Annotation of embedaddon/ipsec-tools/configure.ac, revision 1.1
1.1 ! misho 1: dnl -*- mode: m4 -*-
! 2: dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
! 3:
! 4: AC_PREREQ(2.52)
! 5: AC_INIT(ipsec-tools, 0.8.0)
! 6: AC_CONFIG_SRCDIR([configure.ac])
! 7: AM_CONFIG_HEADER(config.h)
! 8:
! 9: AM_INIT_AUTOMAKE(dist-bzip2)
! 10:
! 11: AC_ENABLE_SHARED(no)
! 12:
! 13: AC_PROG_CC
! 14: AM_PROG_CC_STDC
! 15: AC_HEADER_STDC
! 16: AC_PROG_LIBTOOL
! 17: AC_PROG_YACC
! 18: AM_PROG_LEX
! 19: AC_SUBST(LEXLIB)
! 20: AC_PROG_EGREP
! 21:
! 22: CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
! 23:
! 24: case $host in
! 25: *netbsd*)
! 26: LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
! 27: ;;
! 28: *linux*)
! 29: LIBS="$LIBS -lresolv"
! 30: INSTALL_OPTS="-o bin -g bin"
! 31: INCLUDE_GLIBC="include-glibc"
! 32: RPM="rpm"
! 33: AC_SUBST(INSTALL_OPTS)
! 34: AC_SUBST(INCLUDE_GLIBC)
! 35: AC_SUBST(RPM)
! 36: ;;
! 37: *darwin*)
! 38: LIBS="$LIBS -lresolv"
! 39: ;;
! 40: esac
! 41:
! 42: # Look up some IPsec-related headers
! 43: AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
! 44: AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
! 45: AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
! 46: AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no])
! 47:
! 48: # FreeBSD >=7 has only <netipsec/ipsec.h>
! 49: # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
! 50: # XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>,
! 51: # we can't decide which one to use (actually <netinet6/ipsec.h>)
! 52:
! 53:
! 54: if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then
! 55: have_netinet_ipsec=yes
! 56: AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h])
! 57: else
! 58: if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
! 59: have_netinet_ipsec=yes
! 60: AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h])
! 61: else
! 62: # have_netinet_ipsec will be checked a few lines below
! 63: AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h])
! 64: fi
! 65: fi
! 66:
! 67: case "$host_os" in
! 68: *linux*)
! 69: AC_ARG_WITH(kernel-headers,
! 70: AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
! 71: [where your Linux Kernel headers are installed]),
! 72: [ KERNEL_INCLUDE="$with_kernel_headers"
! 73: CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
! 74: AC_SUBST(CONFIGURE_AMFLAGS) ],
! 75: [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
! 76:
! 77: AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
! 78: [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
! 79: KERNEL_INCLUDE=/usr/src/linux/include ,
! 80: [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
! 81: AC_SUBST(KERNEL_INCLUDE)
! 82: # We need the configure script to run with correct kernel headers.
! 83: # However we don't want to point to kernel source tree in compile time,
! 84: # i.e. this will be removed from CPPFLAGS at the end of configure.
! 85: CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
! 86:
! 87: AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority,
! 88: [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
! 89: [Are PF_KEY policy priorities supported?])], [],
! 90: [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
! 91:
! 92: GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
! 93: GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
! 94: CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
! 95: CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
! 96: AC_SUBST(GLIBC_BUGS)
! 97: ;;
! 98: *)
! 99: if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
! 100: if test "$have_net_pfkey" = yes; then
! 101: AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
! 102: else
! 103: AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
! 104: fi
! 105: fi
! 106: ;;
! 107: esac
! 108:
! 109: ### Some basic toolchain checks
! 110:
! 111: # Checks for header files.
! 112: AC_HEADER_STDC
! 113: AC_HEADER_SYS_WAIT
! 114: AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
! 115: AC_CHECK_HEADERS(shadow.h)
! 116:
! 117: # Checks for typedefs, structures, and compiler characteristics.
! 118: AC_C_CONST
! 119: AC_TYPE_PID_T
! 120: AC_TYPE_SIZE_T
! 121: AC_HEADER_TIME
! 122: AC_STRUCT_TM
! 123:
! 124: # Checks for library functions.
! 125: AC_FUNC_MEMCMP
! 126: AC_TYPE_SIGNAL
! 127: AC_FUNC_VPRINTF
! 128: AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
! 129: AC_REPLACE_FUNCS(strdup)
! 130: RACOON_CHECK_VA_COPY
! 131:
! 132: # Check if printf accepts "%z" type modifier for size_t argument
! 133: AC_MSG_CHECKING(if printf accepts %z)
! 134: saved_CFLAGS=$CFLAGS
! 135: CFLAGS="$CFLAGS -Wall -Werror"
! 136: AC_TRY_COMPILE([
! 137: #include <stdio.h>
! 138: ], [
! 139: printf("%zu\n", (size_t)-1);
! 140: ],
! 141: [AC_MSG_RESULT(yes)],
! 142: [AC_MSG_RESULT(no);
! 143: CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
! 144: AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
! 145: ])
! 146: CFLAGS=$saved_CFLAGS
! 147:
! 148: # Can we use __func__ macro?
! 149: AC_MSG_CHECKING(if __func__ is available)
! 150: AC_TRY_COMPILE(
! 151: [#include <stdio.h>
! 152: ], [char *x = __func__;],
! 153: [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
! 154: AC_MSG_RESULT(yes)],
! 155: [AC_MSG_RESULT(no)])
! 156:
! 157: # Check if readline support is requested
! 158: AC_MSG_CHECKING(if readline support is requested)
! 159: AC_ARG_WITH(readline,
! 160: [ --with-readline support readline input (yes by default)],
! 161: [with_readline="$withval"], [with_readline="yes"])
! 162: AC_MSG_RESULT($with_readline)
! 163:
! 164: # Is readline available?
! 165: if test $with_readline != "no"; then
! 166: AC_CHECK_HEADER([readline/readline.h],
! 167: [AC_CHECK_LIB(readline, readline, [
! 168: AC_DEFINE(HAVE_READLINE, [],
! 169: [Is readline available?])
! 170: LIBS="$LIBS -lreadline"
! 171: ], [])], [])
! 172: fi
! 173:
! 174:
! 175: AC_MSG_CHECKING(if --with-flex option is specified)
! 176: AC_ARG_WITH(flexdir,
! 177: [AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
! 178: [flexdir="$withval"])
! 179: AC_MSG_RESULT(${flexdir-dirdefault})
! 180:
! 181: if test "x$flexdir" != "x"; then
! 182: LIBS="$LIBS $flexdir/libfl.a"
! 183: fi
! 184:
! 185: AC_MSG_CHECKING(if --with-flexlib option is specified)
! 186: AC_ARG_WITH(flexlib,
! 187: [ --with-flexlib=<LIB> specify flex library.],
! 188: [flexlib="$withval"])
! 189: AC_MSG_RESULT(${flexlib-default})
! 190:
! 191: if test "x$flexlib" != "x"; then
! 192: LIBS="$LIBS $flexlib"
! 193: fi
! 194:
! 195: # Check if a different OpenSSL directory was specified
! 196: AC_MSG_CHECKING(if --with-openssl option is specified)
! 197: AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory],
! 198: [crypto_dir=$withval])
! 199: AC_MSG_RESULT(${crypto_dir-default})
! 200:
! 201: if test "x$crypto_dir" != "x"; then
! 202: LIBS="$LIBS -L${crypto_dir}/lib"
! 203: CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
! 204: fi
! 205: AC_MSG_CHECKING(openssl version)
! 206:
! 207: AC_TRY_COMPILE(
! 208: [#include <openssl/opensslv.h>
! 209: ],
! 210: [#if OPENSSL_VERSION_NUMBER < 0x0090602fL
! 211: #error OpenSSL version is too old ...
! 212: #endif],
! 213: [AC_MSG_RESULT([ok])],
! 214: [AC_MSG_RESULT(too old)
! 215: AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
! 216: ])
! 217:
! 218: AC_CHECK_HEADERS(openssl/engine.h)
! 219:
! 220: # checking rijndael
! 221: AC_CHECK_HEADERS([openssl/aes.h], [],
! 222: [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
! 223:
! 224: # checking sha2
! 225: AC_MSG_CHECKING(sha2 support)
! 226: AC_DEFINE([WITH_SHA2], [], [SHA2 support])
! 227: AC_MSG_RESULT(yes)
! 228: AC_CHECK_HEADER(openssl/sha2.h, [], [
! 229: AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
! 230: AC_TRY_COMPILE([
! 231: #ifdef HAVE_SYS_TYPES_H
! 232: #include <sys/types.h>
! 233: #endif
! 234: #include <openssl/sha.h>
! 235: ], [
! 236: SHA256_CTX ctx;
! 237: ], [
! 238: AC_MSG_RESULT(yes)
! 239: AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
! 240: ], [AC_MSG_RESULT(no)
! 241: AC_LIBOBJ([sha2])
! 242: CRYPTOBJS="$CRYPTOBJS sha2.o"
! 243: ])
! 244:
! 245: CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing"
! 246: ])
! 247: AC_SUBST(CRYPTOBJS)
! 248:
! 249: # checking camellia
! 250: AC_CHECK_HEADERS([openssl/camellia.h])
! 251:
! 252:
! 253: # Option --enable-adminport
! 254: AC_MSG_CHECKING(if --enable-adminport option is specified)
! 255: AC_ARG_ENABLE(adminport,
! 256: [ --enable-adminport enable admin port],
! 257: [], [enable_adminport=no])
! 258: if test $enable_adminport = "yes"; then
! 259: AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
! 260: fi
! 261: AC_MSG_RESULT($enable_adminport)
! 262:
! 263: # Option RC5
! 264: AC_MSG_CHECKING(if --enable-rc5 option is specified)
! 265: AC_ARG_ENABLE(rc5,
! 266: [ --enable-rc5 enable RC5 encryption (patented)],
! 267: [], [enable_rc5=no])
! 268: AC_MSG_RESULT($enable_rc5)
! 269:
! 270: if test $enable_rc5 = "yes"; then
! 271: AC_CHECK_HEADERS([openssl/rc5.h])
! 272: AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
! 273: [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
! 274: fi
! 275:
! 276: # Option IDEA
! 277: AC_MSG_CHECKING(if --enable-idea option is specified)
! 278: AC_ARG_ENABLE(idea,
! 279: [ --enable-idea enable IDEA encryption (patented)],
! 280: [], [enable_idea=no])
! 281: AC_MSG_RESULT($enable_idea)
! 282:
! 283: if test $enable_idea = "yes"; then
! 284: AC_CHECK_HEADERS([openssl/idea.h])
! 285: AC_CHECK_LIB([crypto_idea], [idea_encrypt],
! 286: [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
! 287: fi
! 288: AC_SUBST(EXTRA_CRYPTO)
! 289:
! 290: # For dynamic libradius
! 291: RACOON_PATH_LIBS([MD5_Init], [crypto])
! 292:
! 293: # Check if we need -lutil for login(3)
! 294: RACOON_PATH_LIBS([login], [util])
! 295:
! 296: # Specify libiconv prefix
! 297: AC_MSG_CHECKING(if --with-libiconv option is specified)
! 298: AC_ARG_WITH(libiconv,
! 299: [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)],
! 300: [libiconv_dir=$withval],
! 301: [libiconv_dir=no])
! 302: AC_MSG_RESULT($libiconv_dir)
! 303: if test "$libiconv_dir" != "no"; then
! 304: if test "$libiconv_dir" = "yes" ; then
! 305: libiconv_dir="";
! 306: fi;
! 307: if test "x$libiconv_dir" = "x"; then
! 308: RACOON_PATH_LIBS([iconv_open], [iconv])
! 309: else
! 310: if test -d "$libiconv_dir/lib" -a \
! 311: -d "$libiconv_dir/include" ; then
! 312: RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
! 313: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
! 314: else
! 315: AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
! 316: fi
! 317: fi
! 318: LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
! 319: AC_CHECK_FUNCS(iconv_open)
! 320: fi
! 321:
! 322: AC_MSG_CHECKING([if --enable-hybrid option is specified])
! 323: AC_ARG_ENABLE(hybrid,
! 324: [ --enable-hybrid enable hybrid, both mode-cfg and xauth support],
! 325: [], [enable_hybrid=no])
! 326: AC_MSG_RESULT($enable_hybrid)
! 327:
! 328: if test "x$enable_hybrid" = "xyes"; then
! 329: case $host in
! 330: *darwin*)
! 331: ;;
! 332: *)
! 333: LIBS="$LIBS -lcrypt";
! 334: ;;
! 335: esac
! 336: HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
! 337: AC_SUBST(HYBRID_OBJS)
! 338: AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
! 339: fi
! 340:
! 341: AC_MSG_CHECKING([if --enable-frag option is specified])
! 342: AC_ARG_ENABLE(frag,
! 343: [ --enable-frag enable IKE fragmentation payload support],
! 344: [], [enable_frag=no])
! 345: AC_MSG_RESULT($enable_frag)
! 346:
! 347: if test "x$enable_frag" = "xyes"; then
! 348: case $host in
! 349: *darwin*)
! 350: ;;
! 351: *)
! 352: LIBS="$LIBS -lcrypt";
! 353: ;;
! 354: esac
! 355: FRAG_OBJS="isakmp_frag.o"
! 356: AC_SUBST(FRAG_OBJS)
! 357: AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
! 358: fi
! 359:
! 360: AC_MSG_CHECKING(if --with-libradius option is specified)
! 361: AC_ARG_WITH(libradius,
! 362: [ --with-libradius=DIR specify libradius path (like/usr/pkg)],
! 363: [libradius_dir=$withval],
! 364: [libradius_dir=no])
! 365: AC_MSG_RESULT($libradius_dir)
! 366: if test "$libradius_dir" != "no"; then
! 367: if test "$libradius_dir" = "yes" ; then
! 368: libradius_dir="";
! 369: fi;
! 370: if test "x$libradius_dir" = "x"; then
! 371: RACOON_PATH_LIBS([rad_create_request], [radius])
! 372: else
! 373: if test -d "$libradius_dir/lib" -a \
! 374: -d "$libradius_dir/include" ; then
! 375: RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
! 376: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
! 377: else
! 378: AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
! 379: fi
! 380: fi
! 381: AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
! 382: LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
! 383: AC_CHECK_FUNCS(rad_create_request)
! 384: fi
! 385:
! 386: AC_MSG_CHECKING(if --with-libpam option is specified)
! 387: AC_ARG_WITH(libpam,
! 388: [ --with-libpam=DIR specify libpam path (like/usr/pkg)],
! 389: [libpam_dir=$withval],
! 390: [libpam_dir=no])
! 391: AC_MSG_RESULT($libpam_dir)
! 392: if test "$libpam_dir" != "no"; then
! 393: if test "$libpam_dir" = "yes" ; then
! 394: libpam_dir="";
! 395: fi;
! 396: if test "x$libpam_dir" = "x"; then
! 397: RACOON_PATH_LIBS([pam_start], [pam])
! 398: else
! 399: if test -d "$libpam_dir/lib" -a \
! 400: -d "$libpam_dir/include" ; then
! 401: RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
! 402: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
! 403: else
! 404: AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
! 405: fi
! 406: fi
! 407: AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
! 408: LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
! 409: AC_CHECK_FUNCS(pam_start)
! 410: fi
! 411:
! 412: AC_MSG_CHECKING(if --with-libldap option is specified)
! 413: AC_ARG_WITH(libldap,
! 414: [ --with-libldap=DIR specify libldap path (like/usr/pkg)],
! 415: [libldap_dir=$withval],
! 416: [libldap_dir=no])
! 417: AC_MSG_RESULT($libldap_dir)
! 418: if test "$libldap_dir" != "no"; then
! 419: if test "$libldap_dir" = "yes" ; then
! 420: libldap_dir="";
! 421: fi;
! 422: if test "x$libldap_dir" = "x"; then
! 423: RACOON_PATH_LIBS([ldap_init], [ldap])
! 424: else
! 425: if test -d "$libldap_dir/lib" -a \
! 426: -d "$libldap_dir/include" ; then
! 427: RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
! 428: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
! 429: else
! 430: AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
! 431: fi
! 432: fi
! 433: AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
! 434: LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
! 435:
! 436: saved_CFLAGS=$CFLAGS
! 437: CFLAGS="$CFLAGS -Wall -Werror"
! 438: saved_CPPFLAGS=$CPPFLAGS
! 439: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
! 440: AC_TRY_COMPILE(
! 441: [#include <ldap.h>],
! 442: [
! 443: #if LDAP_API_VERSION < 2004
! 444: #error OpenLDAP version is too old ...
! 445: #endif
! 446: ],
! 447: [AC_MSG_RESULT([ok])],
! 448: [
! 449: AC_MSG_RESULT(too old)
! 450: AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
! 451: ])
! 452: CFLAGS=$saved_CFLAGS
! 453: CPPFLAGS=$saved_CPPFLAGS
! 454: fi
! 455:
! 456: # Check for Kerberos5 support
! 457: # XXX This must come after all --with-* tests, else the
! 458: # -liconv checks will not work
! 459: AC_MSG_CHECKING(if --enable-gssapi option is specified)
! 460: AC_ARG_ENABLE(gssapi,
! 461: [ --enable-gssapi enable GSS-API authentication],
! 462: [], [enable_gssapi=no])
! 463: AC_MSG_RESULT($enable_gssapi)
! 464: AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
! 465: if test "x$enable_gssapi" = "xyes"; then
! 466: if test "$KRB5_CONFIG" != "no"; then
! 467: krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
! 468: krb5_libs="`$KRB5_CONFIG --libs gssapi`"
! 469: else
! 470: # No krb5-config; let's make some assumptions based on
! 471: # the OS.
! 472: case $host_os in
! 473: netbsd*)
! 474: krb5_incdir="-I/usr/include/krb5"
! 475: krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
! 476: ;;
! 477: *)
! 478: AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
! 479: ;;
! 480: esac
! 481: fi
! 482: LIBS="$LIBS $krb5_libs"
! 483: CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
! 484: AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
! 485:
! 486: # Check if iconv 2nd argument needs const
! 487: saved_CFLAGS=$CFLAGS
! 488: CFLAGS="$CFLAGS -Wall -Werror"
! 489: saved_CPPFLAGS=$CPPFLAGS
! 490: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
! 491: AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
! 492: AC_MSG_CHECKING([if iconv second argument needs const])
! 493: AC_TRY_COMPILE([
! 494: #include <iconv.h>
! 495: #include <stdio.h>
! 496: ], [
! 497: iconv_t cd = NULL;
! 498: const char **src = NULL;
! 499: size_t *srcleft = NULL;
! 500: char **dst = NULL;
! 501: size_t *dstleft = NULL;
! 502:
! 503: (void)iconv(cd, src, srcleft, dst, dstleft);
! 504: ], [AC_MSG_RESULT(yes)
! 505: AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
! 506: ], [AC_MSG_RESULT(no)])
! 507: CFLAGS=$saved_CFLAGS
! 508: CPPFLAGS=$saved_CPPFLAGS
! 509:
! 510: # libiconv is often integrated into libc. If a with-* option
! 511: # caused a non libc-based iconv.h to be catched instead of
! 512: # the libc-based iconv.h, then we need to link with -liconv
! 513: AC_MSG_CHECKING(if -liconv is required)
! 514: saved_CPPFLAGS=$CPPFLAGS
! 515: saved_LIBS=$LIBS
! 516: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
! 517: AC_TRY_LINK([
! 518: #include <iconv.h>
! 519: ], [
! 520: (void)iconv_open("ascii", "ascii");
! 521: ],
! 522: [AC_MSG_RESULT(no)],
! 523: [
! 524: LIBS="$LIBS -liconv"
! 525: AC_TRY_LINK([
! 526: #include <iconv.h>
! 527: ], [
! 528: (void)iconv_open("ascii", "ascii");
! 529: ],
! 530: [
! 531: AC_MSG_RESULT(yes)
! 532: saved_LIBS=$LIBS
! 533: ], [
! 534: AC_MSG_ERROR([cannot use iconv])
! 535: ])
! 536: ])
! 537: CPPFLAGS=$saved_CPPFLAGS
! 538: LIBS=$saved_LIBS
! 539: fi
! 540:
! 541: AC_MSG_CHECKING(if --enable-stats option is specified)
! 542: AC_ARG_ENABLE(stats,
! 543: [ --enable-stats enable statistics logging function],
! 544: [], [enable_stats=no])
! 545: if test "x$enable_stats" = "xyes"; then
! 546: AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
! 547: fi
! 548: AC_MSG_RESULT($enable_stats)
! 549:
! 550: AC_MSG_CHECKING(if --enable-dpd option is specified)
! 551: AC_ARG_ENABLE(dpd,
! 552: [ --enable-dpd enable dead peer detection],
! 553: [], [enable_dpd=no])
! 554: if test "x$enable_dpd" = "xyes"; then
! 555: AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
! 556: fi
! 557: AC_MSG_RESULT($enable_dpd)
! 558:
! 559: AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
! 560: AC_ARG_ENABLE(samode-unspec,
! 561: [ --enable-samode-unspec enable to use unspecified a mode of SA],
! 562: [], [enable_samode_unspec=no])
! 563: if test "x$enable_samode_unspec" = "xyes"; then
! 564: case $host_os in
! 565: *linux*)
! 566: cat << EOC
! 567:
! 568: ERROR: --enable-samode-unspec is not supported under linux
! 569: because linux kernel do not support it. This option is disabled
! 570: to prevent mysterious problems.
! 571:
! 572: If you REALLY know what your are doing, remove this check.
! 573: EOC
! 574: exit 1;
! 575: ;;
! 576: esac
! 577: AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
! 578: fi
! 579: AC_MSG_RESULT($enable_samode_unspec)
! 580:
! 581: # Checks if IPv6 is requested
! 582: AC_MSG_CHECKING([whether to enable ipv6])
! 583: AC_ARG_ENABLE(ipv6,
! 584: [ --disable-ipv6 disable ipv6 support],
! 585: [ case "$enableval" in
! 586: no)
! 587: AC_MSG_RESULT(no)
! 588: ipv6=no
! 589: ;;
! 590: *) AC_MSG_RESULT(yes)
! 591: ipv6=yes
! 592: ;;
! 593: esac ],
! 594:
! 595: AC_TRY_RUN([ /* AF_INET6 avalable check */
! 596: #include <sys/types.h>
! 597: #include <sys/socket.h>
! 598: main()
! 599: {
! 600: exit(0);
! 601: if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
! 602: exit(1);
! 603: else
! 604: exit(0);
! 605: }
! 606: ],
! 607: AC_MSG_RESULT(yes)
! 608: AC_DEFINE([INET6], [], [Support IPv6])
! 609: ipv6=yes,
! 610: AC_MSG_RESULT(no)
! 611: ipv6=no,
! 612: AC_MSG_RESULT(no)
! 613: ipv6=no
! 614: ))
! 615:
! 616: if test "$ipv6" = "yes"; then
! 617: AC_DEFINE([INET6], [], [Support IPv6])
! 618: AC_MSG_CHECKING(for advanced API support)
! 619: AC_TRY_COMPILE([#ifndef INET6
! 620: #define INET6
! 621: #endif
! 622: #include <sys/types.h>
! 623: #include <netinet/in.h>],
! 624: [struct in6_pktinfo a;],
! 625: [AC_MSG_RESULT(yes)
! 626: AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
! 627: [AC_MSG_RESULT(no)])
! 628: fi
! 629:
! 630: RACOON_CHECK_BUGGY_GETADDRINFO
! 631: if test "$buggygetaddrinfo" = "yes"; then
! 632: AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
! 633: fi
! 634:
! 635: # Check if kernel support is available for NAT-T, defaults to no.
! 636: kernel_natt="no"
! 637:
! 638: AC_MSG_CHECKING(kernel NAT-Traversal support)
! 639: case $host_os in
! 640: linux*)
! 641: # Linux kernel NAT-T check
! 642: AC_EGREP_CPP(yes,
! 643: [#include <linux/pfkeyv2.h>
! 644: #ifdef SADB_X_EXT_NAT_T_TYPE
! 645: yes
! 646: #endif
! 647: ], [kernel_natt="yes"])
! 648: ;;
! 649: freebsd*|netbsd*)
! 650: # NetBSD case
! 651: # Same check for FreeBSD
! 652: AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
! 653: [kernel_natt="yes"],, [
! 654: #define _KERNEL
! 655: #include <sys/types.h>
! 656: #include <net/pfkeyv2.h>
! 657: ])
! 658: ;;
! 659: esac
! 660: AC_MSG_RESULT($kernel_natt)
! 661:
! 662: AC_MSG_CHECKING(whether to support NAT-T)
! 663: AC_ARG_ENABLE(natt,
! 664: [ --enable-natt enable NAT-Traversal (yes/no/kernel)],
! 665: [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
! 666: [ enable_natt=no ])
! 667: AC_MSG_RESULT($enable_natt)
! 668:
! 669: if test "$enable_natt" = "yes"; then
! 670: if test "$kernel_natt" = "no" ; then
! 671: AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
! 672: else
! 673: AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
! 674: NATT_OBJS="nattraversal.o"
! 675: AC_SUBST(NATT_OBJS)
! 676: fi
! 677: fi
! 678:
! 679: # Set up defines for supported NAT-T versions.
! 680: natt_versions_default="00,02,rfc"
! 681: AC_MSG_CHECKING(which NAT-T versions to support)
! 682: AC_ARG_ENABLE(natt_versions,
! 683: [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.],
! 684: [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
! 685: [ enable_natt_versions=$natt_versions_default ])
! 686: if test "$enable_natt" = "yes"; then
! 687: AC_MSG_RESULT($enable_natt_versions)
! 688: for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
! 689: case $i in
! 690: 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
! 691: 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
! 692: 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
! 693: 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
! 694: 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
! 695: 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
! 696: 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
! 697: 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
! 698: 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
! 699: RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
! 700: *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
! 701: esac
! 702: done
! 703: unset i
! 704: else
! 705: AC_MSG_RESULT([none])
! 706: fi
! 707:
! 708: AC_MSG_CHECKING(if --enable-broken-natt option is specified)
! 709: AC_ARG_ENABLE(broken-natt,
! 710: [ --enable-broken-natt broken in-kernel NAT-T],
! 711: [], [enable_broken_natt=no])
! 712: if test "x$enable_broken_natt" = "xyes"; then
! 713: AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
! 714: fi
! 715: AC_MSG_RESULT($enable_broken_natt)
! 716:
! 717: AC_MSG_CHECKING(whether we support FWD policy)
! 718: case $host in
! 719: *linux*)
! 720: AC_TRY_COMPILE([
! 721: #include <inttypes.h>
! 722: #include <linux/ipsec.h>
! 723: ], [
! 724: int fwd = IPSEC_DIR_FWD;
! 725: ],
! 726: [AC_MSG_RESULT(yes)
! 727: AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
! 728: [AC_MSG_RESULT(no)])
! 729: ;;
! 730: *)
! 731: AC_MSG_RESULT(no)
! 732: ;;
! 733: esac
! 734:
! 735: AC_CHECK_TYPE([ipsec_policy_t],
! 736: [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
! 737: [],
! 738: [
! 739: #include <sys/types.h>
! 740: #include <netinet6/ipsec.h>
! 741: ])
! 742:
! 743: # Check if kernel support is available for Security Context, defaults to no.
! 744: kernel_secctx="no"
! 745:
! 746: AC_MSG_CHECKING(kernel Security Context support)
! 747: case $host_os in
! 748: linux*)
! 749: # Linux kernel Security Context check
! 750: AC_EGREP_CPP(yes,
! 751: [#include <linux/pfkeyv2.h>
! 752: #ifdef SADB_X_EXT_SEC_CTX
! 753: yes
! 754: #endif
! 755: ], [kernel_secctx="yes"])
! 756: ;;
! 757: esac
! 758: AC_MSG_RESULT($kernel_secctx)
! 759:
! 760: AC_CHECK_HEADER(selinux/selinux.h,
! 761: [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes],
! 762: [selinux_support=no])], [selinux_support=no])
! 763:
! 764: AC_MSG_CHECKING(whether to support Security Context)
! 765: AC_ARG_ENABLE(security-context,
! 766: [ --enable-security-context enable Security Context(yes/no/kernel)],
! 767: [if test "$enable_security_context" = "kernel"; then
! 768: enable_security_context=$kernel_secctx; fi],
! 769: [enable_security_context=$kernel_secctx])
! 770: AC_MSG_RESULT($enable_security_context)
! 771:
! 772: if test "$enable_security_context" = "yes"; then
! 773: if test "$kernel_secctx" = "no" ; then
! 774: AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
! 775: else
! 776: if test "$selinux_support" = "no"; then
! 777: AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.])
! 778: else
! 779: AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
! 780: SECCTX_OBJS="security.o"
! 781: AC_SUBST(SECCTX_OBJS)
! 782: LIBS="$LIBS -lselinux"
! 783: fi
! 784: fi
! 785: fi
! 786:
! 787: RACOON_PATH_LIBS([clock_gettime], [rt])
! 788:
! 789: AC_MSG_CHECKING(for monotonic system clock)
! 790: AC_TRY_COMPILE(
! 791: [#include <time.h>],
! 792: [clock_gettime(CLOCK_MONOTONIC, NULL);],
! 793: [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock])
! 794: AC_MSG_RESULT(yes)],
! 795: [AC_MSG_RESULT(no)])
! 796:
! 797: CFLAGS="$CFLAGS $CFLAGS_ADD"
! 798: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
! 799:
! 800: case $host in
! 801: *linux*)
! 802: # Remove KERNEL_INCLUDE from CPPFLAGS. It will
! 803: # be symlinked to src/include-glibc/linux in
! 804: # compile time.
! 805: CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
! 806: ;;
! 807: esac
! 808:
! 809: include_racoondir=${includedir}/racoon
! 810: AC_SUBST(include_racoondir)
! 811:
! 812: AC_CONFIG_FILES([
! 813: Makefile
! 814: package_version.h
! 815: src/Makefile
! 816: src/include-glibc/Makefile
! 817: src/libipsec/Makefile
! 818: src/setkey/Makefile
! 819: src/racoon/Makefile
! 820: src/racoon/samples/psk.txt
! 821: src/racoon/samples/racoon.conf
! 822: rpm/Makefile
! 823: rpm/suse/Makefile
! 824: rpm/suse/ipsec-tools.spec
! 825: ])
! 826: AC_OUTPUT
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>