From 11b9415fd63d245b1a3230aa4f7cd1e2b0639ddd Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 7 Oct 2025 17:51:32 +0200
Subject: [PATCH] mnl: Drop asterisk from end of NFTA_DEVICE_PREFIX strings

The asterisk left in place becomes part of the prefix by accident and is thus
both included when matching interface names as well as dumped back to user
space.

Fixes: c31e887504a90 ("mnl: Support simple wildcards in netdev hooks")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/mnl.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/mnl.c b/src/mnl.c
index bba34b73..ab4a7dbc 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -815,9 +815,16 @@ static bool is_wildcard_str(const char *str)
 
 static void mnl_nft_attr_put_ifname(struct nlmsghdr *nlh, const char *ifname)
 {
-	uint16_t attr = is_wildcard_str(ifname) ?
-			NFTA_DEVICE_PREFIX : NFTA_DEVICE_NAME;
+	uint16_t attr = NFTA_DEVICE_NAME;
+	char pfx[IFNAMSIZ];
 
+	if (is_wildcard_str(ifname)) {
+		snprintf(pfx, IFNAMSIZ, "%s", ifname);
+		pfx[strlen(pfx) - 1] = '\0';
+
+		attr = NFTA_DEVICE_PREFIX;
+		ifname = pfx;
+	}
 	mnl_attr_put_strz(nlh, attr, ifname);
 }
 
-- 
2.43.0