From 8c918db6a7afc171fb2baf9c20ec6385940d2bfc Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 31 Oct 2018 20:13:34 +0100
Subject: xtables: Fix for matching rules with wildcard interfaces

Due to xtables_parse_interface() and parse_ifname() being misaligned
regarding interface mask setting, rules containing a wildcard interface
added with iptables-nft could neither be checked nor deleted.

As suggested, introduce extensions/iptables.t to hold checks for
built-in selectors. This file is picked up by iptables-test.py as-is.
The only limitation is that iptables is being used for it, so no
ip6tables-specific things can be tested with it (for now).

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 extensions/iptables.t | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 extensions/iptables.t

(limited to 'extensions/iptables.t')

diff --git a/extensions/iptables.t b/extensions/iptables.t
new file mode 100644
index 00000000..65456ee9
--- /dev/null
+++ b/extensions/iptables.t
@@ -0,0 +1,4 @@
+:FORWARD
+-i alongifacename0;=;OK
+-i thisinterfaceistoolong0;;FAIL
+-i eth+ -o alongifacename+;=;OK
-- 
cgit v1.2.3