You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
strongswan/configure.ac

2152 lines
85 KiB

#
# Copyright (C) 2007-2017 Tobias Brunner
# Copyright (C) 2006-2019 Andreas Steffen
# Copyright (C) 2006-2014 Martin Willi
# HSR Hochschule fuer Technik Rapperswil
# Copyright (C) 2017 Domonkos P. Tomcsanyi
# umlaut Communications Gmbh.
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# ============================
# initialize & set some vars
# ============================
AC_INIT([strongSwan],[5.9.3])
AM_INIT_AUTOMAKE(m4_esyscmd([
echo tar-ustar
echo subdir-objects
case `automake --version | head -n 1` in
*" 1.9"*);;
*" 1.10"*);;
*" 1.11"*);;
# don't use parallel test harness in 1.12 and up
*) echo serial-tests;;
esac
]))
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES])
AC_CONFIG_MACRO_DIR([m4/config])
AC_CONFIG_HEADERS([config.h])
AC_DEFINE([CONFIG_H_INCLUDED], [], [defined if config.h included])
AC_DISABLE_STATIC
PKG_PROG_PKG_CONFIG
m4_include(m4/macros/split-package-version.m4)
SPLIT_PACKAGE_VERSION
# =================================
# check --enable-xxx & --with-xxx
# =================================
m4_include(m4/macros/with.m4)
ARG_WITH_SUBST([random-device], [/dev/random], [set the device to read real random data from])
ARG_WITH_SUBST([urandom-device], [/dev/urandom], [set the device to read pseudo random data from])
ARG_WITH_SUBST([strongswan-conf], [${sysconfdir}/strongswan.conf], [set the strongswan.conf file location])
ARG_WITH_SUBST([resolv-conf], [${sysconfdir}/resolv.conf], [set the file to use in DNS handler plugin])
ARG_WITH_SUBST([piddir], [/var/run], [set path for PID and UNIX socket files])
ARG_WITH_SUBST([ipsecdir], [${libexecdir%/}/ipsec], [set installation path for ipsec tools])
ARG_WITH_SUBST([ipseclibdir], [${libdir%/}/ipsec], [set installation path for ipsec libraries])
ARG_WITH_SUBST([plugindir], [${ipseclibdir%/}/plugins], [set the installation path of plugins])
Spelling fixes * accumulating * acquire * alignment * appropriate * argument * assign * attribute * authenticate * authentication * authenticator * authority * auxiliary * brackets * callback * camellia * can't * cancelability * certificate * choinyambuu * chunk * collector * collision * communicating * compares * compatibility * compressed * confidentiality * configuration * connection * consistency * constraint * construction * constructor * database * decapsulated * declaration * decrypt * derivative * destination * destroyed * details * devised * dynamic * ecapsulation * encoded * encoding * encrypted * enforcing * enumerator * establishment * excluded * exclusively * exited * expecting * expire * extension * filter * firewall * foundation * fulfillment * gateways * hashing * hashtable * heartbeats * identifier * identifiers * identities * identity * implementers * indicating * initialize * initiate * initiation * initiator * inner * instantiate * legitimate * libraries * libstrongswan * logger * malloc * manager * manually * measurement * mechanism * message * network * nonexistent * object * occurrence * optional * outgoing * packages * packets * padding * particular * passphrase * payload * periodically * policies * possible * previously * priority * proposal * protocol * provide * provider * pseudo * pseudonym * public * qualifier * quantum * quintuplets * reached * reading * recommendation to * recommendation * recursive * reestablish * referencing * registered * rekeying * reliable * replacing * representing * represents * request * request * resolver * result * resulting * resynchronization * retriable * revocation * right * rollback * rule * rules * runtime * scenario * scheduled * security * segment * service * setting * signature * specific * specified * speed * started * steffen * strongswan * subjectaltname * supported * threadsafe * traffic * tremendously * treshold * unique * uniqueness * unknown * until * upper * using * validator * verification * version * version * warrior Closes strongswan/strongswan#164.
3 years ago
ARG_WITH_SUBST([imcvdir], [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic libraries])
ARG_WITH_SUBST([nm-ca-dir], [/usr/share/ca-certificates], [directory the NM backend uses to look up trusted root certificates])
ARG_WITH_SUBST([swanctldir], [${sysconfdir}/swanctl], [base directory for swanctl configuration files and credentials])
ARG_WITH_SUBST([linux-headers], [\${top_srcdir}/src/include], [set directory of linux header files to use])
ARG_WITH_SUBST([routing-table], [220], [set routing table to use for IPsec routes])
ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])
ARG_WITH_SUBST([ipsec-script], [ipsec], [change the name of the ipsec script])
ARG_WITH_SUBST([fips-mode], [0], [set openssl FIPS mode: disabled(0), enabled(1), Suite B enabled(2)])
ARG_WITH_SUBST([libfuzzer], [], [-fsanitize=fuzzer or path to libFuzzer.a, a local driver is used if not specified])
ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently supported values are "libcap" and "native"])
ARG_WITH_SET([mpz_powm_sec], [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
ARG_WITH_SET([dev-headers], [no], [install strongSwan development headers to directory.])
ARG_WITH_SET([printf-hooks], [auto], [force the use of a specific printf hook implementation (auto, builtin, glibc, vstr).])
ARG_WITH_SET([rubygemdir], ["gem environment gemdir"], [path to install ruby gems to])
ARG_WITH_SET([pythoneggdir], ["main site-packages directory"], [path to install python eggs to to])
if test -n "$PKG_CONFIG"; then
systemdsystemunitdir_default=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)
fi
ARG_WITH_SET([systemdsystemunitdir], [$systemdsystemunitdir_default], [directory for systemd service files])
AC_SUBST(systemdsystemunitdir)
AC_ARG_WITH(
[dbuspolicydir],
AS_HELP_STRING([--with-dbuspolicydir=arg],[directory for D-Bus policies (default: ${dbusdatadir|datarootdir}/dbus-1/system.d)]),
[dbuspolicydir="$withval"],
[PKG_CHECK_VAR([dbusdatadir], [dbus-1], [datadir], , [dbusdatadir="${datarootdir}"])
dbuspolicydir="${dbusdatadir}/dbus-1/system.d"]
)
AC_SUBST(dbuspolicydir)
AC_ARG_WITH(
[user],
14 years ago
AS_HELP_STRING([--with-user=user],[change user of the daemons to "user" after startup (default is "root").]),
[AC_DEFINE_UNQUOTED([IPSEC_USER], "$withval", [username to run daemon with])
AC_SUBST(ipsecuser, "$withval")],
[AC_SUBST(ipsecuser, "root")]
)
AC_ARG_WITH(
[group],
14 years ago
AS_HELP_STRING([--with-group=group],[change group of the daemons to "group" after startup (default is "root").]),
[AC_DEFINE_UNQUOTED(IPSEC_GROUP, "$withval", [groupname to run daemon with])
AC_SUBST(ipsecgroup, "$withval")],
[AC_SUBST(ipsecgroup, "root")]
)
AC_ARG_WITH(
[charon-udp-port],
AS_HELP_STRING([--with-charon-udp-port=port],[UDP port used by charon locally (default 500). Set to 0 to allocate randomly.]),
[AC_DEFINE_UNQUOTED(CHARON_UDP_PORT, [$withval], [UDP port used by charon locally])
AC_SUBST(charon_udp_port, [$withval])],
[AC_SUBST(charon_udp_port, 500)]
)
AC_ARG_WITH(
[charon-natt-port],
AS_HELP_STRING([--with-charon-natt-port=port],[UDP port used by charon locally in case a NAT is detected (must be different from charon-udp-port, default 4500). Set to 0 to allocate randomly.]),
[AC_DEFINE_UNQUOTED(CHARON_NATT_PORT, [$withval], [UDP post used by charon locally in case a NAT is detected])
AC_SUBST(charon_natt_port, [$withval])],
[AC_SUBST(charon_natt_port, 4500)]
)
AC_MSG_CHECKING([configured UDP ports ($charon_udp_port, $charon_natt_port)])
if test x$charon_udp_port != x0 -a x$charon_udp_port = x$charon_natt_port; then
AC_MSG_ERROR(the ports have to be different)
else
AC_MSG_RESULT(ok)
fi
# convert script name to uppercase
AC_SUBST(ipsec_script_upper, [`echo -n "$ipsec_script" | tr a-z A-Z`])
m4_include(m4/macros/enable-disable.m4)
# crypto plugins
ARG_DISBL_SET([aes], [disable AES software implementation plugin.])
ARG_ENABL_SET([af-alg], [enable AF_ALG crypto interface to Linux Crypto API.])
ARG_ENABL_SET([bliss], [enable BLISS software implementation plugin.])
ARG_ENABL_SET([blowfish], [enable Blowfish software implementation plugin.])
ARG_ENABL_SET([botan], [enables the Botan crypto plugin.])
ARG_ENABL_SET([ccm], [enables the CCM AEAD wrapper crypto plugin.])
ARG_ENABL_SET([chapoly], [enables the ChaCha20/Poly1305 AEAD plugin.])
ARG_DISBL_SET([cmac], [disable CMAC crypto implementation plugin.])
ARG_ENABL_SET([ctr], [enables the Counter Mode wrapper crypto plugin.])
ARG_DISBL_SET([des], [disable DES/3DES software implementation plugin.])
ARG_DISBL_SET([drbg], [disable the NIST Deterministic Random Bit Generator plugin.])
ARG_DISBL_SET([fips-prf], [disable FIPS PRF software implementation plugin.])
ARG_ENABL_SET([gcm], [enables the GCM AEAD wrapper crypto plugin.])
ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.])
ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.])
ARG_DISBL_SET([curve25519], [disable Curve25519 Diffie-Hellman plugin.])
ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.])
ARG_ENABL_SET([md4], [enable MD4 software implementation plugin.])
ARG_DISBL_SET([md5], [disable MD5 software implementation plugin.])
ARG_ENABL_SET([mgf1], [enable the MGF1 software implementation plugin.])
ARG_ENABL_SET([newhope], [enable New Hope crypto plugin.])
ARG_DISBL_SET([nonce], [disable nonce generation plugin.])
ARG_ENABL_SET([ntru], [enables the NTRU crypto plugin.])
ARG_ENABL_SET([openssl], [enables the OpenSSL crypto plugin.])
ARG_ENABL_SET([wolfssl], [enables the wolfSSL crypto plugin.])
ARG_ENABL_SET([padlock], [enables VIA Padlock crypto plugin.])
ARG_DISBL_SET([random], [disable RNG implementation on top of /dev/(u)random.])
ARG_DISBL_SET([rc2], [disable RC2 software implementation plugin.])
ARG_ENABL_SET([rdrand], [enable Intel RDRAND random generator plugin.])
ARG_ENABL_SET([aesni], [enable Intel AES-NI crypto plugin.])
ARG_DISBL_SET([sha1], [disable SHA1 software implementation plugin.])
ARG_DISBL_SET([sha2], [disable SHA256/SHA384/SHA512 software implementation plugin.])
ARG_ENABL_SET([sha3], [enable SHA3_224/SHA3_256/SHA3_384/SHA3_512 software implementation plugin.])
ARG_DISBL_SET([xcbc], [disable xcbc crypto implementation plugin.])
# encoding/decoding plugins
ARG_DISBL_SET([dnskey], [disable DNS RR key decoding plugin.])
ARG_DISBL_SET([pem], [disable PEM decoding plugin.])
ARG_DISBL_SET([pgp], [disable PGP key decoding plugin.])
ARG_DISBL_SET([pkcs1], [disable PKCS1 key decoding plugin.])
ARG_DISBL_SET([pkcs7], [disable PKCS7 container support plugin.])
ARG_DISBL_SET([pkcs8], [disable PKCS8 private key decoding plugin.])
ARG_DISBL_SET([pkcs12], [disable PKCS12 container support plugin.])
ARG_DISBL_SET([pubkey], [disable RAW public key support plugin.])
ARG_DISBL_SET([sshkey], [disable SSH key decoding plugin.])
ARG_DISBL_SET([x509], [disable X509 certificate implementation plugin.])
# fetcher/resolver plugins
ARG_ENABL_SET([curl], [enable CURL fetcher plugin to fetch files via libcurl. Requires libcurl.])
ARG_ENABL_SET([files], [enable simple file:// URI fetcher.])
ARG_ENABL_SET([ldap], [enable LDAP fetching plugin to fetch files via libldap. Requires openLDAP.])
ARG_ENABL_SET([soup], [enable soup fetcher plugin to fetch from HTTP via libsoup. Requires libsoup.])
ARG_ENABL_SET([unbound], [enable UNBOUND resolver plugin to perform DNS queries via libunbound. Requires libldns and libunbound.])
ARG_ENABL_SET([winhttp], [enable WinHTTP based HTTP/HTTPS fetching plugin.])
# database plugins
ARG_ENABL_SET([mysql], [enable MySQL database support. Requires libmysqlclient_r.])
ARG_ENABL_SET([sqlite], [enable SQLite database support. Requires libsqlite3.])
# authentication/credential plugins
ARG_ENABL_SET([addrblock], [enables RFC 3779 address block constraint support.])
ARG_ENABL_SET([acert], [enable X509 attribute certificate checking plugin.])
ARG_ENABL_SET([agent], [enables the ssh-agent signing plugin.])
ARG_DISBL_SET([constraints], [disable advanced X509 constraint checking plugin.])
ARG_ENABL_SET([coupling], [enable IKEv2 plugin to couple peer certificates permanently to authentication.])
ARG_ENABL_SET([dnscert], [enable DNSCERT authentication plugin.])
13 years ago
ARG_ENABL_SET([eap-sim], [enable SIM authentication module for EAP.])
ARG_ENABL_SET([eap-sim-file], [enable EAP-SIM backend based on a triplet file.])
ARG_ENABL_SET([eap-sim-pcsc], [enable EAP-SIM backend based on a smartcard reader. Requires libpcsclite.])
ARG_ENABL_SET([eap-aka], [enable EAP AKA authentication module.])
ARG_ENABL_SET([eap-aka-3gpp], [enable EAP AKA backend implementing 3GPP MILENAGE algorithms in software.])
ARG_ENABL_SET([eap-aka-3gpp2], [enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp.])
ARG_ENABL_SET([eap-simaka-pcsc], [enable EAP-SIM/AKA backend based on a smartcard reader. Requires libpcsclite.])
ARG_ENABL_SET([eap-simaka-sql], [enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database.])
ARG_ENABL_SET([eap-simaka-pseudonym], [enable EAP-SIM/AKA pseudonym storage plugin.])
ARG_ENABL_SET([eap-simaka-reauth], [enable EAP-SIM/AKA reauthentication data storage plugin.])
ARG_ENABL_SET([eap-identity], [enable EAP module providing EAP-Identity helper.])
13 years ago
ARG_ENABL_SET([eap-md5], [enable EAP MD5 (CHAP) authentication module.])
ARG_ENABL_SET([eap-gtc], [enable EAP GTC authentication module.])
13 years ago
ARG_ENABL_SET([eap-mschapv2], [enable EAP MS-CHAPv2 authentication module.])
ARG_ENABL_SET([eap-tls], [enable EAP TLS authentication module.])
ARG_ENABL_SET([eap-ttls], [enable EAP TTLS authentication module.])
ARG_ENABL_SET([eap-peap], [enable EAP PEAP authentication module.])
ARG_ENABL_SET([eap-tnc], [enable EAP TNC trusted network connect module.])
ARG_ENABL_SET([eap-dynamic], [enable dynamic EAP proxy module.])
13 years ago
ARG_ENABL_SET([eap-radius], [enable RADIUS proxy authentication module.])
ARG_ENABL_SET([ext-auth], [enable plugin calling an external authorization script.])
ARG_ENABL_SET([ipseckey], [enable IPSECKEY authentication plugin.])
ARG_ENABL_SET([keychain], [enables OS X Keychain Services credential set.])
ARG_ENABL_SET([pkcs11], [enables the PKCS11 token support plugin.])
ARG_ENABL_SET([tpm], [enables the TPM plugin.])
ARG_DISBL_SET([revocation], [disable X509 CRL/OCSP revocation check plugin.])
ARG_ENABL_SET([whitelist], [enable peer identity whitelisting plugin.])
ARG_DISBL_SET([xauth-generic], [disable generic XAuth backend.])
ARG_ENABL_SET([xauth-eap], [enable XAuth backend using EAP methods to verify passwords.])
ARG_ENABL_SET([xauth-pam], [enable XAuth backend using PAM to verify passwords.])
ARG_ENABL_SET([xauth-noauth], [enable XAuth pseudo-backend that does not actually verify or even request any credentials.])
# kernel interfaces / sockets
ARG_DISBL_SET([kernel-netlink], [disable the netlink kernel interface.])
ARG_ENABL_SET([kernel-pfkey], [enable the PF_KEY kernel interface.])
ARG_ENABL_SET([kernel-pfroute], [enable the PF_ROUTE kernel interface.])
ARG_ENABL_SET([kernel-iph], [enable the Windows IP Helper based networking backend.])
ARG_ENABL_SET([kernel-libipsec],[enable the libipsec kernel interface.])
ARG_ENABL_SET([kernel-wfp], [enable the Windows Filtering Platform IPsec backend.])
ARG_DISBL_SET([socket-default], [disable default socket implementation for charon.])
ARG_ENABL_SET([socket-dynamic], [enable dynamic socket implementation for charon])
ARG_ENABL_SET([socket-win], [enable Winsock2 based socket implementation for charon])
# configuration/control plugins
ARG_DISBL_SET([stroke], [disable charons stroke configuration backend.])
ARG_ENABL_SET([smp], [enable SMP configuration and control interface. Requires libxml.])
ARG_ENABL_SET([sql], [enable SQL database configuration backend.])
ARG_ENABL_SET([uci], [enable OpenWRT UCI configuration plugin.])
ARG_DISBL_SET([vici], [disable strongSwan IKE generic IPC interface plugin.])
# attribute provider/consumer plugins
ARG_ENABL_SET([android-dns], [enable Android specific DNS handler.])
ARG_DISBL_SET([attr], [disable strongswan.conf based configuration attribute plugin.])
ARG_ENABL_SET([attr-sql], [enable SQL based configuration attribute plugin.])
ARG_ENABL_SET([dhcp], [enable DHCP based attribute provider plugin.])
ARG_ENABL_SET([osx-attr], [enable OS X SystemConfiguration attribute handler.])
ARG_ENABL_SET([p-cscf], [enable plugin to request P-CSCF server addresses from an ePDG.])
ARG_DISBL_SET([resolve], [disable resolve DNS handler plugin.])
ARG_ENABL_SET([unity], [enables Cisco Unity extension plugin.])
# TNC modules/plugins
ARG_ENABL_SET([imc-test], [enable IMC test module.])
ARG_ENABL_SET([imv-test], [enable IMV test module.])
ARG_ENABL_SET([imc-scanner], [enable IMC port scanner module.])
ARG_ENABL_SET([imv-scanner], [enable IMV port scanner module.])
ARG_ENABL_SET([imc-os], [enable IMC operating system module.])
ARG_ENABL_SET([imv-os], [enable IMV operating system module.])
ARG_ENABL_SET([imc-attestation],[enable IMC attestation module.])
ARG_ENABL_SET([imv-attestation],[enable IMV attestation module.])
ARG_ENABL_SET([imc-swima], [enable IMC swima module.])
ARG_ENABL_SET([imv-swima], [enable IMV swima module.])
ARG_ENABL_SET([imc-hcd], [enable IMC hcd module.])
ARG_ENABL_SET([imv-hcd], [enable IMV hcd module.])
ARG_ENABL_SET([tnc-ifmap], [enable TNC IF-MAP module. Requires libxml])
ARG_ENABL_SET([tnc-imc], [enable TNC IMC module.])
ARG_ENABL_SET([tnc-imv], [enable TNC IMV module.])
ARG_ENABL_SET([tnc-pdp], [enable TNC policy decision point module.])
ARG_ENABL_SET([tnccs-11], [enable TNCCS 1.1 protocol module. Requires libxml])
ARG_ENABL_SET([tnccs-20], [enable TNCCS 2.0 protocol module.])
ARG_ENABL_SET([tnccs-dynamic], [enable dynamic TNCCS protocol discovery module.])
# misc plugins
ARG_ENABL_SET([android-log], [enable Android specific logger plugin.])
ARG_ENABL_SET([bypass-lan], [enable plugin to install bypass policies for local subnets.])
ARG_ENABL_SET([certexpire], [enable CSV export of expiration dates of used certificates.])
ARG_ENABL_SET([connmark], [enable connmark plugin using conntrack based marks to select return path SA.])
ARG_ENABL_SET([counters], [enable plugin that collects several performance counters.])
ARG_ENABL_SET([forecast], [enable forecast plugin forwarding broadcast/multicast messages.])
ARG_ENABL_SET([duplicheck], [advanced duplicate checking plugin using liveness checks.])
ARG_ENABL_SET([error-notify], [enable error notification plugin.])
ARG_ENABL_SET([farp], [enable ARP faking plugin that responds to ARP requests to peers virtual IP])
ARG_ENABL_SET([ha], [enable high availability cluster plugin.])
ARG_ENABL_SET([led], [enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem.])
ARG_ENABL_SET([load-tester], [enable load testing plugin for IKEv2 daemon.])
ARG_ENABL_SET([lookip], [enable fast virtual IP lookup and notification plugin.])
ARG_ENABL_SET([radattr], [enable plugin to inject and process custom RADIUS attributes as IKEv2 client.])
ARG_ENABL_SET([save-keys], [enable development/debugging plugin that saves IKE and ESP keys in Wireshark format.])
ARG_ENABL_SET([systime-fix], [enable plugin to handle cert lifetimes with invalid system time gracefully.])
ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.])
ARG_DISBL_SET([updown], [disable updown firewall script plugin.])
# programs/components
ARG_ENABL_SET([aikgen], [enable AIK generator for TPM 1.2.])
ARG_DISBL_SET([charon], [disable the IKEv1/IKEv2 keying daemon charon.])
ARG_ENABL_SET([cmd], [enable the command line IKE client charon-cmd.])
ARG_ENABL_SET([conftest], [enforce Suite B conformance test framework.])
ARG_ENABL_SET([fast], [enable libfast (FastCGI Application Server w/ templates.])
ARG_ENABL_SET([fuzzing], [enable fuzzing scripts (found in directory fuzz).])
ARG_ENABL_SET([libipsec], [enable user space IPsec implementation.])
ARG_ENABL_SET([manager], [enable web management console (proof of concept).])
ARG_ENABL_SET([medcli], [enable mediation client configuration database plugin.])
ARG_ENABL_SET([medsrv], [enable mediation server web frontend and daemon plugin.])
ARG_ENABL_SET([nm], [enable NetworkManager backend.])
ARG_DISBL_SET([pki], [disable pki certificate utility.])
ARG_DISBL_SET([scepclient], [disable SCEP client tool.])
ARG_DISBL_SET([scripts], [disable additional utilities (found in directory scripts).])
ARG_ENABL_SET([svc], [enable charon Windows service.])
ARG_ENABL_SET([systemd], [enable systemd specific IKE daemon charon-systemd.])
ARG_DISBL_SET([swanctl], [disable swanctl configuration and control tool.])
ARG_ENABL_SET([tkm], [enable Trusted Key Manager support.])
# optional features
ARG_ENABL_SET([bfd-backtraces], [use binutils libbfd to resolve backtraces for memory leaks and segfaults.])
ARG_ENABL_SET([dbghelp-backtraces],[use dbghlp.dll on Windows to create and print backtraces for memory leaks and segfaults.])
ARG_DISBL_SET([ikev1], [disable IKEv1 protocol support in charon.])
ARG_DISBL_SET([ikev2], [disable IKEv2 protocol support in charon.])
ARG_ENABL_SET([integrity-test], [enable integrity testing of libstrongswan and plugins.])
ARG_DISBL_SET([load-warning], [disable the charon plugin load option warning in starter.])
ARG_ENABL_SET([mediation], [enable IKEv2 Mediation Extension.])
ARG_ENABL_SET([unwind-backtraces],[use libunwind to create backtraces for memory leaks and segfaults.])
ARG_ENABL_SET([ruby-gems], [enable build of provided ruby gems.])
ARG_ENABL_SET([ruby-gems-install],[enable installation of provided ruby gems.])
ARG_ENABL_SET([python-eggs], [enable build of provided python eggs.])
ARG_ENABL_SET([python-eggs-install],[enable installation of provided python eggs.])
ARG_ENABL_SET([perl-cpan], [enable build of provided perl CPAN module.])
ARG_ENABL_SET([perl-cpan-install],[enable installation of provided CPAN module.])
ARG_ENABL_SET([tss-trousers], [enable the use of the TrouSerS Trusted Software Stack])
ARG_ENABL_SET([tss-tss2], [enable the use of the TSS 2.0 Trusted Software Stack])
# compile options
ARG_ENABL_SET([coverage], [enable lcov coverage report generation.])
ARG_ENABL_SET([git-version], [use output of 'git describe' as version information in executables.])
ARG_ENABL_SET([leak-detective], [enable malloc hooks to find memory leaks.])
ARG_ENABL_SET([lock-profiler], [enable lock/mutex profiling code.])
ARG_ENABL_SET([log-thread-ids], [use thread ID, if available, instead of an incremented value starting from 1, to identify threads.])
ARG_ENABL_SET([monolithic], [build monolithic version of libstrongswan that includes all enabled plugins. Similarly, the plugins of charon are assembled in libcharon.])
# ===================================
# option to disable default options
# ===================================
ARG_DISBL_SET([defaults], [disable all default plugins (they can be enabled with their respective --enable options)])
if test x$defaults = xfalse; then
for option in $enabled_by_default; do
eval test x\${${option}_given} = xtrue && continue
eval $option=false
done
fi
# ==============================
# option to enable all options
# ==============================
ARG_ENABL_SET([all], [enable all plugins and features (they can be disabled with their respective --disable options). Mainly for testing.])
if test x$all_given = xtrue; then
for option in $disabled_by_default; do
eval test x\${${option}_given} = xtrue && continue
eval $option=true
done
fi
# ===========================
# set up compiler and flags
# ===========================
if test -z "$CFLAGS"; then
CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign"
fi
AC_SUBST(PLUGIN_CFLAGS)
AC_PROG_CC
AM_PROG_CC_C_O
AC_LIB_PREFIX
AC_C_BIGENDIAN
# =========================
# check required programs
# =========================
LT_INIT
AC_PROG_INSTALL
AC_PROG_EGREP
AC_PROG_AWK
AC_PROG_LEX
AC_PROG_YACC
AM_PATH_PYTHON(,,[:])
AC_PATH_PROG([PERL], [perl], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
AC_ARG_VAR([PERL], [the Perl interpreter])
AC_PATH_PROG([GPERF], [gperf], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
AC_ARG_VAR([GPERF], [the GNU gperf program])
# because gperf is not needed by end-users we only abort if generated files don't exist
AC_MSG_CHECKING([gperf len type])
if test -x "$GPERF"; then
GPERF_OUTPUT="`echo foo | ${GPERF}`"
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <string.h>
const char *in_word_set(const char*, size_t); $GPERF_OUTPUT]])],
[GPERF_LEN_TYPE=size_t],
[AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <string.h>
const char *in_word_set(const char*, unsigned); $GPERF_OUTPUT]])],
[GPERF_LEN_TYPE=unsigned],
[AC_MSG_ERROR([unable to determine gperf len type])]
)]
)
AC_SUBST(GPERF_LEN_TYPE)
AC_MSG_RESULT([$GPERF_LEN_TYPE])
else
AC_MSG_RESULT([not found])
GPERF_TEST_FILE="$srcdir/src/libstrongswan/crypto/proposal/proposal_keywords_static.c"
if test ! -f "$GPERF_TEST_FILE"; then
AC_MSG_ERROR([GNU gperf required to generate e.g. $GPERF_TEST_FILE])
fi
fi
# ========================
# dependency calculation
# ========================
if test x$xauth_generic_given = xfalse -a x$ikev1 = xfalse; then
xauth_generic=false;
fi
if test x$kernel_libipsec = xtrue; then
libipsec=true;
fi
if test x$eap_aka_3gpp2 = xtrue; then
gmp=true;
fi
if test x$eap_aka = xtrue; then
fips_prf=true;
simaka=true;
fi
if test x$eap_sim = xtrue; then
fips_prf=true;
simaka=true;
fi
if test x$eap_radius = xtrue -o x$radattr = xtrue -o x$tnc_pdp = xtrue; then
radius=true;
fi
if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_20 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then
tnc_tnccs=true;
fi
if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue -o x$tnc_tnccs = xtrue; then
tls=true;
fi
if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then
imcv=true;
fi
if test x$fips_prf = xtrue; then
if test x$openssl = xfalse -a x$wolfssl = xfalse; then
sha1=true;
fi
fi
if test x$swanctl = xtrue; then
vici=true
fi
if test x$smp = xtrue -o x$tnccs_11 = xtrue -o x$tnc_ifmap = xtrue; then
xml=true
fi
if test x$manager = xtrue; then
fast=true
fi
if test x$medsrv = xtrue; then
mediation=true
fast=true
fi
if test x$medcli = xtrue; then
mediation=true
fi
if test x$ruby_gems_install = xtrue; then
ruby_gems=true
fi
if test x$python_eggs_install = xtrue; then
python_eggs=true
fi
if test x$perl_cpan_install = xtrue; then
perl_cpan=true
fi
if test x$aikgen = xtrue; then
tss_trousers=true
fi
if test x$gmp = xtrue -o x$ntru = xtrue -o x$bliss = xtrue; then
mgf1=true
fi
if test x$stroke = xtrue; then
counters=true
fi
# ===========================================
# check required libraries and header files
# ===========================================
AC_HEADER_STDBOOL
AC_FUNC_ALLOCA
AC_FUNC_STRERROR_R
# libraries needed on some platforms but not on others
# ------------------------------------------------------
saved_LIBS=$LIBS
# FreeBSD and Mac OS X have dlopen integrated in libc, Linux needs libdl
LIBS=""
AC_SEARCH_LIBS(dlopen, dl, [DLLIB=$LIBS])
AC_SUBST(DLLIB)
# glibc's backtrace() can be replicated on FreeBSD with libexecinfo
LIBS=""
AC_SEARCH_LIBS(backtrace, execinfo, [BTLIB=$LIBS])
AC_CHECK_FUNCS(backtrace)
AC_SUBST(BTLIB)
# OpenSolaris needs libsocket and libnsl for socket()
LIBS=""
AC_SEARCH_LIBS(socket, socket, [SOCKLIB=$LIBS],
[AC_CHECK_LIB(nsl, socket, [SOCKLIB="-lsocket -lnsl"], [], [-lsocket])]
)
AC_SUBST(SOCKLIB)
# Android has pthread_* functions in bionic (libc), others need libpthread
LIBS=$DLLIB
AC_SEARCH_LIBS(pthread_create, pthread, [PTHREADLIB=$LIBS])
AC_SUBST(PTHREADLIB)
# Some architectures require explicit -latomic for __atomic_* operations
# AC_SEARCH_LIBS() does not work when checking built-ins due to conflicting types
LIBS=""
AC_MSG_CHECKING(for library containing __atomic_and_fetch)
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[]], [[int x; __atomic_and_fetch(&x, 1, __ATOMIC_RELAXED);]])],
[AC_MSG_RESULT([none required])],
[LIBS="-latomic";
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[]], [[int x; __atomic_and_fetch(&x, 1, __ATOMIC_RELAXED);]])],
[AC_MSG_RESULT([-latomic]); ATOMICLIB=$LIBS],
[AC_MSG_RESULT([no])])
]
)
AC_SUBST(ATOMICLIB)
LIBS=$saved_LIBS
# ------------------------------------------------------
AC_MSG_CHECKING(for dladdr)
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#define _GNU_SOURCE
#include <dlfcn.h>]],
[[Dl_info* info = 0;
dladdr(0, info);]])],
[AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_DLADDR], [], [have dladdr()])],
[AC_MSG_RESULT([no])]
)
# check if pthread_condattr_setclock(CLOCK_MONOTONIC) is supported
saved_LIBS=$LIBS
LIBS=$PTHREADLIB
AC_MSG_CHECKING([for pthread_condattr_setclock(CLOCK_MONOTONIC)])
AC_RUN_IFELSE(
[AC_LANG_SOURCE(
[[#include <pthread.h>
int main() { pthread_condattr_t attr;
pthread_condattr_init(&attr);
return pthread_condattr_setclock(&attr, CLOCK_MONOTONIC);}]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_CONDATTR_CLOCK_MONOTONIC], [],
[pthread_condattr_setclock supports CLOCK_MONOTONIC])],
[AC_MSG_RESULT([no])],
# Check existence of pthread_condattr_setclock if cross-compiling
[AC_MSG_RESULT([unknown]);
AC_CHECK_FUNCS(pthread_condattr_setclock,
[AC_DEFINE([HAVE_CONDATTR_CLOCK_MONOTONIC], [],
[have pthread_condattr_setclock()])]
)]
)
# check if we actually are able to configure attributes on cond vars
AC_CHECK_FUNCS(pthread_condattr_init)
# instead of pthread_condattr_setclock Android has this function
AC_CHECK_FUNCS(pthread_cond_timedwait_monotonic)
# check if we can cancel threads
AC_CHECK_FUNCS(pthread_cancel)
# check if native rwlocks are available
AC_CHECK_FUNCS(pthread_rwlock_init)
# check if pthread spinlocks are available
AC_CHECK_FUNCS(pthread_spin_init)
# check if we have POSIX semaphore functions, including timed-wait
AC_CHECK_FUNCS(sem_timedwait)
LIBS=$saved_LIBS
AC_CHECK_FUNC(
[gettid],
[AC_DEFINE([HAVE_GETTID], [], [have gettid()])],
[AC_MSG_CHECKING([for SYS_gettid])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#define _GNU_SOURCE
#include <unistd.h>
#include <sys/syscall.h>]],
[[int main() {
return syscall(SYS_gettid);}]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_GETTID], [], [have gettid()])
AC_DEFINE([HAVE_SYS_GETTID], [], [have syscall(SYS_gettid)])],
[AC_MSG_RESULT([no])]
)]
)
AC_CHECK_FUNC(
[qsort_r],
[
AC_DEFINE([HAVE_QSORT_R], [], [have qsort_r()])
# set -Werror so that we get an error for "argument ... has
# incompatible pointer type" warnings
save_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -Werror -Wno-unused-parameter"
AC_MSG_CHECKING([for GNU-style qsort_r])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#define _GNU_SOURCE
#include <stdlib.h>
int cmp (const void *a, const void *b, void *x) { return 0; }]],
[[int arr[] = { 0, 1 };
qsort_r(arr, 2, sizeof(int), cmp, arr);]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_QSORT_R_GNU], [], [have GNU-style qsort_r()])],
[
AC_MSG_RESULT([no]);
AC_MSG_CHECKING([for BSD-style qsort_r])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <stdlib.h>
int cmp (void *x, const void *a, const void *b) { return 0; }]],
[[int arr[] = { 0, 1 };
qsort_r(arr, 2, sizeof(int), arr, cmp);]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_QSORT_R_BSD], [], [have BSD-style qsort_r()])],
[AC_MSG_RESULT([no]);
AC_MSG_FAILURE([qsort_r has unknown semantics])])
])
CFLAGS="$save_CFLAGS"
]
)
AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r chown)
AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo explicit_bzero)
AC_CHECK_FUNC([syslog], [
AC_DEFINE([HAVE_SYSLOG], [], [have syslog(3) and friends])
syslog=true
])
AM_CONDITIONAL(USE_SYSLOG, [test "x$syslog" = xtrue])
AC_CHECK_HEADERS(sys/sockio.h sys/syscall.h sys/param.h glob.h net/if_tun.h)
AC_CHECK_HEADERS(net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h)
AC_CHECK_HEADERS([netinet/ip6.h linux/fib_rules.h], [], [],
[
#include <sys/types.h>
#include <netinet/in.h>
])
AC_CHECK_MEMBERS([struct sockaddr.sa_len], [], [],
[
#include <sys/types.h>
#include <sys/socket.h>
])
AC_CHECK_MEMBERS([struct sadb_x_policy.sadb_x_policy_priority], [], [],
[
#include <sys/types.h>
#ifdef HAVE_NET_PFKEYV2_H
#include <net/pfkeyv2.h>
#else
#include <stdint.h>
#include <linux/pfkeyv2.h>
#endif
])
AC_MSG_CHECKING([for in6addr_any])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>]],
[[struct in6_addr in6 __attribute__((unused));
in6 = in6addr_any;]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_IN6ADDR_ANY], [], [have struct in6_addr in6addr_any])],
[AC_MSG_RESULT([no])]
)
AC_MSG_CHECKING([for in6_pktinfo])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>]],
[[struct in6_pktinfo pi;
if (pi.ipi6_ifindex)
{
return 0;
}]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_IN6_PKTINFO], [], [have struct in6_pktinfo.ipi6_ifindex])],
[AC_MSG_RESULT([no])]
)
AC_MSG_CHECKING([for RTM_IFANNOUNCE])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <sys/socket.h>
#include <net/if.h>
#include <net/route.h>]],
[[return RTM_IFANNOUNCE;]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_RTM_IFANNOUNCE], [], [have PF_ROUTE RTM_IFANNOUNCE defined])],
[AC_MSG_RESULT([no])]
)
AC_MSG_CHECKING([for IPSEC_MODE_BEET])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <sys/types.h>
#ifdef HAVE_NETIPSEC_IPSEC_H
#include <netipsec/ipsec.h>
#elif defined(HAVE_NETINET6_IPSEC_H)
#include <netinet6/ipsec.h>
#else
#include <stdint.h>
#include <linux/ipsec.h>
#endif]],
[[int mode = IPSEC_MODE_BEET;
return mode;]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_IPSEC_MODE_BEET], [], [have IPSEC_MODE_BEET defined])],
[AC_MSG_RESULT([no])]
)
AC_MSG_CHECKING([for IPSEC_DIR_FWD])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <sys/types.h>
#ifdef HAVE_NETIPSEC_IPSEC_H
#include <netipsec/ipsec.h>
#elif defined(HAVE_NETINET6_IPSEC_H)
#include <netinet6/ipsec.h>
#else
#include <stdint.h>
#include <linux/ipsec.h>
#endif]],
[[int dir = IPSEC_DIR_FWD;
return dir;]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_IPSEC_DIR_FWD], [], [have IPSEC_DIR_FWD defined])],
[AC_MSG_RESULT([no])]
)
AC_MSG_CHECKING([for RTA_TABLE])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <sys/socket.h>
#include <linux/netlink.h>
#include <linux/rtnetlink.h>]],
[[int rta_type = RTA_TABLE;
return rta_type;]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_RTA_TABLE], [], [have netlink RTA_TABLE defined])],
[AC_MSG_RESULT([no])]
)
AC_MSG_CHECKING([for __int128])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <sys/types.h>]],
[[__int128 x = 0;
return x;]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_INT128], [], [have __int128 type support])],
[AC_MSG_RESULT([no])]
)
AC_MSG_CHECKING([for GCC __sync operations])
AC_RUN_IFELSE([AC_LANG_SOURCE(
[[
int main() {
int ref = 1;
__sync_fetch_and_add (&ref, 1);
__sync_sub_and_fetch (&ref, 1);
__sync_val_compare_and_swap(&ref, 1, 0);
return ref;
}
]])],
[AC_MSG_RESULT([yes]);
AC_DEFINE([HAVE_GCC_SYNC_OPERATIONS], [],
[have GCC __sync_* operations])],
[AC_MSG_RESULT([no])],
[AC_MSG_RESULT([no])]
)
case "$printf_hooks" in
auto|builtin|glibc|vstr)
;;
*)
AC_MSG_NOTICE([invalid printf hook implementation, defaulting to 'auto'])
printf_hooks=auto
;;
esac
if test x$printf_hooks = xauto -o x$printf_hooks = xglibc; then
# check for the new register_printf_specifier function with len argument,
# or the deprecated register_printf_function without
AC_CHECK_FUNC(
[register_printf_specifier],
[AC_DEFINE([HAVE_PRINTF_SPECIFIER], [], [have register_printf_specifier()])],
[AC_CHECK_FUNC(
[register_printf_function],
[AC_DEFINE([HAVE_PRINTF_FUNCTION], [], [have register_printf_function()])],
[
AC_MSG_NOTICE([printf(3) does not support custom format specifiers!])
if test x$printf_hooks = xglibc; then
AC_MSG_ERROR([please select a different printf hook implementation])
else
# fallback to builtin printf hook implementation
printf_hooks=builtin
fi
]
)]
)
fi
AC_MSG_CHECKING([for Windows target])
AC_COMPILE_IFELSE(