evaluate: skip anonymous set optimization for concatenations

Concatenation is only supported with sets. Moreover, stripping of the
set leads to broken ruleset listing, therefore, skip this optimization
for the concatenations.

Fixes: fa17b17ea74a ("evaluate: revisit anonymous set with single element optimization")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index b13e7c02caa5c660f2015fdbec75fbe904410ab0..78732c6ee2d37d38692a9bc8d7badc76dec9c7f5 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2580,15 +2580,17 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr)
                return expr_binary_error(ctx->msgs, right, left,
                                         "Cannot be used with right hand side constant value");
 
-       switch (rel->op) {
-       case OP_EQ:
-       case OP_IMPLICIT:
-       case OP_NEQ:
-               if (right->etype == EXPR_SET && right->size == 1)
-                       optimize_singleton_set(rel, &right);
-               break;
-       default:
-               break;
+       if (left->etype != EXPR_CONCAT) {
+               switch (rel->op) {
+               case OP_EQ:
+               case OP_IMPLICIT:
+               case OP_NEQ:
+                       if (right->etype == EXPR_SET && right->size == 1)
+                               optimize_singleton_set(rel, &right);
+                       break;
+               default:
+                       break;
+               }
        }
 
        switch (rel->op) {