Annotation of embedaddon/ipsec-tools/configure.ac, revision 1.1.1.1
1.1 misho 1: dnl -*- mode: m4 -*-
2: dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
3:
4: AC_PREREQ(2.52)
5: AC_INIT(ipsec-tools, 0.8.0)
6: AC_CONFIG_SRCDIR([configure.ac])
7: AM_CONFIG_HEADER(config.h)
8:
9: AM_INIT_AUTOMAKE(dist-bzip2)
10:
11: AC_ENABLE_SHARED(no)
12:
13: AC_PROG_CC
14: AM_PROG_CC_STDC
15: AC_HEADER_STDC
16: AC_PROG_LIBTOOL
17: AC_PROG_YACC
18: AM_PROG_LEX
19: AC_SUBST(LEXLIB)
20: AC_PROG_EGREP
21:
22: CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
23:
24: case $host in
25: *netbsd*)
26: LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
27: ;;
28: *linux*)
29: LIBS="$LIBS -lresolv"
30: INSTALL_OPTS="-o bin -g bin"
31: INCLUDE_GLIBC="include-glibc"
32: RPM="rpm"
33: AC_SUBST(INSTALL_OPTS)
34: AC_SUBST(INCLUDE_GLIBC)
35: AC_SUBST(RPM)
36: ;;
37: *darwin*)
38: LIBS="$LIBS -lresolv"
39: ;;
40: esac
41:
42: # Look up some IPsec-related headers
43: AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
44: AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
45: AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
46: AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no])
47:
48: # FreeBSD >=7 has only <netipsec/ipsec.h>
49: # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
50: # XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>,
51: # we can't decide which one to use (actually <netinet6/ipsec.h>)
52:
53:
54: if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then
55: have_netinet_ipsec=yes
56: AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h])
57: else
58: if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
59: have_netinet_ipsec=yes
60: AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h])
61: else
62: # have_netinet_ipsec will be checked a few lines below
63: AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h])
64: fi
65: fi
66:
67: case "$host_os" in
68: *linux*)
69: AC_ARG_WITH(kernel-headers,
70: AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
71: [where your Linux Kernel headers are installed]),
72: [ KERNEL_INCLUDE="$with_kernel_headers"
73: CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
74: AC_SUBST(CONFIGURE_AMFLAGS) ],
75: [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
76:
77: AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
78: [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
79: KERNEL_INCLUDE=/usr/src/linux/include ,
80: [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
81: AC_SUBST(KERNEL_INCLUDE)
82: # We need the configure script to run with correct kernel headers.
83: # However we don't want to point to kernel source tree in compile time,
84: # i.e. this will be removed from CPPFLAGS at the end of configure.
85: CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
86:
87: AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority,
88: [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
89: [Are PF_KEY policy priorities supported?])], [],
90: [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
91:
92: GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
93: GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
94: CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
95: CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
96: AC_SUBST(GLIBC_BUGS)
97: ;;
98: *)
99: if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
100: if test "$have_net_pfkey" = yes; then
101: AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
102: else
103: AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
104: fi
105: fi
106: ;;
107: esac
108:
109: ### Some basic toolchain checks
110:
111: # Checks for header files.
112: AC_HEADER_STDC
113: AC_HEADER_SYS_WAIT
114: AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
115: AC_CHECK_HEADERS(shadow.h)
116:
117: # Checks for typedefs, structures, and compiler characteristics.
118: AC_C_CONST
119: AC_TYPE_PID_T
120: AC_TYPE_SIZE_T
121: AC_HEADER_TIME
122: AC_STRUCT_TM
123:
124: # Checks for library functions.
125: AC_FUNC_MEMCMP
126: AC_TYPE_SIGNAL
127: AC_FUNC_VPRINTF
128: AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
129: AC_REPLACE_FUNCS(strdup)
130: RACOON_CHECK_VA_COPY
131:
132: # Check if printf accepts "%z" type modifier for size_t argument
133: AC_MSG_CHECKING(if printf accepts %z)
134: saved_CFLAGS=$CFLAGS
135: CFLAGS="$CFLAGS -Wall -Werror"
136: AC_TRY_COMPILE([
137: #include <stdio.h>
138: ], [
139: printf("%zu\n", (size_t)-1);
140: ],
141: [AC_MSG_RESULT(yes)],
142: [AC_MSG_RESULT(no);
143: CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
144: AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
145: ])
146: CFLAGS=$saved_CFLAGS
147:
148: # Can we use __func__ macro?
149: AC_MSG_CHECKING(if __func__ is available)
150: AC_TRY_COMPILE(
151: [#include <stdio.h>
152: ], [char *x = __func__;],
153: [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
154: AC_MSG_RESULT(yes)],
155: [AC_MSG_RESULT(no)])
156:
157: # Check if readline support is requested
158: AC_MSG_CHECKING(if readline support is requested)
159: AC_ARG_WITH(readline,
160: [ --with-readline support readline input (yes by default)],
161: [with_readline="$withval"], [with_readline="yes"])
162: AC_MSG_RESULT($with_readline)
163:
164: # Is readline available?
165: if test $with_readline != "no"; then
166: AC_CHECK_HEADER([readline/readline.h],
167: [AC_CHECK_LIB(readline, readline, [
168: AC_DEFINE(HAVE_READLINE, [],
169: [Is readline available?])
170: LIBS="$LIBS -lreadline"
171: ], [])], [])
172: fi
173:
174:
175: AC_MSG_CHECKING(if --with-flex option is specified)
176: AC_ARG_WITH(flexdir,
177: [AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
178: [flexdir="$withval"])
179: AC_MSG_RESULT(${flexdir-dirdefault})
180:
181: if test "x$flexdir" != "x"; then
182: LIBS="$LIBS $flexdir/libfl.a"
183: fi
184:
185: AC_MSG_CHECKING(if --with-flexlib option is specified)
186: AC_ARG_WITH(flexlib,
187: [ --with-flexlib=<LIB> specify flex library.],
188: [flexlib="$withval"])
189: AC_MSG_RESULT(${flexlib-default})
190:
191: if test "x$flexlib" != "x"; then
192: LIBS="$LIBS $flexlib"
193: fi
194:
195: # Check if a different OpenSSL directory was specified
196: AC_MSG_CHECKING(if --with-openssl option is specified)
197: AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory],
198: [crypto_dir=$withval])
199: AC_MSG_RESULT(${crypto_dir-default})
200:
201: if test "x$crypto_dir" != "x"; then
202: LIBS="$LIBS -L${crypto_dir}/lib"
203: CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
204: fi
205: AC_MSG_CHECKING(openssl version)
206:
207: AC_TRY_COMPILE(
208: [#include <openssl/opensslv.h>
209: ],
210: [#if OPENSSL_VERSION_NUMBER < 0x0090602fL
211: #error OpenSSL version is too old ...
212: #endif],
213: [AC_MSG_RESULT([ok])],
214: [AC_MSG_RESULT(too old)
215: AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
216: ])
217:
218: AC_CHECK_HEADERS(openssl/engine.h)
219:
220: # checking rijndael
221: AC_CHECK_HEADERS([openssl/aes.h], [],
222: [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
223:
224: # checking sha2
225: AC_MSG_CHECKING(sha2 support)
226: AC_DEFINE([WITH_SHA2], [], [SHA2 support])
227: AC_MSG_RESULT(yes)
228: AC_CHECK_HEADER(openssl/sha2.h, [], [
229: AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
230: AC_TRY_COMPILE([
231: #ifdef HAVE_SYS_TYPES_H
232: #include <sys/types.h>
233: #endif
234: #include <openssl/sha.h>
235: ], [
236: SHA256_CTX ctx;
237: ], [
238: AC_MSG_RESULT(yes)
239: AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
240: ], [AC_MSG_RESULT(no)
241: AC_LIBOBJ([sha2])
242: CRYPTOBJS="$CRYPTOBJS sha2.o"
243: ])
244:
245: CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing"
246: ])
247: AC_SUBST(CRYPTOBJS)
248:
249: # checking camellia
250: AC_CHECK_HEADERS([openssl/camellia.h])
251:
252:
253: # Option --enable-adminport
254: AC_MSG_CHECKING(if --enable-adminport option is specified)
255: AC_ARG_ENABLE(adminport,
256: [ --enable-adminport enable admin port],
257: [], [enable_adminport=no])
258: if test $enable_adminport = "yes"; then
259: AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
260: fi
261: AC_MSG_RESULT($enable_adminport)
262:
263: # Option RC5
264: AC_MSG_CHECKING(if --enable-rc5 option is specified)
265: AC_ARG_ENABLE(rc5,
266: [ --enable-rc5 enable RC5 encryption (patented)],
267: [], [enable_rc5=no])
268: AC_MSG_RESULT($enable_rc5)
269:
270: if test $enable_rc5 = "yes"; then
271: AC_CHECK_HEADERS([openssl/rc5.h])
272: AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
273: [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
274: fi
275:
276: # Option IDEA
277: AC_MSG_CHECKING(if --enable-idea option is specified)
278: AC_ARG_ENABLE(idea,
279: [ --enable-idea enable IDEA encryption (patented)],
280: [], [enable_idea=no])
281: AC_MSG_RESULT($enable_idea)
282:
283: if test $enable_idea = "yes"; then
284: AC_CHECK_HEADERS([openssl/idea.h])
285: AC_CHECK_LIB([crypto_idea], [idea_encrypt],
286: [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
287: fi
288: AC_SUBST(EXTRA_CRYPTO)
289:
290: # For dynamic libradius
291: RACOON_PATH_LIBS([MD5_Init], [crypto])
292:
293: # Check if we need -lutil for login(3)
294: RACOON_PATH_LIBS([login], [util])
295:
296: # Specify libiconv prefix
297: AC_MSG_CHECKING(if --with-libiconv option is specified)
298: AC_ARG_WITH(libiconv,
299: [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)],
300: [libiconv_dir=$withval],
301: [libiconv_dir=no])
302: AC_MSG_RESULT($libiconv_dir)
303: if test "$libiconv_dir" != "no"; then
304: if test "$libiconv_dir" = "yes" ; then
305: libiconv_dir="";
306: fi;
307: if test "x$libiconv_dir" = "x"; then
308: RACOON_PATH_LIBS([iconv_open], [iconv])
309: else
310: if test -d "$libiconv_dir/lib" -a \
311: -d "$libiconv_dir/include" ; then
312: RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
313: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
314: else
315: AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
316: fi
317: fi
318: LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
319: AC_CHECK_FUNCS(iconv_open)
320: fi
321:
322: AC_MSG_CHECKING([if --enable-hybrid option is specified])
323: AC_ARG_ENABLE(hybrid,
324: [ --enable-hybrid enable hybrid, both mode-cfg and xauth support],
325: [], [enable_hybrid=no])
326: AC_MSG_RESULT($enable_hybrid)
327:
328: if test "x$enable_hybrid" = "xyes"; then
329: case $host in
330: *darwin*)
331: ;;
332: *)
333: LIBS="$LIBS -lcrypt";
334: ;;
335: esac
336: HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
337: AC_SUBST(HYBRID_OBJS)
338: AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
339: fi
340:
341: AC_MSG_CHECKING([if --enable-frag option is specified])
342: AC_ARG_ENABLE(frag,
343: [ --enable-frag enable IKE fragmentation payload support],
344: [], [enable_frag=no])
345: AC_MSG_RESULT($enable_frag)
346:
347: if test "x$enable_frag" = "xyes"; then
348: case $host in
349: *darwin*)
350: ;;
351: *)
352: LIBS="$LIBS -lcrypt";
353: ;;
354: esac
355: FRAG_OBJS="isakmp_frag.o"
356: AC_SUBST(FRAG_OBJS)
357: AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
358: fi
359:
360: AC_MSG_CHECKING(if --with-libradius option is specified)
361: AC_ARG_WITH(libradius,
362: [ --with-libradius=DIR specify libradius path (like/usr/pkg)],
363: [libradius_dir=$withval],
364: [libradius_dir=no])
365: AC_MSG_RESULT($libradius_dir)
366: if test "$libradius_dir" != "no"; then
367: if test "$libradius_dir" = "yes" ; then
368: libradius_dir="";
369: fi;
370: if test "x$libradius_dir" = "x"; then
371: RACOON_PATH_LIBS([rad_create_request], [radius])
372: else
373: if test -d "$libradius_dir/lib" -a \
374: -d "$libradius_dir/include" ; then
375: RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
376: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
377: else
378: AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
379: fi
380: fi
381: AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
382: LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
383: AC_CHECK_FUNCS(rad_create_request)
384: fi
385:
386: AC_MSG_CHECKING(if --with-libpam option is specified)
387: AC_ARG_WITH(libpam,
388: [ --with-libpam=DIR specify libpam path (like/usr/pkg)],
389: [libpam_dir=$withval],
390: [libpam_dir=no])
391: AC_MSG_RESULT($libpam_dir)
392: if test "$libpam_dir" != "no"; then
393: if test "$libpam_dir" = "yes" ; then
394: libpam_dir="";
395: fi;
396: if test "x$libpam_dir" = "x"; then
397: RACOON_PATH_LIBS([pam_start], [pam])
398: else
399: if test -d "$libpam_dir/lib" -a \
400: -d "$libpam_dir/include" ; then
401: RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
402: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
403: else
404: AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
405: fi
406: fi
407: AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
408: LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
409: AC_CHECK_FUNCS(pam_start)
410: fi
411:
412: AC_MSG_CHECKING(if --with-libldap option is specified)
413: AC_ARG_WITH(libldap,
414: [ --with-libldap=DIR specify libldap path (like/usr/pkg)],
415: [libldap_dir=$withval],
416: [libldap_dir=no])
417: AC_MSG_RESULT($libldap_dir)
418: if test "$libldap_dir" != "no"; then
419: if test "$libldap_dir" = "yes" ; then
420: libldap_dir="";
421: fi;
422: if test "x$libldap_dir" = "x"; then
423: RACOON_PATH_LIBS([ldap_init], [ldap])
424: else
425: if test -d "$libldap_dir/lib" -a \
426: -d "$libldap_dir/include" ; then
427: RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
428: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
429: else
430: AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
431: fi
432: fi
433: AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
434: LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
435:
436: saved_CFLAGS=$CFLAGS
437: CFLAGS="$CFLAGS -Wall -Werror"
438: saved_CPPFLAGS=$CPPFLAGS
439: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
440: AC_TRY_COMPILE(
441: [#include <ldap.h>],
442: [
443: #if LDAP_API_VERSION < 2004
444: #error OpenLDAP version is too old ...
445: #endif
446: ],
447: [AC_MSG_RESULT([ok])],
448: [
449: AC_MSG_RESULT(too old)
450: AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
451: ])
452: CFLAGS=$saved_CFLAGS
453: CPPFLAGS=$saved_CPPFLAGS
454: fi
455:
456: # Check for Kerberos5 support
457: # XXX This must come after all --with-* tests, else the
458: # -liconv checks will not work
459: AC_MSG_CHECKING(if --enable-gssapi option is specified)
460: AC_ARG_ENABLE(gssapi,
461: [ --enable-gssapi enable GSS-API authentication],
462: [], [enable_gssapi=no])
463: AC_MSG_RESULT($enable_gssapi)
464: AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
465: if test "x$enable_gssapi" = "xyes"; then
466: if test "$KRB5_CONFIG" != "no"; then
467: krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
468: krb5_libs="`$KRB5_CONFIG --libs gssapi`"
469: else
470: # No krb5-config; let's make some assumptions based on
471: # the OS.
472: case $host_os in
473: netbsd*)
474: krb5_incdir="-I/usr/include/krb5"
475: krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
476: ;;
477: *)
478: AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
479: ;;
480: esac
481: fi
482: LIBS="$LIBS $krb5_libs"
483: CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
484: AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
485:
486: # Check if iconv 2nd argument needs const
487: saved_CFLAGS=$CFLAGS
488: CFLAGS="$CFLAGS -Wall -Werror"
489: saved_CPPFLAGS=$CPPFLAGS
490: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
491: AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
492: AC_MSG_CHECKING([if iconv second argument needs const])
493: AC_TRY_COMPILE([
494: #include <iconv.h>
495: #include <stdio.h>
496: ], [
497: iconv_t cd = NULL;
498: const char **src = NULL;
499: size_t *srcleft = NULL;
500: char **dst = NULL;
501: size_t *dstleft = NULL;
502:
503: (void)iconv(cd, src, srcleft, dst, dstleft);
504: ], [AC_MSG_RESULT(yes)
505: AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
506: ], [AC_MSG_RESULT(no)])
507: CFLAGS=$saved_CFLAGS
508: CPPFLAGS=$saved_CPPFLAGS
509:
510: # libiconv is often integrated into libc. If a with-* option
511: # caused a non libc-based iconv.h to be catched instead of
512: # the libc-based iconv.h, then we need to link with -liconv
513: AC_MSG_CHECKING(if -liconv is required)
514: saved_CPPFLAGS=$CPPFLAGS
515: saved_LIBS=$LIBS
516: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
517: AC_TRY_LINK([
518: #include <iconv.h>
519: ], [
520: (void)iconv_open("ascii", "ascii");
521: ],
522: [AC_MSG_RESULT(no)],
523: [
524: LIBS="$LIBS -liconv"
525: AC_TRY_LINK([
526: #include <iconv.h>
527: ], [
528: (void)iconv_open("ascii", "ascii");
529: ],
530: [
531: AC_MSG_RESULT(yes)
532: saved_LIBS=$LIBS
533: ], [
534: AC_MSG_ERROR([cannot use iconv])
535: ])
536: ])
537: CPPFLAGS=$saved_CPPFLAGS
538: LIBS=$saved_LIBS
539: fi
540:
541: AC_MSG_CHECKING(if --enable-stats option is specified)
542: AC_ARG_ENABLE(stats,
543: [ --enable-stats enable statistics logging function],
544: [], [enable_stats=no])
545: if test "x$enable_stats" = "xyes"; then
546: AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
547: fi
548: AC_MSG_RESULT($enable_stats)
549:
550: AC_MSG_CHECKING(if --enable-dpd option is specified)
551: AC_ARG_ENABLE(dpd,
552: [ --enable-dpd enable dead peer detection],
553: [], [enable_dpd=no])
554: if test "x$enable_dpd" = "xyes"; then
555: AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
556: fi
557: AC_MSG_RESULT($enable_dpd)
558:
559: AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
560: AC_ARG_ENABLE(samode-unspec,
561: [ --enable-samode-unspec enable to use unspecified a mode of SA],
562: [], [enable_samode_unspec=no])
563: if test "x$enable_samode_unspec" = "xyes"; then
564: case $host_os in
565: *linux*)
566: cat << EOC
567:
568: ERROR: --enable-samode-unspec is not supported under linux
569: because linux kernel do not support it. This option is disabled
570: to prevent mysterious problems.
571:
572: If you REALLY know what your are doing, remove this check.
573: EOC
574: exit 1;
575: ;;
576: esac
577: AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
578: fi
579: AC_MSG_RESULT($enable_samode_unspec)
580:
581: # Checks if IPv6 is requested
582: AC_MSG_CHECKING([whether to enable ipv6])
583: AC_ARG_ENABLE(ipv6,
584: [ --disable-ipv6 disable ipv6 support],
585: [ case "$enableval" in
586: no)
587: AC_MSG_RESULT(no)
588: ipv6=no
589: ;;
590: *) AC_MSG_RESULT(yes)
591: ipv6=yes
592: ;;
593: esac ],
594:
595: AC_TRY_RUN([ /* AF_INET6 avalable check */
596: #include <sys/types.h>
597: #include <sys/socket.h>
598: main()
599: {
600: exit(0);
601: if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
602: exit(1);
603: else
604: exit(0);
605: }
606: ],
607: AC_MSG_RESULT(yes)
608: AC_DEFINE([INET6], [], [Support IPv6])
609: ipv6=yes,
610: AC_MSG_RESULT(no)
611: ipv6=no,
612: AC_MSG_RESULT(no)
613: ipv6=no
614: ))
615:
616: if test "$ipv6" = "yes"; then
617: AC_DEFINE([INET6], [], [Support IPv6])
618: AC_MSG_CHECKING(for advanced API support)
619: AC_TRY_COMPILE([#ifndef INET6
620: #define INET6
621: #endif
622: #include <sys/types.h>
623: #include <netinet/in.h>],
624: [struct in6_pktinfo a;],
625: [AC_MSG_RESULT(yes)
626: AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
627: [AC_MSG_RESULT(no)])
628: fi
629:
630: RACOON_CHECK_BUGGY_GETADDRINFO
631: if test "$buggygetaddrinfo" = "yes"; then
632: AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
633: fi
634:
635: # Check if kernel support is available for NAT-T, defaults to no.
636: kernel_natt="no"
637:
638: AC_MSG_CHECKING(kernel NAT-Traversal support)
639: case $host_os in
640: linux*)
641: # Linux kernel NAT-T check
642: AC_EGREP_CPP(yes,
643: [#include <linux/pfkeyv2.h>
644: #ifdef SADB_X_EXT_NAT_T_TYPE
645: yes
646: #endif
647: ], [kernel_natt="yes"])
648: ;;
649: freebsd*|netbsd*)
650: # NetBSD case
651: # Same check for FreeBSD
652: AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
653: [kernel_natt="yes"],, [
654: #define _KERNEL
655: #include <sys/types.h>
656: #include <net/pfkeyv2.h>
657: ])
658: ;;
659: esac
660: AC_MSG_RESULT($kernel_natt)
661:
662: AC_MSG_CHECKING(whether to support NAT-T)
663: AC_ARG_ENABLE(natt,
664: [ --enable-natt enable NAT-Traversal (yes/no/kernel)],
665: [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
666: [ enable_natt=no ])
667: AC_MSG_RESULT($enable_natt)
668:
669: if test "$enable_natt" = "yes"; then
670: if test "$kernel_natt" = "no" ; then
671: AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
672: else
673: AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
674: NATT_OBJS="nattraversal.o"
675: AC_SUBST(NATT_OBJS)
676: fi
677: fi
678:
679: # Set up defines for supported NAT-T versions.
680: natt_versions_default="00,02,rfc"
681: AC_MSG_CHECKING(which NAT-T versions to support)
682: AC_ARG_ENABLE(natt_versions,
683: [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.],
684: [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
685: [ enable_natt_versions=$natt_versions_default ])
686: if test "$enable_natt" = "yes"; then
687: AC_MSG_RESULT($enable_natt_versions)
688: for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
689: case $i in
690: 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
691: 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
692: 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
693: 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
694: 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
695: 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
696: 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
697: 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
698: 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
699: RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
700: *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
701: esac
702: done
703: unset i
704: else
705: AC_MSG_RESULT([none])
706: fi
707:
708: AC_MSG_CHECKING(if --enable-broken-natt option is specified)
709: AC_ARG_ENABLE(broken-natt,
710: [ --enable-broken-natt broken in-kernel NAT-T],
711: [], [enable_broken_natt=no])
712: if test "x$enable_broken_natt" = "xyes"; then
713: AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
714: fi
715: AC_MSG_RESULT($enable_broken_natt)
716:
717: AC_MSG_CHECKING(whether we support FWD policy)
718: case $host in
719: *linux*)
720: AC_TRY_COMPILE([
721: #include <inttypes.h>
722: #include <linux/ipsec.h>
723: ], [
724: int fwd = IPSEC_DIR_FWD;
725: ],
726: [AC_MSG_RESULT(yes)
727: AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
728: [AC_MSG_RESULT(no)])
729: ;;
730: *)
731: AC_MSG_RESULT(no)
732: ;;
733: esac
734:
735: AC_CHECK_TYPE([ipsec_policy_t],
736: [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
737: [],
738: [
739: #include <sys/types.h>
740: #include <netinet6/ipsec.h>
741: ])
742:
743: # Check if kernel support is available for Security Context, defaults to no.
744: kernel_secctx="no"
745:
746: AC_MSG_CHECKING(kernel Security Context support)
747: case $host_os in
748: linux*)
749: # Linux kernel Security Context check
750: AC_EGREP_CPP(yes,
751: [#include <linux/pfkeyv2.h>
752: #ifdef SADB_X_EXT_SEC_CTX
753: yes
754: #endif
755: ], [kernel_secctx="yes"])
756: ;;
757: esac
758: AC_MSG_RESULT($kernel_secctx)
759:
760: AC_CHECK_HEADER(selinux/selinux.h,
761: [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes],
762: [selinux_support=no])], [selinux_support=no])
763:
764: AC_MSG_CHECKING(whether to support Security Context)
765: AC_ARG_ENABLE(security-context,
766: [ --enable-security-context enable Security Context(yes/no/kernel)],
767: [if test "$enable_security_context" = "kernel"; then
768: enable_security_context=$kernel_secctx; fi],
769: [enable_security_context=$kernel_secctx])
770: AC_MSG_RESULT($enable_security_context)
771:
772: if test "$enable_security_context" = "yes"; then
773: if test "$kernel_secctx" = "no" ; then
774: AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
775: else
776: if test "$selinux_support" = "no"; then
777: AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.])
778: else
779: AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
780: SECCTX_OBJS="security.o"
781: AC_SUBST(SECCTX_OBJS)
782: LIBS="$LIBS -lselinux"
783: fi
784: fi
785: fi
786:
787: RACOON_PATH_LIBS([clock_gettime], [rt])
788:
789: AC_MSG_CHECKING(for monotonic system clock)
790: AC_TRY_COMPILE(
791: [#include <time.h>],
792: [clock_gettime(CLOCK_MONOTONIC, NULL);],
793: [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock])
794: AC_MSG_RESULT(yes)],
795: [AC_MSG_RESULT(no)])
796:
797: CFLAGS="$CFLAGS $CFLAGS_ADD"
798: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
799:
800: case $host in
801: *linux*)
802: # Remove KERNEL_INCLUDE from CPPFLAGS. It will
803: # be symlinked to src/include-glibc/linux in
804: # compile time.
805: CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
806: ;;
807: esac
808:
809: include_racoondir=${includedir}/racoon
810: AC_SUBST(include_racoondir)
811:
812: AC_CONFIG_FILES([
813: Makefile
814: package_version.h
815: src/Makefile
816: src/include-glibc/Makefile
817: src/libipsec/Makefile
818: src/setkey/Makefile
819: src/racoon/Makefile
820: src/racoon/samples/psk.txt
821: src/racoon/samples/racoon.conf
822: rpm/Makefile
823: rpm/suse/Makefile
824: rpm/suse/ipsec-tools.spec
825: ])
826: AC_OUTPUT
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>