arptables: Fix parsing of inverted 'arp operation' match

The wrong bit was set in 'invflags', probably due to copy'n'paste from
the previous case.

Fixes: 84909d171585d ("xtables: bootstrap ARP compatibility layer for nftables")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 8963573a72e9edc974b3c79e77845f6ba5d903f5..a8e49f442c6d7414a9aef07a9574550ce4bfd3c5 100644 (file)
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -244,7 +244,7 @@ static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
                fw->arp.arhln = ar_hln;
                fw->arp.arhln_mask = 0xff;
                if (inv)
-                       fw->arp.invflags |= IPT_INV_ARPOP;
+                       fw->arp.invflags |= IPT_INV_ARPHLN;
                break;
        case offsetof(struct arphdr, ar_pln):
                get_cmp_data(e, &ar_pln, sizeof(ar_pln), &inv);