1 dnl -*- mode: m4 -*- 2 dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp 3 4 AC_PREREQ(2.52) 5 AC_INIT(ipsec-tools, CVS) 6 AC_CONFIG_SRCDIR([configure.ac]) 7 AC_CONFIG_HEADERS(config.h) 8 9 AM_INIT_AUTOMAKE(dist-bzip2) 10 11 AC_ENABLE_SHARED(no) 12 13 AC_PROG_CC 14 AC_HEADER_STDC 15 AC_PROG_LIBTOOL 16 AC_PROG_YACC 17 AM_PROG_LEX 18 AC_SUBST(LEXLIB) 19 AC_PROG_EGREP 20 21 CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" 22 23 case $host in 24 *netbsd*) 25 LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" 26 ;; 27 *linux*) 28 LIBS="$LIBS -lresolv" 29 INSTALL_OPTS="-o bin -g bin" 30 INCLUDE_GLIBC="include-glibc" 31 RPM="rpm" 32 AC_SUBST(INSTALL_OPTS) 33 AC_SUBST(INCLUDE_GLIBC) 34 AC_SUBST(RPM) 35 ;; 36 *darwin*) 37 LIBS="$LIBS -lresolv" 38 ;; 39 esac 40 41 # Look up some IPsec-related headers 42 AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) 43 AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) 44 AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) 45 AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no]) 46 47 # FreeBSD >=7 has only <netipsec/ipsec.h> 48 # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h> 49 # XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>, 50 # we can't decide which one to use (actually <netinet6/ipsec.h>) 51 52 53 if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then 54 have_netinet_ipsec=yes 55 AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h]) 56 else 57 if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then 58 have_netinet_ipsec=yes 59 AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h]) 60 else 61 # have_netinet_ipsec will be checked a few lines below 62 AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h]) 63 fi 64 fi 65 66 case "$host_os" in 67 *linux*) 68 AC_ARG_WITH(kernel-headers, 69 AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include], 70 [where your Linux Kernel headers are installed]), 71 [ KERNEL_INCLUDE="$with_kernel_headers" 72 CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" 73 AC_SUBST(CONFIGURE_AMFLAGS) ], 74 [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) 75 76 AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , 77 [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, 78 KERNEL_INCLUDE=/usr/src/linux/include , 79 [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) 80 AC_SUBST(KERNEL_INCLUDE) 81 # We need the configure script to run with correct kernel headers. 82 # However we don't want to point to kernel source tree in compile time, 83 # i.e. this will be removed from CPPFLAGS at the end of configure. 84 CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" 85 86 AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 87 [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], 88 [Are PF_KEY policy priorities supported?])], [], 89 [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) 90 91 GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' 92 GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" 93 CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" 94 CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS" 95 AC_SUBST(GLIBC_BUGS) 96 ;; 97 *) 98 if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then 99 if test "$have_net_pfkey" = yes; then 100 AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) 101 else 102 AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) 103 fi 104 fi 105 ;; 106 esac 107 108 AH_TEMPLATE(ENABLE_WILDCARD_MATCH, [Enable wildcard matching in pre-shared-key file]) 109 AC_ARG_ENABLE([wildcard-match], 110 [--enable-wildcard-match Enable wildcard matching in pre-shared-key file], 111 [case "${enableval}" in 112 (yes) AC_DEFINE(ENABLE_WILDCARD_MATCH);; 113 (no) ;; 114 (*) AC_MSG_ERROR(bad value ${enableval} for --enable-wildcard-match);; 115 esac],[]) 116 ### Some basic toolchain checks 117 118 # Checks for header files. 119 AC_HEADER_STDC 120 AC_HEADER_SYS_WAIT 121 AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) 122 AC_CHECK_HEADERS(shadow.h strings.h) 123 124 # Checks for typedefs, structures, and compiler characteristics. 125 AC_C_CONST 126 AC_TYPE_PID_T 127 AC_TYPE_SIZE_T 128 AC_HEADER_TIME 129 AC_STRUCT_TM 130 131 # Checks for library functions. 132 AC_FUNC_MEMCMP 133 AC_TYPE_SIGNAL 134 AC_FUNC_VPRINTF 135 AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat) 136 AC_REPLACE_FUNCS(strdup) 137 RACOON_CHECK_VA_COPY 138 139 # Check if printf accepts "%z" type modifier for size_t argument 140 AC_MSG_CHECKING(if printf accepts %z) 141 saved_CFLAGS=$CFLAGS 142 CFLAGS="$CFLAGS -Wall -Werror" 143 AC_TRY_COMPILE([ 144 #include <stdio.h> 145 ], [ 146 printf("%zu\n", (size_t)-1); 147 ], 148 [AC_MSG_RESULT(yes)], 149 [AC_MSG_RESULT(no); 150 CFLAGS_ADD="$CFLAGS_ADD -Wno-format"; 151 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.]) 152 ]) 153 CFLAGS=$saved_CFLAGS 154 155 # Can we use __func__ macro? 156 AC_MSG_CHECKING(if __func__ is available) 157 AC_TRY_COMPILE( 158 [#include <stdio.h> 159 ], [char *x = __func__;], 160 [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) 161 AC_MSG_RESULT(yes)], 162 [AC_MSG_RESULT(no)]) 163 164 # Check if readline support is requested 165 AC_MSG_CHECKING(if readline support is requested) 166 AC_ARG_WITH(readline, 167 [ --with-readline support readline input (yes by default)], 168 [with_readline="$withval"], [with_readline="yes"]) 169 AC_MSG_RESULT($with_readline) 170 171 # Is readline available? 172 if test $with_readline != "no"; then 173 AC_CHECK_HEADER([readline/readline.h], 174 [AC_CHECK_LIB(readline, readline, [ 175 AC_DEFINE(HAVE_READLINE, [], 176 [Is readline available?]) 177 LIBS="$LIBS -lreadline" 178 ], [])], []) 179 fi 180 181 182 AC_MSG_CHECKING(if --with-flex option is specified) 183 AC_ARG_WITH(flexdir, 184 [AC_HELP_STRING([--with-flex], [use directiory (default: no)])], 185 [flexdir="$withval"]) 186 AC_MSG_RESULT(${flexdir-dirdefault}) 187 188 if test "x$flexdir" != "x"; then 189 LIBS="$LIBS $flexdir/libfl.a" 190 fi 191 192 AC_MSG_CHECKING(if --with-flexlib option is specified) 193 AC_ARG_WITH(flexlib, 194 [ --with-flexlib=<LIB> specify flex library.], 195 [flexlib="$withval"]) 196 AC_MSG_RESULT(${flexlib-default}) 197 198 if test "x$flexlib" != "x"; then 199 LIBS="$LIBS $flexlib" 200 fi 201 202 # Check if a different OpenSSL directory was specified 203 AC_MSG_CHECKING(if --with-openssl option is specified) 204 AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], 205 [crypto_dir=$withval]) 206 AC_MSG_RESULT(${crypto_dir-default}) 207 208 if test "x$crypto_dir" != "x"; then 209 LIBS="$LIBS -L${crypto_dir}/lib" 210 CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS" 211 fi 212 AC_MSG_CHECKING(openssl version) 213 214 AC_TRY_COMPILE( 215 [#include <openssl/opensslv.h> 216 ], 217 [#if OPENSSL_VERSION_NUMBER < 0x0090813fL 218 #error OpenSSL version is too old ... 219 #endif], 220 [AC_MSG_RESULT([ok])], 221 [AC_MSG_RESULT(too old) 222 AC_MSG_ERROR([OpenSSL version must be 0.9.8s or higher. Aborting.]) 223 ]) 224 225 AC_CHECK_HEADERS(openssl/engine.h) 226 227 # checking rijndael 228 AC_CHECK_HEADERS([openssl/aes.h], [], 229 [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) 230 231 # checking sha2 232 AC_MSG_CHECKING(sha2 support) 233 AC_DEFINE([WITH_SHA2], [], [SHA2 support]) 234 AC_MSG_RESULT(yes) 235 AC_CHECK_HEADER(openssl/sha2.h, [], [ 236 AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h) 237 AC_TRY_COMPILE([ 238 #ifdef HAVE_SYS_TYPES_H 239 #include <sys/types.h> 240 #endif 241 #include <openssl/sha.h> 242 ], [ 243 SHA256_CTX ctx; 244 ], [ 245 AC_MSG_RESULT(yes) 246 AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h]) 247 ], [AC_MSG_RESULT(no) 248 AC_LIBOBJ([sha2]) 249 CRYPTOBJS="$CRYPTOBJS sha2.o" 250 ]) 251 252 CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing" 253 ]) 254 AC_SUBST(CRYPTOBJS) 255 256 # checking camellia 257 AC_CHECK_HEADERS([openssl/camellia.h]) 258 259 260 # Option --enable-adminport 261 AC_MSG_CHECKING(if --enable-adminport option is specified) 262 AC_ARG_ENABLE(adminport, 263 [ --enable-adminport enable admin port], 264 [], [enable_adminport=no]) 265 if test $enable_adminport = "yes"; then 266 AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) 267 fi 268 AC_MSG_RESULT($enable_adminport) 269 270 # Option RC5 271 AC_MSG_CHECKING(if --enable-rc5 option is specified) 272 AC_ARG_ENABLE(rc5, 273 [ --enable-rc5 enable RC5 encryption (patented)], 274 [], [enable_rc5=no]) 275 AC_MSG_RESULT($enable_rc5) 276 277 if test $enable_rc5 = "yes"; then 278 AC_CHECK_HEADERS([openssl/rc5.h]) 279 AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt], 280 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"]) 281 fi 282 283 # Option IDEA 284 AC_MSG_CHECKING(if --enable-idea option is specified) 285 AC_ARG_ENABLE(idea, 286 [ --enable-idea enable IDEA encryption (patented)], 287 [], [enable_idea=no]) 288 AC_MSG_RESULT($enable_idea) 289 290 if test $enable_idea = "yes"; then 291 AC_CHECK_HEADERS([openssl/idea.h]) 292 AC_CHECK_LIB([crypto_idea], [idea_encrypt], 293 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"]) 294 fi 295 AC_SUBST(EXTRA_CRYPTO) 296 297 # For dynamic libradius 298 RACOON_PATH_LIBS([MD5_Init], [crypto]) 299 300 # Check if we need -lutil for login(3) 301 RACOON_PATH_LIBS([login], [util]) 302 303 # Specify libiconv prefix 304 AC_MSG_CHECKING(if --with-libiconv option is specified) 305 AC_ARG_WITH(libiconv, 306 [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)], 307 [libiconv_dir=$withval], 308 [libiconv_dir=no]) 309 AC_MSG_RESULT($libiconv_dir) 310 if test "$libiconv_dir" != "no"; then 311 if test "$libiconv_dir" = "yes" ; then 312 libiconv_dir=""; 313 fi; 314 if test "x$libiconv_dir" = "x"; then 315 RACOON_PATH_LIBS([iconv_open], [iconv]) 316 else 317 if test -d "$libiconv_dir/lib" -a \ 318 -d "$libiconv_dir/include" ; then 319 RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"]) 320 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include" 321 else 322 AC_MSG_ERROR([ICONV libs or includes not found. Aborting.]) 323 fi 324 fi 325 LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv" 326 AC_CHECK_FUNCS(iconv_open) 327 fi 328 329 AC_MSG_CHECKING([if --enable-hybrid option is specified]) 330 AC_ARG_ENABLE(hybrid, 331 [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], 332 [], [enable_hybrid=no]) 333 AC_MSG_RESULT($enable_hybrid) 334 335 if test "x$enable_hybrid" = "xyes"; then 336 case $host in 337 *darwin*) 338 ;; 339 *) 340 LIBS="$LIBS -lcrypt"; 341 ;; 342 esac 343 HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" 344 AC_SUBST(HYBRID_OBJS) 345 AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) 346 fi 347 348 AC_MSG_CHECKING([if --enable-frag option is specified]) 349 AC_ARG_ENABLE(frag, 350 [ --enable-frag enable IKE fragmentation payload support], 351 [], [enable_frag=no]) 352 AC_MSG_RESULT($enable_frag) 353 354 if test "x$enable_frag" = "xyes"; then 355 case $host in 356 *darwin*) 357 ;; 358 *) 359 LIBS="$LIBS -lcrypt"; 360 ;; 361 esac 362 FRAG_OBJS="isakmp_frag.o" 363 AC_SUBST(FRAG_OBJS) 364 AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) 365 fi 366 367 AC_MSG_CHECKING(if --with-libradius option is specified) 368 AC_ARG_WITH(libradius, 369 [ --with-libradius=DIR specify libradius path (like/usr/pkg)], 370 [libradius_dir=$withval], 371 [libradius_dir=no]) 372 AC_MSG_RESULT($libradius_dir) 373 if test "$libradius_dir" != "no"; then 374 if test "$libradius_dir" = "yes" ; then 375 libradius_dir=""; 376 fi; 377 if test "x$libradius_dir" = "x"; then 378 RACOON_PATH_LIBS([rad_create_request], [radius]) 379 else 380 if test -d "$libradius_dir/lib" -a \ 381 -d "$libradius_dir/include" ; then 382 RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) 383 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" 384 else 385 AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) 386 fi 387 fi 388 AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) 389 LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" 390 AC_CHECK_FUNCS(rad_create_request) 391 fi 392 393 AC_MSG_CHECKING(if --with-libpam option is specified) 394 AC_ARG_WITH(libpam, 395 [ --with-libpam=DIR specify libpam path (like/usr/pkg)], 396 [libpam_dir=$withval], 397 [libpam_dir=no]) 398 AC_MSG_RESULT($libpam_dir) 399 if test "$libpam_dir" != "no"; then 400 if test "$libpam_dir" = "yes" ; then 401 libpam_dir=""; 402 fi; 403 if test "x$libpam_dir" = "x"; then 404 RACOON_PATH_LIBS([pam_start], [pam]) 405 else 406 if test -d "$libpam_dir/lib" -a \ 407 -d "$libpam_dir/include" ; then 408 RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"]) 409 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include" 410 else 411 AC_MSG_ERROR([PAM libs or includes not found. Aborting.]) 412 fi 413 fi 414 AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM]) 415 LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam" 416 AC_CHECK_FUNCS(pam_start) 417 fi 418 419 AC_MSG_CHECKING(if --with-libldap option is specified) 420 AC_ARG_WITH(libldap, 421 [ --with-libldap=DIR specify libldap path (like/usr/pkg)], 422 [libldap_dir=$withval], 423 [libldap_dir=no]) 424 AC_MSG_RESULT($libldap_dir) 425 if test "$libldap_dir" != "no"; then 426 if test "$libldap_dir" = "yes" ; then 427 libldap_dir=""; 428 fi; 429 if test "x$libldap_dir" = "x"; then 430 RACOON_PATH_LIBS([ldap_init], [ldap]) 431 else 432 if test -d "$libldap_dir/lib" -a \ 433 -d "$libldap_dir/include" ; then 434 RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"]) 435 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include" 436 else 437 AC_MSG_ERROR([LDAP libs or includes not found. Aborting.]) 438 fi 439 fi 440 AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP]) 441 LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap" 442 443 saved_CFLAGS=$CFLAGS 444 CFLAGS="$CFLAGS -Wall -Werror" 445 saved_CPPFLAGS=$CPPFLAGS 446 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 447 AC_TRY_COMPILE( 448 [#include <ldap.h>], 449 [ 450 #if LDAP_API_VERSION < 2004 451 #error OpenLDAP version is too old ... 452 #endif 453 ], 454 [AC_MSG_RESULT([ok])], 455 [ 456 AC_MSG_RESULT(too old) 457 AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.]) 458 ]) 459 CFLAGS=$saved_CFLAGS 460 CPPFLAGS=$saved_CPPFLAGS 461 fi 462 463 # Check for Kerberos5 support 464 # XXX This must come after all --with-* tests, else the 465 # -liconv checks will not work 466 AC_MSG_CHECKING(if --enable-gssapi option is specified) 467 AC_ARG_ENABLE(gssapi, 468 [ --enable-gssapi enable GSS-API authentication], 469 [], [enable_gssapi=no]) 470 AC_MSG_RESULT($enable_gssapi) 471 AC_PATH_PROG(KRB5_CONFIG,krb5-config,no) 472 if test "x$enable_gssapi" = "xyes"; then 473 if test "$KRB5_CONFIG" != "no"; then 474 krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" 475 krb5_libs="`$KRB5_CONFIG --libs gssapi`" 476 else 477 # No krb5-config; let's make some assumptions based on 478 # the OS. 479 case $host_os in 480 netbsd*) 481 krb5_incdir="-I/usr/include/krb5" 482 krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1" 483 ;; 484 *) 485 AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) 486 ;; 487 esac 488 fi 489 LIBS="$LIBS $krb5_libs" 490 CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" 491 AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) 492 493 # Check if iconv 2nd argument needs const 494 saved_CFLAGS=$CFLAGS 495 CFLAGS="$CFLAGS -Wall -Werror" 496 saved_CPPFLAGS=$CPPFLAGS 497 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 498 AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])]) 499 AC_MSG_CHECKING([if iconv second argument needs const]) 500 AC_TRY_COMPILE([ 501 #include <iconv.h> 502 #include <stdio.h> 503 ], [ 504 iconv_t cd = NULL; 505 const char **src = NULL; 506 size_t *srcleft = NULL; 507 char **dst = NULL; 508 size_t *dstleft = NULL; 509 510 (void)iconv(cd, src, srcleft, dst, dstleft); 511 ], [AC_MSG_RESULT(yes) 512 AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const]) 513 ], [AC_MSG_RESULT(no)]) 514 CFLAGS=$saved_CFLAGS 515 CPPFLAGS=$saved_CPPFLAGS 516 517 # libiconv is often integrated into libc. If a with-* option 518 # caused a non libc-based iconv.h to be catched instead of 519 # the libc-based iconv.h, then we need to link with -liconv 520 AC_MSG_CHECKING(if -liconv is required) 521 saved_CPPFLAGS=$CPPFLAGS 522 saved_LIBS=$LIBS 523 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 524 AC_TRY_LINK([ 525 #include <iconv.h> 526 ], [ 527 (void)iconv_open("ascii", "ascii"); 528 ], 529 [AC_MSG_RESULT(no)], 530 [ 531 LIBS="$LIBS -liconv" 532 AC_TRY_LINK([ 533 #include <iconv.h> 534 ], [ 535 (void)iconv_open("ascii", "ascii"); 536 ], 537 [ 538 AC_MSG_RESULT(yes) 539 saved_LIBS=$LIBS 540 ], [ 541 AC_MSG_ERROR([cannot use iconv]) 542 ]) 543 ]) 544 CPPFLAGS=$saved_CPPFLAGS 545 LIBS=$saved_LIBS 546 fi 547 548 AC_MSG_CHECKING(if --enable-stats option is specified) 549 AC_ARG_ENABLE(stats, 550 [ --enable-stats enable statistics logging function], 551 [], [enable_stats=no]) 552 if test "x$enable_stats" = "xyes"; then 553 AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) 554 fi 555 AC_MSG_RESULT($enable_stats) 556 557 AC_MSG_CHECKING(if --enable-dpd option is specified) 558 AC_ARG_ENABLE(dpd, 559 [ --enable-dpd enable dead peer detection], 560 [], [enable_dpd=no]) 561 if test "x$enable_dpd" = "xyes"; then 562 AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) 563 fi 564 AC_MSG_RESULT($enable_dpd) 565 566 AC_MSG_CHECKING(if --enable-samode-unspec option is specified) 567 AC_ARG_ENABLE(samode-unspec, 568 [ --enable-samode-unspec enable to use unspecified a mode of SA], 569 [], [enable_samode_unspec=no]) 570 if test "x$enable_samode_unspec" = "xyes"; then 571 case $host_os in 572 *linux*) 573 cat << EOC 574 575 ERROR: --enable-samode-unspec is not supported under linux 576 because linux kernel do not support it. This option is disabled 577 to prevent mysterious problems. 578 579 If you REALLY know what your are doing, remove this check. 580 EOC 581 exit 1; 582 ;; 583 esac 584 AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) 585 fi 586 AC_MSG_RESULT($enable_samode_unspec) 587 588 # Checks if IPv6 is requested 589 AC_MSG_CHECKING([whether to enable ipv6]) 590 AC_ARG_ENABLE(ipv6, 591 [ --disable-ipv6 disable ipv6 support], 592 [ case "$enableval" in 593 no) 594 AC_MSG_RESULT(no) 595 ipv6=no 596 ;; 597 *) AC_MSG_RESULT(yes) 598 ipv6=yes 599 ;; 600 esac ], 601 602 AC_TRY_RUN([ /* AF_INET6 avalable check */ 603 #include <sys/types.h> 604 #include <sys/socket.h> 605 main() 606 { 607 exit(0); 608 if (socket(AF_INET6, SOCK_STREAM, 0) < 0) 609 exit(1); 610 else 611 exit(0); 612 } 613 ], 614 AC_MSG_RESULT(yes) 615 AC_DEFINE([INET6], [], [Support IPv6]) 616 ipv6=yes, 617 AC_MSG_RESULT(no) 618 ipv6=no, 619 AC_MSG_RESULT(no) 620 ipv6=no 621 )) 622 623 if test "$ipv6" = "yes"; then 624 AC_DEFINE([INET6], [], [Support IPv6]) 625 AC_MSG_CHECKING(for advanced API support) 626 AC_TRY_COMPILE([#ifndef INET6 627 #define INET6 628 #endif 629 #include <sys/types.h> 630 #include <netinet/in.h>], 631 [struct in6_pktinfo a;], 632 [AC_MSG_RESULT(yes) 633 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], 634 [AC_MSG_RESULT(no)]) 635 fi 636 637 RACOON_CHECK_BUGGY_GETADDRINFO 638 if test "$buggygetaddrinfo" = "yes"; then 639 AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) 640 fi 641 642 # Check if kernel support is available for NAT-T, defaults to no. 643 kernel_natt="no" 644 645 AC_MSG_CHECKING(kernel NAT-Traversal support) 646 case $host_os in 647 linux*) 648 # Linux kernel NAT-T check 649 AC_EGREP_CPP(yes, 650 [#include <linux/pfkeyv2.h> 651 #ifdef SADB_X_EXT_NAT_T_TYPE 652 yes 653 #endif 654 ], [kernel_natt="yes"]) 655 ;; 656 freebsd*|netbsd*) 657 # NetBSD case 658 # Same check for FreeBSD 659 AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, 660 [kernel_natt="yes"],, [ 661 #define _KERNEL 662 #include <sys/types.h> 663 #include <net/pfkeyv2.h> 664 ]) 665 ;; 666 esac 667 AC_MSG_RESULT($kernel_natt) 668 669 AC_MSG_CHECKING(whether to support NAT-T) 670 AC_ARG_ENABLE(natt, 671 [ --enable-natt enable NAT-Traversal (yes/no/kernel)], 672 [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ], 673 [ enable_natt=no ]) 674 AC_MSG_RESULT($enable_natt) 675 676 if test "$enable_natt" = "yes"; then 677 if test "$kernel_natt" = "no" ; then 678 AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) 679 else 680 AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) 681 NATT_OBJS="nattraversal.o" 682 AC_SUBST(NATT_OBJS) 683 fi 684 fi 685 686 # Set up defines for supported NAT-T versions. 687 natt_versions_default="00,02,rfc" 688 AC_MSG_CHECKING(which NAT-T versions to support) 689 AC_ARG_ENABLE(natt_versions, 690 [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], 691 [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], 692 [ enable_natt_versions=$natt_versions_default ]) 693 if test "$enable_natt" = "yes"; then 694 AC_MSG_RESULT($enable_natt_versions) 695 for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do 696 case $i in 697 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; 698 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; 699 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; 700 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; 701 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; 702 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; 703 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; 704 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; 705 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; 706 RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; 707 *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; 708 esac 709 done 710 unset i 711 else 712 AC_MSG_RESULT([none]) 713 fi 714 715 AC_MSG_CHECKING(if --enable-broken-natt option is specified) 716 AC_ARG_ENABLE(broken-natt, 717 [ --enable-broken-natt broken in-kernel NAT-T], 718 [], [enable_broken_natt=no]) 719 if test "x$enable_broken_natt" = "xyes"; then 720 AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken]) 721 fi 722 AC_MSG_RESULT($enable_broken_natt) 723 724 AC_MSG_CHECKING(whether we support FWD policy) 725 case $host in 726 *linux*) 727 AC_TRY_COMPILE([ 728 #include <inttypes.h> 729 #include <linux/ipsec.h> 730 ], [ 731 int fwd = IPSEC_DIR_FWD; 732 ], 733 [AC_MSG_RESULT(yes) 734 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], 735 [AC_MSG_RESULT(no)]) 736 ;; 737 *) 738 AC_MSG_RESULT(no) 739 ;; 740 esac 741 742 AC_CHECK_TYPE([ipsec_policy_t], 743 [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])], 744 [], 745 [ 746 #include <sys/types.h> 747 #include <netinet6/ipsec.h> 748 ]) 749 750 # Check if kernel support is available for Security Context, defaults to no. 751 kernel_secctx="no" 752 753 AC_MSG_CHECKING(kernel Security Context support) 754 case $host_os in 755 linux*) 756 # Linux kernel Security Context check 757 AC_EGREP_CPP(yes, 758 [#include <linux/pfkeyv2.h> 759 #ifdef SADB_X_EXT_SEC_CTX 760 yes 761 #endif 762 ], [kernel_secctx="yes"]) 763 ;; 764 esac 765 AC_MSG_RESULT($kernel_secctx) 766 767 AC_CHECK_HEADER(selinux/selinux.h, 768 [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes], 769 [selinux_support=no])], [selinux_support=no]) 770 771 AC_MSG_CHECKING(whether to support Security Context) 772 AC_ARG_ENABLE(security-context, 773 [ --enable-security-context enable Security Context(yes/no/kernel)], 774 [if test "$enable_security_context" = "kernel"; then 775 enable_security_context=$kernel_secctx; fi], 776 [enable_security_context=$kernel_secctx]) 777 AC_MSG_RESULT($enable_security_context) 778 779 if test "$enable_security_context" = "yes"; then 780 if test "$kernel_secctx" = "no" ; then 781 AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.]) 782 else 783 if test "$selinux_support" = "no"; then 784 AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.]) 785 else 786 AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context]) 787 SECCTX_OBJS="security.o" 788 AC_SUBST(SECCTX_OBJS) 789 LIBS="$LIBS -lselinux" 790 fi 791 fi 792 fi 793 794 RACOON_PATH_LIBS([clock_gettime], [rt]) 795 796 AC_MSG_CHECKING(for monotonic system clock) 797 AC_TRY_COMPILE( 798 [#include <time.h>], 799 [clock_gettime(CLOCK_MONOTONIC, NULL);], 800 [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock]) 801 AC_MSG_RESULT(yes)], 802 [AC_MSG_RESULT(no)]) 803 804 CFLAGS="$CFLAGS $CFLAGS_ADD" 805 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 806 807 case $host in 808 *linux*) 809 # Remove KERNEL_INCLUDE from CPPFLAGS. It will 810 # be symlinked to src/include-glibc/linux in 811 # compile time. 812 CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` 813 ;; 814 esac 815 816 include_racoondir=${includedir}/racoon 817 AC_SUBST(include_racoondir) 818 819 AC_CONFIG_FILES([ 820 Makefile 821 package_version.h 822 src/Makefile 823 src/include-glibc/Makefile 824 src/libipsec/Makefile 825 src/setkey/Makefile 826 src/racoon/Makefile 827 src/racoon/samples/psk.txt 828 src/racoon/samples/racoon.conf 829 rpm/Makefile 830 rpm/suse/Makefile 831 rpm/suse/ipsec-tools.spec 832 ]) 833 AC_OUTPUT 834
Indexes created Fri Feb 27 05:31:41 UTC 2026