diff options
author | Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> | 2013-11-07 10:14:37 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:53 +0100 |
commit | b31304a8d88e5d3b4235ac693f56f8a9ca238c32 (patch) | |
tree | 041b037632186a6409e138627c71d0b6edeb8dfc | |
parent | 82ab5ac1145dfaae17f86360e6c2db58e6cc59cd (diff) |
xtables: arp: inhibit -l option so only a fixed 6 bytes length arhln can be used
This is a temporary workaround mechanism until variable interface
hardware address length can be handled through nftables. This
defaults on the length of EUI-64 mac address, which should be the
most common usage until this is appropriately fixed for all type
of layer 2 addresses.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | iptables/xtables-arp.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c index 046ae41d..298801b3 100644 --- a/iptables/xtables-arp.c +++ b/iptables/xtables-arp.c @@ -1145,6 +1145,13 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table) invert); getlength_and_mask(argv[optind - 1], &fw.arp.arhln, &fw.arp.arhln_mask); + + if (fw.arp.arhln != 6) { + xtables_error(PARAMETER_PROBLEM, + "Only harware address length of" + " 6 is supported currently."); + } + break; case 8:/* protocol length */ |