* [PATCHv2] iptables: link against libnetfilter_conntrack @ 2013-08-13 16:37 Gustavo Zacarias 2013-08-13 18:59 ` Florian Westphal 2013-08-13 19:02 ` Jan Engelhardt 0 siblings, 2 replies; 8+ messages in thread From: Gustavo Zacarias @ 2013-08-13 16:37 UTC (permalink / raw) To: netfilter-devel; +Cc: Gustavo Zacarias When libnetfilter_conntrack is available iptables needs to link against it otherwise we get build failures. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> --- iptables/Makefile.am | 3 +++ 1 file changed, 3 insertions(+) diff --git a/iptables/Makefile.am b/iptables/Makefile.am index a4246eb..6390b7c 100644 --- a/iptables/Makefile.am +++ b/iptables/Makefile.am @@ -21,6 +21,9 @@ xtables_multi_SOURCES += ip6tables-save.c ip6tables-restore.c \ xtables_multi_CFLAGS += -DENABLE_IPV6 xtables_multi_LDADD += ../libiptc/libip6tc.la ../extensions/libext6.a endif +if HAVE_LIBNETFILTER_CONNTRACK +xtables_multi_LDADD += @libnetfilter_conntrack_LIBS@ +endif xtables_multi_SOURCES += xshared.c xtables_multi_LDADD += ../libxtables/libxtables.la -lm -- 1.8.1.5 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCHv2] iptables: link against libnetfilter_conntrack 2013-08-13 16:37 [PATCHv2] iptables: link against libnetfilter_conntrack Gustavo Zacarias @ 2013-08-13 18:59 ` Florian Westphal 2013-08-13 19:02 ` Jan Engelhardt 1 sibling, 0 replies; 8+ messages in thread From: Florian Westphal @ 2013-08-13 18:59 UTC (permalink / raw) To: Gustavo Zacarias; +Cc: netfilter-devel Gustavo Zacarias <gustavo@zacarias.com.ar> wrote: > When libnetfilter_conntrack is available iptables needs to link > against it otherwise we get build failures. Again, I doubt that this is the case. The only caller of libnetfilter_conntrack functions is libxt_connlabel, and that is not tied to the xtables-multi binary, UNLESS you build with --enable-static (which puts the extensions into the executable). So, afaiu, we should not need -lnetfilter_conntrack in the !ENABLE_STATIC case. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCHv2] iptables: link against libnetfilter_conntrack 2013-08-13 16:37 [PATCHv2] iptables: link against libnetfilter_conntrack Gustavo Zacarias 2013-08-13 18:59 ` Florian Westphal @ 2013-08-13 19:02 ` Jan Engelhardt 2013-08-13 20:42 ` Florian Westphal 2013-08-23 20:03 ` Florian Westphal 1 sibling, 2 replies; 8+ messages in thread From: Jan Engelhardt @ 2013-08-13 19:02 UTC (permalink / raw) To: Gustavo Zacarias; +Cc: netfilter-devel On Tuesday 2013-08-13 18:37, Gustavo Zacarias wrote: >diff --git a/iptables/Makefile.am b/iptables/Makefile.am >index a4246eb..6390b7c 100644 >--- a/iptables/Makefile.am >+++ b/iptables/Makefile.am >@@ -21,6 +21,9 @@ xtables_multi_SOURCES += ip6tables-save.c ip6tables-restore.c \ > xtables_multi_CFLAGS += -DENABLE_IPV6 > xtables_multi_LDADD += ../libiptc/libip6tc.la ../extensions/libext6.a > endif >+if HAVE_LIBNETFILTER_CONNTRACK >+xtables_multi_LDADD += @libnetfilter_conntrack_LIBS@ >+endif > xtables_multi_SOURCES += xshared.c > xtables_multi_LDADD += ../libxtables/libxtables.la -lm The righteous patch would be something like the following. It's libxtables.la(libxt_connlabel.o) uses the lib, not the main program. As for -lm, *both* the main program and libxtables.la(static-plugins) use math funcs. If libnetfilter_conntrack is not found, @libnetfilter_conntrack_CFLAGS@ and @libnetfilter_conntrack_LIBS@ (and their ${} ones) should be empty, therefore producing no harm to include unconditionally. diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in index 14e7c57..780e715 100644 --- a/extensions/GNUmakefile.in +++ b/extensions/GNUmakefile.in @@ -21,7 +21,7 @@ regular_CPPFLAGS = @regular_CPPFLAGS@ kinclude_CPPFLAGS = @kinclude_CPPFLAGS@ AM_CFLAGS = ${regular_CFLAGS} -AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_builddir} -I${top_srcdir}/include ${kinclude_CPPFLAGS} +AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_builddir} -I${top_srcdir}/include ${kinclude_CPPFLAGS} @libnetfilter_conntrack_CFLAGS@ AM_DEPFLAGS = -Wp,-MMD,$(@D)/.$(@F).d,-MT,$@ AM_LDFLAGS = @noundef_LDFLAGS@ @@ -93,7 +93,7 @@ lib%.so: lib%.oo ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< -L../libxtables/.libs -lxtables ${$*_LIBADD}; lib%.oo: ${srcdir}/lib%.c - ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} ${$*_CFLAGADD} -o $@ -c $<; + ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<; libxt_NOTRACK.so: libxt_CT.so ln -fs $< $@ @@ -103,9 +103,7 @@ libxt_state.so: libxt_conntrack.so # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD xt_RATEEST_LIBADD = -lm xt_statistic_LIBADD = -lm -@HAVE_LIBNETFILTER_CONNTRACK_TRUE@xt_connlabel_LIBADD = @libnetfilter_conntrack_LIBS@ - -@HAVE_LIBNETFILTER_CONNTRACK_TRUE@xt_connlabel_CFLAGADD = @libnetfilter_conntrack_CFLAGS@ +xt_connlabel_LIBADD = @libnetfilter_conntrack_LIBS@ # # Static bits diff --git a/libxtables/Makefile.am b/libxtables/Makefile.am index c5795fe..4267cb5 100644 --- a/libxtables/Makefile.am +++ b/libxtables/Makefile.am @@ -10,7 +10,7 @@ libxtables_la_LIBADD = if ENABLE_STATIC # With --enable-static, shipped extensions are linked into the main executable, # so we need all the LIBADDs here too -libxtables_la_LIBADD += -lm +libxtables_la_LIBADD += -lm ${libnetfilter_conntrack_LIBS} endif if ENABLE_SHARED libxtables_la_CFLAGS = ${AM_CFLAGS} ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCHv2] iptables: link against libnetfilter_conntrack 2013-08-13 19:02 ` Jan Engelhardt @ 2013-08-13 20:42 ` Florian Westphal 2013-08-14 1:13 ` Gustavo Zacarias 2013-08-23 20:03 ` Florian Westphal 1 sibling, 1 reply; 8+ messages in thread From: Florian Westphal @ 2013-08-13 20:42 UTC (permalink / raw) To: Jan Engelhardt; +Cc: Gustavo Zacarias, netfilter-devel Jan Engelhardt <jengelh@inai.de> wrote: > The righteous patch would be something like the following. Gustavo, could you please test Jans patch and report back if that fixes the build for you? [..] > If libnetfilter_conntrack is not found, @libnetfilter_conntrack_CFLAGS@ > and @libnetfilter_conntrack_LIBS@ (and their ${} ones) should be empty, > therefore producing no harm to include unconditionally. Good point... ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCHv2] iptables: link against libnetfilter_conntrack 2013-08-13 20:42 ` Florian Westphal @ 2013-08-14 1:13 ` Gustavo Zacarias 2013-08-14 14:46 ` Jan Engelhardt 0 siblings, 1 reply; 8+ messages in thread From: Gustavo Zacarias @ 2013-08-14 1:13 UTC (permalink / raw) To: Florian Westphal; +Cc: Jan Engelhardt, netfilter-devel On 08/13/2013 05:42 PM, Florian Westphal wrote: > Gustavo, could you please test Jans patch and report back > if that fixes the build for you? Yes, works for the three combinations (shared, static, shared+static). But shouldn't @libnetfilter_conntrack_CFLAGS@ be added to AM_CFLAGS rather than AM_CPPFLAGS for correctness? Regards. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCHv2] iptables: link against libnetfilter_conntrack 2013-08-14 1:13 ` Gustavo Zacarias @ 2013-08-14 14:46 ` Jan Engelhardt 0 siblings, 0 replies; 8+ messages in thread From: Jan Engelhardt @ 2013-08-14 14:46 UTC (permalink / raw) To: Gustavo Zacarias; +Cc: Florian Westphal, netfilter-devel On Wednesday 2013-08-14 03:13, Gustavo Zacarias wrote: >On 08/13/2013 05:42 PM, Florian Westphal wrote: > >> Gustavo, could you please test Jans patch and report back >> if that fixes the build for you? > >Yes, works for the three combinations (shared, static, shared+static). >But shouldn't @libnetfilter_conntrack_CFLAGS@ be added to AM_CFLAGS >rather than AM_CPPFLAGS for correctness? pkgconfig does not distinguish between preprocessor and compiler flags. pkgconfig's Cflags field is most often used for preprocessor directives, and most .pc files do not contain any compiler flags either for good reason, because handing out those (particularly -f and -m) could conflict with one's own program. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCHv2] iptables: link against libnetfilter_conntrack 2013-08-13 19:02 ` Jan Engelhardt 2013-08-13 20:42 ` Florian Westphal @ 2013-08-23 20:03 ` Florian Westphal 2013-12-24 16:00 ` Ed W 1 sibling, 1 reply; 8+ messages in thread From: Florian Westphal @ 2013-08-23 20:03 UTC (permalink / raw) To: Jan Engelhardt; +Cc: Gustavo Zacarias, netfilter-devel Jan Engelhardt <jengelh@inai.de> wrote: > On Tuesday 2013-08-13 18:37, Gustavo Zacarias wrote: > >diff --git a/iptables/Makefile.am b/iptables/Makefile.am > >index a4246eb..6390b7c 100644 > >--- a/iptables/Makefile.am > >+++ b/iptables/Makefile.am > >@@ -21,6 +21,9 @@ xtables_multi_SOURCES += ip6tables-save.c ip6tables-restore.c \ > > xtables_multi_CFLAGS += -DENABLE_IPV6 > > xtables_multi_LDADD += ../libiptc/libip6tc.la ../extensions/libext6.a > > endif > >+if HAVE_LIBNETFILTER_CONNTRACK > >+xtables_multi_LDADD += @libnetfilter_conntrack_LIBS@ > >+endif > > xtables_multi_SOURCES += xshared.c > > xtables_multi_LDADD += ../libxtables/libxtables.la -lm > > The righteous patch would be something like the following. [..] Applied to stable-1.4.20, thanks everyone. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCHv2] iptables: link against libnetfilter_conntrack 2013-08-23 20:03 ` Florian Westphal @ 2013-12-24 16:00 ` Ed W 0 siblings, 0 replies; 8+ messages in thread From: Ed W @ 2013-12-24 16:00 UTC (permalink / raw) To: Florian Westphal, Jan Engelhardt; +Cc: Gustavo Zacarias, netfilter-devel On 23/08/2013 21:03, Florian Westphal wrote: > Jan Engelhardt <jengelh@inai.de> wrote: >> On Tuesday 2013-08-13 18:37, Gustavo Zacarias wrote: >>> diff --git a/iptables/Makefile.am b/iptables/Makefile.am >>> index a4246eb..6390b7c 100644 >>> --- a/iptables/Makefile.am >>> +++ b/iptables/Makefile.am >>> @@ -21,6 +21,9 @@ xtables_multi_SOURCES += ip6tables-save.c ip6tables-restore.c \ >>> xtables_multi_CFLAGS += -DENABLE_IPV6 >>> xtables_multi_LDADD += ../libiptc/libip6tc.la ../extensions/libext6.a >>> endif >>> +if HAVE_LIBNETFILTER_CONNTRACK >>> +xtables_multi_LDADD += @libnetfilter_conntrack_LIBS@ >>> +endif >>> xtables_multi_SOURCES += xshared.c >>> xtables_multi_LDADD += ../libxtables/libxtables.la -lm >> The righteous patch would be something like the following. > [..] > > Applied to stable-1.4.20, thanks everyone. I don't see this patch in release 1.4.21 ? Can you please confirm (and pull code to master if necessary) Thanks Ed W ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2013-12-24 16:10 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-08-13 16:37 [PATCHv2] iptables: link against libnetfilter_conntrack Gustavo Zacarias 2013-08-13 18:59 ` Florian Westphal 2013-08-13 19:02 ` Jan Engelhardt 2013-08-13 20:42 ` Florian Westphal 2013-08-14 1:13 ` Gustavo Zacarias 2013-08-14 14:46 ` Jan Engelhardt 2013-08-23 20:03 ` Florian Westphal 2013-12-24 16:00 ` Ed W
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).