diff mbox series

[nft] optimize: compare expression length

Message ID 20241118122114.178991-1-pablo@netfilter.org
State Accepted
Headers show
Series [nft] optimize: compare expression length | expand

Commit Message

Pablo Neira Ayuso Nov. 18, 2024, 12:21 p.m. UTC
do not merge raw payload expressions with different length.

Other expression rely on key comparison which is assumed to have the
same length already.

Fixes: 60dcc01d6351 ("optimize: add __expr_cmp()")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/optimize.c                                      |  2 ++
 .../testcases/optimizations/nomerge_raw_payload     | 13 +++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100755 tests/shell/testcases/optimizations/nomerge_raw_payload
diff mbox series

Patch

diff --git a/src/optimize.c b/src/optimize.c
index 224c6a526f56..03c8bad234e2 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -38,6 +38,8 @@  static bool __expr_cmp(const struct expr *expr_a, const struct expr *expr_b)
 {
 	if (expr_a->etype != expr_b->etype)
 		return false;
+	if (expr_a->len != expr_b->len)
+		return false;
 
 	switch (expr_a->etype) {
 	case EXPR_PAYLOAD:
diff --git a/tests/shell/testcases/optimizations/nomerge_raw_payload b/tests/shell/testcases/optimizations/nomerge_raw_payload
new file mode 100755
index 000000000000..bb8678ac2ed0
--- /dev/null
+++ b/tests/shell/testcases/optimizations/nomerge_raw_payload
@@ -0,0 +1,13 @@ 
+#!/bin/bash
+
+set -e
+
+RULESET="table ip x {
+        chain y {
+                type filter hook prerouting priority raw; policy accept;
+                @th,160,32 0x02736c00 drop comment \"sl\"
+                @th,160,112 0x870697a7a6173656f03636f6d00 drop comment \"pizzaseo.com\"
+        }
+}"
+
+$NFT -o -f - <<< $RULESET