git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 2 Feb 2023 20:47:56 +0000 (21:47 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 2 Feb 2023 21:04:13 +0000 (22:04 +0100)
commit	b691e2ea1d643adeb89c576a105f08cfff677cfb
tree	8c89d55d948091ea84177ba6f02fd34ada21f900	tree \| snapshot
parent	9dbbf397b2f3d9fa40454648cb98c13c7c5515b7	commit \| diff

optimize: fix incorrect expansion into concatenation with verdict map

# nft -c -o -f ruleset.nft
Merging:
ruleset.nft:3:3-53:          meta pkttype broadcast udp dport { 67, 547 } accept
ruleset.nft:4:17-58:         meta pkttype multicast udp dport 1900 drop
into:
        meta pkttype . udp dport vmap { broadcast . { 67, 547 } : accept, multicast . 1900 : drop }
ruleset.nft:3:38-39: Error: invalid data type, expected concatenation of (packet type, internet network service)
                meta pkttype broadcast udp dport { 67, 547 } accept
                                                   ^^

Similar to 187c6d01d357 ("optimize: expand implicit set element when
merging into concatenation") but for verdict maps.

Reported-by: Simon G. Trajkovski <neur0armitage@proton.me>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/optimize.c		diff \| blob \| blame \| history
tests/shell/testcases/optimizations/dumps/merge_stmts_concat_vmap.nft		diff \| blob \| blame \| history
tests/shell/testcases/optimizations/merge_stmts_concat_vmap		diff \| blob \| blame \| history