diff options
-rw-r--r-- | src/optimize.c | 4 | ||||
-rw-r--r-- | tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft | 1 | ||||
-rwxr-xr-x | tests/shell/testcases/optimizations/merge_stmts_concat | 1 |
3 files changed, 6 insertions, 0 deletions
diff --git a/src/optimize.c b/src/optimize.c index 2340ef46..419a37f2 100644 --- a/src/optimize.c +++ b/src/optimize.c @@ -352,6 +352,10 @@ static int rule_collect_stmts(struct optimize_ctx *ctx, struct rule *rule) clone->ops = &unsupported_stmt_ops; break; } + if (stmt->expr->left->etype == EXPR_CONCAT) { + clone->ops = &unsupported_stmt_ops; + break; + } case STMT_VERDICT: clone->expr = expr_get(stmt->expr); break; diff --git a/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft b/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft index 6dbfff2e..15cfa7e8 100644 --- a/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft +++ b/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft @@ -1,5 +1,6 @@ table ip x { chain y { iifname . ip saddr . ip daddr { "eth1" . 1.1.1.1 . 2.2.2.3, "eth1" . 1.1.1.2 . 2.2.2.4, "eth2" . 1.1.1.3 . 2.2.2.5 } accept + ip protocol . th dport { tcp . 22, udp . 67 } } } diff --git a/tests/shell/testcases/optimizations/merge_stmts_concat b/tests/shell/testcases/optimizations/merge_stmts_concat index 941e9a5a..623fdff9 100755 --- a/tests/shell/testcases/optimizations/merge_stmts_concat +++ b/tests/shell/testcases/optimizations/merge_stmts_concat @@ -7,6 +7,7 @@ RULESET="table ip x { meta iifname eth1 ip saddr 1.1.1.1 ip daddr 2.2.2.3 accept meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.2.4 accept meta iifname eth2 ip saddr 1.1.1.3 ip daddr 2.2.2.5 accept + ip protocol . th dport { tcp . 22, udp . 67 } } }" |