On Mon, Dec 09, 2019 at 12:31:55AM +0100, Florian Westphal wrote:
> Eric Dumazet <edumazet@xxxxxxxxxx> wrote:
[...]
> > nf_bridge_pull_encap_header(skb);
> > }
> >
> > + if (unlikely(!pskb_may_pull(skb, sizeof(struct arphdr))))
> > + return NF_DROP;
> > +
> > if (arp_hdr(skb)->ar_pln != 4) {
>
> Thats indeed the only location where we call NFPROTO_ARP hooks,
> so this looks like the proper fix/location.
Applied, thanks Eric, and thanks Florian for reviewing.
