The rule parses correctly, but the (never matching) part is lost on
output.
Looks like a day-1 bug, make it fix the change after which it applies
cleanly.
Fixes: b2197e7834f77 ("xshared: Entirely ignore interface masks when saving rules")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
extensions/iptables.t | 2 ++
extensions/libarpt_standard.t | 2 ++
extensions/libebt_standard.t | 2 ++
iptables/xshared.c | 2 +-
4 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/extensions/iptables.t b/extensions/iptables.t
index 5d6d3d15cc5fd..2817c3fb8437f 100644
--- a/extensions/iptables.t
+++ b/extensions/iptables.t
@@ -4,6 +4,8 @@
-i eth+ -o alongifacename+;=;OK
! -i eth0;=;OK
! -o eth+;=;OK
+-i + -j ACCEPT;-j ACCEPT;OK
+! -i +;=;OK
-c "";;FAIL
-c ,3;;FAIL
-c 3,;;FAIL
diff --git a/extensions/libarpt_standard.t b/extensions/libarpt_standard.t
index 153540903f786..d6eaced3bd5e3 100644
--- a/extensions/libarpt_standard.t
+++ b/extensions/libarpt_standard.t
@@ -9,6 +9,8 @@
-j ACCEPT ! -i lo;=;OK
-i ppp+;=;OK
! -i ppp+;=;OK
+-i + -j ACCEPT;-j ACCEPT;OK
+! -i +;=;OK
-i lo --destination-mac 11:22:33:44:55:66;-i lo --dst-mac 11:22:33:44:55:66;OK
--source-mac Unicast;--src-mac 00:00:00:00:00:00/01:00:00:00:00:00;OK
! --src-mac Multicast;! --src-mac 01:00:00:00:00:00/01:00:00:00:00:00;OK
diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t
index 3f1a459cb9814..4cf1f4cfa3ae5 100644
--- a/extensions/libebt_standard.t
+++ b/extensions/libebt_standard.t
@@ -17,8 +17,10 @@
--logical-out br1;=;FAIL
-i + -d 00:0f:ee:d0:ba:be;-d 00:0f:ee:d0:ba:be;OK
-i + -p ip;-p IPv4;OK
+! -i +;=;OK
--logical-in + -d 00:0f:ee:d0:ba:be;-d 00:0f:ee:d0:ba:be;OK
--logical-in + -p ip;-p IPv4;OK
+! --logical-in +;=;OK
:FORWARD
-i foobar;=;OK
-o foobar;=;OK
diff --git a/iptables/xshared.c b/iptables/xshared.c
index b1997ea35f8f8..8c7df3c986eed 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -759,7 +759,7 @@ void print_ifaces(const char *iniface, const char *outiface, uint8_t invflags,
void save_iface(char letter, const char *iface, int invert)
{
- if (!strlen(iface) || !strcmp(iface, "+"))
+ if (!strlen(iface) || (!strcmp(iface, "+") && !invert))
return;
printf("%s -%c %s", invert ? " !" : "", letter, iface);
--
2.43.0
