iptables/0016-arptables-Don-t-omit-standard-matches-if-inverted.patch
Phil Sutter 5463f77d3b iptables-1.8.9-4
- Backport fixes from upstream
2023-05-24 13:03:08 +02:00

43 lines
1.5 KiB
Diff

From a900100d6d4be7c52e4cfd1ab06ce3ac626d71a1 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 28 Apr 2023 14:37:47 +0200
Subject: [PATCH] arptables: Don't omit standard matches if inverted
Inverted --h-len and --h-type matches were omitted from output by
accident if they matched on their standard value.
Fixes: 84331e3ed3f8e ("arptables-nft: Don't print default h-len/h-type values")
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit 79f93b0943fa0e46ba29bb476362634509eb594e)
---
iptables/nft-arp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 8fae5adc50216..df3ad430cf701 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -408,7 +408,8 @@ static void nft_arp_print_rule_details(const struct iptables_command_state *cs,
after_devdst:
- if (fw->arp.arhln_mask != 255 || fw->arp.arhln != 6) {
+ if (fw->arp.arhln_mask != 255 || fw->arp.arhln != 6 ||
+ fw->arp.invflags & IPT_INV_ARPHLN) {
printf("%s%s", sep, fw->arp.invflags & IPT_INV_ARPHLN
? "! " : "");
printf("--h-length %d", fw->arp.arhln);
@@ -432,7 +433,8 @@ static void nft_arp_print_rule_details(const struct iptables_command_state *cs,
sep = " ";
}
- if (fw->arp.arhrd_mask != 65535 || fw->arp.arhrd != htons(1)) {
+ if (fw->arp.arhrd_mask != 65535 || fw->arp.arhrd != htons(1) ||
+ fw->arp.invflags & IPT_INV_ARPHRD) {
uint16_t tmp = ntohs(fw->arp.arhrd);
printf("%s%s", sep, fw->arp.invflags & IPT_INV_ARPHRD
--
2.40.0