From b31304a8d88e5d3b4235ac693f56f8a9ca238c32 Mon Sep 17 00:00:00 2001
From: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Date: Thu, 7 Nov 2013 10:14:37 +0200
Subject: xtables: arp: inhibit -l option so only a fixed 6 bytes length arhln
 can be used

This is a temporary workaround mechanism until variable interface
hardware address length can be handled through nftables. This
defaults on the length of EUI-64 mac address, which should be the
most common usage until this is appropriately fixed for all type
of layer 2 addresses.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/xtables-arp.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'iptables')

diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 046ae41d..298801b3 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -1145,6 +1145,13 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 				   invert);
 			getlength_and_mask(argv[optind - 1], &fw.arp.arhln,
 					   &fw.arp.arhln_mask);
+
+			if (fw.arp.arhln != 6) {
+				xtables_error(PARAMETER_PROBLEM,
+					      "Only harware address length of"
+					      " 6 is supported currently.");
+			}
+
 			break;
 
 		case 8:/* protocol length */
-- 
cgit v1.2.3