summaryrefslogtreecommitdiffstats
path: root/iptables/xtables-arp.c
diff options
context:
space:
mode:
authorTomasz Bursztyka <tomasz.bursztyka@linux.intel.com>2013-11-07 10:14:37 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-12-30 23:50:53 +0100
commitb31304a8d88e5d3b4235ac693f56f8a9ca238c32 (patch)
tree041b037632186a6409e138627c71d0b6edeb8dfc /iptables/xtables-arp.c
parent82ab5ac1145dfaae17f86360e6c2db58e6cc59cd (diff)
xtables: arp: inhibit -l option so only a fixed 6 bytes length arhln can be used
This is a temporary workaround mechanism until variable interface hardware address length can be handled through nftables. This defaults on the length of EUI-64 mac address, which should be the most common usage until this is appropriately fixed for all type of layer 2 addresses. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/xtables-arp.c')
-rw-r--r--iptables/xtables-arp.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 046ae41d..298801b3 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -1145,6 +1145,13 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
invert);
getlength_and_mask(argv[optind - 1], &fw.arp.arhln,
&fw.arp.arhln_mask);
+
+ if (fw.arp.arhln != 6) {
+ xtables_error(PARAMETER_PROBLEM,
+ "Only harware address length of"
+ " 6 is supported currently.");
+ }
+
break;
case 8:/* protocol length */