From 214494aa7d9efaaba2f8c6e041355afc8662964c Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 27 Mar 2022 23:14:43 +0200
Subject: optimize: Restore optimization for raw payload expressions

This patch reverts d0f14b5337e7 ("optimize: do not merge raw payload
expressions") after adding support for concatenation with variable
length TYPE_INTEGER.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 .../optimizations/dumps/merge_vmap_raw.nft         | 31 +++++++++++++++++++++
 tests/shell/testcases/optimizations/merge_vmap_raw | 32 ++++++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 tests/shell/testcases/optimizations/dumps/merge_vmap_raw.nft
 create mode 100755 tests/shell/testcases/optimizations/merge_vmap_raw

(limited to 'tests/shell')

diff --git a/tests/shell/testcases/optimizations/dumps/merge_vmap_raw.nft b/tests/shell/testcases/optimizations/dumps/merge_vmap_raw.nft
new file mode 100644
index 00000000..18847116
--- /dev/null
+++ b/tests/shell/testcases/optimizations/dumps/merge_vmap_raw.nft
@@ -0,0 +1,31 @@
+table inet x {
+	chain nat_dns_dnstc {
+		meta l4proto udp redirect to :5300
+		drop
+	}
+
+	chain nat_dns_this_5301 {
+		meta l4proto udp redirect to :5301
+		drop
+	}
+
+	chain nat_dns_saturn_5301 {
+		meta nfproto ipv4 meta l4proto udp dnat ip to 240.0.1.2:5301
+		drop
+	}
+
+	chain nat_dns_saturn_5302 {
+		meta nfproto ipv4 meta l4proto udp dnat ip to 240.0.1.2:5302
+		drop
+	}
+
+	chain nat_dns_saturn_5303 {
+		meta nfproto ipv4 meta l4proto udp dnat ip to 240.0.1.2:5303
+		drop
+	}
+
+	chain nat_dns_acme {
+		udp length . @th,160,128 vmap { 47-63 . 0xe373135363130333131303735353203 : goto nat_dns_dnstc, 62-78 . 0xe31393032383939353831343037320e : goto nat_dns_this_5301, 62-78 . 0xe31363436323733373931323934300e : goto nat_dns_saturn_5301, 62-78 . 0xe32393535373539353636383732310e : goto nat_dns_saturn_5302, 62-78 . 0xe38353439353637323038363633390e : goto nat_dns_saturn_5303 }
+		drop
+	}
+}
diff --git a/tests/shell/testcases/optimizations/merge_vmap_raw b/tests/shell/testcases/optimizations/merge_vmap_raw
new file mode 100755
index 00000000..f3dc0721
--- /dev/null
+++ b/tests/shell/testcases/optimizations/merge_vmap_raw
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table inet x {
+	chain nat_dns_dnstc     { meta l4proto udp redirect to :5300 ; drop ; }
+        chain nat_dns_this_5301 { meta l4proto udp redirect to :5301 ; drop ; }
+        chain nat_dns_saturn_5301  { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5301 ; drop ; }
+        chain nat_dns_saturn_5302  { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5302 ; drop ; }
+        chain nat_dns_saturn_5303  { meta nfproto ipv4 meta l4proto udp dnat to 240.0.1.2:5303 ; drop ; }
+
+        chain nat_dns_acme {
+                udp length 47-63 @th,160,128 0x0e373135363130333131303735353203 \
+                        goto nat_dns_dnstc
+
+                udp length 62-78 @th,160,128 0x0e31393032383939353831343037320e \
+                        goto nat_dns_this_5301
+
+                udp length 62-78 @th,160,128 0x0e31363436323733373931323934300e \
+                        goto nat_dns_saturn_5301
+
+                udp length 62-78 @th,160,128 0x0e32393535373539353636383732310e \
+                        goto nat_dns_saturn_5302
+
+                udp length 62-78 @th,160,128 0x0e38353439353637323038363633390e \
+                        goto nat_dns_saturn_5303
+
+                drop
+        }
+}"
+
+$NFT -o -f - <<< $RULESET
-- 
cgit v1.2.3