From dc454a657f57a5cf143fddc5c1dd87a510c1790a Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 8 Mar 2022 23:05:39 +0100
Subject: nfct: remove lazy binding

Since cd5135377ac4 ("conntrackd: cthelper: Set up userspace helpers when
daemon starts"), userspace conntrack helpers do not depend on a previous
invocation of nfct to set up the userspace helpers.

Move helper definitions to nfct-extensions/helper.c since existing
deployments might still invoke nfct, even if not required anymore.

This patch was motivated by the removal of the lazy binding.

Phil Sutter says:

"For security purposes, distributions might want to pass -Wl,-z,now
linker flags to all builds, thereby disabling lazy binding globally.

In the past, nfct relied upon lazy binding: It uses the helper objects'
parsing functions without but doesn't provide all symbols the objects
use."

Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/Makefile.am | 2 --
 1 file changed, 2 deletions(-)

(limited to 'src/Makefile.am')

diff --git a/src/Makefile.am b/src/Makefile.am
index 1d56394..a1a91a0 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -35,8 +35,6 @@ if HAVE_CTHELPER
 nfct_LDADD += ${LIBNETFILTER_CTHELPER_LIBS}
 endif
 
-nfct_LDFLAGS = -export-dynamic ${LAZY_LDFLAGS}
-
 conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c queue_tx.c rbtree.c \
 		    local.c log.c mcast.c udp.c netlink.c vector.c \
 		    filter.c fds.c event.c process.c origin.c date.c \
-- 
cgit v1.2.3