From 4572ecb1f222ec63f0d5669d0924d2cf1e879290 Mon Sep 17 00:00:00 2001 From: Jeremy Sowden Date: Fri, 1 Oct 2021 18:41:39 +0100 Subject: [PATCH] extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases The `iptables-save` includes an extra space between `--nflog-prefix` and the prefix. The maximum length of prefixes includes the trailing NUL character. NFLOG silently truncates prefixes which exceed the maximum length. Signed-off-by: Jeremy Sowden Signed-off-by: Florian Westphal (cherry picked from commit f0d02998883d2efcb316cd6f524e2f7b3c4d055b) --- extensions/libxt_NFLOG.t | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/extensions/libxt_NFLOG.t b/extensions/libxt_NFLOG.t index 933fa22160e59..69b0255a891b1 100644 --- a/extensions/libxt_NFLOG.t +++ b/extensions/libxt_NFLOG.t @@ -12,10 +12,8 @@ -j NFLOG --nflog-size 4294967295;=;OK -j NFLOG --nflog-size 4294967296;;FAIL -j NFLOG --nflog-size -1;;FAIL -# ERROR: cannot find: iptables -I INPUT -j NFLOG --nflog-prefix xxxxxx [...] -# -j NFLOG --nflog-prefix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;=;OK -# ERROR: should fail: iptables -A INPUT -j NFLOG --nflog-prefix xxxxxxx [...] -# -j NFLOG --nflog-prefix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;;FAIL +-j NFLOG --nflog-prefix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;=;OK +-j NFLOG --nflog-prefix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;-j NFLOG --nflog-prefix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;OK -j NFLOG --nflog-threshold 1;=;OK # ERROR: line 13 (should fail: iptables -A INPUT -j NFLOG --nflog-threshold 0 # -j NFLOG --nflog-threshold 0;;FAIL -- 2.40.0