iptables: correctly enable libnetfilter_conntrack support

This is done via configure option, and makes 0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch unnecessary, as both libnetfilter_conntrack and libnfnetlink are enabled in lockstep. (From OE-Core rev: 04ffb341864b443544e9f594248c0c785f601a55) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-26 18:32:13 +02:00 · 2024-05-16 13:26:38 +02:00
parent 640dafd0c4
commit c0c78a4cd1
2 changed files with 1 additions and 51 deletions
--- a/meta/recipes-extended/iptables/iptables/0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch
+++ b/meta/recipes-extended/iptables/iptables/0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch
@@ -1,49 +0,0 @@
-From 6832501bbb90a3dab977a4625d0391804c0e795c Mon Sep 17 00:00:00 2001
-From: "Maxin B. John" <maxin.john@intel.com>
-Date: Tue, 21 Feb 2017 11:49:07 +0200
-Subject: [PATCH] configure.ac:
- only-check-conntrack-when-libnfnetlink-enabled.patch
-
-Package libnetfilter-conntrack depends on package libnfnetlink. iptables
-checks package libnetfilter-conntrack whatever its package config
-libnfnetlink is enabled or not. When libnfnetlink is disabled but
-package libnetfilter-conntrack exists, it fails randomly with:
-
-In file included from
-.../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0:
-
-.../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42:
-fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory
-
-compilation terminated.
-GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed
-Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it.
-
-Upstream-Status: Pending
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
-
---
- configure.ac | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index d607772..25a8e75 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -159,10 +159,12 @@ if test "$nftables" != 1; then
- fi
- 
- if test "x$enable_connlabel" = "xyes"; then
-	PKG_CHECK_MODULES([libnetfilter_conntrack],
-+    nfconntrack=0
-+    AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
-+    PKG_CHECK_MODULES([libnetfilter_conntrack],
- 		[libnetfilter_conntrack >= 1.0.6],
- 		[nfconntrack=1], [nfconntrack=0])
-
-+    ])
- 	if test "$nfconntrack" -ne 1; then
- 		blacklist_modules="$blacklist_modules connlabel";
- 		echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
--- a/meta/recipes-extended/iptables/iptables_1.8.10.bb
+++ b/meta/recipes-extended/iptables/iptables_1.8.10.bb
@@ -14,7 +14,6 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.xz \
           file://ip6tables.service \
           file://ip6tables.rules \
           file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
-           file://0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch \
           "
 SRC_URI[sha256sum] = "5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c"

@@ -33,7 +32,7 @@ PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"

 # libnfnetlink recipe is in meta-networking layer
-PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack"
+PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink --enable-connlabel,--disable-libnfnetlink --disable-connlabel,libnfnetlink libnetfilter-conntrack"

 # libnftnl recipe is in meta-networking layer(previously known as libnftables)
 PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl"