diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-01-26 22:49:35 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-01-26 23:30:50 +0100 |
commit | 561aa3cfa8dabfb259c53ad020c3733f3f415bdd (patch) | |
tree | 616169fb028656c61cd1f793fbcdd37ad0fd457c /tests/shell/testcases | |
parent | 60dcc01d6351a1b866b63e1e23ce3b4f0f378066 (diff) |
optimize: merge verdict maps with same lookup key
Merge two consecutive verdict maps with the same lookup key.
For instance, merge the following:
table inet x {
chain filter_in_tcp {
tcp dport vmap {
80 : accept,
81 : accept,
443 : accept,
931 : accept,
5001 : accept,
5201 : accept,
}
tcp dport vmap {
6800-6999 : accept,
33434-33499 : accept,
}
}
}
into:
table inet x {
chain filter_in_tcp {
tcp dport vmap {
80 : accept,
81 : accept,
443 : accept,
931 : accept,
5001 : accept,
5201 : accept,
6800-6999 : accept,
33434-33499 : accept,
}
}
}
This patch updates statement comparison routine to inspect the verdict
expression type to detect possible merger.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases')
-rw-r--r-- | tests/shell/testcases/optimizations/dumps/merge_vmaps.nft | 12 | ||||
-rwxr-xr-x | tests/shell/testcases/optimizations/merge_vmaps | 25 |
2 files changed, 37 insertions, 0 deletions
diff --git a/tests/shell/testcases/optimizations/dumps/merge_vmaps.nft b/tests/shell/testcases/optimizations/dumps/merge_vmaps.nft new file mode 100644 index 00000000..c1c9743b --- /dev/null +++ b/tests/shell/testcases/optimizations/dumps/merge_vmaps.nft @@ -0,0 +1,12 @@ +table ip x { + chain filter_in_tcp { + } + + chain filter_in_udp { + } + + chain y { + tcp dport vmap { 80 : accept, 81 : accept, 443 : accept, 8000-8100 : accept, 24000-25000 : accept } + meta l4proto vmap { tcp : goto filter_in_tcp, udp : goto filter_in_udp } + } +} diff --git a/tests/shell/testcases/optimizations/merge_vmaps b/tests/shell/testcases/optimizations/merge_vmaps new file mode 100755 index 00000000..7b7a2723 --- /dev/null +++ b/tests/shell/testcases/optimizations/merge_vmaps @@ -0,0 +1,25 @@ +#!/bin/bash + +set -e + +RULESET="table ip x { + chain filter_in_tcp { + } + chain filter_in_udp { + } + chain y { + tcp dport vmap { + 80 : accept, + 81 : accept, + 443 : accept, + } + tcp dport vmap { + 8000-8100 : accept, + 24000-25000 : accept, + } + meta l4proto tcp goto filter_in_tcp + meta l4proto udp goto filter_in_udp + } +}" + +$NFT -o -f - <<< $RULESET |