]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 15a7d71) | patch
rule: never merge across non-expression statements
authorFlorian Westphal <fw@strlen.de>
Thu, 28 Sep 2023 21:27:55 +0000 (23:27 +0200)
committerFlorian Westphal <fw@strlen.de>
Fri, 29 Sep 2023 10:36:33 +0000 (12:36 +0200)
commit99ab1b8feb16741a83fb8b887bacae8fa07d29a2
treec8b67d32aa10bac630c3a873b8128af873bf4e45tree
parent15a7d710dc892c0e68f118ca3e6106c84b30a83bcommit | diff
rule: never merge across non-expression statements

The existing logic can merge across non-expression statements,
if there is only one payload expression.

Example:
ether saddr 00:11:22:33:44:55 counter ether type 8021q

is turned into
counter ether saddr 00:11:22:33:44:55 ether type 8021q

which isn't the same thing.

Fix this up and add test cases for adjacent vlan and ip header
fields.  'Counter' serves as a non-merge fence.

Signed-off-by: Florian Westphal <fw@strlen.de>
src/rule.c diff | blob | blame | history
tests/py/bridge/vlan.t diff | blob | blame | history
tests/py/bridge/vlan.t.payload diff | blob | blame | history
tests/py/bridge/vlan.t.payload.netdev diff | blob | blame | history
tests/py/ip/ip.t diff | blob | blame | history
tests/py/ip/ip.t.payload diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables