1# $Id: INSTALL,v 1.46 2013/10/27 15:24:41 karls Exp $ 2 3This file describes how to install Dante. Dante is a Socks client 4and server firewall implementation. It can be installed on a machine 5with access to a external TCP/IP network and will allow all other 6machines, without direct access to that network, to be relayed through 7the machine the Dante server is running on. The external network 8will never see any other machines than the one Dante is running on. 9 10 11INSTALLATION 12 13 14Basic Installation 15================== 16 17 These are generic installation instructions. 18 19 The `configure' shell script attempts to guess correct values for 20various system-dependent variables used during compilation. It uses 21those values to create a `Makefile' in each directory of the package. 22It may also create one or more `.h' files containing system-dependent 23definitions. Finally, it creates a shell script `config.status' that 24you can run in the future to recreate the current configuration, a file 25`config.cache' that saves the results of its tests to speed up 26reconfiguring, and a file `config.log' containing compiler output 27(useful mainly for debugging `configure'). 28 29 If you need to do unusual things to compile the package, please try 30to figure out how `configure' could check whether to do them, and mail 31diffs or instructions to the address given in the `README' so they can 32be considered for the next release. If at some point `config.cache' 33contains results you do not want to keep, you may remove or edit it. 34 35 The file `configure.in' is used to create `configure' by a program 36called `autoconf'. You only need `configure.in' if you want to change 37it or regenerate `configure' using a newer version of `autoconf'. 38 39The simplest way to compile this package is: 40 41 0. If compiling for use with a commercial module, first extract the 42 `INSTALL' file from the module archive and follow the 43 instructions there. 44 45 1. `cd' to the directory containing the package's source code and type 46 `./configure' to configure the package for your system. If you're 47 using `csh' on an old version of System V, you might need to type 48 `sh ./configure' instead to prevent `csh' from trying to execute 49 `configure' itself. 50 51 Running `configure' takes awhile. While running, it prints some 52 messages telling which features it is checking for. 53 54 2. Type `make' to compile the package. 55 56 3. Optionally, type `make check' to run any self-tests that come with 57 the package. 58 59 4. Type `make install' to install the programs and any data files and 60 documentation. 61 62 5. Test the server and clients for some days or more. 63 64 6. That's it. To report success: 65 $ kill -USR1 `cat /var/run/sockd.pid` 66 67 # the above command should produce some server statistics in your 68 # logfile, save it to the file 'stats'. If you are only using 69 # client, skip the 'stats' file but do the rest please. 70 # If you should have any objections to being mentioned by name 71 # please mention that. 72 73 $ (echo '<Firstname> <Lastname>'; cat stats include/autoconf.h) \ 74 | mail dante-qst@inet.no 75 76 77Compilers and Options 78===================== 79 80 Some systems require unusual options for compilation or linking that 81the `configure' script does not know about. You can give `configure' 82initial values for variables by setting them in the environment. Using 83a Bourne-compatible shell, you can do that on the command line like 84this: 85 CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure 86 87 CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" ./configure 88 89Or on systems that have the `env' program, you can do it like this: 90 env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure 91 92Compiling For Multiple Architectures 93==================================== 94 95 You can compile the package for more than one kind of computer at the 96same time, by placing the object files for each architecture in their 97own directory. To do this, you must use a version of `make' that 98supports the `VPATH' variable, such as GNU `make'. `cd' to the 99directory where you want the object files and executables to go and run 100the `configure' script. `configure' automatically checks for the 101source code in the directory that `configure' is in and in `..'. 102 103 If you have to use a `make' that does not supports the `VPATH' 104variable, you have to compile the package for one architecture at a time 105in the source code directory. After you have installed the package for 106one architecture, use `make distclean' before reconfiguring for another 107architecture. 108 109Installation Names 110================== 111 112 By default, `make install' will install the package's files in 113`/usr/local/bin', `/usr/local/man', etc. You can specify an 114installation prefix other than `/usr/local' by giving `configure' the 115option `--prefix=PATH'. 116 117 You can specify separate installation prefixes for 118architecture-specific files and architecture-independent files. If you 119give `configure' the option `--exec-prefix=PATH', the package will use 120PATH as the prefix for installing programs and libraries. 121Documentation and other data files will still use the regular prefix. 122 123 In addition, if you use an unusual directory layout you can give 124options like `--bindir=PATH' to specify different values for particular 125kinds of files. Run `configure --help' for a list of the directories 126you can set and what kinds of files go in them. 127 128 If the package supports it, you can cause programs to be installed 129with an extra prefix or suffix on their names by giving `configure' the 130option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. 131 132Optional Features 133================= 134 135 Some packages pay attention to `--enable-FEATURE' options to 136`configure', where FEATURE indicates an optional part of the package. 137They may also pay attention to `--with-PACKAGE' options, where PACKAGE 138is something like `gnu-as' or `x' (for the X Window System). The 139`README' should mention any `--enable-' and `--with-' options that the 140package recognizes. 141 142Specifying the System Type 143========================== 144 145 There may be some features `configure' can not figure out 146automatically, but needs to determine by the type of host the package 147will run on. Usually `configure' can figure that out, but if it prints 148a message saying it can not guess the host type, give it the 149`--host=TYPE' option. TYPE can either be a short name for the system 150type, such as `sun4', or a canonical name with three fields: 151 CPU-COMPANY-SYSTEM 152 153See the file `config.sub' for the possible values of each field. If 154`config.sub' is not included in this package, then this package does not 155need to know the host type. 156 157 If you are building compiler tools for cross-compiling, you can also 158use the `--target=TYPE' option to select the type of system they will 159produce code for and the `--build=TYPE' option to select the type of 160system on which you are compiling the package. 161 162Sharing Defaults 163================ 164 165 If you want to set default values for `configure' scripts to share, 166you can create a site shell script called `config.site' that gives 167default values for variables like `CC', `cache_file', and `prefix'. 168`configure' looks for `PREFIX/share/config.site' if it exists, then 169`PREFIX/etc/config.site' if it exists. Or, you can set the 170`CONFIG_SITE' environment variable to the location of the site script. 171A warning: not all `configure' scripts look for a site script. 172 173Operation Controls 174================== 175 176 `configure' recognizes the following options to control how it 177operates. 178 179`--cache-file=FILE' 180 Use and save the results of the tests in FILE instead of 181 `./config.cache'. Set FILE to `/dev/null' to disable caching, for 182 debugging `configure'. 183 184`--help' 185 Print a summary of the options to `configure', and exit. 186 187`--quiet' 188`--silent' 189`-q' 190 Do not print messages saying which checks are being made. To 191 suppress all normal output, redirect it to `/dev/null' (any error 192 messages will still be shown). 193 194`--srcdir=DIR' 195 Look for the package's source code in directory DIR. Usually 196 `configure' can determine that directory automatically. 197 198`--version' 199 Print the version of Autoconf used to generate the `configure' 200 script, and exit. 201 202`configure' also accepts some other, not widely useful, options. 203 204Program Specific configure options 205================================== 206 207These `configure' options are also supported (run `configure' with 208`--help' to list all options. 209 210`--enable-debug' 211 Compile with extra debugging information. 212 213`--enable-livedebug' 214 For debugging of problems in production environments; provides 215 information that allows serious errors to be analyzed without 216 aborting the application or having to enable debug log output. 217 218`--enable-warnings' 219 Compiles the package with '-Wall'; shows more compiler warnings. 220 221`--enable-diagnostics' 222 Compiles with diagnostics enabled. 223 224`--enable-profiling' 225 Build the libraries and the server with profiling. 226 227`--enable-coverage' 228 Build with code coverage. Recommended used with --enable-debug and 229 --enable-profiling. 230 231`--enable-linting' 232 Run lint when compiling the source-code. 233 234`--disable-client' 235 Disable SOCKS client compilation (only SOCKS server will be built). 236 237`--disable-server' 238 Disable SOCKS server compilation (only SOCKS client will be built). 239 240`--disable-libwrap' 241 Disable test for libwrap. Makes no difference if libwrap does 242 not exist on the local system. 243 244`--disable-pidfile' 245 Disable creation by the server of a file with the process id of 246 the main server process. 247 248`--disable-largefile' 249 Disable support for large files. 250 251`--disable-preload' 252 Do not build libdsocks. The dynamic socks library might not work 253 properly on all architectures. This option disables building of 254 the library. Also disables it's use in the server. 255 256`--disable-clientdl' 257 Disable building of libdsocks, used by the socksify application. 258 259`--disable-serverdl' 260 Enable the use of the libdsocks functionality in the server. Will 261 allow the use of the hostcache code with libwrap. On by default 262 when libwrap is found and not disabled, off by default otherwise. 263 264`--disable-drt-fallback' 265 The socksify application will generally attempt to connect 266 directly to machines on the same network as the client, rather 267 than going through the socks server, by creating direct routes. 268 This option disables this behavior, but is not recommended for 269 general use. 270 271`--with-socks-conf=FILE' 272 Read the library configuration file from FILE instead of 273 /etc/socks.conf. 274 275`--with-sockd-conf=FILE' 276 Read the server configuration file from FILE instead of 277 /etc/sockd.conf. 278 279`--with-pidfile=FILE' 280 Write the server process id into FILE instead of 281 /var/run/sockd.pid. 282 283`--with-libc=NAME' 284 Manually set the name of libc. Should never be needed, but can be 285 use if configure is unable to correctly find the name. 286 287`--with-bufsize=NUMBER' 288 Override the default SOCKD_BUFSIZE value. This can be done to tune 289 the Dante server. See include/config.h for details. 290 291`--with-iomax=NUMBER' 292 Override the default SOCKD_IOMAX value. This can be done to tune 293 the Dante server, by changing the number of clients that each 294 io process will handle. A high value will reduce the number of 295 processes running on a machine with many clients. 296 297`--with-negmax=NUMBER' 298 Override the default SOCKD_NEGOTIATEMAX value. This can be done 299 to tune the Dante server, by changing the number of clients that 300 each negotiate process will handle. A high value will reduce the 301 number of processes running on a machine with many clients. 302 303`--without-upnp' 304 Always disable support for the UPnP proxy protocol. 305 306`--without-pam' 307 Always compile without Pluggable Authentication Modules (PAM) 308 support in the server. 309 310`--without-gssapi' 311 Always compile without support for the Generic Security Services 312 Application Program Interface (GSSAPI) for authentication between 313 the server and client. 314 315`--with-gssapi-path=PATH' 316 Used to specify the location of GSSAPI files. 317 318`--with-krb5-config=PATH' 319 Can be used to specify the location of the krb5-config 320 application if it exists outside the standard path. The program 321 is only used if GSSAPI support is enabled. 322 323`--without-glibc-secure' 324 Prevents the system from using the libc_enable_secure glibc 325 variable as a replacement for the issetugid() system call, which 326 might be problematic for package creation. 327 328 This option, if used on a platform that lacks issetugid(), will 329 essentially make unavailable the environment variable SOCKS_CONF, 330 which can be used to specify an alternate configuration file for 331 the client. If will however still be possible to use variables 332 such as SOCKS_SERVER, unless the --without-full-env option is 333 also used. 334 335 This option is only needed on Linux/glibc systems. 336 337`--without-full-env' 338 This parameter limits the environment variables that can be used 339 by the client, essentially forcing the system /etc/socks.conf 340 file to be used. The following variables are ignored when this 341 parameter is used: 342 343 SOCKS_AUTOADD_LANROUTES 344 SOCKS_LOGOUTPUT 345 SOCKS_SERVER 346 SOCKS4_SERVER 347 SOCKS5_SERVER 348 TMPDIR 349 HTTP_PROXY 350 UPNP_IGD 351 352 The following variables are always available, even when 353 --without-full-env is used: 354 355 SOCKS_BINDLOCALONLY 356 SOCKS_DEBUG 357 SOCKS_DIRECTROUTE_FALLBACK 358 SOCKS_DISABLE_THREADLOCK 359 SOCKS_PASSWD 360 SOCKS_PASSWORD 361 SOCKS_USER 362 SOCKS_USERNAME 363 SOCKS5_PASSWD 364 SOCKS5_USER 365 366 The following variable is always disabled for setu/gid programs 367 (on platforms that support issetugid()), and always disabled on 368 platforms that lack the issetugid() system call. On Linux, it 369 will still be available, as long as the --without-glibc-secure 370 parameter is not used. 371 372 SOCKS_CONF 373 374 375FURTHER CONFIGURATION 376 377The file include/config.h contains defines you might wish to 378change, but generally this should not be needed. 379 380RUNTIME CONFIGURATION FILES 381 382No configuration-files are installed, these must be installed 383manually. 384The Dante server expects it's configuration file to be in /etc/sockd.conf. 385The client library uses the file /etc/socks.conf. 386 387The file bin/socksify.sh contains a shell script that allows one 388to dynamically socksify a dynamically linked application at runtime. 389The program can be installed as /usr/local/bin/socksify on platforms 390where it works, but is not installed by default. 391 392REPORTING PROBLEMS 393 394Please report any bugs, problems or enhancements to dante-bugs@inet.no 395 396The WWW home page for Dante is located at: http://www.inet.no/dante/ 397 398Copyright (c) 1998, 1999, 2000, 2009, 2011, 2012, 2013 399 Inferno Nettverk A/S, Norway. 400