Hi Tomasz, On Fri, Jul 19, 2013 at 03:28:34PM +0300, Tomasz Bursztyka wrote: > Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@xxxxxxxxxxxxxxx> > --- > iptables/nft-shared.c | 10 ++++------ > 1 file changed, 4 insertions(+), 6 deletions(-) > > diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c > index c0ee4c8..5762952 100644 > --- a/iptables/nft-shared.c > +++ b/iptables/nft-shared.c > @@ -226,18 +226,16 @@ void parse_meta(struct nft_rule_expr *e, uint8_t key, char *iniface, > if (nft_rule_expr_get_u8(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ) > *invflags |= IPT_INV_VIA_IN; > > - if_indextoname(value, iniface); > - > - memset(iniface_mask, 0xff, strlen(iniface)+1); > + if (if_indextoname(value, iniface) != NULL) > + memset(iniface_mask, 0xff, strlen(iniface)+1); We have to convert iptables-nftables to use NFT_META_IIFNAME instead of NFT_META_IIF to make it behave like iptables. This was somewhere in my list of pending things. Would you have a look at that? Thanks. > break; > case NFT_META_OIF: > value = nft_rule_expr_get_u32(e, NFT_EXPR_CMP_DATA); > if (nft_rule_expr_get_u8(e, NFT_EXPR_CMP_OP) == NFT_CMP_NEQ) > *invflags |= IPT_INV_VIA_OUT; > > - if_indextoname(value, outiface); > - > - memset(outiface_mask, 0xff, strlen(outiface)+1); > + if (if_indextoname(value, outiface) != NULL) > + memset(outiface_mask, 0xff, strlen(outiface)+1); > break; > case NFT_META_IIFNAME: > ifname = nft_rule_expr_get(e, NFT_EXPR_CMP_DATA, &len); > -- > 1.8.3.2 > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
