1: dnl -*- mode: m4 -*-
2: dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
3:
4: AC_PREREQ(2.52)
5: AC_INIT(ipsec-tools, 0.8.2)
6: AC_CONFIG_SRCDIR([configure.ac])
7: AC_CONFIG_HEADERS(config.h)
8:
9: AM_INIT_AUTOMAKE(dist-bzip2)
10:
11: AC_ENABLE_SHARED(no)
12:
13: AC_PROG_CC
14: AC_HEADER_STDC
15: AC_PROG_LIBTOOL
16: AC_PROG_YACC
17: AM_PROG_LEX
18: AC_SUBST(LEXLIB)
19: AC_PROG_EGREP
20:
21: CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
22:
23: case $host in
24: *netbsd*)
25: LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
26: ;;
27: *linux*)
28: LIBS="$LIBS -lresolv"
29: INSTALL_OPTS="-o bin -g bin"
30: INCLUDE_GLIBC="include-glibc"
31: RPM="rpm"
32: AC_SUBST(INSTALL_OPTS)
33: AC_SUBST(INCLUDE_GLIBC)
34: AC_SUBST(RPM)
35: ;;
36: *darwin*)
37: LIBS="$LIBS -lresolv"
38: ;;
39: esac
40:
41: # Look up some IPsec-related headers
42: AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
43: AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
44: AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
45: AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no])
46:
47: # FreeBSD >=7 has only <netipsec/ipsec.h>
48: # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
49: # XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>,
50: # we can't decide which one to use (actually <netinet6/ipsec.h>)
51:
52:
53: if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then
54: have_netinet_ipsec=yes
55: AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h])
56: else
57: if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
58: have_netinet_ipsec=yes
59: AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h])
60: else
61: # have_netinet_ipsec will be checked a few lines below
62: AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h])
63: fi
64: fi
65:
66: case "$host_os" in
67: *linux*)
68: AC_ARG_WITH(kernel-headers,
69: AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
70: [where your Linux Kernel headers are installed]),
71: [ KERNEL_INCLUDE="$with_kernel_headers"
72: CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
73: AC_SUBST(CONFIGURE_AMFLAGS) ],
74: [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
75:
76: AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
77: [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
78: KERNEL_INCLUDE=/usr/src/linux/include ,
79: [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
80: AC_SUBST(KERNEL_INCLUDE)
81: # We need the configure script to run with correct kernel headers.
82: # However we don't want to point to kernel source tree in compile time,
83: # i.e. this will be removed from CPPFLAGS at the end of configure.
84: CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
85:
86: AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority,
87: [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
88: [Are PF_KEY policy priorities supported?])], [],
89: [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
90:
91: GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
92: GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
93: CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
94: CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
95: AC_SUBST(GLIBC_BUGS)
96: ;;
97: *)
98: if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
99: if test "$have_net_pfkey" = yes; then
100: AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
101: else
102: AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
103: fi
104: fi
105: ;;
106: esac
107:
108: ### Some basic toolchain checks
109:
110: # Checks for header files.
111: AC_HEADER_STDC
112: AC_HEADER_SYS_WAIT
113: AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
114: AC_CHECK_HEADERS(shadow.h)
115:
116: # Checks for typedefs, structures, and compiler characteristics.
117: AC_C_CONST
118: AC_TYPE_PID_T
119: AC_TYPE_SIZE_T
120: AC_HEADER_TIME
121: AC_STRUCT_TM
122:
123: # Checks for library functions.
124: AC_FUNC_MEMCMP
125: AC_TYPE_SIGNAL
126: AC_FUNC_VPRINTF
127: AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
128: AC_REPLACE_FUNCS(strdup)
129: RACOON_CHECK_VA_COPY
130:
131: # Check if printf accepts "%z" type modifier for size_t argument
132: AC_MSG_CHECKING(if printf accepts %z)
133: saved_CFLAGS=$CFLAGS
134: CFLAGS="$CFLAGS -Wall -Werror"
135: AC_TRY_COMPILE([
136: #include <stdio.h>
137: ], [
138: printf("%zu\n", (size_t)-1);
139: ],
140: [AC_MSG_RESULT(yes)],
141: [AC_MSG_RESULT(no);
142: CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
143: AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
144: ])
145: CFLAGS=$saved_CFLAGS
146:
147: # Can we use __func__ macro?
148: AC_MSG_CHECKING(if __func__ is available)
149: AC_TRY_COMPILE(
150: [#include <stdio.h>
151: ], [char *x = __func__;],
152: [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
153: AC_MSG_RESULT(yes)],
154: [AC_MSG_RESULT(no)])
155:
156: # Check if readline support is requested
157: AC_MSG_CHECKING(if readline support is requested)
158: AC_ARG_WITH(readline,
159: [ --with-readline support readline input (yes by default)],
160: [with_readline="$withval"], [with_readline="yes"])
161: AC_MSG_RESULT($with_readline)
162:
163: # Is readline available?
164: if test $with_readline != "no"; then
165: AC_CHECK_HEADER([readline/readline.h],
166: [AC_CHECK_LIB(readline, readline, [
167: AC_DEFINE(HAVE_READLINE, [],
168: [Is readline available?])
169: LIBS="$LIBS -lreadline"
170: ], [])], [])
171: fi
172:
173:
174: AC_MSG_CHECKING(if --with-flex option is specified)
175: AC_ARG_WITH(flexdir,
176: [AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
177: [flexdir="$withval"])
178: AC_MSG_RESULT(${flexdir-dirdefault})
179:
180: if test "x$flexdir" != "x"; then
181: LIBS="$LIBS $flexdir/libfl.a"
182: fi
183:
184: AC_MSG_CHECKING(if --with-flexlib option is specified)
185: AC_ARG_WITH(flexlib,
186: [ --with-flexlib=<LIB> specify flex library.],
187: [flexlib="$withval"])
188: AC_MSG_RESULT(${flexlib-default})
189:
190: if test "x$flexlib" != "x"; then
191: LIBS="$LIBS $flexlib"
192: fi
193:
194: # Check if a different OpenSSL directory was specified
195: AC_MSG_CHECKING(if --with-openssl option is specified)
196: AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory],
197: [crypto_dir=$withval])
198: AC_MSG_RESULT(${crypto_dir-default})
199:
200: if test "x$crypto_dir" != "x"; then
201: LIBS="$LIBS -L${crypto_dir}/lib"
202: CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
203: fi
204: AC_MSG_CHECKING(openssl version)
205:
206: AC_TRY_COMPILE(
207: [#include <openssl/opensslv.h>
208: ],
209: [#if OPENSSL_VERSION_NUMBER < 0x0090813fL
210: #error OpenSSL version is too old ...
211: #endif],
212: [AC_MSG_RESULT([ok])],
213: [AC_MSG_RESULT(too old)
214: AC_MSG_ERROR([OpenSSL version must be 0.9.8s or higher. Aborting.])
215: ])
216:
217: AC_CHECK_HEADERS(openssl/engine.h)
218:
219: # checking rijndael
220: AC_CHECK_HEADERS([openssl/aes.h], [],
221: [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
222:
223: # checking sha2
224: AC_MSG_CHECKING(sha2 support)
225: AC_DEFINE([WITH_SHA2], [], [SHA2 support])
226: AC_MSG_RESULT(yes)
227: AC_CHECK_HEADER(openssl/sha2.h, [], [
228: AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
229: AC_TRY_COMPILE([
230: #ifdef HAVE_SYS_TYPES_H
231: #include <sys/types.h>
232: #endif
233: #include <openssl/sha.h>
234: ], [
235: SHA256_CTX ctx;
236: ], [
237: AC_MSG_RESULT(yes)
238: AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
239: ], [AC_MSG_RESULT(no)
240: AC_LIBOBJ([sha2])
241: CRYPTOBJS="$CRYPTOBJS sha2.o"
242: ])
243:
244: CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing"
245: ])
246: AC_SUBST(CRYPTOBJS)
247:
248: # checking camellia
249: AC_CHECK_HEADERS([openssl/camellia.h])
250:
251:
252: # Option --enable-adminport
253: AC_MSG_CHECKING(if --enable-adminport option is specified)
254: AC_ARG_ENABLE(adminport,
255: [ --enable-adminport enable admin port],
256: [], [enable_adminport=no])
257: if test $enable_adminport = "yes"; then
258: AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
259: fi
260: AC_MSG_RESULT($enable_adminport)
261:
262: # Option RC5
263: AC_MSG_CHECKING(if --enable-rc5 option is specified)
264: AC_ARG_ENABLE(rc5,
265: [ --enable-rc5 enable RC5 encryption (patented)],
266: [], [enable_rc5=no])
267: AC_MSG_RESULT($enable_rc5)
268:
269: if test $enable_rc5 = "yes"; then
270: AC_CHECK_HEADERS([openssl/rc5.h])
271: AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
272: [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
273: fi
274:
275: # Option IDEA
276: AC_MSG_CHECKING(if --enable-idea option is specified)
277: AC_ARG_ENABLE(idea,
278: [ --enable-idea enable IDEA encryption (patented)],
279: [], [enable_idea=no])
280: AC_MSG_RESULT($enable_idea)
281:
282: if test $enable_idea = "yes"; then
283: AC_CHECK_HEADERS([openssl/idea.h])
284: AC_CHECK_LIB([crypto_idea], [idea_encrypt],
285: [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
286: fi
287: AC_SUBST(EXTRA_CRYPTO)
288:
289: # For dynamic libradius
290: RACOON_PATH_LIBS([MD5_Init], [crypto])
291:
292: # Check if we need -lutil for login(3)
293: RACOON_PATH_LIBS([login], [util])
294:
295: # Specify libiconv prefix
296: AC_MSG_CHECKING(if --with-libiconv option is specified)
297: AC_ARG_WITH(libiconv,
298: [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)],
299: [libiconv_dir=$withval],
300: [libiconv_dir=no])
301: AC_MSG_RESULT($libiconv_dir)
302: if test "$libiconv_dir" != "no"; then
303: if test "$libiconv_dir" = "yes" ; then
304: libiconv_dir="";
305: fi;
306: if test "x$libiconv_dir" = "x"; then
307: RACOON_PATH_LIBS([iconv_open], [iconv])
308: else
309: if test -d "$libiconv_dir/lib" -a \
310: -d "$libiconv_dir/include" ; then
311: RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
312: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
313: else
314: AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
315: fi
316: fi
317: LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
318: AC_CHECK_FUNCS(iconv_open)
319: fi
320:
321: AC_MSG_CHECKING([if --enable-hybrid option is specified])
322: AC_ARG_ENABLE(hybrid,
323: [ --enable-hybrid enable hybrid, both mode-cfg and xauth support],
324: [], [enable_hybrid=no])
325: AC_MSG_RESULT($enable_hybrid)
326:
327: if test "x$enable_hybrid" = "xyes"; then
328: case $host in
329: *darwin*)
330: ;;
331: *)
332: LIBS="$LIBS -lcrypt";
333: ;;
334: esac
335: HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
336: AC_SUBST(HYBRID_OBJS)
337: AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
338: fi
339:
340: AC_MSG_CHECKING([if --enable-frag option is specified])
341: AC_ARG_ENABLE(frag,
342: [ --enable-frag enable IKE fragmentation payload support],
343: [], [enable_frag=no])
344: AC_MSG_RESULT($enable_frag)
345:
346: if test "x$enable_frag" = "xyes"; then
347: case $host in
348: *darwin*)
349: ;;
350: *)
351: LIBS="$LIBS -lcrypt";
352: ;;
353: esac
354: FRAG_OBJS="isakmp_frag.o"
355: AC_SUBST(FRAG_OBJS)
356: AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
357: fi
358:
359: AC_MSG_CHECKING(if --with-libradius option is specified)
360: AC_ARG_WITH(libradius,
361: [ --with-libradius=DIR specify libradius path (like/usr/pkg)],
362: [libradius_dir=$withval],
363: [libradius_dir=no])
364: AC_MSG_RESULT($libradius_dir)
365: if test "$libradius_dir" != "no"; then
366: if test "$libradius_dir" = "yes" ; then
367: libradius_dir="";
368: fi;
369: if test "x$libradius_dir" = "x"; then
370: RACOON_PATH_LIBS([rad_create_request], [radius])
371: else
372: if test -d "$libradius_dir/lib" -a \
373: -d "$libradius_dir/include" ; then
374: RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
375: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
376: else
377: AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
378: fi
379: fi
380: AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
381: LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
382: AC_CHECK_FUNCS(rad_create_request)
383: fi
384:
385: AC_MSG_CHECKING(if --with-libpam option is specified)
386: AC_ARG_WITH(libpam,
387: [ --with-libpam=DIR specify libpam path (like/usr/pkg)],
388: [libpam_dir=$withval],
389: [libpam_dir=no])
390: AC_MSG_RESULT($libpam_dir)
391: if test "$libpam_dir" != "no"; then
392: if test "$libpam_dir" = "yes" ; then
393: libpam_dir="";
394: fi;
395: if test "x$libpam_dir" = "x"; then
396: RACOON_PATH_LIBS([pam_start], [pam])
397: else
398: if test -d "$libpam_dir/lib" -a \
399: -d "$libpam_dir/include" ; then
400: RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
401: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
402: else
403: AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
404: fi
405: fi
406: AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
407: LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
408: AC_CHECK_FUNCS(pam_start)
409: fi
410:
411: AC_MSG_CHECKING(if --with-libldap option is specified)
412: AC_ARG_WITH(libldap,
413: [ --with-libldap=DIR specify libldap path (like/usr/pkg)],
414: [libldap_dir=$withval],
415: [libldap_dir=no])
416: AC_MSG_RESULT($libldap_dir)
417: if test "$libldap_dir" != "no"; then
418: if test "$libldap_dir" = "yes" ; then
419: libldap_dir="";
420: fi;
421: if test "x$libldap_dir" = "x"; then
422: RACOON_PATH_LIBS([ldap_init], [ldap])
423: else
424: if test -d "$libldap_dir/lib" -a \
425: -d "$libldap_dir/include" ; then
426: RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
427: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
428: else
429: AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
430: fi
431: fi
432: AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
433: LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
434:
435: saved_CFLAGS=$CFLAGS
436: CFLAGS="$CFLAGS -Wall -Werror"
437: saved_CPPFLAGS=$CPPFLAGS
438: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
439: AC_TRY_COMPILE(
440: [#include <ldap.h>],
441: [
442: #if LDAP_API_VERSION < 2004
443: #error OpenLDAP version is too old ...
444: #endif
445: ],
446: [AC_MSG_RESULT([ok])],
447: [
448: AC_MSG_RESULT(too old)
449: AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
450: ])
451: CFLAGS=$saved_CFLAGS
452: CPPFLAGS=$saved_CPPFLAGS
453: fi
454:
455: # Check for Kerberos5 support
456: # XXX This must come after all --with-* tests, else the
457: # -liconv checks will not work
458: AC_MSG_CHECKING(if --enable-gssapi option is specified)
459: AC_ARG_ENABLE(gssapi,
460: [ --enable-gssapi enable GSS-API authentication],
461: [], [enable_gssapi=no])
462: AC_MSG_RESULT($enable_gssapi)
463: AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
464: if test "x$enable_gssapi" = "xyes"; then
465: if test "$KRB5_CONFIG" != "no"; then
466: krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
467: krb5_libs="`$KRB5_CONFIG --libs gssapi`"
468: else
469: # No krb5-config; let's make some assumptions based on
470: # the OS.
471: case $host_os in
472: netbsd*)
473: krb5_incdir="-I/usr/include/krb5"
474: krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
475: ;;
476: *)
477: AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
478: ;;
479: esac
480: fi
481: LIBS="$LIBS $krb5_libs"
482: CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
483: AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
484:
485: # Check if iconv 2nd argument needs const
486: saved_CFLAGS=$CFLAGS
487: CFLAGS="$CFLAGS -Wall -Werror"
488: saved_CPPFLAGS=$CPPFLAGS
489: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
490: AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
491: AC_MSG_CHECKING([if iconv second argument needs const])
492: AC_TRY_COMPILE([
493: #include <iconv.h>
494: #include <stdio.h>
495: ], [
496: iconv_t cd = NULL;
497: const char **src = NULL;
498: size_t *srcleft = NULL;
499: char **dst = NULL;
500: size_t *dstleft = NULL;
501:
502: (void)iconv(cd, src, srcleft, dst, dstleft);
503: ], [AC_MSG_RESULT(yes)
504: AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
505: ], [AC_MSG_RESULT(no)])
506: CFLAGS=$saved_CFLAGS
507: CPPFLAGS=$saved_CPPFLAGS
508:
509: # libiconv is often integrated into libc. If a with-* option
510: # caused a non libc-based iconv.h to be catched instead of
511: # the libc-based iconv.h, then we need to link with -liconv
512: AC_MSG_CHECKING(if -liconv is required)
513: saved_CPPFLAGS=$CPPFLAGS
514: saved_LIBS=$LIBS
515: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
516: AC_TRY_LINK([
517: #include <iconv.h>
518: ], [
519: (void)iconv_open("ascii", "ascii");
520: ],
521: [AC_MSG_RESULT(no)],
522: [
523: LIBS="$LIBS -liconv"
524: AC_TRY_LINK([
525: #include <iconv.h>
526: ], [
527: (void)iconv_open("ascii", "ascii");
528: ],
529: [
530: AC_MSG_RESULT(yes)
531: saved_LIBS=$LIBS
532: ], [
533: AC_MSG_ERROR([cannot use iconv])
534: ])
535: ])
536: CPPFLAGS=$saved_CPPFLAGS
537: LIBS=$saved_LIBS
538: fi
539:
540: AC_MSG_CHECKING(if --enable-stats option is specified)
541: AC_ARG_ENABLE(stats,
542: [ --enable-stats enable statistics logging function],
543: [], [enable_stats=no])
544: if test "x$enable_stats" = "xyes"; then
545: AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
546: fi
547: AC_MSG_RESULT($enable_stats)
548:
549: AC_MSG_CHECKING(if --enable-dpd option is specified)
550: AC_ARG_ENABLE(dpd,
551: [ --enable-dpd enable dead peer detection],
552: [], [enable_dpd=no])
553: if test "x$enable_dpd" = "xyes"; then
554: AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
555: fi
556: AC_MSG_RESULT($enable_dpd)
557:
558: AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
559: AC_ARG_ENABLE(samode-unspec,
560: [ --enable-samode-unspec enable to use unspecified a mode of SA],
561: [], [enable_samode_unspec=no])
562: if test "x$enable_samode_unspec" = "xyes"; then
563: case $host_os in
564: *linux*)
565: cat << EOC
566:
567: ERROR: --enable-samode-unspec is not supported under linux
568: because linux kernel do not support it. This option is disabled
569: to prevent mysterious problems.
570:
571: If you REALLY know what your are doing, remove this check.
572: EOC
573: exit 1;
574: ;;
575: esac
576: AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
577: fi
578: AC_MSG_RESULT($enable_samode_unspec)
579:
580: # Checks if IPv6 is requested
581: AC_MSG_CHECKING([whether to enable ipv6])
582: AC_ARG_ENABLE(ipv6,
583: [ --disable-ipv6 disable ipv6 support],
584: [ case "$enableval" in
585: no)
586: AC_MSG_RESULT(no)
587: ipv6=no
588: ;;
589: *) AC_MSG_RESULT(yes)
590: ipv6=yes
591: ;;
592: esac ],
593:
594: AC_TRY_RUN([ /* AF_INET6 avalable check */
595: #include <sys/types.h>
596: #include <sys/socket.h>
597: main()
598: {
599: exit(0);
600: if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
601: exit(1);
602: else
603: exit(0);
604: }
605: ],
606: AC_MSG_RESULT(yes)
607: AC_DEFINE([INET6], [], [Support IPv6])
608: ipv6=yes,
609: AC_MSG_RESULT(no)
610: ipv6=no,
611: AC_MSG_RESULT(no)
612: ipv6=no
613: ))
614:
615: if test "$ipv6" = "yes"; then
616: AC_DEFINE([INET6], [], [Support IPv6])
617: AC_MSG_CHECKING(for advanced API support)
618: AC_TRY_COMPILE([#ifndef INET6
619: #define INET6
620: #endif
621: #include <sys/types.h>
622: #include <netinet/in.h>],
623: [struct in6_pktinfo a;],
624: [AC_MSG_RESULT(yes)
625: AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
626: [AC_MSG_RESULT(no)])
627: fi
628:
629: RACOON_CHECK_BUGGY_GETADDRINFO
630: if test "$buggygetaddrinfo" = "yes"; then
631: AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
632: fi
633:
634: # Check if kernel support is available for NAT-T, defaults to no.
635: kernel_natt="no"
636:
637: AC_MSG_CHECKING(kernel NAT-Traversal support)
638: case $host_os in
639: linux*)
640: # Linux kernel NAT-T check
641: AC_EGREP_CPP(yes,
642: [#include <linux/pfkeyv2.h>
643: #ifdef SADB_X_EXT_NAT_T_TYPE
644: yes
645: #endif
646: ], [kernel_natt="yes"])
647: ;;
648: freebsd*|netbsd*)
649: # NetBSD case
650: # Same check for FreeBSD
651: AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
652: [kernel_natt="yes"],, [
653: #define _KERNEL
654: #include <sys/types.h>
655: #include <net/pfkeyv2.h>
656: ])
657: ;;
658: esac
659: AC_MSG_RESULT($kernel_natt)
660:
661: AC_MSG_CHECKING(whether to support NAT-T)
662: AC_ARG_ENABLE(natt,
663: [ --enable-natt enable NAT-Traversal (yes/no/kernel)],
664: [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
665: [ enable_natt=no ])
666: AC_MSG_RESULT($enable_natt)
667:
668: if test "$enable_natt" = "yes"; then
669: if test "$kernel_natt" = "no" ; then
670: AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
671: else
672: AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
673: NATT_OBJS="nattraversal.o"
674: AC_SUBST(NATT_OBJS)
675: fi
676: fi
677:
678: # Set up defines for supported NAT-T versions.
679: natt_versions_default="00,02,rfc"
680: AC_MSG_CHECKING(which NAT-T versions to support)
681: AC_ARG_ENABLE(natt_versions,
682: [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.],
683: [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
684: [ enable_natt_versions=$natt_versions_default ])
685: if test "$enable_natt" = "yes"; then
686: AC_MSG_RESULT($enable_natt_versions)
687: for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
688: case $i in
689: 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
690: 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
691: 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
692: 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
693: 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
694: 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
695: 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
696: 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
697: 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
698: RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
699: *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
700: esac
701: done
702: unset i
703: else
704: AC_MSG_RESULT([none])
705: fi
706:
707: AC_MSG_CHECKING(if --enable-broken-natt option is specified)
708: AC_ARG_ENABLE(broken-natt,
709: [ --enable-broken-natt broken in-kernel NAT-T],
710: [], [enable_broken_natt=no])
711: if test "x$enable_broken_natt" = "xyes"; then
712: AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
713: fi
714: AC_MSG_RESULT($enable_broken_natt)
715:
716: AC_MSG_CHECKING(whether we support FWD policy)
717: case $host in
718: *linux*)
719: AC_TRY_COMPILE([
720: #include <inttypes.h>
721: #include <linux/ipsec.h>
722: ], [
723: int fwd = IPSEC_DIR_FWD;
724: ],
725: [AC_MSG_RESULT(yes)
726: AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
727: [AC_MSG_RESULT(no)])
728: ;;
729: *)
730: AC_MSG_RESULT(no)
731: ;;
732: esac
733:
734: AC_CHECK_TYPE([ipsec_policy_t],
735: [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
736: [],
737: [
738: #include <sys/types.h>
739: #include <netinet6/ipsec.h>
740: ])
741:
742: # Check if kernel support is available for Security Context, defaults to no.
743: kernel_secctx="no"
744:
745: AC_MSG_CHECKING(kernel Security Context support)
746: case $host_os in
747: linux*)
748: # Linux kernel Security Context check
749: AC_EGREP_CPP(yes,
750: [#include <linux/pfkeyv2.h>
751: #ifdef SADB_X_EXT_SEC_CTX
752: yes
753: #endif
754: ], [kernel_secctx="yes"])
755: ;;
756: esac
757: AC_MSG_RESULT($kernel_secctx)
758:
759: AC_CHECK_HEADER(selinux/selinux.h,
760: [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes],
761: [selinux_support=no])], [selinux_support=no])
762:
763: AC_MSG_CHECKING(whether to support Security Context)
764: AC_ARG_ENABLE(security-context,
765: [ --enable-security-context enable Security Context(yes/no/kernel)],
766: [if test "$enable_security_context" = "kernel"; then
767: enable_security_context=$kernel_secctx; fi],
768: [enable_security_context=$kernel_secctx])
769: AC_MSG_RESULT($enable_security_context)
770:
771: if test "$enable_security_context" = "yes"; then
772: if test "$kernel_secctx" = "no" ; then
773: AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
774: else
775: if test "$selinux_support" = "no"; then
776: AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.])
777: else
778: AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
779: SECCTX_OBJS="security.o"
780: AC_SUBST(SECCTX_OBJS)
781: LIBS="$LIBS -lselinux"
782: fi
783: fi
784: fi
785:
786: RACOON_PATH_LIBS([clock_gettime], [rt])
787:
788: AC_MSG_CHECKING(for monotonic system clock)
789: AC_TRY_COMPILE(
790: [#include <time.h>],
791: [clock_gettime(CLOCK_MONOTONIC, NULL);],
792: [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock])
793: AC_MSG_RESULT(yes)],
794: [AC_MSG_RESULT(no)])
795:
796: CFLAGS="$CFLAGS $CFLAGS_ADD"
797: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
798:
799: case $host in
800: *linux*)
801: # Remove KERNEL_INCLUDE from CPPFLAGS. It will
802: # be symlinked to src/include-glibc/linux in
803: # compile time.
804: CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
805: ;;
806: esac
807:
808: include_racoondir=${includedir}/racoon
809: AC_SUBST(include_racoondir)
810:
811: AC_CONFIG_FILES([
812: Makefile
813: package_version.h
814: src/Makefile
815: src/include-glibc/Makefile
816: src/libipsec/Makefile
817: src/setkey/Makefile
818: src/racoon/Makefile
819: src/racoon/samples/psk.txt
820: src/racoon/samples/racoon.conf
821: rpm/Makefile
822: rpm/suse/Makefile
823: rpm/suse/ipsec-tools.spec
824: ])
825: AC_OUTPUT
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to configure.ac CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools