1# $Id: INSTALL,v 1.46 2013/10/27 15:24:41 karls Exp $
2
3This file describes how to install Dante.  Dante is a Socks client
4and server firewall implementation.  It can be installed on a machine
5with access to a external TCP/IP network and will allow all other
6machines, without direct access to that network, to be relayed through
7the machine the Dante server is running on.  The external network
8will never see any other machines than the one Dante is running on.
9
10
11INSTALLATION
12
13
14Basic Installation
15==================
16
17   These are generic installation instructions.
18
19   The `configure' shell script attempts to guess correct values for
20various system-dependent variables used during compilation.  It uses
21those values to create a `Makefile' in each directory of the package.
22It may also create one or more `.h' files containing system-dependent
23definitions.  Finally, it creates a shell script `config.status' that
24you can run in the future to recreate the current configuration, a file
25`config.cache' that saves the results of its tests to speed up
26reconfiguring, and a file `config.log' containing compiler output
27(useful mainly for debugging `configure').
28
29   If you need to do unusual things to compile the package, please try
30to figure out how `configure' could check whether to do them, and mail
31diffs or instructions to the address given in the `README' so they can
32be considered for the next release.  If at some point `config.cache'
33contains results you do not want to keep, you may remove or edit it.
34
35   The file `configure.in' is used to create `configure' by a program
36called `autoconf'.  You only need `configure.in' if you want to change
37it or regenerate `configure' using a newer version of `autoconf'.
38
39The simplest way to compile this package is:
40
41  0. If compiling for use with a commercial module, first extract the
42     `INSTALL' file from the module archive and follow the
43     instructions there.
44
45  1. `cd' to the directory containing the package's source code and type
46     `./configure' to configure the package for your system.  If you're
47     using `csh' on an old version of System V, you might need to type
48     `sh ./configure' instead to prevent `csh' from trying to execute
49     `configure' itself.
50
51     Running `configure' takes awhile.  While running, it prints some
52     messages telling which features it is checking for.
53
54  2. Type `make' to compile the package.
55
56  3. Optionally, type `make check' to run any self-tests that come with
57     the package.
58
59  4. Type `make install' to install the programs and any data files and
60     documentation.
61
62  5. Test the server and clients for some days or more.
63
64  6. That's it.  To report success:
65     $ kill -USR1 `cat /var/run/sockd.pid`
66
67     # the above command should produce some server statistics in your
68     # logfile, save it to the file 'stats'.  If you are only using
69     # client, skip the 'stats' file but do the rest please.
70     # If you should have any objections to being mentioned by name
71     # please mention that.
72
73     $ (echo '<Firstname> <Lastname>'; cat stats include/autoconf.h) \
74     | mail dante-qst@inet.no
75
76
77Compilers and Options
78=====================
79
80   Some systems require unusual options for compilation or linking that
81the `configure' script does not know about.  You can give `configure'
82initial values for variables by setting them in the environment.  Using
83a Bourne-compatible shell, you can do that on the command line like
84this:
85     CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
86
87     CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" ./configure
88
89Or on systems that have the `env' program, you can do it like this:
90     env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
91
92Compiling For Multiple Architectures
93====================================
94
95   You can compile the package for more than one kind of computer at the
96same time, by placing the object files for each architecture in their
97own directory.  To do this, you must use a version of `make' that
98supports the `VPATH' variable, such as GNU `make'.  `cd' to the
99directory where you want the object files and executables to go and run
100the `configure' script.  `configure' automatically checks for the
101source code in the directory that `configure' is in and in `..'.
102
103   If you have to use a `make' that does not supports the `VPATH'
104variable, you have to compile the package for one architecture at a time
105in the source code directory.  After you have installed the package for
106one architecture, use `make distclean' before reconfiguring for another
107architecture.
108
109Installation Names
110==================
111
112   By default, `make install' will install the package's files in
113`/usr/local/bin', `/usr/local/man', etc.  You can specify an
114installation prefix other than `/usr/local' by giving `configure' the
115option `--prefix=PATH'.
116
117   You can specify separate installation prefixes for
118architecture-specific files and architecture-independent files.  If you
119give `configure' the option `--exec-prefix=PATH', the package will use
120PATH as the prefix for installing programs and libraries.
121Documentation and other data files will still use the regular prefix.
122
123   In addition, if you use an unusual directory layout you can give
124options like `--bindir=PATH' to specify different values for particular
125kinds of files.  Run `configure --help' for a list of the directories
126you can set and what kinds of files go in them.
127
128   If the package supports it, you can cause programs to be installed
129with an extra prefix or suffix on their names by giving `configure' the
130option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
131
132Optional Features
133=================
134
135   Some packages pay attention to `--enable-FEATURE' options to
136`configure', where FEATURE indicates an optional part of the package.
137They may also pay attention to `--with-PACKAGE' options, where PACKAGE
138is something like `gnu-as' or `x' (for the X Window System).  The
139`README' should mention any `--enable-' and `--with-' options that the
140package recognizes.
141
142Specifying the System Type
143==========================
144
145   There may be some features `configure' can not figure out
146automatically, but needs to determine by the type of host the package
147will run on.  Usually `configure' can figure that out, but if it prints
148a message saying it can not guess the host type, give it the
149`--host=TYPE' option.  TYPE can either be a short name for the system
150type, such as `sun4', or a canonical name with three fields:
151     CPU-COMPANY-SYSTEM
152
153See the file `config.sub' for the possible values of each field.  If
154`config.sub' is not included in this package, then this package does not
155need to know the host type.
156
157   If you are building compiler tools for cross-compiling, you can also
158use the `--target=TYPE' option to select the type of system they will
159produce code for and the `--build=TYPE' option to select the type of
160system on which you are compiling the package.
161
162Sharing Defaults
163================
164
165   If you want to set default values for `configure' scripts to share,
166you can create a site shell script called `config.site' that gives
167default values for variables like `CC', `cache_file', and `prefix'.
168`configure' looks for `PREFIX/share/config.site' if it exists, then
169`PREFIX/etc/config.site' if it exists.  Or, you can set the
170`CONFIG_SITE' environment variable to the location of the site script.
171A warning: not all `configure' scripts look for a site script.
172
173Operation Controls
174==================
175
176   `configure' recognizes the following options to control how it
177operates.
178
179`--cache-file=FILE'
180     Use and save the results of the tests in FILE instead of
181     `./config.cache'.  Set FILE to `/dev/null' to disable caching, for
182     debugging `configure'.
183
184`--help'
185     Print a summary of the options to `configure', and exit.
186
187`--quiet'
188`--silent'
189`-q'
190     Do not print messages saying which checks are being made.  To
191     suppress all normal output, redirect it to `/dev/null' (any error
192     messages will still be shown).
193
194`--srcdir=DIR'
195     Look for the package's source code in directory DIR.  Usually
196     `configure' can determine that directory automatically.
197
198`--version'
199     Print the version of Autoconf used to generate the `configure'
200     script, and exit.
201
202`configure' also accepts some other, not widely useful, options.
203
204Program Specific configure options
205==================================
206
207These `configure' options are also supported (run `configure' with
208`--help' to list all options.
209
210`--enable-debug'
211     Compile with extra debugging information.
212
213`--enable-livedebug'
214     For debugging of problems in production environments; provides
215     information that allows serious errors to be analyzed without
216     aborting the application or having to enable debug log output.
217
218`--enable-warnings'
219     Compiles the package with '-Wall'; shows more compiler warnings.
220
221`--enable-diagnostics'
222     Compiles with diagnostics enabled.
223
224`--enable-profiling'
225     Build the libraries and the server with profiling.
226
227`--enable-coverage'
228     Build with code coverage. Recommended used with --enable-debug and
229     --enable-profiling.
230
231`--enable-linting'
232     Run lint when compiling the source-code.
233
234`--disable-client'
235     Disable SOCKS client compilation (only SOCKS server will be built).
236
237`--disable-server'
238     Disable SOCKS server compilation (only SOCKS client will be built).
239
240`--disable-libwrap'
241     Disable test for libwrap.  Makes no difference if libwrap does
242     not exist on the local system.
243
244`--disable-pidfile'
245     Disable creation by the server of a file with the process id of
246     the main server process.
247
248`--disable-largefile'
249     Disable support for large files.
250
251`--disable-preload'
252     Do not build libdsocks.  The dynamic socks library might not work
253     properly on all architectures.  This option disables building of
254     the library. Also disables it's use in the server.
255
256`--disable-clientdl'
257     Disable building of libdsocks, used by the socksify application.
258
259`--disable-serverdl'
260     Enable the use of the libdsocks functionality in the server. Will
261     allow the use of the hostcache code with libwrap. On by default
262     when libwrap is found and not disabled, off by default otherwise.
263
264`--disable-drt-fallback'
265     The socksify application will generally attempt to connect
266     directly to machines on the same network as the client, rather
267     than going through the socks server, by creating direct routes.
268     This option disables this behavior, but is not recommended for
269     general use.
270
271`--with-socks-conf=FILE'
272     Read the library configuration file from FILE instead of
273     /etc/socks.conf.
274
275`--with-sockd-conf=FILE'
276     Read the server configuration file from FILE instead of
277     /etc/sockd.conf.
278
279`--with-pidfile=FILE'
280     Write the server process id into FILE instead of
281     /var/run/sockd.pid.
282
283`--with-libc=NAME'
284     Manually set the name of libc. Should never be needed, but can be
285     use if configure is unable to correctly find the name.
286
287`--with-bufsize=NUMBER'
288     Override the default SOCKD_BUFSIZE value. This can be done to tune
289     the Dante server. See include/config.h for details.
290
291`--with-iomax=NUMBER'
292     Override the default SOCKD_IOMAX value. This can be done to tune
293     the Dante server, by changing the number of clients that each
294     io process will handle. A high value will reduce the number of
295     processes running on a machine with many clients.
296
297`--with-negmax=NUMBER'
298     Override the default SOCKD_NEGOTIATEMAX value. This can be done
299     to tune the Dante server, by changing the number of clients that
300     each negotiate process will handle. A high value will reduce the
301     number of processes running on a machine with many clients.
302
303`--without-upnp'
304     Always disable support for the UPnP proxy protocol.
305
306`--without-pam'
307     Always compile without Pluggable Authentication Modules (PAM)
308     support in the server.
309
310`--without-gssapi'
311     Always compile without support for the Generic Security Services
312     Application Program Interface (GSSAPI) for authentication between
313     the server and client.
314
315`--with-gssapi-path=PATH'
316     Used to specify the location of GSSAPI files.
317
318`--with-krb5-config=PATH'
319     Can be used to specify the location of the krb5-config
320     application if it exists outside the standard path. The program
321     is only used if GSSAPI support is enabled.
322
323`--without-glibc-secure'
324     Prevents the system from using the libc_enable_secure glibc
325     variable as a replacement for the issetugid() system call, which
326     might be problematic for package creation.
327
328     This option, if used on a platform that lacks issetugid(), will
329     essentially make unavailable the environment variable SOCKS_CONF,
330     which can be used to specify an alternate configuration file for
331     the client. If will however still be possible to use variables
332     such as SOCKS_SERVER, unless the --without-full-env option is
333     also used.
334
335     This option is only needed on Linux/glibc systems.
336
337`--without-full-env'
338     This parameter limits the environment variables that can be used
339     by the client, essentially forcing the system /etc/socks.conf
340     file to be used. The following variables are ignored when this
341     parameter is used:
342
343      SOCKS_AUTOADD_LANROUTES
344      SOCKS_LOGOUTPUT
345      SOCKS_SERVER
346      SOCKS4_SERVER
347      SOCKS5_SERVER
348      TMPDIR
349      HTTP_PROXY
350      UPNP_IGD
351
352     The following variables are always available, even when
353     --without-full-env is used:
354
355      SOCKS_BINDLOCALONLY
356      SOCKS_DEBUG
357      SOCKS_DIRECTROUTE_FALLBACK
358      SOCKS_DISABLE_THREADLOCK
359      SOCKS_PASSWD
360      SOCKS_PASSWORD
361      SOCKS_USER
362      SOCKS_USERNAME
363      SOCKS5_PASSWD
364      SOCKS5_USER
365
366     The following variable is always disabled for setu/gid programs
367     (on platforms that support issetugid()), and always disabled on
368     platforms that lack the issetugid() system call. On Linux, it
369     will still be available, as long as the --without-glibc-secure
370     parameter is not used.
371
372      SOCKS_CONF
373
374
375FURTHER CONFIGURATION
376
377The file include/config.h contains defines you might wish to
378change, but generally this should not be needed.
379
380RUNTIME CONFIGURATION FILES
381
382No configuration-files are installed, these must be installed
383manually.
384The Dante server expects it's configuration file to be in /etc/sockd.conf.
385The client library uses the file /etc/socks.conf.
386
387The file bin/socksify.sh contains a shell script that allows one
388to dynamically socksify a dynamically linked application at runtime.
389The program can be installed as /usr/local/bin/socksify on platforms
390where it works, but is not installed by default.
391
392REPORTING PROBLEMS
393
394Please report any bugs, problems or enhancements to dante-bugs@inet.no
395
396The WWW home page for Dante is located at: http://www.inet.no/dante/
397
398Copyright (c) 1998, 1999, 2000, 2009, 2011, 2012, 2013
399 Inferno Nettverk A/S, Norway.
400