diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-09-26 17:53:06 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-09-26 18:52:26 +0200 |
| commit | ecfe6e93016559fdd18013ab5a2e1f200d330310 (patch) | |
| tree | 7fcfb6fc18626a1cf8864ac821f770d9d5a13a28 /src | |
| parent | 0cf75aaf19ffd08e7c63fee737423d01343f4cb9 (diff) | |
build: add --disable-cthelper and --disable-cttimeout
This patch allows you to disable userspace helper support and
conntrack timeout tuning at build stage.
By default, both features are enabled, to avoid breaking backward
compatibility.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.am | 39 | ||||
| -rw-r--r-- | src/read_config_yy.y | 6 | ||||
| -rw-r--r-- | src/run.c | 9 |
3 files changed, 42 insertions, 12 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index ec03e46..1bc3622 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,6 +1,8 @@ include $(top_srcdir)/Make_global.am +if HAVE_CTHELPER SUBDIRS = helpers +endif AM_YFLAGS = -d @@ -11,17 +13,29 @@ sbin_PROGRAMS = conntrack conntrackd nfct conntrack_SOURCES = conntrack.c conntrack_LDADD = ../extensions/libct_proto_tcp.la ../extensions/libct_proto_udp.la ../extensions/libct_proto_udplite.la ../extensions/libct_proto_icmp.la ../extensions/libct_proto_icmpv6.la ../extensions/libct_proto_sctp.la ../extensions/libct_proto_dccp.la ../extensions/libct_proto_gre.la ../extensions/libct_proto_unknown.la ${LIBNETFILTER_CONNTRACK_LIBS} ${LIBMNL_LIBS} ${LIBNFNETLINK_LIBS} -nfct_SOURCES = nfct.c \ - helpers.c \ - nfct-extensions/timeout.c \ - nfct-extensions/helper.c +nfct_SOURCES = nfct.c + +if HAVE_CTHELPER +nfct_SOURCES += helpers.c \ + nfct-extensions/helper.c +endif + +if HAVE_CTTIMEOUT +nfct_SOURCES += nfct-extensions/timeout.c +endif nfct_LDADD = ${LIBMNL_LIBS} \ ${LIBNETFILTER_CONNTRACK_LIBS} \ - ${LIBNETFILTER_CTTIMEOUT_LIBS} \ - ${LIBNETFILTER_CTHELPER_LIBS} \ ${libdl_LIBS} +if HAVE_CTTIMEOUT +nfct_LDADD += ${LIBNETFILTER_CTTIMEOUT_LIBS} +endif + +if HAVE_CTHELPER +nfct_LDADD += ${LIBNETFILTER_CTHELPER_LIBS} +endif + nfct_LDFLAGS = -export-dynamic conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \ @@ -29,7 +43,7 @@ conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \ filter.c fds.c event.c process.c origin.c date.c \ cache.c cache-ct.c cache-exp.c \ cache_timer.c \ - ctnl.c cthelper.c \ + ctnl.c \ sync-mode.c sync-alarm.c sync-ftfw.c sync-notrack.c \ traffic_stats.c stats-mode.c \ network.c cidr.c \ @@ -39,15 +53,22 @@ conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \ external_cache.c external_inject.c \ internal_cache.c internal_bypass.c \ read_config_yy.y read_config_lex.l \ - stack.c helpers.c utils.c expect.c + stack.c + +if HAVE_CTHELPER +conntrackd_SOURCES += cthelper.c helpers.c utils.c expect.c +endif # yacc and lex generate dirty code read_config_yy.o read_config_lex.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls conntrackd_LDADD = ${LIBMNL_LIBS} ${LIBNETFILTER_CONNTRACK_LIBS} \ - ${LIBNETFILTER_QUEUE_LIBS} ${LIBNETFILTER_CTHELPER_LIBS} \ ${libdl_LIBS} ${LIBNFNETLINK_LIBS} +if HAVE_CTHELPER +conntrackd_LDADD += ${LIBNETFILTER_CTHELPER_LIBS} ${LIBNETFILTER_QUEUE_LIBS} +endif + conntrackd_LDFLAGS = -export-dynamic EXTRA_DIST = read_config_yy.h diff --git a/src/read_config_yy.y b/src/read_config_yy.y index b824150..fa517bb 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -1612,12 +1612,18 @@ helper_type: T_TYPE T_STRING T_STRING T_STRING '{' helper_type_list '}' exit(EXIT_FAILURE); } +#ifdef BUILD_CTHELPER /* XXX use configure.ac definitions. */ helper = helper_find("/usr/lib/conntrack-tools", $2, l4proto, RTLD_NOW); if (helper == NULL) { print_err(CTD_CFG_ERROR, "Unknown `%s' helper", $2); exit(EXIT_FAILURE); } +#else + print_err(CTD_CFG_ERROR, "Helper support is disabled, recompile " + "conntrackd"); + exit(EXIT_FAILURE); +#endif helper_inst = calloc(1, sizeof(struct ctd_helper_instance)); if (helper_inst == NULL) @@ -55,9 +55,10 @@ void killer(int signo) if (CONFIG(flags) & (CTD_SYNC_MODE | CTD_STATS_MODE)) ctnl_kill(); +#ifdef BUILD_CTHELPER if (CONFIG(flags) & CTD_HELPER) cthelper_kill(); - +#endif destroy_fds(STATE(fds)); unlink(CONFIG(lockfile)); dlog(LOG_NOTICE, "---- shutdown received ----"); @@ -205,9 +206,10 @@ static int local_handler(int fd, void *data) if (CONFIG(flags) & (CTD_SYNC_MODE | CTD_STATS_MODE)) return ctnl_local(fd, type, data); +#ifdef BUILD_CTHELPER if (CONFIG(flags) & CTD_HELPER) return cthelper_local(fd, type, data); - +#endif return ret; } @@ -259,11 +261,12 @@ init(void) if (ctnl_init() < 0) return -1; +#ifdef BUILD_CTHELPER if (CONFIG(flags) & CTD_HELPER) { if (cthelper_init() < 0) return -1; } - +#endif time(&STATE(stats).daemon_start_time); dlog(LOG_NOTICE, "initialization completed"); |