From be44720d8b80add13448a297c9c1b3716ca38e4f Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sat, 29 Jun 2013 15:07:29 +0200 Subject: [PATCH] Do not rely on ether_ntoa() when formatting mac addresses. The ether_ntoa() in libc does not include leading zeroes in the formatted address, this causes the address to not get recognized by iptables 1.4.10 which expects a fixed length for mac strings. --- iptables.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/iptables.c b/iptables.c index 7d91452..c323e45 100644 --- a/iptables.c +++ b/iptables.c @@ -746,11 +746,17 @@ fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r, void fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac) { + char buf[sizeof("ff:ff:ff:ff:ff:ff\0")]; + if (!mac) return; + sprintf(buf, "%02x:%02x:%02x:%02x:%02x:%02x", + mac->mac[0], mac->mac[1], mac->mac[2], + mac->mac[3], mac->mac[4], mac->mac[5]); + fw3_ipt_rule_addarg(r, false, "-m", "mac"); - fw3_ipt_rule_addarg(r, mac->invert, "--mac-source", ether_ntoa(&mac->mac)); + fw3_ipt_rule_addarg(r, mac->invert, "--mac-source", buf); } void -- 2.11.0