diff options
| author | Giuseppe Longo <giuseppelng@gmail.com> | 2014-03-07 15:21:10 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-03-07 18:31:16 +0100 |
| commit | 2c678e1954f95dd3d0ca3d88279f96a26f3a726b (patch) | |
| tree | 3281738b240183088789b13d24bb3ec0b0d6e895 | |
| parent | b88c6bddcd1e6c28cf0b5169746c34dc3bdd9a31 (diff) | |
nft-arp: wrong condition in parse_payload
the current condition doesn't permit to parse ip addresses
when they should be. Obviously they are not printed.
arptables-compat -A INPUT -s 1.1.1.1 -i eth0 -j ACCEPT
arptables-compat -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
-j ACCEPT -i eth0
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | iptables/nft-arp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 1af72029..3af1b4bf 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -345,7 +345,7 @@ static void nft_arp_parse_payload(struct nft_rule_expr_iter *iter, fw->arp.invflags |= ARPT_INV_ARPOP; break; default: - if (!fw->arp.arhln) + if (fw->arp.arhln < 0) break; if (offset == sizeof(struct arphdr) + fw->arp.arhln) { |