arptables: Don't omit standard matches if inverted

Inverted --h-len and --h-type matches were omitted from output by accident if they matched on their standard value. Fixes: 84331e3ed3f8e ("arptables-nft: Don't print default h-len/h-type values") Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2023-04-28 14:37:47 +0200
committer: Phil Sutter <phil@nwl.cc> 2023-04-28 15:05:45 +0200
commit: 79f93b0943fa0e46ba29bb476362634509eb594e (patch)
tree: 3b7ffdb6c9d899cb178ba7e491b22f876baf1fdb
parent: 092e4b022152addc94524e2ba0cb608dac1a3a08 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index a8e49f44..3236e2f5 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -408,7 +408,8 @@ after_devsrc:
 
 after_devdst:
 
-	if (fw->arp.arhln_mask != 255 || fw->arp.arhln != 6) {
+	if (fw->arp.arhln_mask != 255 || fw->arp.arhln != 6 ||
+	    fw->arp.invflags & IPT_INV_ARPHLN) {
 		printf("%s%s", sep, fw->arp.invflags & IPT_INV_ARPHLN
 			? "! " : "");
 		printf("--h-length %d", fw->arp.arhln);
@@ -432,7 +433,8 @@ after_devdst:
 		sep = " ";
 	}
 
-	if (fw->arp.arhrd_mask != 65535 || fw->arp.arhrd != htons(1)) {
+	if (fw->arp.arhrd_mask != 65535 || fw->arp.arhrd != htons(1) ||
+	    fw->arp.invflags & IPT_INV_ARPHRD) {
 		uint16_t tmp = ntohs(fw->arp.arhrd);
 
 		printf("%s%s", sep, fw->arp.invflags & IPT_INV_ARPHRD
author	Phil Sutter <phil@nwl.cc>	2023-04-28 14:37:47 +0200
committer	Phil Sutter <phil@nwl.cc>	2023-04-28 15:05:45 +0200
commit	79f93b0943fa0e46ba29bb476362634509eb594e (patch)
tree	3b7ffdb6c9d899cb178ba7e491b22f876baf1fdb
parent	092e4b022152addc94524e2ba0cb608dac1a3a08 (diff)