| blob | daca418e2e6724d53630f8c163a5ca373a7c260e |
1 dnl -*- mode: m4 -*-
2 dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
4 AC_PREREQ(2.52)
5 AC_INIT(ipsec-tools, CVS)
6 AC_CONFIG_SRCDIR([configure.ac])
7 AM_CONFIG_HEADER(config.h)
9 AM_INIT_AUTOMAKE(dist-bzip2)
11 AC_ENABLE_SHARED(no)
13 AC_PROG_CC
14 AM_PROG_CC_STDC
15 AC_HEADER_STDC
16 AC_PROG_LIBTOOL
17 AC_PROG_YACC
18 AM_PROG_LEX
19 AC_SUBST(LEXLIB)
20 AC_PROG_EGREP
22 CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
24 case $host in
25 *netbsd*)
26 LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
27 ;;
28 *linux*)
29 LIBS="$LIBS -lresolv"
30 INSTALL_OPTS="-o bin -g bin"
31 INCLUDE_GLIBC="include-glibc"
32 RPM="rpm"
33 AC_SUBST(INSTALL_OPTS)
34 AC_SUBST(INCLUDE_GLIBC)
35 AC_SUBST(RPM)
36 ;;
37 *darwin*)
38 LIBS="$LIBS -lresolv"
39 ;;
40 esac
42 # Look up some IPsec-related headers
43 AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
44 AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
45 AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
46 AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no])
48 # FreeBSD >=7 has only <netipsec/ipsec.h>
49 # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
50 # XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>,
51 # we can't decide which one to use (actually <netinet6/ipsec.h>)
54 if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then
55 have_netinet_ipsec=yes
56 AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h])
57 else
58 if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
59 have_netinet_ipsec=yes
60 AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h])
61 else
62 # have_netinet_ipsec will be checked a few lines below
63 AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h])
64 fi
65 fi
67 case "$host_os" in
68 *linux*)
69 AC_ARG_WITH(kernel-headers,
70 AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
71 [where your Linux Kernel headers are installed]),
72 [ KERNEL_INCLUDE="$with_kernel_headers"
73 CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
74 AC_SUBST(CONFIGURE_AMFLAGS) ],
75 [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
77 AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
78 [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
79 KERNEL_INCLUDE=/usr/src/linux/include ,
80 [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
81 AC_SUBST(KERNEL_INCLUDE)
82 # We need the configure script to run with correct kernel headers.
83 # However we don't want to point to kernel source tree in compile time,
84 # i.e. this will be removed from CPPFLAGS at the end of configure.
85 CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
87 AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority,
88 [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
89 [Are PF_KEY policy priorities supported?])], [],
90 [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
92 GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
93 GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
94 CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
95 CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
96 AC_SUBST(GLIBC_BUGS)
97 ;;
98 *)
99 if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
100 if test "$have_net_pfkey" = yes; then
101 AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
102 else
103 AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
104 fi
105 fi
106 ;;
107 esac
109 ### Some basic toolchain checks
111 # Checks for header files.
112 AC_HEADER_STDC
113 AC_HEADER_SYS_WAIT
114 AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
115 AC_CHECK_HEADERS(shadow.h)
117 # Checks for typedefs, structures, and compiler characteristics.
118 AC_C_CONST
119 AC_TYPE_PID_T
120 AC_TYPE_SIZE_T
121 AC_HEADER_TIME
122 AC_STRUCT_TM
124 # Checks for library functions.
125 AC_FUNC_MEMCMP
126 AC_TYPE_SIGNAL
127 AC_FUNC_VPRINTF
128 AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
129 AC_REPLACE_FUNCS(strdup)
130 RACOON_CHECK_VA_COPY
132 # Check if printf accepts "%z" type modifier for size_t argument
133 AC_MSG_CHECKING(if printf accepts %z)
134 saved_CFLAGS=$CFLAGS
135 CFLAGS="$CFLAGS -Wall -Werror"
136 AC_TRY_COMPILE([
137 #include <stdio.h>
138 ], [
139 printf("%zu\n", (size_t)-1);
140 ],
141 [AC_MSG_RESULT(yes)],
142 [AC_MSG_RESULT(no);
143 CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
144 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
145 ])
146 CFLAGS=$saved_CFLAGS
148 # Can we use __func__ macro?
149 AC_MSG_CHECKING(if __func__ is available)
150 AC_TRY_COMPILE(
151 [#include <stdio.h>
152 ], [char *x = __func__;],
153 [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
154 AC_MSG_RESULT(yes)],
155 [AC_MSG_RESULT(no)])
157 # Check if readline support is requested
158 AC_MSG_CHECKING(if readline support is requested)
159 AC_ARG_WITH(readline,
160 [ --with-readline support readline input (yes by default)],
161 [with_readline="$withval"], [with_readline="yes"])
162 AC_MSG_RESULT($with_readline)
164 # Is readline available?
165 if test $with_readline != "no"; then
166 AC_CHECK_HEADER([readline/readline.h],
167 [AC_CHECK_LIB(readline, readline, [
168 AC_DEFINE(HAVE_READLINE, [],
169 [Is readline available?])
170 LIBS="$LIBS -lreadline"
171 ], [])], [])
172 fi
175 AC_MSG_CHECKING(if --with-flex option is specified)
176 AC_ARG_WITH(flexdir,
177 [AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
178 [flexdir="$withval"])
179 AC_MSG_RESULT(${flexdir-dirdefault})
181 if test "x$flexdir" != "x"; then
182 LIBS="$LIBS $flexdir/libfl.a"
183 fi
185 AC_MSG_CHECKING(if --with-flexlib option is specified)
186 AC_ARG_WITH(flexlib,
187 [ --with-flexlib=<LIB> specify flex library.],
188 [flexlib="$withval"])
189 AC_MSG_RESULT(${flexlib-default})
191 if test "x$flexlib" != "x"; then
192 LIBS="$LIBS $flexlib"
193 fi
195 # Check if a different OpenSSL directory was specified
196 AC_MSG_CHECKING(if --with-openssl option is specified)
197 AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory],
198 [crypto_dir=$withval])
199 AC_MSG_RESULT(${crypto_dir-default})
201 if test "x$crypto_dir" != "x"; then
202 LIBS="$LIBS -L${crypto_dir}/lib"
203 CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
204 fi
205 AC_MSG_CHECKING(openssl version)
207 AC_TRY_COMPILE(
208 [#include <openssl/opensslv.h>
209 ],
210 [#if OPENSSL_VERSION_NUMBER < 0x0090602fL
211 #error OpenSSL version is too old ...
212 #endif],
213 [AC_MSG_RESULT([ok])],
214 [AC_MSG_RESULT(too old)
215 AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
216 ])
218 AC_CHECK_HEADERS(openssl/engine.h)
220 # checking rijndael
221 AC_CHECK_HEADERS([openssl/aes.h], [],
222 [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
224 # checking sha2
225 AC_MSG_CHECKING(sha2 support)
226 AC_DEFINE([WITH_SHA2], [], [SHA2 support])
227 AC_MSG_RESULT(yes)
228 AC_CHECK_HEADER(openssl/sha2.h, [], [
229 AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
230 AC_TRY_COMPILE([
231 #ifdef HAVE_SYS_TYPES_H
232 #include <sys/types.h>
233 #endif
234 #include <openssl/sha.h>
235 ], [
236 SHA256_CTX ctx;
237 ], [
238 AC_MSG_RESULT(yes)
239 AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
240 ], [AC_MSG_RESULT(no)
241 AC_LIBOBJ([sha2])
242 CRYPTOBJS="$CRYPTOBJS sha2.o"
243 ])
245 CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing"
246 ])
247 AC_SUBST(CRYPTOBJS)
249 # checking camellia
250 AC_CHECK_HEADERS([openssl/camellia.h])
253 # Option --enable-adminport
254 AC_MSG_CHECKING(if --enable-adminport option is specified)
255 AC_ARG_ENABLE(adminport,
256 [ --enable-adminport enable admin port],
257 [], [enable_adminport=no])
258 if test $enable_adminport = "yes"; then
259 AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
260 fi
261 AC_MSG_RESULT($enable_adminport)
263 # Option RC5
264 AC_MSG_CHECKING(if --enable-rc5 option is specified)
265 AC_ARG_ENABLE(rc5,
266 [ --enable-rc5 enable RC5 encryption (patented)],
267 [], [enable_rc5=no])
268 AC_MSG_RESULT($enable_rc5)
270 if test $enable_rc5 = "yes"; then
271 AC_CHECK_HEADERS([openssl/rc5.h])
272 AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
273 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
274 fi
276 # Option IDEA
277 AC_MSG_CHECKING(if --enable-idea option is specified)
278 AC_ARG_ENABLE(idea,
279 [ --enable-idea enable IDEA encryption (patented)],
280 [], [enable_idea=no])
281 AC_MSG_RESULT($enable_idea)
283 if test $enable_idea = "yes"; then
284 AC_CHECK_HEADERS([openssl/idea.h])
285 AC_CHECK_LIB([crypto_idea], [idea_encrypt],
286 [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
287 fi
288 AC_SUBST(EXTRA_CRYPTO)
290 # For dynamic libradius
291 RACOON_PATH_LIBS([MD5_Init], [crypto])
293 # Check if we need -lutil for login(3)
294 RACOON_PATH_LIBS([login], [util])
296 # Specify libiconv prefix
297 AC_MSG_CHECKING(if --with-libiconv option is specified)
298 AC_ARG_WITH(libiconv,
299 [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)],
300 [libiconv_dir=$withval],
301 [libiconv_dir=no])
302 AC_MSG_RESULT($libiconv_dir)
303 if test "$libiconv_dir" != "no"; then
304 if test "$libiconv_dir" = "yes" ; then
305 libiconv_dir="";
306 fi;
307 if test "x$libiconv_dir" = "x"; then
308 RACOON_PATH_LIBS([iconv_open], [iconv])
309 else
310 if test -d "$libiconv_dir/lib" -a \
311 -d "$libiconv_dir/include" ; then
312 RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
313 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
314 else
315 AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
316 fi
317 fi
318 LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
319 AC_CHECK_FUNCS(iconv_open)
320 fi
322 AC_MSG_CHECKING([if --enable-hybrid option is specified])
323 AC_ARG_ENABLE(hybrid,
324 [ --enable-hybrid enable hybrid, both mode-cfg and xauth support],
325 [], [enable_hybrid=no])
326 AC_MSG_RESULT($enable_hybrid)
328 if test "x$enable_hybrid" = "xyes"; then
329 case $host in
330 *darwin*)
331 ;;
332 *)
333 LIBS="$LIBS -lcrypt";
334 ;;
335 esac
336 HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
337 AC_SUBST(HYBRID_OBJS)
338 AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
339 fi
341 AC_MSG_CHECKING([if --enable-frag option is specified])
342 AC_ARG_ENABLE(frag,
343 [ --enable-frag enable IKE fragmentation payload support],
344 [], [enable_frag=no])
345 AC_MSG_RESULT($enable_frag)
347 if test "x$enable_frag" = "xyes"; then
348 case $host in
349 *darwin*)
350 ;;
351 *)
352 LIBS="$LIBS -lcrypt";
353 ;;
354 esac
355 FRAG_OBJS="isakmp_frag.o"
356 AC_SUBST(FRAG_OBJS)
357 AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
358 fi
360 AC_MSG_CHECKING(if --with-libradius option is specified)
361 AC_ARG_WITH(libradius,
362 [ --with-libradius=DIR specify libradius path (like/usr/pkg)],
363 [libradius_dir=$withval],
364 [libradius_dir=no])
365 AC_MSG_RESULT($libradius_dir)
366 if test "$libradius_dir" != "no"; then
367 if test "$libradius_dir" = "yes" ; then
368 libradius_dir="";
369 fi;
370 if test "x$libradius_dir" = "x"; then
371 RACOON_PATH_LIBS([rad_create_request], [radius])
372 else
373 if test -d "$libradius_dir/lib" -a \
374 -d "$libradius_dir/include" ; then
375 RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
376 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
377 else
378 AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
379 fi
380 fi
381 AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
382 LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
383 AC_CHECK_FUNCS(rad_create_request)
384 fi
386 AC_MSG_CHECKING(if --with-libpam option is specified)
387 AC_ARG_WITH(libpam,
388 [ --with-libpam=DIR specify libpam path (like/usr/pkg)],
389 [libpam_dir=$withval],
390 [libpam_dir=no])
391 AC_MSG_RESULT($libpam_dir)
392 if test "$libpam_dir" != "no"; then
393 if test "$libpam_dir" = "yes" ; then
394 libpam_dir="";
395 fi;
396 if test "x$libpam_dir" = "x"; then
397 RACOON_PATH_LIBS([pam_start], [pam])
398 else
399 if test -d "$libpam_dir/lib" -a \
400 -d "$libpam_dir/include" ; then
401 RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
402 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
403 else
404 AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
405 fi
406 fi
407 AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
408 LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
409 AC_CHECK_FUNCS(pam_start)
410 fi
412 AC_MSG_CHECKING(if --with-libldap option is specified)
413 AC_ARG_WITH(libldap,
414 [ --with-libldap=DIR specify libldap path (like/usr/pkg)],
415 [libldap_dir=$withval],
416 [libldap_dir=no])
417 AC_MSG_RESULT($libldap_dir)
418 if test "$libldap_dir" != "no"; then
419 if test "$libldap_dir" = "yes" ; then
420 libldap_dir="";
421 fi;
422 if test "x$libldap_dir" = "x"; then
423 RACOON_PATH_LIBS([ldap_init], [ldap])
424 else
425 if test -d "$libldap_dir/lib" -a \
426 -d "$libldap_dir/include" ; then
427 RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
428 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
429 else
430 AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
431 fi
432 fi
433 AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
434 LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
436 saved_CFLAGS=$CFLAGS
437 CFLAGS="$CFLAGS -Wall -Werror"
438 saved_CPPFLAGS=$CPPFLAGS
439 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
440 AC_TRY_COMPILE(
441 [#include <ldap.h>],
442 [
443 #if LDAP_API_VERSION < 2004
444 #error OpenLDAP version is too old ...
445 #endif
446 ],
447 [AC_MSG_RESULT([ok])],
448 [
449 AC_MSG_RESULT(too old)
450 AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
451 ])
452 CFLAGS=$saved_CFLAGS
453 CPPFLAGS=$saved_CPPFLAGS
454 fi
456 # Check for Kerberos5 support
457 # XXX This must come after all --with-* tests, else the
458 # -liconv checks will not work
459 AC_MSG_CHECKING(if --enable-gssapi option is specified)
460 AC_ARG_ENABLE(gssapi,
461 [ --enable-gssapi enable GSS-API authentication],
462 [], [enable_gssapi=no])
463 AC_MSG_RESULT($enable_gssapi)
464 AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
465 if test "x$enable_gssapi" = "xyes"; then
466 if test "$KRB5_CONFIG" != "no"; then
467 krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
468 krb5_libs="`$KRB5_CONFIG --libs gssapi`"
469 else
470 # No krb5-config; let's make some assumptions based on
471 # the OS.
472 case $host_os in
473 netbsd*)
474 krb5_incdir="-I/usr/include/krb5"
475 krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
476 ;;
477 *)
478 AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
479 ;;
480 esac
481 fi
482 LIBS="$LIBS $krb5_libs"
483 CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
484 AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
486 # Check if iconv 2nd argument needs const
487 saved_CFLAGS=$CFLAGS
488 CFLAGS="$CFLAGS -Wall -Werror"
489 saved_CPPFLAGS=$CPPFLAGS
490 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
491 AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
492 AC_MSG_CHECKING([if iconv second argument needs const])
493 AC_TRY_COMPILE([
494 #include <iconv.h>
495 #include <stdio.h>
496 ], [
497 iconv_t cd = NULL;
498 const char **src = NULL;
499 size_t *srcleft = NULL;
500 char **dst = NULL;
501 size_t *dstleft = NULL;
503 (void)iconv(cd, src, srcleft, dst, dstleft);
504 ], [AC_MSG_RESULT(yes)
505 AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
506 ], [AC_MSG_RESULT(no)])
507 CFLAGS=$saved_CFLAGS
508 CPPFLAGS=$saved_CPPFLAGS
510 # libiconv is often integrated into libc. If a with-* option
511 # caused a non libc-based iconv.h to be catched instead of
512 # the libc-based iconv.h, then we need to link with -liconv
513 AC_MSG_CHECKING(if -liconv is required)
514 saved_CPPFLAGS=$CPPFLAGS
515 saved_LIBS=$LIBS
516 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
517 AC_TRY_LINK([
518 #include <iconv.h>
519 ], [
520 (void)iconv_open("ascii", "ascii");
521 ],
522 [AC_MSG_RESULT(no)],
523 [
524 LIBS="$LIBS -liconv"
525 AC_TRY_LINK([
526 #include <iconv.h>
527 ], [
528 (void)iconv_open("ascii", "ascii");
529 ],
530 [
531 AC_MSG_RESULT(yes)
532 saved_LIBS=$LIBS
533 ], [
534 AC_MSG_ERROR([cannot use iconv])
535 ])
536 ])
537 CPPFLAGS=$saved_CPPFLAGS
538 LIBS=$saved_LIBS
539 fi
541 AC_MSG_CHECKING(if --enable-stats option is specified)
542 AC_ARG_ENABLE(stats,
543 [ --enable-stats enable statistics logging function],
544 [], [enable_stats=no])
545 if test "x$enable_stats" = "xyes"; then
546 AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
547 fi
548 AC_MSG_RESULT($enable_stats)
550 AC_MSG_CHECKING(if --enable-dpd option is specified)
551 AC_ARG_ENABLE(dpd,
552 [ --enable-dpd enable dead peer detection],
553 [], [enable_dpd=no])
554 if test "x$enable_dpd" = "xyes"; then
555 AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
556 fi
557 AC_MSG_RESULT($enable_dpd)
559 AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
560 AC_ARG_ENABLE(samode-unspec,
561 [ --enable-samode-unspec enable to use unspecified a mode of SA],
562 [], [enable_samode_unspec=no])
563 if test "x$enable_samode_unspec" = "xyes"; then
564 case $host_os in
565 *linux*)
566 cat << EOC
568 ERROR: --enable-samode-unspec is not supported under linux
569 because linux kernel do not support it. This option is disabled
570 to prevent mysterious problems.
572 If you REALLY know what your are doing, remove this check.
573 EOC
574 exit 1;
575 ;;
576 esac
577 AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
578 fi
579 AC_MSG_RESULT($enable_samode_unspec)
581 # Checks if IPv6 is requested
582 AC_MSG_CHECKING([whether to enable ipv6])
583 AC_ARG_ENABLE(ipv6,
584 [ --disable-ipv6 disable ipv6 support],
585 [ case "$enableval" in
586 no)
587 AC_MSG_RESULT(no)
588 ipv6=no
589 ;;
590 *) AC_MSG_RESULT(yes)
591 ipv6=yes
592 ;;
593 esac ],
595 AC_TRY_RUN([ /* AF_INET6 avalable check */
596 #include <sys/types.h>
597 #include <sys/socket.h>
598 main()
599 {
600 exit(0);
601 if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
602 exit(1);
603 else
604 exit(0);
605 }
606 ],
607 AC_MSG_RESULT(yes)
608 AC_DEFINE([INET6], [], [Support IPv6])
609 ipv6=yes,
610 AC_MSG_RESULT(no)
611 ipv6=no,
612 AC_MSG_RESULT(no)
613 ipv6=no
614 ))
616 if test "$ipv6" = "yes"; then
617 AC_DEFINE([INET6], [], [Support IPv6])
618 AC_MSG_CHECKING(for advanced API support)
619 AC_TRY_COMPILE([#ifndef INET6
620 #define INET6
621 #endif
622 #include <sys/types.h>
623 #include <netinet/in.h>],
624 [struct in6_pktinfo a;],
625 [AC_MSG_RESULT(yes)
626 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
627 [AC_MSG_RESULT(no)])
628 fi
630 RACOON_CHECK_BUGGY_GETADDRINFO
631 if test "$buggygetaddrinfo" = "yes"; then
632 AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
633 fi
635 # Check if kernel support is available for NAT-T, defaults to no.
636 kernel_natt="no"
638 AC_MSG_CHECKING(kernel NAT-Traversal support)
639 case $host_os in
640 linux*)
641 # Linux kernel NAT-T check
642 AC_EGREP_CPP(yes,
643 [#include <linux/pfkeyv2.h>
644 #ifdef SADB_X_EXT_NAT_T_TYPE
645 yes
646 #endif
647 ], [kernel_natt="yes"])
648 ;;
649 freebsd*|netbsd*)
650 # NetBSD case
651 # Same check for FreeBSD
652 AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
653 [kernel_natt="yes"],, [
654 #define _KERNEL
655 #include <sys/types.h>
656 #include <net/pfkeyv2.h>
657 ])
658 ;;
659 esac
660 AC_MSG_RESULT($kernel_natt)
662 AC_MSG_CHECKING(whether to support NAT-T)
663 AC_ARG_ENABLE(natt,
664 [ --enable-natt enable NAT-Traversal (yes/no/kernel)],
665 [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
666 [ enable_natt=no ])
667 AC_MSG_RESULT($enable_natt)
669 if test "$enable_natt" = "yes"; then
670 if test "$kernel_natt" = "no" ; then
671 AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
672 else
673 AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
674 NATT_OBJS="nattraversal.o"
675 AC_SUBST(NATT_OBJS)
676 fi
677 fi
679 # Set up defines for supported NAT-T versions.
680 natt_versions_default="00,02,rfc"
681 AC_MSG_CHECKING(which NAT-T versions to support)
682 AC_ARG_ENABLE(natt_versions,
683 [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.],
684 [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
685 [ enable_natt_versions=$natt_versions_default ])
686 if test "$enable_natt" = "yes"; then
687 AC_MSG_RESULT($enable_natt_versions)
688 for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
689 case $i in
690 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
691 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
692 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
693 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
694 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
695 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
696 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
697 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
698 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
699 RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
700 *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
701 esac
702 done
703 unset i
704 else
705 AC_MSG_RESULT([none])
706 fi
708 AC_MSG_CHECKING(if --enable-broken-natt option is specified)
709 AC_ARG_ENABLE(broken-natt,
710 [ --enable-broken-natt broken in-kernel NAT-T],
711 [], [enable_broken_natt=no])
712 if test "x$enable_broken_natt" = "xyes"; then
713 AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
714 fi
715 AC_MSG_RESULT($enable_broken_natt)
717 AC_MSG_CHECKING(whether we support FWD policy)
718 case $host in
719 *linux*)
720 AC_TRY_COMPILE([
721 #include <inttypes.h>
722 #include <linux/ipsec.h>
723 ], [
724 int fwd = IPSEC_DIR_FWD;
725 ],
726 [AC_MSG_RESULT(yes)
727 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
728 [AC_MSG_RESULT(no)])
729 ;;
730 *)
731 AC_MSG_RESULT(no)
732 ;;
733 esac
735 AC_CHECK_TYPE([ipsec_policy_t],
736 [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
737 [],
738 [
739 #include <sys/types.h>
740 #include <netinet6/ipsec.h>
741 ])
743 # Check if kernel support is available for Security Context, defaults to no.
744 kernel_secctx="no"
746 AC_MSG_CHECKING(kernel Security Context support)
747 case $host_os in
748 linux*)
749 # Linux kernel Security Context check
750 AC_EGREP_CPP(yes,
751 [#include <linux/pfkeyv2.h>
752 #ifdef SADB_X_EXT_SEC_CTX
753 yes
754 #endif
755 ], [kernel_secctx="yes"])
756 ;;
757 esac
758 AC_MSG_RESULT($kernel_secctx)
760 AC_CHECK_HEADER(selinux/selinux.h,
761 [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes],
762 [selinux_support=no])], [selinux_support=no])
764 AC_MSG_CHECKING(whether to support Security Context)
765 AC_ARG_ENABLE(security-context,
766 [ --enable-security-context enable Security Context(yes/no/kernel)],
767 [if test "$enable_security_context" = "kernel"; then
768 enable_security_context=$kernel_secctx; fi],
769 [enable_security_context=$kernel_secctx])
770 AC_MSG_RESULT($enable_security_context)
772 if test "$enable_security_context" = "yes"; then
773 if test "$kernel_secctx" = "no" ; then
774 AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
775 else
776 if test "$selinux_support" = "no"; then
777 AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.])
778 else
779 AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
780 SECCTX_OBJS="security.o"
781 AC_SUBST(SECCTX_OBJS)
782 LIBS="$LIBS -lselinux"
783 fi
784 fi
785 fi
787 RACOON_PATH_LIBS([clock_gettime], [rt])
789 AC_MSG_CHECKING(for monotonic system clock)
790 AC_TRY_COMPILE(
791 [#include <time.h>],
792 [clock_gettime(CLOCK_MONOTONIC, NULL);],
793 [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock])
794 AC_MSG_RESULT(yes)],
795 [AC_MSG_RESULT(no)])
797 CFLAGS="$CFLAGS $CFLAGS_ADD"
798 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
800 case $host in
801 *linux*)
802 # Remove KERNEL_INCLUDE from CPPFLAGS. It will
803 # be symlinked to src/include-glibc/linux in
804 # compile time.
805 CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
806 ;;
807 esac
809 include_racoondir=${includedir}/racoon
810 AC_SUBST(include_racoondir)
812 AC_CONFIG_FILES([
813 Makefile
814 package_version.h
815 src/Makefile
816 src/include-glibc/Makefile
817 src/libipsec/Makefile
818 src/setkey/Makefile
819 src/racoon/Makefile
820 src/racoon/samples/psk.txt
821 src/racoon/samples/racoon.conf
822 rpm/Makefile
823 rpm/suse/Makefile
824 rpm/suse/ipsec-tools.spec
825 ])
826 AC_OUTPUT