On Wed, Jun 12, 2013 at 12:06:05PM +0200, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > I think this is still useful for people cross-compiling and installing > > > iptables in some custom location. > > > > Hm, still, this may confuse people, as xt_connlabel always looks at: > > > > #define CONNLABEL_CFG "/etc/xtables/connlabel.conf" > > Right; this is easily fixable. However, this is also > the default in libnetfilter_conntrack. But lnf-ct wont be > able to know what configure options iptables was built with. We can define the default location in libnetfilter_conntrack.h, eg. #define NFCT_CONNLABEL_CFG "/etc/xtables/connlabel.conf" I think connlabel is not of much use without libnetfilter_conntrack, since it provides the translation of the connlabel mapping. So we can conditionally compile connlabel support if libnetfilter_conntrack is installed. We can make it a soft dependency, ie. no need for --enable-connlabel. Regards. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
