arptables: Fix conditional opcode/proto-type printing

The checks were wrong: nft_arp_init_cs() initializes masks to 65535, not
0. This went on unnoticed because nft_arp_add() does it right and
init_cs callback was not used in e.g. nft_arp_print_rule(). The last
patch adding init_cs() calls in potentially required spots exposed this
though.

Fixes: 84909d171585d ("xtables: bootstrap ARP compatibility layer for nftables")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 2784f12ae33a90cab11b0208809c14818121e30d..c73833270f0e8530eceec0124b0309d10668f191 100644 (file)
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -299,7 +299,8 @@ after_devdst:
                sep = " ";
        }
 
-       if (fw->arp.arpop_mask != 0) {
+       if (fw->arp.arpop_mask != 65535 || fw->arp.arpop != 0 ||
+           fw->arp.invflags & IPT_INV_ARPOP) {
                int tmp = ntohs(fw->arp.arpop);
 
                printf("%s%s", sep, fw->arp.invflags & IPT_INV_ARPOP
@@ -329,7 +330,8 @@ after_devdst:
                sep = " ";
        }
 
-       if (fw->arp.arpro_mask != 0) {
+       if (fw->arp.arpro_mask != 65535 || fw->arp.arpro != 0 ||
+           fw->arp.invflags & IPT_INV_PROTO) {
                int tmp = ntohs(fw->arp.arpro);
 
                printf("%s%s", sep, fw->arp.invflags & IPT_INV_PROTO