nft-arp: wrong condition in parse_payload
the current condition doesn't permit to parse ip addresses
when they should be. Obviously they are not printed.
arptables-compat -A INPUT -s 1.1.1.1 -i eth0 -j ACCEPT
arptables-compat -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
-j ACCEPT -i eth0
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 1af7202..3af1b4b 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -345,7 +345,7 @@
fw->arp.invflags |= ARPT_INV_ARPOP;
break;
default:
- if (!fw->arp.arhln)
+ if (fw->arp.arhln < 0)
break;
if (offset == sizeof(struct arphdr) + fw->arp.arhln) {