git.ipfire.org Git - thirdparty/nftables.git/commit

]> git.ipfire.org Git - thirdparty/nftables.git/commit

projects / thirdparty / nftables.git / commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 21 Feb 2025 23:32:11 +0000 (00:32 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 17 Jun 2025 09:28:43 +0000 (11:28 +0200)
commit	0a7411e2525dddfec7d9094b99d5a71368241f7a
tree	bf63cdb253f25ea90a5ed9fa42381ecd50aac4d6	tree \| snapshot
parent	8d1e2d3efc30f87c146c7c12dac1b3c3636c854a	commit \| diff

evaluate: optimize zero length range

commit deda274293f80f9718de4cbb416bd2b2bf296709 upstream.

A rule like the following:

... tcp dport 22-22 ...

results in a range expression to match from 22 to 22.

Simplify to singleton value so a cmp is used instead.

This optimization already exists in set elements which might explain
this overlook.

Fixes: 7a6e16040d65 ("evaluate: allow for zero length ranges")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/evaluate.c

diff | blob | blame | history

Mirror of git://git.netfilter.org/nftables

RSS Atom