diff options
| author | Florian Westphal <fw@strlen.de> | 2013-07-15 16:35:08 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2013-07-16 00:54:05 +0200 |
| commit | 51340f7b6a1103b12d86ef488f7140406d80401e (patch) | |
| tree | 7409fe790b3c57097a50db28bead4aa87ff37a53 /configure.ac | |
| parent | a963e217528d2849f32ec6516a1f82450c65f588 (diff) | |
extensions: libxt_connlabel: use libnetfilter_conntrack
Pablo suggested to make it depend on lnf-conntrack, and get rid of
the example config file as well.
The problem is that the file must be in a fixed path,
/etc/xtables/connlabel.conf, else userspace needs to "guess-the-right-file"
when translating names to their bit values (and vice versa).
Originally "make install" did put an example file into /etc/xtables/,
but distributors complained about iptables ignoring the sysconfdir.
So rather remove the example file, the man-page explains the format,
and connlabels are inherently system-specific anyway.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index d2094945..be216b0f 100644 --- a/configure.ac +++ b/configure.ac @@ -82,6 +82,15 @@ if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then blacklist_modules="$blacklist_modules ipvs"; fi; +PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4], + [nfconntrack=1], [nfconntrack=0]) +AM_CONDITIONAL([HAVE_LIBNETFILTER_CONNTRACK], [test "$nfconntrack" = 1]) + +if test "$nfconntrack" -ne 1; then + blacklist_modules="$blacklist_modules connlabel"; + echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built"; +fi; + AC_SUBST([blacklist_modules]) AC_CHECK_SIZEOF([struct ip6_hdr], [], [#include <netinet/ip6.h>]) @@ -180,3 +189,6 @@ fi; echo " Host: ${host} GCC binary: ${CC}" + +test x"$blacklist_modules" = "x" || echo " +Iptables modules that will not be built: $blacklist_modules" |