diff options
author | Phil Sutter <phil@nwl.cc> | 2020-05-05 13:45:06 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-05-11 14:28:29 +0200 |
commit | 869e38fcdecda3de35d999b75fbaacc750fe3aaa (patch) | |
tree | 92b75bb9cd845582f447d34f2bb5e5ab14860de3 | |
parent | bbf0db5057fd39c793ab88efd7daa1fa4347cec2 (diff) |
ebtables: Free statically loaded extensions again
All ebtables extensions are loaded upon program start as due to the lack
of '-m' parameters, loading on demand is not possible. Introduce
nft_fini_eb() to counteract nft_init_eb() and free dynamic memory in
matches and targets from there.
Signed-off-by: Phil Sutter <phil@nwl.cc>
-rw-r--r-- | iptables/nft.h | 1 | ||||
-rw-r--r-- | iptables/xtables-eb-standalone.c | 2 | ||||
-rw-r--r-- | iptables/xtables-eb.c | 17 | ||||
-rw-r--r-- | iptables/xtables-restore.c | 2 |
4 files changed, 20 insertions, 2 deletions
diff --git a/iptables/nft.h b/iptables/nft.h index aeacc608..bd783231 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -225,6 +225,7 @@ int nft_init_arp(struct nft_handle *h, const char *pname); int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, bool restore); /* For xtables-eb.c */ int nft_init_eb(struct nft_handle *h, const char *pname); +void nft_fini_eb(struct nft_handle *h); int ebt_get_current_chain(const char *chain); int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, bool restore); diff --git a/iptables/xtables-eb-standalone.c b/iptables/xtables-eb-standalone.c index ff74ddbb..181cf2d0 100644 --- a/iptables/xtables-eb-standalone.c +++ b/iptables/xtables-eb-standalone.c @@ -53,7 +53,7 @@ int xtables_eb_main(int argc, char *argv[]) if (ret) ret = nft_bridge_commit(&h); - nft_fini(&h); + nft_fini_eb(&h); if (!ret) fprintf(stderr, "ebtables: %s\n", nft_strerror(errno)); diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index 07ed6513..0df1345a 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -752,6 +752,23 @@ int nft_init_eb(struct nft_handle *h, const char *pname) return 0; } +void nft_fini_eb(struct nft_handle *h) +{ + struct xtables_match *match; + struct xtables_target *target; + + for (match = xtables_matches; match; match = match->next) { + free(match->m); + } + for (target = xtables_targets; target; target = target->next) { + free(target->t); + } + + free(opts); + + nft_fini(h); +} + int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, bool restore) { diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 418a7400..0d6fd642 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -448,7 +448,7 @@ int xtables_eb_restore_main(int argc, char *argv[]) nft_init_eb(&h, "ebtables-restore"); h.noflush = noflush; xtables_restore_parse(&h, &p); - nft_fini(&h); + nft_fini_eb(&h); return 0; } |