diff options
author | Phil Sutter <phil@nwl.cc> | 2018-08-02 17:05:11 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-08-04 14:12:47 +0200 |
commit | 82d278c19f8f187e78c90c91834018b16c007098 (patch) | |
tree | 8089b7928f33a409e7404b75cd7cb83346e5791a | |
parent | c2895eaf7a9d604c4aa10848ad46cdde48a00357 (diff) |
xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs
Chains in NFT_COMPAT_CHAIN_ADD usually have to be freed because they are
not added to the cache.
There is one exception though, namely when zeroing counters:
nft_chain_zero_counters() adds a chain object it took from chain cache.
To distinguish this situation from the others, introduce
NFT_COMPAT_CHAIN_ZERO batch object type, which is treated just like
NFT_COMPAT_CHAIN_ADD but batch_obj_del() does not free it's chain.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | iptables/nft.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 26df1287..327c19ad 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -246,6 +246,7 @@ enum obj_update_type { NFT_COMPAT_CHAIN_USER_FLUSH, NFT_COMPAT_CHAIN_UPDATE, NFT_COMPAT_CHAIN_RENAME, + NFT_COMPAT_CHAIN_ZERO, NFT_COMPAT_RULE_APPEND, NFT_COMPAT_RULE_INSERT, NFT_COMPAT_RULE_REPLACE, @@ -310,6 +311,7 @@ static int mnl_append_error(const struct nft_handle *h, nftnl_table_get_str(o->table, NFTNL_TABLE_NAME)); break; case NFT_COMPAT_CHAIN_ADD: + case NFT_COMPAT_CHAIN_ZERO: case NFT_COMPAT_CHAIN_USER_ADD: case NFT_COMPAT_CHAIN_USER_DEL: case NFT_COMPAT_CHAIN_USER_FLUSH: @@ -2445,9 +2447,10 @@ static void batch_obj_del(struct nft_handle *h, struct obj_update *o) case NFT_COMPAT_TABLE_FLUSH: nftnl_table_free(o->table); break; - case NFT_COMPAT_CHAIN_ADD: + case NFT_COMPAT_CHAIN_ZERO: case NFT_COMPAT_CHAIN_USER_ADD: break; + case NFT_COMPAT_CHAIN_ADD: case NFT_COMPAT_CHAIN_USER_DEL: case NFT_COMPAT_CHAIN_USER_FLUSH: case NFT_COMPAT_CHAIN_UPDATE: @@ -2496,6 +2499,7 @@ static int nft_action(struct nft_handle *h, int action) n->seq, n->table); break; case NFT_COMPAT_CHAIN_ADD: + case NFT_COMPAT_CHAIN_ZERO: nft_compat_chain_batch_add(h, NFT_MSG_NEWCHAIN, NLM_F_CREATE, n->seq, n->chain); @@ -2881,7 +2885,7 @@ int nft_chain_zero_counters(struct nft_handle *h, const char *chain, nftnl_chain_unset(c, NFTNL_CHAIN_HANDLE); - ret = batch_chain_add(h, NFT_COMPAT_CHAIN_ADD, c); + ret = batch_chain_add(h, NFT_COMPAT_CHAIN_ZERO, c); if (chain != NULL) break; |