configure.ac revision 1.1.1.9 
1dnl -*- mode: m4 -*-
2dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
3
4AC_PREREQ(2.52)
5AC_INIT(ipsec-tools, CVS)
6AC_CONFIG_SRCDIR([configure.ac])
7AM_CONFIG_HEADER(config.h)
8
9AM_INIT_AUTOMAKE(dist-bzip2)
10
11AC_ENABLE_SHARED(no)
12
13AC_PROG_CC
14AM_PROG_CC_STDC
15AC_HEADER_STDC
16AC_PROG_LIBTOOL
17AC_PROG_YACC
18AM_PROG_LEX
19AC_SUBST(LEXLIB)
20AC_PROG_EGREP
21
22CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
23
24case $host in
25*netbsd*)
26	LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
27	;;
28*linux*)
29	LIBS="$LIBS -lresolv"
30	INSTALL_OPTS="-o bin -g bin"
31	INCLUDE_GLIBC="include-glibc"
32	RPM="rpm"
33	AC_SUBST(INSTALL_OPTS)
34	AC_SUBST(INCLUDE_GLIBC)
35	AC_SUBST(RPM)
36	;;
37*darwin*)
38	LIBS="$LIBS -lresolv"
39	;;
40esac
41
42# Look up some IPsec-related headers
43AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
44AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
45AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
46
47# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
48if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
49    have_netinet_ipsec=yes
50    AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use <netinet6/ipsec.h>])
51fi
52
53case "$host_os" in
54 *linux*)
55    AC_ARG_WITH(kernel-headers,
56	AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
57		       [where your Linux Kernel headers are installed]),
58	    [ KERNEL_INCLUDE="$with_kernel_headers" 
59	      CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
60	      AC_SUBST(CONFIGURE_AMFLAGS) ],
61	    [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
62
63    AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
64	[ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
65	  KERNEL_INCLUDE=/usr/src/linux/include ,
66	  [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
67    AC_SUBST(KERNEL_INCLUDE)
68    # We need the configure script to run with correct kernel headers.
69    # However we don't want to point to kernel source tree in compile time,
70    # i.e. this will be removed from CPPFLAGS at the end of configure.
71    CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
72
73    AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 
74    	[AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
75               	[Are PF_KEY policy priorities supported?])], [],
76    	[#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
77
78    GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
79    GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
80    CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
81    CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
82    AC_SUBST(GLIBC_BUGS)
83    ;;
84 *)
85    if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
86      if test "$have_net_pfkey" = yes; then
87	AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
88      else
89	AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
90      fi
91    fi
92    ;;
93esac
94
95### Some basic toolchain checks
96
97# Checks for header files.
98AC_HEADER_STDC
99AC_HEADER_SYS_WAIT
100AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
101AC_CHECK_HEADERS(shadow.h)
102
103# Checks for typedefs, structures, and compiler characteristics.
104AC_C_CONST
105AC_TYPE_PID_T
106AC_TYPE_SIZE_T
107AC_HEADER_TIME
108AC_STRUCT_TM
109
110# Checks for library functions.
111AC_FUNC_MEMCMP
112AC_TYPE_SIGNAL
113AC_FUNC_VPRINTF
114AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
115AC_REPLACE_FUNCS(strdup)
116RACOON_CHECK_VA_COPY
117
118# Check if printf accepts "%z" type modifier for size_t argument
119AC_MSG_CHECKING(if printf accepts %z)
120saved_CFLAGS=$CFLAGS
121CFLAGS="$CFLAGS -Wall -Werror"
122AC_TRY_COMPILE([
123#include <stdio.h>
124], [
125printf("%zu\n", (size_t)-1);
126],
127	[AC_MSG_RESULT(yes)],
128	[AC_MSG_RESULT(no);
129	 CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
130	 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
131	])
132CFLAGS=$saved_CFLAGS
133
134# Can we use __func__ macro?
135AC_MSG_CHECKING(if __func__ is available)
136AC_TRY_COMPILE(
137[#include <stdio.h>
138], [char *x = __func__;],
139	[AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
140	AC_MSG_RESULT(yes)],
141	[AC_MSG_RESULT(no)])
142
143# Check if readline support is requested
144AC_MSG_CHECKING(if readline support is requested)
145AC_ARG_WITH(readline,
146	[  --with-readline         support readline input (yes by default)],
147	[with_readline="$withval"], [with_readline="yes"])
148AC_MSG_RESULT($with_readline)
149
150# Is readline available?
151if test $with_readline != "no"; then
152	AC_CHECK_HEADER([readline/readline.h], 
153		[AC_CHECK_LIB(readline, readline, [
154				AC_DEFINE(HAVE_READLINE, [],
155					[Is readline available?])
156				LIBS="$LIBS -lreadline"
157		], [])], [])
158fi
159
160
161AC_MSG_CHECKING(if --with-flex option is specified)
162AC_ARG_WITH(flexdir,
163	[AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
164	[flexdir="$withval"])
165AC_MSG_RESULT(${flexdir-dirdefault})
166
167if test "x$flexdir" != "x"; then
168	LIBS="$LIBS $flexdir/libfl.a"
169fi
170
171AC_MSG_CHECKING(if --with-flexlib option is specified)
172AC_ARG_WITH(flexlib,
173	[  --with-flexlib=<LIB>    specify flex library.],
174	[flexlib="$withval"])
175AC_MSG_RESULT(${flexlib-default})
176
177if test "x$flexlib" != "x"; then
178	LIBS="$LIBS $flexlib"
179fi
180
181# Check if a different OpenSSL directory was specified
182AC_MSG_CHECKING(if --with-openssl option is specified)
183AC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
184	[crypto_dir=$withval])
185AC_MSG_RESULT(${crypto_dir-default})
186
187if test "x$crypto_dir" != "x"; then
188	LIBS="$LIBS -L${crypto_dir}/lib"
189	CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
190fi
191AC_MSG_CHECKING(openssl version)
192
193AC_TRY_COMPILE(
194[#include <openssl/opensslv.h>
195],
196[#if OPENSSL_VERSION_NUMBER < 0x0090602fL
197#error OpenSSL version is too old ...
198#endif],
199[AC_MSG_RESULT([ok])],
200[AC_MSG_RESULT(too old)
201AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
202])
203
204AC_CHECK_HEADERS(openssl/engine.h)
205
206# checking rijndael
207AC_CHECK_HEADERS([openssl/aes.h], [], 
208	[CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
209
210# checking sha2
211AC_MSG_CHECKING(sha2 support)
212AC_DEFINE([WITH_SHA2], [], [SHA2 support])
213AC_MSG_RESULT(yes)
214AC_CHECK_HEADER(openssl/sha2.h, [], [
215	AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
216	AC_TRY_COMPILE([
217		#ifdef HAVE_SYS_TYPES_H
218		#include <sys/types.h>
219		#endif
220		#include <openssl/sha.h>
221	], [
222		SHA256_CTX ctx;
223	], [
224	    AC_MSG_RESULT(yes)
225	    AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
226	], [AC_MSG_RESULT(no)
227	    AC_LIBOBJ([sha2])
228	    CRYPTOBJS="$CRYPTOBJS sha2.o"
229	])
230
231	CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing"
232])
233AC_SUBST(CRYPTOBJS)
234
235# Option --enable-adminport 
236AC_MSG_CHECKING(if --enable-adminport option is specified)
237AC_ARG_ENABLE(adminport,
238	[  --enable-adminport      enable admin port],
239	[], [enable_adminport=no])
240if test $enable_adminport = "yes"; then
241	AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
242fi
243AC_MSG_RESULT($enable_adminport)
244
245# Option RC5
246AC_MSG_CHECKING(if --enable-rc5 option is specified)
247AC_ARG_ENABLE(rc5,
248	[  --enable-rc5		enable RC5 encryption (patented)],
249	[], [enable_rc5=no])
250AC_MSG_RESULT($enable_rc5)
251
252if test $enable_rc5 = "yes"; then
253	AC_CHECK_HEADERS([openssl/rc5.h])
254	AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
255	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
256fi
257
258# Option IDEA
259AC_MSG_CHECKING(if --enable-idea option is specified)
260AC_ARG_ENABLE(idea,
261	[  --enable-idea	enable IDEA encryption (patented)],
262	[], [enable_idea=no])
263AC_MSG_RESULT($enable_idea)
264
265if test $enable_idea = "yes"; then
266	AC_CHECK_HEADERS([openssl/idea.h])
267	AC_CHECK_LIB([crypto_idea], [idea_encrypt], 
268	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
269fi
270AC_SUBST(EXTRA_CRYPTO)
271
272# For dynamic libradius
273RACOON_PATH_LIBS([MD5_Init], [crypto])
274
275# Check if we need -lutil for login(3)
276RACOON_PATH_LIBS([login], [util])
277
278# Specify libiconv prefix
279AC_MSG_CHECKING(if --with-libiconv option is specified)
280AC_ARG_WITH(libiconv, 
281    [  --with-libiconv=DIR    specify libiconv path (like/usr/pkg)],
282    [libiconv_dir=$withval], 
283    [libiconv_dir=no])
284AC_MSG_RESULT($libiconv_dir)
285if test "$libiconv_dir" != "no"; then
286	if test "$libiconv_dir" = "yes" ; then
287		  libiconv_dir="";
288	fi;
289	if test "x$libiconv_dir" = "x"; then
290		RACOON_PATH_LIBS([iconv_open], [iconv])
291	else
292		if test -d "$libiconv_dir/lib" -a \
293		    -d "$libiconv_dir/include" ; then
294			RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
295			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
296		else
297			AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
298	  	fi
299	fi
300	LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
301	AC_CHECK_FUNCS(iconv_open)
302fi
303
304AC_MSG_CHECKING([if --enable-hybrid option is specified])
305AC_ARG_ENABLE(hybrid, 
306    [  --enable-hybrid	  enable hybrid, both mode-cfg and xauth support],
307    [], [enable_hybrid=no])
308AC_MSG_RESULT($enable_hybrid)
309
310if test "x$enable_hybrid" = "xyes"; then
311	case $host in
312		*darwin*)
313		;;
314	*)
315		LIBS="$LIBS -lcrypt";
316		;;
317	esac
318	HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
319	AC_SUBST(HYBRID_OBJS)
320	AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
321fi
322
323AC_MSG_CHECKING([if --enable-frag option is specified])
324AC_ARG_ENABLE(frag, 
325    [  --enable-frag           enable IKE fragmentation payload support],
326    [], [enable_frag=no])
327AC_MSG_RESULT($enable_frag)
328
329if test "x$enable_frag" = "xyes"; then
330	case $host in
331	*darwin*)
332		;;
333	*)
334		LIBS="$LIBS -lcrypt"; 
335		;;
336	esac
337	FRAG_OBJS="isakmp_frag.o"
338	AC_SUBST(FRAG_OBJS)
339	AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
340fi
341
342AC_MSG_CHECKING(if --with-libradius option is specified)
343AC_ARG_WITH(libradius, 
344    [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
345    [libradius_dir=$withval], 
346    [libradius_dir=no])
347AC_MSG_RESULT($libradius_dir)
348if test "$libradius_dir" != "no"; then
349	if test "$libradius_dir" = "yes" ; then
350		  libradius_dir="";
351	fi;
352	if test "x$libradius_dir" = "x"; then
353		RACOON_PATH_LIBS([rad_create_request], [radius])
354	else
355		if test -d "$libradius_dir/lib" -a \
356		    -d "$libradius_dir/include" ; then
357			RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
358			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
359		else
360			AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
361	  	fi
362	fi
363	AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
364	LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
365	AC_CHECK_FUNCS(rad_create_request)
366fi
367
368AC_MSG_CHECKING(if --with-libpam option is specified)
369AC_ARG_WITH(libpam, 
370    [  --with-libpam=DIR    specify libpam path (like/usr/pkg)],
371    [libpam_dir=$withval], 
372    [libpam_dir=no])
373AC_MSG_RESULT($libpam_dir)
374if test "$libpam_dir" != "no"; then
375	if test "$libpam_dir" = "yes" ; then
376		  libpam_dir="";
377	fi;
378	if test "x$libpam_dir" = "x"; then
379		RACOON_PATH_LIBS([pam_start], [pam])
380	else
381		if test -d "$libpam_dir/lib" -a \
382		    -d "$libpam_dir/include" ; then
383			RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
384			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
385		else
386			AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
387	  	fi
388	fi
389	AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
390	LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
391	AC_CHECK_FUNCS(pam_start)
392fi
393
394AC_MSG_CHECKING(if --with-libldap option is specified)
395AC_ARG_WITH(libldap, 
396    [  --with-libldap=DIR    specify libldap path (like/usr/pkg)],
397    [libldap_dir=$withval], 
398    [libldap_dir=no])
399AC_MSG_RESULT($libldap_dir)
400if test "$libldap_dir" != "no"; then
401	if test "$libldap_dir" = "yes" ; then
402		  libldap_dir="";
403	fi;
404	if test "x$libldap_dir" = "x"; then
405		RACOON_PATH_LIBS([ldap_init], [ldap])
406	else
407		if test -d "$libldap_dir/lib" -a \
408		    -d "$libldap_dir/include" ; then
409			RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
410			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
411		else
412			AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
413	  	fi
414	fi
415	AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
416	LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
417
418	saved_CFLAGS=$CFLAGS
419	CFLAGS="$CFLAGS -Wall -Werror"
420	saved_CPPFLAGS=$CPPFLAGS
421        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
422	AC_TRY_COMPILE(
423		[#include <ldap.h>],
424		[
425			#if LDAP_API_VERSION < 2004
426			#error OpenLDAP version is too old ...
427			#endif
428		],
429		[AC_MSG_RESULT([ok])],
430		[
431			AC_MSG_RESULT(too old)
432			AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
433		])
434	CFLAGS=$saved_CFLAGS
435	CPPFLAGS=$saved_CPPFLAGS
436fi
437
438# Check for Kerberos5 support
439# XXX This must come after all --with-* tests, else the
440# -liconv checks will not work
441AC_MSG_CHECKING(if --enable-gssapi option is specified)
442AC_ARG_ENABLE(gssapi,
443	[  --enable-gssapi         enable GSS-API authentication],
444	[], [enable_gssapi=no])
445AC_MSG_RESULT($enable_gssapi)
446AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
447if test "x$enable_gssapi" = "xyes"; then
448	if test "$KRB5_CONFIG" != "no"; then
449		krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
450		krb5_libs="`$KRB5_CONFIG --libs gssapi`"
451	else
452		# No krb5-config; let's make some assumptions based on
453		# the OS.
454		case $host_os in
455		netbsd*)
456			krb5_incdir="-I/usr/include/krb5"
457			krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
458			;;
459		*)
460			AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
461			;;
462		esac
463	fi
464	LIBS="$LIBS $krb5_libs"
465	CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
466	AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
467
468	# Check if iconv 2nd argument needs const 
469	saved_CFLAGS=$CFLAGS
470	CFLAGS="$CFLAGS -Wall -Werror"
471	saved_CPPFLAGS=$CPPFLAGS
472        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
473	AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
474	AC_MSG_CHECKING([if iconv second argument needs const])
475	AC_TRY_COMPILE([
476		#include <iconv.h>
477		#include <stdio.h>
478	], [
479		iconv_t cd = NULL;
480		const char **src = NULL;
481		size_t *srcleft = NULL;
482		char **dst = NULL;
483		size_t *dstleft = NULL;
484
485		(void)iconv(cd, src, srcleft, dst, dstleft);
486	], [AC_MSG_RESULT(yes)
487	    AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
488	], [AC_MSG_RESULT(no)])
489	CFLAGS=$saved_CFLAGS
490	CPPFLAGS=$saved_CPPFLAGS
491
492	# libiconv is often integrated into libc. If a with-* option
493	# caused a non libc-based iconv.h to be catched instead of
494	# the libc-based iconv.h, then we need to link with -liconv
495	AC_MSG_CHECKING(if -liconv is required)
496	saved_CPPFLAGS=$CPPFLAGS
497	saved_LIBS=$LIBS
498	CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
499	AC_TRY_LINK([
500		#include <iconv.h>
501	], [
502		(void)iconv_open("ascii", "ascii");
503	],
504		[AC_MSG_RESULT(no)],
505		[
506			LIBS="$LIBS -liconv"
507			AC_TRY_LINK([
508				#include <iconv.h>
509		], [
510				(void)iconv_open("ascii", "ascii");
511			],
512			[
513				AC_MSG_RESULT(yes)
514				saved_LIBS=$LIBS
515			], [
516				AC_MSG_ERROR([cannot use iconv])
517			])
518		])
519	CPPFLAGS=$saved_CPPFLAGS
520	LIBS=$saved_LIBS
521fi
522
523AC_MSG_CHECKING(if --enable-stats option is specified)
524AC_ARG_ENABLE(stats,
525        [  --enable-stats          enable statistics logging function],
526        [], [enable_stats=no])
527if test "x$enable_stats" = "xyes"; then
528	AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
529fi
530AC_MSG_RESULT($enable_stats)
531
532AC_MSG_CHECKING(if --enable-dpd option is specified)
533AC_ARG_ENABLE(dpd,
534        [  --enable-dpd            enable dead peer detection],
535        [], [enable_dpd=no])
536if test "x$enable_dpd" = "xyes"; then
537	AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
538fi
539AC_MSG_RESULT($enable_dpd)
540
541AC_MSG_CHECKING(if --enable-fastquit option is specified)
542AC_ARG_ENABLE(fastquit,
543        [  --enable-fastquit            enable new faster code to flush SAs when stopping racoon],
544        [], [enable_fastquit=no])
545if test "x$enable_fastquit" = "xyes"; then
546	AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code])
547fi
548AC_MSG_RESULT($enable_fastquit)
549
550
551AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
552AC_ARG_ENABLE(samode-unspec,
553        [  --enable-samode-unspec  enable to use unspecified a mode of SA],
554        [], [enable_samode_unspec=no])
555if test "x$enable_samode_unspec" = "xyes"; then
556	case $host_os in
557	*linux*)
558		cat << EOC
559		
560ERROR: --enable-samode-unspec is not supported under linux 
561because linux kernel do not support it. This option is disabled 
562to prevent mysterious problems.
563
564If you REALLY know what your are doing, remove this check.
565EOC
566		exit 1;
567		;;
568	esac
569	AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
570fi
571AC_MSG_RESULT($enable_samode_unspec)
572
573# Checks if IPv6 is requested
574AC_MSG_CHECKING([whether to enable ipv6])
575AC_ARG_ENABLE(ipv6,
576[  --disable-ipv6          disable ipv6 support],
577[ case "$enableval" in
578  no)
579       AC_MSG_RESULT(no)
580       ipv6=no
581       ;;
582  *)   AC_MSG_RESULT(yes)
583       ipv6=yes
584       ;;
585  esac ],
586
587  AC_TRY_RUN([ /* AF_INET6 avalable check */
588#include <sys/types.h>
589#include <sys/socket.h>
590main()
591{
592  exit(0);
593 if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
594   exit(1);
595 else
596   exit(0);
597}
598],
599  AC_MSG_RESULT(yes)
600  AC_DEFINE([INET6], [], [Support IPv6])
601  ipv6=yes,
602  AC_MSG_RESULT(no)
603  ipv6=no,
604  AC_MSG_RESULT(no)
605  ipv6=no
606))
607
608if test "$ipv6" = "yes"; then
609	AC_DEFINE([INET6], [], [Support IPv6])
610	AC_MSG_CHECKING(for advanced API support)
611	AC_TRY_COMPILE([#ifndef INET6
612#define INET6
613#endif
614#include <sys/types.h>
615#include <netinet/in.h>],
616		[struct in6_pktinfo a;],
617		[AC_MSG_RESULT(yes)
618		 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
619		[AC_MSG_RESULT(no)])
620fi
621
622RACOON_CHECK_BUGGY_GETADDRINFO
623if test "$buggygetaddrinfo" = "yes"; then
624	AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
625fi
626
627# Check if kernel support is available for NAT-T, defaults to no. 
628kernel_natt="no"
629
630AC_MSG_CHECKING(kernel NAT-Traversal support)
631case $host_os in
632linux*)
633# Linux kernel NAT-T check
634AC_EGREP_CPP(yes, 
635[#include <linux/pfkeyv2.h>
636#ifdef SADB_X_EXT_NAT_T_TYPE
637yes
638#endif
639], [kernel_natt="yes"])
640	;;
641freebsd*|netbsd*)
642# NetBSD case
643# Same check for FreeBSD
644AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
645       [kernel_natt="yes"],, [
646#define _KERNEL
647#include <sys/types.h>
648#include <net/pfkeyv2.h>
649])
650	;;
651esac
652AC_MSG_RESULT($kernel_natt)
653
654AC_MSG_CHECKING(whether to support NAT-T)
655AC_ARG_ENABLE(natt,
656	[  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
657        [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
658	[ enable_natt=no ])
659AC_MSG_RESULT($enable_natt)
660
661if test "$enable_natt" = "yes"; then
662	if test "$kernel_natt" = "no" ; then 
663		AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
664	else
665		AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
666		NATT_OBJS="nattraversal.o"
667		AC_SUBST(NATT_OBJS)
668	fi
669fi
670
671# Set up defines for supported NAT-T versions.
672natt_versions_default="00,02,rfc"
673AC_MSG_CHECKING(which NAT-T versions to support)
674AC_ARG_ENABLE(natt_versions,
675	[  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
676	[ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
677	[ enable_natt_versions=$natt_versions_default ])
678if test "$enable_natt" = "yes"; then
679	AC_MSG_RESULT($enable_natt_versions)
680	for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
681		case $i in 
682			0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
683			1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
684			2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
685			3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
686			4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
687			5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
688			6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
689			7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
690			8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
691			RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
692			*) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
693		esac
694	done
695	unset i
696else
697	AC_MSG_RESULT([none])
698fi
699
700AC_MSG_CHECKING(if --enable-broken-natt option is specified)
701AC_ARG_ENABLE(broken-natt,
702	[  --enable-broken-natt    broken in-kernel NAT-T],
703        [], [enable_broken_natt=no])
704if test "x$enable_broken_natt" = "xyes"; then
705	AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
706fi
707AC_MSG_RESULT($enable_broken_natt)
708
709AC_MSG_CHECKING(whether we support FWD policy)
710case $host in
711	*linux*)
712		AC_TRY_COMPILE([
713		#include <inttypes.h>
714		#include <linux/ipsec.h>
715			], [
716			int fwd = IPSEC_DIR_FWD;
717			],
718			[AC_MSG_RESULT(yes)
719			 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
720			[AC_MSG_RESULT(no)])
721		;;
722	*)
723		AC_MSG_RESULT(no)
724		;;
725esac
726
727AC_CHECK_TYPE([ipsec_policy_t], 
728	      [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
729	      [],
730	      [
731		#include <sys/types.h>
732	      	#include <netinet6/ipsec.h>
733	      ])
734
735# Check if kernel support is available for Security Context, defaults to no.
736kernel_secctx="no"
737
738AC_MSG_CHECKING(kernel Security Context support)
739case $host_os in
740linux*)
741# Linux kernel Security Context check
742AC_EGREP_CPP(yes,
743[#include <linux/pfkeyv2.h>
744#ifdef SADB_X_EXT_SEC_CTX
745yes
746#endif
747], [kernel_secctx="yes"])
748	;;
749esac
750AC_MSG_RESULT($kernel_secctx)
751
752AC_MSG_CHECKING(whether to support Security Context)
753AC_ARG_ENABLE(security-context,
754	[  --enable-security-context    enable Security Context(yes/no/kernel)],
755	[if test "$enable_security-context" = "kernel"; then
756		enable_security_context=$kernel_secctx; fi],
757	[enable_security_context=$kernel_secctx])
758AC_MSG_RESULT($enable_security_context)
759
760if test "$enable_security_context" = "yes"; then
761	if test "$kernel_secctx" = "no" ; then
762		AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
763	else
764		AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
765		SECCTX_OBJS="security.o"
766		AC_SUBST(SECCTX_OBJS)
767	fi
768fi
769
770CFLAGS="$CFLAGS $CFLAGS_ADD"
771CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
772
773case $host in
774	*linux*)
775		# Remove KERNEL_INCLUDE from CPPFLAGS. It will
776		# be symlinked to src/include-glibc/linux in
777		# compile time.
778		CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
779		;;
780esac
781
782include_racoondir=${includedir}/racoon
783AC_SUBST(include_racoondir)
784
785AC_CONFIG_FILES([
786  Makefile
787  package_version.h
788  src/Makefile
789  src/include-glibc/Makefile
790  src/libipsec/Makefile
791  src/setkey/Makefile
792  src/racoon/Makefile
793  src/racoon/samples/psk.txt
794  src/racoon/samples/racoon.conf
795  rpm/Makefile
796  rpm/suse/Makefile
797  rpm/suse/ipsec-tools.spec
798  ])
799AC_OUTPUT
800