[PATCH nft] optimize: handle prefix and range when merging into set + concatenation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following ruleset fails to be merged using set + concatenation:

  meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.3.0/24 accept
  meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.4.0-2.2.4.10 accept

hitting the following assertion:

  nft: optimize.c:585: __merge_concat_stmts: Assertion `0' failed.
  Abort

This patch also updates tests/shell.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 src/optimize.c                                                  | 2 ++
 .../shell/testcases/optimizations/dumps/merge_stmts_concat.nft  | 2 +-
 tests/shell/testcases/optimizations/merge_stmts_concat          | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/optimize.c b/src/optimize.c
index 180a7d55f18b..09013efc548c 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -578,6 +578,8 @@ static void __merge_concat_stmts(const struct optimize_ctx *ctx, uint32_t i,
 				break;
 			case EXPR_SYMBOL:
 			case EXPR_VALUE:
+			case EXPR_PREFIX:
+			case EXPR_RANGE:
 				clone = expr_clone(stmt_a->expr->right);
 				compound_expr_add(concat, clone);
 				break;
diff --git a/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft b/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft
index 5d03cf8d9566..f56cea1c4fd7 100644
--- a/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft
+++ b/tests/shell/testcases/optimizations/dumps/merge_stmts_concat.nft
@@ -1,6 +1,6 @@
 table ip x {
 	chain y {
-		iifname . ip saddr . ip daddr { "eth1" . 1.1.1.1 . 2.2.2.3, "eth1" . 1.1.1.2 . 2.2.2.4, "eth2" . 1.1.1.3 . 2.2.2.5 } accept
+		iifname . ip saddr . ip daddr { "eth1" . 1.1.1.1 . 2.2.2.3, "eth1" . 1.1.1.2 . 2.2.2.4, "eth1" . 1.1.1.2 . 2.2.3.0/24, "eth1" . 1.1.1.2 . 2.2.4.0-2.2.4.10, "eth2" . 1.1.1.3 . 2.2.2.5 } accept
 		ip protocol . th dport { tcp . 22, udp . 67 }
 	}
 
diff --git a/tests/shell/testcases/optimizations/merge_stmts_concat b/tests/shell/testcases/optimizations/merge_stmts_concat
index 0bcd95622a98..9679d86223fd 100755
--- a/tests/shell/testcases/optimizations/merge_stmts_concat
+++ b/tests/shell/testcases/optimizations/merge_stmts_concat
@@ -6,6 +6,8 @@ RULESET="table ip x {
 	chain y {
 		meta iifname eth1 ip saddr 1.1.1.1 ip daddr 2.2.2.3 accept
 		meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.2.4 accept
+		meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.3.0/24 accept
+		meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.4.0-2.2.4.10 accept
 		meta iifname eth2 ip saddr 1.1.1.3 ip daddr 2.2.2.5 accept
 		ip protocol . th dport { tcp . 22, udp . 67 }
 	}
-- 
2.30.2
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux