[pve-devel] [PATCH v3 firewall 2/2] let multiport parser return only a boolean

[Wolfgang Bumiller]

Keep the count for internal checking only and just return
whether the multiport matcher is required.

Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
Changes: don't $count, we already have an array...

 src/PVE/Firewall.pm | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 54ad48a..4878233 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1063,7 +1063,7 @@ sub parse_port_name_number_or_range {
     die "too many entries in port list (> 15 numbers)\n"
 	if $count > 15;
 
-    return $count;
+    return (scalar(@elements) > 1);
 }
 
 PVE::JSONSchema::register_format('pve-fw-sport-spec', \&pve_fw_verify_sport_spec);
@@ -1885,14 +1885,14 @@ sub ipt_rule_to_cmds {
 	if (my $proto = $rule->{proto}) {
 	    push @match, "-p $proto";
 
-	    my $nbdport = defined($rule->{dport}) ? parse_port_name_number_or_range($rule->{dport}, 1) : 0;
-	    my $nbsport = defined($rule->{sport}) ? parse_port_name_number_or_range($rule->{sport}, 0) : 0;
+	    my $multidport = defined($rule->{dport}) && parse_port_name_number_or_range($rule->{dport}, 1);
+	    my $multisport = defined($rule->{sport}) && parse_port_name_number_or_range($rule->{sport}, 0);
 
 	    # 0 = no multiport
 	    # 1 = multiport with different src and dst port ranges
 	    # 2 = multiport with identical port ranges
-	    my $multiport = ($nbdport > 1) || ($nbsport > 1);
-	    $multiport++ if $multiport && ($rule->{dport} eq $rule->{sport});
+	    my $multiport = ($multidport || $multisport) ? 1 : 0;
+	    $multiport++ if $multidport && $multisport && $rule->{dport} eq $rule->{sport};
 
 	    if ($rule->{dport}) {
 		if ($proto eq 'icmp') {
-- 
2.11.0