From ecfe6e93016559fdd18013ab5a2e1f200d330310 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 26 Sep 2013 17:53:06 +0200
Subject: build: add --disable-cthelper and --disable-cttimeout

This patch allows you to disable userspace helper support and
conntrack timeout tuning at build stage.

By default, both features are enabled, to avoid breaking backward
compatibility.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 configure.ac         | 26 +++++++++++++++++++++++---
 src/Makefile.am      | 39 ++++++++++++++++++++++++++++++---------
 src/read_config_yy.y |  6 ++++++
 src/run.c            |  9 ++++++---
 4 files changed, 65 insertions(+), 15 deletions(-)

diff --git a/configure.ac b/configure.ac
index 8bb4bec..f0800d6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -54,12 +54,27 @@ else
 	flex.])
 fi
 
+AC_ARG_ENABLE([cthelper],
+        AS_HELP_STRING([--disable-cthelper], [Do not build userspace helper support]),
+        [enable_cthelper="no"], [enable_cthelper="yes"])
+AC_ARG_ENABLE([cttimeout],
+        AS_HELP_STRING([--disable-cttimeout], [Do not build timeout support]),
+        [enable_cttimeout="no"], [enable_cttimeout="yes"])
+
 PKG_CHECK_MODULES([LIBNFNETLINK], [libnfnetlink >= 1.0.1])
 PKG_CHECK_MODULES([LIBMNL], [libmnl >= 1.0.3])
 PKG_CHECK_MODULES([LIBNETFILTER_CONNTRACK], [libnetfilter_conntrack >= 1.0.4])
-PKG_CHECK_MODULES([LIBNETFILTER_CTTIMEOUT], [libnetfilter_cttimeout >= 1.0.0])
-PKG_CHECK_MODULES([LIBNETFILTER_CTHELPER], [libnetfilter_cthelper >= 1.0.0])
-PKG_CHECK_MODULES([LIBNETFILTER_QUEUE], [libnetfilter_queue >= 1.0.2])
+AS_IF([test "x$enable_cttimeout" = "xyes"], [
+	PKG_CHECK_MODULES([LIBNETFILTER_CTTIMEOUT], [libnetfilter_cttimeout >= 1.0.0])
+])
+AM_CONDITIONAL([HAVE_CTTIMEOUT], [test "x$enable_cttimeout" = "xyes"])
+
+AS_IF([test "x$enable_cthelper" = "xyes"], [
+	PKG_CHECK_MODULES([LIBNETFILTER_CTHELPER], [libnetfilter_cthelper >= 1.0.0])
+	PKG_CHECK_MODULES([LIBNETFILTER_QUEUE], [libnetfilter_queue >= 1.0.2])
+	AC_DEFINE([BUILD_CTHELPER], [1], [Building cthelper support])
+])
+AM_CONDITIONAL([HAVE_CTHELPER], [test "x$enable_cthelper" = "xyes"])
 
 AC_CHECK_HEADERS([linux/capability.h],, [AC_MSG_ERROR([Cannot find linux/capabibility.h])])
 
@@ -126,3 +141,8 @@ fi
 
 AC_CONFIG_FILES([Makefile src/Makefile include/Makefile include/linux/Makefile include/linux/netfilter/Makefile extensions/Makefile src/helpers/Makefile])
 AC_OUTPUT
+
+echo "
+conntrack-tools configuration:
+  userspace conntrack helper support:	${enable_cthelper}
+  conntrack timeout support:		${enable_cttimeout}"
diff --git a/src/Makefile.am b/src/Makefile.am
index ec03e46..1bc3622 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,6 +1,8 @@
 include $(top_srcdir)/Make_global.am
 
+if HAVE_CTHELPER
 SUBDIRS = helpers
+endif
 
 AM_YFLAGS = -d
 
@@ -11,17 +13,29 @@ sbin_PROGRAMS = conntrack conntrackd nfct
 conntrack_SOURCES = conntrack.c
 conntrack_LDADD = ../extensions/libct_proto_tcp.la ../extensions/libct_proto_udp.la ../extensions/libct_proto_udplite.la ../extensions/libct_proto_icmp.la ../extensions/libct_proto_icmpv6.la ../extensions/libct_proto_sctp.la ../extensions/libct_proto_dccp.la ../extensions/libct_proto_gre.la ../extensions/libct_proto_unknown.la ${LIBNETFILTER_CONNTRACK_LIBS} ${LIBMNL_LIBS} ${LIBNFNETLINK_LIBS}
 
-nfct_SOURCES = nfct.c			\
-	       helpers.c			\
-	       nfct-extensions/timeout.c	\
-	       nfct-extensions/helper.c
+nfct_SOURCES = nfct.c
+
+if HAVE_CTHELPER
+nfct_SOURCES += helpers.c			\
+		nfct-extensions/helper.c
+endif
+
+if HAVE_CTTIMEOUT
+nfct_SOURCES += nfct-extensions/timeout.c
+endif
 
 nfct_LDADD = ${LIBMNL_LIBS} 			\
 	     ${LIBNETFILTER_CONNTRACK_LIBS}	\
-	     ${LIBNETFILTER_CTTIMEOUT_LIBS}	\
-	     ${LIBNETFILTER_CTHELPER_LIBS}	\
 	     ${libdl_LIBS}
 
+if HAVE_CTTIMEOUT
+nfct_LDADD += ${LIBNETFILTER_CTTIMEOUT_LIBS}
+endif
+
+if HAVE_CTHELPER
+nfct_LDADD += ${LIBNETFILTER_CTHELPER_LIBS}
+endif
+
 nfct_LDFLAGS = -export-dynamic
 
 conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \
@@ -29,7 +43,7 @@ conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \
 		    filter.c fds.c event.c process.c origin.c date.c \
 		    cache.c cache-ct.c cache-exp.c \
 		    cache_timer.c \
-		    ctnl.c cthelper.c \
+		    ctnl.c \
 		    sync-mode.c sync-alarm.c sync-ftfw.c sync-notrack.c \
 		    traffic_stats.c stats-mode.c \
 		    network.c cidr.c \
@@ -39,15 +53,22 @@ conntrackd_SOURCES = alarm.c main.c run.c hash.c queue.c rbtree.c \
 		    external_cache.c external_inject.c \
 		    internal_cache.c internal_bypass.c \
 		    read_config_yy.y read_config_lex.l \
-		    stack.c helpers.c utils.c expect.c
+		    stack.c
+
+if HAVE_CTHELPER
+conntrackd_SOURCES += cthelper.c helpers.c utils.c expect.c
+endif
 
 # yacc and lex generate dirty code
 read_config_yy.o read_config_lex.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls
 
 conntrackd_LDADD = ${LIBMNL_LIBS} ${LIBNETFILTER_CONNTRACK_LIBS} \
-		   ${LIBNETFILTER_QUEUE_LIBS} ${LIBNETFILTER_CTHELPER_LIBS} \
 		   ${libdl_LIBS} ${LIBNFNETLINK_LIBS}
 
+if HAVE_CTHELPER
+conntrackd_LDADD += ${LIBNETFILTER_CTHELPER_LIBS} ${LIBNETFILTER_QUEUE_LIBS}
+endif
+
 conntrackd_LDFLAGS = -export-dynamic
 
 EXTRA_DIST = read_config_yy.h
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index b824150..fa517bb 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -1612,12 +1612,18 @@ helper_type: T_TYPE T_STRING T_STRING T_STRING '{' helper_type_list  '}'
 		exit(EXIT_FAILURE);
 	}
 
+#ifdef BUILD_CTHELPER
 	/* XXX use configure.ac definitions. */
 	helper = helper_find("/usr/lib/conntrack-tools", $2, l4proto, RTLD_NOW);
 	if (helper == NULL) {
 		print_err(CTD_CFG_ERROR, "Unknown `%s' helper", $2);
 		exit(EXIT_FAILURE);
 	}
+#else
+	print_err(CTD_CFG_ERROR, "Helper support is disabled, recompile "
+				 "conntrackd");
+	exit(EXIT_FAILURE);
+#endif
 
 	helper_inst = calloc(1, sizeof(struct ctd_helper_instance));
 	if (helper_inst == NULL)
diff --git a/src/run.c b/src/run.c
index 7fa6889..a9d4862 100644
--- a/src/run.c
+++ b/src/run.c
@@ -55,9 +55,10 @@ void killer(int signo)
 	if (CONFIG(flags) & (CTD_SYNC_MODE | CTD_STATS_MODE))
 		ctnl_kill();
 
+#ifdef BUILD_CTHELPER
 	if (CONFIG(flags) & CTD_HELPER)
 		cthelper_kill();
-
+#endif
 	destroy_fds(STATE(fds));
 	unlink(CONFIG(lockfile));
 	dlog(LOG_NOTICE, "---- shutdown received ----");
@@ -205,9 +206,10 @@ static int local_handler(int fd, void *data)
 	if (CONFIG(flags) & (CTD_SYNC_MODE | CTD_STATS_MODE))
 		return ctnl_local(fd, type, data);
 
+#ifdef BUILD_CTHELPER
 	if (CONFIG(flags) & CTD_HELPER)
 		return cthelper_local(fd, type, data);
-
+#endif
 	return ret;
 }
 
@@ -259,11 +261,12 @@ init(void)
 		if (ctnl_init() < 0)
 			return -1;
 
+#ifdef BUILD_CTHELPER
 	if (CONFIG(flags) & CTD_HELPER) {
 		if (cthelper_init() < 0)
 			return -1;
 	}
-
+#endif
 	time(&STATE(stats).daemon_start_time);
 
 	dlog(LOG_NOTICE, "initialization completed");
-- 
cgit v1.2.3