updating regress tests, i've noticed that some of the optimizer
tests are failing with additional (unoptimized) rules popping out.
digging deeper has shown that is indeed a bug introduced by af-to
(sorry!). the fix is simple though.
ok?
Index: parse.y
===================================================================
RCS file: /cvs/src/sbin/pfctl/parse.y,v
retrieving revision 1.612
diff -u -p -r1.612 parse.y
--- parse.y 12 Dec 2011 21:30:27 -0000 1.612
+++ parse.y 12 Dec 2011 23:37:03 -0000
@@ -4890,7 +4890,7 @@ expand_rule(struct pf_rule *r, int keepr
LOOP_THROUGH(struct node_uid, uid, uids,
LOOP_THROUGH(struct node_gid, gid, gids,
- r->af = r->naf = af;
+ r->af = af;
error += collapse_redirspec(&r->rdr, r, rdr, 0);
error += collapse_redirspec(&r->nat, r, nat, 0);
Index: pfctl_optimize.c
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl_optimize.c,v
retrieving revision 1.30
diff -u -p -r1.30 pfctl_optimize.c
--- pfctl_optimize.c 23 Nov 2011 10:24:37 -0000 1.30
+++ pfctl_optimize.c 12 Dec 2011 23:37:03 -0000
@@ -175,6 +175,7 @@ struct pf_rule_field {
PF_RULE_FIELD(dst.neg, NOMERGE),
PF_RULE_FIELD(rtableid, NOMERGE),
PF_RULE_FIELD(onrdomain, NOMERGE),
+ PF_RULE_FIELD(naf, NOMERGE),
/* These fields can be merged */
PF_RULE_FIELD(src.addr, COMBINED),
