* [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal @ 2008-09-11 20:48 Eric Leblond 2008-09-11 21:56 ` Pablo Neira Ayuso 0 siblings, 1 reply; 8+ messages in thread From: Eric Leblond @ 2008-09-11 20:48 UTC (permalink / raw) To: pablo; +Cc: netfilter-devel, Eric Leblond This patch modifies the build system behaviour to be able to compile ulogd on system without recent release of libnetfilter library. If a library is absent or too old, it will simply not compile the concerned input module. Signed-off-by: Eric Leblond <eric@inl.fr> --- configure.in | 9 ++++++--- input/flow/Makefile.am | 2 ++ input/packet/Makefile.am | 5 +++++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index 0e173a3..3ddcae5 100644 --- a/configure.in +++ b/configure.in @@ -37,12 +37,15 @@ LIBNFNETLINK_REQUIRED=0.0.39 LIBNETFILTER_CONNTRACK_REQUIRED=0.0.95 LIBNETFILTER_LOG_REQUIRED=0.0.15 -PKG_CHECK_MODULES(LIBNFNETLINK, libnfnetlink >= $LIBNFNETLINK_REQUIRED,, AC_MSG_ERROR(Cannot find libnfnetlink >= $LIBNFNETLINK_REQUIRED)) +PKG_CHECK_MODULES(LIBNFNETLINK, libnfnetlink >= $LIBNFNETLINK_REQUIRED, nfnetlink="yes", AC_MSG_WARN(Cannot find libnfnetlink >= $LIBNFNETLINK_REQUIRED to build NFLOG and NFCT plugin)) -PKG_CHECK_MODULES(LIBNETFILTER_CONNTRACK, libnetfilter_conntrack >= $LIBNETFILTER_CONNTRACK_REQUIRED,, AC_MSG_ERROR(Cannot find libnetfilter_conntrack >= $LIBNETFILTER_CONNTRACK_REQUIRED)) +PKG_CHECK_MODULES(LIBNETFILTER_CONNTRACK, libnetfilter_conntrack >= $LIBNETFILTER_CONNTRACK_REQUIRED, nfconntrack="yes", AC_MSG_WARN(Cannot find libnetfilter_conntrack >= $LIBNETFILTER_CONNTRACK_REQUIRED to build NFCT plugin)) -PKG_CHECK_MODULES(LIBNETFILTER_LOG, libnetfilter_log >= $LIBNETFILTER_LOG_REQUIRED,, AC_MSG_ERROR(Cannot find libnetfilter_log >= $LIBNETFILTER_LOG_REQUIRED)) +AM_CONDITIONAL(HAVE_LIBNFCONNTRACK, test "x$nfnetlink" != "x" -a "x$nfconntrack" != "x") +PKG_CHECK_MODULES(LIBNETFILTER_LOG, libnetfilter_log >= $LIBNETFILTER_LOG_REQUIRED, nflog="yes", AC_MSG_WARN(Cannot find libnetfilter_log >= $LIBNETFILTER_LOG_REQUIRED to build NFLOG plugin)) + +AM_CONDITIONAL(HAVE_LIBNFLOG, test "x$nfnetlink" != "x" -a "x$nflog" != "x") CT_CHECK_POSTGRES_DB() AM_CONDITIONAL(HAVE_PGSQL, test "x$PQLIBPATH" != "x") diff --git a/input/flow/Makefile.am b/input/flow/Makefile.am index 288d335..0751807 100644 --- a/input/flow/Makefile.am +++ b/input/flow/Makefile.am @@ -2,11 +2,13 @@ INCLUDES = $(all_includes) -I$(top_srcdir)/include AM_CFLAGS=-fPIC -Wall +if HAVE_LIBNFCONNTRACK pkglib_LTLIBRARIES = ulogd_inpflow_NFCT.la # ulogd_inpflow_IPFIX.la ulogd_inpflow_NFCT_la_SOURCES = ulogd_inpflow_NFCT.c ulogd_inpflow_NFCT_la_LDFLAGS = -module $(LIBNETFILTER_CONNTRACK_LIBS) ulogd_inpflow_NFCT_la_CFLAGS = $(AM_CFLAGS) $(LIBNETFILTER_CONNTRACK_CFLAGS) +endif #ulogd_inpflow_IPFIX_la_SOURCES = ulogd_inpflow_IPFIX.c #ulogd_inpflow_IPFIX_la_LDFLAGS = -module diff --git a/input/packet/Makefile.am b/input/packet/Makefile.am index a07f724..9f9a89c 100644 --- a/input/packet/Makefile.am +++ b/input/packet/Makefile.am @@ -3,11 +3,16 @@ INCLUDES = $(all_includes) -I$(top_srcdir)/include AM_CFLAGS=-fPIC -Wall LIBS= +if HAVE_LIBNFLOG pkglib_LTLIBRARIES = ulogd_inppkt_NFLOG.la ulogd_inppkt_ULOG.la ulogd_inppkt_NFLOG_la_SOURCES = ulogd_inppkt_NFLOG.c ulogd_inppkt_NFLOG_la_LDFLAGS = -module $(LIBNETFILTER_LOG_LIBS) ulogd_inppkt_NFLOG_la_CFLAGS = $(AM_CFLAGS) $(LIBNETFILTER_LOG_CFLAGS) +else +pkglib_LTLIBRARIES = ulogd_inppkt_ULOG.la +endif + ulogd_inppkt_ULOG_la_SOURCES = ulogd_inppkt_ULOG.c ulogd_inppkt_ULOG_la_LDFLAGS = -module -- 1.5.4.3 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal 2008-09-11 20:48 [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal Eric Leblond @ 2008-09-11 21:56 ` Pablo Neira Ayuso 2008-09-11 22:15 ` Eric Leblond 0 siblings, 1 reply; 8+ messages in thread From: Pablo Neira Ayuso @ 2008-09-11 21:56 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel Eric Leblond wrote: > This patch modifies the build system behaviour to be able to compile > ulogd on system without recent release of libnetfilter library. If > a library is absent or too old, it will simply not compile the concerned > input module. I don't see any gain from this patch. We had this sort of conditional compilation in iptables - that we finally removed - and it was source of user-side problems. -- "Los honestos son inadaptados sociales" -- Les Luthiers ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal 2008-09-11 21:56 ` Pablo Neira Ayuso @ 2008-09-11 22:15 ` Eric Leblond 2008-09-11 22:35 ` Pablo Neira Ayuso 2008-09-12 2:39 ` [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal Jan Engelhardt 0 siblings, 2 replies; 8+ messages in thread From: Eric Leblond @ 2008-09-11 22:15 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 877 bytes --] Hello, On Thursday, 2008 September 11 at 23:56:57 +0200, Pablo Neira Ayuso wrote: > Eric Leblond wrote: > > This patch modifies the build system behaviour to be able to compile > > ulogd on system without recent release of libnetfilter library. If > > a library is absent or too old, it will simply not compile the concerned > > input module. > > I don't see any gain from this patch. We had this sort of conditional > compilation in iptables - that we finally removed - and it was source of > user-side problems. Hmm, even if you think autodetection is a mistake, it is useful to be able to compile ulogd on system where NFLOG or NFCT is not installed or not usable (too old kernel). What do you think about a --without flag to be able to manually disable the compilation ? BR, -- Eric Leblond INL: http://www.inl.fr/ NuFW: http://www.nufw.org/ [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal 2008-09-11 22:15 ` Eric Leblond @ 2008-09-11 22:35 ` Pablo Neira Ayuso 2008-09-12 6:53 ` Eric Leblond 2008-09-12 2:39 ` [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal Jan Engelhardt 1 sibling, 1 reply; 8+ messages in thread From: Pablo Neira Ayuso @ 2008-09-11 22:35 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel Eric Leblond wrote: > Hello, > > On Thursday, 2008 September 11 at 23:56:57 +0200, Pablo Neira Ayuso wrote: >> Eric Leblond wrote: >>> This patch modifies the build system behaviour to be able to compile >>> ulogd on system without recent release of libnetfilter library. If >>> a library is absent or too old, it will simply not compile the concerned >>> input module. >> I don't see any gain from this patch. We had this sort of conditional >> compilation in iptables - that we finally removed - and it was source of >> user-side problems. > > Hmm, even if you think autodetection is a mistake, it is useful to > be able to compile ulogd on system where NFLOG or NFCT is not installed > or not usable (too old kernel). We're having this discussion over and over again :), ulogd is intended for new systems. The ULOG target support should be legacy. You know how limited the ULOG target is, and how many headache gives to add new features to it ;) > What do you think about a --without flag to be able to manually disable > the compilation ? Well, I'd prefer that but, sincerely, your obsession with legacy systems go really that far. -- "Los honestos son inadaptados sociales" -- Les Luthiers ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal 2008-09-11 22:35 ` Pablo Neira Ayuso @ 2008-09-12 6:53 ` Eric Leblond 2008-09-12 11:02 ` Pablo Neira Ayuso 0 siblings, 1 reply; 8+ messages in thread From: Eric Leblond @ 2008-09-12 6:53 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 1818 bytes --] Hi, On Friday, 2008 September 12 at 0:35:10 +0200, Pablo Neira Ayuso wrote: > Eric Leblond wrote: > > Hello, > > > > On Thursday, 2008 September 11 at 23:56:57 +0200, Pablo Neira Ayuso wrote: > >> Eric Leblond wrote: > >>> This patch modifies the build system behaviour to be able to compile > >>> ulogd on system without recent release of libnetfilter library. If > >>> a library is absent or too old, it will simply not compile the concerned > >>> input module. > >> I don't see any gain from this patch. We had this sort of conditional > >> compilation in iptables - that we finally removed - and it was source of > >> user-side problems. > > > > Hmm, even if you think autodetection is a mistake, it is useful to > > be able to compile ulogd on system where NFLOG or NFCT is not installed > > or not usable (too old kernel). > > We're having this discussion over and over again :), ulogd is intended > for new systems. The ULOG target support should be legacy. You know how > limited the ULOG target is, and how many headache gives to add new > features to it ;) Yes :). I was not thinking about maintaining ULOG support when doing the work for this patch. > > What do you think about a --without flag to be able to manually disable > > the compilation ? > > Well, I'd prefer that but, sincerely, your obsession with legacy systems > go really that far. Not as far as Harald's one who put this feature in the TODO list ;) But, my point was not really intendend to address legacy systems. I just want to have something clean for people who for example want only to use NFLOG. That will be stupid for them to compile and install libnetfilter_conntrack on their system and not to use it. BR, -- Eric Leblond INL: http://www.inl.fr/ NuFW: http://www.nufw.org/ [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal 2008-09-12 6:53 ` Eric Leblond @ 2008-09-12 11:02 ` Pablo Neira Ayuso 2008-09-13 11:13 ` [ULOGD2 PATCH] Add flags to disable NFLOG or NFCT at configure time Eric Leblond 0 siblings, 1 reply; 8+ messages in thread From: Pablo Neira Ayuso @ 2008-09-12 11:02 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel Eric Leblond wrote: > But, my point was not really intendend to address legacy systems. I just > want to have something clean for people who for example want only to use NFLOG. > That will be stupid for them to compile and install libnetfilter_conntrack > on their system and not to use it. Think about iptables. It has tons of matches/targets but most people uses very few of them. And most users use generic distro-based packaged versions. Well, I'll be fine with adding an option like "--without-thing" to skip the compilation of NFCT, but I will not rely upon suppositions like "you did not installed this library, therefore I will not compile this" -- "Los honestos son inadaptados sociales" -- Les Luthiers ^ permalink raw reply [flat|nested] 8+ messages in thread
* [ULOGD2 PATCH] Add flags to disable NFLOG or NFCT at configure time. 2008-09-12 11:02 ` Pablo Neira Ayuso @ 2008-09-13 11:13 ` Eric Leblond 0 siblings, 0 replies; 8+ messages in thread From: Eric Leblond @ 2008-09-13 11:13 UTC (permalink / raw) To: pablo; +Cc: netfilter-devel, Eric Leblond This patch adds some --without options to configure script that can be used to disable compilation of some nfnetlink related modules. Signed-off-by: Eric Leblond <eric@inl.fr> --- configure.in | 19 ++++++++++++++++--- input/flow/Makefile.am | 2 ++ input/packet/Makefile.am | 5 +++++ 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index 0e173a3..129b95a 100644 --- a/configure.in +++ b/configure.in @@ -37,12 +37,25 @@ LIBNFNETLINK_REQUIRED=0.0.39 LIBNETFILTER_CONNTRACK_REQUIRED=0.0.95 LIBNETFILTER_LOG_REQUIRED=0.0.15 -PKG_CHECK_MODULES(LIBNFNETLINK, libnfnetlink >= $LIBNFNETLINK_REQUIRED,, AC_MSG_ERROR(Cannot find libnfnetlink >= $LIBNFNETLINK_REQUIRED)) -PKG_CHECK_MODULES(LIBNETFILTER_CONNTRACK, libnetfilter_conntrack >= $LIBNETFILTER_CONNTRACK_REQUIRED,, AC_MSG_ERROR(Cannot find libnetfilter_conntrack >= $LIBNETFILTER_CONNTRACK_REQUIRED)) +AC_ARG_WITH(nfnetlink, [AC_HELP_STRING(--without-nfnetlink, Disable NFLOG and NFCT)], enable_nfnetlink=$withval, enable_nfnetlink="yes") +AC_ARG_WITH(nfconntrack, [AC_HELP_STRING(--without-nfconntrack, Disable NFCT input plugin)], enable_nfconntrack=$withval, enable_nfconntrack="yes") +AC_ARG_WITH(nflog, [AC_HELP_STRING(--without-nflog, Disable NFLOG input plugin)], enable_nflog=$withval, enable_nflog="yes") -PKG_CHECK_MODULES(LIBNETFILTER_LOG, libnetfilter_log >= $LIBNETFILTER_LOG_REQUIRED,, AC_MSG_ERROR(Cannot find libnetfilter_log >= $LIBNETFILTER_LOG_REQUIRED)) +if test "$enable_nfnetlink" = "yes"; then + PKG_CHECK_MODULES(LIBNFNETLINK, libnfnetlink >= $LIBNFNETLINK_REQUIRED, nfnetlink="yes", AC_MSG_ERROR(Cannot find libnfnetlink >= $LIBNFNETLINK_REQUIRED to build NFLOG and NFCT plugin)) + if test "$enable_nfconntrack" = "yes"; then + PKG_CHECK_MODULES(LIBNETFILTER_CONNTRACK, libnetfilter_conntrack >= $LIBNETFILTER_CONNTRACK_REQUIRED, nfconntrack="yes", AC_MSG_ERROR(Cannot find libnetfilter_conntrack >= $LIBNETFILTER_CONNTRACK_REQUIRED to build NFCT plugin)) + fi + + if test "$enable_nflog" = "yes"; then + PKG_CHECK_MODULES(LIBNETFILTER_LOG, libnetfilter_log >= $LIBNETFILTER_LOG_REQUIRED, nflog="yes", AC_MSG_ERROR(Cannot find libnetfilter_log >= $LIBNETFILTER_LOG_REQUIRED to build NFLOG plugin)) + fi +fi + +AM_CONDITIONAL(HAVE_LIBNFCONNTRACK, test "x$nfnetlink" != "x" -a "x$nfconntrack" != "x") +AM_CONDITIONAL(HAVE_LIBNFLOG, test "x$nfnetlink" != "x" -a "x$nflog" != "x") CT_CHECK_POSTGRES_DB() AM_CONDITIONAL(HAVE_PGSQL, test "x$PQLIBPATH" != "x") diff --git a/input/flow/Makefile.am b/input/flow/Makefile.am index 288d335..0751807 100644 --- a/input/flow/Makefile.am +++ b/input/flow/Makefile.am @@ -2,11 +2,13 @@ INCLUDES = $(all_includes) -I$(top_srcdir)/include AM_CFLAGS=-fPIC -Wall +if HAVE_LIBNFCONNTRACK pkglib_LTLIBRARIES = ulogd_inpflow_NFCT.la # ulogd_inpflow_IPFIX.la ulogd_inpflow_NFCT_la_SOURCES = ulogd_inpflow_NFCT.c ulogd_inpflow_NFCT_la_LDFLAGS = -module $(LIBNETFILTER_CONNTRACK_LIBS) ulogd_inpflow_NFCT_la_CFLAGS = $(AM_CFLAGS) $(LIBNETFILTER_CONNTRACK_CFLAGS) +endif #ulogd_inpflow_IPFIX_la_SOURCES = ulogd_inpflow_IPFIX.c #ulogd_inpflow_IPFIX_la_LDFLAGS = -module diff --git a/input/packet/Makefile.am b/input/packet/Makefile.am index a07f724..9f9a89c 100644 --- a/input/packet/Makefile.am +++ b/input/packet/Makefile.am @@ -3,11 +3,16 @@ INCLUDES = $(all_includes) -I$(top_srcdir)/include AM_CFLAGS=-fPIC -Wall LIBS= +if HAVE_LIBNFLOG pkglib_LTLIBRARIES = ulogd_inppkt_NFLOG.la ulogd_inppkt_ULOG.la ulogd_inppkt_NFLOG_la_SOURCES = ulogd_inppkt_NFLOG.c ulogd_inppkt_NFLOG_la_LDFLAGS = -module $(LIBNETFILTER_LOG_LIBS) ulogd_inppkt_NFLOG_la_CFLAGS = $(AM_CFLAGS) $(LIBNETFILTER_LOG_CFLAGS) +else +pkglib_LTLIBRARIES = ulogd_inppkt_ULOG.la +endif + ulogd_inppkt_ULOG_la_SOURCES = ulogd_inppkt_ULOG.c ulogd_inppkt_ULOG_la_LDFLAGS = -module -- 1.5.4.3 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal 2008-09-11 22:15 ` Eric Leblond 2008-09-11 22:35 ` Pablo Neira Ayuso @ 2008-09-12 2:39 ` Jan Engelhardt 1 sibling, 0 replies; 8+ messages in thread From: Jan Engelhardt @ 2008-09-12 2:39 UTC (permalink / raw) To: Eric Leblond; +Cc: Pablo Neira Ayuso, netfilter-devel On Thursday 2008-09-11 18:15, Eric Leblond wrote: >Hello, >On Thursday, 2008 September 11 at 23:56:57 +0200, Pablo Neira Ayuso wrote: >> Eric Leblond wrote: >> > This patch modifies the build system behaviour to be able to compile >> > ulogd on system without recent release of libnetfilter library. If >> > a library is absent or too old, it will simply not compile the concerned >> > input module. >> >> I don't see any gain from this patch. We had this sort of conditional >> compilation in iptables - that we finally removed - and it was source of >> user-side problems. > >Hmm, even if you think autodetection is a mistake, it is useful to >be able to compile ulogd on system where NFLOG or NFCT is not installed >or not usable (too old kernel). That's just what iptables does. It ships the necessary header files to compile even if things are not present in the kernel. ...And then autodetection becomes useless. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2008-09-13 11:13 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-09-11 20:48 [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal Eric Leblond 2008-09-11 21:56 ` Pablo Neira Ayuso 2008-09-11 22:15 ` Eric Leblond 2008-09-11 22:35 ` Pablo Neira Ayuso 2008-09-12 6:53 ` Eric Leblond 2008-09-12 11:02 ` Pablo Neira Ayuso 2008-09-13 11:13 ` [ULOGD2 PATCH] Add flags to disable NFLOG or NFCT at configure time Eric Leblond 2008-09-12 2:39 ` [ULOGD2 PATCH 2/3] Make NFLOG and NFCT build conditionnal Jan Engelhardt
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.