xtables: Fix for matching rules with wildcard interfaces

Due to xtables_parse_interface() and parse_ifname() being misaligned regarding interface mask setting, rules containing a wildcard interface added with iptables-nft could neither be checked nor deleted. As suggested, introduce extensions/iptables.t to hold checks for built-in selectors. This file is picked up by iptables-test.py as-is. The only limitation is that iptables is being used for it, so no ip6tables-specific things can be tested with it (for now). Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2018-10-31 20:13:34 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-11-01 00:20:59 +0100
commit: 8c918db6a7afc171fb2baf9c20ec6385940d2bfc (patch)
tree: f1e73f88fee1c5d19c303964988058fa42e56ad3 /extensions
parent: b2fc2a368562d55fadad94d995247bb8cd7e68a3 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/extensions/iptables.t b/extensions/iptables.t
new file mode 100644
index 00000000..65456ee9
--- /dev/null
+++ b/extensions/iptables.t
@@ -0,0 +1,4 @@
+:FORWARD
+-i alongifacename0;=;OK
+-i thisinterfaceistoolong0;;FAIL
+-i eth+ -o alongifacename+;=;OK
author	Phil Sutter <phil@nwl.cc>	2018-10-31 20:13:34 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-11-01 00:20:59 +0100
commit	8c918db6a7afc171fb2baf9c20ec6385940d2bfc (patch)
tree	f1e73f88fee1c5d19c303964988058fa42e56ad3 /extensions
parent	b2fc2a368562d55fadad94d995247bb8cd7e68a3 (diff)