diff options
author | Christian Mauderer <christian.mauderer@embedded-brains.de> | 2018-05-30 14:27:35 +0200 |
---|---|---|
committer | Christian Mauderer <christian.mauderer@embedded-brains.de> | 2018-08-01 09:55:27 +0200 |
commit | ff36f5e409707ada66506eefd4ac0a396cb28055 (patch) | |
tree | 9594b2a1aeb06b4ecaaae02644a65525adaf5bb5 /ipsec-tools/configure.ac | |
parent | if_ipsec: Port and add to everything-buildset. (diff) | |
download | rtems-libbsd-ff36f5e409707ada66506eefd4ac0a396cb28055.tar.bz2 |
Import ipsec-tools 0.8.2.
Import unchanged ipsec-tools sources in the release version 0.8.2. The
homepage of ipsec-tools is http://ipsec-tools.sourceforge.net/. The
sources can be obtained from there.
Diffstat (limited to 'ipsec-tools/configure.ac')
-rw-r--r-- | ipsec-tools/configure.ac | 825 |
1 files changed, 825 insertions, 0 deletions
diff --git a/ipsec-tools/configure.ac b/ipsec-tools/configure.ac new file mode 100644 index 00000000..85062456 --- /dev/null +++ b/ipsec-tools/configure.ac @@ -0,0 +1,825 @@ +dnl -*- mode: m4 -*- +dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp + +AC_PREREQ(2.52) +AC_INIT(ipsec-tools, 0.8.2) +AC_CONFIG_SRCDIR([configure.ac]) +AC_CONFIG_HEADERS(config.h) + +AM_INIT_AUTOMAKE(dist-bzip2) + +AC_ENABLE_SHARED(no) + +AC_PROG_CC +AC_HEADER_STDC +AC_PROG_LIBTOOL +AC_PROG_YACC +AM_PROG_LEX +AC_SUBST(LEXLIB) +AC_PROG_EGREP + +CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" + +case $host in +*netbsd*) + LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" + ;; +*linux*) + LIBS="$LIBS -lresolv" + INSTALL_OPTS="-o bin -g bin" + INCLUDE_GLIBC="include-glibc" + RPM="rpm" + AC_SUBST(INSTALL_OPTS) + AC_SUBST(INCLUDE_GLIBC) + AC_SUBST(RPM) + ;; +*darwin*) + LIBS="$LIBS -lresolv" + ;; +esac + +# Look up some IPsec-related headers +AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) +AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) +AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) +AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no]) + +# FreeBSD >=7 has only <netipsec/ipsec.h> +# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h> +# XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>, +# we can't decide which one to use (actually <netinet6/ipsec.h>) + + +if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then + have_netinet_ipsec=yes + AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h]) +else + if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then + have_netinet_ipsec=yes + AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h]) + else + # have_netinet_ipsec will be checked a few lines below + AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h]) + fi +fi + +case "$host_os" in + *linux*) + AC_ARG_WITH(kernel-headers, + AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include], + [where your Linux Kernel headers are installed]), + [ KERNEL_INCLUDE="$with_kernel_headers" + CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" + AC_SUBST(CONFIGURE_AMFLAGS) ], + [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) + + AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , + [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, + KERNEL_INCLUDE=/usr/src/linux/include , + [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) + AC_SUBST(KERNEL_INCLUDE) + # We need the configure script to run with correct kernel headers. + # However we don't want to point to kernel source tree in compile time, + # i.e. this will be removed from CPPFLAGS at the end of configure. + CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" + + AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, + [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], + [Are PF_KEY policy priorities supported?])], [], + [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) + + GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' + GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" + CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" + CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS" + AC_SUBST(GLIBC_BUGS) + ;; + *) + if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then + if test "$have_net_pfkey" = yes; then + AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) + else + AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) + fi + fi + ;; +esac + +### Some basic toolchain checks + +# Checks for header files. +AC_HEADER_STDC +AC_HEADER_SYS_WAIT +AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) +AC_CHECK_HEADERS(shadow.h) + +# Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +AC_TYPE_PID_T +AC_TYPE_SIZE_T +AC_HEADER_TIME +AC_STRUCT_TM + +# Checks for library functions. +AC_FUNC_MEMCMP +AC_TYPE_SIGNAL +AC_FUNC_VPRINTF +AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat) +AC_REPLACE_FUNCS(strdup) +RACOON_CHECK_VA_COPY + +# Check if printf accepts "%z" type modifier for size_t argument +AC_MSG_CHECKING(if printf accepts %z) +saved_CFLAGS=$CFLAGS +CFLAGS="$CFLAGS -Wall -Werror" +AC_TRY_COMPILE([ +#include <stdio.h> +], [ +printf("%zu\n", (size_t)-1); +], + [AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no); + CFLAGS_ADD="$CFLAGS_ADD -Wno-format"; + AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.]) + ]) +CFLAGS=$saved_CFLAGS + +# Can we use __func__ macro? +AC_MSG_CHECKING(if __func__ is available) +AC_TRY_COMPILE( +[#include <stdio.h> +], [char *x = __func__;], + [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) + AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no)]) + +# Check if readline support is requested +AC_MSG_CHECKING(if readline support is requested) +AC_ARG_WITH(readline, + [ --with-readline support readline input (yes by default)], + [with_readline="$withval"], [with_readline="yes"]) +AC_MSG_RESULT($with_readline) + +# Is readline available? +if test $with_readline != "no"; then + AC_CHECK_HEADER([readline/readline.h], + [AC_CHECK_LIB(readline, readline, [ + AC_DEFINE(HAVE_READLINE, [], + [Is readline available?]) + LIBS="$LIBS -lreadline" + ], [])], []) +fi + + +AC_MSG_CHECKING(if --with-flex option is specified) +AC_ARG_WITH(flexdir, + [AC_HELP_STRING([--with-flex], [use directiory (default: no)])], + [flexdir="$withval"]) +AC_MSG_RESULT(${flexdir-dirdefault}) + +if test "x$flexdir" != "x"; then + LIBS="$LIBS $flexdir/libfl.a" +fi + +AC_MSG_CHECKING(if --with-flexlib option is specified) +AC_ARG_WITH(flexlib, + [ --with-flexlib=<LIB> specify flex library.], + [flexlib="$withval"]) +AC_MSG_RESULT(${flexlib-default}) + +if test "x$flexlib" != "x"; then + LIBS="$LIBS $flexlib" +fi + +# Check if a different OpenSSL directory was specified +AC_MSG_CHECKING(if --with-openssl option is specified) +AC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], + [crypto_dir=$withval]) +AC_MSG_RESULT(${crypto_dir-default}) + +if test "x$crypto_dir" != "x"; then + LIBS="$LIBS -L${crypto_dir}/lib" + CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS" +fi +AC_MSG_CHECKING(openssl version) + +AC_TRY_COMPILE( +[#include <openssl/opensslv.h> +], +[#if OPENSSL_VERSION_NUMBER < 0x0090813fL +#error OpenSSL version is too old ... +#endif], +[AC_MSG_RESULT([ok])], +[AC_MSG_RESULT(too old) +AC_MSG_ERROR([OpenSSL version must be 0.9.8s or higher. Aborting.]) +]) + +AC_CHECK_HEADERS(openssl/engine.h) + +# checking rijndael +AC_CHECK_HEADERS([openssl/aes.h], [], + [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) + +# checking sha2 +AC_MSG_CHECKING(sha2 support) +AC_DEFINE([WITH_SHA2], [], [SHA2 support]) +AC_MSG_RESULT(yes) +AC_CHECK_HEADER(openssl/sha2.h, [], [ + AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h) + AC_TRY_COMPILE([ + #ifdef HAVE_SYS_TYPES_H + #include <sys/types.h> + #endif + #include <openssl/sha.h> + ], [ + SHA256_CTX ctx; + ], [ + AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h]) + ], [AC_MSG_RESULT(no) + AC_LIBOBJ([sha2]) + CRYPTOBJS="$CRYPTOBJS sha2.o" + ]) + + CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing" +]) +AC_SUBST(CRYPTOBJS) + +# checking camellia +AC_CHECK_HEADERS([openssl/camellia.h]) + + +# Option --enable-adminport +AC_MSG_CHECKING(if --enable-adminport option is specified) +AC_ARG_ENABLE(adminport, + [ --enable-adminport enable admin port], + [], [enable_adminport=no]) +if test $enable_adminport = "yes"; then + AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) +fi +AC_MSG_RESULT($enable_adminport) + +# Option RC5 +AC_MSG_CHECKING(if --enable-rc5 option is specified) +AC_ARG_ENABLE(rc5, + [ --enable-rc5 enable RC5 encryption (patented)], + [], [enable_rc5=no]) +AC_MSG_RESULT($enable_rc5) + +if test $enable_rc5 = "yes"; then + AC_CHECK_HEADERS([openssl/rc5.h]) + AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt], + [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"]) +fi + +# Option IDEA +AC_MSG_CHECKING(if --enable-idea option is specified) +AC_ARG_ENABLE(idea, + [ --enable-idea enable IDEA encryption (patented)], + [], [enable_idea=no]) +AC_MSG_RESULT($enable_idea) + +if test $enable_idea = "yes"; then + AC_CHECK_HEADERS([openssl/idea.h]) + AC_CHECK_LIB([crypto_idea], [idea_encrypt], + [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"]) +fi +AC_SUBST(EXTRA_CRYPTO) + +# For dynamic libradius +RACOON_PATH_LIBS([MD5_Init], [crypto]) + +# Check if we need -lutil for login(3) +RACOON_PATH_LIBS([login], [util]) + +# Specify libiconv prefix +AC_MSG_CHECKING(if --with-libiconv option is specified) +AC_ARG_WITH(libiconv, + [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)], + [libiconv_dir=$withval], + [libiconv_dir=no]) +AC_MSG_RESULT($libiconv_dir) +if test "$libiconv_dir" != "no"; then + if test "$libiconv_dir" = "yes" ; then + libiconv_dir=""; + fi; + if test "x$libiconv_dir" = "x"; then + RACOON_PATH_LIBS([iconv_open], [iconv]) + else + if test -d "$libiconv_dir/lib" -a \ + -d "$libiconv_dir/include" ; then + RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"]) + CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include" + else + AC_MSG_ERROR([ICONV libs or includes not found. Aborting.]) + fi + fi + LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv" + AC_CHECK_FUNCS(iconv_open) +fi + +AC_MSG_CHECKING([if --enable-hybrid option is specified]) +AC_ARG_ENABLE(hybrid, + [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], + [], [enable_hybrid=no]) +AC_MSG_RESULT($enable_hybrid) + +if test "x$enable_hybrid" = "xyes"; then + case $host in + *darwin*) + ;; + *) + LIBS="$LIBS -lcrypt"; + ;; + esac + HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" + AC_SUBST(HYBRID_OBJS) + AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) +fi + +AC_MSG_CHECKING([if --enable-frag option is specified]) +AC_ARG_ENABLE(frag, + [ --enable-frag enable IKE fragmentation payload support], + [], [enable_frag=no]) +AC_MSG_RESULT($enable_frag) + +if test "x$enable_frag" = "xyes"; then + case $host in + *darwin*) + ;; + *) + LIBS="$LIBS -lcrypt"; + ;; + esac + FRAG_OBJS="isakmp_frag.o" + AC_SUBST(FRAG_OBJS) + AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) +fi + +AC_MSG_CHECKING(if --with-libradius option is specified) +AC_ARG_WITH(libradius, + [ --with-libradius=DIR specify libradius path (like/usr/pkg)], + [libradius_dir=$withval], + [libradius_dir=no]) +AC_MSG_RESULT($libradius_dir) +if test "$libradius_dir" != "no"; then + if test "$libradius_dir" = "yes" ; then + libradius_dir=""; + fi; + if test "x$libradius_dir" = "x"; then + RACOON_PATH_LIBS([rad_create_request], [radius]) + else + if test -d "$libradius_dir/lib" -a \ + -d "$libradius_dir/include" ; then + RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) + CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" + else + AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) + fi + fi + AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) + LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" + AC_CHECK_FUNCS(rad_create_request) +fi + +AC_MSG_CHECKING(if --with-libpam option is specified) +AC_ARG_WITH(libpam, + [ --with-libpam=DIR specify libpam path (like/usr/pkg)], + [libpam_dir=$withval], + [libpam_dir=no]) +AC_MSG_RESULT($libpam_dir) +if test "$libpam_dir" != "no"; then + if test "$libpam_dir" = "yes" ; then + libpam_dir=""; + fi; + if test "x$libpam_dir" = "x"; then + RACOON_PATH_LIBS([pam_start], [pam]) + else + if test -d "$libpam_dir/lib" -a \ + -d "$libpam_dir/include" ; then + RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"]) + CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include" + else + AC_MSG_ERROR([PAM libs or includes not found. Aborting.]) + fi + fi + AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM]) + LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam" + AC_CHECK_FUNCS(pam_start) +fi + +AC_MSG_CHECKING(if --with-libldap option is specified) +AC_ARG_WITH(libldap, + [ --with-libldap=DIR specify libldap path (like/usr/pkg)], + [libldap_dir=$withval], + [libldap_dir=no]) +AC_MSG_RESULT($libldap_dir) +if test "$libldap_dir" != "no"; then + if test "$libldap_dir" = "yes" ; then + libldap_dir=""; + fi; + if test "x$libldap_dir" = "x"; then + RACOON_PATH_LIBS([ldap_init], [ldap]) + else + if test -d "$libldap_dir/lib" -a \ + -d "$libldap_dir/include" ; then + RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"]) + CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include" + else + AC_MSG_ERROR([LDAP libs or includes not found. Aborting.]) + fi + fi + AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP]) + LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap" + + saved_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -Wall -Werror" + saved_CPPFLAGS=$CPPFLAGS + CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" + AC_TRY_COMPILE( + [#include <ldap.h>], + [ + #if LDAP_API_VERSION < 2004 + #error OpenLDAP version is too old ... + #endif + ], + [AC_MSG_RESULT([ok])], + [ + AC_MSG_RESULT(too old) + AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.]) + ]) + CFLAGS=$saved_CFLAGS + CPPFLAGS=$saved_CPPFLAGS +fi + +# Check for Kerberos5 support +# XXX This must come after all --with-* tests, else the +# -liconv checks will not work +AC_MSG_CHECKING(if --enable-gssapi option is specified) +AC_ARG_ENABLE(gssapi, + [ --enable-gssapi enable GSS-API authentication], + [], [enable_gssapi=no]) +AC_MSG_RESULT($enable_gssapi) +AC_PATH_PROG(KRB5_CONFIG,krb5-config,no) +if test "x$enable_gssapi" = "xyes"; then + if test "$KRB5_CONFIG" != "no"; then + krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" + krb5_libs="`$KRB5_CONFIG --libs gssapi`" + else + # No krb5-config; let's make some assumptions based on + # the OS. + case $host_os in + netbsd*) + krb5_incdir="-I/usr/include/krb5" + krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1" + ;; + *) + AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) + ;; + esac + fi + LIBS="$LIBS $krb5_libs" + CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" + AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) + + # Check if iconv 2nd argument needs const + saved_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -Wall -Werror" + saved_CPPFLAGS=$CPPFLAGS + CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" + AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])]) + AC_MSG_CHECKING([if iconv second argument needs const]) + AC_TRY_COMPILE([ + #include <iconv.h> + #include <stdio.h> + ], [ + iconv_t cd = NULL; + const char **src = NULL; + size_t *srcleft = NULL; + char **dst = NULL; + size_t *dstleft = NULL; + + (void)iconv(cd, src, srcleft, dst, dstleft); + ], [AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const]) + ], [AC_MSG_RESULT(no)]) + CFLAGS=$saved_CFLAGS + CPPFLAGS=$saved_CPPFLAGS + + # libiconv is often integrated into libc. If a with-* option + # caused a non libc-based iconv.h to be catched instead of + # the libc-based iconv.h, then we need to link with -liconv + AC_MSG_CHECKING(if -liconv is required) + saved_CPPFLAGS=$CPPFLAGS + saved_LIBS=$LIBS + CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" + AC_TRY_LINK([ + #include <iconv.h> + ], [ + (void)iconv_open("ascii", "ascii"); + ], + [AC_MSG_RESULT(no)], + [ + LIBS="$LIBS -liconv" + AC_TRY_LINK([ + #include <iconv.h> + ], [ + (void)iconv_open("ascii", "ascii"); + ], + [ + AC_MSG_RESULT(yes) + saved_LIBS=$LIBS + ], [ + AC_MSG_ERROR([cannot use iconv]) + ]) + ]) + CPPFLAGS=$saved_CPPFLAGS + LIBS=$saved_LIBS +fi + +AC_MSG_CHECKING(if --enable-stats option is specified) +AC_ARG_ENABLE(stats, + [ --enable-stats enable statistics logging function], + [], [enable_stats=no]) +if test "x$enable_stats" = "xyes"; then + AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) +fi +AC_MSG_RESULT($enable_stats) + +AC_MSG_CHECKING(if --enable-dpd option is specified) +AC_ARG_ENABLE(dpd, + [ --enable-dpd enable dead peer detection], + [], [enable_dpd=no]) +if test "x$enable_dpd" = "xyes"; then + AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) +fi +AC_MSG_RESULT($enable_dpd) + +AC_MSG_CHECKING(if --enable-samode-unspec option is specified) +AC_ARG_ENABLE(samode-unspec, + [ --enable-samode-unspec enable to use unspecified a mode of SA], + [], [enable_samode_unspec=no]) +if test "x$enable_samode_unspec" = "xyes"; then + case $host_os in + *linux*) + cat << EOC + +ERROR: --enable-samode-unspec is not supported under linux +because linux kernel do not support it. This option is disabled +to prevent mysterious problems. + +If you REALLY know what your are doing, remove this check. +EOC + exit 1; + ;; + esac + AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) +fi +AC_MSG_RESULT($enable_samode_unspec) + +# Checks if IPv6 is requested +AC_MSG_CHECKING([whether to enable ipv6]) +AC_ARG_ENABLE(ipv6, +[ --disable-ipv6 disable ipv6 support], +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + ipv6=no + ;; + *) AC_MSG_RESULT(yes) + ipv6=yes + ;; + esac ], + + AC_TRY_RUN([ /* AF_INET6 avalable check */ +#include <sys/types.h> +#include <sys/socket.h> +main() +{ + exit(0); + if (socket(AF_INET6, SOCK_STREAM, 0) < 0) + exit(1); + else + exit(0); +} +], + AC_MSG_RESULT(yes) + AC_DEFINE([INET6], [], [Support IPv6]) + ipv6=yes, + AC_MSG_RESULT(no) + ipv6=no, + AC_MSG_RESULT(no) + ipv6=no +)) + +if test "$ipv6" = "yes"; then + AC_DEFINE([INET6], [], [Support IPv6]) + AC_MSG_CHECKING(for advanced API support) + AC_TRY_COMPILE([#ifndef INET6 +#define INET6 +#endif +#include <sys/types.h> +#include <netinet/in.h>], + [struct in6_pktinfo a;], + [AC_MSG_RESULT(yes) + AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], + [AC_MSG_RESULT(no)]) +fi + +RACOON_CHECK_BUGGY_GETADDRINFO +if test "$buggygetaddrinfo" = "yes"; then + AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) +fi + +# Check if kernel support is available for NAT-T, defaults to no. +kernel_natt="no" + +AC_MSG_CHECKING(kernel NAT-Traversal support) +case $host_os in +linux*) +# Linux kernel NAT-T check +AC_EGREP_CPP(yes, +[#include <linux/pfkeyv2.h> +#ifdef SADB_X_EXT_NAT_T_TYPE +yes +#endif +], [kernel_natt="yes"]) + ;; +freebsd*|netbsd*) +# NetBSD case +# Same check for FreeBSD +AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, + [kernel_natt="yes"],, [ +#define _KERNEL +#include <sys/types.h> +#include <net/pfkeyv2.h> +]) + ;; +esac +AC_MSG_RESULT($kernel_natt) + +AC_MSG_CHECKING(whether to support NAT-T) +AC_ARG_ENABLE(natt, + [ --enable-natt enable NAT-Traversal (yes/no/kernel)], + [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ], + [ enable_natt=no ]) +AC_MSG_RESULT($enable_natt) + +if test "$enable_natt" = "yes"; then + if test "$kernel_natt" = "no" ; then + AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) + else + AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) + NATT_OBJS="nattraversal.o" + AC_SUBST(NATT_OBJS) + fi +fi + +# Set up defines for supported NAT-T versions. +natt_versions_default="00,02,rfc" +AC_MSG_CHECKING(which NAT-T versions to support) +AC_ARG_ENABLE(natt_versions, + [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], + [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], + [ enable_natt_versions=$natt_versions_default ]) +if test "$enable_natt" = "yes"; then + AC_MSG_RESULT($enable_natt_versions) + for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do + case $i in + 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; + 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; + 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; + 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; + 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; + 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; + 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; + 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; + 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; + RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; + *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; + esac + done + unset i +else + AC_MSG_RESULT([none]) +fi + +AC_MSG_CHECKING(if --enable-broken-natt option is specified) +AC_ARG_ENABLE(broken-natt, + [ --enable-broken-natt broken in-kernel NAT-T], + [], [enable_broken_natt=no]) +if test "x$enable_broken_natt" = "xyes"; then + AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken]) +fi +AC_MSG_RESULT($enable_broken_natt) + +AC_MSG_CHECKING(whether we support FWD policy) +case $host in + *linux*) + AC_TRY_COMPILE([ + #include <inttypes.h> + #include <linux/ipsec.h> + ], [ + int fwd = IPSEC_DIR_FWD; + ], + [AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], + [AC_MSG_RESULT(no)]) + ;; + *) + AC_MSG_RESULT(no) + ;; +esac + +AC_CHECK_TYPE([ipsec_policy_t], + [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])], + [], + [ + #include <sys/types.h> + #include <netinet6/ipsec.h> + ]) + +# Check if kernel support is available for Security Context, defaults to no. +kernel_secctx="no" + +AC_MSG_CHECKING(kernel Security Context support) +case $host_os in +linux*) +# Linux kernel Security Context check +AC_EGREP_CPP(yes, +[#include <linux/pfkeyv2.h> +#ifdef SADB_X_EXT_SEC_CTX +yes +#endif +], [kernel_secctx="yes"]) + ;; +esac +AC_MSG_RESULT($kernel_secctx) + +AC_CHECK_HEADER(selinux/selinux.h, + [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes], + [selinux_support=no])], [selinux_support=no]) + +AC_MSG_CHECKING(whether to support Security Context) +AC_ARG_ENABLE(security-context, + [ --enable-security-context enable Security Context(yes/no/kernel)], + [if test "$enable_security_context" = "kernel"; then + enable_security_context=$kernel_secctx; fi], + [enable_security_context=$kernel_secctx]) +AC_MSG_RESULT($enable_security_context) + +if test "$enable_security_context" = "yes"; then + if test "$kernel_secctx" = "no" ; then + AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.]) + else + if test "$selinux_support" = "no"; then + AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.]) + else + AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context]) + SECCTX_OBJS="security.o" + AC_SUBST(SECCTX_OBJS) + LIBS="$LIBS -lselinux" + fi + fi +fi + +RACOON_PATH_LIBS([clock_gettime], [rt]) + +AC_MSG_CHECKING(for monotonic system clock) +AC_TRY_COMPILE( + [#include <time.h>], + [clock_gettime(CLOCK_MONOTONIC, NULL);], + [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock]) + AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(no)]) + +CFLAGS="$CFLAGS $CFLAGS_ADD" +CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" + +case $host in + *linux*) + # Remove KERNEL_INCLUDE from CPPFLAGS. It will + # be symlinked to src/include-glibc/linux in + # compile time. + CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` + ;; +esac + +include_racoondir=${includedir}/racoon +AC_SUBST(include_racoondir) + +AC_CONFIG_FILES([ + Makefile + package_version.h + src/Makefile + src/include-glibc/Makefile + src/libipsec/Makefile + src/setkey/Makefile + src/racoon/Makefile + src/racoon/samples/psk.txt + src/racoon/samples/racoon.conf + rpm/Makefile + rpm/suse/Makefile + rpm/suse/ipsec-tools.spec + ]) +AC_OUTPUT |