nft-bridge: fix printing of inverted protocols, addresses

Previous to this patch, no '!' is printed in payload comparisions.
This patch solves it, so we can print for example inverted protocols:

 % ebtables-compat -L
[...]
-p ! 0x800 -j ACCEPT

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 0e21b468a32dff20df62d67ace4137394df26348..3ed6239847613aa64147778a4cb2331167e4c1cc 100644 (file)
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -268,15 +268,21 @@ static void nft_bridge_parse_payload(struct nft_xt_ctx *ctx,
                get_cmp_data(e, addr, sizeof(addr), &inv);
                for (i = 0; i < ETH_ALEN; i++)
                        fw->destmac[i] = addr[i];
+               if (inv)
+                       fw->invflags |= EBT_IDEST;
                break;
        case offsetof(struct ethhdr, h_source):
                get_cmp_data(e, addr, sizeof(addr), &inv);
                for (i = 0; i < ETH_ALEN; i++)
                        fw->sourcemac[i] = addr[i];
+               if (inv)
+                       fw->invflags |= EBT_ISOURCE;
                break;
        case offsetof(struct ethhdr, h_proto):
                get_cmp_data(e, &ethproto, sizeof(ethproto), &inv);
                fw->ethproto = ethproto;
+               if (inv)
+                       fw->invflags |= EBT_IPROTO;
                break;
        }
 }