]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 27c753e) | patch
optimize: ignore existing nat mapping
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 7 Feb 2023 09:53:41 +0000 (10:53 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 7 Feb 2023 10:39:16 +0000 (11:39 +0100)
commit9be404a153bc9525d52afabed622843717c37851
treedcae66af68d20766a9508186c97b594557366323tree | snapshot
parent27c753e4a8d4744f479345e3f5e34cafef751602commit | diff
optimize: ignore existing nat mapping

User might be already using a nat mapping in their ruleset, use the
unsupported statement when collecting statements in this case.

 # nft -c -o -f ruleset.nft
 nft: optimize.c:443: rule_build_stmt_matrix_stmts: Assertion `k >= 0' failed.
 Aborted

The -o/--optimize feature only cares about linear rulesets at this
stage, but do not hit assert() in this case.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1656
Fixes: 0a6dbfce6dc3 ("optimize: merge nat rules with same selectors into map")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/optimize.c diff | blob | blame | history
tests/shell/testcases/optimizations/dumps/merge_nat.nft diff | blob | blame | history
tests/shell/testcases/optimizations/merge_nat diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables