From a61df019861997df76159b780070e2a09038798f Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 5 Nov 2022 16:51:10 +0100
Subject: optimize: handle prefix and range when merging into set +
 concatenation

The following ruleset fails to be merged using set + concatenation:

  meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.3.0/24 accept
  meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.4.0-2.2.4.10 accept

hitting the following assertion:

  nft: optimize.c:585: __merge_concat_stmts: Assertion `0' failed.
  Abort

This patch also updates tests/shell.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/optimizations/merge_stmts_concat | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'tests/shell/testcases/optimizations/merge_stmts_concat')

diff --git a/tests/shell/testcases/optimizations/merge_stmts_concat b/tests/shell/testcases/optimizations/merge_stmts_concat
index 0bcd9562..9679d862 100755
--- a/tests/shell/testcases/optimizations/merge_stmts_concat
+++ b/tests/shell/testcases/optimizations/merge_stmts_concat
@@ -6,6 +6,8 @@ RULESET="table ip x {
 	chain y {
 		meta iifname eth1 ip saddr 1.1.1.1 ip daddr 2.2.2.3 accept
 		meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.2.4 accept
+		meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.3.0/24 accept
+		meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.4.0-2.2.4.10 accept
 		meta iifname eth2 ip saddr 1.1.1.3 ip daddr 2.2.2.5 accept
 		ip protocol . th dport { tcp . 22, udp . 67 }
 	}
-- 
cgit v1.2.3