From a61df019861997df76159b780070e2a09038798f Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sat, 5 Nov 2022 16:51:10 +0100 Subject: optimize: handle prefix and range when merging into set + concatenation The following ruleset fails to be merged using set + concatenation: meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.3.0/24 accept meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.4.0-2.2.4.10 accept hitting the following assertion: nft: optimize.c:585: __merge_concat_stmts: Assertion `0' failed. Abort This patch also updates tests/shell. Signed-off-by: Pablo Neira Ayuso --- tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft | 2 +- tests/shell/testcases/optimizations/merge_stmts_concat | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft b/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft index 5d03cf8d..f56cea1c 100644 --- a/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft +++ b/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft @@ -1,6 +1,6 @@ table ip x { chain y { - iifname . ip saddr . ip daddr { "eth1" . 1.1.1.1 . 2.2.2.3, "eth1" . 1.1.1.2 . 2.2.2.4, "eth2" . 1.1.1.3 . 2.2.2.5 } accept + iifname . ip saddr . ip daddr { "eth1" . 1.1.1.1 . 2.2.2.3, "eth1" . 1.1.1.2 . 2.2.2.4, "eth1" . 1.1.1.2 . 2.2.3.0/24, "eth1" . 1.1.1.2 . 2.2.4.0-2.2.4.10, "eth2" . 1.1.1.3 . 2.2.2.5 } accept ip protocol . th dport { tcp . 22, udp . 67 } } diff --git a/tests/shell/testcases/optimizations/merge_stmts_concat b/tests/shell/testcases/optimizations/merge_stmts_concat index 0bcd9562..9679d862 100755 --- a/tests/shell/testcases/optimizations/merge_stmts_concat +++ b/tests/shell/testcases/optimizations/merge_stmts_concat @@ -6,6 +6,8 @@ RULESET="table ip x { chain y { meta iifname eth1 ip saddr 1.1.1.1 ip daddr 2.2.2.3 accept meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.2.4 accept + meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.3.0/24 accept + meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.4.0-2.2.4.10 accept meta iifname eth2 ip saddr 1.1.1.3 ip daddr 2.2.2.5 accept ip protocol . th dport { tcp . 22, udp . 67 } } -- cgit v1.2.3