When checking whether -s or -d was given, invflags were used by
accident. This change has no functional effect since the values remain
the same, but this way it's clear where the previously assigned flags
are used.
Fixes: 07f4ca9681688 ("xtables-compat: ebtables: allow checking for zero-mac")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft-bridge.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index d9a8ad2b0f373..772525e1b45a9 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -134,14 +134,14 @@ static int nft_bridge_add(struct nft_handle *h, struct nft_rule_ctx *ctx,
struct ebt_entry *fw = &cs->eb;
uint32_t op;
- if (fw->bitmask & EBT_ISOURCE) {
+ if (fw->bitmask & EBT_SOURCEMAC) {
op = nft_invflags2cmp(fw->invflags, EBT_ISOURCE);
add_addr(h, r, NFT_PAYLOAD_LL_HEADER,
offsetof(struct ethhdr, h_source),
fw->sourcemac, fw->sourcemsk, ETH_ALEN, op);
}
- if (fw->bitmask & EBT_IDEST) {
+ if (fw->bitmask & EBT_DESTMAC) {
op = nft_invflags2cmp(fw->invflags, EBT_IDEST);
add_addr(h, r, NFT_PAYLOAD_LL_HEADER,
offsetof(struct ethhdr, h_dest),
--
2.41.0
