dnl -*- mode: m4 -*- dnl $Id: configure.ac,v 1.43.2.7 2005/03/14 08:07:39 manubsd Exp $ AC_PREREQ(2.52) AC_INIT(ipsec-tools, 0.5.1) AC_CONFIG_SRCDIR([configure.ac]) AM_CONFIG_HEADER(config.h) AM_INIT_AUTOMAKE(dist-bzip2) AC_ENABLE_SHARED(no) AC_PROG_CC AM_PROG_CC_STDC AC_HEADER_STDC AC_PROG_LIBTOOL AC_PROG_YACC AM_PROG_LEX AC_SUBST(LEXLIB) AC_PROG_EGREP CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" case $host in *netbsd*) LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" ;; *linux*) LIBS="$LIBS -lresolv" INSTALL_OPTS="-o bin -g bin" INCLUDE_GLIBC="include-glibc" RPM="rpm" AC_SUBST(INSTALL_OPTS) AC_SUBST(INCLUDE_GLIBC) AC_SUBST(RPM) ;; esac # Look up some IPsec-related headers AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) # NetBSD has but not if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then have_netinet_ipsec=yes AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use ]) fi case "$host_os" in *linux*) AC_ARG_WITH(kernel-headers, AC_HELP_STRING([--with-kernel-headers=/lib/modules//build/include], [where your Linux Kernel headers are installed]), [ KERNEL_INCLUDE="$with_kernel_headers" CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" AC_SUBST(CONFIGURE_AMFLAGS) ], [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) AC_CHECK_FILE($KERNEL_INCLUDE/linux/pfkeyv2.h, , [ AC_CHECK_FILE(/usr/src/linux/include/linux/pfkeyv2.h, KERNEL_INCLUDE=/usr/src/linux/include , [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) AC_SUBST(KERNEL_INCLUDE) # We need the configure script to run with correct kernel headers. # However we don't want to point to kernel source tree in compile time, # i.e. this will be removed from CPPFLAGS at the end of configure. CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], [Are PF_KEY policy priorities supported?])], [], [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' AC_SUBST(GLIBC_BUGS) GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" ;; *) if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then if test "$have_net_pfkey" = yes; then AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) else AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) fi fi ;; esac ### Some basic toolchain checks # Checks for header files. AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) # Checks for typedefs, structures, and compiler characteristics. AC_C_CONST AC_TYPE_PID_T AC_TYPE_SIZE_T AC_HEADER_TIME AC_STRUCT_TM # Checks for library functions. AC_FUNC_MEMCMP AC_TYPE_SIGNAL AC_FUNC_VPRINTF AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy) AC_REPLACE_FUNCS(strdup) RACOON_CHECK_VA_COPY # Check if printf accepts "%z" type modifier for size_t argument AC_MSG_CHECKING(if printf accepts %z) saved_CFLAGS=$CFLAGS CFLAGS="$CFLAGS -Wall -Werror" AC_TRY_COMPILE([ #include ], [ printf("%zu\n", (size_t)-1); ], [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no); CFLAGS_ADD="$CFLAGS_ADD -Wno-format"]) CFLAGS=$saved_CFLAGS # Can we use __func__ macro? AC_MSG_CHECKING(if __func__ is available) AC_TRY_COMPILE( [#include ], [char *x = __func__;], [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)]) # Check if readline support is requested AC_MSG_CHECKING(if readline support is requested) AC_ARG_WITH(readline, [ --with-readline support readline input (yes by default)], [with_readline="$withval"], [with_readline="yes"]) AC_MSG_RESULT($with_readline) # Is readline available? if test $with_readline != "no"; then AC_CHECK_HEADER([readline/readline.h], [AC_CHECK_LIB(readline, readline, [ AC_DEFINE(HAVE_READLINE, [], [Is readline available?]) LIBS="$LIBS -lreadline" ], [])], []) fi # Check if a different OpenSSL directory was specified AC_MSG_CHECKING(if --with-openssl option is specified) AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], [crypto_dir=$withval]) AC_MSG_RESULT(${crypto_dir-default}) if test "x$crypto_dir" != "x"; then LIBS="$LIBS -L${crypto_dir}/lib" CPPFLAGS_ADD="-I${crypto_dir}/include $CPPFLAGS_ADD" fi AC_MSG_CHECKING(openssl version) AC_EGREP_CPP(yes, [#include #if OPENSSL_VERSION_NUMBER >= 0x0090602fL yes #endif], [AC_MSG_RESULT(ok)], [AC_MSG_RESULT(too old) AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.]) ]) AC_CHECK_HEADERS(openssl/engine.h) # checking rijndael AC_CHECK_HEADERS([openssl/aes.h], [], [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) # checking sha2 AC_MSG_CHECKING(sha2 support) AC_DEFINE([WITH_SHA2], [], [SHA2 support]) AC_CHECK_HEADER(openssl/sha2.h, [], [ CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing" AC_LIBOBJ([sha2]) CRYPTOBJS="$CRYPTOBJS sha2.o"]) AC_SUBST(CRYPTOBJS) # Option --enable-adminport AC_MSG_CHECKING(if --enable-adminport option is specified) AC_ARG_ENABLE(adminport, [ --enable-adminport enable admin port], [], [enable_adminport=no]) if test $enable_adminport = "yes"; then AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) fi AC_MSG_RESULT($enable_adminport) # Check for Kerberos5 support AC_MSG_CHECKING(if --enable-gssapi option is specified) AC_ARG_ENABLE(gssapi, [ --enable-gssapi enable GSS-API authentication], [], [enable_gssapi=no]) AC_MSG_RESULT($enable_gssapi) AC_PATH_PROG(KRB5_CONFIG,krb5-config,no) if test "x$enable_gssapi" = "xyes"; then if test "$KRB5_CONFIG" != "no"; then krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" krb5_libs="`$KRB5_CONFIG --libs gssapi`" LIBS="$LIBS $krb5_libs" CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) else AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) fi fi AC_MSG_CHECKING([if --enable-hybrid option is specified]) AC_ARG_ENABLE(hybrid, [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], [ LIBS="$LIBS -lcrypt"; enable_hybrid=yes; HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" AC_SUBST(HYBRID_OBJS) AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) ], [enable_hybrid=no]) AC_MSG_RESULT($enable_hybrid) AC_MSG_CHECKING([if --enable-frag option is specified]) AC_ARG_ENABLE(frag, [ --enable-frag enable IKE fragmentation payload support], [ LIBS="$LIBS -lcrypt"; enable_frag=yes; FRAG_OBJS="isakmp_frag.o" AC_SUBST(FRAG_OBJS) AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) ], [enable_frag=no]) AC_MSG_RESULT($enable_frag) # For dynamic libradius RACOON_PATH_LIBS(MD5_Init, crypto) AC_MSG_CHECKING(if --with-libradius option is specified) AC_ARG_WITH(libradius, [ --with-libradius=DIR specify libradius path (like/usr/pkg)], [libradius_dir=$withval], [libradius_dir=no]) AC_MSG_RESULT($libradius_dir) if test "$libradius_dir" != "no"; then if test "$libradius_dir" = "yes" ; then libradius_dir=""; fi; if test "x$libradius_dir" = "x"; then RACOON_PATH_LIBS(rad_create_request, radius) else if test -d "$libradius_dir/lib" -a \ -d "$libradius_dir/include" ; then RACOON_PATH_LIBS(rad_create_request, radius, "$libradius_dir/lib") CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" else AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) fi fi AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" AC_CHECK_FUNCS(rad_create_request) fi AC_MSG_CHECKING(if --enable-stats option is specified) AC_ARG_ENABLE(stats, [ --enable-stats enable statistics logging function], [], [enable_stats=no]) if test "x$enable_stats" = "xyes"; then AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) fi AC_MSG_RESULT($enable_stats) AC_MSG_CHECKING(if --enable-dpd option is specified) AC_ARG_ENABLE(dpd, [ --enable-dpd enable dead peer detection], [], [enable_dpd=no]) if test "x$enable_dpd" = "xyes"; then AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) fi AC_MSG_RESULT($enable_dpd) AC_MSG_CHECKING(if --enable-samode-unspec option is specified) AC_ARG_ENABLE(samode-unspec, [ --enable-samode-unspec enable to use unspecified a mode of SA], [], [enable_samode_unspec=no]) if test "x$enable_samode_unspec" = "xyes"; then AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) fi AC_MSG_RESULT($enable_samode_unspec) # Checks if IPv6 is requested AC_MSG_CHECKING([whether to enable ipv6]) AC_ARG_ENABLE(ipv6, [ --disable-ipv6 disable ipv6 support], [ case "$enableval" in no) AC_MSG_RESULT(no) ipv6=no ;; *) AC_MSG_RESULT(yes) ipv6=yes ;; esac ], AC_TRY_RUN([ /* AF_INET6 avalable check */ #include #include main() { exit(0); if (socket(AF_INET6, SOCK_STREAM, 0) < 0) exit(1); else exit(0); } ], AC_MSG_RESULT(yes) AC_DEFINE([INET6], [], [Support IPv6]) ipv6=yes, AC_MSG_RESULT(no) ipv6=no, AC_MSG_RESULT(no) ipv6=no )) if test "$ipv6" = "yes"; then AC_MSG_CHECKING(for advanced API support) AC_TRY_COMPILE([#ifndef INET6 #define INET6 #endif #include #include ], [struct in6_pktinfo a;], [AC_MSG_RESULT(yes) AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], [AC_MSG_RESULT(no)]) fi RACOON_CHECK_BUGGY_GETADDRINFO if test "$buggygetaddrinfo" = "yes"; then AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) fi # Check if kernel support is available for NAT-T, defaults to no. kernel_natt="no" AC_MSG_CHECKING(kernel NAT-Traversal support) case $host_os in linux*) # Linux kernel NAT-T check AC_EGREP_CPP(yes, [#include #ifdef SADB_X_EXT_NAT_T_TYPE yes #endif ], [kernel_natt="yes"]) ;; freebsd*|netbsd*) # NetBSD case # Same check for FreeBSD AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, [kernel_natt="yes"],, [ #define _KERNEL #include #include ]) ;; esac AC_MSG_RESULT($kernel_natt) AC_MSG_CHECKING(whether to support NAT-T) AC_ARG_ENABLE(natt, [ --enable-natt enable NAT-Traversal (yes/no/kernel)], [if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi], [enable_natt=$kernel_natt]) AC_MSG_RESULT($enable_natt) if test "$enable_natt" = "yes"; then if test "$kernel_natt" = "no" ; then AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) else AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) NATT_OBJS="nattraversal.o" AC_SUBST(NATT_OBJS) fi fi # Set up defines for supported NAT-T versions. natt_versions_default="00,02,rfc" AC_MSG_CHECKING(which NAT-T versions to support) AC_ARG_ENABLE(natt_versions, [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], [ enable_natt_versions=$natt_versions_default ]) if test "$enable_natt" = "yes"; then AC_MSG_RESULT($enable_natt_versions) for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do case $i in 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; esac done unset i else AC_MSG_RESULT([none]) fi AC_MSG_CHECKING(whether we support FWD policy) case $host in *linux*) AC_TRY_COMPILE([ #include #include ], [ int fwd = IPSEC_DIR_FWD; ], [AC_MSG_RESULT(yes) AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], [AC_MSG_RESULT(no)]) ;; *) AC_MSG_RESULT(no) ;; esac CFLAGS="$CFLAGS $CFLAGS_ADD" CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" case $host in *linux*) # Remove KERNEL_INCLUDE from CPPFLAGS. It will # be symlinked to src/include-glibc/linux in # compile time. CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` ;; esac AC_CONFIG_FILES([ Makefile package_version.h src/Makefile src/include-glibc/Makefile src/libipsec/Makefile src/setkey/Makefile src/racoon/Makefile src/racoon/samples/psk.txt src/racoon/samples/racoon.conf rpm/Makefile rpm/suse/Makefile rpm/suse/ipsec-tools.spec ]) AC_OUTPUT