On Thu, Dec 01, 2022 at 05:39:09PM +0100, Phil Sutter wrote: > Instead of dumping the ruleset with xtables-save and creating yet > another string comparison mess by searching the output, use --check > command to leverage iptables' internal rule comparison functionality > when checking that the nftables-created rule parses correctly as the > source of the translation (patch 2). > > There was a rub with the above, namely ebtables not supporting --check > in the first place. Gladly the implementation is pretty simple (patch > 1) with one caveat: '-C' itself is not available so add the long option > only. > > The remaining patches deal with translation details (mostly around > wildcard interface names) until generic.txlate finally passes the replay > test. > > Phil Sutter (7): > ebtables: Implement --check command > tests: xlate: Use --check to verify replay > nft: Fix for comparing ifname matches against nft-generated ones > nft: Fix match generator for '! -i +' > nft: Recognize INVAL/D interface name > xtables-translate: Fix for interfaces with asterisk mid-string > ebtables: Fix MAC address match translation Series applied.
