From: Phil Sutter Date: Fri, 1 Feb 2019 16:06:18 +0000 (+0100) Subject: arptables-nft: Set h-type/h-length masks by default, too X-Git-Tag: v1.8.3~62 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a1da179b0ff3783badca352a42808f4398dd1a98;p=thirdparty%2Fiptables.git arptables-nft: Set h-type/h-length masks by default, too These masks are not used in nftables backend, but mangle extension checks arhln_mask value to make sure --h-length was given (which is implicitly the case). Fixes: 5aecb2d8bfdda ("arptables: pre-init hlen and ethertype") Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal --- diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c index 57e717fa..4b663775 100644 --- a/iptables/xtables-arp.c +++ b/iptables/xtables-arp.c @@ -910,8 +910,12 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, { struct iptables_command_state cs = { .jumpto = "", - .arp.arp.arhln = 6, - .arp.arp.arhrd = htons(ARPHRD_ETHER), + .arp.arp = { + .arhln = 6, + .arhln_mask = 255, + .arhrd = htons(ARPHRD_ETHER), + .arhrd_mask = 65535, + }, }; int invert = 0; unsigned int nsaddrs = 0, ndaddrs = 0;