diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-06 14:18:10 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-06 17:52:39 +0100 |
commit | 299823d46b6d0c49040d81ee3eb0f37b3b0520ea (patch) | |
tree | d1ccb274147f7a9c4554ca390e48781c248b78c6 /src/optimize.c | |
parent | e1dfd5cc4c46514a84dd8a2063b45517b596e1ca (diff) |
optimize: select merge criteria based on candidates rules
Select the merge criteria based on the statements that are used
in the candidate rules, instead of using the list of statements
in the given chain.
Update tests to include a rule with a verdict, which triggers
the bug described in the bugzilla ticket.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1657
Fixes: 0a6dbfce6dc3 ("optimize: merge nat rules with same selectors into map")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/optimize.c')
-rw-r--r-- | src/optimize.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/optimize.c b/src/optimize.c index 5f6e3a64..ff4f2627 100644 --- a/src/optimize.c +++ b/src/optimize.c @@ -985,21 +985,21 @@ static void rule_optimize_print(struct output_ctx *octx, fprintf(octx->error_fp, "%s\n", line); } -static enum stmt_types merge_stmt_type(const struct optimize_ctx *ctx) +static enum stmt_types merge_stmt_type(const struct optimize_ctx *ctx, + uint32_t from, uint32_t to) { - uint32_t i; + uint32_t i, j; - for (i = 0; i < ctx->num_stmts; i++) { - switch (ctx->stmt[i]->ops->type) { - case STMT_VERDICT: - case STMT_NAT: - return ctx->stmt[i]->ops->type; - default: - continue; + for (i = from; i <= to; i++) { + for (j = 0; j < ctx->num_stmts; j++) { + if (!ctx->stmt_matrix[i][j]) + continue; + if (ctx->stmt_matrix[i][j]->ops->type == STMT_NAT) + return STMT_NAT; } } - /* actually no verdict, this assumes rules have the same verdict. */ + /* merge by verdict, even if no verdict is specified. */ return STMT_VERDICT; } @@ -1012,7 +1012,7 @@ static void merge_rules(const struct optimize_ctx *ctx, bool same_verdict; uint32_t i; - stmt_type = merge_stmt_type(ctx); + stmt_type = merge_stmt_type(ctx, from, to); switch (stmt_type) { case STMT_VERDICT: |