From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 21 Feb 2025 23:32:11 +0000 (+0100)
Subject: evaluate: optimize zero length range
X-Git-Tag: v1.1.2~76
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=deda274293f80f9718de4cbb416bd2b2bf296709;p=thirdparty%2Fnftables.git

evaluate: optimize zero length range

A rule like the following:

  ... tcp dport 22-22 ...

results in a range expression to match from 22 to 22.

Simplify to singleton value so a cmp is used instead.

This optimization already exists in set elements which might explain
this overlook.

Fixes: 7a6e16040d65 ("evaluate: allow for zero length ranges")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index ddc46754..ee66b93d 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1305,12 +1305,12 @@ static int __expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
 	return 0;
 }
 
-static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
+static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **exprp)
 {
-	struct expr *range = *expr, *left, *right;
+	struct expr *range = *exprp, *left, *right;
 	int rc;
 
-	rc = __expr_evaluate_range(ctx, expr);
+	rc = __expr_evaluate_range(ctx, exprp);
 	if (rc)
 		return rc;
 
@@ -1320,6 +1320,12 @@ static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
 	if (mpz_cmp(left->value, right->value) > 0)
 		return expr_error(ctx->msgs, range, "Range negative size");
 
+	if (mpz_cmp(left->value, right->value) == 0) {
+		*exprp = expr_get(left);
+		expr_free(range);
+		return 0;
+	}
+
 	datatype_set(range, left->dtype);
 	range->flags |= EXPR_F_CONSTANT;
 	return 0;