nft: Fix for useless meta expressions in rule

A relict of legacy iptables' mandatory matching on interfaces and IP
addresses is support for the '-i +' notation, basically a "match any
input interface". Trying to make things better than its predecessor,
iptables-nft boldly optimizes that nop away - not entirely though, the
meta expression loading the interface name was left in place. While not
a problem (apart from pointless overhead) in current HEAD, v1.8.7 would
trip over this as a following cmp expression (for another match) was
incorrectly linked to that stale meta expression, loading strange values
into the respective interface name field.

While being at it, merge and generalize the functions into a common one
for use with ebtables' NFT_META_BRI_(I|O)IFNAME matches, too.

Fixes: 0a8635183edd0 ("xtables-compat: ignore '+' interface name")
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1702
Signed-off-by: Phil Sutter <phil@nwl.cc>

0 files changed, 0 insertions, 0 deletions