optimize: fix vmap with anonymous sets

author Pablo Neira Ayuso <pablo@netfilter.org>

Thu, 3 Mar 2022 11:20:29 +0000 (12:20 +0100)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Thu, 3 Mar 2022 11:27:33 +0000 (12:27 +0100)
author Pablo Neira Ayuso <pablo@netfilter.org>
Thu, 3 Mar 2022 11:20:29 +0000 (12:20 +0100)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Thu, 3 Mar 2022 11:27:33 +0000 (12:27 +0100)
diff --git a/src/optimize.c b/src/optimize.c

index 04523edb795b494739f9767ddb9a794c924c196c..64c0a4dbe76431378508cf30c0ce6284ce4b213c 100644 (file)
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -435,18 +435,22 @@ static void build_verdict_map(struct expr *expr, struct stmt *verdict, struct ex
  {
         struct expr *item, *elem, *mapping;
  
-       if (expr->etype == EXPR_LIST) {
+       switch (expr->etype) {
+       case EXPR_LIST:
+       case EXPR_SET:
                 list_for_each_entry(item, &expr->expressions, list) {
                         elem = set_elem_expr_alloc(&internal_location, expr_get(item));
                         mapping = mapping_expr_alloc(&internal_location, elem,
                                                      expr_get(verdict->expr));
                         compound_expr_add(set, mapping);
                 }
-       } else {
+               break;
+       default:
                 elem = set_elem_expr_alloc(&internal_location, expr_get(expr));
                 mapping = mapping_expr_alloc(&internal_location, elem,
                                              expr_get(verdict->expr));
                 compound_expr_add(set, mapping);
+               break;
         }
  }
  
diff --git a/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft b/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft

index 9fa19afcb7831a5ea9b172eff42a9aed0abef59f..427572954a18c8f3eb963486066d59863698dbaa 100644 (file)
--- a/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft
+++ b/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft
@@ -2,4 +2,8 @@ table ip x {
         chain y {
                 ct state vmap { invalid : drop, established : accept, related : accept }
         }
+
+       chain z {
+               tcp dport vmap { 1 : accept, 2-3 : drop }
+       }
  }
diff --git a/tests/shell/testcases/optimizations/merge_stmts_vmap b/tests/shell/testcases/optimizations/merge_stmts_vmap

index f838fcfed70be746d87878246cee6c39c2b4bdee..6511c7b20cb60cbdd0021287330cd1d5a0e95cd0 100755 (executable)
--- a/tests/shell/testcases/optimizations/merge_stmts_vmap
+++ b/tests/shell/testcases/optimizations/merge_stmts_vmap
@@ -7,6 +7,10 @@ RULESET="table ip x {
                 ct state invalid drop
                 ct state established,related accept
         }
+       chain z {
+               tcp dport { 1 } accept
+               tcp dport 2-3 drop
+       }
  }"
  
  $NFT -o -f - <<< $RULESET
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 3 Mar 2022 11:20:29 +0000 (12:20 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 3 Mar 2022 11:27:33 +0000 (12:27 +0100)
src/optimize.c		patch \| blob \| blame \| history
tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft		patch \| blob \| blame \| history
tests/shell/testcases/optimizations/merge_stmts_vmap		patch \| blob \| blame \| history