optimize: incorrect comparison for reject statement

commit abab6e60c755aef7e1ab9d3320effa714a0b49e2 upstream.

Logic is reverse, this should returns false if the compared reject
expressions are not the same.

Fixes: 38d48fe57fff ("optimize: fix reject statement")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/optimize.c b/src/optimize.c
index 8fc2b90140d4a13b004cd111f60bc8bdc04fdeab..e200819cebf3619dcfc3f240f16163218351197a 100644 (file)
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -232,7 +232,7 @@ static bool __stmt_type_eq(const struct stmt *stmt_a, const struct stmt *stmt_b,
                if (!stmt_a->reject.expr)
                        return true;
 
-               if (__expr_cmp(stmt_a->reject.expr, stmt_b->reject.expr))
+               if (!__expr_cmp(stmt_a->reject.expr, stmt_b->reject.expr))
                        return false;
                break;
        case STMT_NAT: