1dnl -*- mode: m4 -*- 2dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp 3 4AC_PREREQ(2.52) 5AC_INIT(ipsec-tools, CVS) 6AC_CONFIG_SRCDIR([configure.ac]) 7AC_CONFIG_HEADERS(config.h) 8 9AM_INIT_AUTOMAKE(dist-bzip2) 10 11AC_ENABLE_SHARED(no) 12 13AC_PROG_CC 14AC_HEADER_STDC 15AC_PROG_LIBTOOL 16AC_PROG_YACC 17AM_PROG_LEX 18AC_SUBST(LEXLIB) 19AC_PROG_EGREP 20 21CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" 22 23case $host in 24*netbsd*) 25 LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" 26 ;; 27*linux*) 28 LIBS="$LIBS -lresolv" 29 INSTALL_OPTS="-o bin -g bin" 30 INCLUDE_GLIBC="include-glibc" 31 RPM="rpm" 32 AC_SUBST(INSTALL_OPTS) 33 AC_SUBST(INCLUDE_GLIBC) 34 AC_SUBST(RPM) 35 ;; 36*darwin*) 37 LIBS="$LIBS -lresolv" 38 ;; 39esac 40 41# Look up some IPsec-related headers 42AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) 43AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) 44AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) 45AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no]) 46 47# FreeBSD >=7 has only <netipsec/ipsec.h> 48# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h> 49# XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>, 50# we can't decide which one to use (actually <netinet6/ipsec.h>) 51 52 53if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then 54 have_netinet_ipsec=yes 55 AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h]) 56else 57 if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then 58 have_netinet_ipsec=yes 59 AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h]) 60 else 61 # have_netinet_ipsec will be checked a few lines below 62 AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h]) 63 fi 64fi 65 66case "$host_os" in 67 *linux*) 68 AC_ARG_WITH(kernel-headers, 69 AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include], 70 [where your Linux Kernel headers are installed]), 71 [ KERNEL_INCLUDE="$with_kernel_headers" 72 CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" 73 AC_SUBST(CONFIGURE_AMFLAGS) ], 74 [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) 75 76 AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , 77 [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, 78 KERNEL_INCLUDE=/usr/src/linux/include , 79 [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) 80 AC_SUBST(KERNEL_INCLUDE) 81 # We need the configure script to run with correct kernel headers. 82 # However we don't want to point to kernel source tree in compile time, 83 # i.e. this will be removed from CPPFLAGS at the end of configure. 84 CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" 85 86 AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 87 [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], 88 [Are PF_KEY policy priorities supported?])], [], 89 [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) 90 91 GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' 92 GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" 93 CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" 94 CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS" 95 AC_SUBST(GLIBC_BUGS) 96 ;; 97 *) 98 if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then 99 if test "$have_net_pfkey" = yes; then 100 AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) 101 else 102 AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) 103 fi 104 fi 105 ;; 106esac 107 108AH_TEMPLATE(ENABLE_WILDCARD_MATCH, [Enable wildcard matching in pre-shared-key file]) 109AC_ARG_ENABLE([wildcard-match], 110[--enable-wildcard-match Enable wildcard matching in pre-shared-key file], 111[case "${enableval}" in 112(yes) AC_DEFINE(ENABLE_WILDCARD_MATCH);; 113(no) ;; 114(*) AC_MSG_ERROR(bad value ${enableval} for --enable-wildcard-match);; 115esac],[]) 116### Some basic toolchain checks 117 118# Checks for header files. 119AC_HEADER_STDC 120AC_HEADER_SYS_WAIT 121AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) 122AC_CHECK_HEADERS(shadow.h strings.h) 123 124# Checks for typedefs, structures, and compiler characteristics. 125AC_C_CONST 126AC_TYPE_PID_T 127AC_TYPE_SIZE_T 128AC_HEADER_TIME 129AC_STRUCT_TM 130 131# Checks for library functions. 132AC_FUNC_MEMCMP 133AC_TYPE_SIGNAL 134AC_FUNC_VPRINTF 135AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat) 136AC_REPLACE_FUNCS(strdup) 137RACOON_CHECK_VA_COPY 138 139# Check if printf accepts "%z" type modifier for size_t argument 140AC_MSG_CHECKING(if printf accepts %z) 141saved_CFLAGS=$CFLAGS 142CFLAGS="$CFLAGS -Wall -Werror" 143AC_TRY_COMPILE([ 144#include <stdio.h> 145], [ 146printf("%zu\n", (size_t)-1); 147], 148 [AC_MSG_RESULT(yes)], 149 [AC_MSG_RESULT(no); 150 CFLAGS_ADD="$CFLAGS_ADD -Wno-format"; 151 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.]) 152 ]) 153CFLAGS=$saved_CFLAGS 154 155# Can we use __func__ macro? 156AC_MSG_CHECKING(if __func__ is available) 157AC_TRY_COMPILE( 158[#include <stdio.h> 159], [char *x = __func__;], 160 [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) 161 AC_MSG_RESULT(yes)], 162 [AC_MSG_RESULT(no)]) 163 164# Check if readline support is requested 165AC_MSG_CHECKING(if readline support is requested) 166AC_ARG_WITH(readline, 167 [ --with-readline support readline input (yes by default)], 168 [with_readline="$withval"], [with_readline="yes"]) 169AC_MSG_RESULT($with_readline) 170 171# Is readline available? 172if test $with_readline != "no"; then 173 AC_CHECK_HEADER([readline/readline.h], 174 [AC_CHECK_LIB(readline, readline, [ 175 AC_DEFINE(HAVE_READLINE, [], 176 [Is readline available?]) 177 LIBS="$LIBS -lreadline" 178 ], [])], []) 179fi 180 181 182AC_MSG_CHECKING(if --with-flex option is specified) 183AC_ARG_WITH(flexdir, 184 [AC_HELP_STRING([--with-flex], [use directiory (default: no)])], 185 [flexdir="$withval"]) 186AC_MSG_RESULT(${flexdir-dirdefault}) 187 188if test "x$flexdir" != "x"; then 189 LIBS="$LIBS $flexdir/libfl.a" 190fi 191 192AC_MSG_CHECKING(if --with-flexlib option is specified) 193AC_ARG_WITH(flexlib, 194 [ --with-flexlib=<LIB> specify flex library.], 195 [flexlib="$withval"]) 196AC_MSG_RESULT(${flexlib-default}) 197 198if test "x$flexlib" != "x"; then 199 LIBS="$LIBS $flexlib" 200fi 201 202# Check if a different OpenSSL directory was specified 203AC_MSG_CHECKING(if --with-openssl option is specified) 204AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], 205 [crypto_dir=$withval]) 206AC_MSG_RESULT(${crypto_dir-default}) 207 208if test "x$crypto_dir" != "x"; then 209 LIBS="$LIBS -L${crypto_dir}/lib" 210 CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS" 211fi 212AC_MSG_CHECKING(openssl version) 213 214AC_TRY_COMPILE( 215[#include <openssl/opensslv.h> 216], 217[#if OPENSSL_VERSION_NUMBER < 0x0090813fL 218#error OpenSSL version is too old ... 219#endif], 220[AC_MSG_RESULT([ok])], 221[AC_MSG_RESULT(too old) 222AC_MSG_ERROR([OpenSSL version must be 0.9.8s or higher. Aborting.]) 223]) 224 225AC_CHECK_HEADERS(openssl/engine.h) 226 227# checking rijndael 228AC_CHECK_HEADERS([openssl/aes.h], [], 229 [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) 230 231# checking sha2 232AC_MSG_CHECKING(sha2 support) 233AC_DEFINE([WITH_SHA2], [], [SHA2 support]) 234AC_MSG_RESULT(yes) 235AC_CHECK_HEADER(openssl/sha2.h, [], [ 236 AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h) 237 AC_TRY_COMPILE([ 238 #ifdef HAVE_SYS_TYPES_H 239 #include <sys/types.h> 240 #endif 241 #include <openssl/sha.h> 242 ], [ 243 SHA256_CTX ctx; 244 ], [ 245 AC_MSG_RESULT(yes) 246 AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h]) 247 ], [AC_MSG_RESULT(no) 248 AC_LIBOBJ([sha2]) 249 CRYPTOBJS="$CRYPTOBJS sha2.o" 250 ]) 251 252 CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing" 253]) 254AC_SUBST(CRYPTOBJS) 255 256# checking camellia 257AC_CHECK_HEADERS([openssl/camellia.h]) 258 259 260# Option --enable-adminport 261AC_MSG_CHECKING(if --enable-adminport option is specified) 262AC_ARG_ENABLE(adminport, 263 [ --enable-adminport enable admin port], 264 [], [enable_adminport=no]) 265if test $enable_adminport = "yes"; then 266 AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) 267fi 268AC_MSG_RESULT($enable_adminport) 269 270# Option RC5 271AC_MSG_CHECKING(if --enable-rc5 option is specified) 272AC_ARG_ENABLE(rc5, 273 [ --enable-rc5 enable RC5 encryption (patented)], 274 [], [enable_rc5=no]) 275AC_MSG_RESULT($enable_rc5) 276 277if test $enable_rc5 = "yes"; then 278 AC_CHECK_HEADERS([openssl/rc5.h]) 279 AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt], 280 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"]) 281fi 282 283# Option IDEA 284AC_MSG_CHECKING(if --enable-idea option is specified) 285AC_ARG_ENABLE(idea, 286 [ --enable-idea enable IDEA encryption (patented)], 287 [], [enable_idea=no]) 288AC_MSG_RESULT($enable_idea) 289 290if test $enable_idea = "yes"; then 291 AC_CHECK_HEADERS([openssl/idea.h]) 292 AC_CHECK_LIB([crypto_idea], [idea_encrypt], 293 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"]) 294fi 295AC_SUBST(EXTRA_CRYPTO) 296 297# For dynamic libradius 298RACOON_PATH_LIBS([MD5_Init], [crypto]) 299 300# Check if we need -lutil for login(3) 301RACOON_PATH_LIBS([login], [util]) 302 303# Specify libiconv prefix 304AC_MSG_CHECKING(if --with-libiconv option is specified) 305AC_ARG_WITH(libiconv, 306 [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)], 307 [libiconv_dir=$withval], 308 [libiconv_dir=no]) 309AC_MSG_RESULT($libiconv_dir) 310if test "$libiconv_dir" != "no"; then 311 if test "$libiconv_dir" = "yes" ; then 312 libiconv_dir=""; 313 fi; 314 if test "x$libiconv_dir" = "x"; then 315 RACOON_PATH_LIBS([iconv_open], [iconv]) 316 else 317 if test -d "$libiconv_dir/lib" -a \ 318 -d "$libiconv_dir/include" ; then 319 RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"]) 320 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include" 321 else 322 AC_MSG_ERROR([ICONV libs or includes not found. Aborting.]) 323 fi 324 fi 325 LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv" 326 AC_CHECK_FUNCS(iconv_open) 327fi 328 329AC_MSG_CHECKING([if --enable-hybrid option is specified]) 330AC_ARG_ENABLE(hybrid, 331 [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], 332 [], [enable_hybrid=no]) 333AC_MSG_RESULT($enable_hybrid) 334 335if test "x$enable_hybrid" = "xyes"; then 336 case $host in 337 *darwin*) 338 ;; 339 *) 340 LIBS="$LIBS -lcrypt"; 341 ;; 342 esac 343 HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" 344 AC_SUBST(HYBRID_OBJS) 345 AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) 346fi 347 348AC_MSG_CHECKING([if --enable-frag option is specified]) 349AC_ARG_ENABLE(frag, 350 [ --enable-frag enable IKE fragmentation payload support], 351 [], [enable_frag=no]) 352AC_MSG_RESULT($enable_frag) 353 354if test "x$enable_frag" = "xyes"; then 355 case $host in 356 *darwin*) 357 ;; 358 *) 359 LIBS="$LIBS -lcrypt"; 360 ;; 361 esac 362 FRAG_OBJS="isakmp_frag.o" 363 AC_SUBST(FRAG_OBJS) 364 AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) 365fi 366 367AC_MSG_CHECKING(if --with-libradius option is specified) 368AC_ARG_WITH(libradius, 369 [ --with-libradius=DIR specify libradius path (like/usr/pkg)], 370 [libradius_dir=$withval], 371 [libradius_dir=no]) 372AC_MSG_RESULT($libradius_dir) 373if test "$libradius_dir" != "no"; then 374 if test "$libradius_dir" = "yes" ; then 375 libradius_dir=""; 376 fi; 377 if test "x$libradius_dir" = "x"; then 378 RACOON_PATH_LIBS([rad_create_request], [radius]) 379 else 380 if test -d "$libradius_dir/lib" -a \ 381 -d "$libradius_dir/include" ; then 382 RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) 383 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" 384 else 385 AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) 386 fi 387 fi 388 AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) 389 LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" 390 AC_CHECK_FUNCS(rad_create_request) 391fi 392 393AC_MSG_CHECKING(if --with-libpam option is specified) 394AC_ARG_WITH(libpam, 395 [ --with-libpam=DIR specify libpam path (like/usr/pkg)], 396 [libpam_dir=$withval], 397 [libpam_dir=no]) 398AC_MSG_RESULT($libpam_dir) 399if test "$libpam_dir" != "no"; then 400 if test "$libpam_dir" = "yes" ; then 401 libpam_dir=""; 402 fi; 403 if test "x$libpam_dir" = "x"; then 404 RACOON_PATH_LIBS([pam_start], [pam]) 405 else 406 if test -d "$libpam_dir/lib" -a \ 407 -d "$libpam_dir/include" ; then 408 RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"]) 409 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include" 410 else 411 AC_MSG_ERROR([PAM libs or includes not found. Aborting.]) 412 fi 413 fi 414 AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM]) 415 LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam" 416 AC_CHECK_FUNCS(pam_start) 417fi 418 419AC_MSG_CHECKING(if --with-libldap option is specified) 420AC_ARG_WITH(libldap, 421 [ --with-libldap=DIR specify libldap path (like/usr/pkg)], 422 [libldap_dir=$withval], 423 [libldap_dir=no]) 424AC_MSG_RESULT($libldap_dir) 425if test "$libldap_dir" != "no"; then 426 if test "$libldap_dir" = "yes" ; then 427 libldap_dir=""; 428 fi; 429 if test "x$libldap_dir" = "x"; then 430 RACOON_PATH_LIBS([ldap_init], [ldap]) 431 else 432 if test -d "$libldap_dir/lib" -a \ 433 -d "$libldap_dir/include" ; then 434 RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"]) 435 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include" 436 else 437 AC_MSG_ERROR([LDAP libs or includes not found. Aborting.]) 438 fi 439 fi 440 AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP]) 441 LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap" 442 443 saved_CFLAGS=$CFLAGS 444 CFLAGS="$CFLAGS -Wall -Werror" 445 saved_CPPFLAGS=$CPPFLAGS 446 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 447 AC_TRY_COMPILE( 448 [#include <ldap.h>], 449 [ 450 #if LDAP_API_VERSION < 2004 451 #error OpenLDAP version is too old ... 452 #endif 453 ], 454 [AC_MSG_RESULT([ok])], 455 [ 456 AC_MSG_RESULT(too old) 457 AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.]) 458 ]) 459 CFLAGS=$saved_CFLAGS 460 CPPFLAGS=$saved_CPPFLAGS 461fi 462 463# Check for Kerberos5 support 464# XXX This must come after all --with-* tests, else the 465# -liconv checks will not work 466AC_MSG_CHECKING(if --enable-gssapi option is specified) 467AC_ARG_ENABLE(gssapi, 468 [ --enable-gssapi enable GSS-API authentication], 469 [], [enable_gssapi=no]) 470AC_MSG_RESULT($enable_gssapi) 471AC_PATH_PROG(KRB5_CONFIG,krb5-config,no) 472if test "x$enable_gssapi" = "xyes"; then 473 if test "$KRB5_CONFIG" != "no"; then 474 krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" 475 krb5_libs="`$KRB5_CONFIG --libs gssapi`" 476 else 477 # No krb5-config; let's make some assumptions based on 478 # the OS. 479 case $host_os in 480 netbsd*) 481 krb5_incdir="-I/usr/include/krb5" 482 krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1" 483 ;; 484 *) 485 AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) 486 ;; 487 esac 488 fi 489 LIBS="$LIBS $krb5_libs" 490 CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" 491 AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) 492 493 # Check if iconv 2nd argument needs const 494 saved_CFLAGS=$CFLAGS 495 CFLAGS="$CFLAGS -Wall -Werror" 496 saved_CPPFLAGS=$CPPFLAGS 497 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 498 AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])]) 499 AC_MSG_CHECKING([if iconv second argument needs const]) 500 AC_TRY_COMPILE([ 501 #include <iconv.h> 502 #include <stdio.h> 503 ], [ 504 iconv_t cd = NULL; 505 const char **src = NULL; 506 size_t *srcleft = NULL; 507 char **dst = NULL; 508 size_t *dstleft = NULL; 509 510 (void)iconv(cd, src, srcleft, dst, dstleft); 511 ], [AC_MSG_RESULT(yes) 512 AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const]) 513 ], [AC_MSG_RESULT(no)]) 514 CFLAGS=$saved_CFLAGS 515 CPPFLAGS=$saved_CPPFLAGS 516 517 # libiconv is often integrated into libc. If a with-* option 518 # caused a non libc-based iconv.h to be catched instead of 519 # the libc-based iconv.h, then we need to link with -liconv 520 AC_MSG_CHECKING(if -liconv is required) 521 saved_CPPFLAGS=$CPPFLAGS 522 saved_LIBS=$LIBS 523 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 524 AC_TRY_LINK([ 525 #include <iconv.h> 526 ], [ 527 (void)iconv_open("ascii", "ascii"); 528 ], 529 [AC_MSG_RESULT(no)], 530 [ 531 LIBS="$LIBS -liconv" 532 AC_TRY_LINK([ 533 #include <iconv.h> 534 ], [ 535 (void)iconv_open("ascii", "ascii"); 536 ], 537 [ 538 AC_MSG_RESULT(yes) 539 saved_LIBS=$LIBS 540 ], [ 541 AC_MSG_ERROR([cannot use iconv]) 542 ]) 543 ]) 544 CPPFLAGS=$saved_CPPFLAGS 545 LIBS=$saved_LIBS 546fi 547 548AC_MSG_CHECKING(if --enable-stats option is specified) 549AC_ARG_ENABLE(stats, 550 [ --enable-stats enable statistics logging function], 551 [], [enable_stats=no]) 552if test "x$enable_stats" = "xyes"; then 553 AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) 554fi 555AC_MSG_RESULT($enable_stats) 556 557AC_MSG_CHECKING(if --enable-dpd option is specified) 558AC_ARG_ENABLE(dpd, 559 [ --enable-dpd enable dead peer detection], 560 [], [enable_dpd=no]) 561if test "x$enable_dpd" = "xyes"; then 562 AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) 563fi 564AC_MSG_RESULT($enable_dpd) 565 566AC_MSG_CHECKING(if --enable-samode-unspec option is specified) 567AC_ARG_ENABLE(samode-unspec, 568 [ --enable-samode-unspec enable to use unspecified a mode of SA], 569 [], [enable_samode_unspec=no]) 570if test "x$enable_samode_unspec" = "xyes"; then 571 case $host_os in 572 *linux*) 573 cat << EOC 574 575ERROR: --enable-samode-unspec is not supported under linux 576because linux kernel do not support it. This option is disabled 577to prevent mysterious problems. 578 579If you REALLY know what your are doing, remove this check. 580EOC 581 exit 1; 582 ;; 583 esac 584 AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) 585fi 586AC_MSG_RESULT($enable_samode_unspec) 587 588# Checks if IPv6 is requested 589AC_MSG_CHECKING([whether to enable ipv6]) 590AC_ARG_ENABLE(ipv6, 591[ --disable-ipv6 disable ipv6 support], 592[ case "$enableval" in 593 no) 594 AC_MSG_RESULT(no) 595 ipv6=no 596 ;; 597 *) AC_MSG_RESULT(yes) 598 ipv6=yes 599 ;; 600 esac ], 601 602 AC_TRY_RUN([ /* AF_INET6 avalable check */ 603#include <sys/types.h> 604#include <sys/socket.h> 605main() 606{ 607 exit(0); 608 if (socket(AF_INET6, SOCK_STREAM, 0) < 0) 609 exit(1); 610 else 611 exit(0); 612} 613], 614 AC_MSG_RESULT(yes) 615 AC_DEFINE([INET6], [], [Support IPv6]) 616 ipv6=yes, 617 AC_MSG_RESULT(no) 618 ipv6=no, 619 AC_MSG_RESULT(no) 620 ipv6=no 621)) 622 623if test "$ipv6" = "yes"; then 624 AC_DEFINE([INET6], [], [Support IPv6]) 625 AC_MSG_CHECKING(for advanced API support) 626 AC_TRY_COMPILE([#ifndef INET6 627#define INET6 628#endif 629#include <sys/types.h> 630#include <netinet/in.h>], 631 [struct in6_pktinfo a;], 632 [AC_MSG_RESULT(yes) 633 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], 634 [AC_MSG_RESULT(no)]) 635fi 636 637RACOON_CHECK_BUGGY_GETADDRINFO 638if test "$buggygetaddrinfo" = "yes"; then 639 AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) 640fi 641 642# Check if kernel support is available for NAT-T, defaults to no. 643kernel_natt="no" 644 645AC_MSG_CHECKING(kernel NAT-Traversal support) 646case $host_os in 647linux*) 648# Linux kernel NAT-T check 649AC_EGREP_CPP(yes, 650[#include <linux/pfkeyv2.h> 651#ifdef SADB_X_EXT_NAT_T_TYPE 652yes 653#endif 654], [kernel_natt="yes"]) 655 ;; 656freebsd*|netbsd*) 657# NetBSD case 658# Same check for FreeBSD 659AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, 660 [kernel_natt="yes"],, [ 661#define _KERNEL 662#include <sys/types.h> 663#include <net/pfkeyv2.h> 664]) 665 ;; 666esac 667AC_MSG_RESULT($kernel_natt) 668 669AC_MSG_CHECKING(whether to support NAT-T) 670AC_ARG_ENABLE(natt, 671 [ --enable-natt enable NAT-Traversal (yes/no/kernel)], 672 [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ], 673 [ enable_natt=no ]) 674AC_MSG_RESULT($enable_natt) 675 676if test "$enable_natt" = "yes"; then 677 if test "$kernel_natt" = "no" ; then 678 AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) 679 else 680 AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) 681 NATT_OBJS="nattraversal.o" 682 AC_SUBST(NATT_OBJS) 683 fi 684fi 685 686# Set up defines for supported NAT-T versions. 687natt_versions_default="00,02,rfc" 688AC_MSG_CHECKING(which NAT-T versions to support) 689AC_ARG_ENABLE(natt_versions, 690 [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], 691 [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], 692 [ enable_natt_versions=$natt_versions_default ]) 693if test "$enable_natt" = "yes"; then 694 AC_MSG_RESULT($enable_natt_versions) 695 for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do 696 case $i in 697 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; 698 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; 699 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; 700 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; 701 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; 702 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; 703 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; 704 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; 705 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; 706 RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; 707 *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; 708 esac 709 done 710 unset i 711else 712 AC_MSG_RESULT([none]) 713fi 714 715AC_MSG_CHECKING(if --enable-broken-natt option is specified) 716AC_ARG_ENABLE(broken-natt, 717 [ --enable-broken-natt broken in-kernel NAT-T], 718 [], [enable_broken_natt=no]) 719if test "x$enable_broken_natt" = "xyes"; then 720 AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken]) 721fi 722AC_MSG_RESULT($enable_broken_natt) 723 724AC_MSG_CHECKING(whether we support FWD policy) 725case $host in 726 *linux*) 727 AC_TRY_COMPILE([ 728 #include <inttypes.h> 729 #include <linux/ipsec.h> 730 ], [ 731 int fwd = IPSEC_DIR_FWD; 732 ], 733 [AC_MSG_RESULT(yes) 734 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], 735 [AC_MSG_RESULT(no)]) 736 ;; 737 *) 738 AC_MSG_RESULT(no) 739 ;; 740esac 741 742AC_CHECK_TYPE([ipsec_policy_t], 743 [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])], 744 [], 745 [ 746 #include <sys/types.h> 747 #include <netinet6/ipsec.h> 748 ]) 749 750# Check if kernel support is available for Security Context, defaults to no. 751kernel_secctx="no" 752 753AC_MSG_CHECKING(kernel Security Context support) 754case $host_os in 755linux*) 756# Linux kernel Security Context check 757AC_EGREP_CPP(yes, 758[#include <linux/pfkeyv2.h> 759#ifdef SADB_X_EXT_SEC_CTX 760yes 761#endif 762], [kernel_secctx="yes"]) 763 ;; 764esac 765AC_MSG_RESULT($kernel_secctx) 766 767AC_CHECK_HEADER(selinux/selinux.h, 768 [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes], 769 [selinux_support=no])], [selinux_support=no]) 770 771AC_MSG_CHECKING(whether to support Security Context) 772AC_ARG_ENABLE(security-context, 773 [ --enable-security-context enable Security Context(yes/no/kernel)], 774 [if test "$enable_security_context" = "kernel"; then 775 enable_security_context=$kernel_secctx; fi], 776 [enable_security_context=$kernel_secctx]) 777AC_MSG_RESULT($enable_security_context) 778 779if test "$enable_security_context" = "yes"; then 780 if test "$kernel_secctx" = "no" ; then 781 AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.]) 782 else 783 if test "$selinux_support" = "no"; then 784 AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.]) 785 else 786 AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context]) 787 SECCTX_OBJS="security.o" 788 AC_SUBST(SECCTX_OBJS) 789 LIBS="$LIBS -lselinux" 790 fi 791 fi 792fi 793 794RACOON_PATH_LIBS([clock_gettime], [rt]) 795 796AC_MSG_CHECKING(for monotonic system clock) 797AC_TRY_COMPILE( 798 [#include <time.h>], 799 [clock_gettime(CLOCK_MONOTONIC, NULL);], 800 [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock]) 801 AC_MSG_RESULT(yes)], 802 [AC_MSG_RESULT(no)]) 803 804CFLAGS="$CFLAGS $CFLAGS_ADD" 805CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 806 807case $host in 808 *linux*) 809 # Remove KERNEL_INCLUDE from CPPFLAGS. It will 810 # be symlinked to src/include-glibc/linux in 811 # compile time. 812 CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` 813 ;; 814esac 815 816include_racoondir=${includedir}/racoon 817AC_SUBST(include_racoondir) 818 819AC_CONFIG_FILES([ 820 Makefile 821 package_version.h 822 src/Makefile 823 src/include-glibc/Makefile 824 src/libipsec/Makefile 825 src/setkey/Makefile 826 src/racoon/Makefile 827 src/racoon/samples/psk.txt 828 src/racoon/samples/racoon.conf 829 rpm/Makefile 830 rpm/suse/Makefile 831 rpm/suse/ipsec-tools.spec 832 ]) 833AC_OUTPUT 834