On 31 May 2016 at 20:26, Laura Garcia Liebana <nevola@xxxxxxxxx> wrote:
> +static int __multiport_xlate_v1(const void *ip,
> + const struct xt_entry_match *match,
> + struct xt_xlate *xl, int numeric)
> +{
> + const struct xt_multiport_v1 *multiinfo
> + = (const struct xt_multiport_v1 *)match->data;
> + unsigned int i;
> +
> + switch (multiinfo->flags) {
> + case XT_MULTIPORT_SOURCE:
> + xt_xlate_add(xl, "sport ");
> + break;
> + case XT_MULTIPORT_DESTINATION:
> + xt_xlate_add(xl, "dport ");
> + break;
> + case XT_MULTIPORT_EITHER:
> + return 0;
> + }
> +
> + if (multiinfo->invert)
> + xt_xlate_add(xl, "!= ");
> +
> + if (multiinfo->count > 2 ||
> + (multiinfo->count > 1 && !multiinfo->pflags[0])) {
> + xt_xlate_add(xl, "{ ");
> + if (multiinfo->invert)
> + return 0;
> + }
> +
I fail to understand this return here
Other than that, the patch looks good.
> + for (i = 0; i < multiinfo->count; i++) {
> + xt_xlate_add(xl, "%s%u", i ? "," : "", multiinfo->ports[i]);
> + if (multiinfo->pflags[i])
> + xt_xlate_add(xl, "-%u", multiinfo->ports[++i]);
> + }
> +
> + if (multiinfo->count > 2 ||
> + (multiinfo->count > 1 && !multiinfo->pflags[0]))
> + xt_xlate_add(xl, "}");
> +
> + xt_xlate_add(xl, " ");
> +
> + return 1;
> +}
I missed this in previous revisions of your patch:
% iptables -A t -p tcp -m multiport --dports 80:100
% iptables -A t -p tcp -m multiport --dports 80:100,299:444
both rules are valid. This means that avoiding the single-element set
in the port-range case doesn't seems that important, sorry for that.
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
