Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / crypto / dist / ipsec-tools / configure.ac
blobdaca418e2e6724d53630f8c163a5ca373a7c260e
1 dnl -*- mode: m4 -*-
2 dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
4 AC_PREREQ(2.52)
5 AC_INIT(ipsec-tools, CVS)
6 AC_CONFIG_SRCDIR([configure.ac])
7 AM_CONFIG_HEADER(config.h)
9 AM_INIT_AUTOMAKE(dist-bzip2)
11 AC_ENABLE_SHARED(no)
13 AC_PROG_CC
14 AM_PROG_CC_STDC
15 AC_HEADER_STDC
16 AC_PROG_LIBTOOL
17 AC_PROG_YACC
18 AM_PROG_LEX
19 AC_SUBST(LEXLIB)
20 AC_PROG_EGREP
22 CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
24 case $host in
25 *netbsd*)
26         LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
27         ;;
28 *linux*)
29         LIBS="$LIBS -lresolv"
30         INSTALL_OPTS="-o bin -g bin"
31         INCLUDE_GLIBC="include-glibc"
32         RPM="rpm"
33         AC_SUBST(INSTALL_OPTS)
34         AC_SUBST(INCLUDE_GLIBC)
35         AC_SUBST(RPM)
36         ;;
37 *darwin*)
38         LIBS="$LIBS -lresolv"
39         ;;
40 esac
42 # Look up some IPsec-related headers
43 AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
44 AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
45 AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
46 AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no])
48 # FreeBSD >=7 has only <netipsec/ipsec.h>
49 # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
50 # XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>,
51 # we can't decide which one to use (actually <netinet6/ipsec.h>)
54 if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then
55     have_netinet_ipsec=yes
56     AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h])
57 else
58         if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
59         have_netinet_ipsec=yes
60             AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h])
61         else
62                 # have_netinet_ipsec will be checked a few lines below
63             AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h])
64         fi
67 case "$host_os" in
68  *linux*)
69     AC_ARG_WITH(kernel-headers,
70         AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
71                        [where your Linux Kernel headers are installed]),
72             [ KERNEL_INCLUDE="$with_kernel_headers" 
73               CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
74               AC_SUBST(CONFIGURE_AMFLAGS) ],
75             [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
77     AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
78         [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
79           KERNEL_INCLUDE=/usr/src/linux/include ,
80           [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
81     AC_SUBST(KERNEL_INCLUDE)
82     # We need the configure script to run with correct kernel headers.
83     # However we don't want to point to kernel source tree in compile time,
84     # i.e. this will be removed from CPPFLAGS at the end of configure.
85     CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
87     AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 
88         [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
89                 [Are PF_KEY policy priorities supported?])], [],
90         [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
92     GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
93     GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
94     CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
95     CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
96     AC_SUBST(GLIBC_BUGS)
97     ;;
98  *)
99     if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
100       if test "$have_net_pfkey" = yes; then
101         AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
102       else
103         AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
104       fi
105     fi
106     ;;
107 esac
109 ### Some basic toolchain checks
111 # Checks for header files.
112 AC_HEADER_STDC
113 AC_HEADER_SYS_WAIT
114 AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
115 AC_CHECK_HEADERS(shadow.h)
117 # Checks for typedefs, structures, and compiler characteristics.
118 AC_C_CONST
119 AC_TYPE_PID_T
120 AC_TYPE_SIZE_T
121 AC_HEADER_TIME
122 AC_STRUCT_TM
124 # Checks for library functions.
125 AC_FUNC_MEMCMP
126 AC_TYPE_SIGNAL
127 AC_FUNC_VPRINTF
128 AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
129 AC_REPLACE_FUNCS(strdup)
130 RACOON_CHECK_VA_COPY
132 # Check if printf accepts "%z" type modifier for size_t argument
133 AC_MSG_CHECKING(if printf accepts %z)
134 saved_CFLAGS=$CFLAGS
135 CFLAGS="$CFLAGS -Wall -Werror"
136 AC_TRY_COMPILE([
137 #include <stdio.h>
138 ], [
139 printf("%zu\n", (size_t)-1);
141         [AC_MSG_RESULT(yes)],
142         [AC_MSG_RESULT(no);
143          CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
144          AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
145         ])
146 CFLAGS=$saved_CFLAGS
148 # Can we use __func__ macro?
149 AC_MSG_CHECKING(if __func__ is available)
150 AC_TRY_COMPILE(
151 [#include <stdio.h>
152 ], [char *x = __func__;],
153         [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
154         AC_MSG_RESULT(yes)],
155         [AC_MSG_RESULT(no)])
157 # Check if readline support is requested
158 AC_MSG_CHECKING(if readline support is requested)
159 AC_ARG_WITH(readline,
160         [  --with-readline         support readline input (yes by default)],
161         [with_readline="$withval"], [with_readline="yes"])
162 AC_MSG_RESULT($with_readline)
164 # Is readline available?
165 if test $with_readline != "no"; then
166         AC_CHECK_HEADER([readline/readline.h], 
167                 [AC_CHECK_LIB(readline, readline, [
168                                 AC_DEFINE(HAVE_READLINE, [],
169                                         [Is readline available?])
170                                 LIBS="$LIBS -lreadline"
171                 ], [])], [])
175 AC_MSG_CHECKING(if --with-flex option is specified)
176 AC_ARG_WITH(flexdir,
177         [AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
178         [flexdir="$withval"])
179 AC_MSG_RESULT(${flexdir-dirdefault})
181 if test "x$flexdir" != "x"; then
182         LIBS="$LIBS $flexdir/libfl.a"
185 AC_MSG_CHECKING(if --with-flexlib option is specified)
186 AC_ARG_WITH(flexlib,
187         [  --with-flexlib=<LIB>    specify flex library.],
188         [flexlib="$withval"])
189 AC_MSG_RESULT(${flexlib-default})
191 if test "x$flexlib" != "x"; then
192         LIBS="$LIBS $flexlib"
195 # Check if a different OpenSSL directory was specified
196 AC_MSG_CHECKING(if --with-openssl option is specified)
197 AC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
198         [crypto_dir=$withval])
199 AC_MSG_RESULT(${crypto_dir-default})
201 if test "x$crypto_dir" != "x"; then
202         LIBS="$LIBS -L${crypto_dir}/lib"
203         CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
205 AC_MSG_CHECKING(openssl version)
207 AC_TRY_COMPILE(
208 [#include <openssl/opensslv.h>
210 [#if OPENSSL_VERSION_NUMBER < 0x0090602fL
211 #error OpenSSL version is too old ...
212 #endif],
213 [AC_MSG_RESULT([ok])],
214 [AC_MSG_RESULT(too old)
215 AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
218 AC_CHECK_HEADERS(openssl/engine.h)
220 # checking rijndael
221 AC_CHECK_HEADERS([openssl/aes.h], [], 
222         [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
224 # checking sha2
225 AC_MSG_CHECKING(sha2 support)
226 AC_DEFINE([WITH_SHA2], [], [SHA2 support])
227 AC_MSG_RESULT(yes)
228 AC_CHECK_HEADER(openssl/sha2.h, [], [
229         AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
230         AC_TRY_COMPILE([
231                 #ifdef HAVE_SYS_TYPES_H
232                 #include <sys/types.h>
233                 #endif
234                 #include <openssl/sha.h>
235         ], [
236                 SHA256_CTX ctx;
237         ], [
238             AC_MSG_RESULT(yes)
239             AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
240         ], [AC_MSG_RESULT(no)
241             AC_LIBOBJ([sha2])
242             CRYPTOBJS="$CRYPTOBJS sha2.o"
243         ])
245         CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing"
247 AC_SUBST(CRYPTOBJS)
249 # checking camellia
250 AC_CHECK_HEADERS([openssl/camellia.h])
253 # Option --enable-adminport 
254 AC_MSG_CHECKING(if --enable-adminport option is specified)
255 AC_ARG_ENABLE(adminport,
256         [  --enable-adminport      enable admin port],
257         [], [enable_adminport=no])
258 if test $enable_adminport = "yes"; then
259         AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
261 AC_MSG_RESULT($enable_adminport)
263 # Option RC5
264 AC_MSG_CHECKING(if --enable-rc5 option is specified)
265 AC_ARG_ENABLE(rc5,
266         [  --enable-rc5         enable RC5 encryption (patented)],
267         [], [enable_rc5=no])
268 AC_MSG_RESULT($enable_rc5)
270 if test $enable_rc5 = "yes"; then
271         AC_CHECK_HEADERS([openssl/rc5.h])
272         AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
273             [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
276 # Option IDEA
277 AC_MSG_CHECKING(if --enable-idea option is specified)
278 AC_ARG_ENABLE(idea,
279         [  --enable-idea        enable IDEA encryption (patented)],
280         [], [enable_idea=no])
281 AC_MSG_RESULT($enable_idea)
283 if test $enable_idea = "yes"; then
284         AC_CHECK_HEADERS([openssl/idea.h])
285         AC_CHECK_LIB([crypto_idea], [idea_encrypt], 
286             [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
288 AC_SUBST(EXTRA_CRYPTO)
290 # For dynamic libradius
291 RACOON_PATH_LIBS([MD5_Init], [crypto])
293 # Check if we need -lutil for login(3)
294 RACOON_PATH_LIBS([login], [util])
296 # Specify libiconv prefix
297 AC_MSG_CHECKING(if --with-libiconv option is specified)
298 AC_ARG_WITH(libiconv, 
299     [  --with-libiconv=DIR    specify libiconv path (like/usr/pkg)],
300     [libiconv_dir=$withval], 
301     [libiconv_dir=no])
302 AC_MSG_RESULT($libiconv_dir)
303 if test "$libiconv_dir" != "no"; then
304         if test "$libiconv_dir" = "yes" ; then
305                   libiconv_dir="";
306         fi;
307         if test "x$libiconv_dir" = "x"; then
308                 RACOON_PATH_LIBS([iconv_open], [iconv])
309         else
310                 if test -d "$libiconv_dir/lib" -a \
311                     -d "$libiconv_dir/include" ; then
312                         RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
313                         CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
314                 else
315                         AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
316                 fi
317         fi
318         LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
319         AC_CHECK_FUNCS(iconv_open)
322 AC_MSG_CHECKING([if --enable-hybrid option is specified])
323 AC_ARG_ENABLE(hybrid, 
324     [  --enable-hybrid    enable hybrid, both mode-cfg and xauth support],
325     [], [enable_hybrid=no])
326 AC_MSG_RESULT($enable_hybrid)
328 if test "x$enable_hybrid" = "xyes"; then
329         case $host in
330                 *darwin*)
331                 ;;
332         *)
333                 LIBS="$LIBS -lcrypt";
334                 ;;
335         esac
336         HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
337         AC_SUBST(HYBRID_OBJS)
338         AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
341 AC_MSG_CHECKING([if --enable-frag option is specified])
342 AC_ARG_ENABLE(frag, 
343     [  --enable-frag           enable IKE fragmentation payload support],
344     [], [enable_frag=no])
345 AC_MSG_RESULT($enable_frag)
347 if test "x$enable_frag" = "xyes"; then
348         case $host in
349         *darwin*)
350                 ;;
351         *)
352                 LIBS="$LIBS -lcrypt"; 
353                 ;;
354         esac
355         FRAG_OBJS="isakmp_frag.o"
356         AC_SUBST(FRAG_OBJS)
357         AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
360 AC_MSG_CHECKING(if --with-libradius option is specified)
361 AC_ARG_WITH(libradius, 
362     [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
363     [libradius_dir=$withval], 
364     [libradius_dir=no])
365 AC_MSG_RESULT($libradius_dir)
366 if test "$libradius_dir" != "no"; then
367         if test "$libradius_dir" = "yes" ; then
368                   libradius_dir="";
369         fi;
370         if test "x$libradius_dir" = "x"; then
371                 RACOON_PATH_LIBS([rad_create_request], [radius])
372         else
373                 if test -d "$libradius_dir/lib" -a \
374                     -d "$libradius_dir/include" ; then
375                         RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
376                         CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
377                 else
378                         AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
379                 fi
380         fi
381         AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
382         LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
383         AC_CHECK_FUNCS(rad_create_request)
386 AC_MSG_CHECKING(if --with-libpam option is specified)
387 AC_ARG_WITH(libpam, 
388     [  --with-libpam=DIR    specify libpam path (like/usr/pkg)],
389     [libpam_dir=$withval], 
390     [libpam_dir=no])
391 AC_MSG_RESULT($libpam_dir)
392 if test "$libpam_dir" != "no"; then
393         if test "$libpam_dir" = "yes" ; then
394                   libpam_dir="";
395         fi;
396         if test "x$libpam_dir" = "x"; then
397                 RACOON_PATH_LIBS([pam_start], [pam])
398         else
399                 if test -d "$libpam_dir/lib" -a \
400                     -d "$libpam_dir/include" ; then
401                         RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
402                         CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
403                 else
404                         AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
405                 fi
406         fi
407         AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
408         LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
409         AC_CHECK_FUNCS(pam_start)
412 AC_MSG_CHECKING(if --with-libldap option is specified)
413 AC_ARG_WITH(libldap, 
414     [  --with-libldap=DIR    specify libldap path (like/usr/pkg)],
415     [libldap_dir=$withval], 
416     [libldap_dir=no])
417 AC_MSG_RESULT($libldap_dir)
418 if test "$libldap_dir" != "no"; then
419         if test "$libldap_dir" = "yes" ; then
420                   libldap_dir="";
421         fi;
422         if test "x$libldap_dir" = "x"; then
423                 RACOON_PATH_LIBS([ldap_init], [ldap])
424         else
425                 if test -d "$libldap_dir/lib" -a \
426                     -d "$libldap_dir/include" ; then
427                         RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
428                         CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
429                 else
430                         AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
431                 fi
432         fi
433         AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
434         LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
436         saved_CFLAGS=$CFLAGS
437         CFLAGS="$CFLAGS -Wall -Werror"
438         saved_CPPFLAGS=$CPPFLAGS
439         CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
440         AC_TRY_COMPILE(
441                 [#include <ldap.h>],
442                 [
443                         #if LDAP_API_VERSION < 2004
444                         #error OpenLDAP version is too old ...
445                         #endif
446                 ],
447                 [AC_MSG_RESULT([ok])],
448                 [
449                         AC_MSG_RESULT(too old)
450                         AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
451                 ])
452         CFLAGS=$saved_CFLAGS
453         CPPFLAGS=$saved_CPPFLAGS
456 # Check for Kerberos5 support
457 # XXX This must come after all --with-* tests, else the
458 # -liconv checks will not work
459 AC_MSG_CHECKING(if --enable-gssapi option is specified)
460 AC_ARG_ENABLE(gssapi,
461         [  --enable-gssapi         enable GSS-API authentication],
462         [], [enable_gssapi=no])
463 AC_MSG_RESULT($enable_gssapi)
464 AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
465 if test "x$enable_gssapi" = "xyes"; then
466         if test "$KRB5_CONFIG" != "no"; then
467                 krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
468                 krb5_libs="`$KRB5_CONFIG --libs gssapi`"
469         else
470                 # No krb5-config; let's make some assumptions based on
471                 # the OS.
472                 case $host_os in
473                 netbsd*)
474                         krb5_incdir="-I/usr/include/krb5"
475                         krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
476                         ;;
477                 *)
478                         AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
479                         ;;
480                 esac
481         fi
482         LIBS="$LIBS $krb5_libs"
483         CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
484         AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
486         # Check if iconv 2nd argument needs const 
487         saved_CFLAGS=$CFLAGS
488         CFLAGS="$CFLAGS -Wall -Werror"
489         saved_CPPFLAGS=$CPPFLAGS
490         CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
491         AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
492         AC_MSG_CHECKING([if iconv second argument needs const])
493         AC_TRY_COMPILE([
494                 #include <iconv.h>
495                 #include <stdio.h>
496         ], [
497                 iconv_t cd = NULL;
498                 const char **src = NULL;
499                 size_t *srcleft = NULL;
500                 char **dst = NULL;
501                 size_t *dstleft = NULL;
503                 (void)iconv(cd, src, srcleft, dst, dstleft);
504         ], [AC_MSG_RESULT(yes)
505             AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
506         ], [AC_MSG_RESULT(no)])
507         CFLAGS=$saved_CFLAGS
508         CPPFLAGS=$saved_CPPFLAGS
510         # libiconv is often integrated into libc. If a with-* option
511         # caused a non libc-based iconv.h to be catched instead of
512         # the libc-based iconv.h, then we need to link with -liconv
513         AC_MSG_CHECKING(if -liconv is required)
514         saved_CPPFLAGS=$CPPFLAGS
515         saved_LIBS=$LIBS
516         CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
517         AC_TRY_LINK([
518                 #include <iconv.h>
519         ], [
520                 (void)iconv_open("ascii", "ascii");
521         ],
522                 [AC_MSG_RESULT(no)],
523                 [
524                         LIBS="$LIBS -liconv"
525                         AC_TRY_LINK([
526                                 #include <iconv.h>
527                 ], [
528                                 (void)iconv_open("ascii", "ascii");
529                         ],
530                         [
531                                 AC_MSG_RESULT(yes)
532                                 saved_LIBS=$LIBS
533                         ], [
534                                 AC_MSG_ERROR([cannot use iconv])
535                         ])
536                 ])
537         CPPFLAGS=$saved_CPPFLAGS
538         LIBS=$saved_LIBS
541 AC_MSG_CHECKING(if --enable-stats option is specified)
542 AC_ARG_ENABLE(stats,
543         [  --enable-stats          enable statistics logging function],
544         [], [enable_stats=no])
545 if test "x$enable_stats" = "xyes"; then
546         AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
548 AC_MSG_RESULT($enable_stats)
550 AC_MSG_CHECKING(if --enable-dpd option is specified)
551 AC_ARG_ENABLE(dpd,
552         [  --enable-dpd            enable dead peer detection],
553         [], [enable_dpd=no])
554 if test "x$enable_dpd" = "xyes"; then
555         AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
557 AC_MSG_RESULT($enable_dpd)
559 AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
560 AC_ARG_ENABLE(samode-unspec,
561         [  --enable-samode-unspec  enable to use unspecified a mode of SA],
562         [], [enable_samode_unspec=no])
563 if test "x$enable_samode_unspec" = "xyes"; then
564         case $host_os in
565         *linux*)
566                 cat << EOC
567                 
568 ERROR: --enable-samode-unspec is not supported under linux 
569 because linux kernel do not support it. This option is disabled 
570 to prevent mysterious problems.
572 If you REALLY know what your are doing, remove this check.
574                 exit 1;
575                 ;;
576         esac
577         AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
579 AC_MSG_RESULT($enable_samode_unspec)
581 # Checks if IPv6 is requested
582 AC_MSG_CHECKING([whether to enable ipv6])
583 AC_ARG_ENABLE(ipv6,
584 [  --disable-ipv6          disable ipv6 support],
585 [ case "$enableval" in
586   no)
587        AC_MSG_RESULT(no)
588        ipv6=no
589        ;;
590   *)   AC_MSG_RESULT(yes)
591        ipv6=yes
592        ;;
593   esac ],
595   AC_TRY_RUN([ /* AF_INET6 avalable check */
596 #include <sys/types.h>
597 #include <sys/socket.h>
598 main()
600   exit(0);
601  if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
602    exit(1);
603  else
604    exit(0);
607   AC_MSG_RESULT(yes)
608   AC_DEFINE([INET6], [], [Support IPv6])
609   ipv6=yes,
610   AC_MSG_RESULT(no)
611   ipv6=no,
612   AC_MSG_RESULT(no)
613   ipv6=no
616 if test "$ipv6" = "yes"; then
617         AC_DEFINE([INET6], [], [Support IPv6])
618         AC_MSG_CHECKING(for advanced API support)
619         AC_TRY_COMPILE([#ifndef INET6
620 #define INET6
621 #endif
622 #include <sys/types.h>
623 #include <netinet/in.h>],
624                 [struct in6_pktinfo a;],
625                 [AC_MSG_RESULT(yes)
626                  AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
627                 [AC_MSG_RESULT(no)])
630 RACOON_CHECK_BUGGY_GETADDRINFO
631 if test "$buggygetaddrinfo" = "yes"; then
632         AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
635 # Check if kernel support is available for NAT-T, defaults to no. 
636 kernel_natt="no"
638 AC_MSG_CHECKING(kernel NAT-Traversal support)
639 case $host_os in
640 linux*)
641 # Linux kernel NAT-T check
642 AC_EGREP_CPP(yes, 
643 [#include <linux/pfkeyv2.h>
644 #ifdef SADB_X_EXT_NAT_T_TYPE
646 #endif
647 ], [kernel_natt="yes"])
648         ;;
649 freebsd*|netbsd*)
650 # NetBSD case
651 # Same check for FreeBSD
652 AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
653        [kernel_natt="yes"],, [
654 #define _KERNEL
655 #include <sys/types.h>
656 #include <net/pfkeyv2.h>
658         ;;
659 esac
660 AC_MSG_RESULT($kernel_natt)
662 AC_MSG_CHECKING(whether to support NAT-T)
663 AC_ARG_ENABLE(natt,
664         [  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
665         [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
666         [ enable_natt=no ])
667 AC_MSG_RESULT($enable_natt)
669 if test "$enable_natt" = "yes"; then
670         if test "$kernel_natt" = "no" ; then 
671                 AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
672         else
673                 AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
674                 NATT_OBJS="nattraversal.o"
675                 AC_SUBST(NATT_OBJS)
676         fi
679 # Set up defines for supported NAT-T versions.
680 natt_versions_default="00,02,rfc"
681 AC_MSG_CHECKING(which NAT-T versions to support)
682 AC_ARG_ENABLE(natt_versions,
683         [  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
684         [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
685         [ enable_natt_versions=$natt_versions_default ])
686 if test "$enable_natt" = "yes"; then
687         AC_MSG_RESULT($enable_natt_versions)
688         for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
689                 case $i in 
690                         0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
691                         1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
692                         2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
693                         3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
694                         4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
695                         5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
696                         6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
697                         7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
698                         8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
699                         RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
700                         *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
701                 esac
702         done
703         unset i
704 else
705         AC_MSG_RESULT([none])
708 AC_MSG_CHECKING(if --enable-broken-natt option is specified)
709 AC_ARG_ENABLE(broken-natt,
710         [  --enable-broken-natt    broken in-kernel NAT-T],
711         [], [enable_broken_natt=no])
712 if test "x$enable_broken_natt" = "xyes"; then
713         AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
715 AC_MSG_RESULT($enable_broken_natt)
717 AC_MSG_CHECKING(whether we support FWD policy)
718 case $host in
719         *linux*)
720                 AC_TRY_COMPILE([
721                 #include <inttypes.h>
722                 #include <linux/ipsec.h>
723                         ], [
724                         int fwd = IPSEC_DIR_FWD;
725                         ],
726                         [AC_MSG_RESULT(yes)
727                          AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
728                         [AC_MSG_RESULT(no)])
729                 ;;
730         *)
731                 AC_MSG_RESULT(no)
732                 ;;
733 esac
735 AC_CHECK_TYPE([ipsec_policy_t], 
736               [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
737               [],
738               [
739                 #include <sys/types.h>
740                 #include <netinet6/ipsec.h>
741               ])
743 # Check if kernel support is available for Security Context, defaults to no.
744 kernel_secctx="no"
746 AC_MSG_CHECKING(kernel Security Context support)
747 case $host_os in
748 linux*)
749 # Linux kernel Security Context check
750 AC_EGREP_CPP(yes,
751 [#include <linux/pfkeyv2.h>
752 #ifdef SADB_X_EXT_SEC_CTX
754 #endif
755 ], [kernel_secctx="yes"])
756         ;;
757 esac
758 AC_MSG_RESULT($kernel_secctx)
760 AC_CHECK_HEADER(selinux/selinux.h,
761         [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes], 
762         [selinux_support=no])], [selinux_support=no])
764 AC_MSG_CHECKING(whether to support Security Context)
765 AC_ARG_ENABLE(security-context,
766         [  --enable-security-context    enable Security Context(yes/no/kernel)],
767         [if test "$enable_security_context" = "kernel"; then
768                 enable_security_context=$kernel_secctx; fi],
769         [enable_security_context=$kernel_secctx])
770 AC_MSG_RESULT($enable_security_context)
772 if test "$enable_security_context" = "yes"; then
773         if test "$kernel_secctx" = "no" ; then
774                 AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
775         else
776                 if test "$selinux_support" = "no"; then
777                         AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.])
778                 else
779                         AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
780                         SECCTX_OBJS="security.o"
781                         AC_SUBST(SECCTX_OBJS)
782                         LIBS="$LIBS -lselinux"
783                 fi
784         fi
787 RACOON_PATH_LIBS([clock_gettime], [rt])
789 AC_MSG_CHECKING(for monotonic system clock)
790 AC_TRY_COMPILE(
791         [#include <time.h>],
792         [clock_gettime(CLOCK_MONOTONIC, NULL);],
793         [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock])
794          AC_MSG_RESULT(yes)],
795         [AC_MSG_RESULT(no)])
797 CFLAGS="$CFLAGS $CFLAGS_ADD"
798 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
800 case $host in
801         *linux*)
802                 # Remove KERNEL_INCLUDE from CPPFLAGS. It will
803                 # be symlinked to src/include-glibc/linux in
804                 # compile time.
805                 CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
806                 ;;
807 esac
809 include_racoondir=${includedir}/racoon
810 AC_SUBST(include_racoondir)
812 AC_CONFIG_FILES([
813   Makefile
814   package_version.h
815   src/Makefile
816   src/include-glibc/Makefile
817   src/libipsec/Makefile
818   src/setkey/Makefile
819   src/racoon/Makefile
820   src/racoon/samples/psk.txt
821   src/racoon/samples/racoon.conf
822   rpm/Makefile
823   rpm/suse/Makefile
824   rpm/suse/ipsec-tools.spec
825   ])
826 AC_OUTPUT