Re: using connlabel match

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: using connlabel match
       [not found] <CAKHNQQF6-3OgGbnF5=Wm46-=d0j80ExwiEVV7Rrm6czLT4YHGw@mail.gmail.com>
@ 2016-03-05 12:37 ` Pablo Neira Ayuso
  0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2016-03-05 12:37 UTC (permalink / raw)
  To: Shivani Bhardwaj; +Cc: netfilter-devel

Hi Shivani,

On Fri, Mar 04, 2016 at 04:05:24AM +0530, Shivani Bhardwaj wrote:
> Hi Pablo,
> 
> connlabel match never loads. It shows
> iptables v1.6.0: Couldn't load match `connlabel':No such file or directory
> 
> I see this conversation here:
> https://patchwork.ozlabs.org/patch/386215/ and the patch which causes
> this http://git.netfilter.org/iptables/commit/?id=51340f7b6a1103b12d86ef488f7140406d80401e.
> However, Florian sent a patch to deal with this
> http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e.
> May be I'm doing it all wrong. I'm not sure how connlabel should be
> used. Could you please clarify?

Please, check that you have libnetfilter_conntrack and by when you
call iptables ./configure it doesn't show that connlabel is enabled.

        WARNING: libnetfilter_conntrack not found, connlabel match will not be built

It would be good to fix this in configure.ac in iptables so the
iptables configuration shows that connlabel support is on/off.

Iptables Configuration:                                                          
  IPv4 support:                         ${enable_ipv4}                           
  IPv6 support:                         ${enable_ipv6}                           
  Devel support:                        ${enable_devel}                          
  IPQ support:                          ${enable_libipq}                         
  Large file support:                   ${enable_largefile}                      
  BPF utils support:                    ${enable_bpfc}                           
  nfsynproxy util support:              ${enable_nfsynproxy}                     
  nftables support:                     ${enable_nftables}                       
                                                                                 
Build parameters:                                                                
  Put plugins into executable (static): ${enable_static}                         
  Support plugins via dlopen (shared):  ${enable_shared}                         
  Installation prefix (--prefix):       ${prefix}                                
  Xtables extension directory:          ${e_xtlibdir}                            
  Pkg-config directory:                 ${e_pkgconfigdir}"  

Would you mind sending a patch for configure.ac in iptables?

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2016-03-05 12:37 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <CAKHNQQF6-3OgGbnF5=Wm46-=d0j80ExwiEVV7Rrm6czLT4YHGw@mail.gmail.com>
2016-03-05 12:37 ` using connlabel match Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).