From 07f4ca96816886635acfb9478b2d04929938eb78 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Tue, 8 May 2018 16:31:29 +0200 Subject: xtables-compat: ebtables: allow checking for zero-mac Allow checking for an all-zero mac address by replacing checks on the address with a check on the option flag. Its set when '-d' or '-s' appears on the command line and when seeing a linklayer payload request for ether s/daddr. Same for -p: s this flag gets removed during getopt when 'p' is encountered. So, if its set, no need to check protocol type. Signed-off-by: Florian Westphal --- iptables/xtables-eb-translate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'iptables/xtables-eb-translate.c') diff --git a/iptables/xtables-eb-translate.c b/iptables/xtables-eb-translate.c index 23d261e0..e54415a2 100644 --- a/iptables/xtables-eb-translate.c +++ b/iptables/xtables-eb-translate.c @@ -305,7 +305,6 @@ static void ebtables_parse_interface(const char *arg, char *vianame) if (*(c + 1) != '\0') xtables_error(PARAMETER_PROBLEM, "Spurious characters after '+' wildcard"); - *c = IF_WILDCARD; } } @@ -392,6 +391,7 @@ static int do_commandeb_xlate(struct nft_handle *h, int argc, char *argv[], char /* prevent getopt to spoil our error reporting */ opterr = false; + cs.eb.bitmask = EBT_NOPROTO; printf("nft "); /* Getopt saves the day */ -- cgit v1.2.3