Due to xtables_parse_interface() and parse_ifname() being misaligned regarding interface mask setting, rules containing a wildcard interface added with iptables-nft could neither be checked nor deleted. As suggested, introduce extensions/iptables.t to hold checks for built-in selectors. This file is picked up by iptables-test.py as-is. The only limitation is that iptables is being used for it, so no ip6tables-specific things can be tested with it (for now). Signed-off-by: Phil Sutter <phil@xxxxxx> --- Changes since v1: - Introduce extensions/iptables.t instead of (yet another) script in iptables/tests. --- extensions/iptables.t | 4 ++++ iptables/nft-shared.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 extensions/iptables.t diff --git a/extensions/iptables.t b/extensions/iptables.t new file mode 100644 index 0000000000000..65456ee9874d7 --- /dev/null +++ b/extensions/iptables.t @@ -0,0 +1,4 @@ +:FORWARD +-i alongifacename0;=;OK +-i thisinterfaceistoolong0;;FAIL +-i eth+ -o alongifacename+;=;OK diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 492e4ec124a79..7b8ca5e4becaf 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -249,7 +249,7 @@ static void parse_ifname(const char *name, unsigned int len, char *dst, unsigned return; dst[len++] = 0; if (mask) - memset(mask, 0xff, len + 1); + memset(mask, 0xff, len - 2); } int parse_meta(struct nftnl_expr *e, uint8_t key, char *iniface, -- 2.19.0