Do not rely on ether_ntoa() when formatting mac addresses.

The ether_ntoa() in libc does not include leading zeroes in the formatted
address, this causes the address to not get recognized by iptables 1.4.10
which expects a fixed length for mac strings.

diff --git a/iptables.c b/iptables.c
index 7d91452..c323e45 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -746,11 +746,17 @@ fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
 void
 fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac)
 {
+       char buf[sizeof("ff:ff:ff:ff:ff:ff\0")];
+
        if (!mac)
                return;
 
+       sprintf(buf, "%02x:%02x:%02x:%02x:%02x:%02x",
+               mac->mac[0], mac->mac[1], mac->mac[2],
+               mac->mac[3], mac->mac[4], mac->mac[5]);
+
        fw3_ipt_rule_addarg(r, false, "-m", "mac");
-       fw3_ipt_rule_addarg(r, mac->invert, "--mac-source", ether_ntoa(&mac->mac));
+       fw3_ipt_rule_addarg(r, mac->invert, "--mac-source", buf);
 }
 
 void