xref: /netbsd/crypto/dist/ipsec-tools/configure.ac (revision fd2259b9) 
1dnl -*- mode: m4 -*-
2dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
3
4AC_PREREQ(2.52)
5AC_INIT(ipsec-tools, CVS)
6AC_CONFIG_SRCDIR([configure.ac])
7AC_CONFIG_HEADERS(config.h)
8
9AM_INIT_AUTOMAKE(dist-bzip2)
10
11AC_ENABLE_SHARED(no)
12
13AC_PROG_CC
14AC_HEADER_STDC
15AC_PROG_LIBTOOL
16AC_PROG_YACC
17AM_PROG_LEX
18AC_SUBST(LEXLIB)
19AC_PROG_EGREP
20
21CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
22
23case $host in
24*netbsd*)
25	LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
26	;;
27*linux*)
28	LIBS="$LIBS -lresolv"
29	INSTALL_OPTS="-o bin -g bin"
30	INCLUDE_GLIBC="include-glibc"
31	RPM="rpm"
32	AC_SUBST(INSTALL_OPTS)
33	AC_SUBST(INCLUDE_GLIBC)
34	AC_SUBST(RPM)
35	;;
36*darwin*)
37	LIBS="$LIBS -lresolv"
38	;;
39esac
40
41# Look up some IPsec-related headers
42AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
43AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
44AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
45AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no])
46
47# FreeBSD >=7 has only <netipsec/ipsec.h>
48# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
49# XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>,
50# we can't decide which one to use (actually <netinet6/ipsec.h>)
51
52
53if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then
54    have_netinet_ipsec=yes
55    AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h])
56else
57	if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
58    	have_netinet_ipsec=yes
59	    AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h])
60	else
61		# have_netinet_ipsec will be checked a few lines below
62	    AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h])
63	fi
64fi
65
66case "$host_os" in
67 *linux*)
68    AC_ARG_WITH(kernel-headers,
69	AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
70		       [where your Linux Kernel headers are installed]),
71	    [ KERNEL_INCLUDE="$with_kernel_headers"
72	      CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
73	      AC_SUBST(CONFIGURE_AMFLAGS) ],
74	    [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
75
76    AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
77	[ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
78	  KERNEL_INCLUDE=/usr/src/linux/include ,
79	  [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
80    AC_SUBST(KERNEL_INCLUDE)
81    # We need the configure script to run with correct kernel headers.
82    # However we don't want to point to kernel source tree in compile time,
83    # i.e. this will be removed from CPPFLAGS at the end of configure.
84    CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
85
86    AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority,
87    	[AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
88               	[Are PF_KEY policy priorities supported?])], [],
89    	[#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
90
91    GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
92    GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
93    CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
94    CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
95    AC_SUBST(GLIBC_BUGS)
96    ;;
97 *)
98    if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
99      if test "$have_net_pfkey" = yes; then
100	AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
101      else
102	AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
103      fi
104    fi
105    ;;
106esac
107
108AH_TEMPLATE(ENABLE_WILDCARD_MATCH, [Enable wildcard matching in pre-shared-key file])
109AC_ARG_ENABLE([wildcard-match],
110[--enable-wildcard-match	Enable wildcard matching in pre-shared-key file],
111[case "${enableval}" in
112(yes)	AC_DEFINE(ENABLE_WILDCARD_MATCH);;
113(no)	;;
114(*)	AC_MSG_ERROR(bad value ${enableval} for --enable-wildcard-match);;
115esac],[])
116### Some basic toolchain checks
117
118# Checks for header files.
119AC_HEADER_STDC
120AC_HEADER_SYS_WAIT
121AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
122AC_CHECK_HEADERS(shadow.h strings.h)
123
124# Checks for typedefs, structures, and compiler characteristics.
125AC_C_CONST
126AC_TYPE_PID_T
127AC_TYPE_SIZE_T
128AC_HEADER_TIME
129AC_STRUCT_TM
130
131# Checks for library functions.
132AC_FUNC_MEMCMP
133AC_TYPE_SIGNAL
134AC_FUNC_VPRINTF
135AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
136AC_REPLACE_FUNCS(strdup)
137RACOON_CHECK_VA_COPY
138
139# Check if printf accepts "%z" type modifier for size_t argument
140AC_MSG_CHECKING(if printf accepts %z)
141saved_CFLAGS=$CFLAGS
142CFLAGS="$CFLAGS -Wall -Werror"
143AC_TRY_COMPILE([
144#include <stdio.h>
145], [
146printf("%zu\n", (size_t)-1);
147],
148	[AC_MSG_RESULT(yes)],
149	[AC_MSG_RESULT(no);
150	 CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
151	 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
152	])
153CFLAGS=$saved_CFLAGS
154
155# Can we use __func__ macro?
156AC_MSG_CHECKING(if __func__ is available)
157AC_TRY_COMPILE(
158[#include <stdio.h>
159], [char *x = __func__;],
160	[AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
161	AC_MSG_RESULT(yes)],
162	[AC_MSG_RESULT(no)])
163
164# Check if readline support is requested
165AC_MSG_CHECKING(if readline support is requested)
166AC_ARG_WITH(readline,
167	[  --with-readline         support readline input (yes by default)],
168	[with_readline="$withval"], [with_readline="yes"])
169AC_MSG_RESULT($with_readline)
170
171# Is readline available?
172if test $with_readline != "no"; then
173	AC_CHECK_HEADER([readline/readline.h],
174		[AC_CHECK_LIB(readline, readline, [
175				AC_DEFINE(HAVE_READLINE, [],
176					[Is readline available?])
177				LIBS="$LIBS -lreadline"
178		], [])], [])
179fi
180
181
182AC_MSG_CHECKING(if --with-flex option is specified)
183AC_ARG_WITH(flexdir,
184	[AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
185	[flexdir="$withval"])
186AC_MSG_RESULT(${flexdir-dirdefault})
187
188if test "x$flexdir" != "x"; then
189	LIBS="$LIBS $flexdir/libfl.a"
190fi
191
192AC_MSG_CHECKING(if --with-flexlib option is specified)
193AC_ARG_WITH(flexlib,
194	[  --with-flexlib=<LIB>    specify flex library.],
195	[flexlib="$withval"])
196AC_MSG_RESULT(${flexlib-default})
197
198if test "x$flexlib" != "x"; then
199	LIBS="$LIBS $flexlib"
200fi
201
202# Check if a different OpenSSL directory was specified
203AC_MSG_CHECKING(if --with-openssl option is specified)
204AC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
205	[crypto_dir=$withval])
206AC_MSG_RESULT(${crypto_dir-default})
207
208if test "x$crypto_dir" != "x"; then
209	LIBS="$LIBS -L${crypto_dir}/lib"
210	CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
211fi
212AC_MSG_CHECKING(openssl version)
213
214AC_TRY_COMPILE(
215[#include <openssl/opensslv.h>
216],
217[#if OPENSSL_VERSION_NUMBER < 0x0090813fL
218#error OpenSSL version is too old ...
219#endif],
220[AC_MSG_RESULT([ok])],
221[AC_MSG_RESULT(too old)
222AC_MSG_ERROR([OpenSSL version must be 0.9.8s or higher. Aborting.])
223])
224
225AC_CHECK_HEADERS(openssl/engine.h)
226
227# checking rijndael
228AC_CHECK_HEADERS([openssl/aes.h], [],
229	[CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
230
231# checking sha2
232AC_MSG_CHECKING(sha2 support)
233AC_DEFINE([WITH_SHA2], [], [SHA2 support])
234AC_MSG_RESULT(yes)
235AC_CHECK_HEADER(openssl/sha2.h, [], [
236	AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
237	AC_TRY_COMPILE([
238		#ifdef HAVE_SYS_TYPES_H
239		#include <sys/types.h>
240		#endif
241		#include <openssl/sha.h>
242	], [
243		SHA256_CTX ctx;
244	], [
245	    AC_MSG_RESULT(yes)
246	    AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
247	], [AC_MSG_RESULT(no)
248	    AC_LIBOBJ([sha2])
249	    CRYPTOBJS="$CRYPTOBJS sha2.o"
250	])
251
252	CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing"
253])
254AC_SUBST(CRYPTOBJS)
255
256# checking camellia
257AC_CHECK_HEADERS([openssl/camellia.h])
258
259
260# Option --enable-adminport
261AC_MSG_CHECKING(if --enable-adminport option is specified)
262AC_ARG_ENABLE(adminport,
263	[  --enable-adminport      enable admin port],
264	[], [enable_adminport=no])
265if test $enable_adminport = "yes"; then
266	AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
267fi
268AC_MSG_RESULT($enable_adminport)
269
270# Option RC5
271AC_MSG_CHECKING(if --enable-rc5 option is specified)
272AC_ARG_ENABLE(rc5,
273	[  --enable-rc5		enable RC5 encryption (patented)],
274	[], [enable_rc5=no])
275AC_MSG_RESULT($enable_rc5)
276
277if test $enable_rc5 = "yes"; then
278	AC_CHECK_HEADERS([openssl/rc5.h])
279	AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
280	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
281fi
282
283# Option IDEA
284AC_MSG_CHECKING(if --enable-idea option is specified)
285AC_ARG_ENABLE(idea,
286	[  --enable-idea	enable IDEA encryption (patented)],
287	[], [enable_idea=no])
288AC_MSG_RESULT($enable_idea)
289
290if test $enable_idea = "yes"; then
291	AC_CHECK_HEADERS([openssl/idea.h])
292	AC_CHECK_LIB([crypto_idea], [idea_encrypt],
293	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
294fi
295AC_SUBST(EXTRA_CRYPTO)
296
297# For dynamic libradius
298RACOON_PATH_LIBS([MD5_Init], [crypto])
299
300# Check if we need -lutil for login(3)
301RACOON_PATH_LIBS([login], [util])
302
303# Specify libiconv prefix
304AC_MSG_CHECKING(if --with-libiconv option is specified)
305AC_ARG_WITH(libiconv,
306    [  --with-libiconv=DIR    specify libiconv path (like/usr/pkg)],
307    [libiconv_dir=$withval],
308    [libiconv_dir=no])
309AC_MSG_RESULT($libiconv_dir)
310if test "$libiconv_dir" != "no"; then
311	if test "$libiconv_dir" = "yes" ; then
312		  libiconv_dir="";
313	fi;
314	if test "x$libiconv_dir" = "x"; then
315		RACOON_PATH_LIBS([iconv_open], [iconv])
316	else
317		if test -d "$libiconv_dir/lib" -a \
318		    -d "$libiconv_dir/include" ; then
319			RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
320			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
321		else
322			AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
323	  	fi
324	fi
325	LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
326	AC_CHECK_FUNCS(iconv_open)
327fi
328
329AC_MSG_CHECKING([if --enable-hybrid option is specified])
330AC_ARG_ENABLE(hybrid,
331    [  --enable-hybrid	  enable hybrid, both mode-cfg and xauth support],
332    [], [enable_hybrid=no])
333AC_MSG_RESULT($enable_hybrid)
334
335if test "x$enable_hybrid" = "xyes"; then
336	case $host in
337		*darwin*)
338		;;
339	*)
340		LIBS="$LIBS -lcrypt";
341		;;
342	esac
343	HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
344	AC_SUBST(HYBRID_OBJS)
345	AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
346fi
347
348AC_MSG_CHECKING([if --enable-frag option is specified])
349AC_ARG_ENABLE(frag,
350    [  --enable-frag           enable IKE fragmentation payload support],
351    [], [enable_frag=no])
352AC_MSG_RESULT($enable_frag)
353
354if test "x$enable_frag" = "xyes"; then
355	case $host in
356	*darwin*)
357		;;
358	*)
359		LIBS="$LIBS -lcrypt";
360		;;
361	esac
362	FRAG_OBJS="isakmp_frag.o"
363	AC_SUBST(FRAG_OBJS)
364	AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
365fi
366
367AC_MSG_CHECKING(if --with-libradius option is specified)
368AC_ARG_WITH(libradius,
369    [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
370    [libradius_dir=$withval],
371    [libradius_dir=no])
372AC_MSG_RESULT($libradius_dir)
373if test "$libradius_dir" != "no"; then
374	if test "$libradius_dir" = "yes" ; then
375		  libradius_dir="";
376	fi;
377	if test "x$libradius_dir" = "x"; then
378		RACOON_PATH_LIBS([rad_create_request], [radius])
379	else
380		if test -d "$libradius_dir/lib" -a \
381		    -d "$libradius_dir/include" ; then
382			RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
383			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
384		else
385			AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
386	  	fi
387	fi
388	AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
389	LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
390	AC_CHECK_FUNCS(rad_create_request)
391fi
392
393AC_MSG_CHECKING(if --with-libpam option is specified)
394AC_ARG_WITH(libpam,
395    [  --with-libpam=DIR    specify libpam path (like/usr/pkg)],
396    [libpam_dir=$withval],
397    [libpam_dir=no])
398AC_MSG_RESULT($libpam_dir)
399if test "$libpam_dir" != "no"; then
400	if test "$libpam_dir" = "yes" ; then
401		  libpam_dir="";
402	fi;
403	if test "x$libpam_dir" = "x"; then
404		RACOON_PATH_LIBS([pam_start], [pam])
405	else
406		if test -d "$libpam_dir/lib" -a \
407		    -d "$libpam_dir/include" ; then
408			RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
409			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
410		else
411			AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
412	  	fi
413	fi
414	AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
415	LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
416	AC_CHECK_FUNCS(pam_start)
417fi
418
419AC_MSG_CHECKING(if --with-libldap option is specified)
420AC_ARG_WITH(libldap,
421    [  --with-libldap=DIR    specify libldap path (like/usr/pkg)],
422    [libldap_dir=$withval],
423    [libldap_dir=no])
424AC_MSG_RESULT($libldap_dir)
425if test "$libldap_dir" != "no"; then
426	if test "$libldap_dir" = "yes" ; then
427		  libldap_dir="";
428	fi;
429	if test "x$libldap_dir" = "x"; then
430		RACOON_PATH_LIBS([ldap_init], [ldap])
431	else
432		if test -d "$libldap_dir/lib" -a \
433		    -d "$libldap_dir/include" ; then
434			RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
435			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
436		else
437			AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
438	  	fi
439	fi
440	AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
441	LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
442
443	saved_CFLAGS=$CFLAGS
444	CFLAGS="$CFLAGS -Wall -Werror"
445	saved_CPPFLAGS=$CPPFLAGS
446        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
447	AC_TRY_COMPILE(
448		[#include <ldap.h>],
449		[
450			#if LDAP_API_VERSION < 2004
451			#error OpenLDAP version is too old ...
452			#endif
453		],
454		[AC_MSG_RESULT([ok])],
455		[
456			AC_MSG_RESULT(too old)
457			AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
458		])
459	CFLAGS=$saved_CFLAGS
460	CPPFLAGS=$saved_CPPFLAGS
461fi
462
463# Check for Kerberos5 support
464# XXX This must come after all --with-* tests, else the
465# -liconv checks will not work
466AC_MSG_CHECKING(if --enable-gssapi option is specified)
467AC_ARG_ENABLE(gssapi,
468	[  --enable-gssapi         enable GSS-API authentication],
469	[], [enable_gssapi=no])
470AC_MSG_RESULT($enable_gssapi)
471AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
472if test "x$enable_gssapi" = "xyes"; then
473	if test "$KRB5_CONFIG" != "no"; then
474		krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
475		krb5_libs="`$KRB5_CONFIG --libs gssapi`"
476	else
477		# No krb5-config; let's make some assumptions based on
478		# the OS.
479		case $host_os in
480		netbsd*)
481			krb5_incdir="-I/usr/include/krb5"
482			krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
483			;;
484		*)
485			AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
486			;;
487		esac
488	fi
489	LIBS="$LIBS $krb5_libs"
490	CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
491	AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
492
493	# Check if iconv 2nd argument needs const
494	saved_CFLAGS=$CFLAGS
495	CFLAGS="$CFLAGS -Wall -Werror"
496	saved_CPPFLAGS=$CPPFLAGS
497        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
498	AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
499	AC_MSG_CHECKING([if iconv second argument needs const])
500	AC_TRY_COMPILE([
501		#include <iconv.h>
502		#include <stdio.h>
503	], [
504		iconv_t cd = NULL;
505		const char **src = NULL;
506		size_t *srcleft = NULL;
507		char **dst = NULL;
508		size_t *dstleft = NULL;
509
510		(void)iconv(cd, src, srcleft, dst, dstleft);
511	], [AC_MSG_RESULT(yes)
512	    AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
513	], [AC_MSG_RESULT(no)])
514	CFLAGS=$saved_CFLAGS
515	CPPFLAGS=$saved_CPPFLAGS
516
517	# libiconv is often integrated into libc. If a with-* option
518	# caused a non libc-based iconv.h to be catched instead of
519	# the libc-based iconv.h, then we need to link with -liconv
520	AC_MSG_CHECKING(if -liconv is required)
521	saved_CPPFLAGS=$CPPFLAGS
522	saved_LIBS=$LIBS
523	CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
524	AC_TRY_LINK([
525		#include <iconv.h>
526	], [
527		(void)iconv_open("ascii", "ascii");
528	],
529		[AC_MSG_RESULT(no)],
530		[
531			LIBS="$LIBS -liconv"
532			AC_TRY_LINK([
533				#include <iconv.h>
534		], [
535				(void)iconv_open("ascii", "ascii");
536			],
537			[
538				AC_MSG_RESULT(yes)
539				saved_LIBS=$LIBS
540			], [
541				AC_MSG_ERROR([cannot use iconv])
542			])
543		])
544	CPPFLAGS=$saved_CPPFLAGS
545	LIBS=$saved_LIBS
546fi
547
548AC_MSG_CHECKING(if --enable-stats option is specified)
549AC_ARG_ENABLE(stats,
550        [  --enable-stats          enable statistics logging function],
551        [], [enable_stats=no])
552if test "x$enable_stats" = "xyes"; then
553	AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
554fi
555AC_MSG_RESULT($enable_stats)
556
557AC_MSG_CHECKING(if --enable-dpd option is specified)
558AC_ARG_ENABLE(dpd,
559        [  --enable-dpd            enable dead peer detection],
560        [], [enable_dpd=no])
561if test "x$enable_dpd" = "xyes"; then
562	AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
563fi
564AC_MSG_RESULT($enable_dpd)
565
566AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
567AC_ARG_ENABLE(samode-unspec,
568        [  --enable-samode-unspec  enable to use unspecified a mode of SA],
569        [], [enable_samode_unspec=no])
570if test "x$enable_samode_unspec" = "xyes"; then
571	case $host_os in
572	*linux*)
573		cat << EOC
574
575ERROR: --enable-samode-unspec is not supported under linux
576because linux kernel do not support it. This option is disabled
577to prevent mysterious problems.
578
579If you REALLY know what your are doing, remove this check.
580EOC
581		exit 1;
582		;;
583	esac
584	AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
585fi
586AC_MSG_RESULT($enable_samode_unspec)
587
588# Checks if IPv6 is requested
589AC_MSG_CHECKING([whether to enable ipv6])
590AC_ARG_ENABLE(ipv6,
591[  --disable-ipv6          disable ipv6 support],
592[ case "$enableval" in
593  no)
594       AC_MSG_RESULT(no)
595       ipv6=no
596       ;;
597  *)   AC_MSG_RESULT(yes)
598       ipv6=yes
599       ;;
600  esac ],
601
602  AC_TRY_RUN([ /* AF_INET6 avalable check */
603#include <sys/types.h>
604#include <sys/socket.h>
605main()
606{
607  exit(0);
608 if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
609   exit(1);
610 else
611   exit(0);
612}
613],
614  AC_MSG_RESULT(yes)
615  AC_DEFINE([INET6], [], [Support IPv6])
616  ipv6=yes,
617  AC_MSG_RESULT(no)
618  ipv6=no,
619  AC_MSG_RESULT(no)
620  ipv6=no
621))
622
623if test "$ipv6" = "yes"; then
624	AC_DEFINE([INET6], [], [Support IPv6])
625	AC_MSG_CHECKING(for advanced API support)
626	AC_TRY_COMPILE([#ifndef INET6
627#define INET6
628#endif
629#include <sys/types.h>
630#include <netinet/in.h>],
631		[struct in6_pktinfo a;],
632		[AC_MSG_RESULT(yes)
633		 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
634		[AC_MSG_RESULT(no)])
635fi
636
637RACOON_CHECK_BUGGY_GETADDRINFO
638if test "$buggygetaddrinfo" = "yes"; then
639	AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
640fi
641
642# Check if kernel support is available for NAT-T, defaults to no.
643kernel_natt="no"
644
645AC_MSG_CHECKING(kernel NAT-Traversal support)
646case $host_os in
647linux*)
648# Linux kernel NAT-T check
649AC_EGREP_CPP(yes,
650[#include <linux/pfkeyv2.h>
651#ifdef SADB_X_EXT_NAT_T_TYPE
652yes
653#endif
654], [kernel_natt="yes"])
655	;;
656freebsd*|netbsd*)
657# NetBSD case
658# Same check for FreeBSD
659AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
660       [kernel_natt="yes"],, [
661#define _KERNEL
662#include <sys/types.h>
663#include <net/pfkeyv2.h>
664])
665	;;
666esac
667AC_MSG_RESULT($kernel_natt)
668
669AC_MSG_CHECKING(whether to support NAT-T)
670AC_ARG_ENABLE(natt,
671	[  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
672        [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
673	[ enable_natt=no ])
674AC_MSG_RESULT($enable_natt)
675
676if test "$enable_natt" = "yes"; then
677	if test "$kernel_natt" = "no" ; then
678		AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
679	else
680		AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
681		NATT_OBJS="nattraversal.o"
682		AC_SUBST(NATT_OBJS)
683	fi
684fi
685
686# Set up defines for supported NAT-T versions.
687natt_versions_default="00,02,rfc"
688AC_MSG_CHECKING(which NAT-T versions to support)
689AC_ARG_ENABLE(natt_versions,
690	[  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
691	[ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
692	[ enable_natt_versions=$natt_versions_default ])
693if test "$enable_natt" = "yes"; then
694	AC_MSG_RESULT($enable_natt_versions)
695	for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
696		case $i in
697			0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
698			1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
699			2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
700			3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
701			4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
702			5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
703			6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
704			7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
705			8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
706			RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
707			*) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
708		esac
709	done
710	unset i
711else
712	AC_MSG_RESULT([none])
713fi
714
715AC_MSG_CHECKING(if --enable-broken-natt option is specified)
716AC_ARG_ENABLE(broken-natt,
717	[  --enable-broken-natt    broken in-kernel NAT-T],
718        [], [enable_broken_natt=no])
719if test "x$enable_broken_natt" = "xyes"; then
720	AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
721fi
722AC_MSG_RESULT($enable_broken_natt)
723
724AC_MSG_CHECKING(whether we support FWD policy)
725case $host in
726	*linux*)
727		AC_TRY_COMPILE([
728		#include <inttypes.h>
729		#include <linux/ipsec.h>
730			], [
731			int fwd = IPSEC_DIR_FWD;
732			],
733			[AC_MSG_RESULT(yes)
734			 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
735			[AC_MSG_RESULT(no)])
736		;;
737	*)
738		AC_MSG_RESULT(no)
739		;;
740esac
741
742AC_CHECK_TYPE([ipsec_policy_t],
743	      [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
744	      [],
745	      [
746		#include <sys/types.h>
747	      	#include <netinet6/ipsec.h>
748	      ])
749
750# Check if kernel support is available for Security Context, defaults to no.
751kernel_secctx="no"
752
753AC_MSG_CHECKING(kernel Security Context support)
754case $host_os in
755linux*)
756# Linux kernel Security Context check
757AC_EGREP_CPP(yes,
758[#include <linux/pfkeyv2.h>
759#ifdef SADB_X_EXT_SEC_CTX
760yes
761#endif
762], [kernel_secctx="yes"])
763	;;
764esac
765AC_MSG_RESULT($kernel_secctx)
766
767AC_CHECK_HEADER(selinux/selinux.h,
768	[AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes],
769	[selinux_support=no])], [selinux_support=no])
770
771AC_MSG_CHECKING(whether to support Security Context)
772AC_ARG_ENABLE(security-context,
773	[  --enable-security-context    enable Security Context(yes/no/kernel)],
774	[if test "$enable_security_context" = "kernel"; then
775		enable_security_context=$kernel_secctx; fi],
776	[enable_security_context=$kernel_secctx])
777AC_MSG_RESULT($enable_security_context)
778
779if test "$enable_security_context" = "yes"; then
780	if test "$kernel_secctx" = "no" ; then
781		AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
782	else
783		if test "$selinux_support" = "no"; then
784			AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.])
785		else
786			AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
787			SECCTX_OBJS="security.o"
788			AC_SUBST(SECCTX_OBJS)
789			LIBS="$LIBS -lselinux"
790		fi
791	fi
792fi
793
794RACOON_PATH_LIBS([clock_gettime], [rt])
795
796AC_MSG_CHECKING(for monotonic system clock)
797AC_TRY_COMPILE(
798	[#include <time.h>],
799	[clock_gettime(CLOCK_MONOTONIC, NULL);],
800	[AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock])
801	 AC_MSG_RESULT(yes)],
802	[AC_MSG_RESULT(no)])
803
804CFLAGS="$CFLAGS $CFLAGS_ADD"
805CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
806
807case $host in
808	*linux*)
809		# Remove KERNEL_INCLUDE from CPPFLAGS. It will
810		# be symlinked to src/include-glibc/linux in
811		# compile time.
812		CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
813		;;
814esac
815
816include_racoondir=${includedir}/racoon
817AC_SUBST(include_racoondir)
818
819AC_CONFIG_FILES([
820  Makefile
821  package_version.h
822  src/Makefile
823  src/include-glibc/Makefile
824  src/libipsec/Makefile
825  src/setkey/Makefile
826  src/racoon/Makefile
827  src/racoon/samples/psk.txt
828  src/racoon/samples/racoon.conf
829  rpm/Makefile
830  rpm/suse/Makefile
831  rpm/suse/ipsec-tools.spec
832  ])
833AC_OUTPUT
834