| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
# nft -f - <<'EOF'
table inet filter {
chain INPUT {
iifname vmap {
"eth0" : jump input_lan,
"wg*" : jump input_vpn
}
}
chain input_lan {}
chain input_vpn {}
}
EOF
# nft list ruleset
nft: segtree.c:578: interval_map_decompose: Assertion `low->len / 8 > 0' failed.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1617
Fixes: 5e393ea1fc0a ("segtree: add string "range" reversal support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Refactor existing test case for simple interace name ranges
(without concatenations) to also cover "addr . ifname".
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
Add initial test case, sets with names and interfaces,
anonymous and named ones.
Check match+no-match.
netns with ppp1 and ppq veth, send packets via both interfaces.
Rule counters should have incremented on the three rules.
(that match on set that have "abcdef1" or "abcdef*" strings in them).
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|