On Wed, Jun 01, 2016 at 10:16:18PM +0200, Laura Garcia wrote:
> On Wed, Jun 01, 2016 at 04:43:45PM +0200, Arturo Borrero Gonzalez wrote:
> > On 31 May 2016 at 20:26, Laura Garcia Liebana <nevola@xxxxxxxxx> wrote:
> > > +static int __multiport_xlate_v1(const void *ip,
> > > + const struct xt_entry_match *match,
> > > + struct xt_xlate *xl, int numeric)
> > > +{
> > > + const struct xt_multiport_v1 *multiinfo
> > > + = (const struct xt_multiport_v1 *)match->data;
> > > + unsigned int i;
> > > +
> > > + switch (multiinfo->flags) {
> > > + case XT_MULTIPORT_SOURCE:
> > > + xt_xlate_add(xl, "sport ");
> > > + break;
> > > + case XT_MULTIPORT_DESTINATION:
> > > + xt_xlate_add(xl, "dport ");
> > > + break;
> > > + case XT_MULTIPORT_EITHER:
> > > + return 0;
> > > + }
> > > +
> > > + if (multiinfo->invert)
> > > + xt_xlate_add(xl, "!= ");
> > > +
> > > + if (multiinfo->count > 2 ||
> > > + (multiinfo->count > 1 && !multiinfo->pflags[0])) {
> > > + xt_xlate_add(xl, "{ ");
> > > + if (multiinfo->invert)
> > > + return 0;
> > > + }
> > > +
> >
> > I fail to understand this return here
> >
> > Other than that, the patch looks good.
> >
>
> It's only to return a non-translation available for the != {} thing
> until is supported in nft.
I'd suggest you provide this already given that we'll soon have
support for this in nft.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
