[iptables-nftables v2 PATCH] nft: arp: inhibate -l option so only a fixed size arhln is in use

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a temporary workaround mechanism until variable interface hardware
address length can be handled through nftables.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@xxxxxxxxxxxxxxx>
---
 iptables/xtables-arp.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 18f285c..5ab0fb4 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -1145,6 +1145,13 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table)
 				   invert);
 			getlength_and_mask(argv[optind - 1], &fw.arp.arhln,
 					   &fw.arp.arhln_mask);
+
+			if (fw.arp.arhln != 6) {
+				xtables_error(PARAMETER_PROBLEM,
+					      "Only harware address length of"
+					      " 6 is supported currently.");
+			}
+
 			break;
 
 		case 8:/* protocol length */
-- 
1.8.4.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux