Home | History | Annotate | Line # | Download | only in ipsec-tools
configure.ac revision 1.4 
      1 dnl -*- mode: m4 -*-
      2 dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
      3 
      4 AC_PREREQ(2.52)
      5 AC_INIT(ipsec-tools, CVS)
      6 AC_CONFIG_SRCDIR([configure.ac])
      7 AM_CONFIG_HEADER(config.h)
      8 
      9 AM_INIT_AUTOMAKE(dist-bzip2)
     10 
     11 AC_ENABLE_SHARED(no)
     12 
     13 AC_PROG_CC
     14 AM_PROG_CC_STDC
     15 AC_HEADER_STDC
     16 AC_PROG_LIBTOOL
     17 AC_PROG_YACC
     18 AM_PROG_LEX
     19 AC_SUBST(LEXLIB)
     20 AC_PROG_EGREP
     21 
     22 CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
     23 
     24 case $host in
     25 *netbsd*)
     26 	LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
     27 	;;
     28 *linux*)
     29 	LIBS="$LIBS -lresolv"
     30 	INSTALL_OPTS="-o bin -g bin"
     31 	INCLUDE_GLIBC="include-glibc"
     32 	RPM="rpm"
     33 	AC_SUBST(INSTALL_OPTS)
     34 	AC_SUBST(INCLUDE_GLIBC)
     35 	AC_SUBST(RPM)
     36 	;;
     37 *darwin*)
     38 	LIBS="$LIBS -lresolv"
     39 	;;
     40 esac
     41 
     42 # Look up some IPsec-related headers
     43 AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
     44 AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
     45 AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
     46 
     47 # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
     48 if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
     49     have_netinet_ipsec=yes
     50     AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use <netinet6/ipsec.h>])
     51 fi
     52 
     53 case "$host_os" in
     54  *linux*)
     55     AC_ARG_WITH(kernel-headers,
     56 	AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
     57 		       [where your Linux Kernel headers are installed]),
     58 	    [ KERNEL_INCLUDE="$with_kernel_headers" 
     59 	      CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
     60 	      AC_SUBST(CONFIGURE_AMFLAGS) ],
     61 	    [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
     62 
     63     AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
     64 	[ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
     65 	  KERNEL_INCLUDE=/usr/src/linux/include ,
     66 	  [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
     67     AC_SUBST(KERNEL_INCLUDE)
     68     # We need the configure script to run with correct kernel headers.
     69     # However we don't want to point to kernel source tree in compile time,
     70     # i.e. this will be removed from CPPFLAGS at the end of configure.
     71     CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
     72 
     73     AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 
     74     	[AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
     75                	[Are PF_KEY policy priorities supported?])], [],
     76     	[#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
     77 
     78     GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
     79     GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
     80     CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
     81     CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
     82     AC_SUBST(GLIBC_BUGS)
     83     ;;
     84  *)
     85     if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
     86       if test "$have_net_pfkey" = yes; then
     87 	AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
     88       else
     89 	AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
     90       fi
     91     fi
     92     ;;
     93 esac
     94 
     95 ### Some basic toolchain checks
     96 
     97 # Checks for header files.
     98 AC_HEADER_STDC
     99 AC_HEADER_SYS_WAIT
    100 AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
    101 AC_CHECK_HEADERS(shadow.h)
    102 
    103 # Checks for typedefs, structures, and compiler characteristics.
    104 AC_C_CONST
    105 AC_TYPE_PID_T
    106 AC_TYPE_SIZE_T
    107 AC_HEADER_TIME
    108 AC_STRUCT_TM
    109 
    110 # Checks for library functions.
    111 AC_FUNC_MEMCMP
    112 AC_TYPE_SIGNAL
    113 AC_FUNC_VPRINTF
    114 AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
    115 AC_REPLACE_FUNCS(strdup)
    116 RACOON_CHECK_VA_COPY
    117 
    118 # Check if printf accepts "%z" type modifier for size_t argument
    119 AC_MSG_CHECKING(if printf accepts %z)
    120 saved_CFLAGS=$CFLAGS
    121 CFLAGS="$CFLAGS -Wall -Werror"
    122 AC_TRY_COMPILE([
    123 #include <stdio.h>
    124 ], [
    125 printf("%zu\n", (size_t)-1);
    126 ],
    127 	[AC_MSG_RESULT(yes)],
    128 	[AC_MSG_RESULT(no);
    129 	 CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
    130 	 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
    131 	])
    132 CFLAGS=$saved_CFLAGS
    133 
    134 # Can we use __func__ macro?
    135 AC_MSG_CHECKING(if __func__ is available)
    136 AC_TRY_COMPILE(
    137 [#include <stdio.h>
    138 ], [char *x = __func__;],
    139 	[AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
    140 	AC_MSG_RESULT(yes)],
    141 	[AC_MSG_RESULT(no)])
    142 
    143 # Check if readline support is requested
    144 AC_MSG_CHECKING(if readline support is requested)
    145 AC_ARG_WITH(readline,
    146 	[  --with-readline         support readline input (yes by default)],
    147 	[with_readline="$withval"], [with_readline="yes"])
    148 AC_MSG_RESULT($with_readline)
    149 
    150 # Is readline available?
    151 if test $with_readline != "no"; then
    152 	AC_CHECK_HEADER([readline/readline.h], 
    153 		[AC_CHECK_LIB(readline, readline, [
    154 				AC_DEFINE(HAVE_READLINE, [],
    155 					[Is readline available?])
    156 				LIBS="$LIBS -lreadline"
    157 		], [])], [])
    158 fi
    159 
    160 
    161 AC_MSG_CHECKING(if --with-flex option is specified)
    162 AC_ARG_WITH(flexdir,
    163 	[AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
    164 	[flexdir="$withval"])
    165 AC_MSG_RESULT(${flexdir-dirdefault})
    166 
    167 if test "x$flexdir" != "x"; then
    168 	LIBS="$LIBS $flexdir/libfl.a"
    169 fi
    170 
    171 AC_MSG_CHECKING(if --with-flexlib option is specified)
    172 AC_ARG_WITH(flexlib,
    173 	[  --with-flexlib=<LIB>    specify flex library.],
    174 	[flexlib="$withval"])
    175 AC_MSG_RESULT(${flexlib-default})
    176 
    177 if test "x$flexlib" != "x"; then
    178 	LIBS="$LIBS $flexlib"
    179 fi
    180 
    181 # Check if a different OpenSSL directory was specified
    182 AC_MSG_CHECKING(if --with-openssl option is specified)
    183 AC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
    184 	[crypto_dir=$withval])
    185 AC_MSG_RESULT(${crypto_dir-default})
    186 
    187 if test "x$crypto_dir" != "x"; then
    188 	LIBS="$LIBS -L${crypto_dir}/lib"
    189 	CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
    190 fi
    191 AC_MSG_CHECKING(openssl version)
    192 
    193 AC_TRY_COMPILE(
    194 [#include <openssl/opensslv.h>
    195 ],
    196 [#if OPENSSL_VERSION_NUMBER < 0x0090602fL
    197 #error OpenSSL version is too old ...
    198 #endif],
    199 [AC_MSG_RESULT([ok])],
    200 [AC_MSG_RESULT(too old)
    201 AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
    202 ])
    203 
    204 AC_CHECK_HEADERS(openssl/engine.h)
    205 
    206 # checking rijndael
    207 AC_CHECK_HEADERS([openssl/aes.h], [], 
    208 	[CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
    209 
    210 # checking sha2
    211 AC_MSG_CHECKING(sha2 support)
    212 AC_DEFINE([WITH_SHA2], [], [SHA2 support])
    213 AC_MSG_RESULT(yes)
    214 AC_CHECK_HEADER(openssl/sha2.h, [], [
    215 	AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
    216 	AC_TRY_COMPILE([
    217 		#ifdef HAVE_SYS_TYPES_H
    218 		#include <sys/types.h>
    219 		#endif
    220 		#include <openssl/sha.h>
    221 	], [
    222 		SHA256_CTX ctx;
    223 	], [
    224 	    AC_MSG_RESULT(yes)
    225 	    AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
    226 	], [AC_MSG_RESULT(no)
    227 	    AC_LIBOBJ([sha2])
    228 	    CRYPTOBJS="$CRYPTOBJS sha2.o"
    229 	])
    230 
    231 	CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing"
    232 ])
    233 AC_SUBST(CRYPTOBJS)
    234 
    235 # checking camellia
    236 AC_CHECK_HEADERS([openssl/camellia.h])
    237 
    238 
    239 # Option --enable-adminport 
    240 AC_MSG_CHECKING(if --enable-adminport option is specified)
    241 AC_ARG_ENABLE(adminport,
    242 	[  --enable-adminport      enable admin port],
    243 	[], [enable_adminport=no])
    244 if test $enable_adminport = "yes"; then
    245 	AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
    246 fi
    247 AC_MSG_RESULT($enable_adminport)
    248 
    249 # Option RC5
    250 AC_MSG_CHECKING(if --enable-rc5 option is specified)
    251 AC_ARG_ENABLE(rc5,
    252 	[  --enable-rc5		enable RC5 encryption (patented)],
    253 	[], [enable_rc5=no])
    254 AC_MSG_RESULT($enable_rc5)
    255 
    256 if test $enable_rc5 = "yes"; then
    257 	AC_CHECK_HEADERS([openssl/rc5.h])
    258 	AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
    259 	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
    260 fi
    261 
    262 # Option IDEA
    263 AC_MSG_CHECKING(if --enable-idea option is specified)
    264 AC_ARG_ENABLE(idea,
    265 	[  --enable-idea	enable IDEA encryption (patented)],
    266 	[], [enable_idea=no])
    267 AC_MSG_RESULT($enable_idea)
    268 
    269 if test $enable_idea = "yes"; then
    270 	AC_CHECK_HEADERS([openssl/idea.h])
    271 	AC_CHECK_LIB([crypto_idea], [idea_encrypt], 
    272 	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
    273 fi
    274 AC_SUBST(EXTRA_CRYPTO)
    275 
    276 # For dynamic libradius
    277 RACOON_PATH_LIBS([MD5_Init], [crypto])
    278 
    279 # Check if we need -lutil for login(3)
    280 RACOON_PATH_LIBS([login], [util])
    281 
    282 # Specify libiconv prefix
    283 AC_MSG_CHECKING(if --with-libiconv option is specified)
    284 AC_ARG_WITH(libiconv, 
    285     [  --with-libiconv=DIR    specify libiconv path (like/usr/pkg)],
    286     [libiconv_dir=$withval], 
    287     [libiconv_dir=no])
    288 AC_MSG_RESULT($libiconv_dir)
    289 if test "$libiconv_dir" != "no"; then
    290 	if test "$libiconv_dir" = "yes" ; then
    291 		  libiconv_dir="";
    292 	fi;
    293 	if test "x$libiconv_dir" = "x"; then
    294 		RACOON_PATH_LIBS([iconv_open], [iconv])
    295 	else
    296 		if test -d "$libiconv_dir/lib" -a \
    297 		    -d "$libiconv_dir/include" ; then
    298 			RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
    299 			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
    300 		else
    301 			AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
    302 	  	fi
    303 	fi
    304 	LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
    305 	AC_CHECK_FUNCS(iconv_open)
    306 fi
    307 
    308 AC_MSG_CHECKING([if --enable-hybrid option is specified])
    309 AC_ARG_ENABLE(hybrid, 
    310     [  --enable-hybrid	  enable hybrid, both mode-cfg and xauth support],
    311     [], [enable_hybrid=no])
    312 AC_MSG_RESULT($enable_hybrid)
    313 
    314 if test "x$enable_hybrid" = "xyes"; then
    315 	case $host in
    316 		*darwin*)
    317 		;;
    318 	*)
    319 		LIBS="$LIBS -lcrypt";
    320 		;;
    321 	esac
    322 	HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
    323 	AC_SUBST(HYBRID_OBJS)
    324 	AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
    325 fi
    326 
    327 AC_MSG_CHECKING([if --enable-frag option is specified])
    328 AC_ARG_ENABLE(frag, 
    329     [  --enable-frag           enable IKE fragmentation payload support],
    330     [], [enable_frag=no])
    331 AC_MSG_RESULT($enable_frag)
    332 
    333 if test "x$enable_frag" = "xyes"; then
    334 	case $host in
    335 	*darwin*)
    336 		;;
    337 	*)
    338 		LIBS="$LIBS -lcrypt"; 
    339 		;;
    340 	esac
    341 	FRAG_OBJS="isakmp_frag.o"
    342 	AC_SUBST(FRAG_OBJS)
    343 	AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
    344 fi
    345 
    346 AC_MSG_CHECKING(if --with-libradius option is specified)
    347 AC_ARG_WITH(libradius, 
    348     [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
    349     [libradius_dir=$withval], 
    350     [libradius_dir=no])
    351 AC_MSG_RESULT($libradius_dir)
    352 if test "$libradius_dir" != "no"; then
    353 	if test "$libradius_dir" = "yes" ; then
    354 		  libradius_dir="";
    355 	fi;
    356 	if test "x$libradius_dir" = "x"; then
    357 		RACOON_PATH_LIBS([rad_create_request], [radius])
    358 	else
    359 		if test -d "$libradius_dir/lib" -a \
    360 		    -d "$libradius_dir/include" ; then
    361 			RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
    362 			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
    363 		else
    364 			AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
    365 	  	fi
    366 	fi
    367 	AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
    368 	LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
    369 	AC_CHECK_FUNCS(rad_create_request)
    370 fi
    371 
    372 AC_MSG_CHECKING(if --with-libpam option is specified)
    373 AC_ARG_WITH(libpam, 
    374     [  --with-libpam=DIR    specify libpam path (like/usr/pkg)],
    375     [libpam_dir=$withval], 
    376     [libpam_dir=no])
    377 AC_MSG_RESULT($libpam_dir)
    378 if test "$libpam_dir" != "no"; then
    379 	if test "$libpam_dir" = "yes" ; then
    380 		  libpam_dir="";
    381 	fi;
    382 	if test "x$libpam_dir" = "x"; then
    383 		RACOON_PATH_LIBS([pam_start], [pam])
    384 	else
    385 		if test -d "$libpam_dir/lib" -a \
    386 		    -d "$libpam_dir/include" ; then
    387 			RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
    388 			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
    389 		else
    390 			AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
    391 	  	fi
    392 	fi
    393 	AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
    394 	LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
    395 	AC_CHECK_FUNCS(pam_start)
    396 fi
    397 
    398 AC_MSG_CHECKING(if --with-libldap option is specified)
    399 AC_ARG_WITH(libldap, 
    400     [  --with-libldap=DIR    specify libldap path (like/usr/pkg)],
    401     [libldap_dir=$withval], 
    402     [libldap_dir=no])
    403 AC_MSG_RESULT($libldap_dir)
    404 if test "$libldap_dir" != "no"; then
    405 	if test "$libldap_dir" = "yes" ; then
    406 		  libldap_dir="";
    407 	fi;
    408 	if test "x$libldap_dir" = "x"; then
    409 		RACOON_PATH_LIBS([ldap_init], [ldap])
    410 	else
    411 		if test -d "$libldap_dir/lib" -a \
    412 		    -d "$libldap_dir/include" ; then
    413 			RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
    414 			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
    415 		else
    416 			AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
    417 	  	fi
    418 	fi
    419 	AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
    420 	LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
    421 
    422 	saved_CFLAGS=$CFLAGS
    423 	CFLAGS="$CFLAGS -Wall -Werror"
    424 	saved_CPPFLAGS=$CPPFLAGS
    425         CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
    426 	AC_TRY_COMPILE(
    427 		[#include <ldap.h>],
    428 		[
    429 			#if LDAP_API_VERSION < 2004
    430 			#error OpenLDAP version is too old ...
    431 			#endif
    432 		],
    433 		[AC_MSG_RESULT([ok])],
    434 		[
    435 			AC_MSG_RESULT(too old)
    436 			AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
    437 		])
    438 	CFLAGS=$saved_CFLAGS
    439 	CPPFLAGS=$saved_CPPFLAGS
    440 fi
    441 
    442 # Check for Kerberos5 support
    443 # XXX This must come after all --with-* tests, else the
    444 # -liconv checks will not work
    445 AC_MSG_CHECKING(if --enable-gssapi option is specified)
    446 AC_ARG_ENABLE(gssapi,
    447 	[  --enable-gssapi         enable GSS-API authentication],
    448 	[], [enable_gssapi=no])
    449 AC_MSG_RESULT($enable_gssapi)
    450 AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
    451 if test "x$enable_gssapi" = "xyes"; then
    452 	if test "$KRB5_CONFIG" != "no"; then
    453 		krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
    454 		krb5_libs="`$KRB5_CONFIG --libs gssapi`"
    455 	else
    456 		# No krb5-config; let's make some assumptions based on
    457 		# the OS.
    458 		case $host_os in
    459 		netbsd*)
    460 			krb5_incdir="-I/usr/include/krb5"
    461 			krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
    462 			;;
    463 		*)
    464 			AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
    465 			;;
    466 		esac
    467 	fi
    468 	LIBS="$LIBS $krb5_libs"
    469 	CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
    470 	AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
    471 
    472 	# Check if iconv 2nd argument needs const 
    473 	saved_CFLAGS=$CFLAGS
    474 	CFLAGS="$CFLAGS -Wall -Werror"
    475 	saved_CPPFLAGS=$CPPFLAGS
    476         CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
    477 	AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
    478 	AC_MSG_CHECKING([if iconv second argument needs const])
    479 	AC_TRY_COMPILE([
    480 		#include <iconv.h>
    481 		#include <stdio.h>
    482 	], [
    483 		iconv_t cd = NULL;
    484 		const char **src = NULL;
    485 		size_t *srcleft = NULL;
    486 		char **dst = NULL;
    487 		size_t *dstleft = NULL;
    488 
    489 		(void)iconv(cd, src, srcleft, dst, dstleft);
    490 	], [AC_MSG_RESULT(yes)
    491 	    AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
    492 	], [AC_MSG_RESULT(no)])
    493 	CFLAGS=$saved_CFLAGS
    494 	CPPFLAGS=$saved_CPPFLAGS
    495 
    496 	# libiconv is often integrated into libc. If a with-* option
    497 	# caused a non libc-based iconv.h to be catched instead of
    498 	# the libc-based iconv.h, then we need to link with -liconv
    499 	AC_MSG_CHECKING(if -liconv is required)
    500 	saved_CPPFLAGS=$CPPFLAGS
    501 	saved_LIBS=$LIBS
    502 	CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
    503 	AC_TRY_LINK([
    504 		#include <iconv.h>
    505 	], [
    506 		(void)iconv_open("ascii", "ascii");
    507 	],
    508 		[AC_MSG_RESULT(no)],
    509 		[
    510 			LIBS="$LIBS -liconv"
    511 			AC_TRY_LINK([
    512 				#include <iconv.h>
    513 		], [
    514 				(void)iconv_open("ascii", "ascii");
    515 			],
    516 			[
    517 				AC_MSG_RESULT(yes)
    518 				saved_LIBS=$LIBS
    519 			], [
    520 				AC_MSG_ERROR([cannot use iconv])
    521 			])
    522 		])
    523 	CPPFLAGS=$saved_CPPFLAGS
    524 	LIBS=$saved_LIBS
    525 fi
    526 
    527 AC_MSG_CHECKING(if --enable-stats option is specified)
    528 AC_ARG_ENABLE(stats,
    529         [  --enable-stats          enable statistics logging function],
    530         [], [enable_stats=no])
    531 if test "x$enable_stats" = "xyes"; then
    532 	AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
    533 fi
    534 AC_MSG_RESULT($enable_stats)
    535 
    536 AC_MSG_CHECKING(if --enable-dpd option is specified)
    537 AC_ARG_ENABLE(dpd,
    538         [  --enable-dpd            enable dead peer detection],
    539         [], [enable_dpd=no])
    540 if test "x$enable_dpd" = "xyes"; then
    541 	AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
    542 fi
    543 AC_MSG_RESULT($enable_dpd)
    544 
    545 AC_MSG_CHECKING(if --enable-fastquit option is specified)
    546 AC_ARG_ENABLE(fastquit,
    547         [  --enable-fastquit            enable new faster code to flush SAs when stopping racoon],
    548         [], [enable_fastquit=no])
    549 if test "x$enable_fastquit" = "xyes"; then
    550 	AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code])
    551 fi
    552 AC_MSG_RESULT($enable_fastquit)
    553 
    554 
    555 AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
    556 AC_ARG_ENABLE(samode-unspec,
    557         [  --enable-samode-unspec  enable to use unspecified a mode of SA],
    558         [], [enable_samode_unspec=no])
    559 if test "x$enable_samode_unspec" = "xyes"; then
    560 	case $host_os in
    561 	*linux*)
    562 		cat << EOC
    563 		
    564 ERROR: --enable-samode-unspec is not supported under linux 
    565 because linux kernel do not support it. This option is disabled 
    566 to prevent mysterious problems.
    567 
    568 If you REALLY know what your are doing, remove this check.
    569 EOC
    570 		exit 1;
    571 		;;
    572 	esac
    573 	AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
    574 fi
    575 AC_MSG_RESULT($enable_samode_unspec)
    576 
    577 # Checks if IPv6 is requested
    578 AC_MSG_CHECKING([whether to enable ipv6])
    579 AC_ARG_ENABLE(ipv6,
    580 [  --disable-ipv6          disable ipv6 support],
    581 [ case "$enableval" in
    582   no)
    583        AC_MSG_RESULT(no)
    584        ipv6=no
    585        ;;
    586   *)   AC_MSG_RESULT(yes)
    587        ipv6=yes
    588        ;;
    589   esac ],
    590 
    591   AC_TRY_RUN([ /* AF_INET6 avalable check */
    592 #include <sys/types.h>
    593 #include <sys/socket.h>
    594 main()
    595 {
    596   exit(0);
    597  if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
    598    exit(1);
    599  else
    600    exit(0);
    601 }
    602 ],
    603   AC_MSG_RESULT(yes)
    604   AC_DEFINE([INET6], [], [Support IPv6])
    605   ipv6=yes,
    606   AC_MSG_RESULT(no)
    607   ipv6=no,
    608   AC_MSG_RESULT(no)
    609   ipv6=no
    610 ))
    611 
    612 if test "$ipv6" = "yes"; then
    613 	AC_DEFINE([INET6], [], [Support IPv6])
    614 	AC_MSG_CHECKING(for advanced API support)
    615 	AC_TRY_COMPILE([#ifndef INET6
    616 #define INET6
    617 #endif
    618 #include <sys/types.h>
    619 #include <netinet/in.h>],
    620 		[struct in6_pktinfo a;],
    621 		[AC_MSG_RESULT(yes)
    622 		 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
    623 		[AC_MSG_RESULT(no)])
    624 fi
    625 
    626 RACOON_CHECK_BUGGY_GETADDRINFO
    627 if test "$buggygetaddrinfo" = "yes"; then
    628 	AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
    629 fi
    630 
    631 # Check if kernel support is available for NAT-T, defaults to no. 
    632 kernel_natt="no"
    633 
    634 AC_MSG_CHECKING(kernel NAT-Traversal support)
    635 case $host_os in
    636 linux*)
    637 # Linux kernel NAT-T check
    638 AC_EGREP_CPP(yes, 
    639 [#include <linux/pfkeyv2.h>
    640 #ifdef SADB_X_EXT_NAT_T_TYPE
    641 yes
    642 #endif
    643 ], [kernel_natt="yes"])
    644 	;;
    645 freebsd*|netbsd*)
    646 # NetBSD case
    647 # Same check for FreeBSD
    648 AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
    649        [kernel_natt="yes"],, [
    650 #define _KERNEL
    651 #include <sys/types.h>
    652 #include <net/pfkeyv2.h>
    653 ])
    654 	;;
    655 esac
    656 AC_MSG_RESULT($kernel_natt)
    657 
    658 AC_MSG_CHECKING(whether to support NAT-T)
    659 AC_ARG_ENABLE(natt,
    660 	[  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
    661         [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
    662 	[ enable_natt=no ])
    663 AC_MSG_RESULT($enable_natt)
    664 
    665 if test "$enable_natt" = "yes"; then
    666 	if test "$kernel_natt" = "no" ; then 
    667 		AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
    668 	else
    669 		AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
    670 		NATT_OBJS="nattraversal.o"
    671 		AC_SUBST(NATT_OBJS)
    672 	fi
    673 fi
    674 
    675 # Set up defines for supported NAT-T versions.
    676 natt_versions_default="00,02,rfc"
    677 AC_MSG_CHECKING(which NAT-T versions to support)
    678 AC_ARG_ENABLE(natt_versions,
    679 	[  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
    680 	[ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
    681 	[ enable_natt_versions=$natt_versions_default ])
    682 if test "$enable_natt" = "yes"; then
    683 	AC_MSG_RESULT($enable_natt_versions)
    684 	for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
    685 		case $i in 
    686 			0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
    687 			1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
    688 			2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
    689 			3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
    690 			4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
    691 			5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
    692 			6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
    693 			7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
    694 			8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
    695 			RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
    696 			*) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
    697 		esac
    698 	done
    699 	unset i
    700 else
    701 	AC_MSG_RESULT([none])
    702 fi
    703 
    704 AC_MSG_CHECKING(if --enable-broken-natt option is specified)
    705 AC_ARG_ENABLE(broken-natt,
    706 	[  --enable-broken-natt    broken in-kernel NAT-T],
    707         [], [enable_broken_natt=no])
    708 if test "x$enable_broken_natt" = "xyes"; then
    709 	AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
    710 fi
    711 AC_MSG_RESULT($enable_broken_natt)
    712 
    713 AC_MSG_CHECKING(whether we support FWD policy)
    714 case $host in
    715 	*linux*)
    716 		AC_TRY_COMPILE([
    717 		#include <inttypes.h>
    718 		#include <linux/ipsec.h>
    719 			], [
    720 			int fwd = IPSEC_DIR_FWD;
    721 			],
    722 			[AC_MSG_RESULT(yes)
    723 			 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
    724 			[AC_MSG_RESULT(no)])
    725 		;;
    726 	*)
    727 		AC_MSG_RESULT(no)
    728 		;;
    729 esac
    730 
    731 AC_CHECK_TYPE([ipsec_policy_t], 
    732 	      [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
    733 	      [],
    734 	      [
    735 		#include <sys/types.h>
    736 	      	#include <netinet6/ipsec.h>
    737 	      ])
    738 
    739 # Check if kernel support is available for Security Context, defaults to no.
    740 kernel_secctx="no"
    741 
    742 AC_MSG_CHECKING(kernel Security Context support)
    743 case $host_os in
    744 linux*)
    745 # Linux kernel Security Context check
    746 AC_EGREP_CPP(yes,
    747 [#include <linux/pfkeyv2.h>
    748 #ifdef SADB_X_EXT_SEC_CTX
    749 yes
    750 #endif
    751 ], [kernel_secctx="yes"])
    752 	;;
    753 esac
    754 AC_MSG_RESULT($kernel_secctx)
    755 
    756 AC_MSG_CHECKING(whether to support Security Context)
    757 AC_ARG_ENABLE(security-context,
    758 	[  --enable-security-context    enable Security Context(yes/no/kernel)],
    759 	[if test "$enable_security_context" = "kernel"; then
    760 		enable_security_context=$kernel_secctx; fi],
    761 	[enable_security_context=$kernel_secctx])
    762 AC_MSG_RESULT($enable_security_context)
    763 
    764 if test "$enable_security_context" = "yes"; then
    765 	if test "$kernel_secctx" = "no" ; then
    766 		AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
    767 	else
    768 		AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
    769 		SECCTX_OBJS="security.o"
    770 		AC_SUBST(SECCTX_OBJS)
    771 		LIBS="$LIBS -lselinux"
    772 	fi
    773 fi
    774 
    775 CFLAGS="$CFLAGS $CFLAGS_ADD"
    776 CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
    777 
    778 case $host in
    779 	*linux*)
    780 		# Remove KERNEL_INCLUDE from CPPFLAGS. It will
    781 		# be symlinked to src/include-glibc/linux in
    782 		# compile time.
    783 		CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
    784 		;;
    785 esac
    786 
    787 include_racoondir=${includedir}/racoon
    788 AC_SUBST(include_racoondir)
    789 
    790 AC_CONFIG_FILES([
    791   Makefile
    792   package_version.h
    793   src/Makefile
    794   src/include-glibc/Makefile
    795   src/libipsec/Makefile
    796   src/setkey/Makefile
    797   src/racoon/Makefile
    798   src/racoon/samples/psk.txt
    799   src/racoon/samples/racoon.conf
    800   rpm/Makefile
    801   rpm/suse/Makefile
    802   rpm/suse/ipsec-tools.spec
    803   ])
    804 AC_OUTPUT
    805