optimize: check for mergeable rules

Rules that are equal need to have at least one mergeable statement. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2022-08-09 22:45:21 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-08-11 16:23:15 +0200
commit: 7526881a6bbf874c0998fc9cea1646b5354596ce (patch)
tree: 94548a652534b207486a0ce57042fdf23691cc55 /src/optimize.c
parent: 2fec3ccb17d005b390598dca7837d17613d56d63 (diff)
1 files changed, 27 insertions, 1 deletions
diff --git a/src/optimize.c b/src/optimize.c
index 419a37f2..ea067f80 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -1011,15 +1011,41 @@ static bool stmt_type_eq(const struct stmt *stmt_a, const struct stmt *stmt_b)
 	return __stmt_type_eq(stmt_a, stmt_b, true);
 }
 
+static bool stmt_is_mergeable(const struct stmt *stmt)
+{
+	if (!stmt)
+		return false;
+
+	switch (stmt->ops->type) {
+	case STMT_VERDICT:
+		if (stmt->expr->etype == EXPR_MAP)
+			return true;
+		break;
+	case STMT_EXPRESSION:
+	case STMT_NAT:
+		return true;
+	default:
+		break;
+	}
+
+	return false;
+}
+
 static bool rules_eq(const struct optimize_ctx *ctx, int i, int j)
 {
-	uint32_t k;
+	uint32_t k, mergeable = 0;
 
 	for (k = 0; k < ctx->num_stmts; k++) {
+		if (stmt_is_mergeable(ctx->stmt_matrix[i][k]))
+			mergeable++;
+
 		if (!stmt_type_eq(ctx->stmt_matrix[i][k], ctx->stmt_matrix[j][k]))
 			return false;
 	}
 
+	if (mergeable == 0)
+		return false;
+
 	return true;
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2022-08-09 22:45:21 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-08-11 16:23:15 +0200
commit	7526881a6bbf874c0998fc9cea1646b5354596ce (patch)
tree	94548a652534b207486a0ce57042fdf23691cc55 /src/optimize.c
parent	2fec3ccb17d005b390598dca7837d17613d56d63 (diff)