diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2015-01-19 14:28:02 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-01-28 17:23:51 +0100 |
commit | 8acf8315a44fbee8227433daabb262b6de1e70f6 (patch) | |
tree | e261699a55e99e3ee8206ca6e99f459c3a127211 /iptables/nft-arp.c | |
parent | cd414abfd21dae0288f53669672f057c0630c78a (diff) |
ebtables-compat: fix nft payload bases
ebtables should use NFT_PAYLOAD_LL_HEADER to fetch basic payload information
from packets in the bridge family.
Let's allow the add_payload() function to know in which base it should work.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-arp.c')
-rw-r--r-- | iptables/nft-arp.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index b10b45f1..24b31c5a 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -156,13 +156,15 @@ static int nft_arp_add(struct nft_rule *r, void *data) if (fw->arp.arhrd != 0) { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_ARPHRD); - add_payload(r, offsetof(struct arphdr, ar_hrd), 2); + add_payload(r, offsetof(struct arphdr, ar_hrd), 2, + NFT_PAYLOAD_NETWORK_HEADER); add_cmp_u16(r, fw->arp.arhrd, op); } if (fw->arp.arpro != 0) { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_ARPPRO); - add_payload(r, offsetof(struct arphdr, ar_pro), 2); + add_payload(r, offsetof(struct arphdr, ar_pro), 2, + NFT_PAYLOAD_NETWORK_HEADER); add_cmp_u16(r, fw->arp.arpro, op); } @@ -176,13 +178,15 @@ static int nft_arp_add(struct nft_rule *r, void *data) if (fw->arp.arpop != 0) { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_ARPOP); - add_payload(r, offsetof(struct arphdr, ar_op), 2); + add_payload(r, offsetof(struct arphdr, ar_op), 2, + NFT_PAYLOAD_NETWORK_HEADER); add_cmp_u16(r, fw->arp.arpop, op); } if (fw->arp.src_devaddr.addr[0] != '\0') { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_SRCDEVADDR); - add_payload(r, sizeof(struct arphdr), fw->arp.arhln); + add_payload(r, sizeof(struct arphdr), fw->arp.arhln, + NFT_PAYLOAD_NETWORK_HEADER); add_cmp_ptr(r, op, fw->arp.src_devaddr.addr, fw->arp.arhln); } @@ -195,7 +199,8 @@ static int nft_arp_add(struct nft_rule *r, void *data) if (fw->arp.tgt_devaddr.addr[0] != '\0') { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_TGTDEVADDR); - add_payload(r, sizeof(struct arphdr) + fw->arp.arhln + 4, fw->arp.arhln); + add_payload(r, sizeof(struct arphdr) + fw->arp.arhln + 4, + fw->arp.arhln, NFT_PAYLOAD_NETWORK_HEADER); add_cmp_ptr(r, op, fw->arp.tgt_devaddr.addr, fw->arp.arhln); } |