On Sat, Mar 12, 2016 at 05:48:04PM +0530, Shivani Bhardwaj wrote: > Add the --disable-connlabel option and the appropriate functionality > associated with it. > > After this patch, iptables configuration shows up as: > > Iptables Configuration: > IPv4 support: yes > IPv6 support: yes > Devel support: yes > IPQ support: no > Large file support: yes > BPF utils support: no > nfsynproxy util support: no > nftables support: yes > connlabel support: yes I think we are almost there, see below. > Signed-off-by: Shivani Bhardwaj <shivanib134@xxxxxxxxx> > --- > Changes in v3: > Remove check for libnfnetlink from the if block > > Changes in v2: > Correct the option to disable-connlabel and add code to make it > work > > configure.ac | 30 +++++++++++++++++++++--------- > 1 file changed, 21 insertions(+), 9 deletions(-) > > diff --git a/configure.ac b/configure.ac > index 33a8f2d..f9bc2a3 100644 > --- a/configure.ac > +++ b/configure.ac [...] > @@ -168,6 +164,21 @@ if test "$nftables" != 1; then > blacklist_a_modules="$blacklist_a_modules mangle" > fi > > +if test "x$enable_connlabel" = "xyes"; then > + PKG_CHECK_MODULES([libnetfilter_conntrack], > + [libnetfilter_conntrack >= 1.0.4], > + [nfconntrack=1], [nfconntrack=0]) > + > + if test "$nfconntrack" -ne 1; then > + blacklist_modules="$blacklist_modules connlabel"; > + echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built"; Could you set enable_connlabel to "no" when this occurs so the banner also displays that connlabel support has been skipped? > + fi; > +else > + blacklist_modules="$blacklist_modules connlabel"; > +fi; -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
