optimize: skip variables in nat statements

Do not hit assert(): nft: optimize.c:486: rule_build_stmt_matrix_stmts: Assertion `k >= 0' failed. variables are not supported by -o/--optimize at this stage. Fixes: 9be404a153bc ("optimize: ignore existing nat mapping") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-07-18 18:06:22 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2024-07-18 18:16:12 +0200
commit: bc1f910f502701f1a1d28c7bd723e4be3bac1d8c (patch)
tree: 533ae4acbec01973745d392efaa7b855cb3e5e45 /src/optimize.c
parent: d946842f576b422972212a2b83601bbd6204337c (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/optimize.c b/src/optimize.c
index 62dd9082..9f0965cd 100644
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -408,9 +408,11 @@ static int rule_collect_stmts(struct optimize_ctx *ctx, struct rule *rule)
 			break;
 		case STMT_NAT:
 			if ((stmt->nat.addr &&
-			     stmt->nat.addr->etype == EXPR_MAP) ||
+			     (stmt->nat.addr->etype == EXPR_MAP ||
+			      stmt->nat.addr->etype == EXPR_VARIABLE)) ||
 			    (stmt->nat.proto &&
-			     stmt->nat.proto->etype == EXPR_MAP)) {
+			     (stmt->nat.proto->etype == EXPR_MAP ||
+			      stmt->nat.proto->etype == EXPR_VARIABLE))) {
 				clone->ops = &unsupported_stmt_ops;
 				break;
 			}
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-07-18 18:06:22 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2024-07-18 18:16:12 +0200
commit	bc1f910f502701f1a1d28c7bd723e4be3bac1d8c (patch)
tree	533ae4acbec01973745d392efaa7b855cb3e5e45 /src/optimize.c
parent	d946842f576b422972212a2b83601bbd6204337c (diff)