diff mbox series

[iptables,v2,14/17] xtables: arptables accepts but ignores '-m'

Message ID 20210930140419.6170-15-phil@nwl.cc
State Changes Requested
Delegated to: Pablo Neira
Headers show
Series Eliminate dedicated arptables-nft parser | expand

Commit Message

Phil Sutter Sept. 30, 2021, 2:04 p.m. UTC 
Without this patch, arptables-nft would complain about an unknown
option.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/xtables-arp.c | 2 +-
 iptables/xtables.c     | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index cca19438a877e..212b5f1347206 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -89,7 +89,7 @@  static void printhelp(const struct xtables_rule_match *m);
 struct xtables_globals arptables_globals = {
 	.option_offset		= 0,
 	.program_version	= PACKAGE_VERSION,
-	.optstring		= OPTSTRING_COMMON "C:R:S::" "h::l:nv" /* "m:" */,
+	.optstring		= OPTSTRING_COMMON "C:R:S::" "h::l:m:nv",
 	.orig_opts		= original_opts,
 	.exit_err		= xtables_exit_error,
 	.compat_rev		= nft_compatible_revision,
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 5b5c875dc3a6c..b8c4e2737a96a 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -575,6 +575,8 @@  void do_parse(struct nft_handle *h, int argc, char *argv[],
 			break;
 
 		case 'm':
+			if (h->family == NFPROTO_ARP)
+				break;
 			command_match(cs, invert);
 			break;