[pve-devel] [PATCH v2 firewall 2/2] let multiport parser return only a boolean

Mon, 12 Mar 2018 00:47:50 -0700 

Keep the count for internal checking only and just return
whether the multiport matcher is required.

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
Also fixes an undefined value usage in the new 'dport eq sport'
condition.

 src/PVE/Firewall.pm | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 54ad48a..0367d62 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1030,11 +1030,13 @@ sub parse_port_name_number_or_range {
 
     my $services = PVE::Firewall::get_etc_services();
     my $count = 0;
+    my $entries = 0;
     my $icmp_port = 0;
 
     my @elements = split(/,/, $str);
     die "extraneous commas in list\n" if $str ne join(',', @elements);
     foreach my $item (@elements) {
+       ++$entries;
        if ($item =~ m/^(\d+):(\d+)$/) {
            $count += 2;
            my ($port1, $port2) = ($1, $2);
@@ -1063,7 +1065,7 @@ sub parse_port_name_number_or_range {
     die "too many entries in port list (> 15 numbers)\n"
        if $count > 15;
 
-    return $count;
+    return ($entries>1);
 }
 
 PVE::JSONSchema::register_format('pve-fw-sport-spec', 
\&pve_fw_verify_sport_spec);
@@ -1885,14 +1887,14 @@ sub ipt_rule_to_cmds {
        if (my $proto = $rule->{proto}) {
            push @match, "-p $proto";
 
-           my $nbdport = defined($rule->{dport}) ? 
parse_port_name_number_or_range($rule->{dport}, 1) : 0;
-           my $nbsport = defined($rule->{sport}) ? 
parse_port_name_number_or_range($rule->{sport}, 0) : 0;
+           my $multidport = defined($rule->{dport}) && 
parse_port_name_number_or_range($rule->{dport}, 1);
+           my $multisport = defined($rule->{sport}) && 
parse_port_name_number_or_range($rule->{sport}, 0);
 
            # 0 = no multiport
            # 1 = multiport with different src and dst port ranges
            # 2 = multiport with identical port ranges
-           my $multiport = ($nbdport > 1) || ($nbsport > 1);
-           $multiport++ if $multiport && ($rule->{dport} eq $rule->{sport});
+           my $multiport = ($multidport || $multisport) ? 1 : 0;
+           $multiport++ if $multidport && $multisport && $rule->{dport} eq 
$rule->{sport};
 
            if ($rule->{dport}) {
                if ($proto eq 'icmp') {
-- 
2.11.0


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to