fix: use iifname for input interface name matches

add tests to cover nftables; also fix NewDetectLocalByBridgeInterface

pkg/proxy/util/localdetector.go

@@ -98,8 +98,8 @@ func NewDetectLocalByBridgeInterface(interfaceName string) LocalTrafficDetector
 	return &detectLocal{
 		ifLocal:       []string{"-i", interfaceName},
 		ifNotLocal:    []string{"!", "-i", interfaceName},
-		ifLocalNFT:    []string{"iif", interfaceName},
-		ifNotLocalNFT: []string{"iif", "!=", interfaceName},
+		ifLocalNFT:    []string{"iifname", interfaceName},
+		ifNotLocalNFT: []string{"iifname", "!=", interfaceName},
 	}
 }
 
@@ -110,7 +110,7 @@ func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) LocalTrafficDet
 	return &detectLocal{
 		ifLocal:       []string{"-i", interfacePrefix + "+"},
 		ifNotLocal:    []string{"!", "-i", interfacePrefix + "+"},
-		ifLocalNFT:    []string{"iif", interfacePrefix + "*"},
-		ifNotLocalNFT: []string{"iif", "!=", interfacePrefix + "*"},
+		ifLocalNFT:    []string{"iifname", interfacePrefix + "*"},
+		ifNotLocalNFT: []string{"iifname", "!=", interfacePrefix + "*"},
 	}
 }

pkg/proxy/util/localdetector_test.go

@@ -105,6 +105,37 @@ func TestDetectLocalByBridgeInterface(t *testing.T) {
 	}
 }
 
+func TestDetectLocalNFTByBridgeInterface(t *testing.T) {
+	cases := []struct {
+		ifaceName               string
+		expectedJumpIfOutput    []string
+		expectedJumpIfNotOutput []string
+	}{
+		{
+			ifaceName:               "eth0",
+			expectedJumpIfOutput:    []string{"iifname", "eth0"},
+			expectedJumpIfNotOutput: []string{"iifname", "!=", "eth0"},
+		},
+	}
+	for _, c := range cases {
+		localDetector := NewDetectLocalByBridgeInterface(c.ifaceName)
+		if !localDetector.IsImplemented() {
+			t.Error("DetectLocalByBridgeInterface returns false for IsImplemented")
+		}
+
+		ifLocal := localDetector.IfLocalNFT()
+		ifNotLocal := localDetector.IfNotLocalNFT()
+
+		if !reflect.DeepEqual(ifLocal, c.expectedJumpIfOutput) {
+			t.Errorf("IfLocalNFT, expected: '%v', but got: '%v'", c.expectedJumpIfOutput, ifLocal)
+		}
+
+		if !reflect.DeepEqual(ifNotLocal, c.expectedJumpIfNotOutput) {
+			t.Errorf("IfNotLocalNFT, expected: '%v', but got: '%v'", c.expectedJumpIfNotOutput, ifNotLocal)
+		}
+	}
+}
+
 func TestDetectLocalByInterfaceNamePrefix(t *testing.T) {
 	cases := []struct {
 		ifacePrefix             string
@@ -137,3 +168,36 @@ func TestDetectLocalByInterfaceNamePrefix(t *testing.T) {
 		}
 	}
 }
+
+func TestDetectLocalNFTByInterfaceNamePrefix(t *testing.T) {
+	cases := []struct {
+		ifacePrefix             string
+		chain                   string
+		args                    []string
+		expectedJumpIfOutput    []string
+		expectedJumpIfNotOutput []string
+	}{
+		{
+			ifacePrefix:             "eth",
+			expectedJumpIfOutput:    []string{"iifname", "eth*"},
+			expectedJumpIfNotOutput: []string{"iifname", "!=", "eth*"},
+		},
+	}
+	for _, c := range cases {
+		localDetector := NewDetectLocalByInterfaceNamePrefix(c.ifacePrefix)
+		if !localDetector.IsImplemented() {
+			t.Error("DetectLocalByInterfaceNamePrefix returns false for IsImplemented")
+		}
+
+		ifLocal := localDetector.IfLocalNFT()
+		ifNotLocal := localDetector.IfNotLocalNFT()
+
+		if !reflect.DeepEqual(ifLocal, c.expectedJumpIfOutput) {
+			t.Errorf("IfLocalNFT, expected: '%v', but got: '%v'", c.expectedJumpIfOutput, ifLocal)
+		}
+
+		if !reflect.DeepEqual(ifNotLocal, c.expectedJumpIfNotOutput) {
+			t.Errorf("IfNotLocalNFT, expected: '%v', but got: '%v'", c.expectedJumpIfNotOutput, ifNotLocal)
+		}
+	}
+}