nft-bridge: fix printing of inverted protocols, addresses

Previous to this patch, no '!' is printed in payload comparisions. This patch solves it, so we can print for example inverted protocols: % ebtables-compat -L [...] -p ! 0x800 -j ACCEPT Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Arturo Borrero <arturo.borrero.glez@gmail.com> 2014-11-08 22:40:37 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2014-11-24 11:35:34 +0100
commit: 04ff786c7a42f3ad16535fa5d7aa20346217917b (patch)
tree: 7530246a838cf5757051b22f01ec7c5b99e04df3 /iptables/nft-bridge.c
parent: 51e83a4deb4849152a29c160893f0823846d47a0 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 0e21b468..3ed62398 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -268,15 +268,21 @@ static void nft_bridge_parse_payload(struct nft_xt_ctx *ctx,
 		get_cmp_data(e, addr, sizeof(addr), &inv);
 		for (i = 0; i < ETH_ALEN; i++)
 			fw->destmac[i] = addr[i];
+		if (inv)
+			fw->invflags |= EBT_IDEST;
 		break;
 	case offsetof(struct ethhdr, h_source):
 		get_cmp_data(e, addr, sizeof(addr), &inv);
 		for (i = 0; i < ETH_ALEN; i++)
 			fw->sourcemac[i] = addr[i];
+		if (inv)
+			fw->invflags |= EBT_ISOURCE;
 		break;
 	case offsetof(struct ethhdr, h_proto):
 		get_cmp_data(e, &ethproto, sizeof(ethproto), &inv);
 		fw->ethproto = ethproto;
+		if (inv)
+			fw->invflags |= EBT_IPROTO;
 		break;
 	}
 }
author	Arturo Borrero <arturo.borrero.glez@gmail.com>	2014-11-08 22:40:37 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2014-11-24 11:35:34 +0100
commit	04ff786c7a42f3ad16535fa5d7aa20346217917b (patch)
tree	7530246a838cf5757051b22f01ec7c5b99e04df3 /iptables/nft-bridge.c
parent	51e83a4deb4849152a29c160893f0823846d47a0 (diff)