configure.ac revision 1.13
1dnl -*- mode: m4 -*- 2dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp 3 4AC_PREREQ(2.52) 5AC_INIT(ipsec-tools, CVS) 6AC_CONFIG_SRCDIR([configure.ac]) 7AC_CONFIG_HEADERS(config.h) 8 9AM_INIT_AUTOMAKE(dist-bzip2) 10 11AC_ENABLE_SHARED(no) 12 13AC_PROG_CC 14AC_HEADER_STDC 15AC_PROG_LIBTOOL 16AC_PROG_YACC 17AM_PROG_LEX 18AC_SUBST(LEXLIB) 19AC_PROG_EGREP 20 21CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" 22 23case $host in 24*netbsd*) 25 LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" 26 ;; 27*linux*) 28 LIBS="$LIBS -lresolv" 29 INSTALL_OPTS="-o bin -g bin" 30 INCLUDE_GLIBC="include-glibc" 31 RPM="rpm" 32 AC_SUBST(INSTALL_OPTS) 33 AC_SUBST(INCLUDE_GLIBC) 34 AC_SUBST(RPM) 35 ;; 36*darwin*) 37 LIBS="$LIBS -lresolv" 38 ;; 39esac 40 41# Look up some IPsec-related headers 42AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) 43AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) 44AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) 45AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no]) 46 47# FreeBSD >=7 has only <netipsec/ipsec.h> 48# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h> 49# XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>, 50# we can't decide which one to use (actually <netinet6/ipsec.h>) 51 52 53if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then 54 have_netinet_ipsec=yes 55 AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h]) 56else 57 if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then 58 have_netinet_ipsec=yes 59 AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h]) 60 else 61 # have_netinet_ipsec will be checked a few lines below 62 AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h]) 63 fi 64fi 65 66case "$host_os" in 67 *linux*) 68 AC_ARG_WITH(kernel-headers, 69 AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include], 70 [where your Linux Kernel headers are installed]), 71 [ KERNEL_INCLUDE="$with_kernel_headers" 72 CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" 73 AC_SUBST(CONFIGURE_AMFLAGS) ], 74 [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) 75 76 AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , 77 [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, 78 KERNEL_INCLUDE=/usr/src/linux/include , 79 [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) 80 AC_SUBST(KERNEL_INCLUDE) 81 # We need the configure script to run with correct kernel headers. 82 # However we don't want to point to kernel source tree in compile time, 83 # i.e. this will be removed from CPPFLAGS at the end of configure. 84 CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" 85 86 AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 87 [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], 88 [Are PF_KEY policy priorities supported?])], [], 89 [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) 90 91 GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' 92 GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" 93 CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" 94 CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS" 95 AC_SUBST(GLIBC_BUGS) 96 ;; 97 *) 98 if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then 99 if test "$have_net_pfkey" = yes; then 100 AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) 101 else 102 AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) 103 fi 104 fi 105 ;; 106esac 107 108### Some basic toolchain checks 109 110# Checks for header files. 111AC_HEADER_STDC 112AC_HEADER_SYS_WAIT 113AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) 114AC_CHECK_HEADERS(shadow.h strings.h) 115 116# Checks for typedefs, structures, and compiler characteristics. 117AC_C_CONST 118AC_TYPE_PID_T 119AC_TYPE_SIZE_T 120AC_HEADER_TIME 121AC_STRUCT_TM 122 123# Checks for library functions. 124AC_FUNC_MEMCMP 125AC_TYPE_SIGNAL 126AC_FUNC_VPRINTF 127AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat) 128AC_REPLACE_FUNCS(strdup) 129RACOON_CHECK_VA_COPY 130 131# Check if printf accepts "%z" type modifier for size_t argument 132AC_MSG_CHECKING(if printf accepts %z) 133saved_CFLAGS=$CFLAGS 134CFLAGS="$CFLAGS -Wall -Werror" 135AC_TRY_COMPILE([ 136#include <stdio.h> 137], [ 138printf("%zu\n", (size_t)-1); 139], 140 [AC_MSG_RESULT(yes)], 141 [AC_MSG_RESULT(no); 142 CFLAGS_ADD="$CFLAGS_ADD -Wno-format"; 143 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.]) 144 ]) 145CFLAGS=$saved_CFLAGS 146 147# Can we use __func__ macro? 148AC_MSG_CHECKING(if __func__ is available) 149AC_TRY_COMPILE( 150[#include <stdio.h> 151], [char *x = __func__;], 152 [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) 153 AC_MSG_RESULT(yes)], 154 [AC_MSG_RESULT(no)]) 155 156# Check if readline support is requested 157AC_MSG_CHECKING(if readline support is requested) 158AC_ARG_WITH(readline, 159 [ --with-readline support readline input (yes by default)], 160 [with_readline="$withval"], [with_readline="yes"]) 161AC_MSG_RESULT($with_readline) 162 163# Is readline available? 164if test $with_readline != "no"; then 165 AC_CHECK_HEADER([readline/readline.h], 166 [AC_CHECK_LIB(readline, readline, [ 167 AC_DEFINE(HAVE_READLINE, [], 168 [Is readline available?]) 169 LIBS="$LIBS -lreadline" 170 ], [])], []) 171fi 172 173 174AC_MSG_CHECKING(if --with-flex option is specified) 175AC_ARG_WITH(flexdir, 176 [AC_HELP_STRING([--with-flex], [use directiory (default: no)])], 177 [flexdir="$withval"]) 178AC_MSG_RESULT(${flexdir-dirdefault}) 179 180if test "x$flexdir" != "x"; then 181 LIBS="$LIBS $flexdir/libfl.a" 182fi 183 184AC_MSG_CHECKING(if --with-flexlib option is specified) 185AC_ARG_WITH(flexlib, 186 [ --with-flexlib=<LIB> specify flex library.], 187 [flexlib="$withval"]) 188AC_MSG_RESULT(${flexlib-default}) 189 190if test "x$flexlib" != "x"; then 191 LIBS="$LIBS $flexlib" 192fi 193 194# Check if a different OpenSSL directory was specified 195AC_MSG_CHECKING(if --with-openssl option is specified) 196AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], 197 [crypto_dir=$withval]) 198AC_MSG_RESULT(${crypto_dir-default}) 199 200if test "x$crypto_dir" != "x"; then 201 LIBS="$LIBS -L${crypto_dir}/lib" 202 CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS" 203fi 204AC_MSG_CHECKING(openssl version) 205 206AC_TRY_COMPILE( 207[#include <openssl/opensslv.h> 208], 209[#if OPENSSL_VERSION_NUMBER < 0x0090813fL 210#error OpenSSL version is too old ... 211#endif], 212[AC_MSG_RESULT([ok])], 213[AC_MSG_RESULT(too old) 214AC_MSG_ERROR([OpenSSL version must be 0.9.8s or higher. Aborting.]) 215]) 216 217AC_CHECK_HEADERS(openssl/engine.h) 218 219# checking rijndael 220AC_CHECK_HEADERS([openssl/aes.h], [], 221 [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) 222 223# checking sha2 224AC_MSG_CHECKING(sha2 support) 225AC_DEFINE([WITH_SHA2], [], [SHA2 support]) 226AC_MSG_RESULT(yes) 227AC_CHECK_HEADER(openssl/sha2.h, [], [ 228 AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h) 229 AC_TRY_COMPILE([ 230 #ifdef HAVE_SYS_TYPES_H 231 #include <sys/types.h> 232 #endif 233 #include <openssl/sha.h> 234 ], [ 235 SHA256_CTX ctx; 236 ], [ 237 AC_MSG_RESULT(yes) 238 AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h]) 239 ], [AC_MSG_RESULT(no) 240 AC_LIBOBJ([sha2]) 241 CRYPTOBJS="$CRYPTOBJS sha2.o" 242 ]) 243 244 CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing" 245]) 246AC_SUBST(CRYPTOBJS) 247 248# checking camellia 249AC_CHECK_HEADERS([openssl/camellia.h]) 250 251 252# Option --enable-adminport 253AC_MSG_CHECKING(if --enable-adminport option is specified) 254AC_ARG_ENABLE(adminport, 255 [ --enable-adminport enable admin port], 256 [], [enable_adminport=no]) 257if test $enable_adminport = "yes"; then 258 AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) 259fi 260AC_MSG_RESULT($enable_adminport) 261 262# Option RC5 263AC_MSG_CHECKING(if --enable-rc5 option is specified) 264AC_ARG_ENABLE(rc5, 265 [ --enable-rc5 enable RC5 encryption (patented)], 266 [], [enable_rc5=no]) 267AC_MSG_RESULT($enable_rc5) 268 269if test $enable_rc5 = "yes"; then 270 AC_CHECK_HEADERS([openssl/rc5.h]) 271 AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt], 272 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"]) 273fi 274 275# Option IDEA 276AC_MSG_CHECKING(if --enable-idea option is specified) 277AC_ARG_ENABLE(idea, 278 [ --enable-idea enable IDEA encryption (patented)], 279 [], [enable_idea=no]) 280AC_MSG_RESULT($enable_idea) 281 282if test $enable_idea = "yes"; then 283 AC_CHECK_HEADERS([openssl/idea.h]) 284 AC_CHECK_LIB([crypto_idea], [idea_encrypt], 285 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"]) 286fi 287AC_SUBST(EXTRA_CRYPTO) 288 289# For dynamic libradius 290RACOON_PATH_LIBS([MD5_Init], [crypto]) 291 292# Check if we need -lutil for login(3) 293RACOON_PATH_LIBS([login], [util]) 294 295# Specify libiconv prefix 296AC_MSG_CHECKING(if --with-libiconv option is specified) 297AC_ARG_WITH(libiconv, 298 [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)], 299 [libiconv_dir=$withval], 300 [libiconv_dir=no]) 301AC_MSG_RESULT($libiconv_dir) 302if test "$libiconv_dir" != "no"; then 303 if test "$libiconv_dir" = "yes" ; then 304 libiconv_dir=""; 305 fi; 306 if test "x$libiconv_dir" = "x"; then 307 RACOON_PATH_LIBS([iconv_open], [iconv]) 308 else 309 if test -d "$libiconv_dir/lib" -a \ 310 -d "$libiconv_dir/include" ; then 311 RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"]) 312 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include" 313 else 314 AC_MSG_ERROR([ICONV libs or includes not found. Aborting.]) 315 fi 316 fi 317 LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv" 318 AC_CHECK_FUNCS(iconv_open) 319fi 320 321AC_MSG_CHECKING([if --enable-hybrid option is specified]) 322AC_ARG_ENABLE(hybrid, 323 [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], 324 [], [enable_hybrid=no]) 325AC_MSG_RESULT($enable_hybrid) 326 327if test "x$enable_hybrid" = "xyes"; then 328 case $host in 329 *darwin*) 330 ;; 331 *) 332 LIBS="$LIBS -lcrypt"; 333 ;; 334 esac 335 HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" 336 AC_SUBST(HYBRID_OBJS) 337 AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) 338fi 339 340AC_MSG_CHECKING([if --enable-frag option is specified]) 341AC_ARG_ENABLE(frag, 342 [ --enable-frag enable IKE fragmentation payload support], 343 [], [enable_frag=no]) 344AC_MSG_RESULT($enable_frag) 345 346if test "x$enable_frag" = "xyes"; then 347 case $host in 348 *darwin*) 349 ;; 350 *) 351 LIBS="$LIBS -lcrypt"; 352 ;; 353 esac 354 FRAG_OBJS="isakmp_frag.o" 355 AC_SUBST(FRAG_OBJS) 356 AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) 357fi 358 359AC_MSG_CHECKING(if --with-libradius option is specified) 360AC_ARG_WITH(libradius, 361 [ --with-libradius=DIR specify libradius path (like/usr/pkg)], 362 [libradius_dir=$withval], 363 [libradius_dir=no]) 364AC_MSG_RESULT($libradius_dir) 365if test "$libradius_dir" != "no"; then 366 if test "$libradius_dir" = "yes" ; then 367 libradius_dir=""; 368 fi; 369 if test "x$libradius_dir" = "x"; then 370 RACOON_PATH_LIBS([rad_create_request], [radius]) 371 else 372 if test -d "$libradius_dir/lib" -a \ 373 -d "$libradius_dir/include" ; then 374 RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) 375 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" 376 else 377 AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) 378 fi 379 fi 380 AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) 381 LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" 382 AC_CHECK_FUNCS(rad_create_request) 383fi 384 385AC_MSG_CHECKING(if --with-libpam option is specified) 386AC_ARG_WITH(libpam, 387 [ --with-libpam=DIR specify libpam path (like/usr/pkg)], 388 [libpam_dir=$withval], 389 [libpam_dir=no]) 390AC_MSG_RESULT($libpam_dir) 391if test "$libpam_dir" != "no"; then 392 if test "$libpam_dir" = "yes" ; then 393 libpam_dir=""; 394 fi; 395 if test "x$libpam_dir" = "x"; then 396 RACOON_PATH_LIBS([pam_start], [pam]) 397 else 398 if test -d "$libpam_dir/lib" -a \ 399 -d "$libpam_dir/include" ; then 400 RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"]) 401 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include" 402 else 403 AC_MSG_ERROR([PAM libs or includes not found. Aborting.]) 404 fi 405 fi 406 AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM]) 407 LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam" 408 AC_CHECK_FUNCS(pam_start) 409fi 410 411AC_MSG_CHECKING(if --with-libldap option is specified) 412AC_ARG_WITH(libldap, 413 [ --with-libldap=DIR specify libldap path (like/usr/pkg)], 414 [libldap_dir=$withval], 415 [libldap_dir=no]) 416AC_MSG_RESULT($libldap_dir) 417if test "$libldap_dir" != "no"; then 418 if test "$libldap_dir" = "yes" ; then 419 libldap_dir=""; 420 fi; 421 if test "x$libldap_dir" = "x"; then 422 RACOON_PATH_LIBS([ldap_init], [ldap]) 423 else 424 if test -d "$libldap_dir/lib" -a \ 425 -d "$libldap_dir/include" ; then 426 RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"]) 427 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include" 428 else 429 AC_MSG_ERROR([LDAP libs or includes not found. Aborting.]) 430 fi 431 fi 432 AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP]) 433 LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap" 434 435 saved_CFLAGS=$CFLAGS 436 CFLAGS="$CFLAGS -Wall -Werror" 437 saved_CPPFLAGS=$CPPFLAGS 438 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 439 AC_TRY_COMPILE( 440 [#include <ldap.h>], 441 [ 442 #if LDAP_API_VERSION < 2004 443 #error OpenLDAP version is too old ... 444 #endif 445 ], 446 [AC_MSG_RESULT([ok])], 447 [ 448 AC_MSG_RESULT(too old) 449 AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.]) 450 ]) 451 CFLAGS=$saved_CFLAGS 452 CPPFLAGS=$saved_CPPFLAGS 453fi 454 455# Check for Kerberos5 support 456# XXX This must come after all --with-* tests, else the 457# -liconv checks will not work 458AC_MSG_CHECKING(if --enable-gssapi option is specified) 459AC_ARG_ENABLE(gssapi, 460 [ --enable-gssapi enable GSS-API authentication], 461 [], [enable_gssapi=no]) 462AC_MSG_RESULT($enable_gssapi) 463AC_PATH_PROG(KRB5_CONFIG,krb5-config,no) 464if test "x$enable_gssapi" = "xyes"; then 465 if test "$KRB5_CONFIG" != "no"; then 466 krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" 467 krb5_libs="`$KRB5_CONFIG --libs gssapi`" 468 else 469 # No krb5-config; let's make some assumptions based on 470 # the OS. 471 case $host_os in 472 netbsd*) 473 krb5_incdir="-I/usr/include/krb5" 474 krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1" 475 ;; 476 *) 477 AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) 478 ;; 479 esac 480 fi 481 LIBS="$LIBS $krb5_libs" 482 CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" 483 AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) 484 485 # Check if iconv 2nd argument needs const 486 saved_CFLAGS=$CFLAGS 487 CFLAGS="$CFLAGS -Wall -Werror" 488 saved_CPPFLAGS=$CPPFLAGS 489 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 490 AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])]) 491 AC_MSG_CHECKING([if iconv second argument needs const]) 492 AC_TRY_COMPILE([ 493 #include <iconv.h> 494 #include <stdio.h> 495 ], [ 496 iconv_t cd = NULL; 497 const char **src = NULL; 498 size_t *srcleft = NULL; 499 char **dst = NULL; 500 size_t *dstleft = NULL; 501 502 (void)iconv(cd, src, srcleft, dst, dstleft); 503 ], [AC_MSG_RESULT(yes) 504 AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const]) 505 ], [AC_MSG_RESULT(no)]) 506 CFLAGS=$saved_CFLAGS 507 CPPFLAGS=$saved_CPPFLAGS 508 509 # libiconv is often integrated into libc. If a with-* option 510 # caused a non libc-based iconv.h to be catched instead of 511 # the libc-based iconv.h, then we need to link with -liconv 512 AC_MSG_CHECKING(if -liconv is required) 513 saved_CPPFLAGS=$CPPFLAGS 514 saved_LIBS=$LIBS 515 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 516 AC_TRY_LINK([ 517 #include <iconv.h> 518 ], [ 519 (void)iconv_open("ascii", "ascii"); 520 ], 521 [AC_MSG_RESULT(no)], 522 [ 523 LIBS="$LIBS -liconv" 524 AC_TRY_LINK([ 525 #include <iconv.h> 526 ], [ 527 (void)iconv_open("ascii", "ascii"); 528 ], 529 [ 530 AC_MSG_RESULT(yes) 531 saved_LIBS=$LIBS 532 ], [ 533 AC_MSG_ERROR([cannot use iconv]) 534 ]) 535 ]) 536 CPPFLAGS=$saved_CPPFLAGS 537 LIBS=$saved_LIBS 538fi 539 540AC_MSG_CHECKING(if --enable-stats option is specified) 541AC_ARG_ENABLE(stats, 542 [ --enable-stats enable statistics logging function], 543 [], [enable_stats=no]) 544if test "x$enable_stats" = "xyes"; then 545 AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) 546fi 547AC_MSG_RESULT($enable_stats) 548 549AC_MSG_CHECKING(if --enable-dpd option is specified) 550AC_ARG_ENABLE(dpd, 551 [ --enable-dpd enable dead peer detection], 552 [], [enable_dpd=no]) 553if test "x$enable_dpd" = "xyes"; then 554 AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) 555fi 556AC_MSG_RESULT($enable_dpd) 557 558AC_MSG_CHECKING(if --enable-samode-unspec option is specified) 559AC_ARG_ENABLE(samode-unspec, 560 [ --enable-samode-unspec enable to use unspecified a mode of SA], 561 [], [enable_samode_unspec=no]) 562if test "x$enable_samode_unspec" = "xyes"; then 563 case $host_os in 564 *linux*) 565 cat << EOC 566 567ERROR: --enable-samode-unspec is not supported under linux 568because linux kernel do not support it. This option is disabled 569to prevent mysterious problems. 570 571If you REALLY know what your are doing, remove this check. 572EOC 573 exit 1; 574 ;; 575 esac 576 AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) 577fi 578AC_MSG_RESULT($enable_samode_unspec) 579 580# Checks if IPv6 is requested 581AC_MSG_CHECKING([whether to enable ipv6]) 582AC_ARG_ENABLE(ipv6, 583[ --disable-ipv6 disable ipv6 support], 584[ case "$enableval" in 585 no) 586 AC_MSG_RESULT(no) 587 ipv6=no 588 ;; 589 *) AC_MSG_RESULT(yes) 590 ipv6=yes 591 ;; 592 esac ], 593 594 AC_TRY_RUN([ /* AF_INET6 avalable check */ 595#include <sys/types.h> 596#include <sys/socket.h> 597main() 598{ 599 exit(0); 600 if (socket(AF_INET6, SOCK_STREAM, 0) < 0) 601 exit(1); 602 else 603 exit(0); 604} 605], 606 AC_MSG_RESULT(yes) 607 AC_DEFINE([INET6], [], [Support IPv6]) 608 ipv6=yes, 609 AC_MSG_RESULT(no) 610 ipv6=no, 611 AC_MSG_RESULT(no) 612 ipv6=no 613)) 614 615if test "$ipv6" = "yes"; then 616 AC_DEFINE([INET6], [], [Support IPv6]) 617 AC_MSG_CHECKING(for advanced API support) 618 AC_TRY_COMPILE([#ifndef INET6 619#define INET6 620#endif 621#include <sys/types.h> 622#include <netinet/in.h>], 623 [struct in6_pktinfo a;], 624 [AC_MSG_RESULT(yes) 625 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], 626 [AC_MSG_RESULT(no)]) 627fi 628 629RACOON_CHECK_BUGGY_GETADDRINFO 630if test "$buggygetaddrinfo" = "yes"; then 631 AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) 632fi 633 634# Check if kernel support is available for NAT-T, defaults to no. 635kernel_natt="no" 636 637AC_MSG_CHECKING(kernel NAT-Traversal support) 638case $host_os in 639linux*) 640# Linux kernel NAT-T check 641AC_EGREP_CPP(yes, 642[#include <linux/pfkeyv2.h> 643#ifdef SADB_X_EXT_NAT_T_TYPE 644yes 645#endif 646], [kernel_natt="yes"]) 647 ;; 648freebsd*|netbsd*) 649# NetBSD case 650# Same check for FreeBSD 651AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, 652 [kernel_natt="yes"],, [ 653#define _KERNEL 654#include <sys/types.h> 655#include <net/pfkeyv2.h> 656]) 657 ;; 658esac 659AC_MSG_RESULT($kernel_natt) 660 661AC_MSG_CHECKING(whether to support NAT-T) 662AC_ARG_ENABLE(natt, 663 [ --enable-natt enable NAT-Traversal (yes/no/kernel)], 664 [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ], 665 [ enable_natt=no ]) 666AC_MSG_RESULT($enable_natt) 667 668if test "$enable_natt" = "yes"; then 669 if test "$kernel_natt" = "no" ; then 670 AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) 671 else 672 AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) 673 NATT_OBJS="nattraversal.o" 674 AC_SUBST(NATT_OBJS) 675 fi 676fi 677 678# Set up defines for supported NAT-T versions. 679natt_versions_default="00,02,rfc" 680AC_MSG_CHECKING(which NAT-T versions to support) 681AC_ARG_ENABLE(natt_versions, 682 [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], 683 [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], 684 [ enable_natt_versions=$natt_versions_default ]) 685if test "$enable_natt" = "yes"; then 686 AC_MSG_RESULT($enable_natt_versions) 687 for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do 688 case $i in 689 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; 690 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; 691 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; 692 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; 693 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; 694 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; 695 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; 696 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; 697 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; 698 RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; 699 *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; 700 esac 701 done 702 unset i 703else 704 AC_MSG_RESULT([none]) 705fi 706 707AC_MSG_CHECKING(if --enable-broken-natt option is specified) 708AC_ARG_ENABLE(broken-natt, 709 [ --enable-broken-natt broken in-kernel NAT-T], 710 [], [enable_broken_natt=no]) 711if test "x$enable_broken_natt" = "xyes"; then 712 AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken]) 713fi 714AC_MSG_RESULT($enable_broken_natt) 715 716AC_MSG_CHECKING(whether we support FWD policy) 717case $host in 718 *linux*) 719 AC_TRY_COMPILE([ 720 #include <inttypes.h> 721 #include <linux/ipsec.h> 722 ], [ 723 int fwd = IPSEC_DIR_FWD; 724 ], 725 [AC_MSG_RESULT(yes) 726 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], 727 [AC_MSG_RESULT(no)]) 728 ;; 729 *) 730 AC_MSG_RESULT(no) 731 ;; 732esac 733 734AC_CHECK_TYPE([ipsec_policy_t], 735 [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])], 736 [], 737 [ 738 #include <sys/types.h> 739 #include <netinet6/ipsec.h> 740 ]) 741 742# Check if kernel support is available for Security Context, defaults to no. 743kernel_secctx="no" 744 745AC_MSG_CHECKING(kernel Security Context support) 746case $host_os in 747linux*) 748# Linux kernel Security Context check 749AC_EGREP_CPP(yes, 750[#include <linux/pfkeyv2.h> 751#ifdef SADB_X_EXT_SEC_CTX 752yes 753#endif 754], [kernel_secctx="yes"]) 755 ;; 756esac 757AC_MSG_RESULT($kernel_secctx) 758 759AC_CHECK_HEADER(selinux/selinux.h, 760 [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes], 761 [selinux_support=no])], [selinux_support=no]) 762 763AC_MSG_CHECKING(whether to support Security Context) 764AC_ARG_ENABLE(security-context, 765 [ --enable-security-context enable Security Context(yes/no/kernel)], 766 [if test "$enable_security_context" = "kernel"; then 767 enable_security_context=$kernel_secctx; fi], 768 [enable_security_context=$kernel_secctx]) 769AC_MSG_RESULT($enable_security_context) 770 771if test "$enable_security_context" = "yes"; then 772 if test "$kernel_secctx" = "no" ; then 773 AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.]) 774 else 775 if test "$selinux_support" = "no"; then 776 AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.]) 777 else 778 AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context]) 779 SECCTX_OBJS="security.o" 780 AC_SUBST(SECCTX_OBJS) 781 LIBS="$LIBS -lselinux" 782 fi 783 fi 784fi 785 786RACOON_PATH_LIBS([clock_gettime], [rt]) 787 788AC_MSG_CHECKING(for monotonic system clock) 789AC_TRY_COMPILE( 790 [#include <time.h>], 791 [clock_gettime(CLOCK_MONOTONIC, NULL);], 792 [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock]) 793 AC_MSG_RESULT(yes)], 794 [AC_MSG_RESULT(no)]) 795 796CFLAGS="$CFLAGS $CFLAGS_ADD" 797CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 798 799case $host in 800 *linux*) 801 # Remove KERNEL_INCLUDE from CPPFLAGS. It will 802 # be symlinked to src/include-glibc/linux in 803 # compile time. 804 CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` 805 ;; 806esac 807 808include_racoondir=${includedir}/racoon 809AC_SUBST(include_racoondir) 810 811AC_CONFIG_FILES([ 812 Makefile 813 package_version.h 814 src/Makefile 815 src/include-glibc/Makefile 816 src/libipsec/Makefile 817 src/setkey/Makefile 818 src/racoon/Makefile 819 src/racoon/samples/psk.txt 820 src/racoon/samples/racoon.conf 821 rpm/Makefile 822 rpm/suse/Makefile 823 rpm/suse/ipsec-tools.spec 824 ]) 825AC_OUTPUT 826