optimize: remove comment after merging

Remove rule comment after merging rules, let the user decide if they want
to reintroduce the comment in the ruleset file.

Update optimizations/merge_stmt test.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/optimize.c b/src/optimize.c
index b19a8b553555900fdc9141054576df3adf7d2568..94242ee5f490d9aee5801f997a65dfe098b8a550 100644 (file)
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -873,6 +873,11 @@ static void merge_rules(const struct optimize_ctx *ctx,
                assert(0);
        }
 
+       if (ctx->rule[from]->comment) {
+               xfree(ctx->rule[from]->comment);
+               ctx->rule[from]->comment = NULL;
+       }
+
         octx->flags |= NFT_CTX_OUTPUT_STATELESS;
 
        fprintf(octx->error_fp, "Merging:\n");

diff --git a/tests/shell/testcases/optimizations/merge_stmts b/tests/shell/testcases/optimizations/merge_stmts
index 0c35636efaa9885439f10873a4f421a65d2d1041..ec7a9dd6b5546b9eed245f8b135cae2dc95f490d 100755 (executable)
--- a/tests/shell/testcases/optimizations/merge_stmts
+++ b/tests/shell/testcases/optimizations/merge_stmts
@@ -4,9 +4,9 @@ set -e
 
 RULESET="table ip x {
        chain y {
-               ip daddr 192.168.0.1 counter accept
-               ip daddr 192.168.0.2 counter accept
-               ip daddr 192.168.0.3 counter accept
+               ip daddr 192.168.0.1 counter accept comment "test1"
+               ip daddr 192.168.0.2 counter accept comment "test2"
+               ip daddr 192.168.0.3 counter accept comment "test3"
        }
 }"