -0500 (Thu, 14 Sep 2006) $ # $Rev: 155 $ # $LastChangedBy: s0undt3ch $ # ========================================================================= AC_PREREQ(2.59) AC_INIT([IPKungFu], [0.6.1], [http://ipkungfu.ufsoft.org], [ipkungfu]) AM_INIT_AUTOMAKE([gnu dist-bzip2 subdir-objects]) AC_CONFIG_SRCDIR([dummy_server.c]) AC_CONFIG_HEADER([config.h]) # Checks for programs AC_PROG_CC AC_PROG_INSTALL # Compiler AM_PROG_CC_C_O # Check our needed program paths wich will replace @VAR@ AC_PATH_PROG([IPTABLES], [iptables],, [$PATH:/sbin:/usr/sbin:/usr/local/sbin]) AC_PATH_PROG([MD5SUM], [md5sum]) AC_PATH_PROG([MODPROBE], [modprobe],, [$PATH:/sbin:/usr/sbin:/usr/local/sbin]) AC_PATH_PROG([RMMOD], [rmmod],, [$PATH:/sbin:/usr/sbin:/usr/local/sbin]) AC_PATH_PROG([DEPMOD], [depmod],, [$PATH:/sbin:/usr/sbin:/usr/local/sbin]) AC_PATH_PROG([LSMOD], [lsmod]) AC_PATH_PROG([CUT], [cut]) AC_PATH_PROG([TR], [tr]) AC_PATH_PROG([GREP], [grep]) AC_PATH_PROG([SED], [sed]) AC_PATH_PROG([AWK], [awk]) # Needed for dummy_server AC_PATH_PROG([SU], [su]) AC_PATH_PROG([KILLALL], [killall]) AC_PATH_PROG([NETSTAT], [netstat]) AC_PATH_PROG([CHOWN], [chown]) if [[ -z $IPTABLES ]]; then AC_MSG_ERROR(Couldn't find 'iptables' in your path. You can find it at http://www.iptables.org) fi if [[ -z $MD5SUM ]]; then AC_MSG_ERROR(Couldn't find 'md5sum' in your path. You can find it at http://www.gnu.org/software/coreutils) fi if [[ -z $MODPROBE ]]; then AC_MSG_ERROR(Couldn't find 'modprobe' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules) fi if [[ -z $RMMOD ]]; then AC_MSG_WARN(Couldn't find 'rmmod' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules) fi if [[ -z $DEPMOD ]]; then AC_MSG_WARN(Couldn't find 'depmod' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules) fi if [[ -z $LSMOD ]]; then AC_MSG_WARN(Couldn't find 'lsmod' in your path. You can find it at http://www.kernel.org/pub/linux/kernel/people/rusty/modules) fi if [[ -z $CUT ]]; then AC_MSG_ERROR(Couldn't find 'cut' in your path. You can find it at http://www.gnu.org/software/coreutils/) fi if [[ -z $GREP ]]; then AC_MSG_ERROR(Couldn't find 'grep' in your path. You can find it at http://www.gnu.org/software/grep/grep.html) fi if [[ -z $SED ]]; then AC_MSG_ERROR(Couldn't find 'sed' in your path. You can find it at http://sed.sourceforge.net/) fi if [[ -z $AWK ]]; then AC_MSG_ERROR(Couldn't find 'awk' in your path. You can find it at http://www.gnu.org/software/gawk/gawk.html) fi # Needed for dummy_server if [[ -z $SU ]]; then AC_MSG_WARN(Couldn't find 'su' in your path. You can find it at http://shadow.pld.org.pl) fi if [[ -z $KILLALL ]]; then AC_MSG_WARN(Couldn't find 'killall' in your path. You can find it at http://psmisc.sourceforge.net) fi if [[ -z $NETSTAT ]]; then AC_MSG_WARN(Couldn't find 'netstat' in your path. You can find it at http://sites.inka.de/lina/linux/NetTools) fi if [[ -z $CHOWN ]]; then AC_MSG_WARN(Couldn't find 'chown' in your path. You can find it at http://www.gnu.org/software/coreutils) fi # Checks for header files. AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_CHECK_HEADERS([arpa/inet.h netinet/in.h stdlib.h string.h sys/socket.h unistd.h]) # Checks for library functions. AC_CHECK_FUNCS([memset socket strtol]) # Define our config dir to use in Makefile.am # And replace all occurrences #pkgsysconfdir="${sysconfdir}/${PACKAGE}" # Because of autoconf's imposed restrictions, we can't substitute based on # the above definition of pkgsysconfig, for example, # @pkgsysconfdir@, it will expand to ${exec_prefix}/etc/ipkungfu # which won't do to tweak our ipkungfu script to source from another dir. # So we hardcode it to where it's always been. pkgsysconfdir="/etc/ipkungfu" AC_SUBST(pkgsysconfdir,$pkgsysconfdir) # Define our share dir to use in Makefile.am # And replace all ocurrences pkgdatadir="${datadir}/${PACKAGE}" AC_SUBST(pkgdatadir,$pkgdatadir) # Define our docs dir, since it's not working for me. # Maybe only CVS version of autoconf supports it docdir="${datadir}/doc/" # Now we define our own pkgdocdir="${docdir}/${PACKAGE}-${PACKAGE_VERSION}" AC_SUBST(pkgdocdir,$pkgdocdir) AC_CONFIG_FILES([ Makefile ipkungfu man/ipkungfu.8]) AC_OUTPUT echo "----" echo "" echo " Prefix: $prefix" echo "" echo "" echo " Binaries Path:" echo "" echo " iptables: $IPTABLES" echo " md5sum: $MD5SUM" echo " modprobe: $MODPROBE" echo " rmmod: $RMMOD" echo " lsmod: $LSMOD" echo " depmod: $DEPMOD" echo " su: $SU" echo " killall: $KILLALL" echo " netstat: $NETSTAT" echo " chown: $CHOWN" echo " sed: $SED" echo " grep: $GREP" echo " cut: $CUT" echo "" echo "----" # Check for ipkungfu's cache dir, and tells the user to remove it. #if [[ -d /etc/ipkungfu/cache ]]; then # echo "/etc/ipkungfu/cache directory exists. You should remove it before you run this newly installed ipkungfu script" # echo "----" #fi ipkungfu-0.6.1/install-sh0000755000175000017500000002202110555031726012274 00000000000000#!/bin/sh # install - install a program, script, or datafile scriptversion=2005-05-14.22 # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the # following copyright and license. # # Copyright (C) 1994 X Consortium # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to # deal in the Software without restriction, including without limitation the # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or # sell copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN # AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- # TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # # Except as contained in this notice, the name of the X Consortium shall not # be used in advertising or otherwise to promote the sale, use or other deal- # ings in this Software without prior written authorization from the X Consor- # tium. # # # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. It can only install one file at a time, a restriction # shared with many OS's install programs. # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit="${DOITPROG-}" # put in absolute paths if you don't have them in your path; or use env. vars. mvprog="${MVPROG-mv}" cpprog="${CPPROG-cp}" chmodprog="${CHMODPROG-chmod}" chownprog="${CHOWNPROG-chown}" chgrpprog="${CHGRPPROG-chgrp}" stripprog="${STRIPPROG-strip}" rmprog="${RMPROG-rm}" mkdirprog="${MKDIRPROG-mkdir}" chmodcmd="$chmodprog 0755" chowncmd= chgrpcmd= stripcmd= rmcmd="$rmprog -f" mvcmd="$mvprog" src= dst= dir_arg= dstarg= no_target_directory= usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... In the 1st form, copy SRCFILE to DSTFILE. In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: -c (ignored) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. -s $stripprog installed files. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. --help display this help and exit. --version display version info and exit. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG " while test -n "$1"; do case $1 in -c) shift continue;; -d) dir_arg=true shift continue;; -g) chgrpcmd="$chgrpprog $2" shift shift continue;; --help) echo "$usage"; exit $?;; -m) chmodcmd="$chmodprog $2" shift shift continue;; -o) chowncmd="$chownprog $2" shift shift continue;; -s) stripcmd=$stripprog shift continue;; -t) dstarg=$2 shift shift continue;; -T) no_target_directory=true shift continue;; --version) echo "$0 $scriptversion"; exit $?;; *) # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. test -n "$dir_arg$dstarg" && break # Otherwise, the last argument is the destination. Remove it from $@. for arg do if test -n "$dstarg"; then # $@ is not empty: it contains at least $arg. set fnord "$@" "$dstarg" shift # fnord fi shift # arg dstarg=$arg done break;; esac done if test -z "$1"; then if test -z "$dir_arg"; then echo "$0: no input file specified." >&2 exit 1 fi # It's OK to call `install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi for src do # Protect names starting with `-'. case $src in -*) src=./$src ;; esac if test -n "$dir_arg"; then dst=$src src= if test -d "$dst"; then mkdircmd=: chmodcmd= else mkdircmd=$mkdirprog fi else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if test ! -f "$src" && test ! -d "$src"; then echo "$0: $src does not exist." >&2 exit 1 fi if test -z "$dstarg"; then echo "$0: no destination specified." >&2 exit 1 fi dst=$dstarg # Protect names starting with `-'. case $dst in -*) dst=./$dst ;; esac # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test -n "$no_target_directory"; then echo "$0: $dstarg: Is a directory" >&2 exit 1 fi dst=$dst/`basename "$src"` fi fi # This sed command emulates the dirname command. dstdir=`echo "$dst" | sed -e 's,/*$,,;s,[^/]*$,,;s,/*$,,;s,^$,.,'` # Make sure that the destination directory exists. # Skip lots of stat calls in the usual case. if test ! -d "$dstdir"; then defaultIFS=' ' IFS="${IFS-$defaultIFS}" oIFS=$IFS # Some sh's can't handle IFS=/ for some reason. IFS='%' set x `echo "$dstdir" | sed -e 's@/@%@g' -e 's@^%@/@'` shift IFS=$oIFS pathcomp= while test $# -ne 0 ; do pathcomp=$pathcomp$1 shift if test ! -d "$pathcomp"; then $mkdirprog "$pathcomp" # mkdir can fail with a `File exist' error in case several # install-sh are creating the directory concurrently. This # is OK. test -d "$pathcomp" || exit fi pathcomp=$pathcomp/ done fi if test -n "$dir_arg"; then $doit $mkdircmd "$dst" \ && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \ && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \ && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \ && { test -z "$chmodcmd" || $doit $chmodcmd "$dst"; } else dstfile=`basename "$dst"` # Make a couple of temp file names in the proper directory. dsttmp=$dstdir/_inst.$$_ rmtmp=$dstdir/_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 trap '(exit $?); exit' 1 2 13 15 # Copy the file name to the temp name. $doit $cpprog "$src" "$dsttmp" && # and set any options; do chmod last to preserve setuid bits. # # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \ && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \ && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \ && { test -z "$chmodcmd" || $doit $chmodcmd "$dsttmp"; } && # Now rename the file to the real destination. { $doit $mvcmd -f "$dsttmp" "$dstdir/$dstfile" 2>/dev/null \ || { # The rename failed, perhaps because mv can't rename something else # to itself, or perhaps because mv is so ancient that it does not # support -f. # Now remove or move aside any old file at destination location. # We try this two ways since rm can't unlink itself on some # systems and the destination file might be busy for other # reasons. In this case, the final cleanup might fail but the new # file should still install successfully. { if test -f "$dstdir/$dstfile"; then $doit $rmcmd -f "$dstdir/$dstfile" 2>/dev/null \ || $doit $mvcmd -f "$dstdir/$dstfile" "$rmtmp" 2>/dev/null \ || { echo "$0: cannot unlink or rename $dstdir/$dstfile" >&2 (exit 1); exit 1 } else : fi } && # Now rename the file to the real destination. $doit $mvcmd "$dsttmp" "$dstdir/$dstfile" } } fi || { (exit 1); exit 1; } done # The final little trick to "correctly" pass the exit status to the exit trap. { (exit 0); exit 0 } # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-end: "$" # End: ipkungfu-0.6.1/missing0000755000175000017500000002540610555031726011701 00000000000000#! /bin/sh # Common stub for a few missing GNU programs while installing. scriptversion=2005-06-08.21 # Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005 # Free Software Foundation, Inc. # Originally by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then echo 1>&2 "Try \`$0 --help' for more information" exit 1 fi run=: # In the cases where this matters, `missing' is being run in the # srcdir already. if test -f configure.ac; then configure_ac=configure.ac else configure_ac=configure.in fi msg="missing on your system" case "$1" in --run) # Try to run requested program, and just exit if it succeeds. run= shift "$@" && exit 0 # Exit code 63 means version mismatch. This often happens # when the user try to use an ancient version of a tool on # a file that requires a minimum version. In this case we # we should proceed has if the program had been absent, or # if --run hadn't been passed. if test $? = 63; then run=: msg="probably too old" fi ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an error status if there is no known handling for PROGRAM. Options: -h, --help display this help and exit -v, --version output version information and exit --run try to run the given command, and emulate it if it fails Supported PROGRAM values: aclocal touch file \`aclocal.m4' autoconf touch file \`configure' autoheader touch file \`config.h.in' automake touch all \`Makefile.in' files bison create \`y.tab.[ch]', if possible, from existing .[ch] flex create \`lex.yy.c', if possible, from existing .c help2man touch the output file lex create \`lex.yy.c', if possible, from existing .c makeinfo touch the output file tar try tar, gnutar, gtar, then tar without non-portable flags yacc create \`y.tab.[ch]', if possible, from existing .[ch] Send bug reports to ." exit $? ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) echo "missing $scriptversion (GNU Automake)" exit $? ;; -*) echo 1>&2 "$0: Unknown \`$1' option" echo 1>&2 "Try \`$0 --help' for more information" exit 1 ;; esac # Now exit if we have it, but it failed. Also exit now if we # don't have it and --version was passed (most likely to detect # the program). case "$1" in lex|yacc) # Not GNU programs, they don't have --version. ;; tar) if test -n "$run"; then echo 1>&2 "ERROR: \`tar' requires --run" exit 1 elif test "x$2" = "x--version" || test "x$2" = "x--help"; then exit 1 fi ;; *) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. exit 1 elif test "x$2" = "x--version" || test "x$2" = "x--help"; then # Could not run --version or --help. This is probably someone # running `$TOOL --version' or `$TOOL --help' to check whether # $TOOL exists and not knowing $TOOL uses missing. exit 1 fi ;; esac # If it does not exist, or fails to run (possibly an outdated version), # try to emulate it. case "$1" in aclocal*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`acinclude.m4' or \`${configure_ac}'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." touch aclocal.m4 ;; autoconf) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`${configure_ac}'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." touch configure ;; autoheader) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`acconfig.h' or \`${configure_ac}'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` test -z "$files" && files="config.h" touch_files= for f in $files; do case "$f" in *:*) touch_files="$touch_files "`echo "$f" | sed -e 's/^[^:]*://' -e 's/:.*//'`;; *) touch_files="$touch_files $f.in";; esac done touch $touch_files ;; automake*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." find . -type f -name Makefile.am -print | sed 's/\.am$/.in/' | while read f; do touch "$f"; done ;; autom4te) echo 1>&2 "\ WARNING: \`$1' is needed, but is $msg. You might have modified some files without having the proper tools for further handling them. You can get \`$1' as part of \`Autoconf' from any GNU archive site." file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'` test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'` if test -f "$file"; then touch $file else test -z "$file" || exec >$file echo "#! /bin/sh" echo "# Created by GNU Automake missing as a replacement of" echo "# $ $@" echo "exit 0" chmod +x $file exit 1 fi ;; bison|yacc) echo 1>&2 "\ WARNING: \`$1' $msg. You should only need it if you modified a \`.y' file. You may need the \`Bison' package in order for those modifications to take effect. You can get \`Bison' from any GNU archive site." rm -f y.tab.c y.tab.h if [ $# -ne 1 ]; then eval LASTARG="\${$#}" case "$LASTARG" in *.y) SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" y.tab.c fi SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" y.tab.h fi ;; esac fi if [ ! -f y.tab.h ]; then echo >y.tab.h fi if [ ! -f y.tab.c ]; then echo 'main() { return 0; }' >y.tab.c fi ;; lex|flex) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.l' file. You may need the \`Flex' package in order for those modifications to take effect. You can get \`Flex' from any GNU archive site." rm -f lex.yy.c if [ $# -ne 1 ]; then eval LASTARG="\${$#}" case "$LASTARG" in *.l) SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" lex.yy.c fi ;; esac fi if [ ! -f lex.yy.c ]; then echo 'main() { return 0; }' >lex.yy.c fi ;; help2man) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a dependency of a manual page. You may need the \`Help2man' package in order for those modifications to take effect. You can get \`Help2man' from any GNU archive site." file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` if test -z "$file"; then file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'` fi if [ -f "$file" ]; then touch $file else test -z "$file" || exec >$file echo ".ab help2man is required to generate this page" exit 1 fi ;; makeinfo) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.texi' or \`.texinfo' file, or any other file indirectly affecting the aspect of the manual. The spurious call might also be the consequence of using a buggy \`make' (AIX, DU, IRIX). You might want to install the \`Texinfo' package or the \`GNU make' package. Grab either from any GNU archive site." # The file to touch is that specified with -o ... file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` if test -z "$file"; then # ... or it is the one specified with @setfilename ... infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $infile` # ... or it is derived from the source name (dir/f.texi becomes f.info) test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info fi # If the file does not exist, the user really needs makeinfo; # let's fail without touching anything. test -f $file || exit 1 touch $file ;; tar) shift # We have already tried tar in the generic part. # Look for gnutar/gtar before invocation to avoid ugly error # messages. if (gnutar --version > /dev/null 2>&1); then gnutar "$@" && exit 0 fi if (gtar --version > /dev/null 2>&1); then gtar "$@" && exit 0 fi firstarg="$1" if shift; then case "$firstarg" in *o*) firstarg=`echo "$firstarg" | sed s/o//` tar "$firstarg" "$@" && exit 0 ;; esac case "$firstarg" in *h*) firstarg=`echo "$firstarg" | sed s/h//` tar "$firstarg" "$@" && exit 0 ;; esac fi echo 1>&2 "\ WARNING: I can't seem to be able to run \`tar' with the given arguments. You may want to install GNU tar or Free paxutils, or check the command line arguments." exit 1 ;; *) echo 1>&2 "\ WARNING: \`$1' is needed, and is $msg. You might have modified some files without having the proper tools for further handling them. Check the \`README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package would contain this missing \`$1' program." exit 1 ;; esac exit 0 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-end: "$" # End: ipkungfu-0.6.1/ipkungfu.in0000755000175000017500000027031410555031670012463 00000000000000#!/bin/bash # ========================================================================= # $Id: ipkungfu.in 160 2007-01-21 20:23:37Z trappist $ # ========================================================================= # $URL: http://ipkungfu.ufsoft.org/svn/tags/ipkungfu-0.6.1/ipkungfu.in $ # $LastChangedDate: 2007-01-21 14:23:37 -0600 (Sun, 21 Jan 2007) $ # $Rev: 160 $ # $LastChangedBy: trappist $ # ========================================================================= ########################################################################### # # # Copyright © 2002 by Rocco Stanzione # # # # This program is free software; you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation; either version 2 of the License, or # # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # ########################################################################### # ------------------------------------------------------------------------- # vim: set tabstop=4 # vim: set shiftwidth=4 # vim: set foldmethod=marker # ------------------------------------------------------------------------- IPKF_VERSION="@PACKAGE_VERSION@" IPKUNGFU="$0" IPKUNGFU_BINS_PATH="$(dirname $0)" # System Binaries path provided by autoconf. # ------------------------------------------------------------------------- IPTABLES="@IPTABLES@" MD5SUM="@MD5SUM@" MODPROBE="@MODPROBE@" SU="@SU@" KILLALL="@KILLALL@" NETSTAT="@NETSTAT@" CHOWN="@CHOWN@" LSMOD="@LSMOD@" DEPMOD="@DEPMOD@" RMMOD="@RMMOD@" # ------------------------------------------------------------------------- # End of System Binaries Path provided by autoconf. # Ipkungfu ETC and CACHE dir # ------------------------------------------------------------------------- IPK_ETC_DIR="/etc/ipkungfu" IPK_CACHE_DIR="$IPK_ETC_DIR/cache" # ------------------------------------------------------------------------- # Files to check ipkungfu's runtime behaviour # ------------------------------------------------------------------------- NOT_THE_FIRST_RUN="$IPK_CACHE_DIR/not-the-first-run.rnd" NO_DEPRECATION_WARNING_FILE="$IPK_CACHE_DIR/no-deprecation-check.rnd" # ------------------------------------------------------------------------- # Path to files needed by ipkungfu # ------------------------------------------------------------------------- IPK_MD5_SIG_FILE="$IPK_CACHE_DIR/ipkungfu.md5" BEHAVIOUR_MD5_SIG_FILE="$IPK_CACHE_DIR/behaviour_files.md5" PROC_CACHE_FILE="$IPK_CACHE_DIR/proc.cache" RULES_CACHE_FILE="$IPK_CACHE_DIR/rules.cache" CONFIG_FILES_MD5_SIGS_FILE="$IPK_CACHE_DIR/config_files.md5" # ------------------------------------------------------------------------- # In certain configurations $IP_FORWARD will fail to be set, # so we set it to a default value here. IP_FORWARD="0" if [ -f "$IPK_MD5_SIG_FILE" ]; then IPK_MD5_SIG="$(head -n1 $IPK_MD5_SIG_FILE | awk '{print $1}')" fi # Set some exit codes (To be expanded in 0.7.0) # To follow the C/C++ convention which can be applied to shell scripts, # error codes start at 64. # For any more info, check '/usr/include/sysexits.h' # ------------------------------------------------------------------------- defineExitCodes() { # {{{ Error codes defenition E_CLEAN_EXIT=0 # Clean Exit, same as 'exit 0' E_DIRTY_EXIT=1 # Error happened, same as 'exit 1' E_CREATE_FILE=64 # Error creating file E_DELETE_FILE=65 # Error deleting file E_CLEAN_EXEC=66 # Clean Function Execution E_ANSWER_YES=67 # Yes Answer E_ANSWER_NO=68 # No Answer E_ANSWER_BAD=69 # Bad Answer E_BAD_MD5_CREATE=70 # Error Creating MD5 signature E_GOOD_MD5_CREATE=71 # Good Creation Of MD5 Signature E_BAD_MD5_CHECK=72 # Error Checking MD5 signature E_GOOD_MD5_CHECK=73 # Good Checking Of MD5 signature # }}} } defineExitCodes # ------------------------------------------------------------------------- # End of Exit codes definition defineColours() { RED_COLOUR="\033[1;31m" # Light Red Colour GREEN_COLOUR="\033[1;32m" # Light Green Colour BLUE_COLOUR="\033[1;34m" # Light Blue Colour BRIGHT_COLOUR="\033[1m" # Bright(en) Colour CLOSE_COLOUR="\033[m" # Close Colour } defineColours # We need to check for '--quiet' here because INIT will only be set when # the script passes the 'usage' part, and we will need it before that. if [ "$1" == "--quiet" -o "$1" == "--init" ]; then INIT=1 fi # Set ipkungfu's runtime error log # This shouldn't be done here, and will probably change for 0.7 IPKUNGFU_LOG="$(head -n20 $IPK_ETC_DIR/ipkungfu.conf | grep -v '#' \ | grep 'IPKUNGFU_LOG=')" if [ -z "$IPKUNGFU_LOG" ]; then IPKUNGFU_LOG="/var/log/ipkungfu.log" fi DATE_STRING="+%Y-%m-%d %H:%M:%S" function logError() { if [ "$1" != "" ]; then echo "$(date \"${DATE_STRING}\") - $1" >> ${IPKUNGFU_LOG} fi } # Check to see if the ipkungfu's cache directory exists # {{{ if [ ! -d "$IPK_CACHE_DIR" ]; then if [ "$INIT" != "1" ]; then echo -n "Creating runtime cache directory: " fi # Create the runtime cache directory mkdir $IPK_CACHE_DIR if [ "$?" == "0" ]; then if [ "$INIT" != "1" ]; then echo -n "." fi # Define the permissions to the cache dir # TODO: Should it be 700? chmod 600 $IPK_CACHE_DIR if [ "$?" == "0" ]; then if [ "$INIT" != "1" ]; then echo -e ".${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" fi else if [ "$INIT" != "1" ]; then echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" exit $E_DIRTY_EXIT fi fi else if [ "$INIT" != "1" ]; then echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" fi exit $E_DIRTY_EXIT fi fi # }}} buildBehaviourFilesMD5() { # {{{ create md5 sigs of behaviour files ${MD5SUM} $IPK_CACHE_DIR/*.rnd > $BEHAVIOUR_MD5_SIG_FILE if [ "$?" == "0" ]; then EXIT_CODE=$E_GOOD_MD5_CREATE else EXIT_CODE=$E_BAD_MD5_CREATE fi return $EXIT_CODE # }}} } checkBehaviourFilesMD5() { # {{{ check md5 sigs of behaviour files ${MD5SUM} -c $BEHAVIOUR_MD5_SIG_FILE > /dev/null 2>&1 if [ "$?" == "0" ]; then EXIT_CODE=$E_GOOD_MD5_CHECK else EXIT_CODE=$E_BAD_MD5_CHECK fi return $EXIT_CODE # }}} } checkCacheDir() { # {{{ Check to see if behavioural files were manually tampered if [ -f "$NOT_THE_FIRST_RUN" ]; then if [ ! -f "$BEHAVIOUR_MD5_SIG_FILE" ]; then TAMPERED="TRUE" fi if [ ! -f "$IPK_MD5_SIG_FILE" ]; then TAMPERED="TRUE" fi elif [ -f "$IPK_MD5_SIG_FILE" ]; then if [ ! -f "$NOT_THE_FIRST_RUN" ]; then TAMPERED="TRUE" fi if [ ! -f "$BEHAVIOUR_MD5_SIG_FILE" ]; then TAMPERED="TRUE" fi elif [ -f "$BEHAVIOUR_MD5_SIG_FILE" ]; then if [ ! -f "$IPK_MD5_SIG_FILE" ]; then TAMPERED="TRUE" fi if [ ! -f "$NOT_THE_FIRST_RUN" ]; then TAMPERED="TRUE" fi fi if [ "$TAMPERED" == "TRUE" ]; then echo -e "${RED_COLOUR}Cache dir has been manualy tampered with!" echo -e -n "${CLOSE_COLOUR}ipkungfu won't run anymore, " echo "it's advisable to re-install ipkungfu." exit $E_DIRTY_EXIT fi # }}} } # First we check if /etc/ipkungfu/cache/not-the-first-run.rnd # doesn't exist. if [ ! -f "$NOT_THE_FIRST_RUN" ]; then checkCacheDir if [ "$INIT" != "1" ]; then echo "Since this is the first time ipkungfu is running on your system," echo -n "we will build its own md5sum signature: " fi IPK_MD5_SIG="$(${MD5SUM} $IPKUNGFU)" echo "$IPK_MD5_SIG" > $IPK_MD5_SIG_FILE if [ "$INIT" != "1" ]; then if [ "$?" == "0" ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" else echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" fi echo fi # Now, we'll create 'not-the-first-run.rnd' with a random number # inside followed by ipkungfu's md5 signature so we can have a # valid md5sum signature to later check to see if it has been # tampered. echo "$RANDOM:$(echo $IPK_MD5_SIG | awk '{print $1}')" > $NOT_THE_FIRST_RUN # Now we create the md5 signatures of all *.rnd files on # ipkungfu's cache dir buildBehaviourFilesMD5 # TODO: Check the above function call exit code? else checkCacheDir if [ "$INIT" != "1" ]; then echo -n "Checking integrity: " fi ${MD5SUM} -c $IPK_MD5_SIG_FILE > /dev/null 2>&1 if [ "$?" == "0" ]; then if [ "$INIT" != "1" ]; then echo -n "." fi else if [ "$INIT" != "1" ]; then echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" echo -e "${IPKUNGFU} has been tampered with!" echo -e "It's advisable to re-install ipkungfu!!!" echo -e "Like this, ipkungfu won't run anymore." exit $E_DIRTY_EXIT fi fi RND_FILES_ARRAY="$(cat $BEHAVIOUR_MD5_SIG_FILE | awk '{print $2}')" for rnd_file in $RND_FILES_ARRAY; do if [ "$(head -n1 $rnd_file | cut -d ':' -f2)" == \ "$IPK_MD5_SIG" ]; then if [ "$INIT" != "1" ]; then echo -n "." fi else if [ "$INIT" != "1" ]; then echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" echo "$rnd_file has been tampered" echo "It's advisable to re-install ipkungfu." echo "If the changes we're made by you you can try to" echo "'rm -rf /etc/ipkungfu/cache' and ipkungfu will execute" echo "as if it was the first time." fi exit $E_DIRTY_EXIT fi done checkBehaviourFilesMD5 if [ "$?" == "$E_GOOD_MD5_CHECK" ]; then if [ "$INIT" != "1" ]; then echo -e "${BRIGHT_COLOUR}\tPASSED${CLOSE_COLOUR}" fi else if [ "$INIT" != "1" ]; then echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" echo echo "It's advisable to re-install ipkungfu" echo "$IPKUNGFU was changed" fi exit $E_DIRTY_EXIT fi fi checkAnswer() { # {{{ Check user's answer function if [ "x$1" != "x" ]; then local answer="`echo $1 | tr a-z A-Z`" if [ "$answer" == "N" -o "$answer" == "NO" ]; then exit_code=$E_ANSWER_NO elif [ "$answer" == "Y" -o "$answer" == "YE" -o "$answer" == "YES" ]; then exit_code=$E_ANSWER_YES else exit_code=$E_ANSWER_BAD fi else exit_code=$E_ANSWER_BAD fi return $exit_code # }}} } handleProc() { # {{{ /proc settings echo "$IP_FORWARD" > /proc/sys/net/ipv4/ip_forward echo "$LOG_MARTIANS" > /proc/sys/net/ipv4/conf/all/log_martians echo "$BLOCK_PINGS" > /proc/sys/net/ipv4/icmp_echo_ignore_all if [ ! -z $ICMP_ECHO_IGNORE_BROADCASTS ] ; then # Smurf-proofing echo "$ICMP_ECHO_IGNORE_BROADCASTS" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts else echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts fi # Disable ICMP redirect acceptance. ICMP redirects can be used to # alter your routing tables, possibly to a bad end. echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects # Enable bad error message protection. echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses # Helps slow down DoS attacks echo "$FIN_TIMEOUT" > /proc/sys/net/ipv4/tcp_fin_timeout echo "$TCP_KEEPALIVE" > /proc/sys/net/ipv4/tcp_keepalive_intvl echo "$TCP_KEEPALIVE" > /proc/sys/net/ipv4/tcp_keepalive_time echo "$TCP_WINDOW_SCALING" > /proc/sys/net/ipv4/tcp_window_scaling echo "$TCP_SACK" > /proc/sys/net/ipv4/tcp_sack echo "$MAX_SYN_BACKLOG" > /proc/sys/net/ipv4/tcp_max_syn_backlog if [ -e /proc/sys/net/ipv4/tcp_syncookies ] ; then echo "$SYN_COOKIES" > /proc/sys/net/ipv4/tcp_syncookies 2> /dev/null fi # If enabled, prevents nmap from guessing your uptime echo "$TCP_TIMESTAMPS" > /proc/sys/net/ipv4/tcp_timestamps # ICMP Dead Error Messages protection if [ -e /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses ]; then echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses fi # LooseUDP patch is required by some internet-based games if [ -e /proc/sys/net/ipv4/ip_masq_udp_dloose ]; then if [ "$LOOSE_UDP_PATCH" == "1" ]; then echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose else echo "0" > /proc/sys/net/ipv4/ip_masq_udp_dloose fi fi # Reject source routing if [ -e /proc/sys/net/ipv4/conf/all/accept_source_route ]; then for interface in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo "0" > $interface done fi # Increase the default queuelength. (Kernel Default: 1024) if [ -e /proc/sys/net/ipv4/ipv4/ip_queue_maxlen ]; then if [ ! -z $IP_QUEUE_MAXLEN ] ; then echo "$IP_QUEUE_MAXLEN" > /proc/sys/net/ipv4/ip_queue_maxlen else echo "2048" > /proc/sys/net/ipv4/ip_queue_maxlen fi fi # Prevent IP spoofs for i in /proc/sys/net/ipv4/conf/* ; do echo 1 > $i/rp_filter echo "$LOG_MARTIANS" > $i/log_martians done return $E_CLEAN_EXEC # }}} } # {{{ Build MD5 of config files function buildConfigsMD5() { if [ "$INIT" != 1 ]; then echo -n "Building MD5 hash of config files:" fi ${MD5SUM} ${IPK_ETC_DIR}/*.conf > ${CONFIG_FILES_MD5_SIGS_FILE} if [ $? == 0 ]; then if [ "$INIT" != 1 ]; then echo -e "\t${BRIGHT_COLOUR}OK${CLOSE_COLOUR}" fi else if [ "$INIT" != 1 ]; then echo -e "\t${BRIGHT_COLOUR}FAILED${CLOSE_COLOUR}" fi fi # }}} } function checkConfigsMD5() { # {{{ Check md5 of config files to see if they changed if [ -f "${NOT_THE_FIRST_RUN}" ]; then if [ -e "${CONFIG_FILES_MD5_SIGS_FILE}" ]; then if [ "$INIT" != 1 ]; then echo -n "Checking MD5 Hash of config files:" fi ${MD5SUM} -c ${CONFIG_FILES_MD5_SIGS_FILE} > /dev/null 2>&1 if [ "$?" -eq "0" ]; then if [ "$INIT" != "1" ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" echo -n "Restoring /proc settings from cache:" fi # Restore proc setting from cache source "${PROC_CACHE_FILE}" handleProc if [ "$?" -eq "$E_CLEAN_EXEC" ]; then if [ "$INIT" != "1" ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" fi else if [ "$INIT" != 1 ]; then echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" fi fi # Restore saved iptables rules if [ "$INIT" != 1 ]; then echo -n "Restoring iptables rules from cache:" fi ${IPTABLES}-restore < ${RULES_CACHE_FILE} if [ $? == 0 ]; then if [ "$INIT" != 1 ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" fi exit $E_CLEAN_EXIT else if [ "$INIT" != 1 ]; then echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" fi exit $E_DIRTY_EXIT fi else if [ "$INIT" != 1 ]; then echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" echo -n "Re-" fi buildConfigsMD5 fi else buildConfigsMD5 fi fi # }}} } # {{{ IPKungFu rules caching check # Check to see if we're not passing any argument that needs to ipkungfu to # run all the way, if we are, skip iptables-save/restore. if [ "$1" != "--no-caching" -o "$1" != "--create-services-file" ]; then # Check to see if we're not passing any argument, or if we're # passing '--init' or '--quiet', the only acceptable arguments # to use rules caching, otherwise, skip iptables-save/restore, # It's the only way we can have ipkungfu react to passed arguments. if [ "$1" == "--init" -o "$1" == "--quiet" -o "$1" == "" ]; then # Check to see if there are any cached rules, if there ain't # it's probably the first time ipkungfu is running, otherwise # just check configs MD5 signatures. if [ ! -f "$RULES_CACHE_FILE" ] ; then if [ "$INIT" != 1 ]; then echo "Could not find any cached rules. (First time running?)" echo "iptables-restore functionality is disabled." fi buildConfigsMD5 else checkConfigsMD5 fi fi fi # }}} DATE_STRING="+%Y-%m-%d %H:%M:%S" function logError() { if [ "$1" != "" ]; then echo "`date "${DATE_STRING}"` - $1" >> ${IPKUNGFU_LOG} fi } # {{{ Run pre script if [ -f /etc/ipkungfu/pre.conf ] ; then source /etc/ipkungfu/pre.conf fi # }}} source /etc/ipkungfu/ipkungfu.conf # {{{ Get Variables # Get PATH if [ -z "`grep ^PATH /etc/ipkungfu/ipkungfu.conf`" ] ; then PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin fi # Detect EXT_NET if not specified if [ -z "$EXT_NET" ] ; then EXT_NET=`route -n | grep ^0.0.0.0 | head -n1 | awk '{print $8}'` fi # Detect INT_NET if not defined if [ -z "$INT_NET" ] ; then INT_NET=`echo $(ls /proc/sys/net/ipv4/conf | egrep -v \ "^lo$|^all$|^default$|$EXT_NET" | cut -d/ -f1)` fi if [ -z "$INT_NET" ] ; then INT_NET="lo" fi # Reasonable guess for LOCAL_NET if not defined if [ -z "$LOCAL_NET" ] ; then LOCAL_NET="192.168.0.0/255.255.0.0 10.0.0.0/255.0.0.0" fi LOCAL_NETS=($LOCAL_NET) # Enable internet connection sharing by default if [ "$MASQ_LOCAL_NET" != "0" -a "$GATEWAY" != "0" ] ; then if [ "$INT_NET" != "lo" ] ; then MASQ_LOCAL_NET="1" IP_FORWARD="1" else MASQ_LOCAL_NET="0" IP_FORWARD="0" fi fi # Play nice by default if [ "$BLOCK_PINGS" != "1" ] ; then BLOCK_PINGS="0" fi # Drop naughty packets by default if [ -z "$SUSPECT" ] ; then SUSPECT="DROP" fi if [ -z "$KNOWN_BAD" ] ; then KNOWN_BAD="DROP" fi if [ -z "$PORT_SCAN" ] ; then PORT_SCAN="DROP" fi # Save rules by defalt if [ "$SAVE_RULES" != "0" ] ; then SAVE_RULES="1" fi # Don't get IP of EXT_NET if no method for doing so is specified if [ -z "$GET_IP" ] ; then GET_IP="NONE" fi if [ "$DONT_DROP_IDENTD" != "1" ] ; then DONT_DROP_IDENTD="0" fi # Drop requests from private IPs on EXT_NET if [ "$INT_NET" = "lo" ] ; then DISALLOW_PRIVATE="0" fi if [ "$DISALLOW_PRIVATE" != "0" ] ; then DISALLOW_PRIVATE="1" fi # Enumerate internal interfaces INT_DEV=(${INT_NET}) INT_NET=${INT_DEV[0]} # For backward compatibility # Defaults for Port Cloaking if [ -z "$PORTCLOAK" ] ; then PORTCLOAK="0" fi if [ -z "$CLOAKUSER" ] ; then CLOAKUSER="nobody" fi if [ -z "$DUMMYPORT" ] ; then DUMMYPORT=29800 fi if [ -z "$MAXQUEUE" ] ; then MAXQUEUE=10 fi source /etc/ipkungfu/log.conf # }}} INIT=0 function loadKernelModules() { # {{{ Load Kernel Modules # Needed to initially load modules (from iptables manual example script) ${DEPMOD} -a # In case user hasn't set the modules to load, see if the default # ones exist on the filesystem, and if so load them, else, assume # they're built in. DEFAULT_MODULES_LIST="ip_nat_irc ip_conntrack_ftp ip_nat_ftp ip_conntrack_irc" for default_module in $DEFAULT_MODULES_LIST; do if [ -f $($MODPROBE -la | grep ${default_module}) ]; then $MODPROBE ${default_module} 2>&1 | logError fi done if [ "$MODULES_LIST" != "" ]; then # The user has set MODULES_LIST, so we set the array MODULES_ARRAY=(${MODULES_LIST}) for module in ${MODULES_ARRAY[@]}; do if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/${module}* ]; then if [ -z "`${LSMOD} | grep ${module}`" ] ; then if [ $INIT != 1 ] ; then echo -n -e "Loading ${BRIGHT_COLOUR}${module}${CLOSE_COLOUR} module..." fi $MODPROBE ${module} 2>&1 | logError if [ "$?" == "0" ]; then if [ $INIT != 1 ] ; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" fi else if [ "$INIT" != "1" ] ; then echo "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" else logError "Failed to load ${module}." fi fi else if [ $INIT != 1 ] ; then echo -e "${BRIGHT_COLOUR}${module}${CLOSE_COLOUR} already loaded." fi fi else ERROR_MSG="You're trying to load ${module}, but its not present on your system." logError "${ERROR_MSG}" if [ $INIT != 1 ] ; then echo "${ERROR_MSG}" echo "Perhaps it's not built or it's built into the kernel." echo "Correct MODULES_LIST in ipkungfu.conf and run ipkungfu again." fi fi done fi # }}} } function checkDottedQuad { # {{{ Check for valid IP address QUAD="${1}" OCTETS=(${QUAD//./ }) if [ ${#OCTETS[@]} -ne 4 ] ; then if [ -z "${FAILURE}" ]; then FAILURE="Invalid dotted quad ${QUAD}" fi return 1 fi for OCTET in ${OCTETS[@]}; do if echo "$OCTET" | grep -cq "[^[:digit:]]" ; then FAILURE="Non-decimal in dotted quad ${QUAD}" return 1 elif [ "$OCTET" -lt "0" -o "$OCTET" -gt "255" ]; then FAILURE="Value ${OCTET} out of range 0-255 in dotted quad ${QUAD}" return 1 fi done # }}} } function checkNetmaskCidr { # {{{ check for valid netmask CIDR="${1}" if echo "$CIDR" | grep -cq "[^[:digit:]]"; then FAILURE="Non-decimal in CIDR mask ${CIDR}" return 1 elif [ "$CIDR" -lt "0" -o "$CIDR" -gt "16" ]; then FAILURE="Value ${CIDR} out of range 0-32" return 1 fi # }}} } function checkNetwork { # {{{ Checks config options that involve a host/mask FAILURE="" HOSTMASK=(${1//\// }) HOST=${HOSTMASK[0]} MASK=${HOSTMASK[1]} # Optional: Netfilter assumes /32 if not defined. if ! checkDottedQuad $HOST ; then FAILURE="Network addresses must be in dotted decimal format: ${FAILURE}" return 1 fi if [ -n "$MASK" ] && ! checkNetmaskCidr $MASK && ! checkDottedQuad $MASK ; then FAILURE="Bad netmask ($MASK): ${FAILURE}" return 1 fi # }}} } # {{{ Get IP of external device if [ "$GET_IP" != "NONE" -a "$GET_IP" != "None" -a "$GET_IP" != "none" -a ! -z "$GET_IP" ] ; then if [ "$GET_IP" == "AUTO" -o "$GET_IP" == "Auto" -o "$GET_IP" == "auto" ] ; then inEXT_IP="-d `ifconfig $EXT_NET | grep 'inet addr' | cut -d: -f2 | cut -d ' ' -f1`" outEXT_IP="-s `ifconfig $EXT_NET | grep 'inet addr' | cut -d: -f2 | cut -d ' ' -f1`" EXT_LAN_BCAST="`ifconfig $EXT_NET | grep 'Bcast' | cut -d: -f3 | cut -d ' ' -f1`" EXT_LAN_NET="`route -n | egrep "$EXT_NET$" | cut -d ' ' -f1 | grep -v '0.0.0.0'`/`ifconfig $EXT_NET | grep 'Mask' | cut -d: -f4 | cut -d ' ' -f1`" if [ -z "$1" ] ; then echo "Using external IP address `echo $inEXT_IP | cut -d ' ' -f2`" fi fi else checkNetwork $GET_IP if [ "$?" == "0" ] ; then inEXT_IP="-d $GET_IP" outEXT_IP="-s $GET_IP" else inEXT_IP="" outEXT_IP="" fi fi # }}} if [ -n "$EXT_LAN_NET" -a -n "$EXT_LAN_BCAST" ] ; then if checkNetwork $EXT_LAN_NET && checkNetwork $EXT_LAN_BCAST ; then inEXT_LAN_BCAST="-d $EXT_LAN_BCAST" outEXT_LAN_BCAST="-s $EXT_LAN_NET" else inEXT_LAN_BCAST="" outEXT_LAN_BCAST="" fi fi function delTestChain { # {{{ Flush and delete test chains $IPTABLES -t filter -F SYSTEST $IPTABLES -t filter -X SYSTEST $IPTABLES -t mangle -F SYSTEST $IPTABLES -t mangle -X SYSTEST # }}} } function iptFlush { # {{{ Gets rid of all rules and custom chains if [ $INIT != 1 ] ; then echo "Clearing old chains and tables..." fi cat /proc/net/ip_tables_names | while read table; do $IPTABLES -t $table -L -n | while read c chain rest; do if test "X$c" = "XChain" ; then $IPTABLES -t $table -F $chain fi done $IPTABLES -t $table -X done $IPTABLES -Z $IPTABLES -t nat -Z $IPTABLES -t mangle -Z # }}} } setupLogging() { # {{{ Setup logging if [ "$LOG_FACILITY" == "ulog" -o "$LOG_FACILITY" == "ULOG" -o "$LOG_FACILITY" == "ulogd" -o "$LOG_FACILITY" == "ULOGD" ] ; then LOG_CMD="-m limit --limit ${LOG_FLOOD} -j ULOG" if [ "$LOG_PREFIXES" != "0" ] ; then LOG_CMD="$LOG_CMD --ulog-prefix" fi # TEST_FOR_LOG_SUPPORT=0 else LOG_CMD="-m limit --limit ${LOG_FLOOD} -j LOG" if [ "$LOG_PREFIXES" != "0" ] ; then LOG_CMD="$LOG_CMD --log-prefix" fi # TEST_FOR_LOG_SUPPORT=1 fi # }}} } function fwdPorts { # {{{ Port Forwarding FWT=`grep : /etc/ipkungfu/vhosts.conf | cut -d \# -f1` for NET in ${LOCAL_NETS[@]}; do $IPTABLES -t nat -A PREROUTING -s $NET -d ! $NET -j RETURN done for i in $FWT; do # Set up the variables - this gets pretty convoluted HPD=":" HPDa=":" ALLOWED=`echo $i | cut -d ':' -f 1 | sed s/\!/\!\ /` VHOST=`echo $i | cut -d ':' -f 2` ORIGINAL_PORT=`echo $i | cut -d ':' -f 3 | sed s/-/:/` VHOST_PORT=`echo $i | cut -d ':' -f 4` VHOST_PORTb=`echo $i | cut -d ':' -f 4 | sed s/-/:/` if [ ! -z `echo $VHOST_PORT | grep \-` ] ; then VHOST_PORTa="" HPDa="" else VHOST_PORTa=$VHOST_PORT HPDa=":" fi if [ -z "$VHOST_PORTa" -a -z "$ORIGINAL_PORT" ] ; then HPDa="" fi if [ ! -z "$ORIGINAL_PORT" ] ; then ORIGINAL_PORT="--dport $ORIGINAL_PORT" fi if [ ! -z "$VHOST_PORTb" ] ; then VHOST_PORTb="--dport $VHOST_PORTb" fi PROTO=`echo $i | cut -d ':' -f 5`; if [ -z "$PROTO" -o "$PROTO" == "any" -o "$PROTO" == "both" -o "$PROTO" == "ANY" -o "$PROTO" == "BOTH" ] ; then PROTO="tcp udp" fi for PCOL in $PROTO; do # This is the really important line $IPTABLES -t nat -A PREROUTING -p $PCOL $ORIGINAL_PORT -s $ALLOWED $inEXT_IP -j DNAT --to-destination $VHOST$HPDa$VHOST_PORTa done if [ -z "$inEXT_IP" ] ; then for INT_NET in "${INT_DEV[@]}"; do for PCOL in $PROTO; do # Do it differently if we don't know the external ip address $IPTABLES -t nat -A PREROUTING -p $PCOL $ORIGINAL_PORT -s $ALLOWED -i $INT_NET -j DNAT --to-destination $VHOST$HPDa$VHOST_PORTa done done fi i=0 if [ "$DONT_NAT_LOCAL" != "1" ]; then for INT_NET in "${INT_DEV[@]}"; do LOCAL_IP=`ifconfig $INT_NET | grep 'inet addr' | cut -d: -f2 | cut -d' ' -f1` NET=${LOCAL_NETS[$i]} # This is what allows it to work on the local network $IPTABLES -t nat -A POSTROUTING -p $PCOL $VHOST_PORTb -s $NET -d $VHOST -j SNAT --to-source $LOCAL_IP let "i = $i + 1" done fi if [ $INIT != 1 ] ; then for PCOL in $PROTO; do echo -n "VHost: $VHOST" echo -n ", $PCOL" if [ ! -z "$ORIGINAL_PORT" ] ; then echo -n -e "/${GREEN_COLOUR}`echo $ORIGINAL_PORT | cut -d' ' -f2`${CLOSE_COLOUR}" fi echo -n " to $PCOL" if [ ! -z "$ORIGINAL_PORT" ] ; then echo -n -e "/${GREEN_COLOUR}$VHOST_PORT${CLOSE_COLOUR}" fi echo ", from $ALLOWED" done fi done # }}} } function rdrPorts { # {{{ Port Redirecting RPT=`grep : /etc/ipkungfu/redirect.conf | cut -d \# -f1` for i in $RPT; do PROTO=`echo $i | cut -d ':' -f1` ORIGINAL_PORT=`echo $i | cut -d ':' -f2` NEWPORT=`echo $i | cut -d ':' -f3` DIRECTION=`echo $i | cut -d ':' -f4` if [ $INIT != 1 ] ; then echo -e "Redirecting ${GREEN_COLOUR}${ORIGINAL_PORT}/$PROTO${CLOSE_COLOUR} to ${GREEN_COLOUR}${NEWPORT}${CLOSE_COLOUR}" fi if [ -z "$DIRECTION" ] ; then $IPTABLES -t nat -A PREROUTING -p $PROTO --dport $ORIGINAL_PORT -j REDIRECT --to-ports $NEWPORT else if [ "$DIRECTION" == "internal" -o "$DIRECTION" == "INTERNAL" -o "$DIRECTION" == "int" -o "$DIRECTION" == "INT" ] ; then for INT_NET in "${INT_DEV[@]}"; do $IPTABLES -t nat -A PREROUTING -p $PROTO --dport $ORIGINAL_PORT -i $INT_NET -j REDIRECT --to-ports $NEWPORT done else $IPTABLES -t nat -A PREROUTING -p $PROTO --dport $ORIGINAL_PORT -i $EXT_NET -j REDIRECT --to-ports $NEWPORT fi fi done # }}} } function manageForward { # {{{ Manage the FORWARD chain per forward.conf for rule in `grep ':' /etc/ipkungfu/forward.conf | grep -v ^\#`; do FWD_SRC=`echo $rule | cut -d: -f1` FWD_DST=`echo $rule | cut -d: -f2` FWD_PORT=`echo $rule | cut -d: -f3` FWD_PROTO=`echo $rule | cut -d: -f4` FWD_TARGET=`echo $rule | cut -d: -f5` FWD_PREFIX=`echo $rule | cut -d: -f6` COMMAND="$IPTABLES -A FORWARD" if [ ! -z "$FWD_SRC" ] ; then COMMAND="$COMMAND -s $FWD_SRC" fi if [ ! -z "$FWD_DST" ] ; then COMMAND="$COMMAND -d $FWD_DST" fi if [ ! -z "$FWD_PROTO" ] ; then COMMAND="$COMMAND -p $FWD_PROTO" if [ ! -z "$FWD_PORT" ] ; then COMMAND="$COMMAND --dport $FWD_PORT" fi fi if [ "$FWD_TARGET" != "LOG" -a "$FWD_TARGET" != "Log" -a "$FWD_TARGET" != "log" ] ; then COMMAND="$COMMAND -j $FWD_TARGET" else if [ ! -z "$FWD_PREFIX" ] ; then COMMAND="$COMMAND $LOG_CMD $FWD_PREFIX" else COMMAND="$COMMAND $FWD_TARGET" fi fi $COMMAND done # }}} } function ipMasq { # {{{ Masquerading if [ "$MASQ_LOCAL_NET" = "1" ]; then for NET in ${LOCAL_NET[@]}; do $IPTABLES -t nat -A POSTROUTING -o $EXT_NET -s $NET -j MASQUERADE done fi # }}} } # Usage statement is now a function, it respects the blank spaces # with the previous behaviour, it didn't. usage() { # {{{ Usage Statement echo echo -e "${BRIGHT_COLOUR}USAGE:${CLOSE_COLOUR} $IPKUNGFU ${BRIGHT_COLOUR}[option]${CLOSE_COLOUR}" echo " [-c or --check] Check to see if ipkungfu is loaded & mode if any." echo " [-d or --disable] Disable the firewall & set default poilicy to ACCEPT." echo " [--quiet] Run with no standard output." echo " [-h or --help] Display this help message and exit." echo " [-l or --list] Displays the iptables rule sets." echo " [--panic] Shut down all internal and external access." echo " [-t or --test] Test the firewall configuration." echo " [-f or --flush] Flush all rules." echo " [-v or --version] Display the version of ipkungfu and exit." echo " [--show-vars] Show main configuration options, whether specified or detected." echo " [--no-caching] Disable rules caching." echo " [--failsafe] If ipkungfu fails, disable the firewall to prevent loss of remote access." echo " [--create-services-file] It just does what it says in case you disabled the warning." # }}} } # {{{ Get command line option if [ $# -ne 0 ] ; then if [ $# -gt 1 ] ; then echo -e "Please select one option only or none\n" usage exit $E_DIRTY_EXIT fi case "$1" in "--version" | "-v") # {{{ version echo -e "${RED_COLOUR}ipkungfu-$IPKF_VERSION${CLOSE_COLOUR}" exit $E_CLEAN_EXIT ;; # }}} "--show-vars") # {{{ show variables echo "IPTABLES=$IPTABLES" echo "MODPROBE=$MODPROBE" echo "EXT_NET=$EXT_NET" echo "EXT_LAN_NET=$EXT_LAN_NET" echo "EXT_LAN_BCAST=$EXT_LAN_BCAST" echo "ALLOW_EXT_LAN_BCAST=$ALLOW_EXT_LAN_BCAST" echo "INT_NET=$INT_NET" echo "LOCAL_NET=$LOCAL_NET" echo "MASQ_LOCAL_NET=$MASQ_LOCAL_NET" echo "IP_FORWARD=$IP_FORWARD" echo "ALLOWED_TCP_IN=$ALLOWED_TCP_IN" echo "ALLOWED_UDP_IN=$ALLOWED_UDP_IN" echo "FORBIDDEN_PORTS=$FORBIDDEN_PORTS" echo "BLOCK_PINGS=$BLOCK_PINGS" echo "PING_FLOOD=$PING_FLOOD" echo "SUSPECT=$SUSPECT" echo "KNOWN_BAD=$KNOWN_BAD" echo "PORT_SCAN=$PORT_SCAN" echo "GET_IP=$GET_IP" echo "DONT_DROP_IDENTD=$DONT_DROP_IDENTD" echo "DISALLOW_PRIVATE=$DISALLOW_PRIVATE" echo "WAIT_SECONDS=$WAIT_SECONDS" echo "LOG_FACILITY=$LOG_FACILITY" echo "GATEWAY=$GATEWAY" exit $E_CLEAN_EXIT ;; # }}} "--no-caching") # {{{ Disable Rules Caching echo "Rules caching disabled" NO_CACHING="true" ;; # }}} "--list" | "-l") # {{{ list ${IPTABLES}-save | grep -v -e '^#\|COMMIT\|^:\|^\*'|while read line;do echo "${IPTABLES} $line";done exit $E_CLEAN_EXIT ;; # }}} "--test" | "-t") # {{{ test configuration and stop ;; # }}} "--disable" | "-d") # {{{ disable # Checking INIT here because we might have been caled from an # init script, and if so, no output should be done. if [ "$INIT" != "1" ]; then echo -n "Stopping ipkungfu:" fi # Store old init value so we can hardcode INIT's value to # disable output OLD_INIT="$INIT" INIT=1 iptFlush $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT # s0undt3ch #$IPTABLES -P IPK_CHK_TOS ACCEPT echo "$IP_FORWARD" > /proc/sys/net/ipv4/ip_forward rdrPorts fwdPorts ipMasq $IPTABLES -A INPUT -i ${INT_DEV[0]} -s 0.0.0.1 -j LOG --log-prefix "IPKungFu_($1)" # Restoring INIT's value to the initial one INIT="$OLD_INIT" # OLD_INIT is not used anymore, unset it unset OLD_INIT if [ "$INIT" != "1" ]; then echo -e "${GREEN_COLOUR}\tOK${CLOSE_COLOUR}" fi echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all exit $E_CLEAN_EXIT killDummyServer ;; # }}} "--check" | "-c") # {{{ check status if [ -z "`${IPTABLES}-save | grep IPKungFu`" ] ; then echo "IPKungFu does NOT appear to be loaded." else echo -n "IPKungFu is loaded " if [ -z "`${IPTABLES}-save | grep IPKungFu | cut -d '(' -f 2 | cut -d ')' -f 1`" ] ; then echo "" else echo -n "with option " echo "`${IPTABLES}-save | grep IPKungFu | cut -d '(' -f 2 | cut -d ')' -f 1`" fi fi exit $E_CLEAN_EXIT ;; # }}} "--panic") # {{{ drop everything iptFlush $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP echo "0" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ;; # }}} "--init") # {{{ we were probably called from an init script INIT=1 if [ ! -z "$WAIT_SECONDS" ] ; then sleep $WAIT_SECONDS fi ;; # }}} "--quiet") # {{{ quiet INIT=1 ;; # }}} "--help" | "-h") # {{{ help #echo -e $USAGE"\n" usage exit $E_CLEAN_EXIT ;; # }}} "--flush" | "-f") # {{{ flush chains and rules echo "Flushing ALL chains and rules..." iptFlush echo "Done" exit $E_CLEAN_EXIT ;; # }}} "--failsafe") # {{{ Override users Failsafe setting in ipkungfu.conf FAILSAFE=1 # }}} ;; "--create-services-file") # {{{ Create services.conf file CREATE_SERVICES="YES" # }}} ;; *) # {{{ usage statement echo echo -e "ipkungfu: unknown option: ${BRIGHT_COLOUR}$1${CLOSE_COLOUR}" #echo -e $USAGE"\n" usage exit $E_DIRTY_EXIT ;; # }}} esac fi # }}} function configSanityCheck() { # {{{ Configuration Sanity Checks if [ ! -e /etc/ipkungfu/ipkungfu.conf ] ; then # Make sure it's installed echo "/etc/ipkungfu/ipkungfu.conf not found." echo "IPKungFu must be installed before it can be executed." echo "If you have not installed it yet do:" echo " ./configure && make && make install" echo "If this is your first time using IPKungFu on this machine," echo "by default, the configuration files are not in place, so, do:" echo " make install-config" echo "To install the default configuration files." echo "Don't forget to edit them to suite your needs" exit $E_DIRTY_EXIT fi source /etc/ipkungfu/advanced.conf if [ $INIT != 1 ] ; then echo "Checking configuration..." fi if [ "$UID" != "0" ]; then echo -e "${RED_COLOUR}ERROR: Root check FAILED (you MUST be root to use this script)! Quitting...${CLOSE_COLOUR}" exit $E_DIRTY_EXIT fi # It's hard to run an iptables script without iptables... if [ ! -x $IPTABLES ]; then echo -e "${RED_COLOUR}ERROR: Binary \"$IPTABLES\" does not exist or is not executable!${CLOSE_COLOUR}" echo "Please, make sure that IPTABLES is (properly) installed." exit 3 fi # Make sure ipchains isn't loaded, as this causes problems ${RMMOD} ipchains > /dev/null 2>&1 for NET in $LOCAL_NET; do if ! checkNetwork $NET ; then echo "There is a problem with LOCAL_NET in ${IPK_ETC_DIR}/ipkungfu.conf:" echo "$FAILURE" echo "You have $NET" exit $E_DIRTY_EXIT fi done if [ -n "$EXT_LAN_NET" -a -n "$EXT_LAN_BCAST" ] ; then if ! checkNetwork $EXT_LAN_NET ; then echo "There is a problem with EXT_LAN_NET in ${IPK_ETC_DIR}/ipkungfu.conf:" echo "$FAILURE" exit $E_DIRTY_EXIT fi if ! checkNetwork $EXT_LAN_BCAST ; then echo "There is a problem with EXT_LAN_BCAST in ${IPK_ETC_DIR}/ipkungfu.conf:" echo "$FAILURE" exit $E_DIRTY_EXIT fi fi if [ "$SUSPECT" != "DROP" -a "$SUSPECT" != "REJECT" -a "$SUSPECT" != "MIRROR" \ -a "$SUSPECT" != "RETURN" ] ; then echo "Configuration error:" echo "In ${IPK_ETC_DIR}/ipkungfu.conf, SUSPECT must be one of" e1cho "DROP, REJECT, or MIRROR (case sensitive)." echo "You have $SUSPECT." exit $E_DIRTY_EXIT fi if [ "$KNOWN_BAD" != "DROP" -a "$KNOWN_BAD" != "REJECT" -a "$KNOWN_BAD" != "MIRROR" \ -a "$KNOWN_BAD" != "RETURN" ] ; then echo "Configuration error:" echo "In ${IPK_ETC_DIR}/ipkungfu.conf, KNOWN_BAD must be one of" echo "DROP, REJECT, or MIRROR (case sensitive)." echo "You have $KNOWN_BAD." exit $E_DIRTY_EXIT fi if [ "$PORT_SCAN" != "DROP" -a "$PORT_SCAN" != "REJECT" -a "$PORT_SCAN" != "MIRROR" \ -a "$PORT_SCAN" != "TARPIT" -a "$PORT_SCAN" != "RETURN" ] ; then echo "Configuration error:" echo "In ${IPK_ETC_DIR}/ipkungfu.conf, PORT_SCAN must be one of" echo "DROP, REJECT, RETURN, or MIRROR (case sensitive)." echo "You have $PORT_SCAN." exit $E_DIRTY_EXIT fi GOODHOSTS=`grep . ${IPK_ETC_DIR}/accept_hosts.conf | grep : | cut -d \# -f1` for HOST in $GOODHOSTS; do PROTO=`echo $HOST | cut -d: -f3` if [ "$PROTO" != "tcp" -a "$PROTO" != "TCP" -a "$PROTO" != "udp" -a "$PROTO" != "UDP" \ -a ! -z "$PROTO" ] ; then echo "There is a problem in ${IPK_ETC_DIR}/accept_hosts:" echo "Format is host[:port:protocol]" echo "You have $HOST" exit $E_DIRTY_EXIT fi done BADHOSTS=`grep . ${IPK_ETC_DIR}/deny_hosts.conf | grep : | cut -d \# -f1` for HOST in $BADHOSTS; do PROTO=`echo $HOST | cut -d: -f3` if [ "$PROTO" != "tcp" -a "$PROTO" != "TCP" -a "$PROTO" != "udp" -a "$PROTO" != "UDP" \ -a ! -z "$PROTO" ] ; then echo "There is a problem in ${IPK_ETC_DIR}/deny_hosts:" echo "Format is host[:port:protocol]" echo "You have $HOST" exit $E_DIRTY_EXIT fi done LFNUM=`echo $LOG_FLOOD | cut -d / -f1` LFINT=`echo $LOG_FLOOD | cut -d / -f2` if [ -z `echo "$LFNUM" | grep -c "[^[:digit:]]"` ] ; then echo "There is a problem in ${IPK_ETC_DIR}/log.conf:" echo "LOG_FLOOD must be in the format number/interval" echo "where interval is one of s,m,h, or d, or second," echo "minute, hour, or day." echo "You have $LOG_FLOOD" exit $E_DIRTY_EXIT fi if [ "$LFINT" != "s" -a "$LFINT" != "m" -a "$LFINT" != "h" -a "$LFINT" != "d" \ -a "$LFINT" != "second" -a "$LFINT" != "minute" -a "$LFINT" != "hour" -a "$LFINT" != "day" ] ; then echo "There is a problem in ${IPK_ETC_DIR}/log.conf:" echo "LOG_FLOOD must be in the format number/interval" echo "where interval is one of s,m,h, or d, or second," echo "minute, hour, or day." echo "You have $LOG_FLOOD" exit $E_DIRTY_EXIT fi if [ ! -f "${NO_DEPRECATION_WARNING_FILE}" ]; then if [ -f "${IPK_ETC_DIR}/services.conf" ]; then if [ "$ALLOWED_TCP_IN" != "" -o "$ALLOWED_UDP_IN" != "" ]; then TIMELIMIT=30 echo echo -e "${BRIGHT_COLOUR}WARNING:${CLOSE_COLOUR}" echo "You have '${IPK_ETC_DIR}/services.conf' and yet, you still" echo "define ALLOWED_TCP_IN or ALLOWED_UDP_IN." echo echo "As of ipkungfu 0.6.0 both those vars are deprecated and" echo "handled on '${IPK_ETC_DIR}/services.conf'" echo echo "We can re-create your 'services.conf' based on the settings" echo "you have on ALLOWED_TCP_IN and/or ALLOWED_UDP_IN." echo echo "Would you like to take care of this now?" echo "We will wait $TIMELIMIT secconds for your answer(s)." echo echo -n "Answer Yes/No [Default: no]: " read -t $TIMELIMIT answer_handle <&1 if [ -z "$answer_handle" ]; then answer_handle="no" echo $answer_handle NO_HUMAN_ATTENTION_Q1=true checkAnswer $answer_handle else NO_HUMAN_ATTENTION_Q1=false checkAnswer $answer_handle fi returned=$? if [ "$returned" == "$E_ANSWER_NO" ]; then CREATE_SERVICES="NO" elif [ "$returned" == "$E_ANSWER_YES" ]; then CREATE_SERVICES="YES" else CREATE_SERVICES="BAD" fi fi fi fi } # }}} configSanityCheck echoWrongAnswer() { echo echo "Please answer yes/no only." echo "Re-run ipkungfu to be asked again. Exiting." exit $E_DIRTY_EXIT } if [ ! -f "${NO_DEPRECATION_WARNING_FILE}" ]; then if [ "$CREATE_SERVICES" == "BAD" ]; then echoWrongAnswer fi if [ "$CREATE_SERVICES" == "NO" ]; then echo echo "Would you like to disable this warning?" echo echo -n "Answer Yes/No [Default: no]: " read -t $TIMELIMIT answer_warning <&1 if [ -z "$answer_warning" ]; then answer_warning="no" NO_HUMAN_ATTENTION_Q2=true echo $answer_warning checkAnswer $answer_warning else NO_HUMAN_ATTENTION_Q2=false checkAnswer $answer_warning fi fi returned=$? if [ "$returned" == "$E_ANSWER_BAD" ]; then echoWrongAnswer elif [ "$returned" == "$E_ANSWER_NO" ]; then # Only log if there's no human interaction, like on boot up. if [ "$NO_HUMAN_ATTENTION_Q1" == "true" -a "$NO_HUMAN_ATTENTION_Q2" == "true" ]; then LOG_MESSAGE="ipkungfu needs some human attention, please run it to see what's going on" logError "$LOG_MESSAGE" fi # But since this is critical information, echo it to tty until the warning # is disabled echo echo "Since the answer is 'no', ipkungfu won't run until one of these occurs:" echo "1 - You disable the warning" echo "2 - You transfer you're ALLOWED_TCP_IN and/or ALLOWED_UDP_IN" echo " to services.conf" echo "3 - You let us create your services.conf based on what you have" echo " on ALLOWED_TCP_IN and/or ALLOWED_UDP_IN" exit $E_DIRTY_EXIT elif [ "$returned" == "$E_ANSWER_YES" ]; then echo -n "Disabling the warning:" echo "$RANDOM:$(echo $IPK_MD5_SIG | awk '{print $1}')" > ${NO_DEPRECATION_WARNING_FILE} if [ $? == 0 ]; then echo -n "." else echo -e "\tFAILED" fi buildBehaviourFilesMD5 if [ $? == 0 ]; then echo -e "\tDone" else echo -e "\tFAILED" fi echo "ATTENTION:" echo "Be advised that by disabling the warning it's possible" echo "that some unintended behavior may be introduced to" echo "ipkungfu without warnings." echo echo "We can still create the 'services.conf' file for you," echo "just pass '--create-services-file' to ipkungfu." exit $E_DIRTY_EXIT fi fi if [ "$CREATE_SERVICES" == "YES" ]; then if [ "$ALLOWED_TCP_IN" == "" -a "$ALLOWED_UDP_IN" == "" ]; then echo "ALLOWED_TCP_IN and/or ALLOWED_UDP_IN aren't defined," echo "so, no need to create your services.conf file. Exiting." exit $E_CLEAN_EXIT fi DEF_SERV="# Services needed for TOS." DEF_SERV="$DEF_SERV\n# Do NOT change the list below, unless you run" DEF_SERV="$DEF_SERV these services on different ports," DEF_SERV="$DEF_SERV\n# or you want to accept their traffic. In this" DEF_SERV="$DEF_SERV case add ':ACCEPT' or any" DEF_SERV="$DEF_SERV\n# other valid target." DEF_SERV="$DEF_SERV\n#" DEF_SERV="$DEF_SERV\n# Service Names and Protocols are lowercase," DEF_SERV="$DEF_SERV Targets are UPPERCASE." DEF_SERV="$DEF_SERV\n#" DEF_SERV="$DEF_SERV\n# Example:" DEF_SERV="$DEF_SERV\n# ssh:22:tcp:ACCEPT" DEF_SERV="$DEF_SERV\nftp-data:20:tcp" DEF_SERV="$DEF_SERV\nftp:21:tcp" DEF_SERV="$DEF_SERV\nssh:22:tcp" DEF_SERV="$DEF_SERV\ntelnet:23:tcp" DEF_SERV="$DEF_SERV\nsmtp:25:tcp" DEF_SERV="$DEF_SERV\ndomain:53:tcp" DEF_SERV="$DEF_SERV\nbootps:63:tcp" DEF_SERV="$DEF_SERV\nhttp:80:tcp" DEF_SERV="$DEF_SERV\npop3:110:tcp" DEF_SERV="$DEF_SERV\nauth:113:tcp" DEF_SERV="$DEF_SERV\nntp:123:tcp" DEF_SERV="$DEF_SERV\nimap:143:tcp" DEF_SERV="$DEF_SERV\nhttps:443:tcp" DEF_SERV="$DEF_SERV\nimaps:993:tcp" DEF_SERV="$DEF_SERV\npop3s:995:tcp" DEF_SERV="$DEF_SERV\nsocks:1080:tcp" DEF_SERV="$DEF_SERV\n# Add your services below. The rule is:" DEF_SERV="$DEF_SERV\n# ServiceName:ServicePort:Protocol[:ACCEPT|DROP" DEF_SERV="$DEF_SERV|REJECT|or any valid target)] # extra comments" DEF_SERV="$DEF_SERV\n#" echo -n "Backing ${IPK_ETC_DIR}/services.conf:" SERVICES_BACKUP_FILE="${IPK_ETC_DIR}/services.conf.bak" cp ${IPK_ETC_DIR}/services.conf $SERVICES_BACKUP_FILE if [ $? == 0 ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" echo "It's $SERVICES_BACKUP_FILE" else echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" fi echo -n "Replacing ${IPK_ETC_DIR}/services.conf with the default contents:" $(echo -e $DEF_SERV > ${IPK_ETC_DIR}/services.conf) if [ $? == 0 ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" else echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" fi if [ ! -z "$ALLOWED_TCP_IN" ]; then echo "Taking care of the following TCP ports:" for port_tcp in $ALLOWED_TCP_IN; do echo -n "Port $port_tcp:" if [ "$port_tcp" == "20" ]; then sed -n s/"ftp-data:20:tcp"/"ftp-data:20:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "21" ]; then sed -n s/"ftp:21:tcp"/"ftp:21:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "22" ]; then sed -n s/"ssh:22:tcp"/"ssh:22:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "23" ]; then sed -n s/"telnet:23:tcp"/"telnet:23:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "25" ]; then sed -n s/"smtp:25:tcp"/"smtp:25:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "53" ]; then sed -n s/"domain:53:tcp"/"domain:53:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "63" ]; then sed -n s/"bootps:63:tcp"/"bootps:63:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "80" ]; then sed -n s/"http:80:tcp"/"http:80:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "110" ]; then sed -n s/"pop3:110:tcp"/"pop3:110:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "113" ]; then sed -n s/"auth:113:tcp"/"auth:113:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "123" ]; then sed -n s/"ntp:123:tcp"/"ntp:123:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "143" ]; then sed -n s/"imap:143:tcp"/"imap:143:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "443" ]; then sed -n s/"https:443:tcp"/"https:443:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "993" ]; then sed -n s/"imaps:993:tcp"/"imaps:993:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "995" ]; then sed -n s/"pop3s:995:tcp"/"pop3s:995:tcp:ACCEPT"/g /etc/ipkungfu/services.conf elif [ "$port_tcp" == "1080" ]; then sed -n s/"socks:1080:tcp"/"socks:1080:tcp:ACCEPT"/g /etc/ipkungfu/services.conf else service=`grep "\b$port_tcp/tcp" /etc/services | cut -f1` echo "$service:$port_tcp:tcp:ACCEPT" >> ${IPK_ETC_DIR}/services.conf fi if [ $? == 0 ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" else echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" fi done fi if [ ! -z "$ALLOWED_UDP_IN" ]; then echo "Taking care of the following UDP ports:" for port_udp in $ALLOWED_UDP_IN; do echo -n "Port $port_udp:" service=`grep "\b$port_udp/udp" /etc/services | cut -f1` echo "$service:$port_udp:udp:ACCEPT" >> ${IPK_ETC_DIR}/services.conf if [ $? == 0 ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" else echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" fi done fi if [ ! -z "$ALLOWED_TCP_IN" ]; then echo -n "Commenting out ALLOWED_TCP_IN in ${IPK_ETC_DIR}/ipkungfu.conf" sed -i s/"ALLOWED_TCP_IN=\""/"#ALLOWED_TCP_IN=\""/g ${IPK_ETC_DIR}/ipkungfu.conf if [ $? == 0 ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" else echo -e "${BRIGHT_COLOUR}\tFAILED${CLOSE_COLOUR}" fi fi if [ ! -z "$ALLOWED_UDP_IN" ]; then echo -n "Commenting ALLOWED_UDP_IN in ${IPK_ETC_DIR}/ipkungfu.conf:" sed -i s/"ALLOWED_UDP_IN=\""/"#ALLOWED_UDP_IN=\""/g ${IPK_ETC_DIR}/ipkungfu.conf if [ $? == 0 ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" else echo -e "${BRIGHT_COLOUR}\tFAILED${CLOSE_COLOUR}" fi fi exit $E_CLEAN_EXIT fi loadKernelModules function createTestChain() { # {{{ Create a test chain to work with for system abilities testing $IPTABLES -N SYSTEST && $IPTABLES -t mangle -N SYSTEST if [ "$?" != "0" ] ; then echo echo "ipkungfu can't create new chains or the script was interrupted previously!" echo "Flushing iptables rulesets..." $IPTABLES -F echo "Clearing old chains and tables..." cat /proc/net/ip_tables_names | while read table; do $IPTABLES -t $table -L -n | while read c chain rest; do if test "X$c" = "XChain" ; then $IPTABLES -t $table -F $chain fi done $IPTABLES -t $table -X done if [ "$1" == "--failsafe" -o "$FAILSAFE" == "1" ] ; then echo "" echo -e " ${GREEN_COLOUR}***********${CLOSE_COLOUR}" echo -e " ${GREEN_COLOUR}* WARNING *${CLOSE_COLOUR}" echo -e " ${GREEN_COLOUR}***********${CLOSE_COLOUR}" echo "" echo "ipkungfu has failed - setting policies to ACCEPT" $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT echo "Done. Please check your config and try again." exit $E_DIRTY_EXIT fi fi } # }}} delTestChain createTestChain function testVhostsConfig() { # {{{ Test for valid vhosts config FWT=`grep : /etc/ipkungfu/vhosts.conf | cut -d \# -f 1` for i in $FWT; do HPD=":" HPDa=":" ALLOWED=`echo $i | cut -d ':' -f 1 | sed s/\!/\!\ /` VHOST=`echo $i | cut -d ':' -f 2` OPORT=`echo $i | cut -d ':' -f 3 | sed s/-/:/` VPORT=`echo $i | cut -d ':' -f 4` VPORTb=`echo $i | cut -d ':' -f 4 | sed s/-/:/` if [ ! -z `echo $VHOST_PORT | grep \-` ] ; then VPORTa="" HPDa="" else VPORTa=$VPORT HPDa=":" fi PROTO=`echo $i | cut -d ':' -f 5`; if [ -z "$PROTO" -o "$PROTO" == "any" -o "$PROTO" == "both" \ -o "$PROTO" == "ANY" -o "$PROTO" == "BOTH" ] ; then PROTO="tcp" fi if [ ! -z "$OPORT" ] ; then OPORT="--dport $OPORT" fi $IPTABLES -A SYSTEST -p $PROTO $OPORT -s $ALLOWED -d 0.0.0.1 -j ACCEPT > /dev/null 2>&1 if [ "$?" != "0" ] ; then echo "There is a problem in /etc/ipkungfu/vhosts.conf:" echo "Format is allowedhost:virtualhostIP:originalport:destinationport:protocol" echo "You have $i" exit $E_DIRTY_EXIT fi done } # }}} testVhostsConfig function redirectError { # {{{ Test redirect.conf directives echo "There is a problem in /etc/ipkungfu/redirect.conf:" echo "Format is protocol:originalport:newport" echo "You have $ITEM" exit $E_DIRTY_EXIT # }}} } function killDummyServer { # {{{ find and kill fake server $NETSTAT -tpln | grep dummy_server > /dev/null 2>&1 if [ "$?" = "0" ] ; then $KILLALL dummy_server fi # }}} } function testRedirectsConfig() { # {{{ Test validity of redirect.conf RPT=`grep : /etc/ipkungfu/redirect.conf | cut -d \# -f 1` for ITEM in $RPT; do PROTO=`echo $ITEM | cut -d: -f1` OPORT=`echo $ITEM | cut -d: -f2` DPORT=`echo $ITEM | cut -d: -f3` if [ "$PROTO" != "tcp" -a "$PROTO" != "TCP" -a "$PROTO" != "udp" \ -a "$PROTO" != "UDP" -a ! -z "$PROTO" ] ; then redirectError fi $IPTABLES -A SYSTEST -p tcp --dport $OPORT -j REJECT > /dev/null 2>&1 if [ "$?" != "0" ] ; then redirectError fi $IPTABLES -A SYSTEST -p tcp --dport $DPORT -j REJECT > /dev/null 2>&1 if [ "$?" != "0" ] ; then redirectError fi done } # }}} testRedirectsConfig function testKernelExtras() { # {{{ Test for kernel support for extra features # {{{ Check for ULOG support $IPTABLES -A SYSTEST -j ULOG > /dev/null 2>&1 if [ "$?" = "0" ] ; then HAVE_ULOG="true" # No need to brag about it anymore. It's in the mainline kernel. # if [ $INIT != 1 ] ; then # echo -e " ${BLUE_COLOUR}ULOG${CLOSE_COLOUR} kernel support detected!" # fi else HAVE_ULOG="false" if [ "$TEST_FOR_LOG_SUPPORT" == "0" ] ; then echo "ULOG support not detected! Edit /etc/ipkungfu/log.conf accordingly." echo "Aborting." exit 3 fi fi # }}} # {{{ Check for string matching support $IPTABLES -A SYSTEST -m string --string "test" > /dev/null 2>&1 if [ "$?" = "0" ] ; then HAVE_STRING="true" if [ $INIT != 1 ] ; then echo -e " ${BLUE_COLOUR}String matching${CLOSE_COLOUR} support detected!" fi else HAVE_STRING="false" fi # }}} # {{{ Check for LENGTH support $IPTABLES -A SYSTEST -m length --length 64 -j ACCEPT > /dev/null 2>&1 if [ "$?" == "0" ] ; then HAVE_LENGTH="true" else HAVE_LENGTH="false" fi # }}} # {{{ Check for TOS target support $IPTABLES -t mangle -A SYSTEST -p tcp -d 1.2.3.4 -j TOS --set-tos Minimize-Delay if [ "$?" == "0" ]; then HAVE_TOS_TARGET="true" else HAVE_TOS_TARGET="false" fi # }}} # {{{ Check for LIMIT support $IPTABLES -A SYSTEST -m limit --limit 5/minute --limit-burst 5 -j ACCEPT > /dev/null 2>&1 if [ "$?" != "0" ] ; then HAVE_LIMIT="true" else HAVE_LIMIT="false" fi # }}} # {{{ Check for TTL support $IPTABLES -t mangle -A SYSTEST -j TTL --ttl-set 80 > /dev/null 2>&1 if [ "$?" = "0" ] ; then HAVE_TTL="true" if [ $INIT != 1 ] ; then echo -e " ${BLUE_COLOUR}TTL${CLOSE_COLOUR} support detected!" fi else HAVE_TTL="false" fi # }}} # {{{ Check for unclean support $IPTABLES -A SYSTEST -m unclean > /dev/null 2>&1 if [ "$?" = "0" ] ; then HAVE_UNCLEAN="true" if [ $INIT != 1 ] ; then echo -e " ${BLUE_COLOUR}Unclean${CLOSE_COLOUR} support detected!" fi else HAVE_UNCLEAN="false" fi # }}} # {{{ Check for nth support $IPTABLES -A SYSTEST -m nth > /dev/null 2>&1 if [ "$?" = "0" ] ; then HAVE_NTH="true" if [ $INIT != 1 ] ; then echo -e " ${BLUE_COLOUR}ipt_nth${CLOSE_COLOUR} patch detected!" fi else HAVE_NTH="false" fi # }}} # {{{ Check for 'recent' support $IPTABLES -A SYSTEST -m recent --name test --set > /dev/null 2>&1 if [ "$?" = "0" ] ; then HAVE_RECENT="true" # No need to brag about it anymore. It's in the mainline kernel. # if [ $INIT != 1 ] ; then # echo -e " ${BLUE_COLOUR}RECENT${CLOSE_COLOUR} support detected!" # fi else HAVE_RECENT="false" fi # }}} # {{{ Check for iplimit support $IPTABLES -A SYSTEST -p tcp --dport 1234 -m iplimit --iplimit-above 2 > /dev/null 2>&1 if [ "$?" = "0" ] ; then HAVE_IPLIMIT="true" if [ $INIT != 1 ] ; then echo -e " ${BLUE_COLOUR}iplimit${CLOSE_COLOUR} support detected!" fi else HAVE_IPLIMIT="false" fi # }}} # {{{ Check for psd support $IPTABLES -A SYSTEST -m psd > /dev/null 2>&1 if [ "$?" = "0" ] ; then HAVE_PSD="true" if [ $INIT != 1 ] ; then echo -e " ${BLUE_COLOUR}Advanced Portscan Detection${CLOSE_COLOUR} support detected!" fi else HAVE_PSD="false" fi # }}} # {{{ Check for Time support $IPTABLES -A SYSTEST -m time --timestart 8:00 --timestop 8:01 --days Mon > /dev/null 2>&1 if [ "$?" = "0" ] ; then HAVE_TIME="true" if [ $INIT != 1 ] ; then echo -e " ${BLUE_COLOUR}Time${CLOSE_COLOUR} matching support detected!" fi else HAVE_TIME="false" fi # }}} # {{{ Check for LOG support $IPTABLES -A SYSTEST -j LOG > /dev/null 2>&1 if [ "$?" != "0" ] ; then if [ "$TEST_FOR_LOG_SUPPORT" == "1" ] ; then if [ "$LOG_FACILITY" == "syslog" -o "$LOG_FACILITY" == "SYSLOG" -o "LOG_FACILITY" == "Syslog" ]; then echo "Your kernel lacks LOG support, required by your LOG_FACILITY" echo "setting in log.conf. Aborting." exit 3 fi fi fi # }}} # {{{ Check for stateful matching $IPTABLES -A SYSTEST -m state --state ESTABLISHED -j ACCEPT > /dev/null 2>&1 if [ "$?" != "0" ] ; then echo "Your kernel lacks stateful matching, this would break this script. Aborting." exit 3 fi # }}} # {{{ Check for the limit match $IPTABLES -A SYSTEST -m limit -j ACCEPT > /dev/null 2>&1 if [ "$?" != "0" ] ; then echo "Support not found for limiting needed by this script. Aborting." exit 3 fi # }}} # {{{ Check for MARK packets support $IPTABLES -t mangle -A SYSTEST -p tcp -d 1.2.3.4 -j MARK --set-mark 1 > /dev/null 2>&1 if [ "$?" = "0" ] ; then HAVE_MARK="true" # This is still not used, but here alreaddy ;) if [ $INIT != 1 ] ; then echo -e " ${BLUE_COLOUR}MARK${CLOSE_COLOUR} support detected!" fi else HAVE_MARK="false" fi # }}} } # }}} testKernelExtras # Setup our CMD_LOG setupLogging delTestChain function configTest() { # {{{ Configuration test if [ "$1" = "--test" -o "$1" = "-t" ] ; then echo "Your external interface is: $EXT_NET" for INT_NET in "${INT_DEV[@]}"; do echo "Your internal interface is: $INT_NET" done if [ -n "$EXT_LAN_NET" -a -n "$EXT_LAN_BCAST" ] ; then echo "Your external LAN is: $EXT_LAN_NET, broadcast $EXT_LAN_BCAST" fi echo -n "You " if [ "$ALLOW_EXT_LAN_BCAST" != "1" ] ; then echo -n "do NOT " fi echo "want broadcasts from your external LAN" echo -n "You " if [ "$IP_FORWARD" != "1" ] ; then echo -n "do NOT " fi echo "want IP forwarding" echo -n "You " if [ "$MASQ_LOCAL_NET" != "1" ] ; then echo -n "do NOT " fi echo "want IP masquerading" for NET in ${LOCAL_NETS[@]}; do echo "Your local subnet is $NET" done echo "The following tcp ports will be open: $ALLOWED_TCP_IN" echo "The following udp ports will be open: $ALLOWED_UDP_IN" exit $E_CLEAN_EXIT fi } # }}} configTest logger -p info "Activating ipkungfu" handleProc iptFlush TRUSTED_HOSTS=`grep . /etc/ipkungfu/accept_hosts.conf | cut -d \# -f 1` BADGUY_HOSTS=`grep . /etc/ipkungfu/deny_hosts.conf | cut -d \# -f 1` FORWARD_POLICY=`grep FORWARD_POLICY /etc/ipkungfu/forward.conf | grep -v ^\# | cut -d= -f2` # Set default chain policies $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD $FORWARD_POLICY if [ $INIT != 1 ] ; then echo "Implementing custom rules..." fi source /etc/ipkungfu/custom.conf # Useless rule for checking that ipkungfu is loaded $IPTABLES -A INPUT -i ${INT_DEV[0]} -s 0.0.0.1 -j LOG --log-prefix "IPKF_IPKungFu $1" getServicesValidRules() { # {{{ Gather Valid Rules in services.conf local TMP_SERVICE=`grep . /etc/ipkungfu/services.conf | cut -d "#" -f1` for service in ${TMP_SERVICE}; do SERVICES="$SERVICES $service" done # }}} } getServicesValidRules function badGuys() { # {{{ deal with "badguys" if [ ! -z "$BADGUY_HOSTS" ] ; then if [ $INIT != 1 ] ; then echo "$KNOWN_BAD all traffic from the following hosts/nets:" fi for HOST in $BADGUY_HOSTS; do LINE=`echo $HOST | cut -d ':' -f 2,3 --output-delimiter=QWQ | grep QWQ` if [ ! -z "$LINE" ] ; then DHOST=`echo $HOST | cut -d ':' -f 1` PORT=`echo $HOST | cut -d ':' -f 2 | sed s/-/:/` PROTO=`echo $HOST | cut -d ':' -f 3` $IPTABLES -A INPUT -i $EXT_NET -s $DHOST -p $PROTO --dport $PORT -j $KNOWN_BAD $IPTABLES -A FORWARD -i $EXT_NET -s $DHOST -p $PROTO --dport $PORT -j $KNOWN_BAD if [ $INIT != 1 ] ; then echo -e " ${GREEN_COLOUR}$DHOST:$PORT/$PROTO${CLOSE_COLOUR}" fi else $IPTABLES -A INPUT -s $HOST -i $EXT_NET -j $KNOWN_BAD if [ $INIT != 1 ] ; then echo -e " ${GREEN_COLOUR}$HOST${CLOSE_COLOUR}" fi fi done fi if [ "$HAVE_RECENT" = "true" ]; then $IPTABLES -A INPUT -m recent --name badguy --rcheck --seconds 120 -j $KNOWN_BAD $IPTABLES -A FORWARD -i $EXT_NET -m recent --name badguy --rcheck --seconds 120 -j $KNOWN_BAD for PORT in $FORBIDDEN_PORTS; do $IPTABLES -A INPUT -p tcp -i $EXT_NET --dport $PORT $LOG_CMD "IPKF_BADGUY_on_port $PORT: " $IPTABLES -A FORWARD -p tcp -i $EXT_NET --dport $PORT $LOG_CMD "IPKF_BADGUY_on_port $PORT: " $IPTABLES -A INPUT -p tcp -i $EXT_NET --dport $PORT -m recent --name badguy --set -j $KNOWN_BAD $IPTABLES -A FORWARD -p tcp -i $EXT_NET --dport $PORT -m recent --name badguy --set -j $KNOWN_BAD done fi } # }}} badGuys rdrPorts fwdPorts function trustedHosts() { # {{{ deal with trusted hosts if [ ! -z "$TRUSTED_HOSTS" ] ; then if [ $INIT != 1 ] ; then echo "ACCEPT all connections from the following hosts/nets:" fi for HOST in $TRUSTED_HOSTS; do LINE=`echo $HOST | cut -d ':' -f 2,3 --output-delimiter=QWQ | grep QWQ` if [ ! -z "$LINE" ] ; then THOST=`echo $HOST | cut -d ':' -f 1` PORT=`echo $HOST | cut -d ':' -f 2 | sed s/-/:/` PROTO=`echo $HOST | cut -d ':' -f 3` if [ "$LOG_EST_EXT" == "1" ] ; then $IPTABLES -A INPUT -s $THOST -p $PROTO --dport $PORT $LOG_CMD 'IPKF_New_Connection: ' $IPTABLES -A FORWARD -i $EXT_NET -s $THOST -p $PROTO --dport $PORT $LOG_CMD 'IPKF_New_Connection: ' fi $IPTABLES -A INPUT -s $THOST -p $PROTO --dport $PORT -j ACCEPT $IPTABLES -A FORWARD -i $EXT_NET -s $THOST -p $PROTO --dport $PORT -j ACCEPT if [ $INIT != 1 ] ; then echo -e " ${GREEN_COLOUR}$THOST:$PORT/$PROTO${CLOSE_COLOUR}" fi else if [ "$LOG_EST_EXT" == "1" ] ; then $IPTABLES -A INPUT -s $HOST $LOG_CMD 'IPKF_New_Connection: ' $IPTABLES -A FORWARD -i $EXT_NET -s $HOST $LOG_CMD 'IPKF_New_Connection: ' fi $IPTABLES -A INPUT -s $HOST -j ACCEPT $IPTABLES -A FORWARD -i $EXT_NET -s $HOST -j ACCEPT if [ $INIT != 1 ] ; then echo -e " ${GREEN_COLOUR}$HOST${CLOSE_COLOUR}" fi fi done fi } # }}} trustedHosts ipMasq manageForward if [ "$MASQUERADE_FIX" == "1" ]; then for NET in $LOCAL_NET; do $IPTABLES -I FORWARD -p tcp -o $EXT_NET -s $NET -m state --state INVALID -j REJECT $IPTABLES -I FORWARD -p udp -o $EXT_NET -s $NET -m state --state INVALID -j REJECT done fi function detectPortScans() { # {{{ Attempt to detect port scans if [ "$HAVE_PSD" = "true" ] ; then if [ "$LOG_PORT_SCANS" = "1" ] ; then $IPTABLES -A INPUT -i $EXT_NET -m psd --psd-delay-threshold 2000 $LOG_CMD 'IPKF_PORTSCAN: ' $IPTABLES -A FORWARD -i $EXT_NET -m psd --psd-delay-threshold 2000 $LOG_CMD 'IPKF_PORTSCAN: ' fi if [ "$PORTCLOAK" = "1" ] ; then killDummyServer if [ "$CLOAKUSER" != "nobody" ] ; then $CHOWN $CLOAKUSER $IPKUNGFU_BINS_PATH/dummy_server fi $SU $CLOAKUSER -c "$IPKUNGFU_BINS_PATH/dummy_server $DUMMYPORT $MAXQUEUE &" if [ "$?" = "0" ] ; then $IPTABLES -t nat -A PREROUTING -p tcp -i $EXT_NET -m psd --psd-delay-threshold 2000 \ -j REDIRECT --to-ports $DUMMYPORT else echo "$IPKUNGFU_BINS_PATH/dummy_server could not be started, please check permissions" fi else $IPTABLES -A INPUT -i $EXT_NET -m psd --psd-delay-threshold 2000 -j $PORT_SCAN $IPTABLES -A FORWARD -i $EXT_NET -m psd --psd-delay-threshold 2000 -j $PORT_SCAN fi fi if [ "$LOG_PORT_SCANS" = "1" ] ; then $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags ALL ALL $LOG_CMD 'IPKF_flags_ALL: ' $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags ALL NONE $LOG_CMD 'IPKF_flags_NONE: ' $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags ALL FIN,URG,PSH $LOG_CMD 'IPKF_PORTSCAN_nmap_XMAS: ' $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags ALL FIN $LOG_CMD 'IPKF_PORTSCAN_nmap_FIN: ' $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags SYN,FIN SYN,FIN $LOG_CMD 'IPKF_flags_SYN_FIN: ' $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags SYN,RST SYN,RST $LOG_CMD 'IPKF_flags_SYN_RST: ' $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags ALL SYN,RST,ACK,FIN,URG $LOG_CMD 'IPKF_SYN_RST_ACK_FIN_URG: ' $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE $LOG_CMD 'IPKF_PORTSCAN_nmap_NULL: ' $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags ALL ALL $LOG_CMD 'IPKF_flags_ALL: ' $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags ALL NONE $LOG_CMD 'IPKF_flags_NONE: ' $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags ALL FIN,URG,PSH $LOG_CMD 'IPKF_flags_FIN_URG_PSH: ' $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags ALL FIN $LOG_CMD 'IPKF_PORTSCAN_nmap_XMAS: ' $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags SYN,FIN SYN,FIN $LOG_CMD 'IPKF_flags_SYN_FIN: ' $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags SYN,RST SYN,RST $LOG_CMD 'IPKF_flags_SYN_RST: ' $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags ALL SYN,RST,ACK,FIN,URG $LOG_CMD 'IPKF_SYN_RST_ACK_FIN_URG: ' $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE $LOG_CMD 'IPKF_PORTSCAN_nmap_NULL: ' fi $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags ALL SYN,RST,ACK,FIN,URG -j $PORT_SCAN $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags ALL NONE -j $PORT_SCAN $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags SYN,FIN SYN,FIN -j $PORT_SCAN $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags SYN,RST SYN,RST -j $PORT_SCAN $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags ALL FIN,URG,PSH -j $PORT_SCAN $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags ALL ALL -j $PORT_SCAN $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags ALL FIN -j $PORT_SCAN $IPTABLES -A INPUT -p tcp -i $EXT_NET --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j $PORT_SCAN $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j $PORT_SCAN $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags ALL SYN,RST,ACK,FIN,URG -j $PORT_SCAN $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags ALL NONE -j $PORT_SCAN $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags SYN,FIN SYN,FIN -j $PORT_SCAN $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags SYN,RST SYN,RST -j $PORT_SCAN $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags ALL FIN,URG,PSH -j $PORT_SCAN $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags ALL ALL -j $PORT_SCAN $IPTABLES -A FORWARD -p tcp -i $EXT_NET --tcp-flags ALL FIN -j $PORT_SCAN } # }}} detectPortScans if [ "$BLOCK_PINGS" != "1" ] ; then $IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT fi # {{{ Kill invalid packets (illegal combinations of flags) if [ "$LOG_INVALID" = "1" ] ; then $IPTABLES -A INPUT -m state -p tcp --state INVALID $LOG_CMD 'IPKF_Invalid_TCP_Flag: ' $IPTABLES -A FORWARD -m state -p tcp -i $EXT_NET --state INVALID $LOG_CMD 'IPKF_Invalid_TCP_flag: ' fi $IPTABLES -A FORWARD -m state -i $EXT_NET --state INVALID -j $SUSPECT $IPTABLES -A INPUT -m state --state INVALID -j $SUSPECT # }}} # {{{ Kill and log fragments if [ "$DROP_FRAGMENTS" == "1" ] ; then if [ "$LOG_FRAGMENTS" == "1" ] ; then $IPTABLES -A INPUT -i $EXT_NET -f $LOG_CMD 'IPKF_Fragmented_Packet: ' $IPTABLES -A FORWARD -i $EXT_NET -f $LOG_CMD 'IPKF_Fragmented_Packet: ' fi $IPTABLES -A INPUT -i $EXT_NET -f -j $SUSPECT $IPTABLES -A FORWARD -i $EXT_NET -f -j $SUSPECT fi # }}} # {{{ Drop unclean if [ "$DROP_UNCLEAN" == "1" ] ; then if [ "$HAVE_UNCLEAN" == "true" ] ; then $IPTABLES -A INPUT -i $EXT_NET -m unclean $LOG_CMD 'IPKF_Unclean: ' $IPTABLES -A INPUT -i $EXT_NET -m unclean -j $SUSPECT $IPTABLES -A FORWARD -i $EXT_NET -m unclean $LOG_CMD 'IPKF_Unclean: ' $IPTABLES -A FORWARD -i $EXT_NET -m unclean -j $SUSPECT fi fi # }}} # {{{ Block possibly dangerous ICMP timestamp requests $IPTABLES -A INPUT -p icmp --icmp-type timestamp-request -i $EXT_NET $LOG_CMD 'IPKF_ICMP_Timestamp: ' $IPTABLES -A FORWARD -p icmp --icmp-type timestamp-request -i $EXT_NET $LOG_CMD 'IPKF_ICMP_Timestamp: ' $IPTABLES -A INPUT -p icmp --icmp-type timestamp-request -i $EXT_NET -j $SUSPECT $IPTABLES -A FORWARD -p icmp --icmp-type timestamp-request -i $EXT_NET -j $SUSPECT # }}} # {{{ Prevent SYN-floods $IPTABLES -N syn-flood $IPTABLES -A INPUT -i $EXT_NET -p tcp --syn -j syn-flood $IPTABLES -A FORWARD -i $EXT_NET -p tcp --syn -j syn-flood $IPTABLES -A syn-flood -m limit --limit $SYN_FLOOD/s --limit-burst $SYN_FLOOD_BURST -j RETURN if [ "$LOG_DOS" = "1" ] ; then $IPTABLES -A syn-flood $LOG_CMD 'IPKF_SYN_flood: ' fi $IPTABLES -A syn-flood -j $SUSPECT # }}} $IPTABLES -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # {{{ Accounting chains for allowed ports if [ "$ACCOUNTING" == "1" ] ; then $IPTABLES -N acctin $IPTABLES -N acctout $IPTABLES -I INPUT -j acctin $IPTABLES -I OUTPUT -j acctout fi # }}} # {{{ Make sure NEW tcp connections are SYN packets if [ "$LOG_INVALID" = "1" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW $LOG_CMD 'IPKF_New_Not_SYN: ' $IPTABLES -A FORWARD -i $EXT_NET -p tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW $LOG_CMD 'IPKF_New_Not_SYN: ' fi $IPTABLES -A INPUT -i $EXT_NET -p tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j $SUSPECT $IPTABLES -A FORWARD -i $EXT_NET -p tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j $SUSPECT # }}} # {{{ Drop these tcp ports without logging PORTS=`echo "$DONT_LOG_TCP" | sed 's/\ /,/g' | sed s/-/:/` if [ ! -z "$PORTS" ] ; then if [ "$DONT_LOG_TCP_USE_MULTIPORT" != "0" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p tcp -m multiport --destination-port $PORTS -j $KNOWN_BAD $IPTABLES -A FORWARD -i $EXT_NET -p tcp -m multiport --destination-port $PORTS -j $KNOWN_BAD else for PORT in $DONT_LOG_TCP; do $IPTABLES -A INPUT -i $EXT_NET -p tcp --dport $PORT -j $KNOWN_BAD $IPTABLES -A FORWARD -i $EXT_NET -p tcp --dport $PORT -j $KNOWN_BAD done fi fi # }}} # {{{ Drop these udp ports without logging PORTS=`echo "$DONT_LOG_UDP" | sed 's/\ /,/g' | sed s/-/:/` if [ ! -z "$PORTS" ] ; then if [ "$DONT_LOG_UDP_USE_MULTIPORT" != "0" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p udp -m multiport --destination-port $PORTS -j DROP $IPTABLES -A FORWARD -i $EXT_NET -p udp -m multiport --destination-port $PORTS -j DROP else for PORT in $DONT_LOG_UDP; do $IPTABLES -A INPUT -i $EXT_NET -p tcp --dport $PORT -j $KNOWN_BAD $IPTABLES -A FORWARD -i $EXT_NET -p tcp --dport $PORT -j $KNOWN_BAD done fi fi # }}} # {{{ Prevent Spoofs if [ "$DISALLOW_PRIVATE" == "1" ] ; then $IPTABLES -A INPUT -s 10.0.0.0/255.0.0.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A INPUT -s 172.16.0.0/255.240.0.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A INPUT -s 192.168.0.0/255.255.0.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A INPUT -s 127.0.0.0/255.255.255.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A INPUT -s 169.254.0.0/255.255.0.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A INPUT -s 192.0.2.0/255.255.255.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A INPUT -s 198.18.0.0/255.254.0.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A INPUT -s 255.255.255.255/255.255.255.255 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A FORWARD -s 10.0.0.0/255.0.0.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A FORWARD -s 172.16.0.0/255.240.0.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A FORWARD -s 192.168.0.0/255.255.0.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A FORWARD -s 127.0.0.0/255.255.255.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A FORWARD -s 169.254.0.0/255.255.0.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A FORWARD -s 192.0.2.0/255.255.255.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A FORWARD -s 198.18.0.0/255.254.0.0 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A FORWARD -s 255.255.255.255/255.255.255.255 -i $EXT_NET $LOG_CMD 'IPKF_Spoof: ' $IPTABLES -A INPUT -s 10.0.0.0/255.0.0.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A INPUT -s 172.16.0.0/255.240.0.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A INPUT -s 192.168.0.0/255.255.0.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A INPUT -s 127.0.0.0/255.255.255.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A INPUT -s 169.254.0.0/255.255.0.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A INPUT -s 192.0.2.0/255.255.255.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A INPUT -s 198.18.0.0/255.254.0.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A INPUT -s 255.255.255.255/255.255.255.255 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A FORWARD -s 10.0.0.0/255.0.0.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A FORWARD -s 172.16.0.0/255.240.0.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A FORWARD -s 192.168.0.0/255.255.0.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A FORWARD -s 127.0.0.0/255.255.255.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A FORWARD -s 169.254.0.0/255.255.0.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A FORWARD -s 192.0.2.0/255.255.255.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A FORWARD -s 198.18.0.0/255.254.0.0 -i $EXT_NET -j $KNOWN_BAD $IPTABLES -A FORWARD -s 255.255.255.255/255.255.255.255 -i $EXT_NET -j $KNOWN_BAD fi # }}} # {{{ Allow tcp traffic according to ALLOWED_TCP_IN if [ $INIT != 1 ] ; then if [ ! -z "$ALLOWED_TCP_IN" ] ; then echo "Allowing Incoming TCP Packets to the Following Ports..." fi fi SINGLE_PORTS="$(for i in $ALLOWED_TCP_IN; do echo $i | egrep -v -- ':|-';done)" PORT_RANGES="$(for i in $ALLOWED_TCP_IN; do echo $i | egrep -- ':|-';done | sed s/-/:/g)" if [ ! -z "$SINGLE_PORTS" ] ; then if [ "$LOG_EST_EXT" == "1" ] ; then if [ "$ALLOWED_TCP_IN_USE_MULTIPORT" != "0" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p tcp -m state --state NEW -m multiport \ --destination-port `echo $SINGLE_PORTS | sed 's/\ /,/g'` $LOG_CMD 'IPKF_New_Connection: ' else for PORT in $ALLOWED_TCP_IN; do $IPTABLES -A INPUT -i $EXT_NET -p tcp -m state --state NEW \ --dport $PORT $LOG_CMD 'IPKF_New_Connection: ' done fi fi if [ "$ALLOWED_TCP_IN_USE_MULTIPORT" != "0" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p tcp -m state --state NEW -m multiport \ --destination-port `echo $SINGLE_PORTS | sed 's/\ /,/g'` -j ACCEPT else for PORT in $ALLOWED_TCP_IN; do $IPTABLES -A INPUT -i $EXT_NET -p tcp -m state --state NEW --dport $PORT -j ACCEPT done fi fi if [ "$ACCOUNTING" = "1" ] ; then for PORT in $SINGLE_PORTS; do $IPTABLES -A acctin -p tcp --destination-port $PORT -j RETURN $IPTABLES -A acctout -p tcp --source-port $PORT -j RETURN done fi if [ ! -z "$PORT_RANGES" ] ; then for RANGE in $PORT_RANGES; do if [ "$LOG_EST_EXT" == "1" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p tcp -m state --state NEW -p tcp \ --dport $RANGE $LOG_CMD 'IPKF_New_Connection: ' fi $IPTABLES -A INPUT -i $EXT_NET -p tcp -m state --state NEW --dport $RANGE -j ACCEPT if [ "$ACCOUNTING" = "1" ] ; then $IPTABLES -A acctin -p tcp --destination-port $RANGE -j RETURN $IPTABLES -A acctout -p tcp --source-port $RANGE -j RETURN fi done fi if [ "$PORTCLOAK" = "1" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p tcp -m state --state NEW --dport $DUMMYPORT -j ACCEPT fi if [ $INIT != 1 ] ; then for PORT in $SINGLE_PORTS; do # First check /etc/ipkungfu/services.conf for service name, if not found # fall back to old behaviour. service=`grep . /etc/ipkungfu/services.conf | grep $PORT | grep tcp | cut -d ':' -f1` if [ -z "$service" -o "$service" == "" ] ; then service=`grep "\b$PORT/tcp" /etc/services | cut -f1` fi if [ -z "$service" ] ; then service="?" fi echo -e " ${GREEN_COLOUR}$PORT${CLOSE_COLOUR}\t($service)" done for RANGE in $PORT_RANGES; do echo -e " ${GREEN_COLOUR}$RANGE${CLOSE_COLOUR}" done if [ "$PORTCLOAK" = "1" ] ; then echo -e " ${GREEN_COLOUR}$DUMMYPORT${CLOSE_COLOUR}\t(PortCloaking)" fi fi # }}} # {{{ Allow UDP traffic according to ALLOWED_UDP_IN if [ $INIT != 1 ] ; then if [ ! -z "$ALLOWED_UDP_IN" ] ; then echo "Allowing Incoming UDP Packets to the Following Ports..." fi fi SINGLE_PORTS="$(for i in $ALLOWED_UDP_IN; do echo $i | egrep -v -- ':|-';done)" PORT_RANGES="$(for i in $ALLOWED_UDP_IN; do echo $i | egrep -- ':|-';done | sed s/-/:/g)" if [ ! -z "$SINGLE_PORTS" ] ; then if [ "$LOG_EST_EXT" == "1" ] ; then if [ "$ALLOWED_UDP_IN_USE_MULTIPORT" != "0" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p udp -m state --state NEW -m multiport \ --destination-port `echo $SINGLE_PORTS | sed 's/\ /,/g'` $LOG_CMD 'IPKF_New_Connection: ' else for PORT in $ALLOWED_UDP_IN; do $IPTABLES -A INPUT -i $EXT_NET -p udp -m state --state NEW \ --dport $PORT $LOG_CMD 'IPKF_New_Connection: ' done fi fi if [ "$ALLOWED_UDP_IN_USE_MULTIPORT" != "0" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p udp -m state --state NEW -m multiport \ --destination-port `echo $SINGLE_PORTS | sed 's/\ /,/g'` -j ACCEPT else for PORT in $ALLOWED_UDP_IN; do $IPTABLES -A INPUT -i $EXT_NET -p udp -m state --state NEW --dport $PORT -j ACCEPT done fi fi if [ "$ACCOUNTING" = "1" ] ; then for PORT in $SINGLE_PORTS; do $IPTABLES -A acctin -p udp --destination-port $PORT -j RETURN $IPTABLES -A acctout -p udp --source-port $PORT -j RETURN done fi if [ ! -z "$PORT_RANGES" ] ; then for RANGE in $PORT_RANGES; do if [ "$LOG_EST_EXT" == "1" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p udp -m state --state NEW -p tcp \ --dport $RANGE $LOG_CMD 'IPKF_New_Connection: ' $IPTABLES -A INPUT -i $EXT_NET -p udp -m state --state NEW --dport $RANGE -j ACCEPT if [ "$ACCOUNTING" = "1" ] ; then $IPTABLES -A acctin -p udp --destination-port $RANGE -j RETURN $IPTABLES -A acctout -p udp --source-port $RANGE -j RETURN fi fi done fi if [ "$INIT" != "1" ] ; then for PORT in $SINGLE_PORTS; do # First check /etc/ipkungfu/services.conf for service name, if not found # fall back to old behaviour. service=`grep . /etc/ipkungfu/services.conf | grep $PORT | grep udp | cut -d ':' -f1` if [ -z "$service" -o "$service" == "" ] ; then service=`grep "\b$PORT/udp" /etc/services | cut -f1` fi if [ -z "$service" ] ; then service="?" fi echo -e " ${GREEN_COLOUR}$PORT${CLOSE_COLOUR}\t($service)" done for RANGE in $PORT_RANGES; do echo -e " ${GREEN_COLOUR}$RANGE${CLOSE_COLOUR}" done fi # }}} handleServices() { # {{{ Handle services.conf local name_n=4 # Char Lenght of 'Name' local port_n=4 # Char Lenght of 'Port' local target_n=6 # Char Lenght of 'Target' for service in $SERVICES; do if [ "$(echo $service | cut -d ':' -f4)" != "" ]; then local name=$(echo $service | cut -d ':' -f1) local port=$(echo $service | cut -d ':' -f2 | sed s/-/:/g) local proto=$(echo $service | cut -d ':' -f3) local target=$(echo $service | cut -d ':' -f4) if [ "$LOG_EST_EXT" == "1" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p $proto -m state --state NEW \ --dport $port $LOG_CMD 'IPKF_New_Connection: ' fi $IPTABLES -A INPUT -i $EXT_NET -p $proto -m state --state NEW --dport $port -j $target if [ "$ACCOUNTING" = "1" ] ; then $IPTABLES -A acctin -p $proto --destination-port $port -j RETURN $IPTABLES -A acctout -p $proto --source-port $port -j RETURN fi # If not in INIT, then find out longest strings to neat the output if [ "$INIT" != "1" ]; then if [ "$(printf "$name" | wc -m)" -gt "$name_n" ]; then name_n="${#name}" fi if [ "$(printf "$port" | wc -m)" -gt "$port_n" ]; then port_n="${#port}" fi if [ "$(printf "$target" | wc -m)" -gt "$target_n" ]; then target_n="${#target}" fi fi fi done # Start of neat look if [ "$INIT" != "1" ]; then # Do we have any valid rule on services.conf ? # If not, there's no need to run the code bellow if [ "$(grep . /etc/ipkungfu/services.conf | grep -v '#' | \ cut -d ':' -f4)" != "" ]; then echo "Handling Services On The Following Ports..." PORT_LBL="Port" PORT_LBL_L="4" # Loop until both lengths are equal until [ "$PORT_LBL_L" -eq "$port_n" ] do # PORT_LBL_L is already greter than name_n, in this # case we define 'port_n += $NAME_LBL_L - $name_n' # and break out of the loop, else it would be an infinite # loop if [ "$PORT_LBL_L" -gt "$port_n" ]; then let "port_n += $PORT_LBL_L - $port_n" break fi PORT_LBL="${PORT_LBL} " let "PORT_LBL_L += 1" done NAME_LBL="Name" NAME_LBL_L="4" # Loop until both lengths are equal until [ "$NAME_LBL_L" -eq "$name_n" ] do # NAME_LBL_L is already greter than name_n, in this # case we define 'name_n += $NAME_LBL_L - $name_n' # and break out of the loop, else it would be an infinite # loop if [ "$NAME_LBL_L" -gt "$name_n" ]; then let "name_n += $NAME_LBL_L - $name_n" break fi NAME_LBL="$NAME_LBL " let "NAME_LBL_L += 1" done # Case out target is bigger than 6(the lenght of 'Target') # Then take into considerantion yet another loop if [ "$target_n" -gt "6" ]; then TARGET_LBL="Target" TARGET_LBL_L="6" # Loop until both lengths are equal until [ "$TARGET_LBL_L" -eq "$target_n" ] do # TARGET_LBL_L is already greter than name_n, in this # case we define 'target_n += $TARGET_LBL_L - $target_n' # and break out of the loop, else it would be an # infinite loop. # Actually this 'if' sentence doesn't need to be here # because its cheched before we arrive here, but for # the sake of no infinite loops, here it is. if [ "$TARGET_LBL_L" -gt "$target_n" ]; then let "target_n += $TARGET_LBL_L - $target_n" break fi TARGET_LBL="$TARGET_LBL " let "TARGET_LBL_L += 1" done HEADER=" ${PORT_LBL} Protocol ${NAME_LBL} ${TARGET_LBL} " else HEADER=" ${PORT_LBL} Protocol ${NAME_LBL} Target " fi HEADER_L="${#HEADER}" # The shortest header size is 30 chars wide, so we make # ruller 30 '-' wide by default because it will reduce the # until loop time. RULER="------------------------------" RULER_L=30 until [ "$RULER_L" -ge "$HEADER_L" ] do RULER="${RULER}-" let "RULER_L += 1" done echo "$RULER" echo -e "${BRIGHT_COLOUR}${HEADER}${CLOSE_COLOUR}" echo "$RULER" for service in $SERVICES; do if [ "$(echo $service | cut -d ':' -f4)" != "" ]; then local name=$(echo $service | cut -d ':' -f1) local port=$(echo $service | cut -d ':' -f2) local proto=$(echo $service | cut -d ':' -f3) local target=$(echo $service | cut -d ':' -f4) if [ "$name" == "" ]; then name=$(grep "\b$port/tcp" /etc/services | cut -f1) fi if [ -z "$name" ] ; then name="(?)" fi port_l="${#port}" name_l="${#name}" # Loop until both lengths are equal until [ "$port_l" -eq "$port_n" ] do # This check is actually un-necessary, but for the # sake of no infinite loops, it's here. if [ "$port_l" -gt "$port_n" ]; then break fi # Do the resizing port="$port " let "port_l += 1" done # Loop until both lengths are equal until [ "$name_l" -eq "$name_n" ] do # This check is actually un-necessary, but for the # sake of no infinite loops, it's here. if [ "$name_l" -gt "$name_n" ]; then break fi # Do the resizing name="$name " let "name_l += 1" done local output=" ${GREEN_COLOUR}$port $proto " output="${output} ${CLOSE_COLOUR} ${BRIGHT_COLOUR} $name" output="${output} ${BLUE_COLOUR} $target${CLOSE_COLOUR}" echo -e "${output}" fi done echo "$RULER" fi fi # }}} } handleServices # {{{ Allow broadcasts from external LAN if [ "$ALLOW_EXT_LAN_BCAST" == "1" -a -n "$inEXT_LAN_BCAST" -a -n "$outEXT_LAN_BCAST" ] ; then $IPTABLES -A INPUT -i $EXT_NET -p udp $inEXT_LAN_BCAST $outEXT_LAN_BCAST -j ACCEPT fi # }}} # {{{ Allow local traffic $IPTABLES -I INPUT -i lo -m state --state NEW -j ACCEPT i=0 for INT_NET in ${INT_DEV[@]}; do NET=${LOCAL_NETS[$i]} if [ "$LOG_EST_INT" == "1" ] ; then $IPTABLES -I INPUT -m state --state NEW -s $NET -i $INT_NET $LOG_CMD 'IPKF_New_Connection: ' fi $IPTABLES -I INPUT -m state --state NEW -s $NET -i $INT_NET -j ACCEPT if [ "$MASQ_LOCAL_NET" = "1" ] ; then # Set up masquerading for internet connection sharing $IPTABLES -I FORWARD -m state --state NEW -s $NET -i $INT_NET -j ACCEPT fi let "i = $i + 1" done $IPTABLES -A OUTPUT -m state --state NEW -j ACCEPT # }}} # {{{ Gracefully close identd probes if [ "$DONT_DROP_IDENTD" = "1" ] ; then $IPTABLES -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset $IPTABLES -A FORWARD -i $EXT_NET -p tcp --dport 113 -j REJECT --reject-with tcp-reset fi # }}} # {{{ Log new connections to the internal network from the internet. # This shouldn't happen unless you have servers set up in # vhosts.conf or you have one or more public IP addresses # inside your LAN if [ "$LOG_EST_EXT" == "1" ] ; then for NET in ${LOCAL_NETS[@]}; do $IPTABLES -A FORWARD -d $NET -m state --state NEW -p tcp \ --tcp-flags SYN,RST,ACK SYN $LOG_CMD 'IPKF_New_Connection: ' done fi if [ "$LOG_EST_INT" == "1" ] ; then for NET in ${LOCAL_NETS[@]}; do $IPTABLES -A FORWARD -s $NET -m state --state NEW -p tcp \ --tcp-flags SYN,RST,ACK SYN $LOG_CMD 'IPKF_New_Connection: ' done fi # }}} # {{{ Anything not caught by another rule gets caught here if [ "$LOG_CATCH_ALL" = "1" ] ; then $IPTABLES -A INPUT -p ! icmp $LOG_CMD ' IPKF_INPUT_Catch-all: ' fi $IPTABLES -A INPUT -j $SUSPECT # }}} # {{{ Try to foil NAT detection if [ ! -z "$TTL" ] ; then if [ "$HAVE_LENGTH" = "true" ] ; then if [ "$HAVE_TTL" = "true" ] ; then $IPTABLES -t mangle -N NATCLOAK $IPTABLES -t mangle -I POSTROUTING -j NATCLOAK $IPTABLES -t mangle -A NATCLOAK -p udp -m udp --dport 33434:33500 -m length --length 38 -j RETURN $IPTABLES -t mangle -A NATCLOAK -p icmp -m icmp --icmp-type 8 -m length --length 92 -j RETURN $IPTABLES -t mangle -A NATCLOAK -j TTL --ttl-set $TTL else echo -e "${BLUE_COLOUR}Warning:${CLOSE_COLOUR} TTL configured in advanced.conf but not supported by your kernel" fi fi fi # }}} function setServicePortsNeededForTos() { # {{{ Setup the port numbers needed for TOS # {{{ Parse /etc/ipkungfu/services.conf SERVICES_FILE="/etc/ipkungfu/services.conf" SERVICE_FTP_DATA=`grep ^ftp-data: ${SERVICES_FILE} | cut -d: -f2` SERVICE_FTP=`grep ^ftp: ${SERVICES_FILE} | cut -d: -f2` SERVICE_SSH=`grep ^ssh: ${SERVICES_FILE} | cut -d: -f2` SERVICE_TELNET=`grep ^ftp: ${SERVICES_FILE} | cut -d: -f2` SERVICE_SMTP=`grep ^smtp: ${SERVICES_FILE} | cut -d: -f2` SERVICE_DOMAIN=`grep ^domain: ${SERVICES_FILE} | cut -d: -f2` SERVICE_BOOTPS=`grep ^bootps: ${SERVICES_FILE} | cut -d: -f2` SERVICE_HTTP=`grep ^http: ${SERVICES_FILE} | cut -d: -f2` SERVICE_POP3=`grep ^pop3: ${SERVICES_FILE} | cut -d: -f2` SERVICE_AUTH=`grep ^auth: ${SERVICES_FILE} | cut -d: -f2` SERVICE_NTP=`grep ^ntp: ${SERVICES_FILE} | cut -d: -f2` SERVICE_IMAP=`grep ^imap: ${SERVICES_FILE} | cut -d: -f2` SERVICE_HTTPS=`grep ^https: ${SERVICES_FILE} | cut -d: -f2` SERVICE_IMAPS=`grep ^imaps: ${SERVICES_FILE} | cut -d: -f2` SERVICE_POP3S=`grep ^pop3s: ${SERVICES_FILE} | cut -d: -f2` SERVICE_SOCKS=`grep ^socks: ${SERVICES_FILE} | cut -d: -f2` # }}} # {{{ Check to see if they were defined, if not fall trough /etc/services if [ -z "${SERVICE_FTP_DATA}" ]; then SERVICE_FTP_DATA="ftp-data"; fi if [ -z "${SERVICE_FTP}" ]; then SERVICE_FTP="ftp"; fi if [ -z "${SERVICE_SSH}" ]; then SERVICE_SSH="ssh"; fi if [ -z "${SERVICE_TELNET}" ]; then SERVICE_TELNET="telnet"; fi if [ -z "${SERVICE_SMTP}" ]; then SERVICE_SMTP="smtp"; fi if [ -z "${SERVICE_DOMAIN}" ]; then SERVICE_DOMAIN="domain"; fi if [ -z "${SERVICE_BOOTPS}" ]; then SERVICE_BOOTPS="bootps"; fi if [ -z "${SERVICE_HTTP}" ]; then SERVICE_HTTP="http"; fi if [ -z "${SERVICE_POP3}" ]; then SERVICE_POP3="pop3"; fi if [ -z "${SERVICE_AUTH}" ]; then SERVICE_AUTH="auth"; fi if [ -z "${SERVICE_NTP}" ]; then SERVICE_NTP="ntp"; fi if [ -z "${SERVICE_IMAP}" ]; then SERVICE_IMAP="imap"; fi if [ -z "${SERVICE_HTTPS}" ]; then SERVICE_HTTPS="https"; fi if [ -z "${SERVICE_IMAPS}" ]; then SERVICE_IMAPS="imaps"; fi if [ -z "${SERVICE_POP3S}" ]; then SERVICE_POP3S="pop3s"; fi if [ -z "${SERVICE_SOCKS}" ]; then SERVICE_SOCKS="socks"; fi # }}} # }}} } function setOutputTos() { # {{{ OUTPUT - RFC 1060/1349 suggested TOS values $IPTABLES -t mangle -A OUTPUT -p icmp -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_FTP_DATA} -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_FTP} -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_SSH} -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_TELNET} -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_SMTP} -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A OUTPUT -p udp --dport ${SERVICE_DOMAIN} -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_BOOTPS} -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_HTTP} -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_POP3} -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_AUTH} -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_NTP} -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_IMAP} -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_HTTPS} -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_IMAPS} -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_POP3S} -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A OUTPUT -p tcp --dport ${SERVICE_SOCKS} -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A OUTPUT -p tcp --dport 6000:6063 -j TOS --set-tos Maximize-Throughput # }}} } function setInputTos() { # {{{ INPUT - RFC 1060/1349 suggested TOS values # $IPTABLES -t mangle -A INPUT -p tcp --sport 20 -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A INPUT -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput #$IPTABLES -t mangle -A INPUT -p tcp --sport 21 -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A INPUT -p tcp --sport ftp -j TOS --set-tos Minimize-Delay #$IPTABLES -t mangle -A INPUT -p tcp --sport 22 -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A INPUT -p tcp --sport ssh -j TOS --set-tos Minimize-Delay #$IPTABLES -t mangle -A INPUT -p tcp --sport 23 -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A INPUT -p tcp --sport telnet -j TOS --set-tos Minimize-Delay #$IPTABLES -t mangle -A INPUT -p tcp --sport 25 -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A INPUT -p tcp --sport smtp -j TOS --set-tos Minimize-Delay #$IPTABLES -t mangle -A INPUT -p udp --sport 53 -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A INPUT -p udp --sport domain -j TOS --set-tos Maximize-Throughput #$IPTABLES -t mangle -A INPUT -p tcp --sport 67 -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A INPUT -p tcp --sport bootps -j TOS --set-tos Minimize-Delay #$IPTABLES -t mangle -A INPUT -p tcp --sport 80 -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A INPUT -p tcp --sport http -j TOS --set-tos Maximize-Throughput #$IPTABLES -t mangle -A INPUT -p tcp --sport 110 -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A INPUT -p tcp --sport pop3 -j TOS --set-tos Maximize-Throughput #$IPTABLES -t mangle -A INPUT -p tcp --sport 113 -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A INPUT -p tcp --sport auth -j TOS --set-tos Minimize-Delay #$IPTABLES -t mangle -A INPUT -p tcp --sport 123 -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A INPUT -p tcp --sport ntp -j TOS --set-tos Minimize-Delay #$IPTABLES -t mangle -A INPUT -p tcp --sport 143 -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A INPUT -p tcp --sport imap -j TOS --set-tos Maximize-Throughput #$IPTABLES -t mangle -A INPUT -p tcp --sport 443 -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A INPUT -p tcp --sport https -j TOS --set-tos Maximize-Throughput #$IPTABLES -t mangle -A INPUT -p tcp --sport 993 -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A INPUT -p tcp --sport imaps -j TOS --set-tos Maximize-Throughput #$IPTABLES -t mangle -A INPUT -p tcp --sport 995 -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A INPUT -p tcp --sport pop3s -j TOS --set-tos Maximize-Throughput #$IPTABLES -t mangle -A INPUT -p tcp --sport 1080 -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A INPUT -p tcp --sport socks -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A INPUT -p tcp --sport 6000:6063 -j TOS --set-tos Maximize-Throughput # }}} } function correctTos() { # {{{ Correct already set TOS correctLargePacketTos() { # {{{ Correct TOS for large packets with Minimize-Delay $IPTABLES -t mangle -A IPT_CHK_TOS -p tcp -m length --length 0:512 -j RETURN $IPTABLES -t mangle -A IPT_CHK_TOS -p udp -m length --length 0:1024 -j RETURN $IPTABLES -t mangle -A IPT_CHK_TOS -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A IPT_CHK_TOS -j RETURN $IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j IPK_CHK_TOS # }}} } modifyTcpControlPacketTos() { # {{{ Modifying TOS for TCP control packets: (from www.docum.org / Stef Coene) $IPTABLES -t mangle -A IPK_ACK_TOS -m tos --tos ! Normal-Service -j RETURN $IPTABLES -t mangle -A IPK_ACK_TOS -p tcp -m length --length 0:256 -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A IPK_ACK_TOS -p tcp -m length --length 256: -j TOS --set-tos Maximize-Throughput $IPTABLES -t mangle -A IPK_ACK_TOS -j RETURN $IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -j IPK_ACK_TOS # }}} } correctLargePacketTos modifyTcpControlPacketTos # }}} } if [ "$HAVE_TOS_TARGET" == "true" ]; then setServicePortsNeededForTos setOutputTos fi #setInputTos #correctTos # {{{ Run post script if [ -f /etc/ipkungfu/post.conf ] ; then source /etc/ipkungfu/post.conf fi # }}} createProcCache() { # {{{ Create a "cache" file with proc settings echo "IP_FORWARD=$IP_FORWARD" > $PROC_CACHE_FILE echo "LOG_MARTIANS=$LOG_MARTIANS" >> $PROC_CACHE_FILE echo "BLOCK_PINGS=$BLOCK_PINGS" >> $PROC_CACHE_FILE if [ ! -z $ICMP_ECHO_IGNORE_BROADCASTS ] ; then echo "ICMP_ECHO_IGNORE_BROADCASTS=$ICMP_ECHO_IGNORE_BROADCASTS" \ >> $PROC_CACHE_FILE fi echo "FIN_TIMEOUT=$FIN_TIMEOUT" >> $PROC_CACHE_FILE echo "TCP_KEEPALIVE=$TCP_KEEPALIVE" >> $PROC_CACHE_FILE echo "TCP_WINDOW_SCALING=$TCP_WINDOW_SCALING" >> $PROC_CACHE_FILE echo "TCP_SACK=$TCP_SACK" >> $PROC_CACHE_FILE echo "MAX_SYN_BACKLOG=$MAX_SYN_BACKLOG" >> $PROC_CACHE_FILE echo "SYN_COOKIES=$SYN_COOKIES" >> $PROC_CACHE_FILE echo "TCP_TIMESTAMPS=$TCP_TIMESTAMPS" >> $PROC_CACHE_FILE echo "LOOSE_UDP_PATCH=$LOOSE_UDP_PATCH" >> $PROC_CACHE_FILE if [ ! -z $IP_QUEUE_MAXLEN ] ; then echo "IP_QUEUE_MAXLEN=$IP_QUEUE_MAXLEN" >> $PROC_CACHE_FILE fi return $E_CLEAN_EXEC # }}} } createRulesCache() { # Create a cache file of iptables rules ${IPTABLES}-save > ${RULES_CACHE_FILE} return $E_CLEAN_EXEC } if [ "${NO_CACHING}" != "true" -o ! -f "$NO_CACHING_FILE" ]; then if [ "$INIT" != 1 ]; then echo -n "Creating proc settings cache:" fi createProcCache if [ $? == $E_CLEAN_EXEC ]; then if [ "$INIT" != 1 ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" fi else if [ "$INIT" != 1 ]; then echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" fi fi if [ "$INIT" != 1 ]; then echo -n "Creating iptables rules cache:" fi createRulesCache if [ $? == $E_CLEAN_EXEC ]; then if [ "$INIT" != 1 ]; then echo -e "${BRIGHT_COLOUR}\tOK${CLOSE_COLOUR}" fi else if [ "$INIT" != 1 ]; then echo -e "${RED_COLOUR}\tFAILED${CLOSE_COLOUR}" fi fi else if [ "$INIT" != 1 ]; then echo "Skiping Rules Caching!" fi fi # }}} exit $E_CLEAN_EXIT ipkungfu-0.6.1/GPL.txt0000644000175000017500000004313110555031670011456 00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. ipkungfu-0.6.1/Makefile.am0000644000175000017500000000612210555031671012327 00000000000000# ========================================================================= # $Id: Makefile.am 136 2005-12-21 03:44:02Z s0undt3ch $ # ========================================================================= # $URL: http://ipkungfu.ufsoft.org/svn/tags/ipkungfu-0.6.1/Makefile.am $ # $LastChangedDate: 2005-12-20 21:44:02 -0600 (Tue, 20 Dec 2005) $ # $Rev: 136 $ # $LastChangedBy: s0undt3ch $ # ========================================================================= # Define the IPKungFu script to install sbin_SCRIPTS = ipkungfu #ipkungfu_SOURCES = ipkungfu.in # Define the dummy_server bin to install sbin_PROGRAMS = dummy_server dummy_server_SOURCES = dummy_server.c # Define our configs to install # We leave it empty so the dir /etc/ipkungfu will be blank but created pkgsysconf_DATA = # Define data going to share pkgdata_DATA = files/conf/accept_hosts.conf \ files/conf/advanced.conf \ files/conf/custom.conf \ files/conf/forward.conf \ files/conf/ipkungfu.conf \ files/conf/log.conf \ files/conf/post.conf \ files/conf/pre.conf \ files/conf/redirect.conf \ files/conf/services.conf \ files/conf/vhosts.conf \ files/rc.ipkungfu # Define the manual to install man_MANS = man/ipkungfu.8 # Define the data dir(share) pkgdoc_DATA = FAQ README AUTHORS COPYING ChangeLog #pkgdata_DATA = FAQ README AUTHORS COPYING ChangeLog # list sources here instead of using the ipkungfu_SOURCES macro EXTRA_DIST=GPL.txt man/ipkungfu.8 files/rc.ipkungfu \ FAQ NEWS AUTHORS ChangeLog COPYING INSTALL README \ files/conf/accept_hosts.conf \ files/conf/advanced.conf \ files/conf/custom.conf \ files/conf/deny_hosts.conf \ files/conf/forward.conf \ files/conf/ipkungfu.conf \ files/conf/log.conf \ files/conf/post.conf \ files/conf/pre.conf \ files/conf/redirect.conf \ files/conf/services.conf \ files/conf/vhosts.conf install-config: $(INSTALL_DATA) ${srcdir}/files/conf/accept_hosts.conf $(DESTDIR)$(pkgsysconfdir)/accept_hosts.conf $(INSTALL_DATA) ${srcdir}/files/conf/advanced.conf $(DESTDIR)$(pkgsysconfdir)/advanced.conf $(INSTALL_DATA) ${srcdir}/files/conf/custom.conf $(DESTDIR)$(pkgsysconfdir)/custom.conf $(INSTALL_DATA) ${srcdir}/files/conf/deny_hosts.conf $(DESTDIR)$(pkgsysconfdir)/deny_hosts.conf $(INSTALL_DATA) ${srcdir}/files/conf/forward.conf $(DESTDIR)$(pkgsysconfdir)/forward.conf $(INSTALL_DATA) ${srcdir}/files/conf/ipkungfu.conf $(DESTDIR)$(pkgsysconfdir)/ipkungfu.conf $(INSTALL_DATA) ${srcdir}/files/conf/log.conf $(DESTDIR)$(pkgsysconfdir)/log.conf $(INSTALL_DATA) ${srcdir}/files/conf/post.conf $(DESTDIR)$(pkgsysconfdir)/post.conf $(INSTALL_DATA) ${srcdir}/files/conf/pre.conf $(DESTDIR)$(pkgsysconfdir)/pre.conf $(INSTALL_DATA) ${srcdir}/files/conf/redirect.conf $(DESTDIR)$(pkgsysconfdir)/redirect.conf $(INSTALL_DATA) ${srcdir}/files/conf/services.conf $(DESTDIR)$(pkgsysconfdir)/services.conf $(INSTALL_DATA) ${srcdir}/files/conf/vhosts.conf $(DESTDIR)$(pkgsysconfdir)/vhosts.conf install-exec-hook: @echo Removing ipkungfu cache dir if exists -rm -rf $(DESTDIR)$(pkgsysconfdir)/cache ipkungfu-0.6.1/Makefile.in0000644000175000017500000006424110555031727012350 00000000000000# Makefile.in generated by automake 1.9.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # ========================================================================= # $Id: Makefile.am 136 2005-12-21 03:44:02Z s0undt3ch $ # ========================================================================= # $URL: http://ipkungfu.ufsoft.org/svn/tags/ipkungfu-0.6.1/Makefile.am $ # $LastChangedDate: 2005-12-20 21:44:02 -0600 (Tue, 20 Dec 2005) $ # $Rev: 136 $ # $LastChangedBy: s0undt3ch $ # ========================================================================= srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ top_builddir = . am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd INSTALL = @INSTALL@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : sbin_PROGRAMS = dummy_server$(EXEEXT) subdir = . DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/config.h.in \ $(srcdir)/ipkungfu.in $(top_srcdir)/configure \ $(top_srcdir)/man/ipkungfu.8.in AUTHORS COPYING ChangeLog \ INSTALL NEWS compile depcomp install-sh missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno configure.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = ipkungfu man/ipkungfu.8 am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(sbindir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgdatadir)" \ "$(DESTDIR)$(pkgdocdir)" "$(DESTDIR)$(pkgsysconfdir)" sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(sbin_PROGRAMS) am_dummy_server_OBJECTS = dummy_server.$(OBJEXT) dummy_server_OBJECTS = $(am_dummy_server_OBJECTS) dummy_server_LDADD = $(LDADD) sbinSCRIPT_INSTALL = $(INSTALL_SCRIPT) SCRIPTS = $(sbin_SCRIPTS) DEFAULT_INCLUDES = -I. -I$(srcdir) -I. depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(dummy_server_SOURCES) DIST_SOURCES = $(dummy_server_SOURCES) man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; pkgdataDATA_INSTALL = $(INSTALL_DATA) pkgdocDATA_INSTALL = $(INSTALL_DATA) pkgsysconfDATA_INSTALL = $(INSTALL_DATA) DATA = $(pkgdata_DATA) $(pkgdoc_DATA) $(pkgsysconf_DATA) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ { test ! -d $(distdir) \ || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -fr $(distdir); }; } DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.bz2 GZIP_ENV = --best distuninstallcheck_listfiles = find . -type f -print distcleancheck_listfiles = find . -type f -print pkgdatadir = @pkgdatadir@ ACLOCAL = @ACLOCAL@ AMDEP_FALSE = @AMDEP_FALSE@ AMDEP_TRUE = @AMDEP_TRUE@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CHOWN = @CHOWN@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CUT = @CUT@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DEPMOD = @DEPMOD@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPTABLES = @IPTABLES@ KILLALL = @KILLALL@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LSMOD = @LSMOD@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MD5SUM = @MD5SUM@ MODPROBE = @MODPROBE@ NETSTAT = @NETSTAT@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SU = @SU@ TR = @TR@ VERSION = @VERSION@ ac_ct_CC = @ac_ct_CC@ am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgdocdir = @pkgdocdir@ pkgsysconfdir = @pkgsysconfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ # Define the IPKungFu script to install sbin_SCRIPTS = ipkungfu dummy_server_SOURCES = dummy_server.c # Define our configs to install # We leave it empty so the dir /etc/ipkungfu will be blank but created pkgsysconf_DATA = # Define data going to share pkgdata_DATA = files/conf/accept_hosts.conf \ files/conf/advanced.conf \ files/conf/custom.conf \ files/conf/forward.conf \ files/conf/ipkungfu.conf \ files/conf/log.conf \ files/conf/post.conf \ files/conf/pre.conf \ files/conf/redirect.conf \ files/conf/services.conf \ files/conf/vhosts.conf \ files/rc.ipkungfu # Define the manual to install man_MANS = man/ipkungfu.8 # Define the data dir(share) pkgdoc_DATA = FAQ README AUTHORS COPYING ChangeLog #pkgdata_DATA = FAQ README AUTHORS COPYING ChangeLog # list sources here instead of using the ipkungfu_SOURCES macro EXTRA_DIST = GPL.txt man/ipkungfu.8 files/rc.ipkungfu \ FAQ NEWS AUTHORS ChangeLog COPYING INSTALL README \ files/conf/accept_hosts.conf \ files/conf/advanced.conf \ files/conf/custom.conf \ files/conf/deny_hosts.conf \ files/conf/forward.conf \ files/conf/ipkungfu.conf \ files/conf/log.conf \ files/conf/post.conf \ files/conf/pre.conf \ files/conf/redirect.conf \ files/conf/services.conf \ files/conf/vhosts.conf all: config.h $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: .SUFFIXES: .c .o .obj am--refresh: @: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --gnu '; \ cd $(srcdir) && $(AUTOMAKE) --gnu \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ cd $(top_srcdir) && \ $(AUTOMAKE) --gnu Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: $(am__configure_deps) cd $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) config.h: stamp-h1 @if test ! -f $@; then \ rm -f stamp-h1; \ $(MAKE) stamp-h1; \ else :; fi stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status config.h $(srcdir)/config.h.in: $(am__configure_deps) cd $(top_srcdir) && $(AUTOHEADER) rm -f stamp-h1 touch $@ distclean-hdr: -rm -f config.h stamp-h1 ipkungfu: $(top_builddir)/config.status $(srcdir)/ipkungfu.in cd $(top_builddir) && $(SHELL) ./config.status $@ man/ipkungfu.8: $(top_builddir)/config.status $(top_srcdir)/man/ipkungfu.8.in cd $(top_builddir) && $(SHELL) ./config.status $@ install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(mkdir_p) "$(DESTDIR)$(sbindir)" @list='$(sbin_PROGRAMS)'; for p in $$list; do \ p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ if test -f $$p \ ; then \ f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ echo " $(INSTALL_PROGRAM_ENV) $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ $(INSTALL_PROGRAM_ENV) $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \ else :; fi; \ done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(sbin_PROGRAMS)'; for p in $$list; do \ f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ rm -f "$(DESTDIR)$(sbindir)/$$f"; \ done clean-sbinPROGRAMS: -test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS) dummy_server$(EXEEXT): $(dummy_server_OBJECTS) $(dummy_server_DEPENDENCIES) @rm -f dummy_server$(EXEEXT) $(LINK) $(dummy_server_LDFLAGS) $(dummy_server_OBJECTS) $(dummy_server_LDADD) $(LIBS) install-sbinSCRIPTS: $(sbin_SCRIPTS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(mkdir_p) "$(DESTDIR)$(sbindir)" @list='$(sbin_SCRIPTS)'; for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ if test -f $$d$$p; then \ f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ echo " $(sbinSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ $(sbinSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(sbindir)/$$f"; \ else :; fi; \ done uninstall-sbinSCRIPTS: @$(NORMAL_UNINSTALL) @list='$(sbin_SCRIPTS)'; for p in $$list; do \ f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ rm -f "$(DESTDIR)$(sbindir)/$$f"; \ done mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dummy_server.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`; \ @am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$$depbase.Tpo" -c -o $@ $<; \ @am__fastdepCC_TRUE@ then mv -f "$$depbase.Tpo" "$$depbase.Po"; else rm -f "$$depbase.Tpo"; exit 1; fi @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ $< .c.obj: @am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`; \ @am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$$depbase.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \ @am__fastdepCC_TRUE@ then mv -f "$$depbase.Tpo" "$$depbase.Po"; else rm -f "$$depbase.Tpo"; exit 1; fi @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` uninstall-info-am: install-man8: $(man8_MANS) $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)" @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ case "$$i" in \ *.8*) list="$$list $$i" ;; \ esac; \ done; \ for i in $$list; do \ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ else file=$$i; fi; \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 8*) ;; \ *) ext='8' ;; \ esac; \ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ done uninstall-man8: @$(NORMAL_UNINSTALL) @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ for i in $$l2; do \ case "$$i" in \ *.8*) list="$$list $$i" ;; \ esac; \ done; \ for i in $$list; do \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 8*) ;; \ *) ext='8' ;; \ esac; \ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ inst=`echo $$inst | sed -e 's/^.*\///'`; \ inst=`echo $$inst | sed '$(transform)'`.$$ext; \ echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ done install-pkgdataDATA: $(pkgdata_DATA) @$(NORMAL_INSTALL) test -z "$(pkgdatadir)" || $(mkdir_p) "$(DESTDIR)$(pkgdatadir)" @list='$(pkgdata_DATA)'; for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ f=$(am__strip_dir) \ echo " $(pkgdataDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgdatadir)/$$f'"; \ $(pkgdataDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgdatadir)/$$f"; \ done uninstall-pkgdataDATA: @$(NORMAL_UNINSTALL) @list='$(pkgdata_DATA)'; for p in $$list; do \ f=$(am__strip_dir) \ echo " rm -f '$(DESTDIR)$(pkgdatadir)/$$f'"; \ rm -f "$(DESTDIR)$(pkgdatadir)/$$f"; \ done install-pkgdocDATA: $(pkgdoc_DATA) @$(NORMAL_INSTALL) test -z "$(pkgdocdir)" || $(mkdir_p) "$(DESTDIR)$(pkgdocdir)" @list='$(pkgdoc_DATA)'; for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ f=$(am__strip_dir) \ echo " $(pkgdocDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgdocdir)/$$f'"; \ $(pkgdocDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgdocdir)/$$f"; \ done uninstall-pkgdocDATA: @$(NORMAL_UNINSTALL) @list='$(pkgdoc_DATA)'; for p in $$list; do \ f=$(am__strip_dir) \ echo " rm -f '$(DESTDIR)$(pkgdocdir)/$$f'"; \ rm -f "$(DESTDIR)$(pkgdocdir)/$$f"; \ done install-pkgsysconfDATA: $(pkgsysconf_DATA) @$(NORMAL_INSTALL) test -z "$(pkgsysconfdir)" || $(mkdir_p) "$(DESTDIR)$(pkgsysconfdir)" @list='$(pkgsysconf_DATA)'; for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ f=$(am__strip_dir) \ echo " $(pkgsysconfDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(pkgsysconfdir)/$$f'"; \ $(pkgsysconfDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(pkgsysconfdir)/$$f"; \ done uninstall-pkgsysconfDATA: @$(NORMAL_UNINSTALL) @list='$(pkgsysconf_DATA)'; for p in $$list; do \ f=$(am__strip_dir) \ echo " rm -f '$(DESTDIR)$(pkgsysconfdir)/$$f'"; \ rm -f "$(DESTDIR)$(pkgsysconfdir)/$$f"; \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$tags $$unique; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && cd $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) $$here distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) $(am__remove_distdir) mkdir $(distdir) $(mkdir_p) $(distdir)/. $(distdir)/files $(distdir)/files/conf $(distdir)/man @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ list='$(DISTFILES)'; for file in $$list; do \ case $$file in \ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ esac; \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ if test "$$dir" != "$$file" && test "$$dir" != "."; then \ dir="/$$dir"; \ $(mkdir_p) "$(distdir)$$dir"; \ else \ dir=''; \ fi; \ if test -d $$d/$$file; then \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ fi; \ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ else \ test -f $(distdir)/$$file \ || cp -p $$d/$$file $(distdir)/$$file \ || exit 1; \ fi; \ done -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r $(distdir) dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 $(am__remove_distdir) dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__remove_distdir) dist-shar: distdir shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__remove_distdir) dist dist-all: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 $(am__remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir); chmod a+w $(distdir) mkdir $(distdir)/_build mkdir $(distdir)/_inst chmod a-w $(distdir) dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && cd $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck $(am__remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e '1{h;s/./=/g;p;x;}' -e '$${p;x;}' distuninstallcheck: @cd $(distuninstallcheck_dir) \ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA) config.h installdirs: for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgdatadir)" "$(DESTDIR)$(pkgdocdir)" "$(DESTDIR)$(pkgsysconfdir)"; do \ test -z "$$dir" || $(mkdir_p) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am distclean: distclean-am -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-hdr distclean-tags dvi: dvi-am dvi-am: html: html-am info: info-am info-am: install-data-am: install-man install-pkgdataDATA install-pkgdocDATA \ install-pkgsysconfDATA install-exec-am: install-sbinPROGRAMS install-sbinSCRIPTS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook install-info: install-info-am install-man: install-man8 installcheck-am: maintainer-clean: maintainer-clean-am -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-info-am uninstall-man uninstall-pkgdataDATA \ uninstall-pkgdocDATA uninstall-pkgsysconfDATA \ uninstall-sbinPROGRAMS uninstall-sbinSCRIPTS uninstall-man: uninstall-man8 .PHONY: CTAGS GTAGS all all-am am--refresh check check-am clean \ clean-generic clean-sbinPROGRAMS ctags dist dist-all \ dist-bzip2 dist-gzip dist-shar dist-tarZ dist-zip distcheck \ distclean distclean-compile distclean-generic distclean-hdr \ distclean-tags distcleancheck distdir distuninstallcheck dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-exec install-exec-am \ install-exec-hook install-info install-info-am install-man \ install-man8 install-pkgdataDATA install-pkgdocDATA \ install-pkgsysconfDATA install-sbinPROGRAMS \ install-sbinSCRIPTS install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \ ps ps-am tags uninstall uninstall-am uninstall-info-am \ uninstall-man uninstall-man8 uninstall-pkgdataDATA \ uninstall-pkgdocDATA uninstall-pkgsysconfDATA \ uninstall-sbinPROGRAMS uninstall-sbinSCRIPTS install-config: $(INSTALL_DATA) ${srcdir}/files/conf/accept_hosts.conf $(DESTDIR)$(pkgsysconfdir)/accept_hosts.conf $(INSTALL_DATA) ${srcdir}/files/conf/advanced.conf $(DESTDIR)$(pkgsysconfdir)/advanced.conf $(INSTALL_DATA) ${srcdir}/files/conf/custom.conf $(DESTDIR)$(pkgsysconfdir)/custom.conf $(INSTALL_DATA) ${srcdir}/files/conf/deny_hosts.conf $(DESTDIR)$(pkgsysconfdir)/deny_hosts.conf $(INSTALL_DATA) ${srcdir}/files/conf/forward.conf $(DESTDIR)$(pkgsysconfdir)/forward.conf $(INSTALL_DATA) ${srcdir}/files/conf/ipkungfu.conf $(DESTDIR)$(pkgsysconfdir)/ipkungfu.conf $(INSTALL_DATA) ${srcdir}/files/conf/log.conf $(DESTDIR)$(pkgsysconfdir)/log.conf $(INSTALL_DATA) ${srcdir}/files/conf/post.conf $(DESTDIR)$(pkgsysconfdir)/post.conf $(INSTALL_DATA) ${srcdir}/files/conf/pre.conf $(DESTDIR)$(pkgsysconfdir)/pre.conf $(INSTALL_DATA) ${srcdir}/files/conf/redirect.conf $(DESTDIR)$(pkgsysconfdir)/redirect.conf $(INSTALL_DATA) ${srcdir}/files/conf/services.conf $(DESTDIR)$(pkgsysconfdir)/services.conf $(INSTALL_DATA) ${srcdir}/files/conf/vhosts.conf $(DESTDIR)$(pkgsysconfdir)/vhosts.conf install-exec-hook: @echo Removing ipkungfu cache dir if exists -rm -rf $(DESTDIR)$(pkgsysconfdir)/cache # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: ipkungfu-0.6.1/config.h.in0000644000175000017500000000377410555031726012331 00000000000000/* config.h.in. Generated from configure.ac by autoheader. */ /* Define to 1 if you have the header file. */ #undef HAVE_ARPA_INET_H /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H /* Define to 1 if you have the `memset' function. */ #undef HAVE_MEMSET /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_IN_H /* Define to 1 if you have the `socket' function. */ #undef HAVE_SOCKET /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if you have the `strtol' function. */ #undef HAVE_STRTOL /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SOCKET_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have that is POSIX.1 compatible. */ #undef HAVE_SYS_WAIT_H /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Define to 1 if your C compiler doesn't accept -c and -o together. */ #undef NO_MINUS_C_MINUS_O /* Name of package */ #undef PACKAGE /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the version of this package. */ #undef PACKAGE_VERSION /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Version number of package */ #undef VERSION ipkungfu-0.6.1/AUTHORS0000644000175000017500000000040010555031671011334 00000000000000Author: Rocco Stanzione (trappist) Contributors: Wolf jahhan SiegeX Bruno Torres Hawkwind weeve@gentoo.org Andy Dustman Pedro Algarvio (s0undt3ch) Chandler Carruth (chandlerc) ipkungfu-0.6.1/INSTALL0000644000175000017500000002243210555031727011330 00000000000000Installation Instructions ************************* Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005 Free Software Foundation, Inc. This file is free documentation; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. Basic Installation ================== These are generic installation instructions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that you can run in the future to recreate the current configuration, and a file `config.log' containing compiler output (useful mainly for debugging `configure'). It can also use an optional file (typically called `config.cache' and enabled with `--cache-file=config.cache' or simply `-C') that saves the results of its tests to speed up reconfiguring. (Caching is disabled by default to prevent problems with accidental use of stale cache files.) If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can be considered for the next release. If you are using the cache, and at some point `config.cache' contains results you don't want to keep, you may remove or edit it. The file `configure.ac' (or `configure.in') is used to create `configure' by a program called `autoconf'. You only need `configure.ac' if you want to change it or regenerate `configure' using a newer version of `autoconf'. The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type `./configure' to configure the package for your system. If you're using `csh' on an old version of System V, you might need to type `sh ./configure' instead to prevent `csh' from trying to execute `configure' itself. Running `configure' takes awhile. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with the package. 4. Type `make install' to install the programs and any data files and documentation. 5. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is also a `make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. Compilers and Options ===================== Some systems require unusual options for compilation or linking that the `configure' script does not know about. Run `./configure --help' for details on some of the pertinent environment variables. You can give `configure' initial values for configuration parameters by setting variables in the command line or in the environment. Here is an example: ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their own directory. To do this, you must use a version of `make' that supports the `VPATH' variable, such as GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the source code in the directory that `configure' is in and in `..'. If you have to use a `make' that does not support the `VPATH' variable, you have to compile the package for one architecture at a time in the source code directory. After you have installed the package for one architecture, use `make distclean' before reconfiguring for another architecture. Installation Names ================== By default, `make install' installs the package's commands under `/usr/local/bin', include files under `/usr/local/include', etc. You can specify an installation prefix other than `/usr/local' by giving `configure' the option `--prefix=PREFIX'. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you pass the option `--exec-prefix=PREFIX' to `configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories you can set and what kinds of files go in them. If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. Optional Features ================= Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The `README' should mention any `--enable-' and `--with-' options that the package recognizes. For packages that use the X Window System, `configure' can usually find the X include and library files automatically, but if it doesn't, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. Specifying the System Type ========================== There may be some features `configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the _same_ architectures, `configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the `--build=TYPE' option. TYPE can either be a short name for the system type, such as `sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM where SYSTEM can have one of these forms: OS KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should use the option `--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will eventually be run) with `--host=TYPE'. Sharing Defaults ================ If you want to set default values for `configure' scripts to share, you can create a site shell script called `config.site' that gives default values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the environment passed to `configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set them in the `configure' command line, using `VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc causes the specified `gcc' to be used as the C compiler (unless it is overridden in the site shell script). Here is a another example: /bin/bash ./configure CONFIG_SHELL=/bin/bash Here the `CONFIG_SHELL=/bin/bash' operand causes subsequent configuration-related scripts to be executed by `/bin/bash'. `configure' Invocation ====================== `configure' recognizes the following options to control how it operates. `--help' `-h' Print a summary of the options to `configure', and exit. `--version' `-V' Print the version of Autoconf used to generate the `configure' script, and exit. `--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, traditionally `config.cache'. FILE defaults to `/dev/null' to disable caching. `--config-cache' `-C' Alias for `--cache-file=config.cache'. `--quiet' `--silent' `-q' Do not print messages saying which checks are being made. To suppress all normal output, redirect it to `/dev/null' (any error messages will still be shown). `--srcdir=DIR' Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. ipkungfu-0.6.1/dummy_server.c0000644000175000017500000000551010555031671013160 00000000000000/* ======================================================================== * $Id: dummy_server.c 41 2005-10-30 23:39:47Z s0undt3ch $ * ======================================================================== * $URL: http://ipkungfu.ufsoft.org/svn/tags/ipkungfu-0.6.1/dummy_server.c $ * $LastChangedDate: 2005-10-30 17:39:47 -0600 (Sun, 30 Oct 2005) $ * $Rev: 41 $ * $LastChangedBy: s0undt3ch $ * ======================================================================== */ /* A simple server that binds to * a user-specified port and does nothing */ #include #include #include #include #include #include #include #include #include #include #include void sigchld_handler(int s) { while(waitpid(-1,NULL,WNOHANG) > 0); } void usage(char *progname) { fprintf(stderr, "usage: %s \n",progname ? progname : "" ); } int main(int argc, char *argv[]) { int myport; // the port users will be connecting to int backlog; // how many pending connections queue will hold int sockfd, new_fd; // listen on sock_fd, new connection on new_fd struct sockaddr_in my_addr; // my address information struct sockaddr_in their_addr; // connector's address information int sin_size; struct sigaction sa; int yes=1; if(argc != 3){ // If the correct number of arguments are not passed, show usage() usage(argv[0]); exit(0); } if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("socket"); exit(1); } if (setsockopt(sockfd,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes)) == -1) { perror("setsockopt"); exit(1); } myport = strtol(argv[1],NULL,10); backlog = strtol(argv[2],NULL,10); my_addr.sin_family = AF_INET; // host byte order my_addr.sin_port = htons(myport); // short, network byte order my_addr.sin_addr.s_addr = INADDR_ANY; // automatically fill with my IP memset(&(my_addr.sin_zero), '\0', 8); // zero the rest of the struct if (bind(sockfd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) { perror("bind"); exit(1); } if (listen(sockfd, backlog) == -1) { perror("listen"); exit(1); } sa.sa_handler = sigchld_handler; // reap all dead processes sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; if (sigaction(SIGCHLD, &sa, NULL) == -1) { perror("sigaction"); exit(1); } while(1) { // main accept() loop sin_size = sizeof(struct sockaddr_in); if ((new_fd = accept(sockfd, (struct sockaddr *)&their_addr,&sin_size)) == -1) { perror("accept"); continue; } } return 0; } ipkungfu-0.6.1/ChangeLog0000644000175000017500000003404510555031671012052 00000000000000# ========================================================================= # $Id: ChangeLog 158 2007-01-21 19:44:17Z trappist $ # ========================================================================= --0.6.1-- 15-01-2006: Pedro Algarvio IPKungFu: Updated/Corrected ChangeLog and prepared for bugfix release. 11-09-2006: Rocco Stanzione * FAQ: Add instructions to stop firewall logs to the console. 06-09-2006: Rocco Stanzione * ipkungfu.in Fixed a bug where multiple LOCAL_NETs would throw iptables errors * ipkungfu.8.in Fixes files path --0.6.0-- 04-01-2006: Pedro Algarvio * ChangeLog: Updated Changelog. 04-01-2006: Rocco Stanzione * README, FAQ: Small documentation updates. 20-12-2005: Rocco Stanzione * ipkungfu.in: Fix some typos and a bug reported by dooglus. 18-12-2005: Pedro Algarvio * ipkungfu.in: Fixed a disrespect to the INIT seeting that was causing some output when there should be none. Fixed output that also shouldn't exist introduced by the need to pass only '-c' to the md5sum binary, closes bug #34. Added a check for MARK packets support, closes bug #33. The rule to test TOS support is now done on the SYSTEST chain also. Fixed bug #35, ipkungfu will now stop if it's own md5 sig check fails. Fixed the creation of the services.conf file from the user defined ALLOWED_*_IN. * Makefile.am: Upon 'make install' we now remove /etc/ipkungfu/cache. 13-12-2005: Rocco Stanzione * ipkungfu.in: Fixed a few typos and reword a warning. 08-12-2005: Rocco Stanzione * ipkungfu.in, advanced.conf: Optionally disallow packets from the internal network with state 'INVALID'. On by default and applied only to tcp and udp. 08-12-2005: Pedro Algarvio * ipkungfu.in: IPKungFu no longer sed's himself, instead, it creates some "behaviour files" on the cache dir. * configure.ac: The md5sum binary is now a necessary dependency. 29-11-2005: Pedro Algarvio * ipkungfu.in: On Linux knoppix 3.6, when checking md5 signatures, the md5sum binary didn't accepted --check nor ---status. The solution was to use -c, the short arg for checking, redirect any output to /dev/null and check the exit code of the command to see if the signature check was good. 28-11-2005: Pedro Algarvio * configure.ac: Fixed a problem when using 'make install-config'. If a user just did './configure && make && make install && make install-config', the config files would end up on '/usr/local/etc/ipkungfu/'. Removed some un-necessary text. * ipkungfu.in: Removed some redirects to 'logError()' which were making ipkungfu report wrong '$?' exit codes. Removed some un-necessary bash childs. * files/conf/services.conf: Added an msn messenger example that probably will need to be removed. 27-11-2005: Pedro Algarvio * ipkungfu.in: Removed some un-necessary bash childs. Improved some of the code's readability. Added yet another 'until loop' wich only runs in case the rule target is bigger than 6 chars wide to match the 'Target' header label. 27-11-2005: Rocco Stanzione * ipkungfu.in: Removed some possible infinitive loops. Fixed some typos. 25-11-2005: Pedro Algarvio * ipkungfu.in: IPKungFu now check's it's own md5sum integrity IF it's not the first time it's running. Improved --d|--disable argument of ipkungfu, it should respect the value of INIT, else, the init scripts made by distros will show output when no output should exist. Improved the caching behaviour of IPKungFu. 23-11-2005: Pedro Algarvio * ipkungfu.in: Output is now all ligned up correctly no mater how long or how short the services name and port are. IPKungFu now accepts iptables log messages with blank spaces, for this, fwLog was replaced by setupLogging() which sets up our $LOG_CMD to use on the iptables calls. 22-11-2005: Pedro Algarvio * ipkungfu.in: We now don't use any color-codes to colorize the output of ipkungfu anymore, we use variables to do that for us. So if we want to change a color, we only need to do it in one place. handleAcceptTcpServices and handleAcceptUdpServices don't exist anymore, because they're now treated with handleServices, which was previoulsly known as handleOtherServices. 21-11-2005: Pedro Algarvio * ipkungfu.in: IPKungFu now has the ability to create the services.conf file for the user. 10-11-2005: Pedro Algarvio * services.conf: If a service name is a blank string, ipkungfu will check for it in '/etc/services'. User might want ipkungfu to grab the service name from '/etc/services' instead of 'services.conf'. 09-11-2005: Pedro Algarvio * loadKernelModules(): The default kernel modules will be checked for presence in the filesystem, if found load them, if not found assume they're built into the kernel. This will prevent the output of errors while loading ip_nat_irc, ip_conntrack_ftp, ip_nat_ftp, ip_conntrack_irc, if these are built into the kernel. Fixed error logging support while trying to load kernel modules, was badly redirecting STDERR to our logError() function. * logError(): In case logError() function get's called without any message, it won't log anything. 08-11-2005: Pedro Algarvio * --failsafe argument: Now, passing '--failsafe' will override the users FAILSAFE setting in 'ipkungfu.conf'. 06-11-2005: Rocco Stanzione * TOS Support Check: Added a test for TOS support. 02-11-2005: Pedro Algarvio * Fixed REGEX Expresion: Fixed REGEX Expresion when passing '-l' or '--list' to ipkungfu * configurable list of conntrack modules: Added support to load a configurable list of conntrack modules. * Run-Time Error Logging: Added run-tim error logging support. 26-10-2005 Pedro Algarvio * Iptables Rules Caching Support Added: Added rules caching support to use with iptables-save and iptables-restore, which saves a lot of time loading ipkungfu. 23-10-2005 Pedro Algarvio and Chandler Carruth : * Autonconf support: IPKungFu now support's the GNU Standard. 09-06-2005:Improved checks for valid network addresses thanks to Andy Dustman 09-06-2005:Wow, long time. Make dropping of fragments optional and off by default 06-18-2004:Lots of bugfixes and improvements courtesy of weeve@gentoo.org 03-11-2004:Added a FAQ entry for FXP 01-29-2004:Added a test for iptables in the executable (thanks Hawkwind) 11-29-2003:Fixed a bug in the loading of the ftp nat module 11-21-2003:Use of multiport match is now optional 10-19-2003:Changed shebang line to #!/bin/bash 10-12-2003:Added a test for tcp syncookies support --0.5.2 09-30-2003:Fixed a cosmetic bug in ALLOWED_UDP_IN --0.5.1-- 09-30-2003:Added FAILSAFE config option 09-28-2003:Added test for TTL support 09-27-2003:Smarter autoconfiguration of DISALLOW_PRIVATE 09-25-2003:Added pre- and post- scripts 09-23-2003:Added PATH variable to fix distros like Redhat 09-22-2003:Reduced output verbosity 09-22-2003:Removed string matching rules for now 09-22-2003:Don't log icmp in catch-all 09-20-2003:Added --failsafe option to prevent loss of remote access if ipkungfu fails 09-18-2003:Removed rule saving since we're not doing anything with it yet 09-16-2003:ipkungfu -c no longer takes forever to return results 09-16-2003:Replaced MASQ_LOCAL_NET and IP_FORWARD with GATEWAY in config. MASQ_LOCAL_NET and IP_FORWARD are still used internally 09-12-2003:Fixed vhost output to fit in a nonfb terminal window 09-12-2003:Fixed vhost output to deal with optionally blank ports 09-12-2003:Fixed ulog support detection 09-12-2003:Fixed a small bug in the port redirection code 09-12-2003:New init script by Bruno Torres (thanks!) should work for most distros 09-12-2003:Either Port or Protocol (but not both) can be omitted in vhosts.conf 09-12-2003:Got rid of PARALLEL_HTTP feature 09-02-2003:Added support for port ranges in ALLOWED_*_IN 09-01-2003:Removed FORWARD rules for ALLOWED_*_IN 09-01-2003:Updated icq example in vhosts.conf 08-28-2003:Updated comments and examples in redirect.conf 08-27-2003:Removed PING_FLOOD code - there doesn't seem to be a way to do this the way I want 08-26-2003:Fixed numerous ping issues 08-22-2003:All config options in ipkungfu.conf are now guessed, detected, or have reasonable defaults and are commented out by default 08-22-2003:Stopping ipkungfu now enables ping 08-22-2003:Added output for port redirection 08-22-2003:No longer aborts for lack of LOG target support if LOG_FACILITY=ulog 08-22-2003:Added RFC compliant list of IP ranges to reject from EXT_NET if DISALLOW_PRIVATE=1 08-22-2003:Added optional wait time for init to work around mysterious kernel panics 08-22-2003:Better way to modprobe irc and ftp conntrack modules 08-22-2003:Added --show-vars command line option --0.5.0-- 05-26-2003:Path to executable is a variable in the init script to make life easier for packagers 05-22-2003:Added 'RETURN' as a valid target for SUSPECT, KNOWN_BAD, and PORT_SCAN 05-13-2003:Added option to set TTL on outbound traffic 04-29-2003:Updated installer 04-29-2003:Fixed detection of some nmap portscans, courtesy of SiegeX 04-29-2003:Numerous small bugfixes, courtesy of SiegeX 04-29-2003:Added syncookie support 04-18-2003:Applied deny_hosts.conf to the FORWARD chain 04-15-2003:Added --flush option 04-14-2003:Added config option for modprobe path 04-11-2003:Added unclean match support 04-11-2003:Made it possible to have a server on a public IP inside the firewall and have another server on the same port on a private IP inside the firewall 04-11-2003:Added machanism to get external IP address 04-09-2003:Added connection tracking to the FORWARD chain 04-05-2003:Added forward.conf to manage the FORWARD chain 04-05-2003:Added support for networks with public IP addresses inside the firewall 04-05-2003:Added support for filtering outbound traffic from inside the firewall 03-25-2003:Rearranged rules for more effective port scan detection 01-21-2003:Fixed a bad sample rule in custom.conf 01-21-2003:Added additional configuration sanity checks 01-28-2003:Fixed the DONT_LOG options in log.conf --0.4.0-- 01-25-2003:Better (I hope) default settings in conf files 01-25-2003:Fixed installer to install the conf files (oops) 01-25-2003:Added "direction" support in redirect.conf 01-25-2003:Added some new options to log.conf 01-25-2003:Added support for the ULOG target in log.conf 01-24-2003:Added support for multiple internal devices 01-24-2003:Added support for multiple internal subnets --0.3.2-- 01-20-2003:Rewrote installer, which now just copies files and makes no attempt at configuration 01-20-2003:Several bugfixes, comments added 01-19-2003:Port forwarding no longer interferes with outgoing packets 01-12-2003:Fixed some permissions problems 01-12-2003:Fixed installer so custom.conf gets installed 01-12-2003:Fixed a bug that prevents users from opening one port per protocol --0.3.1-- 01-05-2003:Added option to negatively specify hosts in vhosts.conf with a ! --0.3.0-- 01-04-2003:Added support for port ranges in various config files 01-03-2003:Put syn-flood chain back in 12-14-2002:Eliminated syn-flood chain 12-14-2002:Used multiport match to open ports, to cut down on rules 12-14-2002:Removed rules that use external IP address 12-13-2002:Completely rewrote installer to be non-interactive 12-07-2002:Maybe took some hassle out of dcc, needs testing 12-06-2002:Added --quiet option 12-06-2002:Added init script 12-06-2002:Added uninstall script 12-06-2002:Fixed a bug with deny_hosts.conf --0.2.1-- 11-26-2002:Added --help (jahhan) 11-26-2002:Fixed multiple small bugs (jahhan) 11-25-2002:Updated installer 11-25-2002:Added preliminary support for dhcp servers 11-25-2002:Added --log-tcp-options to some relevant logs 11-25-2002:Put much of the code into functions 11-24-2002:Added "IPKF" string to all logs (more greppable) 11-24-2002:Added --panic (no one-letter easy-screwup version) 11-24-2002:Added --version, --list, --check, --disable and 1-letter versions thereof 11-20-2002:Fixed denyhosts bug (thanks martin!) 11-19-2002:Added code to autoload ip_conntrack_irc and ip_nat_irc 11-15-2002:Added option to REJECT identd instead of DROP 11-15-2002:Eliminated some redundant rules --0.2.0-- 11-13-2002:trelane found an installer bug for standalone boxen - fixed 11-12-2002:Removed catch-all rule for the FORWARD chain 11-12-2002:Changed default policy for the FORWARD chain to ACCEPT 11-12-2002:Added preliminary DMZ support 11-12-2002:Added the ability to specify hosts to allow access to vhosts 11-12-2002:Added localhost redirect support 11-12-2002:Added accept_hosts.conf and deny_hosts.conf 11-12-2002:Changed rule-saving to support non-chkconfig-compatible installs 11-12-2002:Changed default policies for OUTPUT and FORWARD to ACCEPT 11-12-2002:Added ToS mangling code 11-12-2002:Improved virtual host redirection support 11-12-2002:Added support for custom rules 11-12-2002:Log verbosity is now configurable 11-12-2002:Additional configuration sanity checks... more still needed 11-12-2002:Added some very nice features borrowed from Arno's iptables-script 11-12-2002:Added interactive installer 11-12-2002:Split into multiple files, executable and config --0.1.1-- 10-20-2002:Added support for multiple virtual hosts (thanks Wolf!) 10-19-2002:Added rule saving for non-chkconfig-friendly distros 10-17-2002:Fixed a rather unfriendly error message 10-10-2002:Fixed dcc bug 10-10-2002:Added --disable command line option 10-10-2002:Removed some redundant rules 10-10-2002:OK so we do need the external IP 09-19-2002:Added Slapper code 09-19-2002:Added changelog :) 09-19-2002:Removed the need to know the IP of the external interface ipkungfu-0.6.1/COPYING0000644000175000017500000000205210555031671011324 00000000000000########################################################################### # # # Copyright © 2002 by Rocco Stanzione # # # # This program is free software; you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation; either version 2 of the License, or # # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # ###########################################################################