git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 29 Aug 2022 11:46:21 +0000 (13:46 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 30 Aug 2022 11:09:01 +0000 (13:09 +0200)
commit	187c6d01d35722618c2711bbc49262c286472c8f
tree	b807d4e649ab7e677a400b99440bd2c5592f766e	tree \| snapshot
parent	9a20f17a7a82ce5ba47047e6c3d2fc921cc1087d	commit \| diff

optimize: expand implicit set element when merging into concatenation

Generalize the existing code to deal with implicit sets. When merging a
ruleset like the following:

udp dport 128 iifname "foo" #1
udp dport { 67, 123 } iifname "bar" #2

into a concatenation of statements, the following expansion need to
be done for rule #2:

67 . "bar"
123 . "bar"

The expansion logic consists of cloning the existing concatenation being
built and then append each element in the implicit set. A list of
ongoing concatenations being built is maintained, so further expansions
are also supported.

Extend test to cover for this use-case.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1628
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/optimize.c		diff \| blob \| blame \| history
tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft		diff \| blob \| blame \| history
tests/shell/testcases/optimizations/merge_stmts_concat		diff \| blob \| blame \| history