summaryrefslogtreecommitdiffstats
path: root/iptables
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2020-05-05 19:36:13 +0200
committerPhil Sutter <phil@nwl.cc>2020-05-11 14:28:29 +0200
commit381b5569eb256e13346cff902d6ceed42cb441ad (patch)
tree8ee3df5933b5ca75799eb83376b9e0df690a4cc4 /iptables
parent7db4333dc0b6cd8e943fab78d6dab40ff9f4512e (diff)
nft: Use clear_cs() instead of open coding
In a few places, initialized struct iptables_command_state was not fully deinitialized. Change them to call nft_clear_iptables_command_state() which does it properly. Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
-rw-r--r--iptables/nft-ipv4.c2
-rw-r--r--iptables/nft-ipv6.c2
-rw-r--r--iptables/xtables-arp.c4
-rw-r--r--iptables/xtables.c6
4 files changed, 4 insertions, 10 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 70634f8f..69691fe2 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -288,7 +288,7 @@ static void nft_ipv4_print_rule(struct nft_handle *h, struct nftnl_rule *r,
if (!(format & FMT_NONEWLINE))
fputc('\n', stdout);
- xtables_rule_matches_free(&cs.matches);
+ nft_clear_iptables_command_state(&cs);
}
static void save_ipv4_addr(char letter, const struct in_addr *addr,
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index d01491bf..76f2613d 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -217,7 +217,7 @@ static void nft_ipv6_print_rule(struct nft_handle *h, struct nftnl_rule *r,
if (!(format & FMT_NONEWLINE))
fputc('\n', stdout);
- xtables_rule_matches_free(&cs.matches);
+ nft_clear_iptables_command_state(&cs);
}
static void save_ipv6_addr(char letter, const struct in6_addr *addr,
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index a0136059..e64938fb 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -1019,9 +1019,7 @@ int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table,
free(daddrs);
free(dmasks);
- if (cs.target)
- free(cs.target->t);
-
+ nft_clear_iptables_command_state(&cs);
xtables_free_opts(1);
/* if (verbose > 1)
diff --git a/iptables/xtables.c b/iptables/xtables.c
index c180af13..63a37ae8 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1138,11 +1138,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
*table = p.table;
- xtables_rule_matches_free(&cs.matches);
- if (cs.target) {
- free(cs.target->t);
- cs.target->t = NULL;
- }
+ nft_clear_iptables_command_state(&cs);
if (h->family == AF_INET) {
free(args.s.addr.v4);