configure.ac revision 1.8
1 dnl -*- mode: m4 -*- 2 dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp 3 4 AC_PREREQ(2.52) 5 AC_INIT(ipsec-tools, CVS) 6 AC_CONFIG_SRCDIR([configure.ac]) 7 AM_CONFIG_HEADER(config.h) 8 9 AM_INIT_AUTOMAKE(dist-bzip2) 10 11 AC_ENABLE_SHARED(no) 12 13 AC_PROG_CC 14 AM_PROG_CC_STDC 15 AC_HEADER_STDC 16 AC_PROG_LIBTOOL 17 AC_PROG_YACC 18 AM_PROG_LEX 19 AC_SUBST(LEXLIB) 20 AC_PROG_EGREP 21 22 CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" 23 24 case $host in 25 *netbsd*) 26 LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" 27 ;; 28 *linux*) 29 LIBS="$LIBS -lresolv" 30 INSTALL_OPTS="-o bin -g bin" 31 INCLUDE_GLIBC="include-glibc" 32 RPM="rpm" 33 AC_SUBST(INSTALL_OPTS) 34 AC_SUBST(INCLUDE_GLIBC) 35 AC_SUBST(RPM) 36 ;; 37 *darwin*) 38 LIBS="$LIBS -lresolv" 39 ;; 40 esac 41 42 # Look up some IPsec-related headers 43 AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) 44 AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) 45 AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) 46 AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no]) 47 48 # FreeBSD >=7 has only <netipsec/ipsec.h> 49 # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h> 50 # XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>, 51 # we can't decide which one to use (actually <netinet6/ipsec.h>) 52 53 54 if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then 55 have_netinet_ipsec=yes 56 AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h]) 57 else 58 if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then 59 have_netinet_ipsec=yes 60 AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h]) 61 else 62 # have_netinet_ipsec will be checked a few lines below 63 AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h]) 64 fi 65 fi 66 67 case "$host_os" in 68 *linux*) 69 AC_ARG_WITH(kernel-headers, 70 AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include], 71 [where your Linux Kernel headers are installed]), 72 [ KERNEL_INCLUDE="$with_kernel_headers" 73 CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" 74 AC_SUBST(CONFIGURE_AMFLAGS) ], 75 [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) 76 77 AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , 78 [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, 79 KERNEL_INCLUDE=/usr/src/linux/include , 80 [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) 81 AC_SUBST(KERNEL_INCLUDE) 82 # We need the configure script to run with correct kernel headers. 83 # However we don't want to point to kernel source tree in compile time, 84 # i.e. this will be removed from CPPFLAGS at the end of configure. 85 CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" 86 87 AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 88 [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], 89 [Are PF_KEY policy priorities supported?])], [], 90 [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) 91 92 GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' 93 GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" 94 CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" 95 CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS" 96 AC_SUBST(GLIBC_BUGS) 97 ;; 98 *) 99 if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then 100 if test "$have_net_pfkey" = yes; then 101 AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) 102 else 103 AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) 104 fi 105 fi 106 ;; 107 esac 108 109 ### Some basic toolchain checks 110 111 # Checks for header files. 112 AC_HEADER_STDC 113 AC_HEADER_SYS_WAIT 114 AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) 115 AC_CHECK_HEADERS(shadow.h) 116 117 # Checks for typedefs, structures, and compiler characteristics. 118 AC_C_CONST 119 AC_TYPE_PID_T 120 AC_TYPE_SIZE_T 121 AC_HEADER_TIME 122 AC_STRUCT_TM 123 124 # Checks for library functions. 125 AC_FUNC_MEMCMP 126 AC_TYPE_SIGNAL 127 AC_FUNC_VPRINTF 128 AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat) 129 AC_REPLACE_FUNCS(strdup) 130 RACOON_CHECK_VA_COPY 131 132 # Check if printf accepts "%z" type modifier for size_t argument 133 AC_MSG_CHECKING(if printf accepts %z) 134 saved_CFLAGS=$CFLAGS 135 CFLAGS="$CFLAGS -Wall -Werror" 136 AC_TRY_COMPILE([ 137 #include <stdio.h> 138 ], [ 139 printf("%zu\n", (size_t)-1); 140 ], 141 [AC_MSG_RESULT(yes)], 142 [AC_MSG_RESULT(no); 143 CFLAGS_ADD="$CFLAGS_ADD -Wno-format"; 144 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.]) 145 ]) 146 CFLAGS=$saved_CFLAGS 147 148 # Can we use __func__ macro? 149 AC_MSG_CHECKING(if __func__ is available) 150 AC_TRY_COMPILE( 151 [#include <stdio.h> 152 ], [char *x = __func__;], 153 [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) 154 AC_MSG_RESULT(yes)], 155 [AC_MSG_RESULT(no)]) 156 157 # Check if readline support is requested 158 AC_MSG_CHECKING(if readline support is requested) 159 AC_ARG_WITH(readline, 160 [ --with-readline support readline input (yes by default)], 161 [with_readline="$withval"], [with_readline="yes"]) 162 AC_MSG_RESULT($with_readline) 163 164 # Is readline available? 165 if test $with_readline != "no"; then 166 AC_CHECK_HEADER([readline/readline.h], 167 [AC_CHECK_LIB(readline, readline, [ 168 AC_DEFINE(HAVE_READLINE, [], 169 [Is readline available?]) 170 LIBS="$LIBS -lreadline" 171 ], [])], []) 172 fi 173 174 175 AC_MSG_CHECKING(if --with-flex option is specified) 176 AC_ARG_WITH(flexdir, 177 [AC_HELP_STRING([--with-flex], [use directiory (default: no)])], 178 [flexdir="$withval"]) 179 AC_MSG_RESULT(${flexdir-dirdefault}) 180 181 if test "x$flexdir" != "x"; then 182 LIBS="$LIBS $flexdir/libfl.a" 183 fi 184 185 AC_MSG_CHECKING(if --with-flexlib option is specified) 186 AC_ARG_WITH(flexlib, 187 [ --with-flexlib=<LIB> specify flex library.], 188 [flexlib="$withval"]) 189 AC_MSG_RESULT(${flexlib-default}) 190 191 if test "x$flexlib" != "x"; then 192 LIBS="$LIBS $flexlib" 193 fi 194 195 # Check if a different OpenSSL directory was specified 196 AC_MSG_CHECKING(if --with-openssl option is specified) 197 AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], 198 [crypto_dir=$withval]) 199 AC_MSG_RESULT(${crypto_dir-default}) 200 201 if test "x$crypto_dir" != "x"; then 202 LIBS="$LIBS -L${crypto_dir}/lib" 203 CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS" 204 fi 205 AC_MSG_CHECKING(openssl version) 206 207 AC_TRY_COMPILE( 208 [#include <openssl/opensslv.h> 209 ], 210 [#if OPENSSL_VERSION_NUMBER < 0x0090602fL 211 #error OpenSSL version is too old ... 212 #endif], 213 [AC_MSG_RESULT([ok])], 214 [AC_MSG_RESULT(too old) 215 AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.]) 216 ]) 217 218 AC_CHECK_HEADERS(openssl/engine.h) 219 220 # checking rijndael 221 AC_CHECK_HEADERS([openssl/aes.h], [], 222 [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) 223 224 # checking sha2 225 AC_MSG_CHECKING(sha2 support) 226 AC_DEFINE([WITH_SHA2], [], [SHA2 support]) 227 AC_MSG_RESULT(yes) 228 AC_CHECK_HEADER(openssl/sha2.h, [], [ 229 AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h) 230 AC_TRY_COMPILE([ 231 #ifdef HAVE_SYS_TYPES_H 232 #include <sys/types.h> 233 #endif 234 #include <openssl/sha.h> 235 ], [ 236 SHA256_CTX ctx; 237 ], [ 238 AC_MSG_RESULT(yes) 239 AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h]) 240 ], [AC_MSG_RESULT(no) 241 AC_LIBOBJ([sha2]) 242 CRYPTOBJS="$CRYPTOBJS sha2.o" 243 ]) 244 245 CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing" 246 ]) 247 AC_SUBST(CRYPTOBJS) 248 249 # checking camellia 250 AC_CHECK_HEADERS([openssl/camellia.h]) 251 252 253 # Option --enable-adminport 254 AC_MSG_CHECKING(if --enable-adminport option is specified) 255 AC_ARG_ENABLE(adminport, 256 [ --enable-adminport enable admin port], 257 [], [enable_adminport=no]) 258 if test $enable_adminport = "yes"; then 259 AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) 260 fi 261 AC_MSG_RESULT($enable_adminport) 262 263 # Option RC5 264 AC_MSG_CHECKING(if --enable-rc5 option is specified) 265 AC_ARG_ENABLE(rc5, 266 [ --enable-rc5 enable RC5 encryption (patented)], 267 [], [enable_rc5=no]) 268 AC_MSG_RESULT($enable_rc5) 269 270 if test $enable_rc5 = "yes"; then 271 AC_CHECK_HEADERS([openssl/rc5.h]) 272 AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt], 273 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"]) 274 fi 275 276 # Option IDEA 277 AC_MSG_CHECKING(if --enable-idea option is specified) 278 AC_ARG_ENABLE(idea, 279 [ --enable-idea enable IDEA encryption (patented)], 280 [], [enable_idea=no]) 281 AC_MSG_RESULT($enable_idea) 282 283 if test $enable_idea = "yes"; then 284 AC_CHECK_HEADERS([openssl/idea.h]) 285 AC_CHECK_LIB([crypto_idea], [idea_encrypt], 286 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"]) 287 fi 288 AC_SUBST(EXTRA_CRYPTO) 289 290 # For dynamic libradius 291 RACOON_PATH_LIBS([MD5_Init], [crypto]) 292 293 # Check if we need -lutil for login(3) 294 RACOON_PATH_LIBS([login], [util]) 295 296 # Specify libiconv prefix 297 AC_MSG_CHECKING(if --with-libiconv option is specified) 298 AC_ARG_WITH(libiconv, 299 [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)], 300 [libiconv_dir=$withval], 301 [libiconv_dir=no]) 302 AC_MSG_RESULT($libiconv_dir) 303 if test "$libiconv_dir" != "no"; then 304 if test "$libiconv_dir" = "yes" ; then 305 libiconv_dir=""; 306 fi; 307 if test "x$libiconv_dir" = "x"; then 308 RACOON_PATH_LIBS([iconv_open], [iconv]) 309 else 310 if test -d "$libiconv_dir/lib" -a \ 311 -d "$libiconv_dir/include" ; then 312 RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"]) 313 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include" 314 else 315 AC_MSG_ERROR([ICONV libs or includes not found. Aborting.]) 316 fi 317 fi 318 LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv" 319 AC_CHECK_FUNCS(iconv_open) 320 fi 321 322 AC_MSG_CHECKING([if --enable-hybrid option is specified]) 323 AC_ARG_ENABLE(hybrid, 324 [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], 325 [], [enable_hybrid=no]) 326 AC_MSG_RESULT($enable_hybrid) 327 328 if test "x$enable_hybrid" = "xyes"; then 329 case $host in 330 *darwin*) 331 ;; 332 *) 333 LIBS="$LIBS -lcrypt"; 334 ;; 335 esac 336 HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" 337 AC_SUBST(HYBRID_OBJS) 338 AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) 339 fi 340 341 AC_MSG_CHECKING([if --enable-frag option is specified]) 342 AC_ARG_ENABLE(frag, 343 [ --enable-frag enable IKE fragmentation payload support], 344 [], [enable_frag=no]) 345 AC_MSG_RESULT($enable_frag) 346 347 if test "x$enable_frag" = "xyes"; then 348 case $host in 349 *darwin*) 350 ;; 351 *) 352 LIBS="$LIBS -lcrypt"; 353 ;; 354 esac 355 FRAG_OBJS="isakmp_frag.o" 356 AC_SUBST(FRAG_OBJS) 357 AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) 358 fi 359 360 AC_MSG_CHECKING(if --with-libradius option is specified) 361 AC_ARG_WITH(libradius, 362 [ --with-libradius=DIR specify libradius path (like/usr/pkg)], 363 [libradius_dir=$withval], 364 [libradius_dir=no]) 365 AC_MSG_RESULT($libradius_dir) 366 if test "$libradius_dir" != "no"; then 367 if test "$libradius_dir" = "yes" ; then 368 libradius_dir=""; 369 fi; 370 if test "x$libradius_dir" = "x"; then 371 RACOON_PATH_LIBS([rad_create_request], [radius]) 372 else 373 if test -d "$libradius_dir/lib" -a \ 374 -d "$libradius_dir/include" ; then 375 RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) 376 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" 377 else 378 AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) 379 fi 380 fi 381 AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) 382 LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" 383 AC_CHECK_FUNCS(rad_create_request) 384 fi 385 386 AC_MSG_CHECKING(if --with-libpam option is specified) 387 AC_ARG_WITH(libpam, 388 [ --with-libpam=DIR specify libpam path (like/usr/pkg)], 389 [libpam_dir=$withval], 390 [libpam_dir=no]) 391 AC_MSG_RESULT($libpam_dir) 392 if test "$libpam_dir" != "no"; then 393 if test "$libpam_dir" = "yes" ; then 394 libpam_dir=""; 395 fi; 396 if test "x$libpam_dir" = "x"; then 397 RACOON_PATH_LIBS([pam_start], [pam]) 398 else 399 if test -d "$libpam_dir/lib" -a \ 400 -d "$libpam_dir/include" ; then 401 RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"]) 402 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include" 403 else 404 AC_MSG_ERROR([PAM libs or includes not found. Aborting.]) 405 fi 406 fi 407 AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM]) 408 LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam" 409 AC_CHECK_FUNCS(pam_start) 410 fi 411 412 AC_MSG_CHECKING(if --with-libldap option is specified) 413 AC_ARG_WITH(libldap, 414 [ --with-libldap=DIR specify libldap path (like/usr/pkg)], 415 [libldap_dir=$withval], 416 [libldap_dir=no]) 417 AC_MSG_RESULT($libldap_dir) 418 if test "$libldap_dir" != "no"; then 419 if test "$libldap_dir" = "yes" ; then 420 libldap_dir=""; 421 fi; 422 if test "x$libldap_dir" = "x"; then 423 RACOON_PATH_LIBS([ldap_init], [ldap]) 424 else 425 if test -d "$libldap_dir/lib" -a \ 426 -d "$libldap_dir/include" ; then 427 RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"]) 428 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include" 429 else 430 AC_MSG_ERROR([LDAP libs or includes not found. Aborting.]) 431 fi 432 fi 433 AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP]) 434 LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap" 435 436 saved_CFLAGS=$CFLAGS 437 CFLAGS="$CFLAGS -Wall -Werror" 438 saved_CPPFLAGS=$CPPFLAGS 439 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 440 AC_TRY_COMPILE( 441 [#include <ldap.h>], 442 [ 443 #if LDAP_API_VERSION < 2004 444 #error OpenLDAP version is too old ... 445 #endif 446 ], 447 [AC_MSG_RESULT([ok])], 448 [ 449 AC_MSG_RESULT(too old) 450 AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.]) 451 ]) 452 CFLAGS=$saved_CFLAGS 453 CPPFLAGS=$saved_CPPFLAGS 454 fi 455 456 # Check for Kerberos5 support 457 # XXX This must come after all --with-* tests, else the 458 # -liconv checks will not work 459 AC_MSG_CHECKING(if --enable-gssapi option is specified) 460 AC_ARG_ENABLE(gssapi, 461 [ --enable-gssapi enable GSS-API authentication], 462 [], [enable_gssapi=no]) 463 AC_MSG_RESULT($enable_gssapi) 464 AC_PATH_PROG(KRB5_CONFIG,krb5-config,no) 465 if test "x$enable_gssapi" = "xyes"; then 466 if test "$KRB5_CONFIG" != "no"; then 467 krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" 468 krb5_libs="`$KRB5_CONFIG --libs gssapi`" 469 else 470 # No krb5-config; let's make some assumptions based on 471 # the OS. 472 case $host_os in 473 netbsd*) 474 krb5_incdir="-I/usr/include/krb5" 475 krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1" 476 ;; 477 *) 478 AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) 479 ;; 480 esac 481 fi 482 LIBS="$LIBS $krb5_libs" 483 CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" 484 AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) 485 486 # Check if iconv 2nd argument needs const 487 saved_CFLAGS=$CFLAGS 488 CFLAGS="$CFLAGS -Wall -Werror" 489 saved_CPPFLAGS=$CPPFLAGS 490 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 491 AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])]) 492 AC_MSG_CHECKING([if iconv second argument needs const]) 493 AC_TRY_COMPILE([ 494 #include <iconv.h> 495 #include <stdio.h> 496 ], [ 497 iconv_t cd = NULL; 498 const char **src = NULL; 499 size_t *srcleft = NULL; 500 char **dst = NULL; 501 size_t *dstleft = NULL; 502 503 (void)iconv(cd, src, srcleft, dst, dstleft); 504 ], [AC_MSG_RESULT(yes) 505 AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const]) 506 ], [AC_MSG_RESULT(no)]) 507 CFLAGS=$saved_CFLAGS 508 CPPFLAGS=$saved_CPPFLAGS 509 510 # libiconv is often integrated into libc. If a with-* option 511 # caused a non libc-based iconv.h to be catched instead of 512 # the libc-based iconv.h, then we need to link with -liconv 513 AC_MSG_CHECKING(if -liconv is required) 514 saved_CPPFLAGS=$CPPFLAGS 515 saved_LIBS=$LIBS 516 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 517 AC_TRY_LINK([ 518 #include <iconv.h> 519 ], [ 520 (void)iconv_open("ascii", "ascii"); 521 ], 522 [AC_MSG_RESULT(no)], 523 [ 524 LIBS="$LIBS -liconv" 525 AC_TRY_LINK([ 526 #include <iconv.h> 527 ], [ 528 (void)iconv_open("ascii", "ascii"); 529 ], 530 [ 531 AC_MSG_RESULT(yes) 532 saved_LIBS=$LIBS 533 ], [ 534 AC_MSG_ERROR([cannot use iconv]) 535 ]) 536 ]) 537 CPPFLAGS=$saved_CPPFLAGS 538 LIBS=$saved_LIBS 539 fi 540 541 AC_MSG_CHECKING(if --enable-stats option is specified) 542 AC_ARG_ENABLE(stats, 543 [ --enable-stats enable statistics logging function], 544 [], [enable_stats=no]) 545 if test "x$enable_stats" = "xyes"; then 546 AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) 547 fi 548 AC_MSG_RESULT($enable_stats) 549 550 AC_MSG_CHECKING(if --enable-dpd option is specified) 551 AC_ARG_ENABLE(dpd, 552 [ --enable-dpd enable dead peer detection], 553 [], [enable_dpd=no]) 554 if test "x$enable_dpd" = "xyes"; then 555 AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) 556 fi 557 AC_MSG_RESULT($enable_dpd) 558 559 AC_MSG_CHECKING(if --enable-fastquit option is specified) 560 AC_ARG_ENABLE(fastquit, 561 [ --enable-fastquit enable new faster code to flush SAs when stopping racoon], 562 [], [enable_fastquit=no]) 563 if test "x$enable_fastquit" = "xyes"; then 564 AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code]) 565 fi 566 AC_MSG_RESULT($enable_fastquit) 567 568 569 AC_MSG_CHECKING(if --enable-samode-unspec option is specified) 570 AC_ARG_ENABLE(samode-unspec, 571 [ --enable-samode-unspec enable to use unspecified a mode of SA], 572 [], [enable_samode_unspec=no]) 573 if test "x$enable_samode_unspec" = "xyes"; then 574 case $host_os in 575 *linux*) 576 cat << EOC 577 578 ERROR: --enable-samode-unspec is not supported under linux 579 because linux kernel do not support it. This option is disabled 580 to prevent mysterious problems. 581 582 If you REALLY know what your are doing, remove this check. 583 EOC 584 exit 1; 585 ;; 586 esac 587 AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) 588 fi 589 AC_MSG_RESULT($enable_samode_unspec) 590 591 # Checks if IPv6 is requested 592 AC_MSG_CHECKING([whether to enable ipv6]) 593 AC_ARG_ENABLE(ipv6, 594 [ --disable-ipv6 disable ipv6 support], 595 [ case "$enableval" in 596 no) 597 AC_MSG_RESULT(no) 598 ipv6=no 599 ;; 600 *) AC_MSG_RESULT(yes) 601 ipv6=yes 602 ;; 603 esac ], 604 605 AC_TRY_RUN([ /* AF_INET6 avalable check */ 606 #include <sys/types.h> 607 #include <sys/socket.h> 608 main() 609 { 610 exit(0); 611 if (socket(AF_INET6, SOCK_STREAM, 0) < 0) 612 exit(1); 613 else 614 exit(0); 615 } 616 ], 617 AC_MSG_RESULT(yes) 618 AC_DEFINE([INET6], [], [Support IPv6]) 619 ipv6=yes, 620 AC_MSG_RESULT(no) 621 ipv6=no, 622 AC_MSG_RESULT(no) 623 ipv6=no 624 )) 625 626 if test "$ipv6" = "yes"; then 627 AC_DEFINE([INET6], [], [Support IPv6]) 628 AC_MSG_CHECKING(for advanced API support) 629 AC_TRY_COMPILE([#ifndef INET6 630 #define INET6 631 #endif 632 #include <sys/types.h> 633 #include <netinet/in.h>], 634 [struct in6_pktinfo a;], 635 [AC_MSG_RESULT(yes) 636 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], 637 [AC_MSG_RESULT(no)]) 638 fi 639 640 RACOON_CHECK_BUGGY_GETADDRINFO 641 if test "$buggygetaddrinfo" = "yes"; then 642 AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) 643 fi 644 645 # Check if kernel support is available for NAT-T, defaults to no. 646 kernel_natt="no" 647 648 AC_MSG_CHECKING(kernel NAT-Traversal support) 649 case $host_os in 650 linux*) 651 # Linux kernel NAT-T check 652 AC_EGREP_CPP(yes, 653 [#include <linux/pfkeyv2.h> 654 #ifdef SADB_X_EXT_NAT_T_TYPE 655 yes 656 #endif 657 ], [kernel_natt="yes"]) 658 ;; 659 freebsd*|netbsd*) 660 # NetBSD case 661 # Same check for FreeBSD 662 AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, 663 [kernel_natt="yes"],, [ 664 #define _KERNEL 665 #include <sys/types.h> 666 #include <net/pfkeyv2.h> 667 ]) 668 ;; 669 esac 670 AC_MSG_RESULT($kernel_natt) 671 672 AC_MSG_CHECKING(whether to support NAT-T) 673 AC_ARG_ENABLE(natt, 674 [ --enable-natt enable NAT-Traversal (yes/no/kernel)], 675 [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ], 676 [ enable_natt=no ]) 677 AC_MSG_RESULT($enable_natt) 678 679 if test "$enable_natt" = "yes"; then 680 if test "$kernel_natt" = "no" ; then 681 AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) 682 else 683 AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) 684 NATT_OBJS="nattraversal.o" 685 AC_SUBST(NATT_OBJS) 686 fi 687 fi 688 689 # Set up defines for supported NAT-T versions. 690 natt_versions_default="00,02,rfc" 691 AC_MSG_CHECKING(which NAT-T versions to support) 692 AC_ARG_ENABLE(natt_versions, 693 [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], 694 [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], 695 [ enable_natt_versions=$natt_versions_default ]) 696 if test "$enable_natt" = "yes"; then 697 AC_MSG_RESULT($enable_natt_versions) 698 for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do 699 case $i in 700 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; 701 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; 702 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; 703 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; 704 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; 705 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; 706 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; 707 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; 708 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; 709 RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; 710 *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; 711 esac 712 done 713 unset i 714 else 715 AC_MSG_RESULT([none]) 716 fi 717 718 AC_MSG_CHECKING(if --enable-broken-natt option is specified) 719 AC_ARG_ENABLE(broken-natt, 720 [ --enable-broken-natt broken in-kernel NAT-T], 721 [], [enable_broken_natt=no]) 722 if test "x$enable_broken_natt" = "xyes"; then 723 AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken]) 724 fi 725 AC_MSG_RESULT($enable_broken_natt) 726 727 AC_MSG_CHECKING(whether we support FWD policy) 728 case $host in 729 *linux*) 730 AC_TRY_COMPILE([ 731 #include <inttypes.h> 732 #include <linux/ipsec.h> 733 ], [ 734 int fwd = IPSEC_DIR_FWD; 735 ], 736 [AC_MSG_RESULT(yes) 737 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], 738 [AC_MSG_RESULT(no)]) 739 ;; 740 *) 741 AC_MSG_RESULT(no) 742 ;; 743 esac 744 745 AC_CHECK_TYPE([ipsec_policy_t], 746 [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])], 747 [], 748 [ 749 #include <sys/types.h> 750 #include <netinet6/ipsec.h> 751 ]) 752 753 # Check if kernel support is available for Security Context, defaults to no. 754 kernel_secctx="no" 755 756 AC_MSG_CHECKING(kernel Security Context support) 757 case $host_os in 758 linux*) 759 # Linux kernel Security Context check 760 AC_EGREP_CPP(yes, 761 [#include <linux/pfkeyv2.h> 762 #ifdef SADB_X_EXT_SEC_CTX 763 yes 764 #endif 765 ], [kernel_secctx="yes"]) 766 ;; 767 esac 768 AC_MSG_RESULT($kernel_secctx) 769 770 AC_CHECK_HEADER(selinux/selinux.h, 771 [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes], 772 [selinux_support=no])], [selinux_support=no]) 773 774 AC_MSG_CHECKING(whether to support Security Context) 775 AC_ARG_ENABLE(security-context, 776 [ --enable-security-context enable Security Context(yes/no/kernel)], 777 [if test "$enable_security_context" = "kernel"; then 778 enable_security_context=$kernel_secctx; fi], 779 [enable_security_context=$kernel_secctx]) 780 AC_MSG_RESULT($enable_security_context) 781 782 if test "$enable_security_context" = "yes"; then 783 if test "$kernel_secctx" = "no" ; then 784 AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.]) 785 else 786 if test "$selinux_support" = "no"; then 787 AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.]) 788 else 789 AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context]) 790 SECCTX_OBJS="security.o" 791 AC_SUBST(SECCTX_OBJS) 792 LIBS="$LIBS -lselinux" 793 fi 794 fi 795 fi 796 797 CFLAGS="$CFLAGS $CFLAGS_ADD" 798 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 799 800 case $host in 801 *linux*) 802 # Remove KERNEL_INCLUDE from CPPFLAGS. It will 803 # be symlinked to src/include-glibc/linux in 804 # compile time. 805 CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` 806 ;; 807 esac 808 809 include_racoondir=${includedir}/racoon 810 AC_SUBST(include_racoondir) 811 812 AC_CONFIG_FILES([ 813 Makefile 814 package_version.h 815 src/Makefile 816 src/include-glibc/Makefile 817 src/libipsec/Makefile 818 src/setkey/Makefile 819 src/racoon/Makefile 820 src/racoon/samples/psk.txt 821 src/racoon/samples/racoon.conf 822 rpm/Makefile 823 rpm/suse/Makefile 824 rpm/suse/ipsec-tools.spec 825 ]) 826 AC_OUTPUT 827
Indexes created Sat Feb 28 05:31:39 UTC 2026