configure.ac revision 1.10.10.2 
1dnl -*- mode: m4 -*-
2dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
3
4AC_PREREQ(2.52)
5AC_INIT(ipsec-tools, CVS)
6AC_CONFIG_SRCDIR([configure.ac])
7AC_CONFIG_HEADERS(config.h)
8
9AM_INIT_AUTOMAKE(dist-bzip2)
10
11AC_ENABLE_SHARED(no)
12
13AC_PROG_CC
14AC_HEADER_STDC
15AC_PROG_LIBTOOL
16AC_PROG_YACC
17AM_PROG_LEX
18AC_SUBST(LEXLIB)
19AC_PROG_EGREP
20
21CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
22
23case $host in
24*netbsd*)
25	LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
26	;;
27*linux*)
28	LIBS="$LIBS -lresolv"
29	INSTALL_OPTS="-o bin -g bin"
30	INCLUDE_GLIBC="include-glibc"
31	RPM="rpm"
32	AC_SUBST(INSTALL_OPTS)
33	AC_SUBST(INCLUDE_GLIBC)
34	AC_SUBST(RPM)
35	;;
36*darwin*)
37	LIBS="$LIBS -lresolv"
38	;;
39esac
40
41# Look up some IPsec-related headers
42AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
43AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
44AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
45AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no])
46
47# FreeBSD >=7 has only <netipsec/ipsec.h>
48# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
49# XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>,
50# we can't decide which one to use (actually <netinet6/ipsec.h>)
51
52
53if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then
54    have_netinet_ipsec=yes
55    AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h])
56else
57	if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
58    	have_netinet_ipsec=yes
59	    AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h])
60	else
61		# have_netinet_ipsec will be checked a few lines below
62	    AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h])
63	fi
64fi
65
66case "$host_os" in
67 *linux*)
68    AC_ARG_WITH(kernel-headers,
69	AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
70		       [where your Linux Kernel headers are installed]),
71	    [ KERNEL_INCLUDE="$with_kernel_headers" 
72	      CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
73	      AC_SUBST(CONFIGURE_AMFLAGS) ],
74	    [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
75
76    AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
77	[ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
78	  KERNEL_INCLUDE=/usr/src/linux/include ,
79	  [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
80    AC_SUBST(KERNEL_INCLUDE)
81    # We need the configure script to run with correct kernel headers.
82    # However we don't want to point to kernel source tree in compile time,
83    # i.e. this will be removed from CPPFLAGS at the end of configure.
84    CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
85
86    AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 
87    	[AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
88               	[Are PF_KEY policy priorities supported?])], [],
89    	[#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
90
91    GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
92    GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
93    CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
94    CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
95    AC_SUBST(GLIBC_BUGS)
96    ;;
97 *)
98    if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
99      if test "$have_net_pfkey" = yes; then
100	AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
101      else
102	AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
103      fi
104    fi
105    ;;
106esac
107
108### Some basic toolchain checks
109
110# Checks for header files.
111AC_HEADER_STDC
112AC_HEADER_SYS_WAIT
113AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
114AC_CHECK_HEADERS(shadow.h strings.h)
115
116# Checks for typedefs, structures, and compiler characteristics.
117AC_C_CONST
118AC_TYPE_PID_T
119AC_TYPE_SIZE_T
120AC_HEADER_TIME
121AC_STRUCT_TM
122
123# Checks for library functions.
124AC_FUNC_MEMCMP
125AC_TYPE_SIGNAL
126AC_FUNC_VPRINTF
127AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
128AC_REPLACE_FUNCS(strdup)
129RACOON_CHECK_VA_COPY
130
131# Check if printf accepts "%z" type modifier for size_t argument
132AC_MSG_CHECKING(if printf accepts %z)
133saved_CFLAGS=$CFLAGS
134CFLAGS="$CFLAGS -Wall -Werror"
135AC_TRY_COMPILE([
136#include <stdio.h>
137], [
138printf("%zu\n", (size_t)-1);
139],
140	[AC_MSG_RESULT(yes)],
141	[AC_MSG_RESULT(no);
142	 CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
143	 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
144	])
145CFLAGS=$saved_CFLAGS
146
147# Can we use __func__ macro?
148AC_MSG_CHECKING(if __func__ is available)
149AC_TRY_COMPILE(
150[#include <stdio.h>
151], [char *x = __func__;],
152	[AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
153	AC_MSG_RESULT(yes)],
154	[AC_MSG_RESULT(no)])
155
156# Check if readline support is requested
157AC_MSG_CHECKING(if readline support is requested)
158AC_ARG_WITH(readline,
159	[  --with-readline         support readline input (yes by default)],
160	[with_readline="$withval"], [with_readline="yes"])
161AC_MSG_RESULT($with_readline)
162
163# Is readline available?
164if test $with_readline != "no"; then
165	AC_CHECK_HEADER([readline/readline.h], 
166		[AC_CHECK_LIB(readline, readline, [
167				AC_DEFINE(HAVE_READLINE, [],
168					[Is readline available?])
169				LIBS="$LIBS -lreadline"
170		], [])], [])
171fi
172
173
174AC_MSG_CHECKING(if --with-flex option is specified)
175AC_ARG_WITH(flexdir,
176	[AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
177	[flexdir="$withval"])
178AC_MSG_RESULT(${flexdir-dirdefault})
179
180if test "x$flexdir" != "x"; then
181	LIBS="$LIBS $flexdir/libfl.a"
182fi
183
184AC_MSG_CHECKING(if --with-flexlib option is specified)
185AC_ARG_WITH(flexlib,
186	[  --with-flexlib=<LIB>    specify flex library.],
187	[flexlib="$withval"])
188AC_MSG_RESULT(${flexlib-default})
189
190if test "x$flexlib" != "x"; then
191	LIBS="$LIBS $flexlib"
192fi
193
194# Check if a different OpenSSL directory was specified
195AC_MSG_CHECKING(if --with-openssl option is specified)
196AC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
197	[crypto_dir=$withval])
198AC_MSG_RESULT(${crypto_dir-default})
199
200if test "x$crypto_dir" != "x"; then
201	LIBS="$LIBS -L${crypto_dir}/lib"
202	CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
203fi
204AC_MSG_CHECKING(openssl version)
205
206AC_TRY_COMPILE(
207[#include <openssl/opensslv.h>
208],
209[#if OPENSSL_VERSION_NUMBER < 0x0090813fL
210#error OpenSSL version is too old ...
211#endif],
212[AC_MSG_RESULT([ok])],
213[AC_MSG_RESULT(too old)
214AC_MSG_ERROR([OpenSSL version must be 0.9.8s or higher. Aborting.])
215])
216
217AC_CHECK_HEADERS(openssl/engine.h)
218
219# checking rijndael
220AC_CHECK_HEADERS([openssl/aes.h], [], 
221	[CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
222
223# checking sha2
224AC_MSG_CHECKING(sha2 support)
225AC_DEFINE([WITH_SHA2], [], [SHA2 support])
226AC_MSG_RESULT(yes)
227AC_CHECK_HEADER(openssl/sha2.h, [], [
228	AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
229	AC_TRY_COMPILE([
230		#ifdef HAVE_SYS_TYPES_H
231		#include <sys/types.h>
232		#endif
233		#include <openssl/sha.h>
234	], [
235		SHA256_CTX ctx;
236	], [
237	    AC_MSG_RESULT(yes)
238	    AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
239	], [AC_MSG_RESULT(no)
240	    AC_LIBOBJ([sha2])
241	    CRYPTOBJS="$CRYPTOBJS sha2.o"
242	])
243
244	CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing"
245])
246AC_SUBST(CRYPTOBJS)
247
248# checking camellia
249AC_CHECK_HEADERS([openssl/camellia.h])
250
251
252# Option --enable-adminport 
253AC_MSG_CHECKING(if --enable-adminport option is specified)
254AC_ARG_ENABLE(adminport,
255	[  --enable-adminport      enable admin port],
256	[], [enable_adminport=no])
257if test $enable_adminport = "yes"; then
258	AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
259fi
260AC_MSG_RESULT($enable_adminport)
261
262# Option RC5
263AC_MSG_CHECKING(if --enable-rc5 option is specified)
264AC_ARG_ENABLE(rc5,
265	[  --enable-rc5		enable RC5 encryption (patented)],
266	[], [enable_rc5=no])
267AC_MSG_RESULT($enable_rc5)
268
269if test $enable_rc5 = "yes"; then
270	AC_CHECK_HEADERS([openssl/rc5.h])
271	AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
272	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
273fi
274
275# Option IDEA
276AC_MSG_CHECKING(if --enable-idea option is specified)
277AC_ARG_ENABLE(idea,
278	[  --enable-idea	enable IDEA encryption (patented)],
279	[], [enable_idea=no])
280AC_MSG_RESULT($enable_idea)
281
282if test $enable_idea = "yes"; then
283	AC_CHECK_HEADERS([openssl/idea.h])
284	AC_CHECK_LIB([crypto_idea], [idea_encrypt], 
285	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
286fi
287AC_SUBST(EXTRA_CRYPTO)
288
289# For dynamic libradius
290RACOON_PATH_LIBS([MD5_Init], [crypto])
291
292# Check if we need -lutil for login(3)
293RACOON_PATH_LIBS([login], [util])
294
295# Specify libiconv prefix
296AC_MSG_CHECKING(if --with-libiconv option is specified)
297AC_ARG_WITH(libiconv, 
298    [  --with-libiconv=DIR    specify libiconv path (like/usr/pkg)],
299    [libiconv_dir=$withval], 
300    [libiconv_dir=no])
301AC_MSG_RESULT($libiconv_dir)
302if test "$libiconv_dir" != "no"; then
303	if test "$libiconv_dir" = "yes" ; then
304		  libiconv_dir="";
305	fi;
306	if test "x$libiconv_dir" = "x"; then
307		RACOON_PATH_LIBS([iconv_open], [iconv])
308	else
309		if test -d "$libiconv_dir/lib" -a \
310		    -d "$libiconv_dir/include" ; then
311			RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
312			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
313		else
314			AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
315	  	fi
316	fi
317	LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
318	AC_CHECK_FUNCS(iconv_open)
319fi
320
321AC_MSG_CHECKING([if --enable-hybrid option is specified])
322AC_ARG_ENABLE(hybrid, 
323    [  --enable-hybrid	  enable hybrid, both mode-cfg and xauth support],
324    [], [enable_hybrid=no])
325AC_MSG_RESULT($enable_hybrid)
326
327if test "x$enable_hybrid" = "xyes"; then
328	case $host in
329		*darwin*)
330		;;
331	*)
332		LIBS="$LIBS -lcrypt";
333		;;
334	esac
335	HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
336	AC_SUBST(HYBRID_OBJS)
337	AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
338fi
339
340AC_MSG_CHECKING([if --enable-frag option is specified])
341AC_ARG_ENABLE(frag, 
342    [  --enable-frag           enable IKE fragmentation payload support],
343    [], [enable_frag=no])
344AC_MSG_RESULT($enable_frag)
345
346if test "x$enable_frag" = "xyes"; then
347	case $host in
348	*darwin*)
349		;;
350	*)
351		LIBS="$LIBS -lcrypt"; 
352		;;
353	esac
354	FRAG_OBJS="isakmp_frag.o"
355	AC_SUBST(FRAG_OBJS)
356	AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
357fi
358
359AC_MSG_CHECKING(if --with-libradius option is specified)
360AC_ARG_WITH(libradius, 
361    [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
362    [libradius_dir=$withval], 
363    [libradius_dir=no])
364AC_MSG_RESULT($libradius_dir)
365if test "$libradius_dir" != "no"; then
366	if test "$libradius_dir" = "yes" ; then
367		  libradius_dir="";
368	fi;
369	if test "x$libradius_dir" = "x"; then
370		RACOON_PATH_LIBS([rad_create_request], [radius])
371	else
372		if test -d "$libradius_dir/lib" -a \
373		    -d "$libradius_dir/include" ; then
374			RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
375			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
376		else
377			AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
378	  	fi
379	fi
380	AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
381	LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
382	AC_CHECK_FUNCS(rad_create_request)
383fi
384
385AC_MSG_CHECKING(if --with-libpam option is specified)
386AC_ARG_WITH(libpam, 
387    [  --with-libpam=DIR    specify libpam path (like/usr/pkg)],
388    [libpam_dir=$withval], 
389    [libpam_dir=no])
390AC_MSG_RESULT($libpam_dir)
391if test "$libpam_dir" != "no"; then
392	if test "$libpam_dir" = "yes" ; then
393		  libpam_dir="";
394	fi;
395	if test "x$libpam_dir" = "x"; then
396		RACOON_PATH_LIBS([pam_start], [pam])
397	else
398		if test -d "$libpam_dir/lib" -a \
399		    -d "$libpam_dir/include" ; then
400			RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
401			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
402		else
403			AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
404	  	fi
405	fi
406	AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
407	LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
408	AC_CHECK_FUNCS(pam_start)
409fi
410
411AC_MSG_CHECKING(if --with-libldap option is specified)
412AC_ARG_WITH(libldap, 
413    [  --with-libldap=DIR    specify libldap path (like/usr/pkg)],
414    [libldap_dir=$withval], 
415    [libldap_dir=no])
416AC_MSG_RESULT($libldap_dir)
417if test "$libldap_dir" != "no"; then
418	if test "$libldap_dir" = "yes" ; then
419		  libldap_dir="";
420	fi;
421	if test "x$libldap_dir" = "x"; then
422		RACOON_PATH_LIBS([ldap_init], [ldap])
423	else
424		if test -d "$libldap_dir/lib" -a \
425		    -d "$libldap_dir/include" ; then
426			RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
427			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
428		else
429			AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
430	  	fi
431	fi
432	AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
433	LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
434
435	saved_CFLAGS=$CFLAGS
436	CFLAGS="$CFLAGS -Wall -Werror"
437	saved_CPPFLAGS=$CPPFLAGS
438        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
439	AC_TRY_COMPILE(
440		[#include <ldap.h>],
441		[
442			#if LDAP_API_VERSION < 2004
443			#error OpenLDAP version is too old ...
444			#endif
445		],
446		[AC_MSG_RESULT([ok])],
447		[
448			AC_MSG_RESULT(too old)
449			AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
450		])
451	CFLAGS=$saved_CFLAGS
452	CPPFLAGS=$saved_CPPFLAGS
453fi
454
455# Check for Kerberos5 support
456# XXX This must come after all --with-* tests, else the
457# -liconv checks will not work
458AC_MSG_CHECKING(if --enable-gssapi option is specified)
459AC_ARG_ENABLE(gssapi,
460	[  --enable-gssapi         enable GSS-API authentication],
461	[], [enable_gssapi=no])
462AC_MSG_RESULT($enable_gssapi)
463AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
464if test "x$enable_gssapi" = "xyes"; then
465	if test "$KRB5_CONFIG" != "no"; then
466		krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
467		krb5_libs="`$KRB5_CONFIG --libs gssapi`"
468	else
469		# No krb5-config; let's make some assumptions based on
470		# the OS.
471		case $host_os in
472		netbsd*)
473			krb5_incdir="-I/usr/include/krb5"
474			krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
475			;;
476		*)
477			AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
478			;;
479		esac
480	fi
481	LIBS="$LIBS $krb5_libs"
482	CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
483	AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
484
485	# Check if iconv 2nd argument needs const 
486	saved_CFLAGS=$CFLAGS
487	CFLAGS="$CFLAGS -Wall -Werror"
488	saved_CPPFLAGS=$CPPFLAGS
489        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
490	AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
491	AC_MSG_CHECKING([if iconv second argument needs const])
492	AC_TRY_COMPILE([
493		#include <iconv.h>
494		#include <stdio.h>
495	], [
496		iconv_t cd = NULL;
497		const char **src = NULL;
498		size_t *srcleft = NULL;
499		char **dst = NULL;
500		size_t *dstleft = NULL;
501
502		(void)iconv(cd, src, srcleft, dst, dstleft);
503	], [AC_MSG_RESULT(yes)
504	    AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
505	], [AC_MSG_RESULT(no)])
506	CFLAGS=$saved_CFLAGS
507	CPPFLAGS=$saved_CPPFLAGS
508
509	# libiconv is often integrated into libc. If a with-* option
510	# caused a non libc-based iconv.h to be catched instead of
511	# the libc-based iconv.h, then we need to link with -liconv
512	AC_MSG_CHECKING(if -liconv is required)
513	saved_CPPFLAGS=$CPPFLAGS
514	saved_LIBS=$LIBS
515	CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
516	AC_TRY_LINK([
517		#include <iconv.h>
518	], [
519		(void)iconv_open("ascii", "ascii");
520	],
521		[AC_MSG_RESULT(no)],
522		[
523			LIBS="$LIBS -liconv"
524			AC_TRY_LINK([
525				#include <iconv.h>
526		], [
527				(void)iconv_open("ascii", "ascii");
528			],
529			[
530				AC_MSG_RESULT(yes)
531				saved_LIBS=$LIBS
532			], [
533				AC_MSG_ERROR([cannot use iconv])
534			])
535		])
536	CPPFLAGS=$saved_CPPFLAGS
537	LIBS=$saved_LIBS
538fi
539
540AC_MSG_CHECKING(if --enable-stats option is specified)
541AC_ARG_ENABLE(stats,
542        [  --enable-stats          enable statistics logging function],
543        [], [enable_stats=no])
544if test "x$enable_stats" = "xyes"; then
545	AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
546fi
547AC_MSG_RESULT($enable_stats)
548
549AC_MSG_CHECKING(if --enable-dpd option is specified)
550AC_ARG_ENABLE(dpd,
551        [  --enable-dpd            enable dead peer detection],
552        [], [enable_dpd=no])
553if test "x$enable_dpd" = "xyes"; then
554	AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
555fi
556AC_MSG_RESULT($enable_dpd)
557
558AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
559AC_ARG_ENABLE(samode-unspec,
560        [  --enable-samode-unspec  enable to use unspecified a mode of SA],
561        [], [enable_samode_unspec=no])
562if test "x$enable_samode_unspec" = "xyes"; then
563	case $host_os in
564	*linux*)
565		cat << EOC
566		
567ERROR: --enable-samode-unspec is not supported under linux 
568because linux kernel do not support it. This option is disabled 
569to prevent mysterious problems.
570
571If you REALLY know what your are doing, remove this check.
572EOC
573		exit 1;
574		;;
575	esac
576	AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
577fi
578AC_MSG_RESULT($enable_samode_unspec)
579
580# Checks if IPv6 is requested
581AC_MSG_CHECKING([whether to enable ipv6])
582AC_ARG_ENABLE(ipv6,
583[  --disable-ipv6          disable ipv6 support],
584[ case "$enableval" in
585  no)
586       AC_MSG_RESULT(no)
587       ipv6=no
588       ;;
589  *)   AC_MSG_RESULT(yes)
590       ipv6=yes
591       ;;
592  esac ],
593
594  AC_TRY_RUN([ /* AF_INET6 avalable check */
595#include <sys/types.h>
596#include <sys/socket.h>
597main()
598{
599  exit(0);
600 if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
601   exit(1);
602 else
603   exit(0);
604}
605],
606  AC_MSG_RESULT(yes)
607  AC_DEFINE([INET6], [], [Support IPv6])
608  ipv6=yes,
609  AC_MSG_RESULT(no)
610  ipv6=no,
611  AC_MSG_RESULT(no)
612  ipv6=no
613))
614
615if test "$ipv6" = "yes"; then
616	AC_DEFINE([INET6], [], [Support IPv6])
617	AC_MSG_CHECKING(for advanced API support)
618	AC_TRY_COMPILE([#ifndef INET6
619#define INET6
620#endif
621#include <sys/types.h>
622#include <netinet/in.h>],
623		[struct in6_pktinfo a;],
624		[AC_MSG_RESULT(yes)
625		 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
626		[AC_MSG_RESULT(no)])
627fi
628
629RACOON_CHECK_BUGGY_GETADDRINFO
630if test "$buggygetaddrinfo" = "yes"; then
631	AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
632fi
633
634# Check if kernel support is available for NAT-T, defaults to no. 
635kernel_natt="no"
636
637AC_MSG_CHECKING(kernel NAT-Traversal support)
638case $host_os in
639linux*)
640# Linux kernel NAT-T check
641AC_EGREP_CPP(yes, 
642[#include <linux/pfkeyv2.h>
643#ifdef SADB_X_EXT_NAT_T_TYPE
644yes
645#endif
646], [kernel_natt="yes"])
647	;;
648freebsd*|netbsd*)
649# NetBSD case
650# Same check for FreeBSD
651AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
652       [kernel_natt="yes"],, [
653#define _KERNEL
654#include <sys/types.h>
655#include <net/pfkeyv2.h>
656])
657	;;
658esac
659AC_MSG_RESULT($kernel_natt)
660
661AC_MSG_CHECKING(whether to support NAT-T)
662AC_ARG_ENABLE(natt,
663	[  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
664        [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
665	[ enable_natt=no ])
666AC_MSG_RESULT($enable_natt)
667
668if test "$enable_natt" = "yes"; then
669	if test "$kernel_natt" = "no" ; then 
670		AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
671	else
672		AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
673		NATT_OBJS="nattraversal.o"
674		AC_SUBST(NATT_OBJS)
675	fi
676fi
677
678# Set up defines for supported NAT-T versions.
679natt_versions_default="00,02,rfc"
680AC_MSG_CHECKING(which NAT-T versions to support)
681AC_ARG_ENABLE(natt_versions,
682	[  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
683	[ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
684	[ enable_natt_versions=$natt_versions_default ])
685if test "$enable_natt" = "yes"; then
686	AC_MSG_RESULT($enable_natt_versions)
687	for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
688		case $i in 
689			0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
690			1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
691			2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
692			3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
693			4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
694			5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
695			6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
696			7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
697			8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
698			RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
699			*) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
700		esac
701	done
702	unset i
703else
704	AC_MSG_RESULT([none])
705fi
706
707AC_MSG_CHECKING(if --enable-broken-natt option is specified)
708AC_ARG_ENABLE(broken-natt,
709	[  --enable-broken-natt    broken in-kernel NAT-T],
710        [], [enable_broken_natt=no])
711if test "x$enable_broken_natt" = "xyes"; then
712	AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
713fi
714AC_MSG_RESULT($enable_broken_natt)
715
716AC_MSG_CHECKING(whether we support FWD policy)
717case $host in
718	*linux*)
719		AC_TRY_COMPILE([
720		#include <inttypes.h>
721		#include <linux/ipsec.h>
722			], [
723			int fwd = IPSEC_DIR_FWD;
724			],
725			[AC_MSG_RESULT(yes)
726			 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
727			[AC_MSG_RESULT(no)])
728		;;
729	*)
730		AC_MSG_RESULT(no)
731		;;
732esac
733
734AC_CHECK_TYPE([ipsec_policy_t], 
735	      [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
736	      [],
737	      [
738		#include <sys/types.h>
739	      	#include <netinet6/ipsec.h>
740	      ])
741
742# Check if kernel support is available for Security Context, defaults to no.
743kernel_secctx="no"
744
745AC_MSG_CHECKING(kernel Security Context support)
746case $host_os in
747linux*)
748# Linux kernel Security Context check
749AC_EGREP_CPP(yes,
750[#include <linux/pfkeyv2.h>
751#ifdef SADB_X_EXT_SEC_CTX
752yes
753#endif
754], [kernel_secctx="yes"])
755	;;
756esac
757AC_MSG_RESULT($kernel_secctx)
758
759AC_CHECK_HEADER(selinux/selinux.h,
760	[AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes], 
761	[selinux_support=no])], [selinux_support=no])
762
763AC_MSG_CHECKING(whether to support Security Context)
764AC_ARG_ENABLE(security-context,
765	[  --enable-security-context    enable Security Context(yes/no/kernel)],
766	[if test "$enable_security_context" = "kernel"; then
767		enable_security_context=$kernel_secctx; fi],
768	[enable_security_context=$kernel_secctx])
769AC_MSG_RESULT($enable_security_context)
770
771if test "$enable_security_context" = "yes"; then
772	if test "$kernel_secctx" = "no" ; then
773		AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
774	else
775		if test "$selinux_support" = "no"; then
776			AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.])
777		else
778			AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
779			SECCTX_OBJS="security.o"
780			AC_SUBST(SECCTX_OBJS)
781			LIBS="$LIBS -lselinux"
782		fi
783	fi
784fi
785
786RACOON_PATH_LIBS([clock_gettime], [rt])
787
788AC_MSG_CHECKING(for monotonic system clock)
789AC_TRY_COMPILE(
790	[#include <time.h>],
791	[clock_gettime(CLOCK_MONOTONIC, NULL);],
792	[AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock])
793	 AC_MSG_RESULT(yes)],
794	[AC_MSG_RESULT(no)])
795
796CFLAGS="$CFLAGS $CFLAGS_ADD"
797CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
798
799case $host in
800	*linux*)
801		# Remove KERNEL_INCLUDE from CPPFLAGS. It will
802		# be symlinked to src/include-glibc/linux in
803		# compile time.
804		CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
805		;;
806esac
807
808include_racoondir=${includedir}/racoon
809AC_SUBST(include_racoondir)
810
811AC_CONFIG_FILES([
812  Makefile
813  package_version.h
814  src/Makefile
815  src/include-glibc/Makefile
816  src/libipsec/Makefile
817  src/setkey/Makefile
818  src/racoon/Makefile
819  src/racoon/samples/psk.txt
820  src/racoon/samples/racoon.conf
821  rpm/Makefile
822  rpm/suse/Makefile
823  rpm/suse/ipsec-tools.spec
824  ])
825AC_OUTPUT
826