git.ipfire.org Git - thirdparty/nftables.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 28 Sep 2023 21:27:55 +0000 (23:27 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 3 Nov 2023 11:24:21 +0000 (12:24 +0100)
commit	dc36708b9b209823f3ee8912f1d72c272bbd36da
tree	adfb72a46bd3c3ab2036a210007ea87b0e1cc0a6	tree \| snapshot
parent	fba8fbeb18225f9d4952fa61fb5a263ae07a26ee	commit \| diff

rule: never merge across non-expression statements

commit 99ab1b8feb16741a83fb8b887bacae8fa07d29a2 upstream.

The existing logic can merge across non-expression statements,
if there is only one payload expression.

Example:
ether saddr 00:11:22:33:44:55 counter ether type 8021q

is turned into
counter ether saddr 00:11:22:33:44:55 ether type 8021q

which isn't the same thing.

Fix this up and add test cases for adjacent vlan and ip header
fields. 'Counter' serves as a non-merge fence.

Signed-off-by: Florian Westphal <fw@strlen.de>

src/rule.c		diff \| blob \| blame \| history
tests/py/bridge/vlan.t		diff \| blob \| blame \| history
tests/py/bridge/vlan.t.payload		diff \| blob \| blame \| history
tests/py/bridge/vlan.t.payload.netdev		diff \| blob \| blame \| history
tests/py/ip/ip.t		diff \| blob \| blame \| history
tests/py/ip/ip.t.payload		diff \| blob \| blame \| history