optimize: Restore optimization for raw payload expressions

This patch reverts d0f14b5337e7 ("optimize: do not merge raw payload
expressions") after adding support for concatenation with variable
length TYPE_INTEGER.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/optimize.c b/src/optimize.c
index 7a268c452226e41d0f7dd1e8cbab90594c5f3581..4ad25fab6be44b3997baac098cc4387ceae2c066 100644 (file)
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -40,9 +40,6 @@ static bool __expr_cmp(const struct expr *expr_a, const struct expr *expr_b)
 
        switch (expr_a->etype) {
        case EXPR_PAYLOAD:
-               /* disable until concatenation with integer works. */
-               if (expr_a->payload.is_raw || expr_b->payload.is_raw)
-                       return false;
                if (expr_a->payload.base != expr_b->payload.base)
                        return false;
                if (expr_a->payload.offset != expr_b->payload.offset)

diff --git a/tests/shell/testcases/optimizations/dumps/merge_vmap_raw.nft b/tests/shell/testcases/optimizations/dumps/merge_vmap_raw.nft
new file mode 100644 (file)
index 0000000..1884711
--- /dev/null
+++ b/tests/shell/testcases/optimizations/dumps/merge_vmap_raw.nft
@@ -0,0 +1,31 @@
+table inet x {
+       chain nat_dns_dnstc {
+               meta l4proto udp redirect to :5300
+               drop
+       }
+
+       chain nat_dns_this_5301 {
+               meta l4proto udp redirect to :5301
+               drop
+       }
+
+       chain nat_dns_saturn_5301 {
+               meta nfproto ipv4 meta l4proto udp dnat ip to 240.0.1.2:5301
+               drop
+       }
+
+       chain nat_dns_saturn_5302 {
+               meta nfproto ipv4 meta l4proto udp dnat ip to 240.0.1.2:5302
+               drop
+       }
+
+       chain nat_dns_saturn_5303 {
+               meta nfproto ipv4 meta l4proto udp dnat ip to 240.0.1.2:5303
+               drop
+       }
+
+       chain nat_dns_acme {
+               udp length . @th,160,128 vmap { 47-63 . 0xe373135363130333131303735353203 : goto nat_dns_dnstc, 62-78 . 0xe31393032383939353831343037320e : goto nat_dns_this_5301, 62-78 . 0xe31363436323733373931323934300e : goto nat_dns_saturn_5301, 62-78 . 0xe32393535373539353636383732310e : goto nat_dns_saturn_5302, 62-78 . 0xe38353439353637323038363633390e : goto nat_dns_saturn_5303 }
+               drop
+       }
+}

diff --git a/tests/shell/testcases/optimizations/merge_vmap_raw b/tests/shell/testcases/optimizations/merge_vmap_raw
new file mode 100755 (executable)
index 0000000..f3dc072
--- /dev/null
+++ b/tests/shell/testcases/optimizations/merge_vmap_raw
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table inet x {
+       chain nat_dns_dnstc     { meta l4proto udp redirect to :5300 ; drop ; }
+        chain nat_dns_this_5301 { meta l4proto udp redirect to :5301 ; drop ; }
+        chain nat_dns_saturn_5301  { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5301 ; drop ; }
+        chain nat_dns_saturn_5302  { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5302 ; drop ; }
+        chain nat_dns_saturn_5303  { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5303 ; drop ; }
+
+        chain nat_dns_acme {
+                udp length 47-63 @th,160,128 0x0e373135363130333131303735353203 \
+                        goto nat_dns_dnstc
+
+                udp length 62-78 @th,160,128 0x0e31393032383939353831343037320e \
+                        goto nat_dns_this_5301
+
+                udp length 62-78 @th,160,128 0x0e31363436323733373931323934300e \
+                        goto nat_dns_saturn_5301
+
+                udp length 62-78 @th,160,128 0x0e32393535373539353636383732310e \
+                        goto nat_dns_saturn_5302
+
+                udp length 62-78 @th,160,128 0x0e38353439353637323038363633390e \
+                        goto nat_dns_saturn_5303
+
+                drop
+        }
+}"
+
+$NFT -o -f - <<< $RULESET