diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-03-03 13:06:59 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-03-03 15:54:27 +0100 |
| commit | 3de1dbd2da8a76ddd2d1d9fcd7e469eb848f0d00 (patch) | |
| tree | e16709ed82e5875694cbbbd7f69debdeba7a254d | |
| parent | 99eb46969f3d7ccd37899f2755055fe7511c46b0 (diff) | |
optimize: more robust statement merge with vmap
Check expressions that are expected on the rhs rather than using a
catch-all default case.
Actually, lists and sets need to be their own routine, because this
needs the set element key expression to be merged.
This is a follow up to 99eb46969f3d ("optimize: fix vmap with anonymous
sets").
Fixes: 1542082e259b ("optimize: merge same selector with different verdict into verdict map")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/optimize.c | 18 | ||||
| -rw-r--r-- | tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft | 2 | ||||
| -rwxr-xr-x | tests/shell/testcases/optimizations/merge_stmts_vmap | 1 |
3 files changed, 18 insertions, 3 deletions
diff --git a/src/optimize.c b/src/optimize.c index 64c0a4db..af075da4 100644 --- a/src/optimize.c +++ b/src/optimize.c @@ -437,7 +437,6 @@ static void build_verdict_map(struct expr *expr, struct stmt *verdict, struct ex switch (expr->etype) { case EXPR_LIST: - case EXPR_SET: list_for_each_entry(item, &expr->expressions, list) { elem = set_elem_expr_alloc(&internal_location, expr_get(item)); mapping = mapping_expr_alloc(&internal_location, elem, @@ -445,12 +444,27 @@ static void build_verdict_map(struct expr *expr, struct stmt *verdict, struct ex compound_expr_add(set, mapping); } break; - default: + case EXPR_SET: + list_for_each_entry(item, &expr->expressions, list) { + elem = set_elem_expr_alloc(&internal_location, expr_get(item->key)); + mapping = mapping_expr_alloc(&internal_location, elem, + expr_get(verdict->expr)); + compound_expr_add(set, mapping); + } + break; + case EXPR_PREFIX: + case EXPR_RANGE: + case EXPR_VALUE: + case EXPR_SYMBOL: + case EXPR_CONCAT: elem = set_elem_expr_alloc(&internal_location, expr_get(expr)); mapping = mapping_expr_alloc(&internal_location, elem, expr_get(verdict->expr)); compound_expr_add(set, mapping); break; + default: + assert(0); + break; } } diff --git a/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft b/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft index 42757295..5a9b3006 100644 --- a/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft +++ b/tests/shell/testcases/optimizations/dumps/merge_stmts_vmap.nft @@ -4,6 +4,6 @@ table ip x { } chain z { - tcp dport vmap { 1 : accept, 2-3 : drop } + tcp dport vmap { 1 : accept, 2-3 : drop, 4 : accept } } } diff --git a/tests/shell/testcases/optimizations/merge_stmts_vmap b/tests/shell/testcases/optimizations/merge_stmts_vmap index 6511c7b2..79350076 100755 --- a/tests/shell/testcases/optimizations/merge_stmts_vmap +++ b/tests/shell/testcases/optimizations/merge_stmts_vmap @@ -10,6 +10,7 @@ RULESET="table ip x { chain z { tcp dport { 1 } accept tcp dport 2-3 drop + tcp dport 4 accept } }" |