diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-17 17:20:26 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-23 19:00:02 +0200 |
commit | 3ac932e90b23402b3b18952123fbed97d8d50920 (patch) | |
tree | bb1daf2cd9ad892ccbd0a43129d8eb016175b0d3 /src/optimize.c | |
parent | 64ebb03a8c87af4f664f8b7e190dee4cbbefb962 (diff) |
optimize: do not merge rules with set reference in rhs
Otherwise set reference ends up included in an anonymous set, as an
element, which is not supported.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/optimize.c')
-rw-r--r-- | src/optimize.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/optimize.c b/src/optimize.c index a2a4e587..543d3ca5 100644 --- a/src/optimize.c +++ b/src/optimize.c @@ -105,6 +105,12 @@ static bool stmt_expr_supported(const struct expr *expr) return false; } +static bool expr_symbol_set(const struct expr *expr) +{ + return expr->right->etype == EXPR_SYMBOL && + expr->right->symtype == SYMBOL_SET; +} + static bool __stmt_type_eq(const struct stmt *stmt_a, const struct stmt *stmt_b, bool fully_compare) { @@ -122,6 +128,10 @@ static bool __stmt_type_eq(const struct stmt *stmt_a, const struct stmt *stmt_b, if (!stmt_expr_supported(expr_a) || !stmt_expr_supported(expr_b)) return false; + + if (expr_symbol_set(expr_a) || + expr_symbol_set(expr_b)) + return false; } return __expr_cmp(expr_a->left, expr_b->left); |