xref: /netbsd/crypto/dist/ipsec-tools/configure.ac (revision 6550d01e) 
1dnl -*- mode: m4 -*-
2dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
3
4AC_PREREQ(2.52)
5AC_INIT(ipsec-tools, CVS)
6AC_CONFIG_SRCDIR([configure.ac])
7AM_CONFIG_HEADER(config.h)
8
9AM_INIT_AUTOMAKE(dist-bzip2)
10
11AC_ENABLE_SHARED(no)
12
13AC_PROG_CC
14AM_PROG_CC_STDC
15AC_HEADER_STDC
16AC_PROG_LIBTOOL
17AC_PROG_YACC
18AM_PROG_LEX
19AC_SUBST(LEXLIB)
20AC_PROG_EGREP
21
22CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
23
24case $host in
25*netbsd*)
26	LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
27	;;
28*linux*)
29	LIBS="$LIBS -lresolv"
30	INSTALL_OPTS="-o bin -g bin"
31	INCLUDE_GLIBC="include-glibc"
32	RPM="rpm"
33	AC_SUBST(INSTALL_OPTS)
34	AC_SUBST(INCLUDE_GLIBC)
35	AC_SUBST(RPM)
36	;;
37*darwin*)
38	LIBS="$LIBS -lresolv"
39	;;
40esac
41
42# Look up some IPsec-related headers
43AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
44AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
45AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
46AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no])
47
48# FreeBSD >=7 has only <netipsec/ipsec.h>
49# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
50# XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>,
51# we can't decide which one to use (actually <netinet6/ipsec.h>)
52
53
54if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then
55    have_netinet_ipsec=yes
56    AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h])
57else
58	if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
59    	have_netinet_ipsec=yes
60	    AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h])
61	else
62		# have_netinet_ipsec will be checked a few lines below
63	    AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h])
64	fi
65fi
66
67case "$host_os" in
68 *linux*)
69    AC_ARG_WITH(kernel-headers,
70	AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
71		       [where your Linux Kernel headers are installed]),
72	    [ KERNEL_INCLUDE="$with_kernel_headers"
73	      CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
74	      AC_SUBST(CONFIGURE_AMFLAGS) ],
75	    [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
76
77    AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
78	[ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
79	  KERNEL_INCLUDE=/usr/src/linux/include ,
80	  [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
81    AC_SUBST(KERNEL_INCLUDE)
82    # We need the configure script to run with correct kernel headers.
83    # However we don't want to point to kernel source tree in compile time,
84    # i.e. this will be removed from CPPFLAGS at the end of configure.
85    CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
86
87    AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority,
88    	[AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
89               	[Are PF_KEY policy priorities supported?])], [],
90    	[#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
91
92    GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
93    GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
94    CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
95    CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
96    AC_SUBST(GLIBC_BUGS)
97    ;;
98 *)
99    if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
100      if test "$have_net_pfkey" = yes; then
101	AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
102      else
103	AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
104      fi
105    fi
106    ;;
107esac
108
109### Some basic toolchain checks
110
111# Checks for header files.
112AC_HEADER_STDC
113AC_HEADER_SYS_WAIT
114AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
115AC_CHECK_HEADERS(shadow.h)
116
117# Checks for typedefs, structures, and compiler characteristics.
118AC_C_CONST
119AC_TYPE_PID_T
120AC_TYPE_SIZE_T
121AC_HEADER_TIME
122AC_STRUCT_TM
123
124# Checks for library functions.
125AC_FUNC_MEMCMP
126AC_TYPE_SIGNAL
127AC_FUNC_VPRINTF
128AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
129AC_REPLACE_FUNCS(strdup)
130RACOON_CHECK_VA_COPY
131
132# Check if printf accepts "%z" type modifier for size_t argument
133AC_MSG_CHECKING(if printf accepts %z)
134saved_CFLAGS=$CFLAGS
135CFLAGS="$CFLAGS -Wall -Werror"
136AC_TRY_COMPILE([
137#include <stdio.h>
138], [
139printf("%zu\n", (size_t)-1);
140],
141	[AC_MSG_RESULT(yes)],
142	[AC_MSG_RESULT(no);
143	 CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
144	 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
145	])
146CFLAGS=$saved_CFLAGS
147
148# Can we use __func__ macro?
149AC_MSG_CHECKING(if __func__ is available)
150AC_TRY_COMPILE(
151[#include <stdio.h>
152], [char *x = __func__;],
153	[AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
154	AC_MSG_RESULT(yes)],
155	[AC_MSG_RESULT(no)])
156
157# Check if readline support is requested
158AC_MSG_CHECKING(if readline support is requested)
159AC_ARG_WITH(readline,
160	[  --with-readline         support readline input (yes by default)],
161	[with_readline="$withval"], [with_readline="yes"])
162AC_MSG_RESULT($with_readline)
163
164# Is readline available?
165if test $with_readline != "no"; then
166	AC_CHECK_HEADER([readline/readline.h],
167		[AC_CHECK_LIB(readline, readline, [
168				AC_DEFINE(HAVE_READLINE, [],
169					[Is readline available?])
170				LIBS="$LIBS -lreadline"
171		], [])], [])
172fi
173
174
175AC_MSG_CHECKING(if --with-flex option is specified)
176AC_ARG_WITH(flexdir,
177	[AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
178	[flexdir="$withval"])
179AC_MSG_RESULT(${flexdir-dirdefault})
180
181if test "x$flexdir" != "x"; then
182	LIBS="$LIBS $flexdir/libfl.a"
183fi
184
185AC_MSG_CHECKING(if --with-flexlib option is specified)
186AC_ARG_WITH(flexlib,
187	[  --with-flexlib=<LIB>    specify flex library.],
188	[flexlib="$withval"])
189AC_MSG_RESULT(${flexlib-default})
190
191if test "x$flexlib" != "x"; then
192	LIBS="$LIBS $flexlib"
193fi
194
195# Check if a different OpenSSL directory was specified
196AC_MSG_CHECKING(if --with-openssl option is specified)
197AC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
198	[crypto_dir=$withval])
199AC_MSG_RESULT(${crypto_dir-default})
200
201if test "x$crypto_dir" != "x"; then
202	LIBS="$LIBS -L${crypto_dir}/lib"
203	CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
204fi
205AC_MSG_CHECKING(openssl version)
206
207AC_TRY_COMPILE(
208[#include <openssl/opensslv.h>
209],
210[#if OPENSSL_VERSION_NUMBER < 0x0090602fL
211#error OpenSSL version is too old ...
212#endif],
213[AC_MSG_RESULT([ok])],
214[AC_MSG_RESULT(too old)
215AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
216])
217
218AC_CHECK_HEADERS(openssl/engine.h)
219
220# checking rijndael
221AC_CHECK_HEADERS([openssl/aes.h], [],
222	[CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
223
224# checking sha2
225AC_MSG_CHECKING(sha2 support)
226AC_DEFINE([WITH_SHA2], [], [SHA2 support])
227AC_MSG_RESULT(yes)
228AC_CHECK_HEADER(openssl/sha2.h, [], [
229	AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
230	AC_TRY_COMPILE([
231		#ifdef HAVE_SYS_TYPES_H
232		#include <sys/types.h>
233		#endif
234		#include <openssl/sha.h>
235	], [
236		SHA256_CTX ctx;
237	], [
238	    AC_MSG_RESULT(yes)
239	    AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
240	], [AC_MSG_RESULT(no)
241	    AC_LIBOBJ([sha2])
242	    CRYPTOBJS="$CRYPTOBJS sha2.o"
243	])
244
245	CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing"
246])
247AC_SUBST(CRYPTOBJS)
248
249# checking camellia
250AC_CHECK_HEADERS([openssl/camellia.h])
251
252
253# Option --enable-adminport
254AC_MSG_CHECKING(if --enable-adminport option is specified)
255AC_ARG_ENABLE(adminport,
256	[  --enable-adminport      enable admin port],
257	[], [enable_adminport=no])
258if test $enable_adminport = "yes"; then
259	AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
260fi
261AC_MSG_RESULT($enable_adminport)
262
263# Option RC5
264AC_MSG_CHECKING(if --enable-rc5 option is specified)
265AC_ARG_ENABLE(rc5,
266	[  --enable-rc5		enable RC5 encryption (patented)],
267	[], [enable_rc5=no])
268AC_MSG_RESULT($enable_rc5)
269
270if test $enable_rc5 = "yes"; then
271	AC_CHECK_HEADERS([openssl/rc5.h])
272	AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
273	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
274fi
275
276# Option IDEA
277AC_MSG_CHECKING(if --enable-idea option is specified)
278AC_ARG_ENABLE(idea,
279	[  --enable-idea	enable IDEA encryption (patented)],
280	[], [enable_idea=no])
281AC_MSG_RESULT($enable_idea)
282
283if test $enable_idea = "yes"; then
284	AC_CHECK_HEADERS([openssl/idea.h])
285	AC_CHECK_LIB([crypto_idea], [idea_encrypt],
286	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
287fi
288AC_SUBST(EXTRA_CRYPTO)
289
290# For dynamic libradius
291RACOON_PATH_LIBS([MD5_Init], [crypto])
292
293# Check if we need -lutil for login(3)
294RACOON_PATH_LIBS([login], [util])
295
296# Specify libiconv prefix
297AC_MSG_CHECKING(if --with-libiconv option is specified)
298AC_ARG_WITH(libiconv,
299    [  --with-libiconv=DIR    specify libiconv path (like/usr/pkg)],
300    [libiconv_dir=$withval],
301    [libiconv_dir=no])
302AC_MSG_RESULT($libiconv_dir)
303if test "$libiconv_dir" != "no"; then
304	if test "$libiconv_dir" = "yes" ; then
305		  libiconv_dir="";
306	fi;
307	if test "x$libiconv_dir" = "x"; then
308		RACOON_PATH_LIBS([iconv_open], [iconv])
309	else
310		if test -d "$libiconv_dir/lib" -a \
311		    -d "$libiconv_dir/include" ; then
312			RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
313			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
314		else
315			AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
316	  	fi
317	fi
318	LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
319	AC_CHECK_FUNCS(iconv_open)
320fi
321
322AC_MSG_CHECKING([if --enable-hybrid option is specified])
323AC_ARG_ENABLE(hybrid,
324    [  --enable-hybrid	  enable hybrid, both mode-cfg and xauth support],
325    [], [enable_hybrid=no])
326AC_MSG_RESULT($enable_hybrid)
327
328if test "x$enable_hybrid" = "xyes"; then
329	case $host in
330		*darwin*)
331		;;
332	*)
333		LIBS="$LIBS -lcrypt";
334		;;
335	esac
336	HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
337	AC_SUBST(HYBRID_OBJS)
338	AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
339fi
340
341AC_MSG_CHECKING([if --enable-frag option is specified])
342AC_ARG_ENABLE(frag,
343    [  --enable-frag           enable IKE fragmentation payload support],
344    [], [enable_frag=no])
345AC_MSG_RESULT($enable_frag)
346
347if test "x$enable_frag" = "xyes"; then
348	case $host in
349	*darwin*)
350		;;
351	*)
352		LIBS="$LIBS -lcrypt";
353		;;
354	esac
355	FRAG_OBJS="isakmp_frag.o"
356	AC_SUBST(FRAG_OBJS)
357	AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
358fi
359
360AC_MSG_CHECKING(if --with-libradius option is specified)
361AC_ARG_WITH(libradius,
362    [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
363    [libradius_dir=$withval],
364    [libradius_dir=no])
365AC_MSG_RESULT($libradius_dir)
366if test "$libradius_dir" != "no"; then
367	if test "$libradius_dir" = "yes" ; then
368		  libradius_dir="";
369	fi;
370	if test "x$libradius_dir" = "x"; then
371		RACOON_PATH_LIBS([rad_create_request], [radius])
372	else
373		if test -d "$libradius_dir/lib" -a \
374		    -d "$libradius_dir/include" ; then
375			RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
376			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
377		else
378			AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
379	  	fi
380	fi
381	AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
382	LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
383	AC_CHECK_FUNCS(rad_create_request)
384fi
385
386AC_MSG_CHECKING(if --with-libpam option is specified)
387AC_ARG_WITH(libpam,
388    [  --with-libpam=DIR    specify libpam path (like/usr/pkg)],
389    [libpam_dir=$withval],
390    [libpam_dir=no])
391AC_MSG_RESULT($libpam_dir)
392if test "$libpam_dir" != "no"; then
393	if test "$libpam_dir" = "yes" ; then
394		  libpam_dir="";
395	fi;
396	if test "x$libpam_dir" = "x"; then
397		RACOON_PATH_LIBS([pam_start], [pam])
398	else
399		if test -d "$libpam_dir/lib" -a \
400		    -d "$libpam_dir/include" ; then
401			RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
402			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
403		else
404			AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
405	  	fi
406	fi
407	AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
408	LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
409	AC_CHECK_FUNCS(pam_start)
410fi
411
412AC_MSG_CHECKING(if --with-libldap option is specified)
413AC_ARG_WITH(libldap,
414    [  --with-libldap=DIR    specify libldap path (like/usr/pkg)],
415    [libldap_dir=$withval],
416    [libldap_dir=no])
417AC_MSG_RESULT($libldap_dir)
418if test "$libldap_dir" != "no"; then
419	if test "$libldap_dir" = "yes" ; then
420		  libldap_dir="";
421	fi;
422	if test "x$libldap_dir" = "x"; then
423		RACOON_PATH_LIBS([ldap_init], [ldap])
424	else
425		if test -d "$libldap_dir/lib" -a \
426		    -d "$libldap_dir/include" ; then
427			RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
428			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
429		else
430			AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
431	  	fi
432	fi
433	AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
434	LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
435
436	saved_CFLAGS=$CFLAGS
437	CFLAGS="$CFLAGS -Wall -Werror"
438	saved_CPPFLAGS=$CPPFLAGS
439        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
440	AC_TRY_COMPILE(
441		[#include <ldap.h>],
442		[
443			#if LDAP_API_VERSION < 2004
444			#error OpenLDAP version is too old ...
445			#endif
446		],
447		[AC_MSG_RESULT([ok])],
448		[
449			AC_MSG_RESULT(too old)
450			AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
451		])
452	CFLAGS=$saved_CFLAGS
453	CPPFLAGS=$saved_CPPFLAGS
454fi
455
456# Check for Kerberos5 support
457# XXX This must come after all --with-* tests, else the
458# -liconv checks will not work
459AC_MSG_CHECKING(if --enable-gssapi option is specified)
460AC_ARG_ENABLE(gssapi,
461	[  --enable-gssapi         enable GSS-API authentication],
462	[], [enable_gssapi=no])
463AC_MSG_RESULT($enable_gssapi)
464AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
465if test "x$enable_gssapi" = "xyes"; then
466	if test "$KRB5_CONFIG" != "no"; then
467		krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
468		krb5_libs="`$KRB5_CONFIG --libs gssapi`"
469	else
470		# No krb5-config; let's make some assumptions based on
471		# the OS.
472		case $host_os in
473		netbsd*)
474			krb5_incdir="-I/usr/include/krb5"
475			krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
476			;;
477		*)
478			AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
479			;;
480		esac
481	fi
482	LIBS="$LIBS $krb5_libs"
483	CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
484	AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
485
486	# Check if iconv 2nd argument needs const
487	saved_CFLAGS=$CFLAGS
488	CFLAGS="$CFLAGS -Wall -Werror"
489	saved_CPPFLAGS=$CPPFLAGS
490        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
491	AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
492	AC_MSG_CHECKING([if iconv second argument needs const])
493	AC_TRY_COMPILE([
494		#include <iconv.h>
495		#include <stdio.h>
496	], [
497		iconv_t cd = NULL;
498		const char **src = NULL;
499		size_t *srcleft = NULL;
500		char **dst = NULL;
501		size_t *dstleft = NULL;
502
503		(void)iconv(cd, src, srcleft, dst, dstleft);
504	], [AC_MSG_RESULT(yes)
505	    AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
506	], [AC_MSG_RESULT(no)])
507	CFLAGS=$saved_CFLAGS
508	CPPFLAGS=$saved_CPPFLAGS
509
510	# libiconv is often integrated into libc. If a with-* option
511	# caused a non libc-based iconv.h to be catched instead of
512	# the libc-based iconv.h, then we need to link with -liconv
513	AC_MSG_CHECKING(if -liconv is required)
514	saved_CPPFLAGS=$CPPFLAGS
515	saved_LIBS=$LIBS
516	CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
517	AC_TRY_LINK([
518		#include <iconv.h>
519	], [
520		(void)iconv_open("ascii", "ascii");
521	],
522		[AC_MSG_RESULT(no)],
523		[
524			LIBS="$LIBS -liconv"
525			AC_TRY_LINK([
526				#include <iconv.h>
527		], [
528				(void)iconv_open("ascii", "ascii");
529			],
530			[
531				AC_MSG_RESULT(yes)
532				saved_LIBS=$LIBS
533			], [
534				AC_MSG_ERROR([cannot use iconv])
535			])
536		])
537	CPPFLAGS=$saved_CPPFLAGS
538	LIBS=$saved_LIBS
539fi
540
541AC_MSG_CHECKING(if --enable-stats option is specified)
542AC_ARG_ENABLE(stats,
543        [  --enable-stats          enable statistics logging function],
544        [], [enable_stats=no])
545if test "x$enable_stats" = "xyes"; then
546	AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
547fi
548AC_MSG_RESULT($enable_stats)
549
550AC_MSG_CHECKING(if --enable-dpd option is specified)
551AC_ARG_ENABLE(dpd,
552        [  --enable-dpd            enable dead peer detection],
553        [], [enable_dpd=no])
554if test "x$enable_dpd" = "xyes"; then
555	AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
556fi
557AC_MSG_RESULT($enable_dpd)
558
559AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
560AC_ARG_ENABLE(samode-unspec,
561        [  --enable-samode-unspec  enable to use unspecified a mode of SA],
562        [], [enable_samode_unspec=no])
563if test "x$enable_samode_unspec" = "xyes"; then
564	case $host_os in
565	*linux*)
566		cat << EOC
567
568ERROR: --enable-samode-unspec is not supported under linux
569because linux kernel do not support it. This option is disabled
570to prevent mysterious problems.
571
572If you REALLY know what your are doing, remove this check.
573EOC
574		exit 1;
575		;;
576	esac
577	AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
578fi
579AC_MSG_RESULT($enable_samode_unspec)
580
581# Checks if IPv6 is requested
582AC_MSG_CHECKING([whether to enable ipv6])
583AC_ARG_ENABLE(ipv6,
584[  --disable-ipv6          disable ipv6 support],
585[ case "$enableval" in
586  no)
587       AC_MSG_RESULT(no)
588       ipv6=no
589       ;;
590  *)   AC_MSG_RESULT(yes)
591       ipv6=yes
592       ;;
593  esac ],
594
595  AC_TRY_RUN([ /* AF_INET6 avalable check */
596#include <sys/types.h>
597#include <sys/socket.h>
598main()
599{
600  exit(0);
601 if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
602   exit(1);
603 else
604   exit(0);
605}
606],
607  AC_MSG_RESULT(yes)
608  AC_DEFINE([INET6], [], [Support IPv6])
609  ipv6=yes,
610  AC_MSG_RESULT(no)
611  ipv6=no,
612  AC_MSG_RESULT(no)
613  ipv6=no
614))
615
616if test "$ipv6" = "yes"; then
617	AC_DEFINE([INET6], [], [Support IPv6])
618	AC_MSG_CHECKING(for advanced API support)
619	AC_TRY_COMPILE([#ifndef INET6
620#define INET6
621#endif
622#include <sys/types.h>
623#include <netinet/in.h>],
624		[struct in6_pktinfo a;],
625		[AC_MSG_RESULT(yes)
626		 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
627		[AC_MSG_RESULT(no)])
628fi
629
630RACOON_CHECK_BUGGY_GETADDRINFO
631if test "$buggygetaddrinfo" = "yes"; then
632	AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
633fi
634
635# Check if kernel support is available for NAT-T, defaults to no.
636kernel_natt="no"
637
638AC_MSG_CHECKING(kernel NAT-Traversal support)
639case $host_os in
640linux*)
641# Linux kernel NAT-T check
642AC_EGREP_CPP(yes,
643[#include <linux/pfkeyv2.h>
644#ifdef SADB_X_EXT_NAT_T_TYPE
645yes
646#endif
647], [kernel_natt="yes"])
648	;;
649freebsd*|netbsd*)
650# NetBSD case
651# Same check for FreeBSD
652AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
653       [kernel_natt="yes"],, [
654#define _KERNEL
655#include <sys/types.h>
656#include <net/pfkeyv2.h>
657])
658	;;
659esac
660AC_MSG_RESULT($kernel_natt)
661
662AC_MSG_CHECKING(whether to support NAT-T)
663AC_ARG_ENABLE(natt,
664	[  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
665        [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
666	[ enable_natt=no ])
667AC_MSG_RESULT($enable_natt)
668
669if test "$enable_natt" = "yes"; then
670	if test "$kernel_natt" = "no" ; then
671		AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
672	else
673		AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
674		NATT_OBJS="nattraversal.o"
675		AC_SUBST(NATT_OBJS)
676	fi
677fi
678
679# Set up defines for supported NAT-T versions.
680natt_versions_default="00,02,rfc"
681AC_MSG_CHECKING(which NAT-T versions to support)
682AC_ARG_ENABLE(natt_versions,
683	[  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
684	[ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
685	[ enable_natt_versions=$natt_versions_default ])
686if test "$enable_natt" = "yes"; then
687	AC_MSG_RESULT($enable_natt_versions)
688	for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
689		case $i in
690			0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
691			1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
692			2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
693			3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
694			4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
695			5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
696			6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
697			7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
698			8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
699			RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
700			*) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
701		esac
702	done
703	unset i
704else
705	AC_MSG_RESULT([none])
706fi
707
708AC_MSG_CHECKING(if --enable-broken-natt option is specified)
709AC_ARG_ENABLE(broken-natt,
710	[  --enable-broken-natt    broken in-kernel NAT-T],
711        [], [enable_broken_natt=no])
712if test "x$enable_broken_natt" = "xyes"; then
713	AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
714fi
715AC_MSG_RESULT($enable_broken_natt)
716
717AC_MSG_CHECKING(whether we support FWD policy)
718case $host in
719	*linux*)
720		AC_TRY_COMPILE([
721		#include <inttypes.h>
722		#include <linux/ipsec.h>
723			], [
724			int fwd = IPSEC_DIR_FWD;
725			],
726			[AC_MSG_RESULT(yes)
727			 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
728			[AC_MSG_RESULT(no)])
729		;;
730	*)
731		AC_MSG_RESULT(no)
732		;;
733esac
734
735AC_CHECK_TYPE([ipsec_policy_t],
736	      [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
737	      [],
738	      [
739		#include <sys/types.h>
740	      	#include <netinet6/ipsec.h>
741	      ])
742
743# Check if kernel support is available for Security Context, defaults to no.
744kernel_secctx="no"
745
746AC_MSG_CHECKING(kernel Security Context support)
747case $host_os in
748linux*)
749# Linux kernel Security Context check
750AC_EGREP_CPP(yes,
751[#include <linux/pfkeyv2.h>
752#ifdef SADB_X_EXT_SEC_CTX
753yes
754#endif
755], [kernel_secctx="yes"])
756	;;
757esac
758AC_MSG_RESULT($kernel_secctx)
759
760AC_CHECK_HEADER(selinux/selinux.h,
761	[AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes],
762	[selinux_support=no])], [selinux_support=no])
763
764AC_MSG_CHECKING(whether to support Security Context)
765AC_ARG_ENABLE(security-context,
766	[  --enable-security-context    enable Security Context(yes/no/kernel)],
767	[if test "$enable_security_context" = "kernel"; then
768		enable_security_context=$kernel_secctx; fi],
769	[enable_security_context=$kernel_secctx])
770AC_MSG_RESULT($enable_security_context)
771
772if test "$enable_security_context" = "yes"; then
773	if test "$kernel_secctx" = "no" ; then
774		AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
775	else
776		if test "$selinux_support" = "no"; then
777			AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.])
778		else
779			AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
780			SECCTX_OBJS="security.o"
781			AC_SUBST(SECCTX_OBJS)
782			LIBS="$LIBS -lselinux"
783		fi
784	fi
785fi
786
787RACOON_PATH_LIBS([clock_gettime], [rt])
788
789AC_MSG_CHECKING(for monotonic system clock)
790AC_TRY_COMPILE(
791	[#include <time.h>],
792	[clock_gettime(CLOCK_MONOTONIC, NULL);],
793	[AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock])
794	 AC_MSG_RESULT(yes)],
795	[AC_MSG_RESULT(no)])
796
797CFLAGS="$CFLAGS $CFLAGS_ADD"
798CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
799
800case $host in
801	*linux*)
802		# Remove KERNEL_INCLUDE from CPPFLAGS. It will
803		# be symlinked to src/include-glibc/linux in
804		# compile time.
805		CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
806		;;
807esac
808
809include_racoondir=${includedir}/racoon
810AC_SUBST(include_racoondir)
811
812AC_CONFIG_FILES([
813  Makefile
814  package_version.h
815  src/Makefile
816  src/include-glibc/Makefile
817  src/libipsec/Makefile
818  src/setkey/Makefile
819  src/racoon/Makefile
820  src/racoon/samples/psk.txt
821  src/racoon/samples/racoon.conf
822  rpm/Makefile
823  rpm/suse/Makefile
824  rpm/suse/ipsec-tools.spec
825  ])
826AC_OUTPUT
827