Revert "Revert "and added files""

[bcm963xx.git] / userapps / opensource / ipsec-tools / configure.ac

dnl -*- mode: m4 -*-
dnl $Id: configure.ac,v 1.43.2.7 2005/03/14 08:07:39 manubsd Exp $

AC_PREREQ(2.52)
AC_INIT(ipsec-tools, 0.5.1)
AC_CONFIG_SRCDIR([configure.ac])
AM_CONFIG_HEADER(config.h)

AM_INIT_AUTOMAKE(dist-bzip2)

AC_ENABLE_SHARED(no)

AC_PROG_CC
AM_PROG_CC_STDC
AC_HEADER_STDC
AC_PROG_LIBTOOL
AC_PROG_YACC
AM_PROG_LEX
AC_SUBST(LEXLIB)
AC_PROG_EGREP

CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"

case $host in
*netbsd*)
        LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
        ;;
*linux*)
        LIBS="$LIBS -lresolv"
        INSTALL_OPTS="-o bin -g bin"
        INCLUDE_GLIBC="include-glibc"
        RPM="rpm"
        AC_SUBST(INSTALL_OPTS)
        AC_SUBST(INCLUDE_GLIBC)
        AC_SUBST(RPM)
        ;;
esac

# Look up some IPsec-related headers
AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])

# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
    have_netinet_ipsec=yes
    AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use <netinet6/ipsec.h>])
fi

case "$host_os" in
 *linux*)
    AC_ARG_WITH(kernel-headers,
        AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
                       [where your Linux Kernel headers are installed]),
            [ KERNEL_INCLUDE="$with_kernel_headers" 
              CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
              AC_SUBST(CONFIGURE_AMFLAGS) ],
            [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])

    AC_CHECK_FILE($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
        [ AC_CHECK_FILE(/usr/src/linux/include/linux/pfkeyv2.h,
          KERNEL_INCLUDE=/usr/src/linux/include ,
          [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
    AC_SUBST(KERNEL_INCLUDE)
    # We need the configure script to run with correct kernel headers.
    # However we don't want to point to kernel source tree in compile time,
    # i.e. this will be removed from CPPFLAGS at the end of configure.
    CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"

    AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 
        [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
                [Are PF_KEY policy priorities supported?])], [],
        [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])

    GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
    AC_SUBST(GLIBC_BUGS)
    GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
    CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
    ;;
 *)
    if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
      if test "$have_net_pfkey" = yes; then
        AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
      else
        AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
      fi
    fi
    ;;
esac

### Some basic toolchain checks

# Checks for header files.
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)

# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_HEADER_TIME
AC_STRUCT_TM

# Checks for library functions.
AC_FUNC_MEMCMP
AC_TYPE_SIGNAL
AC_FUNC_VPRINTF
AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy)
AC_REPLACE_FUNCS(strdup)
RACOON_CHECK_VA_COPY

# Check if printf accepts "%z" type modifier for size_t argument
AC_MSG_CHECKING(if printf accepts %z)
saved_CFLAGS=$CFLAGS
CFLAGS="$CFLAGS -Wall -Werror"
AC_TRY_COMPILE([
#include <stdio.h>
], [
printf("%zu\n", (size_t)-1);
],
        [AC_MSG_RESULT(yes)],
        [AC_MSG_RESULT(no); CFLAGS_ADD="$CFLAGS_ADD -Wno-format"])
CFLAGS=$saved_CFLAGS

# Can we use __func__ macro?
AC_MSG_CHECKING(if __func__ is available)
AC_TRY_COMPILE(
[#include <stdio.h>
], [char *x = __func__;],
        [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
        AC_MSG_RESULT(yes)],
        [AC_MSG_RESULT(no)])

# Check if readline support is requested
AC_MSG_CHECKING(if readline support is requested)
AC_ARG_WITH(readline,
        [  --with-readline         support readline input (yes by default)],
        [with_readline="$withval"], [with_readline="yes"])
AC_MSG_RESULT($with_readline)

# Is readline available?
if test $with_readline != "no"; then
        AC_CHECK_HEADER([readline/readline.h], 
                [AC_CHECK_LIB(readline, readline, [
                                AC_DEFINE(HAVE_READLINE, [],
                                        [Is readline available?])
                                LIBS="$LIBS -lreadline"
                ], [])], [])
fi

# Check if a different OpenSSL directory was specified
AC_MSG_CHECKING(if --with-openssl option is specified)
AC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
        [crypto_dir=$withval])
AC_MSG_RESULT(${crypto_dir-default})

if test "x$crypto_dir" != "x"; then
        LIBS="$LIBS -L${crypto_dir}/lib"
        CPPFLAGS_ADD="-I${crypto_dir}/include $CPPFLAGS_ADD"
fi
AC_MSG_CHECKING(openssl version)
AC_EGREP_CPP(yes, [#include <openssl/opensslv.h>
#if OPENSSL_VERSION_NUMBER >= 0x0090602fL
yes
#endif], [AC_MSG_RESULT(ok)], [AC_MSG_RESULT(too old)
        AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
        ])
AC_CHECK_HEADERS(openssl/engine.h)

# checking rijndael
AC_CHECK_HEADERS([openssl/aes.h], [], 
        [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])

# checking sha2
AC_MSG_CHECKING(sha2 support)
AC_DEFINE([WITH_SHA2], [], [SHA2 support])
AC_CHECK_HEADER(openssl/sha2.h, [], [
        CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing"
        AC_LIBOBJ([sha2])
        CRYPTOBJS="$CRYPTOBJS sha2.o"])
AC_SUBST(CRYPTOBJS)

# Option --enable-adminport 
AC_MSG_CHECKING(if --enable-adminport option is specified)
AC_ARG_ENABLE(adminport,
        [  --enable-adminport      enable admin port],
        [], [enable_adminport=no])
if test $enable_adminport = "yes"; then
        AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
fi
AC_MSG_RESULT($enable_adminport)

# Check for Kerberos5 support
AC_MSG_CHECKING(if --enable-gssapi option is specified)
AC_ARG_ENABLE(gssapi,
        [  --enable-gssapi         enable GSS-API authentication],
        [], [enable_gssapi=no])
AC_MSG_RESULT($enable_gssapi)
AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
if test "x$enable_gssapi" = "xyes"; then
        if test "$KRB5_CONFIG" != "no"; then
                krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
                krb5_libs="`$KRB5_CONFIG --libs gssapi`"
                LIBS="$LIBS $krb5_libs"
                CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
                AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
        else
                AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
        fi
fi

AC_MSG_CHECKING([if --enable-hybrid option is specified])
AC_ARG_ENABLE(hybrid, 
    [  --enable-hybrid    enable hybrid, both mode-cfg and xauth support],
    [
        LIBS="$LIBS -lcrypt"; 
        enable_hybrid=yes;
        HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
        AC_SUBST(HYBRID_OBJS)
        AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
    ],
    [enable_hybrid=no])
AC_MSG_RESULT($enable_hybrid)

AC_MSG_CHECKING([if --enable-frag option is specified])
AC_ARG_ENABLE(frag, 
    [  --enable-frag           enable IKE fragmentation payload support],
    [
        LIBS="$LIBS -lcrypt"; 
        enable_frag=yes;
        FRAG_OBJS="isakmp_frag.o"
        AC_SUBST(FRAG_OBJS)
        AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
    ],
    [enable_frag=no])
AC_MSG_RESULT($enable_frag)

# For dynamic libradius
RACOON_PATH_LIBS(MD5_Init, crypto)

AC_MSG_CHECKING(if --with-libradius option is specified)
AC_ARG_WITH(libradius, 
    [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
    [libradius_dir=$withval], 
    [libradius_dir=no])
AC_MSG_RESULT($libradius_dir)
if test "$libradius_dir" != "no"; then
        if test "$libradius_dir" = "yes" ; then
                  libradius_dir="";
        fi;
        if test "x$libradius_dir" = "x"; then
                RACOON_PATH_LIBS(rad_create_request, radius)
        else
                if test -d "$libradius_dir/lib" -a \
                    -d "$libradius_dir/include" ; then
                        RACOON_PATH_LIBS(rad_create_request, radius, "$libradius_dir/lib")
                        CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
                else
                        AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
                fi
        fi
        AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
        LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
        AC_CHECK_FUNCS(rad_create_request)
fi

AC_MSG_CHECKING(if --enable-stats option is specified)
AC_ARG_ENABLE(stats,
        [  --enable-stats          enable statistics logging function],
        [], [enable_stats=no])
if test "x$enable_stats" = "xyes"; then
        AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
fi
AC_MSG_RESULT($enable_stats)

AC_MSG_CHECKING(if --enable-dpd option is specified)
AC_ARG_ENABLE(dpd,
        [  --enable-dpd            enable dead peer detection],
        [], [enable_dpd=no])
if test "x$enable_dpd" = "xyes"; then
        AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
fi
AC_MSG_RESULT($enable_dpd)


AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
AC_ARG_ENABLE(samode-unspec,
        [  --enable-samode-unspec  enable to use unspecified a mode of SA],
        [], [enable_samode_unspec=no])
if test "x$enable_samode_unspec" = "xyes"; then
        AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
fi
AC_MSG_RESULT($enable_samode_unspec)

# Checks if IPv6 is requested
AC_MSG_CHECKING([whether to enable ipv6])
AC_ARG_ENABLE(ipv6,
[  --disable-ipv6          disable ipv6 support],
[ case "$enableval" in
  no)
       AC_MSG_RESULT(no)
       ipv6=no
       ;;
  *)   AC_MSG_RESULT(yes)
       ipv6=yes
       ;;
  esac ],

  AC_TRY_RUN([ /* AF_INET6 avalable check */
#include <sys/types.h>
#include <sys/socket.h>
main()
{
  exit(0);
 if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
   exit(1);
 else
   exit(0);
}
],
  AC_MSG_RESULT(yes)
  AC_DEFINE([INET6], [], [Support IPv6])
  ipv6=yes,
  AC_MSG_RESULT(no)
  ipv6=no,
  AC_MSG_RESULT(no)
  ipv6=no
))

if test "$ipv6" = "yes"; then
        AC_MSG_CHECKING(for advanced API support)
        AC_TRY_COMPILE([#ifndef INET6
#define INET6
#endif
#include <sys/types.h>
#include <netinet/in.h>],
                [struct in6_pktinfo a;],
                [AC_MSG_RESULT(yes)
                 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
                [AC_MSG_RESULT(no)])
fi

RACOON_CHECK_BUGGY_GETADDRINFO
if test "$buggygetaddrinfo" = "yes"; then
        AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
fi

# Check if kernel support is available for NAT-T, defaults to no. 
kernel_natt="no"

AC_MSG_CHECKING(kernel NAT-Traversal support)
case $host_os in
linux*)
# Linux kernel NAT-T check
AC_EGREP_CPP(yes, 
[#include <linux/pfkeyv2.h>
#ifdef SADB_X_EXT_NAT_T_TYPE
yes
#endif
], [kernel_natt="yes"])
        ;;
freebsd*|netbsd*)
# NetBSD case
# Same check for FreeBSD
AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
       [kernel_natt="yes"],, [
#define _KERNEL
#include <sys/types.h>
#include <net/pfkeyv2.h>
])
        ;;
esac
AC_MSG_RESULT($kernel_natt)

AC_MSG_CHECKING(whether to support NAT-T)
AC_ARG_ENABLE(natt,
        [  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
        [if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi],
        [enable_natt=$kernel_natt])
AC_MSG_RESULT($enable_natt)

if test "$enable_natt" = "yes"; then
        if test "$kernel_natt" = "no" ; then 
                AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
        else
                AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
                NATT_OBJS="nattraversal.o"
                AC_SUBST(NATT_OBJS)
        fi
fi

# Set up defines for supported NAT-T versions.
natt_versions_default="00,02,rfc"
AC_MSG_CHECKING(which NAT-T versions to support)
AC_ARG_ENABLE(natt_versions,
        [  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
        [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
        [ enable_natt_versions=$natt_versions_default ])
if test "$enable_natt" = "yes"; then
        AC_MSG_RESULT($enable_natt_versions)
        for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
                case $i in 
                        0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
                        1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
                        2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
                        3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
                        4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
                        5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
                        6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
                        7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
                        8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
                        RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
                        *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
                esac
        done
        unset i
else
        AC_MSG_RESULT([none])
fi

AC_MSG_CHECKING(whether we support FWD policy)
case $host in
        *linux*)
                AC_TRY_COMPILE([
                #include <inttypes.h>
                #include <linux/ipsec.h>
                        ], [
                        int fwd = IPSEC_DIR_FWD;
                        ],
                        [AC_MSG_RESULT(yes)
                         AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
                        [AC_MSG_RESULT(no)])
                ;;
        *)
                AC_MSG_RESULT(no)
                ;;
esac

CFLAGS="$CFLAGS $CFLAGS_ADD"
CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"

case $host in
        *linux*)
                # Remove KERNEL_INCLUDE from CPPFLAGS. It will
                # be symlinked to src/include-glibc/linux in
                # compile time.
                CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
                ;;
esac

AC_CONFIG_FILES([
  Makefile
  package_version.h
  src/Makefile
  src/include-glibc/Makefile
  src/libipsec/Makefile
  src/setkey/Makefile
  src/racoon/Makefile
  src/racoon/samples/psk.txt
  src/racoon/samples/racoon.conf
  rpm/Makefile
  rpm/suse/Makefile
  rpm/suse/ipsec-tools.spec
  ])
AC_OUTPUT