From: Sriram Rajagopalan <bglsriram@gmail.com>
Date: Wed, 13 Mar 2024 08:32:42 +0000 (-0700)
Subject: nftables: do mot merge payloads on negation
X-Git-Tag: v1.1.0~81
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f35a0d78fe870737fa39d859bd2e3ac25bf1b12e;p=thirdparty%2Fnftables.git

nftables: do mot merge payloads on negation

else, a rule like
  tcp sport != 22 tcp dport != 23

will match even if the destination is 23 as long as sport is != 22.
(or vice versa).

Signed-off-by: Sriram Rajagopalan <sriramr@arista.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/rule.c b/src/rule.c
index 9e418d8c..45289cc0 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -2766,7 +2766,6 @@ static void stmt_reduce(const struct rule *rule)
 			switch (stmt->expr->op) {
 			case OP_EQ:
 			case OP_IMPLICIT:
-			case OP_NEQ:
 				break;
 			default:
 				continue;