summaryrefslogtreecommitdiffstats
path: root/iptables/nft-bridge.c
diff options
context:
space:
mode:
Diffstat (limited to 'iptables/nft-bridge.c')
-rw-r--r--iptables/nft-bridge.c35
1 files changed, 32 insertions, 3 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index c8605dc9..386da869 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -25,16 +25,45 @@
void ebt_cs_clean(struct iptables_command_state *cs)
{
struct ebt_match *m, *nm;
+ struct xtables_rule_match *matchp, *tmp;
- xtables_rule_matches_free(&cs->matches);
+ for (matchp = cs->matches; matchp;) {
+ tmp = matchp->next;
+
+ if (matchp->match == matchp->match->next) {
+ free(matchp->match);
+ matchp->match = NULL;
+ }
+ free(matchp);
+ matchp = tmp;
+ }
for (m = cs->match_list; m;) {
+ if (m->ismatch) {
+ struct xtables_match *match = m->u.match;
+
+ memset(match->m->data, 0,
+ match->m->u.match_size - sizeof(*match->m));
+ if (match->init)
+ match->init(match->m);
+ } else {
+ struct xtables_target *target = m->u.watcher;
+
+ memset(target->t->data, 0,
+ target->t->u.target_size - sizeof(*target->t));
+ if (target->init)
+ target->init(target->t);
+ }
+
nm = m->next;
- if (!m->ismatch)
- free(m->u.watcher->t);
free(m);
m = nm;
}
+
+ if (cs->target) {
+ if (cs->target->udata_size)
+ free(cs->target->udata);
+ }
}
/* 0: default, print only 2 digits if necessary