configure.ac revision 1.1.1.9
1dnl -*- mode: m4 -*- 2dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp 3 4AC_PREREQ(2.52) 5AC_INIT(ipsec-tools, CVS) 6AC_CONFIG_SRCDIR([configure.ac]) 7AM_CONFIG_HEADER(config.h) 8 9AM_INIT_AUTOMAKE(dist-bzip2) 10 11AC_ENABLE_SHARED(no) 12 13AC_PROG_CC 14AM_PROG_CC_STDC 15AC_HEADER_STDC 16AC_PROG_LIBTOOL 17AC_PROG_YACC 18AM_PROG_LEX 19AC_SUBST(LEXLIB) 20AC_PROG_EGREP 21 22CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" 23 24case $host in 25*netbsd*) 26 LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" 27 ;; 28*linux*) 29 LIBS="$LIBS -lresolv" 30 INSTALL_OPTS="-o bin -g bin" 31 INCLUDE_GLIBC="include-glibc" 32 RPM="rpm" 33 AC_SUBST(INSTALL_OPTS) 34 AC_SUBST(INCLUDE_GLIBC) 35 AC_SUBST(RPM) 36 ;; 37*darwin*) 38 LIBS="$LIBS -lresolv" 39 ;; 40esac 41 42# Look up some IPsec-related headers 43AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) 44AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) 45AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) 46 47# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h> 48if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then 49 have_netinet_ipsec=yes 50 AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use <netinet6/ipsec.h>]) 51fi 52 53case "$host_os" in 54 *linux*) 55 AC_ARG_WITH(kernel-headers, 56 AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include], 57 [where your Linux Kernel headers are installed]), 58 [ KERNEL_INCLUDE="$with_kernel_headers" 59 CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" 60 AC_SUBST(CONFIGURE_AMFLAGS) ], 61 [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) 62 63 AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , 64 [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, 65 KERNEL_INCLUDE=/usr/src/linux/include , 66 [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) 67 AC_SUBST(KERNEL_INCLUDE) 68 # We need the configure script to run with correct kernel headers. 69 # However we don't want to point to kernel source tree in compile time, 70 # i.e. this will be removed from CPPFLAGS at the end of configure. 71 CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" 72 73 AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 74 [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], 75 [Are PF_KEY policy priorities supported?])], [], 76 [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) 77 78 GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' 79 GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" 80 CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" 81 CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS" 82 AC_SUBST(GLIBC_BUGS) 83 ;; 84 *) 85 if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then 86 if test "$have_net_pfkey" = yes; then 87 AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) 88 else 89 AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) 90 fi 91 fi 92 ;; 93esac 94 95### Some basic toolchain checks 96 97# Checks for header files. 98AC_HEADER_STDC 99AC_HEADER_SYS_WAIT 100AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) 101AC_CHECK_HEADERS(shadow.h) 102 103# Checks for typedefs, structures, and compiler characteristics. 104AC_C_CONST 105AC_TYPE_PID_T 106AC_TYPE_SIZE_T 107AC_HEADER_TIME 108AC_STRUCT_TM 109 110# Checks for library functions. 111AC_FUNC_MEMCMP 112AC_TYPE_SIGNAL 113AC_FUNC_VPRINTF 114AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat) 115AC_REPLACE_FUNCS(strdup) 116RACOON_CHECK_VA_COPY 117 118# Check if printf accepts "%z" type modifier for size_t argument 119AC_MSG_CHECKING(if printf accepts %z) 120saved_CFLAGS=$CFLAGS 121CFLAGS="$CFLAGS -Wall -Werror" 122AC_TRY_COMPILE([ 123#include <stdio.h> 124], [ 125printf("%zu\n", (size_t)-1); 126], 127 [AC_MSG_RESULT(yes)], 128 [AC_MSG_RESULT(no); 129 CFLAGS_ADD="$CFLAGS_ADD -Wno-format"; 130 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.]) 131 ]) 132CFLAGS=$saved_CFLAGS 133 134# Can we use __func__ macro? 135AC_MSG_CHECKING(if __func__ is available) 136AC_TRY_COMPILE( 137[#include <stdio.h> 138], [char *x = __func__;], 139 [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) 140 AC_MSG_RESULT(yes)], 141 [AC_MSG_RESULT(no)]) 142 143# Check if readline support is requested 144AC_MSG_CHECKING(if readline support is requested) 145AC_ARG_WITH(readline, 146 [ --with-readline support readline input (yes by default)], 147 [with_readline="$withval"], [with_readline="yes"]) 148AC_MSG_RESULT($with_readline) 149 150# Is readline available? 151if test $with_readline != "no"; then 152 AC_CHECK_HEADER([readline/readline.h], 153 [AC_CHECK_LIB(readline, readline, [ 154 AC_DEFINE(HAVE_READLINE, [], 155 [Is readline available?]) 156 LIBS="$LIBS -lreadline" 157 ], [])], []) 158fi 159 160 161AC_MSG_CHECKING(if --with-flex option is specified) 162AC_ARG_WITH(flexdir, 163 [AC_HELP_STRING([--with-flex], [use directiory (default: no)])], 164 [flexdir="$withval"]) 165AC_MSG_RESULT(${flexdir-dirdefault}) 166 167if test "x$flexdir" != "x"; then 168 LIBS="$LIBS $flexdir/libfl.a" 169fi 170 171AC_MSG_CHECKING(if --with-flexlib option is specified) 172AC_ARG_WITH(flexlib, 173 [ --with-flexlib=<LIB> specify flex library.], 174 [flexlib="$withval"]) 175AC_MSG_RESULT(${flexlib-default}) 176 177if test "x$flexlib" != "x"; then 178 LIBS="$LIBS $flexlib" 179fi 180 181# Check if a different OpenSSL directory was specified 182AC_MSG_CHECKING(if --with-openssl option is specified) 183AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], 184 [crypto_dir=$withval]) 185AC_MSG_RESULT(${crypto_dir-default}) 186 187if test "x$crypto_dir" != "x"; then 188 LIBS="$LIBS -L${crypto_dir}/lib" 189 CPPFLAGS="-I${crypto_dir}/include $CPPLAGS" 190fi 191AC_MSG_CHECKING(openssl version) 192 193AC_TRY_COMPILE( 194[#include <openssl/opensslv.h> 195], 196[#if OPENSSL_VERSION_NUMBER < 0x0090602fL 197#error OpenSSL version is too old ... 198#endif], 199[AC_MSG_RESULT([ok])], 200[AC_MSG_RESULT(too old) 201AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.]) 202]) 203 204AC_CHECK_HEADERS(openssl/engine.h) 205 206# checking rijndael 207AC_CHECK_HEADERS([openssl/aes.h], [], 208 [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) 209 210# checking sha2 211AC_MSG_CHECKING(sha2 support) 212AC_DEFINE([WITH_SHA2], [], [SHA2 support]) 213AC_MSG_RESULT(yes) 214AC_CHECK_HEADER(openssl/sha2.h, [], [ 215 AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h) 216 AC_TRY_COMPILE([ 217 #ifdef HAVE_SYS_TYPES_H 218 #include <sys/types.h> 219 #endif 220 #include <openssl/sha.h> 221 ], [ 222 SHA256_CTX ctx; 223 ], [ 224 AC_MSG_RESULT(yes) 225 AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h]) 226 ], [AC_MSG_RESULT(no) 227 AC_LIBOBJ([sha2]) 228 CRYPTOBJS="$CRYPTOBJS sha2.o" 229 ]) 230 231 CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing" 232]) 233AC_SUBST(CRYPTOBJS) 234 235# Option --enable-adminport 236AC_MSG_CHECKING(if --enable-adminport option is specified) 237AC_ARG_ENABLE(adminport, 238 [ --enable-adminport enable admin port], 239 [], [enable_adminport=no]) 240if test $enable_adminport = "yes"; then 241 AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) 242fi 243AC_MSG_RESULT($enable_adminport) 244 245# Option RC5 246AC_MSG_CHECKING(if --enable-rc5 option is specified) 247AC_ARG_ENABLE(rc5, 248 [ --enable-rc5 enable RC5 encryption (patented)], 249 [], [enable_rc5=no]) 250AC_MSG_RESULT($enable_rc5) 251 252if test $enable_rc5 = "yes"; then 253 AC_CHECK_HEADERS([openssl/rc5.h]) 254 AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt], 255 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"]) 256fi 257 258# Option IDEA 259AC_MSG_CHECKING(if --enable-idea option is specified) 260AC_ARG_ENABLE(idea, 261 [ --enable-idea enable IDEA encryption (patented)], 262 [], [enable_idea=no]) 263AC_MSG_RESULT($enable_idea) 264 265if test $enable_idea = "yes"; then 266 AC_CHECK_HEADERS([openssl/idea.h]) 267 AC_CHECK_LIB([crypto_idea], [idea_encrypt], 268 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"]) 269fi 270AC_SUBST(EXTRA_CRYPTO) 271 272# For dynamic libradius 273RACOON_PATH_LIBS([MD5_Init], [crypto]) 274 275# Check if we need -lutil for login(3) 276RACOON_PATH_LIBS([login], [util]) 277 278# Specify libiconv prefix 279AC_MSG_CHECKING(if --with-libiconv option is specified) 280AC_ARG_WITH(libiconv, 281 [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)], 282 [libiconv_dir=$withval], 283 [libiconv_dir=no]) 284AC_MSG_RESULT($libiconv_dir) 285if test "$libiconv_dir" != "no"; then 286 if test "$libiconv_dir" = "yes" ; then 287 libiconv_dir=""; 288 fi; 289 if test "x$libiconv_dir" = "x"; then 290 RACOON_PATH_LIBS([iconv_open], [iconv]) 291 else 292 if test -d "$libiconv_dir/lib" -a \ 293 -d "$libiconv_dir/include" ; then 294 RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"]) 295 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include" 296 else 297 AC_MSG_ERROR([ICONV libs or includes not found. Aborting.]) 298 fi 299 fi 300 LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv" 301 AC_CHECK_FUNCS(iconv_open) 302fi 303 304AC_MSG_CHECKING([if --enable-hybrid option is specified]) 305AC_ARG_ENABLE(hybrid, 306 [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], 307 [], [enable_hybrid=no]) 308AC_MSG_RESULT($enable_hybrid) 309 310if test "x$enable_hybrid" = "xyes"; then 311 case $host in 312 *darwin*) 313 ;; 314 *) 315 LIBS="$LIBS -lcrypt"; 316 ;; 317 esac 318 HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" 319 AC_SUBST(HYBRID_OBJS) 320 AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) 321fi 322 323AC_MSG_CHECKING([if --enable-frag option is specified]) 324AC_ARG_ENABLE(frag, 325 [ --enable-frag enable IKE fragmentation payload support], 326 [], [enable_frag=no]) 327AC_MSG_RESULT($enable_frag) 328 329if test "x$enable_frag" = "xyes"; then 330 case $host in 331 *darwin*) 332 ;; 333 *) 334 LIBS="$LIBS -lcrypt"; 335 ;; 336 esac 337 FRAG_OBJS="isakmp_frag.o" 338 AC_SUBST(FRAG_OBJS) 339 AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) 340fi 341 342AC_MSG_CHECKING(if --with-libradius option is specified) 343AC_ARG_WITH(libradius, 344 [ --with-libradius=DIR specify libradius path (like/usr/pkg)], 345 [libradius_dir=$withval], 346 [libradius_dir=no]) 347AC_MSG_RESULT($libradius_dir) 348if test "$libradius_dir" != "no"; then 349 if test "$libradius_dir" = "yes" ; then 350 libradius_dir=""; 351 fi; 352 if test "x$libradius_dir" = "x"; then 353 RACOON_PATH_LIBS([rad_create_request], [radius]) 354 else 355 if test -d "$libradius_dir/lib" -a \ 356 -d "$libradius_dir/include" ; then 357 RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) 358 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" 359 else 360 AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) 361 fi 362 fi 363 AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) 364 LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" 365 AC_CHECK_FUNCS(rad_create_request) 366fi 367 368AC_MSG_CHECKING(if --with-libpam option is specified) 369AC_ARG_WITH(libpam, 370 [ --with-libpam=DIR specify libpam path (like/usr/pkg)], 371 [libpam_dir=$withval], 372 [libpam_dir=no]) 373AC_MSG_RESULT($libpam_dir) 374if test "$libpam_dir" != "no"; then 375 if test "$libpam_dir" = "yes" ; then 376 libpam_dir=""; 377 fi; 378 if test "x$libpam_dir" = "x"; then 379 RACOON_PATH_LIBS([pam_start], [pam]) 380 else 381 if test -d "$libpam_dir/lib" -a \ 382 -d "$libpam_dir/include" ; then 383 RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"]) 384 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include" 385 else 386 AC_MSG_ERROR([PAM libs or includes not found. Aborting.]) 387 fi 388 fi 389 AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM]) 390 LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam" 391 AC_CHECK_FUNCS(pam_start) 392fi 393 394AC_MSG_CHECKING(if --with-libldap option is specified) 395AC_ARG_WITH(libldap, 396 [ --with-libldap=DIR specify libldap path (like/usr/pkg)], 397 [libldap_dir=$withval], 398 [libldap_dir=no]) 399AC_MSG_RESULT($libldap_dir) 400if test "$libldap_dir" != "no"; then 401 if test "$libldap_dir" = "yes" ; then 402 libldap_dir=""; 403 fi; 404 if test "x$libldap_dir" = "x"; then 405 RACOON_PATH_LIBS([ldap_init], [ldap]) 406 else 407 if test -d "$libldap_dir/lib" -a \ 408 -d "$libldap_dir/include" ; then 409 RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"]) 410 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include" 411 else 412 AC_MSG_ERROR([LDAP libs or includes not found. Aborting.]) 413 fi 414 fi 415 AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP]) 416 LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap" 417 418 saved_CFLAGS=$CFLAGS 419 CFLAGS="$CFLAGS -Wall -Werror" 420 saved_CPPFLAGS=$CPPFLAGS 421 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 422 AC_TRY_COMPILE( 423 [#include <ldap.h>], 424 [ 425 #if LDAP_API_VERSION < 2004 426 #error OpenLDAP version is too old ... 427 #endif 428 ], 429 [AC_MSG_RESULT([ok])], 430 [ 431 AC_MSG_RESULT(too old) 432 AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.]) 433 ]) 434 CFLAGS=$saved_CFLAGS 435 CPPFLAGS=$saved_CPPFLAGS 436fi 437 438# Check for Kerberos5 support 439# XXX This must come after all --with-* tests, else the 440# -liconv checks will not work 441AC_MSG_CHECKING(if --enable-gssapi option is specified) 442AC_ARG_ENABLE(gssapi, 443 [ --enable-gssapi enable GSS-API authentication], 444 [], [enable_gssapi=no]) 445AC_MSG_RESULT($enable_gssapi) 446AC_PATH_PROG(KRB5_CONFIG,krb5-config,no) 447if test "x$enable_gssapi" = "xyes"; then 448 if test "$KRB5_CONFIG" != "no"; then 449 krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" 450 krb5_libs="`$KRB5_CONFIG --libs gssapi`" 451 else 452 # No krb5-config; let's make some assumptions based on 453 # the OS. 454 case $host_os in 455 netbsd*) 456 krb5_incdir="-I/usr/include/krb5" 457 krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1" 458 ;; 459 *) 460 AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) 461 ;; 462 esac 463 fi 464 LIBS="$LIBS $krb5_libs" 465 CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" 466 AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) 467 468 # Check if iconv 2nd argument needs const 469 saved_CFLAGS=$CFLAGS 470 CFLAGS="$CFLAGS -Wall -Werror" 471 saved_CPPFLAGS=$CPPFLAGS 472 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 473 AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])]) 474 AC_MSG_CHECKING([if iconv second argument needs const]) 475 AC_TRY_COMPILE([ 476 #include <iconv.h> 477 #include <stdio.h> 478 ], [ 479 iconv_t cd = NULL; 480 const char **src = NULL; 481 size_t *srcleft = NULL; 482 char **dst = NULL; 483 size_t *dstleft = NULL; 484 485 (void)iconv(cd, src, srcleft, dst, dstleft); 486 ], [AC_MSG_RESULT(yes) 487 AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const]) 488 ], [AC_MSG_RESULT(no)]) 489 CFLAGS=$saved_CFLAGS 490 CPPFLAGS=$saved_CPPFLAGS 491 492 # libiconv is often integrated into libc. If a with-* option 493 # caused a non libc-based iconv.h to be catched instead of 494 # the libc-based iconv.h, then we need to link with -liconv 495 AC_MSG_CHECKING(if -liconv is required) 496 saved_CPPFLAGS=$CPPFLAGS 497 saved_LIBS=$LIBS 498 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 499 AC_TRY_LINK([ 500 #include <iconv.h> 501 ], [ 502 (void)iconv_open("ascii", "ascii"); 503 ], 504 [AC_MSG_RESULT(no)], 505 [ 506 LIBS="$LIBS -liconv" 507 AC_TRY_LINK([ 508 #include <iconv.h> 509 ], [ 510 (void)iconv_open("ascii", "ascii"); 511 ], 512 [ 513 AC_MSG_RESULT(yes) 514 saved_LIBS=$LIBS 515 ], [ 516 AC_MSG_ERROR([cannot use iconv]) 517 ]) 518 ]) 519 CPPFLAGS=$saved_CPPFLAGS 520 LIBS=$saved_LIBS 521fi 522 523AC_MSG_CHECKING(if --enable-stats option is specified) 524AC_ARG_ENABLE(stats, 525 [ --enable-stats enable statistics logging function], 526 [], [enable_stats=no]) 527if test "x$enable_stats" = "xyes"; then 528 AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) 529fi 530AC_MSG_RESULT($enable_stats) 531 532AC_MSG_CHECKING(if --enable-dpd option is specified) 533AC_ARG_ENABLE(dpd, 534 [ --enable-dpd enable dead peer detection], 535 [], [enable_dpd=no]) 536if test "x$enable_dpd" = "xyes"; then 537 AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) 538fi 539AC_MSG_RESULT($enable_dpd) 540 541AC_MSG_CHECKING(if --enable-fastquit option is specified) 542AC_ARG_ENABLE(fastquit, 543 [ --enable-fastquit enable new faster code to flush SAs when stopping racoon], 544 [], [enable_fastquit=no]) 545if test "x$enable_fastquit" = "xyes"; then 546 AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code]) 547fi 548AC_MSG_RESULT($enable_fastquit) 549 550 551AC_MSG_CHECKING(if --enable-samode-unspec option is specified) 552AC_ARG_ENABLE(samode-unspec, 553 [ --enable-samode-unspec enable to use unspecified a mode of SA], 554 [], [enable_samode_unspec=no]) 555if test "x$enable_samode_unspec" = "xyes"; then 556 case $host_os in 557 *linux*) 558 cat << EOC 559 560ERROR: --enable-samode-unspec is not supported under linux 561because linux kernel do not support it. This option is disabled 562to prevent mysterious problems. 563 564If you REALLY know what your are doing, remove this check. 565EOC 566 exit 1; 567 ;; 568 esac 569 AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) 570fi 571AC_MSG_RESULT($enable_samode_unspec) 572 573# Checks if IPv6 is requested 574AC_MSG_CHECKING([whether to enable ipv6]) 575AC_ARG_ENABLE(ipv6, 576[ --disable-ipv6 disable ipv6 support], 577[ case "$enableval" in 578 no) 579 AC_MSG_RESULT(no) 580 ipv6=no 581 ;; 582 *) AC_MSG_RESULT(yes) 583 ipv6=yes 584 ;; 585 esac ], 586 587 AC_TRY_RUN([ /* AF_INET6 avalable check */ 588#include <sys/types.h> 589#include <sys/socket.h> 590main() 591{ 592 exit(0); 593 if (socket(AF_INET6, SOCK_STREAM, 0) < 0) 594 exit(1); 595 else 596 exit(0); 597} 598], 599 AC_MSG_RESULT(yes) 600 AC_DEFINE([INET6], [], [Support IPv6]) 601 ipv6=yes, 602 AC_MSG_RESULT(no) 603 ipv6=no, 604 AC_MSG_RESULT(no) 605 ipv6=no 606)) 607 608if test "$ipv6" = "yes"; then 609 AC_DEFINE([INET6], [], [Support IPv6]) 610 AC_MSG_CHECKING(for advanced API support) 611 AC_TRY_COMPILE([#ifndef INET6 612#define INET6 613#endif 614#include <sys/types.h> 615#include <netinet/in.h>], 616 [struct in6_pktinfo a;], 617 [AC_MSG_RESULT(yes) 618 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], 619 [AC_MSG_RESULT(no)]) 620fi 621 622RACOON_CHECK_BUGGY_GETADDRINFO 623if test "$buggygetaddrinfo" = "yes"; then 624 AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) 625fi 626 627# Check if kernel support is available for NAT-T, defaults to no. 628kernel_natt="no" 629 630AC_MSG_CHECKING(kernel NAT-Traversal support) 631case $host_os in 632linux*) 633# Linux kernel NAT-T check 634AC_EGREP_CPP(yes, 635[#include <linux/pfkeyv2.h> 636#ifdef SADB_X_EXT_NAT_T_TYPE 637yes 638#endif 639], [kernel_natt="yes"]) 640 ;; 641freebsd*|netbsd*) 642# NetBSD case 643# Same check for FreeBSD 644AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, 645 [kernel_natt="yes"],, [ 646#define _KERNEL 647#include <sys/types.h> 648#include <net/pfkeyv2.h> 649]) 650 ;; 651esac 652AC_MSG_RESULT($kernel_natt) 653 654AC_MSG_CHECKING(whether to support NAT-T) 655AC_ARG_ENABLE(natt, 656 [ --enable-natt enable NAT-Traversal (yes/no/kernel)], 657 [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ], 658 [ enable_natt=no ]) 659AC_MSG_RESULT($enable_natt) 660 661if test "$enable_natt" = "yes"; then 662 if test "$kernel_natt" = "no" ; then 663 AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) 664 else 665 AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) 666 NATT_OBJS="nattraversal.o" 667 AC_SUBST(NATT_OBJS) 668 fi 669fi 670 671# Set up defines for supported NAT-T versions. 672natt_versions_default="00,02,rfc" 673AC_MSG_CHECKING(which NAT-T versions to support) 674AC_ARG_ENABLE(natt_versions, 675 [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], 676 [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], 677 [ enable_natt_versions=$natt_versions_default ]) 678if test "$enable_natt" = "yes"; then 679 AC_MSG_RESULT($enable_natt_versions) 680 for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do 681 case $i in 682 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; 683 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; 684 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; 685 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; 686 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; 687 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; 688 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; 689 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; 690 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; 691 RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; 692 *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; 693 esac 694 done 695 unset i 696else 697 AC_MSG_RESULT([none]) 698fi 699 700AC_MSG_CHECKING(if --enable-broken-natt option is specified) 701AC_ARG_ENABLE(broken-natt, 702 [ --enable-broken-natt broken in-kernel NAT-T], 703 [], [enable_broken_natt=no]) 704if test "x$enable_broken_natt" = "xyes"; then 705 AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken]) 706fi 707AC_MSG_RESULT($enable_broken_natt) 708 709AC_MSG_CHECKING(whether we support FWD policy) 710case $host in 711 *linux*) 712 AC_TRY_COMPILE([ 713 #include <inttypes.h> 714 #include <linux/ipsec.h> 715 ], [ 716 int fwd = IPSEC_DIR_FWD; 717 ], 718 [AC_MSG_RESULT(yes) 719 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], 720 [AC_MSG_RESULT(no)]) 721 ;; 722 *) 723 AC_MSG_RESULT(no) 724 ;; 725esac 726 727AC_CHECK_TYPE([ipsec_policy_t], 728 [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])], 729 [], 730 [ 731 #include <sys/types.h> 732 #include <netinet6/ipsec.h> 733 ]) 734 735# Check if kernel support is available for Security Context, defaults to no. 736kernel_secctx="no" 737 738AC_MSG_CHECKING(kernel Security Context support) 739case $host_os in 740linux*) 741# Linux kernel Security Context check 742AC_EGREP_CPP(yes, 743[#include <linux/pfkeyv2.h> 744#ifdef SADB_X_EXT_SEC_CTX 745yes 746#endif 747], [kernel_secctx="yes"]) 748 ;; 749esac 750AC_MSG_RESULT($kernel_secctx) 751 752AC_MSG_CHECKING(whether to support Security Context) 753AC_ARG_ENABLE(security-context, 754 [ --enable-security-context enable Security Context(yes/no/kernel)], 755 [if test "$enable_security-context" = "kernel"; then 756 enable_security_context=$kernel_secctx; fi], 757 [enable_security_context=$kernel_secctx]) 758AC_MSG_RESULT($enable_security_context) 759 760if test "$enable_security_context" = "yes"; then 761 if test "$kernel_secctx" = "no" ; then 762 AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.]) 763 else 764 AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context]) 765 SECCTX_OBJS="security.o" 766 AC_SUBST(SECCTX_OBJS) 767 fi 768fi 769 770CFLAGS="$CFLAGS $CFLAGS_ADD" 771CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 772 773case $host in 774 *linux*) 775 # Remove KERNEL_INCLUDE from CPPFLAGS. It will 776 # be symlinked to src/include-glibc/linux in 777 # compile time. 778 CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` 779 ;; 780esac 781 782include_racoondir=${includedir}/racoon 783AC_SUBST(include_racoondir) 784 785AC_CONFIG_FILES([ 786 Makefile 787 package_version.h 788 src/Makefile 789 src/include-glibc/Makefile 790 src/libipsec/Makefile 791 src/setkey/Makefile 792 src/racoon/Makefile 793 src/racoon/samples/psk.txt 794 src/racoon/samples/racoon.conf 795 rpm/Makefile 796 rpm/suse/Makefile 797 rpm/suse/ipsec-tools.spec 798 ]) 799AC_OUTPUT 800