From ecc75ca5e90a5c4325187bb949c8466015ed118a Mon Sep 17 00:00:00 2001 From: Packit Service Date: Jan 28 2021 16:14:55 +0000 Subject: Apply patch 0011-xtables-translate-Fix-for-iface.patch patch_name: 0011-xtables-translate-Fix-for-iface.patch present_in_specfile: true location_in_specfile: 11 --- diff --git a/extensions/generic.txlate b/extensions/generic.txlate index c92d082..0e256c3 100644 --- a/extensions/generic.txlate +++ b/extensions/generic.txlate @@ -23,6 +23,10 @@ nft insert rule bridge filter INPUT ether type 0x800 ether daddr 01:02:03:04:00: iptables-translate -A FORWARD -i '*' -o 'eth*foo' nft add rule ip filter FORWARD iifname "\*" oifname "eth\*foo" counter +# escape all asterisks but translate only the first plus character +iptables-translate -A FORWARD -i 'eth*foo*+' -o 'eth++' +nft add rule ip filter FORWARD iifname "eth\*foo\**" oifname "eth+*" counter + # skip for always matching interface names iptables-translate -A FORWARD -i '+' nft add rule ip filter FORWARD counter diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index c4e177c..0f95855 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -40,9 +40,6 @@ void xlate_ifname(struct xt_xlate *xl, const char *nftmeta, const char *ifname, for (i = 0, j = 0; i < ifaclen + 1; i++, j++) { switch (ifname[i]) { - case '+': - iface[j] = '*'; - break; case '*': iface[j++] = '\\'; /* fall through */ @@ -65,6 +62,9 @@ void xlate_ifname(struct xt_xlate *xl, const char *nftmeta, const char *ifname, invert = false; } + if (iface[j - 2] == '+') + iface[j - 2] = '*'; + xt_xlate_add(xl, "%s %s\"%s\" ", nftmeta, invert ? "!= " : "", iface); }