summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--iptables/nft.c10
-rw-r--r--iptables/xtables-restore.c8
-rw-r--r--iptables/xtables.c2
3 files changed, 16 insertions, 4 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index fee91bc7..76e45466 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -147,7 +147,8 @@ static void mnl_nftnl_batch_reset(void)
list_for_each_entry_safe(batch_page, next, &batch_page_list, head) {
list_del(&batch_page->head);
- free(batch_page->batch);
+ free(mnl_nlmsg_batch_head(batch_page->batch));
+ mnl_nlmsg_batch_stop(batch_page->batch);
free(batch_page);
batch_num_pages--;
}
@@ -2536,8 +2537,8 @@ static void xtables_config_perror(uint32_t flags, const char *fmt, ...)
int nft_xtables_config_load(struct nft_handle *h, const char *filename,
uint32_t flags)
{
- struct nftnl_table_list *table_list = nftnl_table_list_alloc();
- struct nftnl_chain_list *chain_list = nftnl_chain_list_alloc();
+ struct nftnl_table_list *table_list = NULL;
+ struct nftnl_chain_list *chain_list = NULL;
struct nftnl_table_list_iter *titer = NULL;
struct nftnl_chain_list_iter *citer = NULL;
struct nftnl_table *table;
@@ -2548,6 +2549,9 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
if (h->restore)
return 0;
+ table_list = nftnl_table_list_alloc();
+ chain_list = nftnl_chain_list_alloc();
+
if (xtables_config_parse(filename, table_list, chain_list) < 0) {
if (errno == ENOENT) {
xtables_config_perror(flags,
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 7e243152..fc39ad9c 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -180,8 +180,10 @@ static void chain_delete(struct nftnl_chain_list *clist, const char *curtable,
/* This chain has been found, delete from list. Later
* on, unvisited chains will be purged out.
*/
- if (chain_obj != NULL)
+ if (chain_obj != NULL) {
nftnl_chain_list_del(chain_obj);
+ nftnl_chain_free(chain_obj);
+ }
}
struct nft_xt_restore_cb restore_cb = {
@@ -433,6 +435,9 @@ void xtables_restore_parse(struct nft_handle *h,
xt_params->program_name, line + 1);
exit(1);
}
+
+ if (chain_list)
+ nftnl_chain_list_free(chain_list);
}
static int
@@ -525,6 +530,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
xtables_restore_parse(&h, &p, &restore_cb, argc, argv);
+ nft_fini(&h);
fclose(p.in);
return 0;
}
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 286866f7..ac113254 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1281,6 +1281,8 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
*table = p.table;
xtables_rule_matches_free(&cs.matches);
+ if (cs.target)
+ free(cs.target->t);
if (h->family == AF_INET) {
free(args.s.addr.v4);