diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-05-07 19:34:19 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-05-10 08:05:50 +0200 |
commit | 033a664e89362e8c0c191a823bc37a6f92e8c89e (patch) | |
tree | ef7325841cc6e85c92019ae0026da8e64ca50edb /tests/shell/testcases | |
parent | aceea86de797bcc315d3e759a44b97cbfb724435 (diff) |
evaluate: skip optimization if anonymous set uses stateful statement
fee6bda06403 ("evaluate: remove anon sets with exactly one element")
introduces an optimization to remove use of sets with single element.
Skip this optimization if set element contains stateful statements.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases')
-rw-r--r-- | tests/shell/testcases/optimizations/dumps/single_anon_set.nft | 1 | ||||
-rw-r--r-- | tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft index 35e3f36e..3f703034 100644 --- a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft +++ b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft @@ -11,5 +11,6 @@ table ip test { ip daddr . tcp dport { 192.168.0.1 . 22 } accept meta mark set ip daddr map { 192.168.0.1 : 0x00000001 } ct state { established, related } accept + meta mark { 0x0000000a counter packets 0 bytes 0 } } } diff --git a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input index 35b93832..ecc5691b 100644 --- a/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input +++ b/tests/shell/testcases/optimizations/dumps/single_anon_set.nft.input @@ -31,5 +31,8 @@ table ip test { # ct state cannot be both established and related # at the same time, but this needs extra work. ct state { established, related } accept + + # with stateful statement + meta mark { 0x0000000a counter } } } |