| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | optimize: fix incorrect expansion into concatenation with verdict map | Pablo Neira Ayuso | 2023-02-02 | 1 | -0/+4 |
| | | | | | | | | | | | | | | | | | | | # nft -c -o -f ruleset.nft Merging: ruleset.nft:3:3-53: meta pkttype broadcast udp dport { 67, 547 } accept ruleset.nft:4:17-58: meta pkttype multicast udp dport 1900 drop into: meta pkttype . udp dport vmap { broadcast . { 67, 547 } : accept, multicast . 1900 : drop } ruleset.nft:3:38-39: Error: invalid data type, expected concatenation of (packet type, internet network service) meta pkttype broadcast udp dport { 67, 547 } accept ^^ Similar to 187c6d01d357 ("optimize: expand implicit set element when merging into concatenation") but for verdict maps. Reported-by: Simon G. Trajkovski <neur0armitage@proton.me> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
| * | optimize: incorrect logic in verdict comparison | Pablo Neira Ayuso | 2022-05-03 | 1 | -1/+1 |
| | | | | | | | | | Keep inspecting rule verdicts before assuming they are equal. Update existing test to catch this bug. Fixes: 1542082e259b ("optimize: merge same selector with different verdict into verdict map") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
| * | optimize: merge several selectors with different verdict into verdict map | Pablo Neira Ayuso | 2022-01-15 | 1 | -0/+13 |
| Transform: ip saddr 1.1.1.1 ip daddr 2.2.2.2 accept ip saddr 2.2.2.2 ip daddr 3.3.3.3 drop into: ip saddr . ip daddr vmap { 1.1.1.1 . 2.2.2.2 : accept, 2.2.2.2 . 3.3.3.3 : drop } Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |||||
 |
index : nftables | |
| nft command line tool | pablo@netfilter.org |
| summaryrefslogtreecommitdiffstats |