From 51340f7b6a1103b12d86ef488f7140406d80401e Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Mon, 15 Jul 2013 16:35:08 +0200
Subject: extensions: libxt_connlabel: use libnetfilter_conntrack

Pablo suggested to make it depend on lnf-conntrack, and get rid of
the example config file as well.

The problem is that the file must be in a fixed path,
/etc/xtables/connlabel.conf, else userspace needs to "guess-the-right-file"
when translating names to their bit values (and vice versa).

Originally "make install" did put an example file into /etc/xtables/,
but distributors complained about iptables ignoring the sysconfdir.

So rather remove the example file, the man-page explains the format,
and connlabels are inherently system-specific anyway.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 configure.ac | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index d2094945..be216b0f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -82,6 +82,15 @@ if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then
 	blacklist_modules="$blacklist_modules ipvs";
 fi;
 
+PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4],
+	[nfconntrack=1], [nfconntrack=0])
+AM_CONDITIONAL([HAVE_LIBNETFILTER_CONNTRACK], [test "$nfconntrack" = 1])
+
+if test "$nfconntrack" -ne 1; then
+	blacklist_modules="$blacklist_modules connlabel";
+	echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
+fi;
+
 AC_SUBST([blacklist_modules])
 AC_CHECK_SIZEOF([struct ip6_hdr], [], [#include <netinet/ip6.h>])
 
@@ -180,3 +189,6 @@ fi;
 
 echo "  Host:					${host}
   GCC binary:				${CC}"
+
+test x"$blacklist_modules" = "x" || echo "
+Iptables modules that will not be built: $blacklist_modules"
-- 
cgit v1.2.3