From 0d08b555e809d9b6ecf788a2fca3d20e8e8f7039 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Wed, 16 Feb 2022 22:08:01 +0300
Subject: [PATCH] nftables: quote interface names in ifname sets

---
 common/base.sh | 8 ++++++++
 common/nft.sh  | 6 +++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/common/base.sh b/common/base.sh
index d7277c6..557de90 100644
--- a/common/base.sh
+++ b/common/base.sh
@@ -83,6 +83,14 @@ make_comma_list()
 	shift
 	make_separator_list $var , '' "$@"
 }
+make_quoted_comma_list()
+{
+	# $1 - var name to receive result
+	# $2,$3,... - elements
+	local var="$1"
+	shift
+	make_separator_list $var , '"' "$@"
+}
 unique()
 {
 	local i
diff --git a/common/nft.sh b/common/nft.sh
index 879f3e9..8841aad 100644
--- a/common/nft.sh
+++ b/common/nft.sh
@@ -101,7 +101,7 @@ nft_create_or_update_flowtable()
 	# can be called multiple times to add interfaces. interfaces can only be added , not removed
 	local flags=$1 devices
 	shift
-	make_comma_list devices "$@"
+	make_quoted_comma_list devices "$@"
 	[ -n "$devices" ] && devices="devices={$devices};"
 	[ -n "$flags" ] && flags="flags $flags;"
 	nft add flowtable inet $ZAPRET_NFT_TABLE ft "{ hook ingress priority -1; $flags $devices }"
@@ -172,7 +172,7 @@ nft_hw_offload_supported()
 {
 	# $1,$2,... - interface names
 	local devices res=1
-	make_comma_list devices "$@"
+	make_quoted_comma_list devices "$@"
 	[ -n "$devices" ] && devices="devices={$devices};"
 	nft add table ${ZAPRET_NFT_TABLE}_test && nft add flowtable ${ZAPRET_NFT_TABLE}_test ft "{ flags offload; $devices }" 2>/dev/null && res=0
 	nft delete table ${ZAPRET_NFT_TABLE}_test 2>/dev/null
@@ -235,7 +235,7 @@ nft_script_add_ifset_element()
 	# $2 - space separated elements
 	local elements
 	[ -n "$2" ] && {
-		make_separator_list elements ' ' '"' $2
+		make_quoted_comma_list elements $2
 		script="${script}
 add element inet $ZAPRET_NFT_TABLE $1 { $elements }"
 	}