From: Jo-Philipp Wich Date: Sat, 29 Jun 2013 13:07:29 +0000 (+0200) Subject: Do not rely on ether_ntoa() when formatting mac addresses. X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=be44720d8b80add13448a297c9c1b3716ca38e4f;p=oweals%2Ffirewall3.git Do not rely on ether_ntoa() when formatting mac addresses. The ether_ntoa() in libc does not include leading zeroes in the formatted address, this causes the address to not get recognized by iptables 1.4.10 which expects a fixed length for mac strings. --- diff --git a/iptables.c b/iptables.c index 7d91452..c323e45 100644 --- a/iptables.c +++ b/iptables.c @@ -746,11 +746,17 @@ fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r, void fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac) { + char buf[sizeof("ff:ff:ff:ff:ff:ff\0")]; + if (!mac) return; + sprintf(buf, "%02x:%02x:%02x:%02x:%02x:%02x", + mac->mac[0], mac->mac[1], mac->mac[2], + mac->mac[3], mac->mac[4], mac->mac[5]); + fw3_ipt_rule_addarg(r, false, "-m", "mac"); - fw3_ipt_rule_addarg(r, mac->invert, "--mac-source", ether_ntoa(&mac->mac)); + fw3_ipt_rule_addarg(r, mac->invert, "--mac-source", buf); } void