nftables: do mot merge payloads on negation

else, a rule like tcp sport != 22 tcp dport != 23 will match even if the destination is 23 as long as sport is != 22. (or vice versa). Signed-off-by: Sriram Rajagopalan <sriramr@arista.com> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Sriram Rajagopalan <bglsriram@gmail.com> 2024-03-13 01:32:42 -0700
committer: Florian Westphal <fw@strlen.de> 2024-03-13 10:07:46 +0100
commit: f35a0d78fe870737fa39d859bd2e3ac25bf1b12e (patch)
tree: 928f78978309949fd057cd2d2934902bbdb8b98c /src/rule.c
parent: b8f8ddfff7335d3a8bebf5d85085974ae36f4099 (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/src/rule.c b/src/rule.c
index 9e418d8c..45289cc0 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -2766,7 +2766,6 @@ static void stmt_reduce(const struct rule *rule)
 			switch (stmt->expr->op) {
 			case OP_EQ:
 			case OP_IMPLICIT:
-			case OP_NEQ:
 				break;
 			default:
 				continue;
author	Sriram Rajagopalan <bglsriram@gmail.com>	2024-03-13 01:32:42 -0700
committer	Florian Westphal <fw@strlen.de>	2024-03-13 10:07:46 +0100
commit	f35a0d78fe870737fa39d859bd2e3ac25bf1b12e (patch)
tree	928f78978309949fd057cd2d2934902bbdb8b98c /src/rule.c
parent	b8f8ddfff7335d3a8bebf5d85085974ae36f4099 (diff)