On Wed, Mar 16, 2016 at 12:32:51AM +0530, Shivani Bhardwaj wrote: > On Tue, Mar 15, 2016 at 6:06 AM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > >> +if test "x$enable_connlabel" = "xyes"; then > >> + PKG_CHECK_MODULES([libnetfilter_conntrack], > >> + [libnetfilter_conntrack >= 1.0.4], > >> + [nfconntrack=1], [nfconntrack=0]) > >> + > >> + if test "$nfconntrack" -ne 1; then > >> + blacklist_modules="$blacklist_modules connlabel"; > >> + echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built"; > > > > Could you set enable_connlabel to "no" when this occurs so the banner > > also displays that connlabel support has been skipped? > > > OK. Thanks. > One question, in case of nftables, I see enable_nftables is nowhere > set to "no", should that be added in case package requirements are not > met? $ ./configure --prefix=/usr --disable-nftables checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /bin/mkdir -p ... Iptables Configuration: IPv4 support: yes IPv6 support: yes Devel support: yes IPQ support: no Large file support: yes BPF utils support: no nfsynproxy util support: no nftables support: no <------ connlabel support: yes It says "no" when explicitly disabled. Note that the connlabel case was special with regards to others, since it didn't ask for explicit disable/enable in first place. > Same for bpfc and nfsynproxy. I can see here these: --disable-nfsynproxy --disable-bpf-compiler show "no" in the configuration message. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
