the current condition doesn't permit to parse ip addresses
when they should be.
Obviously they are not printed.
arptables-compat -A INPUT -s 1.1.1.1 -i eth0 -j ACCEPT
arptables-compat -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
-j ACCEPT -i eth0
Signed-off-by: Giuseppe Longo <giuseppelng@xxxxxxxxx>
---
iptables/nft-arp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 1af7202..3af1b4b 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -345,7 +345,7 @@ static void nft_arp_parse_payload(struct nft_rule_expr_iter *iter,
fw->arp.invflags |= ARPT_INV_ARPOP;
break;
default:
- if (!fw->arp.arhln)
+ if (fw->arp.arhln < 0)
break;
if (offset == sizeof(struct arphdr) + fw->arp.arhln) {
--
1.8.3.2
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
