[PATCH iptables] configure: Fix logic to show connlabel support

[PATCH iptables] configure: Fix logic to show connlabel support

[Shivani Bhardwaj]

With the earlier logic, when libnfnetlink and libnetfilter_conntrack
were not installed, all the warnings showed up correctly but the final
configuration showed:

            connlabel support:                      yes

which was faulty.
This was happening because connlabel module was blacklisted first and
then set to "no" if package requirements were not met.
After this patch, iptables configuration shows up correctly.

Fixes commit 3b7a227 (configure: Show support for connlabel)

Tested before and after installing the dependencies.

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index c91e9e7..131bc8b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -173,9 +173,9 @@ if test "x$enable_connlabel" = "xyes"; then
 		[nfconntrack=1], [nfconntrack=0])
 
 	if test "$nfconntrack" -ne 1; then
+		enable_connlabel="no";
 		blacklist_modules="$blacklist_modules connlabel";
 		echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
-		enable_connlabel = "no";
 	fi;
 else
 	blacklist_modules="$blacklist_modules connlabel";
-- 
2.7.4

Re: [PATCH iptables] configure: Fix logic to show connlabel support

[Florian Westphal]

Shivani Bhardwaj <shivanib134@gmail.com> wrote:
> With the earlier logic, when libnfnetlink and libnetfilter_conntrack
> were not installed, all the warnings showed up correctly but the final
> configuration showed:
> 
>             connlabel support:                      yes
> 
> which was faulty.
> This was happening because connlabel module was blacklisted first and
> then set to "no" if package requirements were not met.

its because ...

> diff --git a/configure.ac b/configure.ac
> index c91e9e7..131bc8b 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -173,9 +173,9 @@ if test "x$enable_connlabel" = "xyes"; then
>  		[nfconntrack=1], [nfconntrack=0])
>  
>  	if test "$nfconntrack" -ne 1; then
> +		enable_connlabel="no";
>  		blacklist_modules="$blacklist_modules connlabel";
>  		echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
> -		enable_connlabel = "no";

... of the space around the '=', shell tried to execute
'enable_connlabel' command here.

Re: [PATCH iptables] configure: Fix logic to show connlabel support

[Shivani Bhardwaj]

On Wed, Jun 22, 2016 at 10:00 PM, Florian Westphal <fw@strlen.de> wrote:
> Shivani Bhardwaj <shivanib134@gmail.com> wrote:
>> With the earlier logic, when libnfnetlink and libnetfilter_conntrack
>> were not installed, all the warnings showed up correctly but the final
>> configuration showed:
>>
>>             connlabel support:                      yes
>>
>> which was faulty.
>> This was happening because connlabel module was blacklisted first and
>> then set to "no" if package requirements were not met.
>
> its because ...
>
>> diff --git a/configure.ac b/configure.ac
>> index c91e9e7..131bc8b 100644
>> --- a/configure.ac
>> +++ b/configure.ac
>> @@ -173,9 +173,9 @@ if test "x$enable_connlabel" = "xyes"; then
>>               [nfconntrack=1], [nfconntrack=0])
>>
>>       if test "$nfconntrack" -ne 1; then
>> +             enable_connlabel="no";
>>               blacklist_modules="$blacklist_modules connlabel";
>>               echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built";
>> -             enable_connlabel = "no";
>
> ... of the space around the '=', shell tried to execute
> 'enable_connlabel' command here.

Thanks. I'm sorry for misinterpreting and writing the wrong message. I
shall resend the patch.