diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-02-11 16:16:50 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-02-11 16:19:24 +0100 |
| commit | 87f82cbd4f94cca74eb58506e117f226a2270759 (patch) | |
| tree | c49b2f0ba1b80c0953c41f6c865cab92e30038eb /iptables/nft-arp.c | |
| parent | aa562a660d1555b13cffbac1e744033e91f82707 (diff) | |
| parent | 24775a7a3178c163302560d2bd74ecc6ed0f7af4 (diff) | |
Merge branch 'ebtables-compat'
The ebtables-compat branch provides the compatibility layer to run
ebtables extensions. Currently, only the following matches / targets /
watchers are supported:
* 802_3
* ip
* mark_m and mark
* log
The remaining ones should be easy to port them to on top of libxtables,
they will follow up later.
Diffstat (limited to 'iptables/nft-arp.c')
| -rw-r--r-- | iptables/nft-arp.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index b10b45f1..24b31c5a 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -156,13 +156,15 @@ static int nft_arp_add(struct nft_rule *r, void *data) if (fw->arp.arhrd != 0) { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_ARPHRD); - add_payload(r, offsetof(struct arphdr, ar_hrd), 2); + add_payload(r, offsetof(struct arphdr, ar_hrd), 2, + NFT_PAYLOAD_NETWORK_HEADER); add_cmp_u16(r, fw->arp.arhrd, op); } if (fw->arp.arpro != 0) { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_ARPPRO); - add_payload(r, offsetof(struct arphdr, ar_pro), 2); + add_payload(r, offsetof(struct arphdr, ar_pro), 2, + NFT_PAYLOAD_NETWORK_HEADER); add_cmp_u16(r, fw->arp.arpro, op); } @@ -176,13 +178,15 @@ static int nft_arp_add(struct nft_rule *r, void *data) if (fw->arp.arpop != 0) { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_ARPOP); - add_payload(r, offsetof(struct arphdr, ar_op), 2); + add_payload(r, offsetof(struct arphdr, ar_op), 2, + NFT_PAYLOAD_NETWORK_HEADER); add_cmp_u16(r, fw->arp.arpop, op); } if (fw->arp.src_devaddr.addr[0] != '\0') { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_SRCDEVADDR); - add_payload(r, sizeof(struct arphdr), fw->arp.arhln); + add_payload(r, sizeof(struct arphdr), fw->arp.arhln, + NFT_PAYLOAD_NETWORK_HEADER); add_cmp_ptr(r, op, fw->arp.src_devaddr.addr, fw->arp.arhln); } @@ -195,7 +199,8 @@ static int nft_arp_add(struct nft_rule *r, void *data) if (fw->arp.tgt_devaddr.addr[0] != '\0') { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_TGTDEVADDR); - add_payload(r, sizeof(struct arphdr) + fw->arp.arhln + 4, fw->arp.arhln); + add_payload(r, sizeof(struct arphdr) + fw->arp.arhln + 4, + fw->arp.arhln, NFT_PAYLOAD_NETWORK_HEADER); add_cmp_ptr(r, op, fw->arp.tgt_devaddr.addr, fw->arp.arhln); } |