summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2022-06-17 17:42:58 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2022-06-23 19:00:02 +0200
commitd07fe8e8ab5f52964449cbb29d86aec46f780029 (patch)
treed3e638c9f6634dd5081359d33a4ea3d277fbdccd
parent38d48fe57fff4e7a4ecd060b23b898c693236d29 (diff)
optimize: fix verdict map merging
Skip comparison when collecting the statement and building the rule vs statement matrix. Compare verdict type when merging rules. When infering rule mergers, honor the STMT_VERDICT with map (ie. vmap). Fixes: 561aa3cfa8da ("optimize: merge verdict maps with same lookup key") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/optimize.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/src/optimize.c b/src/optimize.c
index 42762584..747282b4 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -139,6 +139,9 @@ static bool __stmt_type_eq(const struct stmt *stmt_a, const struct stmt *stmt_b,
case STMT_NOTRACK:
break;
case STMT_VERDICT:
+ if (!fully_compare)
+ break;
+
expr_a = stmt_a->expr;
expr_b = stmt_b->expr;
@@ -276,10 +279,6 @@ static int rule_collect_stmts(struct optimize_ctx *ctx, struct rule *rule)
if (stmt_type_find(ctx, stmt))
continue;
- if (stmt->ops->type == STMT_VERDICT &&
- stmt->expr->etype == EXPR_MAP)
- continue;
-
/* No refcounter available in statement objects, clone it to
* to store in the array of selectors.
*/
@@ -999,6 +998,10 @@ static int chain_optimize(struct nft_ctx *nft, struct list_head *rules)
case STMT_EXPRESSION:
merge[k].stmt[merge[k].num_stmts++] = m;
break;
+ case STMT_VERDICT:
+ if (ctx->stmt_matrix[i][m]->expr->etype == EXPR_MAP)
+ merge[k].stmt[merge[k].num_stmts++] = m;
+ break;
default:
break;
}