optimize: merging concatenation is unsupported

author Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 9 Aug 2022 20:18:14 +0000 (22:18 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Thu, 11 Aug 2022 14:23:15 +0000 (16:23 +0200)
author Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 9 Aug 2022 20:18:14 +0000 (22:18 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Thu, 11 Aug 2022 14:23:15 +0000 (16:23 +0200)
diff --git a/src/optimize.c b/src/optimize.c

index 2340ef466fc004b3be301403fa2f539379d92d28..419a37f2bb20516f15bd7e5f8e62390abdc9c906 100644 (file)
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -352,6 +352,10 @@ static int rule_collect_stmts(struct optimize_ctx *ctx, struct rule *rule)
                                 clone->ops = &unsupported_stmt_ops;
                                 break;
                         }
+                       if (stmt->expr->left->etype == EXPR_CONCAT) {
+                               clone->ops = &unsupported_stmt_ops;
+                               break;
+                       }
                 case STMT_VERDICT:
                         clone->expr = expr_get(stmt->expr);
                         break;
diff --git a/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft b/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft

index 6dbfff2e15fc80c0bd7670f87d799143a09d9196..15cfa7e85c3375634e58af80cf594c8739026cff 100644 (file)
--- a/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft
+++ b/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft
@@ -1,5 +1,6 @@
  table ip x {
         chain y {
                 iifname . ip saddr . ip daddr { "eth1" . 1.1.1.1 . 2.2.2.3, "eth1" . 1.1.1.2 . 2.2.2.4, "eth2" . 1.1.1.3 . 2.2.2.5 } accept
+               ip protocol . th dport { tcp . 22, udp . 67 }
         }
  }
diff --git a/tests/shell/testcases/optimizations/merge_stmts_concat b/tests/shell/testcases/optimizations/merge_stmts_concat

index 941e9a5aa8229ae92efbbf4225b8882b9bde3da7..623fdff9a6494ff0bb67771c641c42cd9497e603 100755 (executable)
--- a/tests/shell/testcases/optimizations/merge_stmts_concat
+++ b/tests/shell/testcases/optimizations/merge_stmts_concat
@@ -7,6 +7,7 @@ RULESET="table ip x {
                 meta iifname eth1 ip saddr 1.1.1.1 ip daddr 2.2.2.3 accept
                 meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.2.4 accept
                 meta iifname eth2 ip saddr 1.1.1.3 ip daddr 2.2.2.5 accept
+               ip protocol . th dport { tcp . 22, udp . 67 }
         }
  }"
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 9 Aug 2022 20:18:14 +0000 (22:18 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 11 Aug 2022 14:23:15 +0000 (16:23 +0200)
src/optimize.c		patch \| blob \| blame \| history
tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft		patch \| blob \| blame \| history
tests/shell/testcases/optimizations/merge_stmts_concat		patch \| blob \| blame \| history