From: Phil Sutter <phil@nwl.cc>
Date: Fri, 28 Apr 2023 12:33:43 +0000 (+0200)
Subject: arptables: Fix parsing of inverted 'arp operation' match
X-Git-Tag: v1.8.10~61
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=092e4b022152addc94524e2ba0cb608dac1a3a08;p=thirdparty%2Fiptables.git

arptables: Fix parsing of inverted 'arp operation' match

The wrong bit was set in 'invflags', probably due to copy'n'paste from
the previous case.

Fixes: 84909d171585d ("xtables: bootstrap ARP compatibility layer for nftables")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 8963573a..a8e49f44 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -244,7 +244,7 @@ static void nft_arp_parse_payload(struct nft_xt_ctx *ctx,
 		fw->arp.arhln = ar_hln;
 		fw->arp.arhln_mask = 0xff;
 		if (inv)
-			fw->arp.invflags |= IPT_INV_ARPOP;
+			fw->arp.invflags |= IPT_INV_ARPHLN;
 		break;
 	case offsetof(struct arphdr, ar_pln):
 		get_cmp_data(e, &ar_pln, sizeof(ar_pln), &inv);