commit 2c678e1954f95dd3d0ca3d88279f96a26f3a726b
author Giuseppe Longo <giuseppelng@gmail.com> Fri Mar 07 15:21:10 2014 +0100
committer Pablo Neira Ayuso <pablo@netfilter.org> Fri Mar 07 18:31:16 2014 +0100
tree 3281738b240183088789b13d24bb3ec0b0d6e895
parent b88c6bddcd1e6c28cf0b5169746c34dc3bdd9a31

nft-arp: wrong condition in parse_payload

the current condition doesn't permit to parse ip addresses
when they should be. Obviously they are not printed.

arptables-compat -A INPUT -s 1.1.1.1 -i eth0 -j ACCEPT
arptables-compat -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
-j ACCEPT -i eth0

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

iptables/nft-arp.c

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 1af7202..3af1b4b 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -345,7 +345,7 @@
 			fw->arp.invflags |= ARPT_INV_ARPOP;
 		break;
 	default:
-		if (!fw->arp.arhln)
+		if (fw->arp.arhln < 0)
 			break;
 
 		if (offset == sizeof(struct arphdr) + fw->arp.arhln) {