From 2c678e1954f95dd3d0ca3d88279f96a26f3a726b Mon Sep 17 00:00:00 2001
From: Giuseppe Longo <giuseppelng@gmail.com>
Date: Fri, 7 Mar 2014 15:21:10 +0100
Subject: nft-arp: wrong condition in parse_payload

the current condition doesn't permit to parse ip addresses
when they should be. Obviously they are not printed.

arptables-compat -A INPUT -s 1.1.1.1 -i eth0 -j ACCEPT
arptables-compat -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
-j ACCEPT -i eth0

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft-arp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 1af72029..3af1b4bf 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -345,7 +345,7 @@ static void nft_arp_parse_payload(struct nft_rule_expr_iter *iter,
 			fw->arp.invflags |= ARPT_INV_ARPOP;
 		break;
 	default:
-		if (!fw->arp.arhln)
+		if (fw->arp.arhln < 0)
 			break;
 
 		if (offset == sizeof(struct arphdr) + fw->arp.arhln) {
-- 
cgit v1.2.3