diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-05-07 19:54:30 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-05-10 08:05:50 +0200 |
commit | 686ab8b6996e154592a5fc16bd1e15e661201b2a (patch) | |
tree | be298e72ec026b797d4f3523330ad591f5f290e4 /tests | |
parent | 033a664e89362e8c0c191a823bc37a6f92e8c89e (diff) |
optimize: do not remove counter in verdict maps
Add counter to set element instead of dropping it:
# nft -c -o -f test.nft
Merging:
test.nft:6:3-50: ip saddr 1.1.1.1 ip daddr 2.2.2.2 counter accept
test.nft:7:3-48: ip saddr 1.1.1.2 ip daddr 3.3.3.3 counter drop
into:
ip daddr . ip saddr vmap { 2.2.2.2 . 1.1.1.1 counter : accept, 3.3.3.3 . 1.1.1.2 counter : drop }
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft | 4 | ||||
-rwxr-xr-x | tests/shell/testcases/optimizations/merge_stmts_vmap | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft b/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft index 5a9b3006..8ecbd927 100644 --- a/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft +++ b/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft @@ -6,4 +6,8 @@ table ip x { chain z { tcp dport vmap { 1 : accept, 2-3 : drop, 4 : accept } } + + chain w { + ip saddr vmap { 1.1.1.1 counter packets 0 bytes 0 : accept, 1.1.1.2 counter packets 0 bytes 0 : drop } + } } diff --git a/tests/shell/testcases/optimizations/merge_stmts_vmap b/tests/shell/testcases/optimizations/merge_stmts_vmap index 79350076..6e0f0762 100755 --- a/tests/shell/testcases/optimizations/merge_stmts_vmap +++ b/tests/shell/testcases/optimizations/merge_stmts_vmap @@ -12,6 +12,10 @@ RULESET="table ip x { tcp dport 2-3 drop tcp dport 4 accept } + chain w { + ip saddr 1.1.1.1 counter accept + ip saddr 1.1.1.2 counter drop + } }" $NFT -o -f - <<< $RULESET |