2 dnl $Id: configure.ac,v 1.43.2.7 2005/03/14 08:07:39 manubsd Exp $
5 AC_INIT(ipsec-tools, 0.5.1)
6 AC_CONFIG_SRCDIR([configure.ac])
7 AM_CONFIG_HEADER(config.h)
9 AM_INIT_AUTOMAKE(dist-bzip2)
22 CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
26 LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
30 INSTALL_OPTS="-o bin -g bin"
31 INCLUDE_GLIBC="include-glibc"
33 AC_SUBST(INSTALL_OPTS)
34 AC_SUBST(INCLUDE_GLIBC)
39 # Look up some IPsec-related headers
40 AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
41 AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
42 AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
44 # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
45 if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
46 have_netinet_ipsec=yes
47 AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use <netinet6/ipsec.h>])
52 AC_ARG_WITH(kernel-headers,
53 AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
54 [where your Linux Kernel headers are installed]),
55 [ KERNEL_INCLUDE="$with_kernel_headers"
56 CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
57 AC_SUBST(CONFIGURE_AMFLAGS) ],
58 [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
60 AC_CHECK_FILE($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
61 [ AC_CHECK_FILE(/usr/src/linux/include/linux/pfkeyv2.h,
62 KERNEL_INCLUDE=/usr/src/linux/include ,
63 [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
64 AC_SUBST(KERNEL_INCLUDE)
65 # We need the configure script to run with correct kernel headers.
66 # However we don't want to point to kernel source tree in compile time,
67 # i.e. this will be removed from CPPFLAGS at the end of configure.
68 CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
70 AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority,
71 [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
72 [Are PF_KEY policy priorities supported?])], [],
73 [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
75 GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
77 GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
78 CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
81 if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
82 if test "$have_net_pfkey" = yes; then
83 AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
85 AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
91 ### Some basic toolchain checks
93 # Checks for header files.
96 AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
98 # Checks for typedefs, structures, and compiler characteristics.
105 # Checks for library functions.
109 AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy)
110 AC_REPLACE_FUNCS(strdup)
113 # Check if printf accepts "%z" type modifier for size_t argument
114 AC_MSG_CHECKING(if printf accepts %z)
116 CFLAGS="$CFLAGS -Wall -Werror"
120 printf("%zu\n", (size_t)-1);
122 [AC_MSG_RESULT(yes)],
123 [AC_MSG_RESULT(no); CFLAGS_ADD="$CFLAGS_ADD -Wno-format"])
126 # Can we use __func__ macro?
127 AC_MSG_CHECKING(if __func__ is available)
130 ], [char *x = __func__;],
131 [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
135 # Check if readline support is requested
136 AC_MSG_CHECKING(if readline support is requested)
137 AC_ARG_WITH(readline,
138 [ --with-readline support readline input (yes by default)],
139 [with_readline="$withval"], [with_readline="yes"])
140 AC_MSG_RESULT($with_readline)
142 # Is readline available?
143 if test $with_readline != "no"; then
144 AC_CHECK_HEADER([readline/readline.h],
145 [AC_CHECK_LIB(readline, readline, [
146 AC_DEFINE(HAVE_READLINE, [],
147 [Is readline available?])
148 LIBS="$LIBS -lreadline"
152 # Check if a different OpenSSL directory was specified
153 AC_MSG_CHECKING(if --with-openssl option is specified)
154 AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory],
155 [crypto_dir=$withval])
156 AC_MSG_RESULT(${crypto_dir-default})
158 if test "x$crypto_dir" != "x"; then
159 LIBS="$LIBS -L${crypto_dir}/lib"
160 CPPFLAGS_ADD="-I${crypto_dir}/include $CPPFLAGS_ADD"
162 AC_MSG_CHECKING(openssl version)
163 AC_EGREP_CPP(yes, [#include <openssl/opensslv.h>
164 #if OPENSSL_VERSION_NUMBER >= 0x0090602fL
166 #endif], [AC_MSG_RESULT(ok)], [AC_MSG_RESULT(too old)
167 AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
169 AC_CHECK_HEADERS(openssl/engine.h)
172 AC_CHECK_HEADERS([openssl/aes.h], [],
173 [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
176 AC_MSG_CHECKING(sha2 support)
177 AC_DEFINE([WITH_SHA2], [], [SHA2 support])
178 AC_CHECK_HEADER(openssl/sha2.h, [], [
179 CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing"
181 CRYPTOBJS="$CRYPTOBJS sha2.o"])
184 # Option --enable-adminport
185 AC_MSG_CHECKING(if --enable-adminport option is specified)
186 AC_ARG_ENABLE(adminport,
187 [ --enable-adminport enable admin port],
188 [], [enable_adminport=no])
189 if test $enable_adminport = "yes"; then
190 AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
192 AC_MSG_RESULT($enable_adminport)
194 # Check for Kerberos5 support
195 AC_MSG_CHECKING(if --enable-gssapi option is specified)
196 AC_ARG_ENABLE(gssapi,
197 [ --enable-gssapi enable GSS-API authentication],
198 [], [enable_gssapi=no])
199 AC_MSG_RESULT($enable_gssapi)
200 AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
201 if test "x$enable_gssapi" = "xyes"; then
202 if test "$KRB5_CONFIG" != "no"; then
203 krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
204 krb5_libs="`$KRB5_CONFIG --libs gssapi`"
205 LIBS="$LIBS $krb5_libs"
206 CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
207 AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
209 AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
213 AC_MSG_CHECKING([if --enable-hybrid option is specified])
214 AC_ARG_ENABLE(hybrid,
215 [ --enable-hybrid enable hybrid, both mode-cfg and xauth support],
217 LIBS="$LIBS -lcrypt";
219 HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
220 AC_SUBST(HYBRID_OBJS)
221 AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
224 AC_MSG_RESULT($enable_hybrid)
226 AC_MSG_CHECKING([if --enable-frag option is specified])
228 [ --enable-frag enable IKE fragmentation payload support],
230 LIBS="$LIBS -lcrypt";
232 FRAG_OBJS="isakmp_frag.o"
234 AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
237 AC_MSG_RESULT($enable_frag)
239 # For dynamic libradius
240 RACOON_PATH_LIBS(MD5_Init, crypto)
242 AC_MSG_CHECKING(if --with-libradius option is specified)
243 AC_ARG_WITH(libradius,
244 [ --with-libradius=DIR specify libradius path (like/usr/pkg)],
245 [libradius_dir=$withval],
247 AC_MSG_RESULT($libradius_dir)
248 if test "$libradius_dir" != "no"; then
249 if test "$libradius_dir" = "yes" ; then
252 if test "x$libradius_dir" = "x"; then
253 RACOON_PATH_LIBS(rad_create_request, radius)
255 if test -d "$libradius_dir/lib" -a \
256 -d "$libradius_dir/include" ; then
257 RACOON_PATH_LIBS(rad_create_request, radius, "$libradius_dir/lib")
258 CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
260 AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
263 AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
264 LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
265 AC_CHECK_FUNCS(rad_create_request)
268 AC_MSG_CHECKING(if --enable-stats option is specified)
270 [ --enable-stats enable statistics logging function],
271 [], [enable_stats=no])
272 if test "x$enable_stats" = "xyes"; then
273 AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
275 AC_MSG_RESULT($enable_stats)
277 AC_MSG_CHECKING(if --enable-dpd option is specified)
279 [ --enable-dpd enable dead peer detection],
281 if test "x$enable_dpd" = "xyes"; then
282 AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
284 AC_MSG_RESULT($enable_dpd)
287 AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
288 AC_ARG_ENABLE(samode-unspec,
289 [ --enable-samode-unspec enable to use unspecified a mode of SA],
290 [], [enable_samode_unspec=no])
291 if test "x$enable_samode_unspec" = "xyes"; then
292 AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
294 AC_MSG_RESULT($enable_samode_unspec)
296 # Checks if IPv6 is requested
297 AC_MSG_CHECKING([whether to enable ipv6])
299 [ --disable-ipv6 disable ipv6 support],
300 [ case "$enableval" in
305 *) AC_MSG_RESULT(yes)
310 AC_TRY_RUN([ /* AF_INET6 avalable check */
311 #include <sys/types.h>
312 #include <sys/socket.h>
316 if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
323 AC_DEFINE([INET6], [], [Support IPv6])
331 if test "$ipv6" = "yes"; then
332 AC_MSG_CHECKING(for advanced API support)
333 AC_TRY_COMPILE([#ifndef INET6
336 #include <sys/types.h>
337 #include <netinet/in.h>],
338 [struct in6_pktinfo a;],
340 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
344 RACOON_CHECK_BUGGY_GETADDRINFO
345 if test "$buggygetaddrinfo" = "yes"; then
346 AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
349 # Check if kernel support is available for NAT-T, defaults to no.
352 AC_MSG_CHECKING(kernel NAT-Traversal support)
355 # Linux kernel NAT-T check
357 [#include <linux/pfkeyv2.h>
358 #ifdef SADB_X_EXT_NAT_T_TYPE
361 ], [kernel_natt="yes"])
365 # Same check for FreeBSD
366 AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
367 [kernel_natt="yes"],, [
369 #include <sys/types.h>
370 #include <net/pfkeyv2.h>
374 AC_MSG_RESULT($kernel_natt)
376 AC_MSG_CHECKING(whether to support NAT-T)
378 [ --enable-natt enable NAT-Traversal (yes/no/kernel)],
379 [if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi],
380 [enable_natt=$kernel_natt])
381 AC_MSG_RESULT($enable_natt)
383 if test "$enable_natt" = "yes"; then
384 if test "$kernel_natt" = "no" ; then
385 AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
387 AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
388 NATT_OBJS="nattraversal.o"
393 # Set up defines for supported NAT-T versions.
394 natt_versions_default="00,02,rfc"
395 AC_MSG_CHECKING(which NAT-T versions to support)
396 AC_ARG_ENABLE(natt_versions,
397 [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.],
398 [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
399 [ enable_natt_versions=$natt_versions_default ])
400 if test "$enable_natt" = "yes"; then
401 AC_MSG_RESULT($enable_natt_versions)
402 for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
404 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
405 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
406 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
407 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
408 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
409 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
410 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
411 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
412 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
413 RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
414 *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
419 AC_MSG_RESULT([none])
422 AC_MSG_CHECKING(whether we support FWD policy)
426 #include <inttypes.h>
427 #include <linux/ipsec.h>
429 int fwd = IPSEC_DIR_FWD;
432 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
440 CFLAGS="$CFLAGS $CFLAGS_ADD"
441 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
445 # Remove KERNEL_INCLUDE from CPPFLAGS. It will
446 # be symlinked to src/include-glibc/linux in
448 CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
456 src/include-glibc/Makefile
457 src/libipsec/Makefile
460 src/racoon/samples/psk.txt
461 src/racoon/samples/racoon.conf
464 rpm/suse/ipsec-tools.spec