1dnl -*- mode: m4 -*- 2dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp 3 4AC_PREREQ(2.52) 5AC_INIT(ipsec-tools, CVS) 6AC_CONFIG_SRCDIR([configure.ac]) 7AM_CONFIG_HEADER(config.h) 8 9AM_INIT_AUTOMAKE(dist-bzip2) 10 11AC_ENABLE_SHARED(no) 12 13AC_PROG_CC 14AM_PROG_CC_STDC 15AC_HEADER_STDC 16AC_PROG_LIBTOOL 17AC_PROG_YACC 18AM_PROG_LEX 19AC_SUBST(LEXLIB) 20AC_PROG_EGREP 21 22CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" 23 24case $host in 25*netbsd*) 26 LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" 27 ;; 28*linux*) 29 LIBS="$LIBS -lresolv" 30 INSTALL_OPTS="-o bin -g bin" 31 INCLUDE_GLIBC="include-glibc" 32 RPM="rpm" 33 AC_SUBST(INSTALL_OPTS) 34 AC_SUBST(INCLUDE_GLIBC) 35 AC_SUBST(RPM) 36 ;; 37*darwin*) 38 LIBS="$LIBS -lresolv" 39 ;; 40esac 41 42# Look up some IPsec-related headers 43AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) 44AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) 45AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) 46AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no]) 47 48# FreeBSD >=7 has only <netipsec/ipsec.h> 49# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h> 50# XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>, 51# we can't decide which one to use (actually <netinet6/ipsec.h>) 52 53 54if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then 55 have_netinet_ipsec=yes 56 AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h]) 57else 58 if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then 59 have_netinet_ipsec=yes 60 AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h]) 61 else 62 # have_netinet_ipsec will be checked a few lines below 63 AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h]) 64 fi 65fi 66 67case "$host_os" in 68 *linux*) 69 AC_ARG_WITH(kernel-headers, 70 AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include], 71 [where your Linux Kernel headers are installed]), 72 [ KERNEL_INCLUDE="$with_kernel_headers" 73 CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" 74 AC_SUBST(CONFIGURE_AMFLAGS) ], 75 [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) 76 77 AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , 78 [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, 79 KERNEL_INCLUDE=/usr/src/linux/include , 80 [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) 81 AC_SUBST(KERNEL_INCLUDE) 82 # We need the configure script to run with correct kernel headers. 83 # However we don't want to point to kernel source tree in compile time, 84 # i.e. this will be removed from CPPFLAGS at the end of configure. 85 CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" 86 87 AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 88 [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], 89 [Are PF_KEY policy priorities supported?])], [], 90 [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) 91 92 GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' 93 GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" 94 CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" 95 CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS" 96 AC_SUBST(GLIBC_BUGS) 97 ;; 98 *) 99 if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then 100 if test "$have_net_pfkey" = yes; then 101 AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) 102 else 103 AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) 104 fi 105 fi 106 ;; 107esac 108 109### Some basic toolchain checks 110 111# Checks for header files. 112AC_HEADER_STDC 113AC_HEADER_SYS_WAIT 114AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) 115AC_CHECK_HEADERS(shadow.h) 116 117# Checks for typedefs, structures, and compiler characteristics. 118AC_C_CONST 119AC_TYPE_PID_T 120AC_TYPE_SIZE_T 121AC_HEADER_TIME 122AC_STRUCT_TM 123 124# Checks for library functions. 125AC_FUNC_MEMCMP 126AC_TYPE_SIGNAL 127AC_FUNC_VPRINTF 128AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat) 129AC_REPLACE_FUNCS(strdup) 130RACOON_CHECK_VA_COPY 131 132# Check if printf accepts "%z" type modifier for size_t argument 133AC_MSG_CHECKING(if printf accepts %z) 134saved_CFLAGS=$CFLAGS 135CFLAGS="$CFLAGS -Wall -Werror" 136AC_TRY_COMPILE([ 137#include <stdio.h> 138], [ 139printf("%zu\n", (size_t)-1); 140], 141 [AC_MSG_RESULT(yes)], 142 [AC_MSG_RESULT(no); 143 CFLAGS_ADD="$CFLAGS_ADD -Wno-format"; 144 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.]) 145 ]) 146CFLAGS=$saved_CFLAGS 147 148# Can we use __func__ macro? 149AC_MSG_CHECKING(if __func__ is available) 150AC_TRY_COMPILE( 151[#include <stdio.h> 152], [char *x = __func__;], 153 [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) 154 AC_MSG_RESULT(yes)], 155 [AC_MSG_RESULT(no)]) 156 157# Check if readline support is requested 158AC_MSG_CHECKING(if readline support is requested) 159AC_ARG_WITH(readline, 160 [ --with-readline support readline input (yes by default)], 161 [with_readline="$withval"], [with_readline="yes"]) 162AC_MSG_RESULT($with_readline) 163 164# Is readline available? 165if test $with_readline != "no"; then 166 AC_CHECK_HEADER([readline/readline.h], 167 [AC_CHECK_LIB(readline, readline, [ 168 AC_DEFINE(HAVE_READLINE, [], 169 [Is readline available?]) 170 LIBS="$LIBS -lreadline" 171 ], [])], []) 172fi 173 174 175AC_MSG_CHECKING(if --with-flex option is specified) 176AC_ARG_WITH(flexdir, 177 [AC_HELP_STRING([--with-flex], [use directiory (default: no)])], 178 [flexdir="$withval"]) 179AC_MSG_RESULT(${flexdir-dirdefault}) 180 181if test "x$flexdir" != "x"; then 182 LIBS="$LIBS $flexdir/libfl.a" 183fi 184 185AC_MSG_CHECKING(if --with-flexlib option is specified) 186AC_ARG_WITH(flexlib, 187 [ --with-flexlib=<LIB> specify flex library.], 188 [flexlib="$withval"]) 189AC_MSG_RESULT(${flexlib-default}) 190 191if test "x$flexlib" != "x"; then 192 LIBS="$LIBS $flexlib" 193fi 194 195# Check if a different OpenSSL directory was specified 196AC_MSG_CHECKING(if --with-openssl option is specified) 197AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], 198 [crypto_dir=$withval]) 199AC_MSG_RESULT(${crypto_dir-default}) 200 201if test "x$crypto_dir" != "x"; then 202 LIBS="$LIBS -L${crypto_dir}/lib" 203 CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS" 204fi 205AC_MSG_CHECKING(openssl version) 206 207AC_TRY_COMPILE( 208[#include <openssl/opensslv.h> 209], 210[#if OPENSSL_VERSION_NUMBER < 0x0090602fL 211#error OpenSSL version is too old ... 212#endif], 213[AC_MSG_RESULT([ok])], 214[AC_MSG_RESULT(too old) 215AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.]) 216]) 217 218AC_CHECK_HEADERS(openssl/engine.h) 219 220# checking rijndael 221AC_CHECK_HEADERS([openssl/aes.h], [], 222 [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) 223 224# checking sha2 225AC_MSG_CHECKING(sha2 support) 226AC_DEFINE([WITH_SHA2], [], [SHA2 support]) 227AC_MSG_RESULT(yes) 228AC_CHECK_HEADER(openssl/sha2.h, [], [ 229 AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h) 230 AC_TRY_COMPILE([ 231 #ifdef HAVE_SYS_TYPES_H 232 #include <sys/types.h> 233 #endif 234 #include <openssl/sha.h> 235 ], [ 236 SHA256_CTX ctx; 237 ], [ 238 AC_MSG_RESULT(yes) 239 AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h]) 240 ], [AC_MSG_RESULT(no) 241 AC_LIBOBJ([sha2]) 242 CRYPTOBJS="$CRYPTOBJS sha2.o" 243 ]) 244 245 CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing" 246]) 247AC_SUBST(CRYPTOBJS) 248 249# checking camellia 250AC_CHECK_HEADERS([openssl/camellia.h]) 251 252 253# Option --enable-adminport 254AC_MSG_CHECKING(if --enable-adminport option is specified) 255AC_ARG_ENABLE(adminport, 256 [ --enable-adminport enable admin port], 257 [], [enable_adminport=no]) 258if test $enable_adminport = "yes"; then 259 AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) 260fi 261AC_MSG_RESULT($enable_adminport) 262 263# Option RC5 264AC_MSG_CHECKING(if --enable-rc5 option is specified) 265AC_ARG_ENABLE(rc5, 266 [ --enable-rc5 enable RC5 encryption (patented)], 267 [], [enable_rc5=no]) 268AC_MSG_RESULT($enable_rc5) 269 270if test $enable_rc5 = "yes"; then 271 AC_CHECK_HEADERS([openssl/rc5.h]) 272 AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt], 273 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"]) 274fi 275 276# Option IDEA 277AC_MSG_CHECKING(if --enable-idea option is specified) 278AC_ARG_ENABLE(idea, 279 [ --enable-idea enable IDEA encryption (patented)], 280 [], [enable_idea=no]) 281AC_MSG_RESULT($enable_idea) 282 283if test $enable_idea = "yes"; then 284 AC_CHECK_HEADERS([openssl/idea.h]) 285 AC_CHECK_LIB([crypto_idea], [idea_encrypt], 286 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"]) 287fi 288AC_SUBST(EXTRA_CRYPTO) 289 290# For dynamic libradius 291RACOON_PATH_LIBS([MD5_Init], [crypto]) 292 293# Check if we need -lutil for login(3) 294RACOON_PATH_LIBS([login], [util]) 295 296# Specify libiconv prefix 297AC_MSG_CHECKING(if --with-libiconv option is specified) 298AC_ARG_WITH(libiconv, 299 [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)], 300 [libiconv_dir=$withval], 301 [libiconv_dir=no]) 302AC_MSG_RESULT($libiconv_dir) 303if test "$libiconv_dir" != "no"; then 304 if test "$libiconv_dir" = "yes" ; then 305 libiconv_dir=""; 306 fi; 307 if test "x$libiconv_dir" = "x"; then 308 RACOON_PATH_LIBS([iconv_open], [iconv]) 309 else 310 if test -d "$libiconv_dir/lib" -a \ 311 -d "$libiconv_dir/include" ; then 312 RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"]) 313 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include" 314 else 315 AC_MSG_ERROR([ICONV libs or includes not found. Aborting.]) 316 fi 317 fi 318 LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv" 319 AC_CHECK_FUNCS(iconv_open) 320fi 321 322AC_MSG_CHECKING([if --enable-hybrid option is specified]) 323AC_ARG_ENABLE(hybrid, 324 [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], 325 [], [enable_hybrid=no]) 326AC_MSG_RESULT($enable_hybrid) 327 328if test "x$enable_hybrid" = "xyes"; then 329 case $host in 330 *darwin*) 331 ;; 332 *) 333 LIBS="$LIBS -lcrypt"; 334 ;; 335 esac 336 HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" 337 AC_SUBST(HYBRID_OBJS) 338 AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) 339fi 340 341AC_MSG_CHECKING([if --enable-frag option is specified]) 342AC_ARG_ENABLE(frag, 343 [ --enable-frag enable IKE fragmentation payload support], 344 [], [enable_frag=no]) 345AC_MSG_RESULT($enable_frag) 346 347if test "x$enable_frag" = "xyes"; then 348 case $host in 349 *darwin*) 350 ;; 351 *) 352 LIBS="$LIBS -lcrypt"; 353 ;; 354 esac 355 FRAG_OBJS="isakmp_frag.o" 356 AC_SUBST(FRAG_OBJS) 357 AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) 358fi 359 360AC_MSG_CHECKING(if --with-libradius option is specified) 361AC_ARG_WITH(libradius, 362 [ --with-libradius=DIR specify libradius path (like/usr/pkg)], 363 [libradius_dir=$withval], 364 [libradius_dir=no]) 365AC_MSG_RESULT($libradius_dir) 366if test "$libradius_dir" != "no"; then 367 if test "$libradius_dir" = "yes" ; then 368 libradius_dir=""; 369 fi; 370 if test "x$libradius_dir" = "x"; then 371 RACOON_PATH_LIBS([rad_create_request], [radius]) 372 else 373 if test -d "$libradius_dir/lib" -a \ 374 -d "$libradius_dir/include" ; then 375 RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) 376 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" 377 else 378 AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) 379 fi 380 fi 381 AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) 382 LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" 383 AC_CHECK_FUNCS(rad_create_request) 384fi 385 386AC_MSG_CHECKING(if --with-libpam option is specified) 387AC_ARG_WITH(libpam, 388 [ --with-libpam=DIR specify libpam path (like/usr/pkg)], 389 [libpam_dir=$withval], 390 [libpam_dir=no]) 391AC_MSG_RESULT($libpam_dir) 392if test "$libpam_dir" != "no"; then 393 if test "$libpam_dir" = "yes" ; then 394 libpam_dir=""; 395 fi; 396 if test "x$libpam_dir" = "x"; then 397 RACOON_PATH_LIBS([pam_start], [pam]) 398 else 399 if test -d "$libpam_dir/lib" -a \ 400 -d "$libpam_dir/include" ; then 401 RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"]) 402 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include" 403 else 404 AC_MSG_ERROR([PAM libs or includes not found. Aborting.]) 405 fi 406 fi 407 AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM]) 408 LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam" 409 AC_CHECK_FUNCS(pam_start) 410fi 411 412AC_MSG_CHECKING(if --with-libldap option is specified) 413AC_ARG_WITH(libldap, 414 [ --with-libldap=DIR specify libldap path (like/usr/pkg)], 415 [libldap_dir=$withval], 416 [libldap_dir=no]) 417AC_MSG_RESULT($libldap_dir) 418if test "$libldap_dir" != "no"; then 419 if test "$libldap_dir" = "yes" ; then 420 libldap_dir=""; 421 fi; 422 if test "x$libldap_dir" = "x"; then 423 RACOON_PATH_LIBS([ldap_init], [ldap]) 424 else 425 if test -d "$libldap_dir/lib" -a \ 426 -d "$libldap_dir/include" ; then 427 RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"]) 428 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include" 429 else 430 AC_MSG_ERROR([LDAP libs or includes not found. Aborting.]) 431 fi 432 fi 433 AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP]) 434 LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap" 435 436 saved_CFLAGS=$CFLAGS 437 CFLAGS="$CFLAGS -Wall -Werror" 438 saved_CPPFLAGS=$CPPFLAGS 439 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 440 AC_TRY_COMPILE( 441 [#include <ldap.h>], 442 [ 443 #if LDAP_API_VERSION < 2004 444 #error OpenLDAP version is too old ... 445 #endif 446 ], 447 [AC_MSG_RESULT([ok])], 448 [ 449 AC_MSG_RESULT(too old) 450 AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.]) 451 ]) 452 CFLAGS=$saved_CFLAGS 453 CPPFLAGS=$saved_CPPFLAGS 454fi 455 456# Check for Kerberos5 support 457# XXX This must come after all --with-* tests, else the 458# -liconv checks will not work 459AC_MSG_CHECKING(if --enable-gssapi option is specified) 460AC_ARG_ENABLE(gssapi, 461 [ --enable-gssapi enable GSS-API authentication], 462 [], [enable_gssapi=no]) 463AC_MSG_RESULT($enable_gssapi) 464AC_PATH_PROG(KRB5_CONFIG,krb5-config,no) 465if test "x$enable_gssapi" = "xyes"; then 466 if test "$KRB5_CONFIG" != "no"; then 467 krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" 468 krb5_libs="`$KRB5_CONFIG --libs gssapi`" 469 else 470 # No krb5-config; let's make some assumptions based on 471 # the OS. 472 case $host_os in 473 netbsd*) 474 krb5_incdir="-I/usr/include/krb5" 475 krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1" 476 ;; 477 *) 478 AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) 479 ;; 480 esac 481 fi 482 LIBS="$LIBS $krb5_libs" 483 CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" 484 AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) 485 486 # Check if iconv 2nd argument needs const 487 saved_CFLAGS=$CFLAGS 488 CFLAGS="$CFLAGS -Wall -Werror" 489 saved_CPPFLAGS=$CPPFLAGS 490 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 491 AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])]) 492 AC_MSG_CHECKING([if iconv second argument needs const]) 493 AC_TRY_COMPILE([ 494 #include <iconv.h> 495 #include <stdio.h> 496 ], [ 497 iconv_t cd = NULL; 498 const char **src = NULL; 499 size_t *srcleft = NULL; 500 char **dst = NULL; 501 size_t *dstleft = NULL; 502 503 (void)iconv(cd, src, srcleft, dst, dstleft); 504 ], [AC_MSG_RESULT(yes) 505 AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const]) 506 ], [AC_MSG_RESULT(no)]) 507 CFLAGS=$saved_CFLAGS 508 CPPFLAGS=$saved_CPPFLAGS 509 510 # libiconv is often integrated into libc. If a with-* option 511 # caused a non libc-based iconv.h to be catched instead of 512 # the libc-based iconv.h, then we need to link with -liconv 513 AC_MSG_CHECKING(if -liconv is required) 514 saved_CPPFLAGS=$CPPFLAGS 515 saved_LIBS=$LIBS 516 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 517 AC_TRY_LINK([ 518 #include <iconv.h> 519 ], [ 520 (void)iconv_open("ascii", "ascii"); 521 ], 522 [AC_MSG_RESULT(no)], 523 [ 524 LIBS="$LIBS -liconv" 525 AC_TRY_LINK([ 526 #include <iconv.h> 527 ], [ 528 (void)iconv_open("ascii", "ascii"); 529 ], 530 [ 531 AC_MSG_RESULT(yes) 532 saved_LIBS=$LIBS 533 ], [ 534 AC_MSG_ERROR([cannot use iconv]) 535 ]) 536 ]) 537 CPPFLAGS=$saved_CPPFLAGS 538 LIBS=$saved_LIBS 539fi 540 541AC_MSG_CHECKING(if --enable-stats option is specified) 542AC_ARG_ENABLE(stats, 543 [ --enable-stats enable statistics logging function], 544 [], [enable_stats=no]) 545if test "x$enable_stats" = "xyes"; then 546 AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) 547fi 548AC_MSG_RESULT($enable_stats) 549 550AC_MSG_CHECKING(if --enable-dpd option is specified) 551AC_ARG_ENABLE(dpd, 552 [ --enable-dpd enable dead peer detection], 553 [], [enable_dpd=no]) 554if test "x$enable_dpd" = "xyes"; then 555 AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) 556fi 557AC_MSG_RESULT($enable_dpd) 558 559AC_MSG_CHECKING(if --enable-samode-unspec option is specified) 560AC_ARG_ENABLE(samode-unspec, 561 [ --enable-samode-unspec enable to use unspecified a mode of SA], 562 [], [enable_samode_unspec=no]) 563if test "x$enable_samode_unspec" = "xyes"; then 564 case $host_os in 565 *linux*) 566 cat << EOC 567 568ERROR: --enable-samode-unspec is not supported under linux 569because linux kernel do not support it. This option is disabled 570to prevent mysterious problems. 571 572If you REALLY know what your are doing, remove this check. 573EOC 574 exit 1; 575 ;; 576 esac 577 AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) 578fi 579AC_MSG_RESULT($enable_samode_unspec) 580 581# Checks if IPv6 is requested 582AC_MSG_CHECKING([whether to enable ipv6]) 583AC_ARG_ENABLE(ipv6, 584[ --disable-ipv6 disable ipv6 support], 585[ case "$enableval" in 586 no) 587 AC_MSG_RESULT(no) 588 ipv6=no 589 ;; 590 *) AC_MSG_RESULT(yes) 591 ipv6=yes 592 ;; 593 esac ], 594 595 AC_TRY_RUN([ /* AF_INET6 avalable check */ 596#include <sys/types.h> 597#include <sys/socket.h> 598main() 599{ 600 exit(0); 601 if (socket(AF_INET6, SOCK_STREAM, 0) < 0) 602 exit(1); 603 else 604 exit(0); 605} 606], 607 AC_MSG_RESULT(yes) 608 AC_DEFINE([INET6], [], [Support IPv6]) 609 ipv6=yes, 610 AC_MSG_RESULT(no) 611 ipv6=no, 612 AC_MSG_RESULT(no) 613 ipv6=no 614)) 615 616if test "$ipv6" = "yes"; then 617 AC_DEFINE([INET6], [], [Support IPv6]) 618 AC_MSG_CHECKING(for advanced API support) 619 AC_TRY_COMPILE([#ifndef INET6 620#define INET6 621#endif 622#include <sys/types.h> 623#include <netinet/in.h>], 624 [struct in6_pktinfo a;], 625 [AC_MSG_RESULT(yes) 626 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], 627 [AC_MSG_RESULT(no)]) 628fi 629 630RACOON_CHECK_BUGGY_GETADDRINFO 631if test "$buggygetaddrinfo" = "yes"; then 632 AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) 633fi 634 635# Check if kernel support is available for NAT-T, defaults to no. 636kernel_natt="no" 637 638AC_MSG_CHECKING(kernel NAT-Traversal support) 639case $host_os in 640linux*) 641# Linux kernel NAT-T check 642AC_EGREP_CPP(yes, 643[#include <linux/pfkeyv2.h> 644#ifdef SADB_X_EXT_NAT_T_TYPE 645yes 646#endif 647], [kernel_natt="yes"]) 648 ;; 649freebsd*|netbsd*) 650# NetBSD case 651# Same check for FreeBSD 652AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, 653 [kernel_natt="yes"],, [ 654#define _KERNEL 655#include <sys/types.h> 656#include <net/pfkeyv2.h> 657]) 658 ;; 659esac 660AC_MSG_RESULT($kernel_natt) 661 662AC_MSG_CHECKING(whether to support NAT-T) 663AC_ARG_ENABLE(natt, 664 [ --enable-natt enable NAT-Traversal (yes/no/kernel)], 665 [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ], 666 [ enable_natt=no ]) 667AC_MSG_RESULT($enable_natt) 668 669if test "$enable_natt" = "yes"; then 670 if test "$kernel_natt" = "no" ; then 671 AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) 672 else 673 AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) 674 NATT_OBJS="nattraversal.o" 675 AC_SUBST(NATT_OBJS) 676 fi 677fi 678 679# Set up defines for supported NAT-T versions. 680natt_versions_default="00,02,rfc" 681AC_MSG_CHECKING(which NAT-T versions to support) 682AC_ARG_ENABLE(natt_versions, 683 [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], 684 [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], 685 [ enable_natt_versions=$natt_versions_default ]) 686if test "$enable_natt" = "yes"; then 687 AC_MSG_RESULT($enable_natt_versions) 688 for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do 689 case $i in 690 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; 691 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; 692 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; 693 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; 694 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; 695 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; 696 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; 697 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; 698 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; 699 RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; 700 *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; 701 esac 702 done 703 unset i 704else 705 AC_MSG_RESULT([none]) 706fi 707 708AC_MSG_CHECKING(if --enable-broken-natt option is specified) 709AC_ARG_ENABLE(broken-natt, 710 [ --enable-broken-natt broken in-kernel NAT-T], 711 [], [enable_broken_natt=no]) 712if test "x$enable_broken_natt" = "xyes"; then 713 AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken]) 714fi 715AC_MSG_RESULT($enable_broken_natt) 716 717AC_MSG_CHECKING(whether we support FWD policy) 718case $host in 719 *linux*) 720 AC_TRY_COMPILE([ 721 #include <inttypes.h> 722 #include <linux/ipsec.h> 723 ], [ 724 int fwd = IPSEC_DIR_FWD; 725 ], 726 [AC_MSG_RESULT(yes) 727 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], 728 [AC_MSG_RESULT(no)]) 729 ;; 730 *) 731 AC_MSG_RESULT(no) 732 ;; 733esac 734 735AC_CHECK_TYPE([ipsec_policy_t], 736 [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])], 737 [], 738 [ 739 #include <sys/types.h> 740 #include <netinet6/ipsec.h> 741 ]) 742 743# Check if kernel support is available for Security Context, defaults to no. 744kernel_secctx="no" 745 746AC_MSG_CHECKING(kernel Security Context support) 747case $host_os in 748linux*) 749# Linux kernel Security Context check 750AC_EGREP_CPP(yes, 751[#include <linux/pfkeyv2.h> 752#ifdef SADB_X_EXT_SEC_CTX 753yes 754#endif 755], [kernel_secctx="yes"]) 756 ;; 757esac 758AC_MSG_RESULT($kernel_secctx) 759 760AC_CHECK_HEADER(selinux/selinux.h, 761 [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes], 762 [selinux_support=no])], [selinux_support=no]) 763 764AC_MSG_CHECKING(whether to support Security Context) 765AC_ARG_ENABLE(security-context, 766 [ --enable-security-context enable Security Context(yes/no/kernel)], 767 [if test "$enable_security_context" = "kernel"; then 768 enable_security_context=$kernel_secctx; fi], 769 [enable_security_context=$kernel_secctx]) 770AC_MSG_RESULT($enable_security_context) 771 772if test "$enable_security_context" = "yes"; then 773 if test "$kernel_secctx" = "no" ; then 774 AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.]) 775 else 776 if test "$selinux_support" = "no"; then 777 AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.]) 778 else 779 AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context]) 780 SECCTX_OBJS="security.o" 781 AC_SUBST(SECCTX_OBJS) 782 LIBS="$LIBS -lselinux" 783 fi 784 fi 785fi 786 787RACOON_PATH_LIBS([clock_gettime], [rt]) 788 789AC_MSG_CHECKING(for monotonic system clock) 790AC_TRY_COMPILE( 791 [#include <time.h>], 792 [clock_gettime(CLOCK_MONOTONIC, NULL);], 793 [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock]) 794 AC_MSG_RESULT(yes)], 795 [AC_MSG_RESULT(no)]) 796 797CFLAGS="$CFLAGS $CFLAGS_ADD" 798CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 799 800case $host in 801 *linux*) 802 # Remove KERNEL_INCLUDE from CPPFLAGS. It will 803 # be symlinked to src/include-glibc/linux in 804 # compile time. 805 CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` 806 ;; 807esac 808 809include_racoondir=${includedir}/racoon 810AC_SUBST(include_racoondir) 811 812AC_CONFIG_FILES([ 813 Makefile 814 package_version.h 815 src/Makefile 816 src/include-glibc/Makefile 817 src/libipsec/Makefile 818 src/setkey/Makefile 819 src/racoon/Makefile 820 src/racoon/samples/psk.txt 821 src/racoon/samples/racoon.conf 822 rpm/Makefile 823 rpm/suse/Makefile 824 rpm/suse/ipsec-tools.spec 825 ]) 826AC_OUTPUT 827