On Sat, Aug 16, 2008 at 9:09 AM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote:
>
>>I encountered this issue when I debugging a match. Its parse function
>>is like this:
>>
>>parse(...)
>>{
>> if (*flags)
>> error...;
>> switch (c) {
>> case 'a':
>> ....
>> break;
>> default:
>> return 0;
>> }
>> *flags = 1;
>>
>> return 1;
>>}
>>
>>it will fail if there is another kinds of match after it, as all the
>>options not belong to it are parsed to its parse function. I think it
>>is the reason why default branch in switch exists. I make things a
>>little different from my original thought.
>
> Why should it fail?
> Once you gave -m secondmatch, you OBVIOUSLY want options
> from the second one, and rarely from the first.
>
The match mentioned above applies one option only. When the option is
got, *flags will be set to 1, to avoid being set second time. Before
checking c, I check the value of *flags first, if it is set, report an
error and exit directly. However, if there is another kind of match
after it, iptables will pass the new options to every matches one by
one until one eats it. When the parse function gets a option doesn't
belong to it, it finds *flags is set, then error is reported.
for (matchp = matches; matchp; matchp = matchp->
next) {
if (matchp->completed)
continue;
if (matchp->match->parse(c - matchp->mat
ch->option_offset,
argv, invert,
&matchp->match->mflags,
&fw,
&fw.nfcache,
&matchp->match->m))
break;
}
--
Regards,
Changli Gao(xiaosuo@xxxxxxxxx)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
