Annotation of src/crypto/dist/ipsec-tools/configure.ac, Revision 1.2.2.1.2.2
1.1 manu 1: dnl -*- mode: m4 -*-
1.2 manu 2: dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
1.1 manu 3:
4: AC_PREREQ(2.52)
1.2.2.1.2.2! skrll 5: AC_INIT(ipsec-tools, 0.7.1)
1.1 manu 6: AC_CONFIG_SRCDIR([configure.ac])
7: AM_CONFIG_HEADER(config.h)
8:
9: AM_INIT_AUTOMAKE(dist-bzip2)
10:
11: AC_ENABLE_SHARED(no)
12:
13: AC_PROG_CC
14: AM_PROG_CC_STDC
15: AC_HEADER_STDC
16: AC_PROG_LIBTOOL
17: AC_PROG_YACC
18: AM_PROG_LEX
19: AC_SUBST(LEXLIB)
20: AC_PROG_EGREP
21:
22: CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
23:
24: case $host in
25: *netbsd*)
26: LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
27: ;;
28: *linux*)
29: LIBS="$LIBS -lresolv"
30: INSTALL_OPTS="-o bin -g bin"
31: INCLUDE_GLIBC="include-glibc"
32: RPM="rpm"
33: AC_SUBST(INSTALL_OPTS)
34: AC_SUBST(INCLUDE_GLIBC)
35: AC_SUBST(RPM)
36: ;;
1.2 manu 37: *darwin*)
38: LIBS="$LIBS -lresolv"
39: ;;
1.1 manu 40: esac
41:
42: # Look up some IPsec-related headers
43: AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
44: AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
45: AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
1.2.2.1.2.1 wrstuden 46: AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no])
1.1 manu 47:
1.2.2.1.2.1 wrstuden 48: # FreeBSD >=7 has only <netipsec/ipsec.h>
1.1 manu 49: # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
1.2.2.1.2.1 wrstuden 50: # XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>,
51: # we can't decide which one to use (actually <netinet6/ipsec.h>)
52:
53:
54: if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then
1.1 manu 55: have_netinet_ipsec=yes
1.2.2.1.2.1 wrstuden 56: AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h])
57: else
58: if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
59: have_netinet_ipsec=yes
60: AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h])
61: else
62: # have_netinet_ipsec will be checked a few lines below
63: AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h])
64: fi
1.1 manu 65: fi
66:
67: case "$host_os" in
68: *linux*)
69: AC_ARG_WITH(kernel-headers,
70: AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
71: [where your Linux Kernel headers are installed]),
72: [ KERNEL_INCLUDE="$with_kernel_headers"
73: CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
74: AC_SUBST(CONFIGURE_AMFLAGS) ],
75: [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
76:
1.2 manu 77: AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
78: [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
1.1 manu 79: KERNEL_INCLUDE=/usr/src/linux/include ,
80: [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
81: AC_SUBST(KERNEL_INCLUDE)
82: # We need the configure script to run with correct kernel headers.
83: # However we don't want to point to kernel source tree in compile time,
84: # i.e. this will be removed from CPPFLAGS at the end of configure.
85: CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
86:
87: AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority,
88: [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
89: [Are PF_KEY policy priorities supported?])], [],
90: [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
91:
92: GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
93: GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
94: CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
1.2 manu 95: CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
96: AC_SUBST(GLIBC_BUGS)
1.1 manu 97: ;;
98: *)
99: if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
100: if test "$have_net_pfkey" = yes; then
101: AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
102: else
103: AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
104: fi
105: fi
106: ;;
107: esac
108:
109: ### Some basic toolchain checks
110:
111: # Checks for header files.
112: AC_HEADER_STDC
113: AC_HEADER_SYS_WAIT
114: AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
1.2 manu 115: AC_CHECK_HEADERS(shadow.h)
1.1 manu 116:
117: # Checks for typedefs, structures, and compiler characteristics.
118: AC_C_CONST
119: AC_TYPE_PID_T
120: AC_TYPE_SIZE_T
121: AC_HEADER_TIME
122: AC_STRUCT_TM
123:
124: # Checks for library functions.
125: AC_FUNC_MEMCMP
126: AC_TYPE_SIGNAL
127: AC_FUNC_VPRINTF
1.2 manu 128: AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
1.1 manu 129: AC_REPLACE_FUNCS(strdup)
130: RACOON_CHECK_VA_COPY
131:
132: # Check if printf accepts "%z" type modifier for size_t argument
133: AC_MSG_CHECKING(if printf accepts %z)
134: saved_CFLAGS=$CFLAGS
135: CFLAGS="$CFLAGS -Wall -Werror"
136: AC_TRY_COMPILE([
137: #include <stdio.h>
138: ], [
139: printf("%zu\n", (size_t)-1);
140: ],
141: [AC_MSG_RESULT(yes)],
1.2 manu 142: [AC_MSG_RESULT(no);
143: CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
144: AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
145: ])
1.1 manu 146: CFLAGS=$saved_CFLAGS
147:
148: # Can we use __func__ macro?
149: AC_MSG_CHECKING(if __func__ is available)
150: AC_TRY_COMPILE(
151: [#include <stdio.h>
152: ], [char *x = __func__;],
153: [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
154: AC_MSG_RESULT(yes)],
155: [AC_MSG_RESULT(no)])
156:
157: # Check if readline support is requested
158: AC_MSG_CHECKING(if readline support is requested)
159: AC_ARG_WITH(readline,
160: [ --with-readline support readline input (yes by default)],
161: [with_readline="$withval"], [with_readline="yes"])
162: AC_MSG_RESULT($with_readline)
163:
164: # Is readline available?
165: if test $with_readline != "no"; then
166: AC_CHECK_HEADER([readline/readline.h],
167: [AC_CHECK_LIB(readline, readline, [
168: AC_DEFINE(HAVE_READLINE, [],
169: [Is readline available?])
170: LIBS="$LIBS -lreadline"
171: ], [])], [])
172: fi
173:
1.2 manu 174:
175: AC_MSG_CHECKING(if --with-flex option is specified)
176: AC_ARG_WITH(flexdir,
177: [AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
178: [flexdir="$withval"])
179: AC_MSG_RESULT(${flexdir-dirdefault})
180:
181: if test "x$flexdir" != "x"; then
182: LIBS="$LIBS $flexdir/libfl.a"
183: fi
184:
185: AC_MSG_CHECKING(if --with-flexlib option is specified)
186: AC_ARG_WITH(flexlib,
187: [ --with-flexlib=<LIB> specify flex library.],
188: [flexlib="$withval"])
189: AC_MSG_RESULT(${flexlib-default})
190:
191: if test "x$flexlib" != "x"; then
192: LIBS="$LIBS $flexlib"
193: fi
194:
1.1 manu 195: # Check if a different OpenSSL directory was specified
196: AC_MSG_CHECKING(if --with-openssl option is specified)
197: AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory],
198: [crypto_dir=$withval])
199: AC_MSG_RESULT(${crypto_dir-default})
200:
201: if test "x$crypto_dir" != "x"; then
202: LIBS="$LIBS -L${crypto_dir}/lib"
1.2 manu 203: CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
1.1 manu 204: fi
205: AC_MSG_CHECKING(openssl version)
1.2 manu 206:
207: AC_TRY_COMPILE(
208: [#include <openssl/opensslv.h>
209: ],
210: [#if OPENSSL_VERSION_NUMBER < 0x0090602fL
211: #error OpenSSL version is too old ...
212: #endif],
213: [AC_MSG_RESULT([ok])],
214: [AC_MSG_RESULT(too old)
215: AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
216: ])
217:
1.1 manu 218: AC_CHECK_HEADERS(openssl/engine.h)
219:
220: # checking rijndael
221: AC_CHECK_HEADERS([openssl/aes.h], [],
222: [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
223:
224: # checking sha2
225: AC_MSG_CHECKING(sha2 support)
226: AC_DEFINE([WITH_SHA2], [], [SHA2 support])
1.2 manu 227: AC_MSG_RESULT(yes)
1.1 manu 228: AC_CHECK_HEADER(openssl/sha2.h, [], [
1.2 manu 229: AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
230: AC_TRY_COMPILE([
231: #ifdef HAVE_SYS_TYPES_H
232: #include <sys/types.h>
233: #endif
234: #include <openssl/sha.h>
235: ], [
236: SHA256_CTX ctx;
237: ], [
238: AC_MSG_RESULT(yes)
239: AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
240: ], [AC_MSG_RESULT(no)
241: AC_LIBOBJ([sha2])
242: CRYPTOBJS="$CRYPTOBJS sha2.o"
243: ])
244:
1.1 manu 245: CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing"
1.2 manu 246: ])
1.1 manu 247: AC_SUBST(CRYPTOBJS)
248:
1.2 manu 249: # checking camellia
250: AC_CHECK_HEADERS([openssl/camellia.h])
251:
252:
1.1 manu 253: # Option --enable-adminport
254: AC_MSG_CHECKING(if --enable-adminport option is specified)
255: AC_ARG_ENABLE(adminport,
256: [ --enable-adminport enable admin port],
257: [], [enable_adminport=no])
258: if test $enable_adminport = "yes"; then
259: AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
260: fi
261: AC_MSG_RESULT($enable_adminport)
262:
1.2 manu 263: # Option RC5
264: AC_MSG_CHECKING(if --enable-rc5 option is specified)
265: AC_ARG_ENABLE(rc5,
266: [ --enable-rc5 enable RC5 encryption (patented)],
267: [], [enable_rc5=no])
268: AC_MSG_RESULT($enable_rc5)
269:
270: if test $enable_rc5 = "yes"; then
271: AC_CHECK_HEADERS([openssl/rc5.h])
272: AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
273: [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
274: fi
275:
276: # Option IDEA
277: AC_MSG_CHECKING(if --enable-idea option is specified)
278: AC_ARG_ENABLE(idea,
279: [ --enable-idea enable IDEA encryption (patented)],
280: [], [enable_idea=no])
281: AC_MSG_RESULT($enable_idea)
282:
283: if test $enable_idea = "yes"; then
284: AC_CHECK_HEADERS([openssl/idea.h])
285: AC_CHECK_LIB([crypto_idea], [idea_encrypt],
286: [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
287: fi
288: AC_SUBST(EXTRA_CRYPTO)
289:
290: # For dynamic libradius
291: RACOON_PATH_LIBS([MD5_Init], [crypto])
292:
293: # Check if we need -lutil for login(3)
294: RACOON_PATH_LIBS([login], [util])
295:
296: # Specify libiconv prefix
297: AC_MSG_CHECKING(if --with-libiconv option is specified)
298: AC_ARG_WITH(libiconv,
299: [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)],
300: [libiconv_dir=$withval],
301: [libiconv_dir=no])
302: AC_MSG_RESULT($libiconv_dir)
303: if test "$libiconv_dir" != "no"; then
304: if test "$libiconv_dir" = "yes" ; then
305: libiconv_dir="";
306: fi;
307: if test "x$libiconv_dir" = "x"; then
308: RACOON_PATH_LIBS([iconv_open], [iconv])
1.1 manu 309: else
1.2 manu 310: if test -d "$libiconv_dir/lib" -a \
311: -d "$libiconv_dir/include" ; then
312: RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
313: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
314: else
315: AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
316: fi
1.1 manu 317: fi
1.2 manu 318: LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
319: AC_CHECK_FUNCS(iconv_open)
1.1 manu 320: fi
321:
322: AC_MSG_CHECKING([if --enable-hybrid option is specified])
323: AC_ARG_ENABLE(hybrid,
324: [ --enable-hybrid enable hybrid, both mode-cfg and xauth support],
1.2 manu 325: [], [enable_hybrid=no])
326: AC_MSG_RESULT($enable_hybrid)
327:
328: if test "x$enable_hybrid" = "xyes"; then
329: case $host in
330: *darwin*)
331: ;;
332: *)
333: LIBS="$LIBS -lcrypt";
334: ;;
335: esac
1.1 manu 336: HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
337: AC_SUBST(HYBRID_OBJS)
338: AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
1.2 manu 339: fi
1.1 manu 340:
341: AC_MSG_CHECKING([if --enable-frag option is specified])
342: AC_ARG_ENABLE(frag,
343: [ --enable-frag enable IKE fragmentation payload support],
1.2 manu 344: [], [enable_frag=no])
345: AC_MSG_RESULT($enable_frag)
346:
347: if test "x$enable_frag" = "xyes"; then
348: case $host in
349: *darwin*)
350: ;;
351: *)
352: LIBS="$LIBS -lcrypt";
353: ;;
354: esac
1.1 manu 355: FRAG_OBJS="isakmp_frag.o"
356: AC_SUBST(FRAG_OBJS)
357: AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
1.2 manu 358: fi
1.1 manu 359:
360: AC_MSG_CHECKING(if --with-libradius option is specified)
361: AC_ARG_WITH(libradius,
362: [ --with-libradius=DIR specify libradius path (like/usr/pkg)],
363: [libradius_dir=$withval],
364: [libradius_dir=no])
365: AC_MSG_RESULT($libradius_dir)
366: if test "$libradius_dir" != "no"; then
367: if test "$libradius_dir" = "yes" ; then
368: libradius_dir="";
369: fi;
370: if test "x$libradius_dir" = "x"; then
1.2 manu 371: RACOON_PATH_LIBS([rad_create_request], [radius])
1.1 manu 372: else
373: if test -d "$libradius_dir/lib" -a \
374: -d "$libradius_dir/include" ; then
1.2 manu 375: RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
1.1 manu 376: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
377: else
378: AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
379: fi
380: fi
381: AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
382: LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
383: AC_CHECK_FUNCS(rad_create_request)
384: fi
385:
386: AC_MSG_CHECKING(if --with-libpam option is specified)
387: AC_ARG_WITH(libpam,
388: [ --with-libpam=DIR specify libpam path (like/usr/pkg)],
389: [libpam_dir=$withval],
390: [libpam_dir=no])
391: AC_MSG_RESULT($libpam_dir)
392: if test "$libpam_dir" != "no"; then
393: if test "$libpam_dir" = "yes" ; then
394: libpam_dir="";
395: fi;
396: if test "x$libpam_dir" = "x"; then
1.2 manu 397: RACOON_PATH_LIBS([pam_start], [pam])
1.1 manu 398: else
399: if test -d "$libpam_dir/lib" -a \
400: -d "$libpam_dir/include" ; then
1.2 manu 401: RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
1.1 manu 402: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
403: else
404: AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
405: fi
406: fi
407: AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
408: LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
1.2 manu 409: AC_CHECK_FUNCS(pam_start)
410: fi
411:
412: AC_MSG_CHECKING(if --with-libldap option is specified)
413: AC_ARG_WITH(libldap,
414: [ --with-libldap=DIR specify libldap path (like/usr/pkg)],
415: [libldap_dir=$withval],
416: [libldap_dir=no])
417: AC_MSG_RESULT($libldap_dir)
418: if test "$libldap_dir" != "no"; then
419: if test "$libldap_dir" = "yes" ; then
420: libldap_dir="";
421: fi;
422: if test "x$libldap_dir" = "x"; then
423: RACOON_PATH_LIBS([ldap_init], [ldap])
424: else
425: if test -d "$libldap_dir/lib" -a \
426: -d "$libldap_dir/include" ; then
427: RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
428: CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
429: else
430: AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
431: fi
432: fi
433: AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
434: LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
435:
436: saved_CFLAGS=$CFLAGS
437: CFLAGS="$CFLAGS -Wall -Werror"
438: saved_CPPFLAGS=$CPPFLAGS
439: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
440: AC_TRY_COMPILE(
441: [#include <ldap.h>],
442: [
443: #if LDAP_API_VERSION < 2004
444: #error OpenLDAP version is too old ...
445: #endif
446: ],
447: [AC_MSG_RESULT([ok])],
448: [
449: AC_MSG_RESULT(too old)
450: AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
451: ])
452: CFLAGS=$saved_CFLAGS
453: CPPFLAGS=$saved_CPPFLAGS
454: fi
455:
456: # Check for Kerberos5 support
457: # XXX This must come after all --with-* tests, else the
458: # -liconv checks will not work
459: AC_MSG_CHECKING(if --enable-gssapi option is specified)
460: AC_ARG_ENABLE(gssapi,
461: [ --enable-gssapi enable GSS-API authentication],
462: [], [enable_gssapi=no])
463: AC_MSG_RESULT($enable_gssapi)
464: AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
465: if test "x$enable_gssapi" = "xyes"; then
466: if test "$KRB5_CONFIG" != "no"; then
467: krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
468: krb5_libs="`$KRB5_CONFIG --libs gssapi`"
469: else
470: # No krb5-config; let's make some assumptions based on
471: # the OS.
472: case $host_os in
473: netbsd*)
474: krb5_incdir="-I/usr/include/krb5"
475: krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
476: ;;
477: *)
478: AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
479: ;;
480: esac
481: fi
482: LIBS="$LIBS $krb5_libs"
483: CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
484: AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
485:
486: # Check if iconv 2nd argument needs const
487: saved_CFLAGS=$CFLAGS
488: CFLAGS="$CFLAGS -Wall -Werror"
489: saved_CPPFLAGS=$CPPFLAGS
490: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
491: AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
492: AC_MSG_CHECKING([if iconv second argument needs const])
493: AC_TRY_COMPILE([
494: #include <iconv.h>
495: #include <stdio.h>
496: ], [
497: iconv_t cd = NULL;
498: const char **src = NULL;
499: size_t *srcleft = NULL;
500: char **dst = NULL;
501: size_t *dstleft = NULL;
502:
503: (void)iconv(cd, src, srcleft, dst, dstleft);
504: ], [AC_MSG_RESULT(yes)
505: AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
506: ], [AC_MSG_RESULT(no)])
507: CFLAGS=$saved_CFLAGS
508: CPPFLAGS=$saved_CPPFLAGS
509:
510: # libiconv is often integrated into libc. If a with-* option
511: # caused a non libc-based iconv.h to be catched instead of
512: # the libc-based iconv.h, then we need to link with -liconv
513: AC_MSG_CHECKING(if -liconv is required)
514: saved_CPPFLAGS=$CPPFLAGS
515: saved_LIBS=$LIBS
516: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
517: AC_TRY_LINK([
518: #include <iconv.h>
519: ], [
520: (void)iconv_open("ascii", "ascii");
521: ],
522: [AC_MSG_RESULT(no)],
523: [
524: LIBS="$LIBS -liconv"
525: AC_TRY_LINK([
526: #include <iconv.h>
527: ], [
528: (void)iconv_open("ascii", "ascii");
529: ],
530: [
531: AC_MSG_RESULT(yes)
532: saved_LIBS=$LIBS
533: ], [
534: AC_MSG_ERROR([cannot use iconv])
535: ])
536: ])
537: CPPFLAGS=$saved_CPPFLAGS
538: LIBS=$saved_LIBS
1.1 manu 539: fi
540:
541: AC_MSG_CHECKING(if --enable-stats option is specified)
542: AC_ARG_ENABLE(stats,
543: [ --enable-stats enable statistics logging function],
544: [], [enable_stats=no])
545: if test "x$enable_stats" = "xyes"; then
546: AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
547: fi
548: AC_MSG_RESULT($enable_stats)
549:
550: AC_MSG_CHECKING(if --enable-dpd option is specified)
551: AC_ARG_ENABLE(dpd,
552: [ --enable-dpd enable dead peer detection],
553: [], [enable_dpd=no])
554: if test "x$enable_dpd" = "xyes"; then
555: AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
556: fi
557: AC_MSG_RESULT($enable_dpd)
558:
1.2 manu 559: AC_MSG_CHECKING(if --enable-fastquit option is specified)
560: AC_ARG_ENABLE(fastquit,
561: [ --enable-fastquit enable new faster code to flush SAs when stopping racoon],
562: [], [enable_fastquit=no])
563: if test "x$enable_fastquit" = "xyes"; then
564: AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code])
565: fi
566: AC_MSG_RESULT($enable_fastquit)
567:
1.1 manu 568:
569: AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
570: AC_ARG_ENABLE(samode-unspec,
571: [ --enable-samode-unspec enable to use unspecified a mode of SA],
572: [], [enable_samode_unspec=no])
573: if test "x$enable_samode_unspec" = "xyes"; then
1.2 manu 574: case $host_os in
575: *linux*)
576: cat << EOC
577:
578: ERROR: --enable-samode-unspec is not supported under linux
579: because linux kernel do not support it. This option is disabled
580: to prevent mysterious problems.
581:
582: If you REALLY know what your are doing, remove this check.
583: EOC
584: exit 1;
585: ;;
586: esac
1.1 manu 587: AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
588: fi
589: AC_MSG_RESULT($enable_samode_unspec)
590:
591: # Checks if IPv6 is requested
592: AC_MSG_CHECKING([whether to enable ipv6])
593: AC_ARG_ENABLE(ipv6,
594: [ --disable-ipv6 disable ipv6 support],
595: [ case "$enableval" in
596: no)
597: AC_MSG_RESULT(no)
598: ipv6=no
599: ;;
600: *) AC_MSG_RESULT(yes)
601: ipv6=yes
602: ;;
603: esac ],
604:
605: AC_TRY_RUN([ /* AF_INET6 avalable check */
606: #include <sys/types.h>
607: #include <sys/socket.h>
608: main()
609: {
610: exit(0);
611: if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
612: exit(1);
613: else
614: exit(0);
615: }
616: ],
617: AC_MSG_RESULT(yes)
618: AC_DEFINE([INET6], [], [Support IPv6])
619: ipv6=yes,
620: AC_MSG_RESULT(no)
621: ipv6=no,
622: AC_MSG_RESULT(no)
623: ipv6=no
624: ))
625:
626: if test "$ipv6" = "yes"; then
1.2 manu 627: AC_DEFINE([INET6], [], [Support IPv6])
1.1 manu 628: AC_MSG_CHECKING(for advanced API support)
629: AC_TRY_COMPILE([#ifndef INET6
630: #define INET6
631: #endif
632: #include <sys/types.h>
633: #include <netinet/in.h>],
634: [struct in6_pktinfo a;],
635: [AC_MSG_RESULT(yes)
636: AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
637: [AC_MSG_RESULT(no)])
638: fi
639:
640: RACOON_CHECK_BUGGY_GETADDRINFO
641: if test "$buggygetaddrinfo" = "yes"; then
642: AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
643: fi
644:
645: # Check if kernel support is available for NAT-T, defaults to no.
646: kernel_natt="no"
647:
648: AC_MSG_CHECKING(kernel NAT-Traversal support)
649: case $host_os in
650: linux*)
651: # Linux kernel NAT-T check
652: AC_EGREP_CPP(yes,
653: [#include <linux/pfkeyv2.h>
654: #ifdef SADB_X_EXT_NAT_T_TYPE
655: yes
656: #endif
657: ], [kernel_natt="yes"])
658: ;;
659: freebsd*|netbsd*)
660: # NetBSD case
661: # Same check for FreeBSD
662: AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
663: [kernel_natt="yes"],, [
664: #define _KERNEL
665: #include <sys/types.h>
666: #include <net/pfkeyv2.h>
667: ])
668: ;;
669: esac
670: AC_MSG_RESULT($kernel_natt)
671:
672: AC_MSG_CHECKING(whether to support NAT-T)
673: AC_ARG_ENABLE(natt,
674: [ --enable-natt enable NAT-Traversal (yes/no/kernel)],
1.2 manu 675: [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
676: [ enable_natt=no ])
1.1 manu 677: AC_MSG_RESULT($enable_natt)
678:
679: if test "$enable_natt" = "yes"; then
680: if test "$kernel_natt" = "no" ; then
681: AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
682: else
683: AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
684: NATT_OBJS="nattraversal.o"
685: AC_SUBST(NATT_OBJS)
686: fi
687: fi
688:
1.2 manu 689: # Set up defines for supported NAT-T versions.
690: natt_versions_default="00,02,rfc"
691: AC_MSG_CHECKING(which NAT-T versions to support)
692: AC_ARG_ENABLE(natt_versions,
693: [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.],
694: [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
695: [ enable_natt_versions=$natt_versions_default ])
696: if test "$enable_natt" = "yes"; then
697: AC_MSG_RESULT($enable_natt_versions)
698: for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
699: case $i in
700: 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
701: 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
702: 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
703: 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
704: 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
705: 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
706: 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
707: 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
708: 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
709: RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
710: *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
711: esac
712: done
713: unset i
714: else
715: AC_MSG_RESULT([none])
1.1 manu 716: fi
717:
1.2 manu 718: AC_MSG_CHECKING(if --enable-broken-natt option is specified)
719: AC_ARG_ENABLE(broken-natt,
720: [ --enable-broken-natt broken in-kernel NAT-T],
721: [], [enable_broken_natt=no])
722: if test "x$enable_broken_natt" = "xyes"; then
723: AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
1.1 manu 724: fi
1.2 manu 725: AC_MSG_RESULT($enable_broken_natt)
1.1 manu 726:
727: AC_MSG_CHECKING(whether we support FWD policy)
728: case $host in
729: *linux*)
730: AC_TRY_COMPILE([
731: #include <inttypes.h>
732: #include <linux/ipsec.h>
733: ], [
734: int fwd = IPSEC_DIR_FWD;
735: ],
736: [AC_MSG_RESULT(yes)
737: AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
738: [AC_MSG_RESULT(no)])
739: ;;
740: *)
741: AC_MSG_RESULT(no)
742: ;;
743: esac
744:
1.2 manu 745: AC_CHECK_TYPE([ipsec_policy_t],
746: [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
747: [],
748: [
749: #include <sys/types.h>
750: #include <netinet6/ipsec.h>
751: ])
752:
753: # Check if kernel support is available for Security Context, defaults to no.
754: kernel_secctx="no"
755:
756: AC_MSG_CHECKING(kernel Security Context support)
757: case $host_os in
758: linux*)
759: # Linux kernel Security Context check
760: AC_EGREP_CPP(yes,
761: [#include <linux/pfkeyv2.h>
762: #ifdef SADB_X_EXT_SEC_CTX
763: yes
764: #endif
765: ], [kernel_secctx="yes"])
766: ;;
767: esac
768: AC_MSG_RESULT($kernel_secctx)
769:
1.2.2.1.2.2! skrll 770: AC_CHECK_HEADER(selinux/selinux.h,
! 771: [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes],
! 772: [selinux_support=no])], [selinux_support=no])
! 773:
1.2 manu 774: AC_MSG_CHECKING(whether to support Security Context)
775: AC_ARG_ENABLE(security-context,
776: [ --enable-security-context enable Security Context(yes/no/kernel)],
1.2.2.1 jdc 777: [if test "$enable_security_context" = "kernel"; then
1.2 manu 778: enable_security_context=$kernel_secctx; fi],
779: [enable_security_context=$kernel_secctx])
780: AC_MSG_RESULT($enable_security_context)
781:
782: if test "$enable_security_context" = "yes"; then
783: if test "$kernel_secctx" = "no" ; then
784: AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
785: else
1.2.2.1.2.2! skrll 786: if test "$selinux_support" = "no"; then
! 787: AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.])
! 788: else
! 789: AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
! 790: SECCTX_OBJS="security.o"
! 791: AC_SUBST(SECCTX_OBJS)
! 792: LIBS="$LIBS -lselinux"
! 793: fi
1.2 manu 794: fi
795: fi
796:
1.1 manu 797: CFLAGS="$CFLAGS $CFLAGS_ADD"
798: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
799:
800: case $host in
801: *linux*)
802: # Remove KERNEL_INCLUDE from CPPFLAGS. It will
803: # be symlinked to src/include-glibc/linux in
804: # compile time.
805: CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
806: ;;
807: esac
808:
809: include_racoondir=${includedir}/racoon
810: AC_SUBST(include_racoondir)
811:
812: AC_CONFIG_FILES([
813: Makefile
814: package_version.h
815: src/Makefile
816: src/include-glibc/Makefile
817: src/libipsec/Makefile
818: src/setkey/Makefile
819: src/racoon/Makefile
820: src/racoon/samples/psk.txt
821: src/racoon/samples/racoon.conf
822: rpm/Makefile
823: rpm/suse/Makefile
1.2 manu 824: rpm/suse/ipsec-tools.spec
1.1 manu 825: ])
826: AC_OUTPUT
CVSweb <webmaster@jp.NetBSD.org>