The wrong bit was set in 'invflags', probably due to copy'n'paste from the previous case. Fixes: 84909d171585d ("xtables: bootstrap ARP compatibility layer for nftables") Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/nft-arp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 8963573a72e9e..a8e49f442c6d7 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -244,7 +244,7 @@ static void nft_arp_parse_payload(struct nft_xt_ctx *ctx, fw->arp.arhln = ar_hln; fw->arp.arhln_mask = 0xff; if (inv) - fw->arp.invflags |= IPT_INV_ARPOP; + fw->arp.invflags |= IPT_INV_ARPHLN; break; case offsetof(struct arphdr, ar_pln): get_cmp_data(e, &ar_pln, sizeof(ar_pln), &inv); -- 2.40.0