git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 26 Jan 2022 21:49:35 +0000 (22:49 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 26 Jan 2022 22:30:50 +0000 (23:30 +0100)
commit	561aa3cfa8dabfb259c53ad020c3733f3f415bdd
tree	616169fb028656c61cd1f793fbcdd37ad0fd457c	tree
parent	60dcc01d6351a1b866b63e1e23ce3b4f0f378066	commit \| diff

optimize: merge verdict maps with same lookup key

Merge two consecutive verdict maps with the same lookup key.

For instance, merge the following:

table inet x {
        chain filter_in_tcp {
                tcp dport vmap {
                           80 : accept,
                           81 : accept,
                          443 : accept,
                          931 : accept,
                         5001 : accept,
                         5201 : accept,
                }
                tcp dport vmap {
                         6800-6999  : accept,
                        33434-33499 : accept,
                }
        }
}

into:

table inet x {
        chain filter_in_tcp {
                tcp dport vmap {
                           80 : accept,
                           81 : accept,
                          443 : accept,
                          931 : accept,
                         5001 : accept,
                         5201 : accept,
                         6800-6999  : accept,
                        33434-33499 : accept,
                }
}
}

This patch updates statement comparison routine to inspect the verdict
expression type to detect possible merger.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/optimize.c		diff \| blob \| blame \| history
tests/shell/testcases/optimizations/dumps/merge_vmaps.nft	[new file with mode: 0644]	blob
tests/shell/testcases/optimizations/merge_vmaps	[new file with mode: 0755]	blob