diff options
author | Giuseppe Longo <giuseppelng@gmail.com> | 2014-03-07 11:43:13 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-03-07 12:58:17 +0100 |
commit | b88c6bddcd1e6c28cf0b5169746c34dc3bdd9a31 (patch) | |
tree | bdec2243d9b60e2a65fa144bfaf20337a907a133 /iptables/nft-arp.c | |
parent | 61a46b3834274ccdb58353b740fba659ed1a77ce (diff) |
nft-arp: fix is_same_interfaces arguments
Wrong arguments are passed to is_same_interfaces
that causes sometimes to delete a wrong rule.
See the example below:
arptables-compat -A INPUT -i eth0 -j ACCEPT
arptables-compat -A INPUT -i eth1 -j ACCEPT
arptables-compat -A INPUT -i eth2 -j ACCEPT
arptables-compat -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
-j ACCEPT -i eth0
-j ACCEPT -i eth1
-j ACCEPT -i eth2
arptables-compat -D INPUT -i eth2 -j ACCEPT
arptables-compat -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
-j ACCEPT -i eth1
-j ACCEPT -i eth2
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-arp.c')
-rw-r--r-- | iptables/nft-arp.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index a494ee6f..1af72029 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -631,14 +631,14 @@ static bool nft_arp_is_same(const void *data_a, return false; } - return is_same_interfaces(a->arp.src_devaddr.addr, - a->arp.tgt_devaddr.addr, - (unsigned char*)a->arp.src_devaddr.mask, - (unsigned char*)a->arp.tgt_devaddr.mask, - b->arp.src_devaddr.addr, - a->arp.tgt_devaddr.addr, - (unsigned char*)b->arp.src_devaddr.mask, - (unsigned char*)b->arp.tgt_devaddr.mask); + return is_same_interfaces(a->arp.iniface, + a->arp.outiface, + (unsigned char *)a->arp.iniface_mask, + (unsigned char *)a->arp.outiface_mask, + b->arp.iniface, + b->arp.outiface, + (unsigned char *)b->arp.iniface_mask, + (unsigned char *)b->arp.outiface_mask); } static bool nft_arp_rule_find(struct nft_family_ops *ops, struct nft_rule *r, |