diff options
| author | Mike Frysinger <vapier@gentoo.org> | 2015-08-18 18:48:54 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-08-26 20:57:29 +0200 |
| commit | 4ecdf8385bd05c25a3c991b1e409816c8eb82b77 (patch) | |
| tree | 7dd50640eba46b5727df0f9da9d90a26e94f35b4 | |
| parent | b8b751bb75f3c7a5e3eff0ccbd652191fd2554f3 (diff) | |
build: add finer module blacklisting
Newer extensions require libnftnl in order to build, but there are no
configure or build checks for it, which leads to a bunch of modules
failing when libnftnl isn't installed. Add finer grained blacklisting
so we can disable modules for specific parts rather than all of them.
e.g. We want to blacklist libebt_limit, but not libxt_limit.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | configure.ac | 20 | ||||
| -rw-r--r-- | extensions/GNUmakefile.in | 10 |
2 files changed, 23 insertions, 7 deletions
diff --git a/configure.ac b/configure.ac index 7ff572a2..22512dc0 100644 --- a/configure.ac +++ b/configure.ac @@ -78,7 +78,12 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([int main(void) {}])], ) LDFLAGS="$saved_LDFLAGS"; -blacklist_modules=""; +blacklist_modules="" +blacklist_x_modules="" +blacklist_b_modules="" +blacklist_a_modules="" +blacklist_4_modules="" +blacklist_6_modules="" AC_CHECK_HEADERS([linux/dccp.h linux/ip_vs.h linux/magic.h linux/proc_fs.h]) if test "$ac_cv_header_linux_dccp_h" != "yes"; then @@ -97,7 +102,6 @@ if test "$nfconntrack" -ne 1; then echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built"; fi; -AC_SUBST([blacklist_modules]) AC_CHECK_SIZEOF([struct ip6_hdr], [], [#include <netinet/ip6.h>]) AM_CONDITIONAL([ENABLE_STATIC], [test "$enable_static" = "yes"]) @@ -159,6 +163,18 @@ fi AM_CONDITIONAL([HAVE_LIBMNL], [test "$mnl" = 1]) AM_CONDITIONAL([HAVE_LIBNFTNL], [test "$nftables" = 1]) +if test "$nftables" != 1; then + blacklist_b_modules="$blacklist_b_modules limit mark nflog mangle" + blacklist_a_modules="$blacklist_a_modules mangle" +fi + +AC_SUBST([blacklist_modules]) +AC_SUBST([blacklist_x_modules]) +AC_SUBST([blacklist_b_modules]) +AC_SUBST([blacklist_a_modules]) +AC_SUBST([blacklist_4_modules]) +AC_SUBST([blacklist_6_modules]) + regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \ -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \ -Winline -pipe"; diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in index 181e155a..53be2cdd 100644 --- a/extensions/GNUmakefile.in +++ b/extensions/GNUmakefile.in @@ -44,11 +44,11 @@ pfa_build_mod := $(patsubst ${srcdir}/libarpt_%.c,%,$(sort $(wildcard ${srcdir}/ pfx_symlinks := NOTRACK state @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c))) @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c))) -pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod}) -pfb_build_mod := $(filter-out @blacklist_modules@,${pfb_build_mod}) -pfa_build_mod := $(filter-out @blacklist_modules@,${pfa_build_mod}) -pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod}) -pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod}) +pfx_build_mod := $(filter-out @blacklist_modules@ @blacklist_x_modules@,${pfx_build_mod}) +pfb_build_mod := $(filter-out @blacklist_modules@ @blacklist_b_modules@,${pfb_build_mod}) +pfa_build_mod := $(filter-out @blacklist_modules@ @blacklist_a_modules@,${pfa_build_mod}) +pf4_build_mod := $(filter-out @blacklist_modules@ @blacklist_4_modules@,${pf4_build_mod}) +pf6_build_mod := $(filter-out @blacklist_modules@ @blacklist_6_modules@,${pf6_build_mod}) pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod}) pfb_objs := $(patsubst %,libebt_%.o,${pfb_build_mod}) pfa_objs := $(patsubst %,libarpt_%.o,${pfa_build_mod}) |