* [PATCH nft] optimize: do not assume log prefix
@ 2022-03-04 10:24 Pablo Neira Ayuso
0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2022-03-04 10:24 UTC (permalink / raw)
To: netfilter-devel
... log prefix might not be present in log statements.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/optimize.c | 15 ++++++++++++---
.../testcases/optimizations/dumps/merge_vmaps.nft | 1 +
tests/shell/testcases/optimizations/merge_vmaps | 1 +
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/src/optimize.c b/src/optimize.c
index f8dd7f8d159f..7a268c452226 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -153,8 +153,16 @@ static bool __stmt_type_eq(const struct stmt *stmt_a, const struct stmt *stmt_b)
stmt_a->log.qthreshold != stmt_b->log.qthreshold ||
stmt_a->log.level != stmt_b->log.level ||
stmt_a->log.logflags != stmt_b->log.logflags ||
- stmt_a->log.flags != stmt_b->log.flags ||
- stmt_a->log.prefix->etype != EXPR_VALUE ||
+ stmt_a->log.flags != stmt_b->log.flags)
+ return false;
+
+ if (!!stmt_a->log.prefix ^ !!stmt_b->log.prefix)
+ return false;
+
+ if (!stmt_a->log.prefix)
+ return true;
+
+ if (stmt_a->log.prefix->etype != EXPR_VALUE ||
stmt_b->log.prefix->etype != EXPR_VALUE ||
mpz_cmp(stmt_a->log.prefix->value, stmt_b->log.prefix->value))
return false;
@@ -265,7 +273,8 @@ static int rule_collect_stmts(struct optimize_ctx *ctx, struct rule *rule)
break;
case STMT_LOG:
memcpy(&clone->log, &stmt->log, sizeof(clone->log));
- clone->log.prefix = expr_get(stmt->log.prefix);
+ if (stmt->log.prefix)
+ clone->log.prefix = expr_get(stmt->log.prefix);
break;
default:
break;
diff --git a/tests/shell/testcases/optimizations/dumps/merge_vmaps.nft b/tests/shell/testcases/optimizations/dumps/merge_vmaps.nft
index c1c9743b9f8c..05b9e575c272 100644
--- a/tests/shell/testcases/optimizations/dumps/merge_vmaps.nft
+++ b/tests/shell/testcases/optimizations/dumps/merge_vmaps.nft
@@ -8,5 +8,6 @@ table ip x {
chain y {
tcp dport vmap { 80 : accept, 81 : accept, 443 : accept, 8000-8100 : accept, 24000-25000 : accept }
meta l4proto vmap { tcp : goto filter_in_tcp, udp : goto filter_in_udp }
+ log
}
}
diff --git a/tests/shell/testcases/optimizations/merge_vmaps b/tests/shell/testcases/optimizations/merge_vmaps
index 7b7a2723be4b..0922a221bd6d 100755
--- a/tests/shell/testcases/optimizations/merge_vmaps
+++ b/tests/shell/testcases/optimizations/merge_vmaps
@@ -19,6 +19,7 @@ RULESET="table ip x {
}
meta l4proto tcp goto filter_in_tcp
meta l4proto udp goto filter_in_udp
+ log
}
}"
--
2.30.2
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-03-04 10:24 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-04 10:24 [PATCH nft] optimize: do not assume log prefix Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).