These masks are not used in nftables backend, but mangle extension
checks arhln_mask value to make sure --h-length was given (which is
implicitly the case).
Fixes: 5aecb2d8bfdda ("arptables: pre-init hlen and ethertype")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/xtables-arp.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 57e717fa901a1..4b663775c5bee 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -910,8 +910,12 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
{
struct iptables_command_state cs = {
.jumpto = "",
- .arp.arp.arhln = 6,
- .arp.arp.arhrd = htons(ARPHRD_ETHER),
+ .arp.arp = {
+ .arhln = 6,
+ .arhln_mask = 255,
+ .arhrd = htons(ARPHRD_ETHER),
+ .arhrd_mask = 65535,
+ },
};
int invert = 0;
unsigned int nsaddrs = 0, ndaddrs = 0;
--
2.20.1
