summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2022-06-17 18:17:49 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2022-06-23 19:00:02 +0200
commitfa409176af98a53304b8b448f20f4b5e5cc299fa (patch)
tree49290e8f2289a26b7e0289a5687252979c9fda93
parent29e62111d10dee4d63780a20d088225bd17369b7 (diff)
optimize: only merge OP_IMPLICIT and OP_EQ relational
Add test to cover this case. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat
-rw-r--r--src/optimize.c10
-rw-r--r--tests/shell/testcases/optimizations/dumps/skip_non_eq.nft6
-rwxr-xr-xtests/shell/testcases/optimizations/skip_non_eq12
3 files changed, 28 insertions, 0 deletions
diff --git a/src/optimize.c b/src/optimize.c
index e3d4bc78..e4508fa5 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -164,6 +164,11 @@ static bool __stmt_type_eq(const struct stmt *stmt_a, const struct stmt *stmt_b,
expr_a = stmt_a->expr;
expr_b = stmt_b->expr;
+ if (expr_a->op != expr_b->op)
+ return false;
+ if (expr_a->op != OP_IMPLICIT && expr_a->op != OP_EQ)
+ return false;
+
if (fully_compare) {
if (!stmt_expr_supported(expr_a) ||
!stmt_expr_supported(expr_b))
@@ -351,6 +356,11 @@ static int rule_collect_stmts(struct optimize_ctx *ctx, struct rule *rule)
clone = stmt_alloc(&internal_location, stmt->ops);
switch (stmt->ops->type) {
case STMT_EXPRESSION:
+ if (stmt->expr->op != OP_IMPLICIT &&
+ stmt->expr->op != OP_EQ) {
+ clone->ops = &unsupported_stmt_ops;
+ break;
+ }
case STMT_VERDICT:
clone->expr = expr_get(stmt->expr);
break;
diff --git a/tests/shell/testcases/optimizations/dumps/skip_non_eq.nft b/tests/shell/testcases/optimizations/dumps/skip_non_eq.nft
new file mode 100644
index 00000000..6df38655
--- /dev/null
+++ b/tests/shell/testcases/optimizations/dumps/skip_non_eq.nft
@@ -0,0 +1,6 @@
+table inet x {
+ chain y {
+ iifname "eth0" oifname != "eth0" counter packets 0 bytes 0 accept
+ iifname "eth0" oifname "eth0" counter packets 0 bytes 0 accept
+ }
+}
diff --git a/tests/shell/testcases/optimizations/skip_non_eq b/tests/shell/testcases/optimizations/skip_non_eq
new file mode 100755
index 00000000..431ed0ad
--- /dev/null
+++ b/tests/shell/testcases/optimizations/skip_non_eq
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table inet x {
+ chain y {
+ iifname "eth0" oifname != "eth0" counter packets 0 bytes 0 accept
+ iifname "eth0" oifname "eth0" counter packets 0 bytes 0 accept
+ }
+}"
+
+$NFT -o -f - <<< $RULESET