diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-02 21:47:56 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-02 22:04:13 +0100 |
commit | b691e2ea1d643adeb89c576a105f08cfff677cfb (patch) | |
tree | 8c89d55d948091ea84177ba6f02fd34ada21f900 /tests/shell/testcases | |
parent | 9dbbf397b2f3d9fa40454648cb98c13c7c5515b7 (diff) |
optimize: fix incorrect expansion into concatenation with verdict map
# nft -c -o -f ruleset.nft
Merging:
ruleset.nft:3:3-53: meta pkttype broadcast udp dport { 67, 547 } accept
ruleset.nft:4:17-58: meta pkttype multicast udp dport 1900 drop
into:
meta pkttype . udp dport vmap { broadcast . { 67, 547 } : accept, multicast . 1900 : drop }
ruleset.nft:3:38-39: Error: invalid data type, expected concatenation of (packet type, internet network service)
meta pkttype broadcast udp dport { 67, 547 } accept
^^
Similar to 187c6d01d357 ("optimize: expand implicit set element when
merging into concatenation") but for verdict maps.
Reported-by: Simon G. Trajkovski <neur0armitage@proton.me>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases')
-rw-r--r-- | tests/shell/testcases/optimizations/dumps/merge_stmts_concat_vmap.nft | 4 | ||||
-rwxr-xr-x | tests/shell/testcases/optimizations/merge_stmts_concat_vmap | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/tests/shell/testcases/optimizations/dumps/merge_stmts_concat_vmap.nft b/tests/shell/testcases/optimizations/dumps/merge_stmts_concat_vmap.nft index c0f9ce0c..780aa09a 100644 --- a/tests/shell/testcases/optimizations/dumps/merge_stmts_concat_vmap.nft +++ b/tests/shell/testcases/optimizations/dumps/merge_stmts_concat_vmap.nft @@ -1,4 +1,8 @@ table ip x { + chain x { + meta pkttype . udp dport vmap { broadcast . 547 : accept, broadcast . 67 : accept, multicast . 1900 : drop } + } + chain y { ip saddr . ip daddr vmap { 1.1.1.1 . 2.2.2.2 : accept, 2.2.2.2 . 3.3.3.3 : drop, 4.4.4.4 . 5.5.5.5 : accept } } diff --git a/tests/shell/testcases/optimizations/merge_stmts_concat_vmap b/tests/shell/testcases/optimizations/merge_stmts_concat_vmap index 5c0ae60c..657d0aea 100755 --- a/tests/shell/testcases/optimizations/merge_stmts_concat_vmap +++ b/tests/shell/testcases/optimizations/merge_stmts_concat_vmap @@ -3,6 +3,10 @@ set -e RULESET="table ip x { + chain x { + meta pkttype broadcast udp dport { 67, 547 } accept + meta pkttype multicast udp dport 1900 drop + } chain y { ip saddr 1.1.1.1 ip daddr 2.2.2.2 accept ip saddr 4.4.4.4 ip daddr 5.5.5.5 accept |