On Fri, Feb 17, 2023 at 02:45:58PM +0100, Phil Sutter wrote: > Some matches may turn into multiple nft statements (naturally or via > translation). Such statements must parse into a single extension again > in order to rebuild the rule as it was. > > Introduce nft_find_match_in_cs() to iterate through the lists and drop > tcp/udp port match caching in struct nft_xt_ctx which is not needed > anymore. > > Note: Match reuse is not enabled unconditionally for all matches, > because iptables supports having multiple instances of the same > extension. > > Signed-off-by: Phil Sutter <phil@xxxxxx> Series applied.
