optimize: expand expression list when merging into concatenation

The following rules: udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept results in: nft: src/optimize.c:670: __merge_concat: Assertion `0' failed. The logic to expand to the new,untracked list in the concatenation is missing. Fixes: 187c6d01d357 ("optimize: expand implicit set element when merging into concatenation") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2025-04-01 18:11:45 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2025-04-01 21:06:17 +0200
commit: 0d17d28bb06bf2a04862d5cd879a14bcb9a2d2dc (patch)
tree: aa4c00216070e76f847a566548b932cea6677e5f /src
parent: 2412e760826f315ada984f7ee433a2077f180c8b (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/src/optimize.c b/src/optimize.c
index 44010f2b..139bc2d7 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -666,6 +666,16 @@ static void __merge_concat(const struct optimize_ctx *ctx, uint32_t i,
 				clone = expr_clone(stmt_a->expr->right);
 				compound_expr_add(concat, clone);
 				break;
+			case EXPR_LIST:
+				list_for_each_entry(expr, &stmt_a->expr->right->expressions, list) {
+					concat_clone = expr_clone(concat);
+					clone = expr_clone(expr);
+					compound_expr_add(concat_clone, clone);
+					list_add_tail(&concat_clone->list, &pending_list);
+				}
+				list_del(&concat->list);
+				expr_free(concat);
+				break;
 			default:
 				assert(0);
 				break;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2025-04-01 18:11:45 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-04-01 21:06:17 +0200
commit	0d17d28bb06bf2a04862d5cd879a14bcb9a2d2dc (patch)
tree	aa4c00216070e76f847a566548b932cea6677e5f /src
parent	2412e760826f315ada984f7ee433a2077f180c8b (diff)