optimize: compare expression length

do not merge raw payload expressions with different length.

Other expression rely on key comparison which is assumed to have the
same length already.

Fixes: 60dcc01d6351 ("optimize: add __expr_cmp()")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/optimize.c b/src/optimize.c
index 224c6a526f56f054b13e6817c8fe64ce2336ca4c..03c8bad234e207d9453152afd4811948d228900d 100644 (file)
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -38,6 +38,8 @@ static bool __expr_cmp(const struct expr *expr_a, const struct expr *expr_b)
 {
        if (expr_a->etype != expr_b->etype)
                return false;
+       if (expr_a->len != expr_b->len)
+               return false;
 
        switch (expr_a->etype) {
        case EXPR_PAYLOAD:

diff --git a/tests/shell/testcases/optimizations/nomerge_raw_payload b/tests/shell/testcases/optimizations/nomerge_raw_payload
new file mode 100755 (executable)
index 0000000..bb8678a
--- /dev/null
+++ b/tests/shell/testcases/optimizations/nomerge_raw_payload
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table ip x {
+        chain y {
+                type filter hook prerouting priority raw; policy accept;
+                @th,160,32 0x02736c00 drop comment \"sl\"
+                @th,160,112 0x870697a7a6173656f03636f6d00 drop comment \"pizzaseo.com\"
+        }
+}"
+
+$NFT -o -f - <<< $RULESET