configure.ac revision 1.3
1dnl -*- mode: m4 -*- 2dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp 3 4AC_PREREQ(2.52) 5AC_INIT(ipsec-tools, CVS) 6AC_CONFIG_SRCDIR([configure.ac]) 7AM_CONFIG_HEADER(config.h) 8 9AM_INIT_AUTOMAKE(dist-bzip2) 10 11AC_ENABLE_SHARED(no) 12 13AC_PROG_CC 14AM_PROG_CC_STDC 15AC_HEADER_STDC 16AC_PROG_LIBTOOL 17AC_PROG_YACC 18AM_PROG_LEX 19AC_SUBST(LEXLIB) 20AC_PROG_EGREP 21 22CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" 23 24case $host in 25*netbsd*) 26 LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" 27 ;; 28*linux*) 29 LIBS="$LIBS -lresolv" 30 INSTALL_OPTS="-o bin -g bin" 31 INCLUDE_GLIBC="include-glibc" 32 RPM="rpm" 33 AC_SUBST(INSTALL_OPTS) 34 AC_SUBST(INCLUDE_GLIBC) 35 AC_SUBST(RPM) 36 ;; 37*darwin*) 38 LIBS="$LIBS -lresolv" 39 ;; 40esac 41 42# Look up some IPsec-related headers 43AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) 44AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) 45AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) 46 47# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h> 48if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then 49 have_netinet_ipsec=yes 50 AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use <netinet6/ipsec.h>]) 51fi 52 53case "$host_os" in 54 *linux*) 55 AC_ARG_WITH(kernel-headers, 56 AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include], 57 [where your Linux Kernel headers are installed]), 58 [ KERNEL_INCLUDE="$with_kernel_headers" 59 CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" 60 AC_SUBST(CONFIGURE_AMFLAGS) ], 61 [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) 62 63 AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , 64 [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, 65 KERNEL_INCLUDE=/usr/src/linux/include , 66 [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) 67 AC_SUBST(KERNEL_INCLUDE) 68 # We need the configure script to run with correct kernel headers. 69 # However we don't want to point to kernel source tree in compile time, 70 # i.e. this will be removed from CPPFLAGS at the end of configure. 71 CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" 72 73 AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 74 [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], 75 [Are PF_KEY policy priorities supported?])], [], 76 [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) 77 78 GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' 79 GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" 80 CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" 81 CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS" 82 AC_SUBST(GLIBC_BUGS) 83 ;; 84 *) 85 if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then 86 if test "$have_net_pfkey" = yes; then 87 AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) 88 else 89 AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) 90 fi 91 fi 92 ;; 93esac 94 95### Some basic toolchain checks 96 97# Checks for header files. 98AC_HEADER_STDC 99AC_HEADER_SYS_WAIT 100AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) 101AC_CHECK_HEADERS(shadow.h) 102 103# Checks for typedefs, structures, and compiler characteristics. 104AC_C_CONST 105AC_TYPE_PID_T 106AC_TYPE_SIZE_T 107AC_HEADER_TIME 108AC_STRUCT_TM 109 110# Checks for library functions. 111AC_FUNC_MEMCMP 112AC_TYPE_SIGNAL 113AC_FUNC_VPRINTF 114AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat) 115AC_REPLACE_FUNCS(strdup) 116RACOON_CHECK_VA_COPY 117 118# Check if printf accepts "%z" type modifier for size_t argument 119AC_MSG_CHECKING(if printf accepts %z) 120saved_CFLAGS=$CFLAGS 121CFLAGS="$CFLAGS -Wall -Werror" 122AC_TRY_COMPILE([ 123#include <stdio.h> 124], [ 125printf("%zu\n", (size_t)-1); 126], 127 [AC_MSG_RESULT(yes)], 128 [AC_MSG_RESULT(no); 129 CFLAGS_ADD="$CFLAGS_ADD -Wno-format"; 130 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.]) 131 ]) 132CFLAGS=$saved_CFLAGS 133 134# Can we use __func__ macro? 135AC_MSG_CHECKING(if __func__ is available) 136AC_TRY_COMPILE( 137[#include <stdio.h> 138], [char *x = __func__;], 139 [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) 140 AC_MSG_RESULT(yes)], 141 [AC_MSG_RESULT(no)]) 142 143# Check if readline support is requested 144AC_MSG_CHECKING(if readline support is requested) 145AC_ARG_WITH(readline, 146 [ --with-readline support readline input (yes by default)], 147 [with_readline="$withval"], [with_readline="yes"]) 148AC_MSG_RESULT($with_readline) 149 150# Is readline available? 151if test $with_readline != "no"; then 152 AC_CHECK_HEADER([readline/readline.h], 153 [AC_CHECK_LIB(readline, readline, [ 154 AC_DEFINE(HAVE_READLINE, [], 155 [Is readline available?]) 156 LIBS="$LIBS -lreadline" 157 ], [])], []) 158fi 159 160 161AC_MSG_CHECKING(if --with-flex option is specified) 162AC_ARG_WITH(flexdir, 163 [AC_HELP_STRING([--with-flex], [use directiory (default: no)])], 164 [flexdir="$withval"]) 165AC_MSG_RESULT(${flexdir-dirdefault}) 166 167if test "x$flexdir" != "x"; then 168 LIBS="$LIBS $flexdir/libfl.a" 169fi 170 171AC_MSG_CHECKING(if --with-flexlib option is specified) 172AC_ARG_WITH(flexlib, 173 [ --with-flexlib=<LIB> specify flex library.], 174 [flexlib="$withval"]) 175AC_MSG_RESULT(${flexlib-default}) 176 177if test "x$flexlib" != "x"; then 178 LIBS="$LIBS $flexlib" 179fi 180 181# Check if a different OpenSSL directory was specified 182AC_MSG_CHECKING(if --with-openssl option is specified) 183AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], 184 [crypto_dir=$withval]) 185AC_MSG_RESULT(${crypto_dir-default}) 186 187if test "x$crypto_dir" != "x"; then 188 LIBS="$LIBS -L${crypto_dir}/lib" 189 CPPFLAGS="-I${crypto_dir}/include $CPPLAGS" 190fi 191AC_MSG_CHECKING(openssl version) 192 193AC_TRY_COMPILE( 194[#include <openssl/opensslv.h> 195], 196[#if OPENSSL_VERSION_NUMBER < 0x0090602fL 197#error OpenSSL version is too old ... 198#endif], 199[AC_MSG_RESULT([ok])], 200[AC_MSG_RESULT(too old) 201AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.]) 202]) 203 204AC_CHECK_HEADERS(openssl/engine.h) 205 206# checking rijndael 207AC_CHECK_HEADERS([openssl/aes.h], [], 208 [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) 209 210# checking sha2 211AC_MSG_CHECKING(sha2 support) 212AC_DEFINE([WITH_SHA2], [], [SHA2 support]) 213AC_MSG_RESULT(yes) 214AC_CHECK_HEADER(openssl/sha2.h, [], [ 215 AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h) 216 AC_TRY_COMPILE([ 217 #ifdef HAVE_SYS_TYPES_H 218 #include <sys/types.h> 219 #endif 220 #include <openssl/sha.h> 221 ], [ 222 SHA256_CTX ctx; 223 ], [ 224 AC_MSG_RESULT(yes) 225 AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h]) 226 ], [AC_MSG_RESULT(no) 227 AC_LIBOBJ([sha2]) 228 CRYPTOBJS="$CRYPTOBJS sha2.o" 229 ]) 230 231 CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing" 232]) 233AC_SUBST(CRYPTOBJS) 234 235# checking camellia 236AC_CHECK_HEADERS([openssl/camellia.h]) 237 238 239# Option --enable-adminport 240AC_MSG_CHECKING(if --enable-adminport option is specified) 241AC_ARG_ENABLE(adminport, 242 [ --enable-adminport enable admin port], 243 [], [enable_adminport=no]) 244if test $enable_adminport = "yes"; then 245 AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) 246fi 247AC_MSG_RESULT($enable_adminport) 248 249# Option RC5 250AC_MSG_CHECKING(if --enable-rc5 option is specified) 251AC_ARG_ENABLE(rc5, 252 [ --enable-rc5 enable RC5 encryption (patented)], 253 [], [enable_rc5=no]) 254AC_MSG_RESULT($enable_rc5) 255 256if test $enable_rc5 = "yes"; then 257 AC_CHECK_HEADERS([openssl/rc5.h]) 258 AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt], 259 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"]) 260fi 261 262# Option IDEA 263AC_MSG_CHECKING(if --enable-idea option is specified) 264AC_ARG_ENABLE(idea, 265 [ --enable-idea enable IDEA encryption (patented)], 266 [], [enable_idea=no]) 267AC_MSG_RESULT($enable_idea) 268 269if test $enable_idea = "yes"; then 270 AC_CHECK_HEADERS([openssl/idea.h]) 271 AC_CHECK_LIB([crypto_idea], [idea_encrypt], 272 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"]) 273fi 274AC_SUBST(EXTRA_CRYPTO) 275 276# For dynamic libradius 277RACOON_PATH_LIBS([MD5_Init], [crypto]) 278 279# Check if we need -lutil for login(3) 280RACOON_PATH_LIBS([login], [util]) 281 282# Specify libiconv prefix 283AC_MSG_CHECKING(if --with-libiconv option is specified) 284AC_ARG_WITH(libiconv, 285 [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)], 286 [libiconv_dir=$withval], 287 [libiconv_dir=no]) 288AC_MSG_RESULT($libiconv_dir) 289if test "$libiconv_dir" != "no"; then 290 if test "$libiconv_dir" = "yes" ; then 291 libiconv_dir=""; 292 fi; 293 if test "x$libiconv_dir" = "x"; then 294 RACOON_PATH_LIBS([iconv_open], [iconv]) 295 else 296 if test -d "$libiconv_dir/lib" -a \ 297 -d "$libiconv_dir/include" ; then 298 RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"]) 299 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include" 300 else 301 AC_MSG_ERROR([ICONV libs or includes not found. Aborting.]) 302 fi 303 fi 304 LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv" 305 AC_CHECK_FUNCS(iconv_open) 306fi 307 308AC_MSG_CHECKING([if --enable-hybrid option is specified]) 309AC_ARG_ENABLE(hybrid, 310 [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], 311 [], [enable_hybrid=no]) 312AC_MSG_RESULT($enable_hybrid) 313 314if test "x$enable_hybrid" = "xyes"; then 315 case $host in 316 *darwin*) 317 ;; 318 *) 319 LIBS="$LIBS -lcrypt"; 320 ;; 321 esac 322 HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" 323 AC_SUBST(HYBRID_OBJS) 324 AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) 325fi 326 327AC_MSG_CHECKING([if --enable-frag option is specified]) 328AC_ARG_ENABLE(frag, 329 [ --enable-frag enable IKE fragmentation payload support], 330 [], [enable_frag=no]) 331AC_MSG_RESULT($enable_frag) 332 333if test "x$enable_frag" = "xyes"; then 334 case $host in 335 *darwin*) 336 ;; 337 *) 338 LIBS="$LIBS -lcrypt"; 339 ;; 340 esac 341 FRAG_OBJS="isakmp_frag.o" 342 AC_SUBST(FRAG_OBJS) 343 AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) 344fi 345 346AC_MSG_CHECKING(if --with-libradius option is specified) 347AC_ARG_WITH(libradius, 348 [ --with-libradius=DIR specify libradius path (like/usr/pkg)], 349 [libradius_dir=$withval], 350 [libradius_dir=no]) 351AC_MSG_RESULT($libradius_dir) 352if test "$libradius_dir" != "no"; then 353 if test "$libradius_dir" = "yes" ; then 354 libradius_dir=""; 355 fi; 356 if test "x$libradius_dir" = "x"; then 357 RACOON_PATH_LIBS([rad_create_request], [radius]) 358 else 359 if test -d "$libradius_dir/lib" -a \ 360 -d "$libradius_dir/include" ; then 361 RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) 362 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" 363 else 364 AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) 365 fi 366 fi 367 AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) 368 LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" 369 AC_CHECK_FUNCS(rad_create_request) 370fi 371 372AC_MSG_CHECKING(if --with-libpam option is specified) 373AC_ARG_WITH(libpam, 374 [ --with-libpam=DIR specify libpam path (like/usr/pkg)], 375 [libpam_dir=$withval], 376 [libpam_dir=no]) 377AC_MSG_RESULT($libpam_dir) 378if test "$libpam_dir" != "no"; then 379 if test "$libpam_dir" = "yes" ; then 380 libpam_dir=""; 381 fi; 382 if test "x$libpam_dir" = "x"; then 383 RACOON_PATH_LIBS([pam_start], [pam]) 384 else 385 if test -d "$libpam_dir/lib" -a \ 386 -d "$libpam_dir/include" ; then 387 RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"]) 388 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include" 389 else 390 AC_MSG_ERROR([PAM libs or includes not found. Aborting.]) 391 fi 392 fi 393 AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM]) 394 LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam" 395 AC_CHECK_FUNCS(pam_start) 396fi 397 398AC_MSG_CHECKING(if --with-libldap option is specified) 399AC_ARG_WITH(libldap, 400 [ --with-libldap=DIR specify libldap path (like/usr/pkg)], 401 [libldap_dir=$withval], 402 [libldap_dir=no]) 403AC_MSG_RESULT($libldap_dir) 404if test "$libldap_dir" != "no"; then 405 if test "$libldap_dir" = "yes" ; then 406 libldap_dir=""; 407 fi; 408 if test "x$libldap_dir" = "x"; then 409 RACOON_PATH_LIBS([ldap_init], [ldap]) 410 else 411 if test -d "$libldap_dir/lib" -a \ 412 -d "$libldap_dir/include" ; then 413 RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"]) 414 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include" 415 else 416 AC_MSG_ERROR([LDAP libs or includes not found. Aborting.]) 417 fi 418 fi 419 AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP]) 420 LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap" 421 422 saved_CFLAGS=$CFLAGS 423 CFLAGS="$CFLAGS -Wall -Werror" 424 saved_CPPFLAGS=$CPPFLAGS 425 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 426 AC_TRY_COMPILE( 427 [#include <ldap.h>], 428 [ 429 #if LDAP_API_VERSION < 2004 430 #error OpenLDAP version is too old ... 431 #endif 432 ], 433 [AC_MSG_RESULT([ok])], 434 [ 435 AC_MSG_RESULT(too old) 436 AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.]) 437 ]) 438 CFLAGS=$saved_CFLAGS 439 CPPFLAGS=$saved_CPPFLAGS 440fi 441 442# Check for Kerberos5 support 443# XXX This must come after all --with-* tests, else the 444# -liconv checks will not work 445AC_MSG_CHECKING(if --enable-gssapi option is specified) 446AC_ARG_ENABLE(gssapi, 447 [ --enable-gssapi enable GSS-API authentication], 448 [], [enable_gssapi=no]) 449AC_MSG_RESULT($enable_gssapi) 450AC_PATH_PROG(KRB5_CONFIG,krb5-config,no) 451if test "x$enable_gssapi" = "xyes"; then 452 if test "$KRB5_CONFIG" != "no"; then 453 krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" 454 krb5_libs="`$KRB5_CONFIG --libs gssapi`" 455 else 456 # No krb5-config; let's make some assumptions based on 457 # the OS. 458 case $host_os in 459 netbsd*) 460 krb5_incdir="-I/usr/include/krb5" 461 krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1" 462 ;; 463 *) 464 AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) 465 ;; 466 esac 467 fi 468 LIBS="$LIBS $krb5_libs" 469 CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" 470 AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) 471 472 # Check if iconv 2nd argument needs const 473 saved_CFLAGS=$CFLAGS 474 CFLAGS="$CFLAGS -Wall -Werror" 475 saved_CPPFLAGS=$CPPFLAGS 476 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 477 AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])]) 478 AC_MSG_CHECKING([if iconv second argument needs const]) 479 AC_TRY_COMPILE([ 480 #include <iconv.h> 481 #include <stdio.h> 482 ], [ 483 iconv_t cd = NULL; 484 const char **src = NULL; 485 size_t *srcleft = NULL; 486 char **dst = NULL; 487 size_t *dstleft = NULL; 488 489 (void)iconv(cd, src, srcleft, dst, dstleft); 490 ], [AC_MSG_RESULT(yes) 491 AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const]) 492 ], [AC_MSG_RESULT(no)]) 493 CFLAGS=$saved_CFLAGS 494 CPPFLAGS=$saved_CPPFLAGS 495 496 # libiconv is often integrated into libc. If a with-* option 497 # caused a non libc-based iconv.h to be catched instead of 498 # the libc-based iconv.h, then we need to link with -liconv 499 AC_MSG_CHECKING(if -liconv is required) 500 saved_CPPFLAGS=$CPPFLAGS 501 saved_LIBS=$LIBS 502 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 503 AC_TRY_LINK([ 504 #include <iconv.h> 505 ], [ 506 (void)iconv_open("ascii", "ascii"); 507 ], 508 [AC_MSG_RESULT(no)], 509 [ 510 LIBS="$LIBS -liconv" 511 AC_TRY_LINK([ 512 #include <iconv.h> 513 ], [ 514 (void)iconv_open("ascii", "ascii"); 515 ], 516 [ 517 AC_MSG_RESULT(yes) 518 saved_LIBS=$LIBS 519 ], [ 520 AC_MSG_ERROR([cannot use iconv]) 521 ]) 522 ]) 523 CPPFLAGS=$saved_CPPFLAGS 524 LIBS=$saved_LIBS 525fi 526 527AC_MSG_CHECKING(if --enable-stats option is specified) 528AC_ARG_ENABLE(stats, 529 [ --enable-stats enable statistics logging function], 530 [], [enable_stats=no]) 531if test "x$enable_stats" = "xyes"; then 532 AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) 533fi 534AC_MSG_RESULT($enable_stats) 535 536AC_MSG_CHECKING(if --enable-dpd option is specified) 537AC_ARG_ENABLE(dpd, 538 [ --enable-dpd enable dead peer detection], 539 [], [enable_dpd=no]) 540if test "x$enable_dpd" = "xyes"; then 541 AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) 542fi 543AC_MSG_RESULT($enable_dpd) 544 545AC_MSG_CHECKING(if --enable-fastquit option is specified) 546AC_ARG_ENABLE(fastquit, 547 [ --enable-fastquit enable new faster code to flush SAs when stopping racoon], 548 [], [enable_fastquit=no]) 549if test "x$enable_fastquit" = "xyes"; then 550 AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code]) 551fi 552AC_MSG_RESULT($enable_fastquit) 553 554 555AC_MSG_CHECKING(if --enable-samode-unspec option is specified) 556AC_ARG_ENABLE(samode-unspec, 557 [ --enable-samode-unspec enable to use unspecified a mode of SA], 558 [], [enable_samode_unspec=no]) 559if test "x$enable_samode_unspec" = "xyes"; then 560 case $host_os in 561 *linux*) 562 cat << EOC 563 564ERROR: --enable-samode-unspec is not supported under linux 565because linux kernel do not support it. This option is disabled 566to prevent mysterious problems. 567 568If you REALLY know what your are doing, remove this check. 569EOC 570 exit 1; 571 ;; 572 esac 573 AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) 574fi 575AC_MSG_RESULT($enable_samode_unspec) 576 577# Checks if IPv6 is requested 578AC_MSG_CHECKING([whether to enable ipv6]) 579AC_ARG_ENABLE(ipv6, 580[ --disable-ipv6 disable ipv6 support], 581[ case "$enableval" in 582 no) 583 AC_MSG_RESULT(no) 584 ipv6=no 585 ;; 586 *) AC_MSG_RESULT(yes) 587 ipv6=yes 588 ;; 589 esac ], 590 591 AC_TRY_RUN([ /* AF_INET6 avalable check */ 592#include <sys/types.h> 593#include <sys/socket.h> 594main() 595{ 596 exit(0); 597 if (socket(AF_INET6, SOCK_STREAM, 0) < 0) 598 exit(1); 599 else 600 exit(0); 601} 602], 603 AC_MSG_RESULT(yes) 604 AC_DEFINE([INET6], [], [Support IPv6]) 605 ipv6=yes, 606 AC_MSG_RESULT(no) 607 ipv6=no, 608 AC_MSG_RESULT(no) 609 ipv6=no 610)) 611 612if test "$ipv6" = "yes"; then 613 AC_DEFINE([INET6], [], [Support IPv6]) 614 AC_MSG_CHECKING(for advanced API support) 615 AC_TRY_COMPILE([#ifndef INET6 616#define INET6 617#endif 618#include <sys/types.h> 619#include <netinet/in.h>], 620 [struct in6_pktinfo a;], 621 [AC_MSG_RESULT(yes) 622 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], 623 [AC_MSG_RESULT(no)]) 624fi 625 626RACOON_CHECK_BUGGY_GETADDRINFO 627if test "$buggygetaddrinfo" = "yes"; then 628 AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) 629fi 630 631# Check if kernel support is available for NAT-T, defaults to no. 632kernel_natt="no" 633 634AC_MSG_CHECKING(kernel NAT-Traversal support) 635case $host_os in 636linux*) 637# Linux kernel NAT-T check 638AC_EGREP_CPP(yes, 639[#include <linux/pfkeyv2.h> 640#ifdef SADB_X_EXT_NAT_T_TYPE 641yes 642#endif 643], [kernel_natt="yes"]) 644 ;; 645freebsd*|netbsd*) 646# NetBSD case 647# Same check for FreeBSD 648AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, 649 [kernel_natt="yes"],, [ 650#define _KERNEL 651#include <sys/types.h> 652#include <net/pfkeyv2.h> 653]) 654 ;; 655esac 656AC_MSG_RESULT($kernel_natt) 657 658AC_MSG_CHECKING(whether to support NAT-T) 659AC_ARG_ENABLE(natt, 660 [ --enable-natt enable NAT-Traversal (yes/no/kernel)], 661 [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ], 662 [ enable_natt=no ]) 663AC_MSG_RESULT($enable_natt) 664 665if test "$enable_natt" = "yes"; then 666 if test "$kernel_natt" = "no" ; then 667 AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) 668 else 669 AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) 670 NATT_OBJS="nattraversal.o" 671 AC_SUBST(NATT_OBJS) 672 fi 673fi 674 675# Set up defines for supported NAT-T versions. 676natt_versions_default="00,02,rfc" 677AC_MSG_CHECKING(which NAT-T versions to support) 678AC_ARG_ENABLE(natt_versions, 679 [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], 680 [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], 681 [ enable_natt_versions=$natt_versions_default ]) 682if test "$enable_natt" = "yes"; then 683 AC_MSG_RESULT($enable_natt_versions) 684 for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do 685 case $i in 686 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; 687 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; 688 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; 689 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; 690 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; 691 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; 692 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; 693 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; 694 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; 695 RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; 696 *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; 697 esac 698 done 699 unset i 700else 701 AC_MSG_RESULT([none]) 702fi 703 704AC_MSG_CHECKING(if --enable-broken-natt option is specified) 705AC_ARG_ENABLE(broken-natt, 706 [ --enable-broken-natt broken in-kernel NAT-T], 707 [], [enable_broken_natt=no]) 708if test "x$enable_broken_natt" = "xyes"; then 709 AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken]) 710fi 711AC_MSG_RESULT($enable_broken_natt) 712 713AC_MSG_CHECKING(whether we support FWD policy) 714case $host in 715 *linux*) 716 AC_TRY_COMPILE([ 717 #include <inttypes.h> 718 #include <linux/ipsec.h> 719 ], [ 720 int fwd = IPSEC_DIR_FWD; 721 ], 722 [AC_MSG_RESULT(yes) 723 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], 724 [AC_MSG_RESULT(no)]) 725 ;; 726 *) 727 AC_MSG_RESULT(no) 728 ;; 729esac 730 731AC_CHECK_TYPE([ipsec_policy_t], 732 [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])], 733 [], 734 [ 735 #include <sys/types.h> 736 #include <netinet6/ipsec.h> 737 ]) 738 739# Check if kernel support is available for Security Context, defaults to no. 740kernel_secctx="no" 741 742AC_MSG_CHECKING(kernel Security Context support) 743case $host_os in 744linux*) 745# Linux kernel Security Context check 746AC_EGREP_CPP(yes, 747[#include <linux/pfkeyv2.h> 748#ifdef SADB_X_EXT_SEC_CTX 749yes 750#endif 751], [kernel_secctx="yes"]) 752 ;; 753esac 754AC_MSG_RESULT($kernel_secctx) 755 756AC_MSG_CHECKING(whether to support Security Context) 757AC_ARG_ENABLE(security-context, 758 [ --enable-security-context enable Security Context(yes/no/kernel)], 759 [if test "$enable_security-context" = "kernel"; then 760 enable_security_context=$kernel_secctx; fi], 761 [enable_security_context=$kernel_secctx]) 762AC_MSG_RESULT($enable_security_context) 763 764if test "$enable_security_context" = "yes"; then 765 if test "$kernel_secctx" = "no" ; then 766 AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.]) 767 else 768 AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context]) 769 SECCTX_OBJS="security.o" 770 AC_SUBST(SECCTX_OBJS) 771 LIBS="$LIBS -lselinux" 772 fi 773fi 774 775CFLAGS="$CFLAGS $CFLAGS_ADD" 776CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 777 778case $host in 779 *linux*) 780 # Remove KERNEL_INCLUDE from CPPFLAGS. It will 781 # be symlinked to src/include-glibc/linux in 782 # compile time. 783 CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` 784 ;; 785esac 786 787include_racoondir=${includedir}/racoon 788AC_SUBST(include_racoondir) 789 790AC_CONFIG_FILES([ 791 Makefile 792 package_version.h 793 src/Makefile 794 src/include-glibc/Makefile 795 src/libipsec/Makefile 796 src/setkey/Makefile 797 src/racoon/Makefile 798 src/racoon/samples/psk.txt 799 src/racoon/samples/racoon.conf 800 rpm/Makefile 801 rpm/suse/Makefile 802 rpm/suse/ipsec-tools.spec 803 ]) 804AC_OUTPUT 805