path: root/iptables
diff options
authorPhil Sutter <>2018-10-31 20:13:34 +0100
committerPablo Neira Ayuso <>2018-11-01 00:20:59 +0100
commit8c918db6a7afc171fb2baf9c20ec6385940d2bfc (patch)
treef1e73f88fee1c5d19c303964988058fa42e56ad3 /iptables
parentb2fc2a368562d55fadad94d995247bb8cd7e68a3 (diff)
xtables: Fix for matching rules with wildcard interfaces
Due to xtables_parse_interface() and parse_ifname() being misaligned regarding interface mask setting, rules containing a wildcard interface added with iptables-nft could neither be checked nor deleted. As suggested, introduce extensions/iptables.t to hold checks for built-in selectors. This file is picked up by as-is. The only limitation is that iptables is being used for it, so no ip6tables-specific things can be tested with it (for now). Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables')
1 files changed, 1 insertions, 1 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 492e4ec1..7b8ca5e4 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -249,7 +249,7 @@ static void parse_ifname(const char *name, unsigned int len, char *dst, unsigned
dst[len++] = 0;
if (mask)
- memset(mask, 0xff, len + 1);
+ memset(mask, 0xff, len - 2);
int parse_meta(struct nftnl_expr *e, uint8_t key, char *iniface,