evaluate: optimize zero length range

A rule like the following:

  ... tcp dport 22-22 ...

results in a range expression to match from 22 to 22.

Simplify to singleton value so a cmp is used instead.

This optimization already exists in set elements which might explain
this overlook.

Fixes: 7a6e16040d65 ("evaluate: allow for zero length ranges")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index ddc46754fc675556b73c34a22aab6a37dc0bdf13..ee66b93d7c231a39b3a8ec971c651e2f95b7c132 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1305,12 +1305,12 @@ static int __expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
        return 0;
 }
 
-static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
+static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **exprp)
 {
-       struct expr *range = *expr, *left, *right;
+       struct expr *range = *exprp, *left, *right;
        int rc;
 
-       rc = __expr_evaluate_range(ctx, expr);
+       rc = __expr_evaluate_range(ctx, exprp);
        if (rc)
                return rc;
 
@@ -1320,6 +1320,12 @@ static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
        if (mpz_cmp(left->value, right->value) > 0)
                return expr_error(ctx->msgs, range, "Range negative size");
 
+       if (mpz_cmp(left->value, right->value) == 0) {
+               *exprp = expr_get(left);
+               expr_free(range);
+               return 0;
+       }
+
        datatype_set(range, left->dtype);
        range->flags |= EXPR_F_CONSTANT;
        return 0;