diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-02-19 00:15:13 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-02-22 19:59:45 +0100 |
| commit | 6c8db125b258da070313f20cdf9bc4124bba5383 (patch) | |
| tree | 9657a507f1616c0da51683ecc5b9e759ae88a5a7 /iptables/nft-arp.c | |
| parent | 0e067c7142c73404eb9ba6e355a28a92bf493675 (diff) | |
iptables-compat: unset context flags in netlink delinearize step
Once the data that the compare expression provides have been digested.
For example:
-A INPUT -i noexist -p udplite -s 10.10.10.10/32 -d 10.0.0.10/32 -j ACCEPT
doesn't show anymore the following broken output via iptables-compat-save:
-A INPUT -i
+t -p udplite -s 10.10.10.10/32 -d 10.0.0.10/32 -j ACCEPT
Reported-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Tested-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Diffstat (limited to 'iptables/nft-arp.c')
| -rw-r--r-- | iptables/nft-arp.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 05672014..523b3ec3 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -337,10 +337,12 @@ static void nft_arp_parse_payload(struct nft_xt_ctx *ctx, fw->arp.arhln) { get_cmp_data(e, &addr, sizeof(addr), &inv); fw->arp.src.s_addr = addr.s_addr; - if (ctx->flags & NFT_XT_CTX_BITWISE) + if (ctx->flags & NFT_XT_CTX_BITWISE) { parse_mask_ipv4(ctx, &fw->arp.smsk); - else + ctx->flags &= ~NFT_XT_CTX_BITWISE; + } else { fw->arp.smsk.s_addr = 0xffffffff; + } if (inv) fw->arp.invflags |= ARPT_INV_SRCIP; @@ -349,10 +351,12 @@ static void nft_arp_parse_payload(struct nft_xt_ctx *ctx, sizeof(struct in_addr)) { get_cmp_data(e, &addr, sizeof(addr), &inv); fw->arp.tgt.s_addr = addr.s_addr; - if (ctx->flags & NFT_XT_CTX_BITWISE) + if (ctx->flags & NFT_XT_CTX_BITWISE) { parse_mask_ipv4(ctx, &fw->arp.tmsk); - else + ctx->flags &= ~NFT_XT_CTX_BITWISE; + } else { fw->arp.tmsk.s_addr = 0xffffffff; + } if (inv) fw->arp.invflags |= ARPT_INV_TGTIP; |