xtables: Introduce xtables_clear_iptables_command_state()

This is nft_clear_iptables_command_state() but in a location reachable
by legacy iptables, too.

Changes callers in non-family-specific code to use clear_cs callback
instead of directly calling it - ebtables still has a custom variant.

Signed-off-by: Phil Sutter <phil@nwl.cc>

9 files changed, 27 insertions, 23 deletions

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 59f100af..d670cbe6 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -490,7 +490,7 @@ nft_arp_print_rule(struct nft_handle *h, struct nftnl_rule *r,
 	if (!(format & FMT_NONEWLINE))
 		fputc('\n', stdout);
 
-	nft_clear_iptables_command_state(&cs);
+	xtables_clear_iptables_command_state(&cs);
 }
 
 static bool nft_arp_is_same(const struct iptables_command_state *cs_a,
@@ -787,7 +787,7 @@ struct nft_family_ops nft_family_ops_arp = {
 	},
 	.rule_to_cs		= nft_rule_to_iptables_command_state,
 	.init_cs		= nft_arp_init_cs,
-	.clear_cs		= nft_clear_iptables_command_state,
+	.clear_cs		= xtables_clear_iptables_command_state,
 	.parse_target		= nft_ipv46_parse_target,
 	.add_entry		= nft_arp_add_entry,
 	.delete_entry		= nft_arp_delete_entry,
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 6c62dd46..42167351 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -247,7 +247,7 @@ static void nft_ipv4_print_rule(struct nft_handle *h, struct nftnl_rule *r,
 	if (!(format & FMT_NONEWLINE))
 		fputc('\n', stdout);
 
-	nft_clear_iptables_command_state(&cs);
+	xtables_clear_iptables_command_state(&cs);
 }
 
 static void nft_ipv4_save_rule(const struct iptables_command_state *cs,
@@ -454,7 +454,7 @@ struct nft_family_ops nft_family_ops_ipv4 = {
 	},
 	.parse_target		= nft_ipv46_parse_target,
 	.rule_to_cs		= nft_rule_to_iptables_command_state,
-	.clear_cs		= nft_clear_iptables_command_state,
+	.clear_cs		= xtables_clear_iptables_command_state,
 	.xlate			= nft_ipv4_xlate,
 	.add_entry		= nft_ipv4_add_entry,
 	.delete_entry		= nft_ipv4_delete_entry,
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 98c35afa..3a373b7e 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -211,7 +211,7 @@ static void nft_ipv6_print_rule(struct nft_handle *h, struct nftnl_rule *r,
 	if (!(format & FMT_NONEWLINE))
 		fputc('\n', stdout);
 
-	nft_clear_iptables_command_state(&cs);
+	xtables_clear_iptables_command_state(&cs);
 }
 
 static void nft_ipv6_save_rule(const struct iptables_command_state *cs,
@@ -423,7 +423,7 @@ struct nft_family_ops nft_family_ops_ipv6 = {
 	},
 	.parse_target		= nft_ipv46_parse_target,
 	.rule_to_cs		= nft_rule_to_iptables_command_state,
-	.clear_cs		= nft_clear_iptables_command_state,
+	.clear_cs		= xtables_clear_iptables_command_state,
 	.xlate			= nft_ipv6_xlate,
 	.add_entry		= nft_ipv6_add_entry,
 	.delete_entry		= nft_ipv6_delete_entry,
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 63d25198..f1503b6c 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -1293,20 +1293,6 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h,
 	return ret;
 }
 
-void nft_clear_iptables_command_state(struct iptables_command_state *cs)
-{
-	xtables_rule_matches_free(&cs->matches);
-	if (cs->target) {
-		free(cs->target->t);
-		cs->target->t = NULL;
-
-		if (cs->target == cs->target->next) {
-			free(cs->target);
-			cs->target = NULL;
-		}
-	}
-}
-
 void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy)
 {
 	const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index e2c3ac7b..07d39131 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -216,7 +216,6 @@ void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv);
 bool nft_rule_to_iptables_command_state(struct nft_handle *h,
 					const struct nftnl_rule *r,
 					struct iptables_command_state *cs);
-void nft_clear_iptables_command_state(struct iptables_command_state *cs);
 void print_matches_and_target(struct iptables_command_state *cs,
 			      unsigned int format);
 void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy);
diff --git a/iptables/xshared.c b/iptables/xshared.c
index d400dc59..2a894c19 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1356,6 +1356,23 @@ static const char *optstring_lookup(int family)
 	return "";
 }
 
+void xtables_clear_iptables_command_state(struct iptables_command_state *cs)
+{
+	xtables_rule_matches_free(&cs->matches);
+	if (cs->target) {
+		free(cs->target->t);
+		cs->target->t = NULL;
+
+		free(cs->target->udata);
+		cs->target->udata = NULL;
+
+		if (cs->target == cs->target->next) {
+			free(cs->target);
+			cs->target = NULL;
+		}
+	}
+}
+
 void do_parse(int argc, char *argv[],
 	      struct xt_cmd_parse *p, struct iptables_command_state *cs,
 	      struct xtables_args *args)
diff --git a/iptables/xshared.h b/iptables/xshared.h
index bfae4b4e..0ed9f3c2 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -130,6 +130,8 @@ struct iptables_command_state {
 	bool restore;
 };
 
+void xtables_clear_iptables_command_state(struct iptables_command_state *cs);
+
 typedef int (*mainfunc_t)(int, char **);
 
 struct subcommand {
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 6b71fcef..102973a6 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -334,7 +334,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
 		exit(1);
 	}
 
-	nft_clear_iptables_command_state(&cs);
+	h->ops->clear_cs(&cs);
 
 	if (h->family == AF_INET) {
 		free(args.s.addr.v4);
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 70924176..22d6ea58 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -262,7 +262,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
 
 	*table = p.table;
 
-	nft_clear_iptables_command_state(&cs);
+	h->ops->clear_cs(&cs);
 
 	free(args.s.addr.ptr);
 	free(args.s.mask.ptr);