summaryrefslogtreecommitdiffstats
path: root/src/xt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/xt.c')
-rw-r--r--src/xt.c43
1 files changed, 28 insertions, 15 deletions
diff --git a/src/xt.c b/src/xt.c
index 2405d3c3..f7bee216 100644
--- a/src/xt.c
+++ b/src/xt.c
@@ -7,9 +7,9 @@
* later) as published by the Free Software Foundation.
*/
-#include <stdlib.h>
+#include <nft.h>
+
#include <time.h>
-#include <string.h>
#include <net/if.h>
#include <getopt.h>
#include <ctype.h> /* for isspace */
@@ -56,9 +56,10 @@ void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx)
case NFT_XT_MATCH:
mt = xtables_find_match(stmt->xt.name, XTF_TRY_LOAD, NULL);
if (!mt) {
- fprintf(stderr, "XT match %s not found\n",
+ fprintf(octx->error_fp,
+ "# Warning: XT match %s not found\n",
stmt->xt.name);
- return;
+ break;
}
size = XT_ALIGN(sizeof(*m)) + stmt->xt.infolen;
@@ -77,15 +78,16 @@ void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx)
rc = mt->xlate(xl, &params);
}
- xfree(m);
+ free(m);
break;
case NFT_XT_WATCHER:
case NFT_XT_TARGET:
tg = xtables_find_target(stmt->xt.name, XTF_TRY_LOAD);
if (!tg) {
- fprintf(stderr, "XT target %s not found\n",
+ fprintf(octx->error_fp,
+ "# Warning: XT target %s not found\n",
stmt->xt.name);
- return;
+ break;
}
size = XT_ALIGN(sizeof(*t)) + stmt->xt.infolen;
@@ -106,24 +108,24 @@ void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx)
rc = tg->xlate(xl, &params);
}
- xfree(t);
+ free(t);
break;
}
if (rc == 1)
nft_print(octx, "%s", xt_xlate_get(xl));
xt_xlate_free(xl);
- xfree(entry);
+ free(entry);
#endif
if (!rc)
- nft_print(octx, "xt %s %s",
+ nft_print(octx, "xt %s \"%s\"",
typename[stmt->xt.type], stmt->xt.name);
}
void xt_stmt_destroy(struct stmt *stmt)
{
- xfree(stmt->xt.name);
- xfree(stmt->xt.info);
+ free_const(stmt->xt.name);
+ free(stmt->xt.info);
}
#ifdef HAVE_LIBXTABLES
@@ -346,7 +348,7 @@ err:
}
static struct option original_opts[] = {
- { NULL },
+ { },
};
static struct xtables_globals xt_nft_globals = {
@@ -358,7 +360,18 @@ static struct xtables_globals xt_nft_globals = {
void xt_init(void)
{
- /* Default to IPv4, but this changes in runtime */
- xtables_init_all(&xt_nft_globals, NFPROTO_IPV4);
+ static bool init_once;
+
+ if (!init_once) {
+ /* libxtables is full of global variables and cannot be used
+ * concurrently by multiple threads. Hence, it's fine that the
+ * "init_once" guard is not thread-safe either.
+ * Don't link against xtables if you want thread safety.
+ */
+ init_once = true;
+
+ /* Default to IPv4, but this changes in runtime */
+ xtables_init_all(&xt_nft_globals, NFPROTO_IPV4);
+ }
}
#endif