Due to xtables_parse_interface() and parse_ifname() being misaligned
regarding interface mask setting, rules containing a wildcard interface
added with iptables-nft could neither be checked nor deleted.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft-shared.c | 2 +-
.../shell/testcases/nft-only/0004wildcard-iface_0 | 12 ++++++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
create mode 100755 iptables/tests/shell/testcases/nft-only/0004wildcard-iface_0
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 492e4ec124a79..7b8ca5e4becaf 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -249,7 +249,7 @@ static void parse_ifname(const char *name, unsigned int len, char *dst, unsigned
return;
dst[len++] = 0;
if (mask)
- memset(mask, 0xff, len + 1);
+ memset(mask, 0xff, len - 2);
}
int parse_meta(struct nftnl_expr *e, uint8_t key, char *iniface,
diff --git a/iptables/tests/shell/testcases/nft-only/0004wildcard-iface_0 b/iptables/tests/shell/testcases/nft-only/0004wildcard-iface_0
new file mode 100755
index 0000000000000..b7c398ecbb29c
--- /dev/null
+++ b/iptables/tests/shell/testcases/nft-only/0004wildcard-iface_0
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Make sure rules containing wildcard interfaces are found again.
+
+set -e
+
+[[ $XT_MULTI == */xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
+
+lname='alongifacename+'
+$XT_MULTI iptables -A FORWARD -i eth+ -o $lname -j ACCEPT
+$XT_MULTI iptables -C FORWARD -i eth+ -o $lname -j ACCEPT
+$XT_MULTI iptables -D FORWARD -i eth+ -o $lname -j ACCEPT
--
2.19.0
