Keep inspecting rule verdicts before assuming they are equal. Update
existing test to catch this bug.
Fixes: 1542082e259b ("optimize: merge same selector with different verdict into verdict map")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/optimize.c | 10 +++++-----
.../testcases/optimizations/merge_stmts_concat_vmap | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/optimize.c b/src/optimize.c
index 4ad25fab6be4..a6c26d21eb6b 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -621,13 +621,13 @@ static bool stmt_verdict_cmp(const struct optimize_ctx *ctx,
for (i = from; i + 1 <= to; i++) {
stmt_a = ctx->stmt_matrix[i][k];
stmt_b = ctx->stmt_matrix[i + 1][k];
- if (!stmt_a && !stmt_b)
- return true;
- if (stmt_verdict_eq(stmt_a, stmt_b))
- return true;
+ if (!stmt_a || !stmt_b)
+ return false;
+ if (!stmt_verdict_eq(stmt_a, stmt_b))
+ return false;
}
- return false;
+ return true;
}
static void rule_optimize_print(struct output_ctx *octx,
diff --git a/tests/shell/testcases/optimizations/merge_stmts_concat_vmap b/tests/shell/testcases/optimizations/merge_stmts_concat_vmap
index f1ab0288ab0d..5c0ae60caafa 100755
--- a/tests/shell/testcases/optimizations/merge_stmts_concat_vmap
+++ b/tests/shell/testcases/optimizations/merge_stmts_concat_vmap
@@ -5,8 +5,8 @@ set -e
RULESET="table ip x {
chain y {
ip saddr 1.1.1.1 ip daddr 2.2.2.2 accept
- ip saddr 2.2.2.2 ip daddr 3.3.3.3 drop
ip saddr 4.4.4.4 ip daddr 5.5.5.5 accept
+ ip saddr 2.2.2.2 ip daddr 3.3.3.3 drop
}
}"
--
2.30.2
