optimize: compare expression length

do not merge raw payload expressions with different length. Other expression rely on key comparison which is assumed to have the same length already. Fixes: 60dcc01d6351 ("optimize: add __expr_cmp()") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-11-18 12:44:06 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2024-12-04 15:35:55 +0100
commit: bc0311378285d41850e3508df905d75959ba4239 (patch)
tree: 2d32758cbf55e90f7019b2680f720f2ec693d8bf
parent: 9819e717e8c31a80be2a12923e37fad99c378c91 (diff)
2 files changed, 15 insertions, 0 deletions
diff --git a/src/optimize.c b/src/optimize.c
index 224c6a52..03c8bad2 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -38,6 +38,8 @@ static bool __expr_cmp(const struct expr *expr_a, const struct expr *expr_b)
 {
 	if (expr_a->etype != expr_b->etype)
 		return false;
+	if (expr_a->len != expr_b->len)
+		return false;
 
 	switch (expr_a->etype) {
 	case EXPR_PAYLOAD:
diff --git a/tests/shell/testcases/optimizations/nomerge_raw_payload b/tests/shell/testcases/optimizations/nomerge_raw_payload
new file mode 100755
index 00000000..bb8678ac
--- /dev/null
+++ b/tests/shell/testcases/optimizations/nomerge_raw_payload
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table ip x {
+        chain y {
+                type filter hook prerouting priority raw; policy accept;
+                @th,160,32 0x02736c00 drop comment \"sl\"
+                @th,160,112 0x870697a7a6173656f03636f6d00 drop comment \"pizzaseo.com\"
+        }
+}"
+
+$NFT -o -f - <<< $RULESET
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-11-18 12:44:06 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2024-12-04 15:35:55 +0100
commit	bc0311378285d41850e3508df905d75959ba4239 (patch)
tree	2d32758cbf55e90f7019b2680f720f2ec693d8bf
parent	9819e717e8c31a80be2a12923e37fad99c378c91 (diff)