configure.ac revision 1.3 
1dnl -*- mode: m4 -*-
2dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
3
4AC_PREREQ(2.52)
5AC_INIT(ipsec-tools, CVS)
6AC_CONFIG_SRCDIR([configure.ac])
7AM_CONFIG_HEADER(config.h)
8
9AM_INIT_AUTOMAKE(dist-bzip2)
10
11AC_ENABLE_SHARED(no)
12
13AC_PROG_CC
14AM_PROG_CC_STDC
15AC_HEADER_STDC
16AC_PROG_LIBTOOL
17AC_PROG_YACC
18AM_PROG_LEX
19AC_SUBST(LEXLIB)
20AC_PROG_EGREP
21
22CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
23
24case $host in
25*netbsd*)
26	LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
27	;;
28*linux*)
29	LIBS="$LIBS -lresolv"
30	INSTALL_OPTS="-o bin -g bin"
31	INCLUDE_GLIBC="include-glibc"
32	RPM="rpm"
33	AC_SUBST(INSTALL_OPTS)
34	AC_SUBST(INCLUDE_GLIBC)
35	AC_SUBST(RPM)
36	;;
37*darwin*)
38	LIBS="$LIBS -lresolv"
39	;;
40esac
41
42# Look up some IPsec-related headers
43AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
44AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
45AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
46
47# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
48if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
49    have_netinet_ipsec=yes
50    AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use <netinet6/ipsec.h>])
51fi
52
53case "$host_os" in
54 *linux*)
55    AC_ARG_WITH(kernel-headers,
56	AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
57		       [where your Linux Kernel headers are installed]),
58	    [ KERNEL_INCLUDE="$with_kernel_headers" 
59	      CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
60	      AC_SUBST(CONFIGURE_AMFLAGS) ],
61	    [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
62
63    AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
64	[ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
65	  KERNEL_INCLUDE=/usr/src/linux/include ,
66	  [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
67    AC_SUBST(KERNEL_INCLUDE)
68    # We need the configure script to run with correct kernel headers.
69    # However we don't want to point to kernel source tree in compile time,
70    # i.e. this will be removed from CPPFLAGS at the end of configure.
71    CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
72
73    AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 
74    	[AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
75               	[Are PF_KEY policy priorities supported?])], [],
76    	[#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
77
78    GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
79    GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
80    CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
81    CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
82    AC_SUBST(GLIBC_BUGS)
83    ;;
84 *)
85    if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
86      if test "$have_net_pfkey" = yes; then
87	AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
88      else
89	AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
90      fi
91    fi
92    ;;
93esac
94
95### Some basic toolchain checks
96
97# Checks for header files.
98AC_HEADER_STDC
99AC_HEADER_SYS_WAIT
100AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
101AC_CHECK_HEADERS(shadow.h)
102
103# Checks for typedefs, structures, and compiler characteristics.
104AC_C_CONST
105AC_TYPE_PID_T
106AC_TYPE_SIZE_T
107AC_HEADER_TIME
108AC_STRUCT_TM
109
110# Checks for library functions.
111AC_FUNC_MEMCMP
112AC_TYPE_SIGNAL
113AC_FUNC_VPRINTF
114AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
115AC_REPLACE_FUNCS(strdup)
116RACOON_CHECK_VA_COPY
117
118# Check if printf accepts "%z" type modifier for size_t argument
119AC_MSG_CHECKING(if printf accepts %z)
120saved_CFLAGS=$CFLAGS
121CFLAGS="$CFLAGS -Wall -Werror"
122AC_TRY_COMPILE([
123#include <stdio.h>
124], [
125printf("%zu\n", (size_t)-1);
126],
127	[AC_MSG_RESULT(yes)],
128	[AC_MSG_RESULT(no);
129	 CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
130	 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
131	])
132CFLAGS=$saved_CFLAGS
133
134# Can we use __func__ macro?
135AC_MSG_CHECKING(if __func__ is available)
136AC_TRY_COMPILE(
137[#include <stdio.h>
138], [char *x = __func__;],
139	[AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
140	AC_MSG_RESULT(yes)],
141	[AC_MSG_RESULT(no)])
142
143# Check if readline support is requested
144AC_MSG_CHECKING(if readline support is requested)
145AC_ARG_WITH(readline,
146	[  --with-readline         support readline input (yes by default)],
147	[with_readline="$withval"], [with_readline="yes"])
148AC_MSG_RESULT($with_readline)
149
150# Is readline available?
151if test $with_readline != "no"; then
152	AC_CHECK_HEADER([readline/readline.h], 
153		[AC_CHECK_LIB(readline, readline, [
154				AC_DEFINE(HAVE_READLINE, [],
155					[Is readline available?])
156				LIBS="$LIBS -lreadline"
157		], [])], [])
158fi
159
160
161AC_MSG_CHECKING(if --with-flex option is specified)
162AC_ARG_WITH(flexdir,
163	[AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
164	[flexdir="$withval"])
165AC_MSG_RESULT(${flexdir-dirdefault})
166
167if test "x$flexdir" != "x"; then
168	LIBS="$LIBS $flexdir/libfl.a"
169fi
170
171AC_MSG_CHECKING(if --with-flexlib option is specified)
172AC_ARG_WITH(flexlib,
173	[  --with-flexlib=<LIB>    specify flex library.],
174	[flexlib="$withval"])
175AC_MSG_RESULT(${flexlib-default})
176
177if test "x$flexlib" != "x"; then
178	LIBS="$LIBS $flexlib"
179fi
180
181# Check if a different OpenSSL directory was specified
182AC_MSG_CHECKING(if --with-openssl option is specified)
183AC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
184	[crypto_dir=$withval])
185AC_MSG_RESULT(${crypto_dir-default})
186
187if test "x$crypto_dir" != "x"; then
188	LIBS="$LIBS -L${crypto_dir}/lib"
189	CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
190fi
191AC_MSG_CHECKING(openssl version)
192
193AC_TRY_COMPILE(
194[#include <openssl/opensslv.h>
195],
196[#if OPENSSL_VERSION_NUMBER < 0x0090602fL
197#error OpenSSL version is too old ...
198#endif],
199[AC_MSG_RESULT([ok])],
200[AC_MSG_RESULT(too old)
201AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
202])
203
204AC_CHECK_HEADERS(openssl/engine.h)
205
206# checking rijndael
207AC_CHECK_HEADERS([openssl/aes.h], [], 
208	[CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
209
210# checking sha2
211AC_MSG_CHECKING(sha2 support)
212AC_DEFINE([WITH_SHA2], [], [SHA2 support])
213AC_MSG_RESULT(yes)
214AC_CHECK_HEADER(openssl/sha2.h, [], [
215	AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
216	AC_TRY_COMPILE([
217		#ifdef HAVE_SYS_TYPES_H
218		#include <sys/types.h>
219		#endif
220		#include <openssl/sha.h>
221	], [
222		SHA256_CTX ctx;
223	], [
224	    AC_MSG_RESULT(yes)
225	    AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
226	], [AC_MSG_RESULT(no)
227	    AC_LIBOBJ([sha2])
228	    CRYPTOBJS="$CRYPTOBJS sha2.o"
229	])
230
231	CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing"
232])
233AC_SUBST(CRYPTOBJS)
234
235# checking camellia
236AC_CHECK_HEADERS([openssl/camellia.h])
237
238
239# Option --enable-adminport 
240AC_MSG_CHECKING(if --enable-adminport option is specified)
241AC_ARG_ENABLE(adminport,
242	[  --enable-adminport      enable admin port],
243	[], [enable_adminport=no])
244if test $enable_adminport = "yes"; then
245	AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
246fi
247AC_MSG_RESULT($enable_adminport)
248
249# Option RC5
250AC_MSG_CHECKING(if --enable-rc5 option is specified)
251AC_ARG_ENABLE(rc5,
252	[  --enable-rc5		enable RC5 encryption (patented)],
253	[], [enable_rc5=no])
254AC_MSG_RESULT($enable_rc5)
255
256if test $enable_rc5 = "yes"; then
257	AC_CHECK_HEADERS([openssl/rc5.h])
258	AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
259	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
260fi
261
262# Option IDEA
263AC_MSG_CHECKING(if --enable-idea option is specified)
264AC_ARG_ENABLE(idea,
265	[  --enable-idea	enable IDEA encryption (patented)],
266	[], [enable_idea=no])
267AC_MSG_RESULT($enable_idea)
268
269if test $enable_idea = "yes"; then
270	AC_CHECK_HEADERS([openssl/idea.h])
271	AC_CHECK_LIB([crypto_idea], [idea_encrypt], 
272	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
273fi
274AC_SUBST(EXTRA_CRYPTO)
275
276# For dynamic libradius
277RACOON_PATH_LIBS([MD5_Init], [crypto])
278
279# Check if we need -lutil for login(3)
280RACOON_PATH_LIBS([login], [util])
281
282# Specify libiconv prefix
283AC_MSG_CHECKING(if --with-libiconv option is specified)
284AC_ARG_WITH(libiconv, 
285    [  --with-libiconv=DIR    specify libiconv path (like/usr/pkg)],
286    [libiconv_dir=$withval], 
287    [libiconv_dir=no])
288AC_MSG_RESULT($libiconv_dir)
289if test "$libiconv_dir" != "no"; then
290	if test "$libiconv_dir" = "yes" ; then
291		  libiconv_dir="";
292	fi;
293	if test "x$libiconv_dir" = "x"; then
294		RACOON_PATH_LIBS([iconv_open], [iconv])
295	else
296		if test -d "$libiconv_dir/lib" -a \
297		    -d "$libiconv_dir/include" ; then
298			RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
299			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
300		else
301			AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
302	  	fi
303	fi
304	LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
305	AC_CHECK_FUNCS(iconv_open)
306fi
307
308AC_MSG_CHECKING([if --enable-hybrid option is specified])
309AC_ARG_ENABLE(hybrid, 
310    [  --enable-hybrid	  enable hybrid, both mode-cfg and xauth support],
311    [], [enable_hybrid=no])
312AC_MSG_RESULT($enable_hybrid)
313
314if test "x$enable_hybrid" = "xyes"; then
315	case $host in
316		*darwin*)
317		;;
318	*)
319		LIBS="$LIBS -lcrypt";
320		;;
321	esac
322	HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
323	AC_SUBST(HYBRID_OBJS)
324	AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
325fi
326
327AC_MSG_CHECKING([if --enable-frag option is specified])
328AC_ARG_ENABLE(frag, 
329    [  --enable-frag           enable IKE fragmentation payload support],
330    [], [enable_frag=no])
331AC_MSG_RESULT($enable_frag)
332
333if test "x$enable_frag" = "xyes"; then
334	case $host in
335	*darwin*)
336		;;
337	*)
338		LIBS="$LIBS -lcrypt"; 
339		;;
340	esac
341	FRAG_OBJS="isakmp_frag.o"
342	AC_SUBST(FRAG_OBJS)
343	AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
344fi
345
346AC_MSG_CHECKING(if --with-libradius option is specified)
347AC_ARG_WITH(libradius, 
348    [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
349    [libradius_dir=$withval], 
350    [libradius_dir=no])
351AC_MSG_RESULT($libradius_dir)
352if test "$libradius_dir" != "no"; then
353	if test "$libradius_dir" = "yes" ; then
354		  libradius_dir="";
355	fi;
356	if test "x$libradius_dir" = "x"; then
357		RACOON_PATH_LIBS([rad_create_request], [radius])
358	else
359		if test -d "$libradius_dir/lib" -a \
360		    -d "$libradius_dir/include" ; then
361			RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
362			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
363		else
364			AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
365	  	fi
366	fi
367	AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
368	LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
369	AC_CHECK_FUNCS(rad_create_request)
370fi
371
372AC_MSG_CHECKING(if --with-libpam option is specified)
373AC_ARG_WITH(libpam, 
374    [  --with-libpam=DIR    specify libpam path (like/usr/pkg)],
375    [libpam_dir=$withval], 
376    [libpam_dir=no])
377AC_MSG_RESULT($libpam_dir)
378if test "$libpam_dir" != "no"; then
379	if test "$libpam_dir" = "yes" ; then
380		  libpam_dir="";
381	fi;
382	if test "x$libpam_dir" = "x"; then
383		RACOON_PATH_LIBS([pam_start], [pam])
384	else
385		if test -d "$libpam_dir/lib" -a \
386		    -d "$libpam_dir/include" ; then
387			RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
388			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
389		else
390			AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
391	  	fi
392	fi
393	AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
394	LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
395	AC_CHECK_FUNCS(pam_start)
396fi
397
398AC_MSG_CHECKING(if --with-libldap option is specified)
399AC_ARG_WITH(libldap, 
400    [  --with-libldap=DIR    specify libldap path (like/usr/pkg)],
401    [libldap_dir=$withval], 
402    [libldap_dir=no])
403AC_MSG_RESULT($libldap_dir)
404if test "$libldap_dir" != "no"; then
405	if test "$libldap_dir" = "yes" ; then
406		  libldap_dir="";
407	fi;
408	if test "x$libldap_dir" = "x"; then
409		RACOON_PATH_LIBS([ldap_init], [ldap])
410	else
411		if test -d "$libldap_dir/lib" -a \
412		    -d "$libldap_dir/include" ; then
413			RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
414			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
415		else
416			AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
417	  	fi
418	fi
419	AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
420	LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
421
422	saved_CFLAGS=$CFLAGS
423	CFLAGS="$CFLAGS -Wall -Werror"
424	saved_CPPFLAGS=$CPPFLAGS
425        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
426	AC_TRY_COMPILE(
427		[#include <ldap.h>],
428		[
429			#if LDAP_API_VERSION < 2004
430			#error OpenLDAP version is too old ...
431			#endif
432		],
433		[AC_MSG_RESULT([ok])],
434		[
435			AC_MSG_RESULT(too old)
436			AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
437		])
438	CFLAGS=$saved_CFLAGS
439	CPPFLAGS=$saved_CPPFLAGS
440fi
441
442# Check for Kerberos5 support
443# XXX This must come after all --with-* tests, else the
444# -liconv checks will not work
445AC_MSG_CHECKING(if --enable-gssapi option is specified)
446AC_ARG_ENABLE(gssapi,
447	[  --enable-gssapi         enable GSS-API authentication],
448	[], [enable_gssapi=no])
449AC_MSG_RESULT($enable_gssapi)
450AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
451if test "x$enable_gssapi" = "xyes"; then
452	if test "$KRB5_CONFIG" != "no"; then
453		krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
454		krb5_libs="`$KRB5_CONFIG --libs gssapi`"
455	else
456		# No krb5-config; let's make some assumptions based on
457		# the OS.
458		case $host_os in
459		netbsd*)
460			krb5_incdir="-I/usr/include/krb5"
461			krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
462			;;
463		*)
464			AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
465			;;
466		esac
467	fi
468	LIBS="$LIBS $krb5_libs"
469	CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
470	AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
471
472	# Check if iconv 2nd argument needs const 
473	saved_CFLAGS=$CFLAGS
474	CFLAGS="$CFLAGS -Wall -Werror"
475	saved_CPPFLAGS=$CPPFLAGS
476        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
477	AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
478	AC_MSG_CHECKING([if iconv second argument needs const])
479	AC_TRY_COMPILE([
480		#include <iconv.h>
481		#include <stdio.h>
482	], [
483		iconv_t cd = NULL;
484		const char **src = NULL;
485		size_t *srcleft = NULL;
486		char **dst = NULL;
487		size_t *dstleft = NULL;
488
489		(void)iconv(cd, src, srcleft, dst, dstleft);
490	], [AC_MSG_RESULT(yes)
491	    AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
492	], [AC_MSG_RESULT(no)])
493	CFLAGS=$saved_CFLAGS
494	CPPFLAGS=$saved_CPPFLAGS
495
496	# libiconv is often integrated into libc. If a with-* option
497	# caused a non libc-based iconv.h to be catched instead of
498	# the libc-based iconv.h, then we need to link with -liconv
499	AC_MSG_CHECKING(if -liconv is required)
500	saved_CPPFLAGS=$CPPFLAGS
501	saved_LIBS=$LIBS
502	CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
503	AC_TRY_LINK([
504		#include <iconv.h>
505	], [
506		(void)iconv_open("ascii", "ascii");
507	],
508		[AC_MSG_RESULT(no)],
509		[
510			LIBS="$LIBS -liconv"
511			AC_TRY_LINK([
512				#include <iconv.h>
513		], [
514				(void)iconv_open("ascii", "ascii");
515			],
516			[
517				AC_MSG_RESULT(yes)
518				saved_LIBS=$LIBS
519			], [
520				AC_MSG_ERROR([cannot use iconv])
521			])
522		])
523	CPPFLAGS=$saved_CPPFLAGS
524	LIBS=$saved_LIBS
525fi
526
527AC_MSG_CHECKING(if --enable-stats option is specified)
528AC_ARG_ENABLE(stats,
529        [  --enable-stats          enable statistics logging function],
530        [], [enable_stats=no])
531if test "x$enable_stats" = "xyes"; then
532	AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
533fi
534AC_MSG_RESULT($enable_stats)
535
536AC_MSG_CHECKING(if --enable-dpd option is specified)
537AC_ARG_ENABLE(dpd,
538        [  --enable-dpd            enable dead peer detection],
539        [], [enable_dpd=no])
540if test "x$enable_dpd" = "xyes"; then
541	AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
542fi
543AC_MSG_RESULT($enable_dpd)
544
545AC_MSG_CHECKING(if --enable-fastquit option is specified)
546AC_ARG_ENABLE(fastquit,
547        [  --enable-fastquit            enable new faster code to flush SAs when stopping racoon],
548        [], [enable_fastquit=no])
549if test "x$enable_fastquit" = "xyes"; then
550	AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code])
551fi
552AC_MSG_RESULT($enable_fastquit)
553
554
555AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
556AC_ARG_ENABLE(samode-unspec,
557        [  --enable-samode-unspec  enable to use unspecified a mode of SA],
558        [], [enable_samode_unspec=no])
559if test "x$enable_samode_unspec" = "xyes"; then
560	case $host_os in
561	*linux*)
562		cat << EOC
563		
564ERROR: --enable-samode-unspec is not supported under linux 
565because linux kernel do not support it. This option is disabled 
566to prevent mysterious problems.
567
568If you REALLY know what your are doing, remove this check.
569EOC
570		exit 1;
571		;;
572	esac
573	AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
574fi
575AC_MSG_RESULT($enable_samode_unspec)
576
577# Checks if IPv6 is requested
578AC_MSG_CHECKING([whether to enable ipv6])
579AC_ARG_ENABLE(ipv6,
580[  --disable-ipv6          disable ipv6 support],
581[ case "$enableval" in
582  no)
583       AC_MSG_RESULT(no)
584       ipv6=no
585       ;;
586  *)   AC_MSG_RESULT(yes)
587       ipv6=yes
588       ;;
589  esac ],
590
591  AC_TRY_RUN([ /* AF_INET6 avalable check */
592#include <sys/types.h>
593#include <sys/socket.h>
594main()
595{
596  exit(0);
597 if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
598   exit(1);
599 else
600   exit(0);
601}
602],
603  AC_MSG_RESULT(yes)
604  AC_DEFINE([INET6], [], [Support IPv6])
605  ipv6=yes,
606  AC_MSG_RESULT(no)
607  ipv6=no,
608  AC_MSG_RESULT(no)
609  ipv6=no
610))
611
612if test "$ipv6" = "yes"; then
613	AC_DEFINE([INET6], [], [Support IPv6])
614	AC_MSG_CHECKING(for advanced API support)
615	AC_TRY_COMPILE([#ifndef INET6
616#define INET6
617#endif
618#include <sys/types.h>
619#include <netinet/in.h>],
620		[struct in6_pktinfo a;],
621		[AC_MSG_RESULT(yes)
622		 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
623		[AC_MSG_RESULT(no)])
624fi
625
626RACOON_CHECK_BUGGY_GETADDRINFO
627if test "$buggygetaddrinfo" = "yes"; then
628	AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
629fi
630
631# Check if kernel support is available for NAT-T, defaults to no. 
632kernel_natt="no"
633
634AC_MSG_CHECKING(kernel NAT-Traversal support)
635case $host_os in
636linux*)
637# Linux kernel NAT-T check
638AC_EGREP_CPP(yes, 
639[#include <linux/pfkeyv2.h>
640#ifdef SADB_X_EXT_NAT_T_TYPE
641yes
642#endif
643], [kernel_natt="yes"])
644	;;
645freebsd*|netbsd*)
646# NetBSD case
647# Same check for FreeBSD
648AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
649       [kernel_natt="yes"],, [
650#define _KERNEL
651#include <sys/types.h>
652#include <net/pfkeyv2.h>
653])
654	;;
655esac
656AC_MSG_RESULT($kernel_natt)
657
658AC_MSG_CHECKING(whether to support NAT-T)
659AC_ARG_ENABLE(natt,
660	[  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
661        [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
662	[ enable_natt=no ])
663AC_MSG_RESULT($enable_natt)
664
665if test "$enable_natt" = "yes"; then
666	if test "$kernel_natt" = "no" ; then 
667		AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
668	else
669		AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
670		NATT_OBJS="nattraversal.o"
671		AC_SUBST(NATT_OBJS)
672	fi
673fi
674
675# Set up defines for supported NAT-T versions.
676natt_versions_default="00,02,rfc"
677AC_MSG_CHECKING(which NAT-T versions to support)
678AC_ARG_ENABLE(natt_versions,
679	[  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
680	[ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
681	[ enable_natt_versions=$natt_versions_default ])
682if test "$enable_natt" = "yes"; then
683	AC_MSG_RESULT($enable_natt_versions)
684	for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
685		case $i in 
686			0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
687			1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
688			2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
689			3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
690			4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
691			5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
692			6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
693			7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
694			8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
695			RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
696			*) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
697		esac
698	done
699	unset i
700else
701	AC_MSG_RESULT([none])
702fi
703
704AC_MSG_CHECKING(if --enable-broken-natt option is specified)
705AC_ARG_ENABLE(broken-natt,
706	[  --enable-broken-natt    broken in-kernel NAT-T],
707        [], [enable_broken_natt=no])
708if test "x$enable_broken_natt" = "xyes"; then
709	AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
710fi
711AC_MSG_RESULT($enable_broken_natt)
712
713AC_MSG_CHECKING(whether we support FWD policy)
714case $host in
715	*linux*)
716		AC_TRY_COMPILE([
717		#include <inttypes.h>
718		#include <linux/ipsec.h>
719			], [
720			int fwd = IPSEC_DIR_FWD;
721			],
722			[AC_MSG_RESULT(yes)
723			 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
724			[AC_MSG_RESULT(no)])
725		;;
726	*)
727		AC_MSG_RESULT(no)
728		;;
729esac
730
731AC_CHECK_TYPE([ipsec_policy_t], 
732	      [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
733	      [],
734	      [
735		#include <sys/types.h>
736	      	#include <netinet6/ipsec.h>
737	      ])
738
739# Check if kernel support is available for Security Context, defaults to no.
740kernel_secctx="no"
741
742AC_MSG_CHECKING(kernel Security Context support)
743case $host_os in
744linux*)
745# Linux kernel Security Context check
746AC_EGREP_CPP(yes,
747[#include <linux/pfkeyv2.h>
748#ifdef SADB_X_EXT_SEC_CTX
749yes
750#endif
751], [kernel_secctx="yes"])
752	;;
753esac
754AC_MSG_RESULT($kernel_secctx)
755
756AC_MSG_CHECKING(whether to support Security Context)
757AC_ARG_ENABLE(security-context,
758	[  --enable-security-context    enable Security Context(yes/no/kernel)],
759	[if test "$enable_security-context" = "kernel"; then
760		enable_security_context=$kernel_secctx; fi],
761	[enable_security_context=$kernel_secctx])
762AC_MSG_RESULT($enable_security_context)
763
764if test "$enable_security_context" = "yes"; then
765	if test "$kernel_secctx" = "no" ; then
766		AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
767	else
768		AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
769		SECCTX_OBJS="security.o"
770		AC_SUBST(SECCTX_OBJS)
771		LIBS="$LIBS -lselinux"
772	fi
773fi
774
775CFLAGS="$CFLAGS $CFLAGS_ADD"
776CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
777
778case $host in
779	*linux*)
780		# Remove KERNEL_INCLUDE from CPPFLAGS. It will
781		# be symlinked to src/include-glibc/linux in
782		# compile time.
783		CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
784		;;
785esac
786
787include_racoondir=${includedir}/racoon
788AC_SUBST(include_racoondir)
789
790AC_CONFIG_FILES([
791  Makefile
792  package_version.h
793  src/Makefile
794  src/include-glibc/Makefile
795  src/libipsec/Makefile
796  src/setkey/Makefile
797  src/racoon/Makefile
798  src/racoon/samples/psk.txt
799  src/racoon/samples/racoon.conf
800  rpm/Makefile
801  rpm/suse/Makefile
802  rpm/suse/ipsec-tools.spec
803  ])
804AC_OUTPUT
805