Skip comparison when collecting the statement and building the rule vs
statement matrix. Compare verdict type when merging rules.
When infering rule mergers, honor the STMT_VERDICT with map (ie. vmap).
Fixes: 561aa3cfa8da ("optimize: merge verdict maps with same lookup key")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/optimize.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/optimize.c b/src/optimize.c
index 427625846484..747282b4d7f4 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -139,6 +139,9 @@ static bool __stmt_type_eq(const struct stmt *stmt_a, const struct stmt *stmt_b,
case STMT_NOTRACK:
break;
case STMT_VERDICT:
+ if (!fully_compare)
+ break;
+
expr_a = stmt_a->expr;
expr_b = stmt_b->expr;
@@ -276,10 +279,6 @@ static int rule_collect_stmts(struct optimize_ctx *ctx, struct rule *rule)
if (stmt_type_find(ctx, stmt))
continue;
- if (stmt->ops->type == STMT_VERDICT &&
- stmt->expr->etype == EXPR_MAP)
- continue;
-
/* No refcounter available in statement objects, clone it to
* to store in the array of selectors.
*/
@@ -999,6 +998,10 @@ static int chain_optimize(struct nft_ctx *nft, struct list_head *rules)
case STMT_EXPRESSION:
merge[k].stmt[merge[k].num_stmts++] = m;
break;
+ case STMT_VERDICT:
+ if (ctx->stmt_matrix[i][m]->expr->etype == EXPR_MAP)
+ merge[k].stmt[merge[k].num_stmts++] = m;
+ break;
default:
break;
}
--
2.30.2
