On Wed, Sep 06, 2023 at 07:07:51PM +0200, Phil Sutter wrote:
> A relict of legacy iptables' mandatory matching on interfaces and IP
> addresses is support for the '-i +' notation, basically a "match any
> input interface". Trying to make things better than its predecessor,
> iptables-nft boldly optimizes that nop away - not entirely though, the
> meta expression loading the interface name was left in place. While not
> a problem (apart from pointless overhead) in current HEAD, v1.8.7 would
> trip over this as a following cmp expression (for another match) was
> incorrectly linked to that stale meta expression, loading strange values
> into the respective interface name field.
>
> While being at it, merge and generalize the functions into a common one
> for use with ebtables' NFT_META_BRI_(I|O)IFNAME matches, too.
>
> Fixes: 0a8635183edd0 ("xtables-compat: ignore '+' interface name")
> Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1702
> Signed-off-by: Phil Sutter <phil@xxxxxx>
Patch applied.
