diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-09-02 10:37:39 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-09-02 21:13:14 +0200 |
commit | fa17b17ea74a21a44596f3212466ff3d2d3ede8e (patch) | |
tree | f107b3c5541d19cce826dfc3c8cf39802d9df5bd /src/numgen.c | |
parent | 5bedf4a11e2118841598623ad4bedb6cbb23994f (diff) |
evaluate: revisit anonymous set with single element optimization
This patch reworks it to perform this optimization from the evaluation
step of the relational expression. Hence, when optimizing for protocol
flags, use OP_EQ instead of OP_IMPLICIT, that is:
tcp flags { syn }
becomes (to represent an exact match):
tcp flags == syn
given OP_IMPLICIT and OP_EQ are not equivalent for flags.
01167c393a12 ("evaluate: do not remove anonymous set with protocol flags
and single element") disabled this optimization, which is enabled again
after this patch.
Fixes: 01167c393a12 ("evaluate: do not remove anonymous set with protocol flags and single element")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/numgen.c')
0 files changed, 0 insertions, 0 deletions