summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--iptables/nft-bridge.c35
-rw-r--r--iptables/xtables-eb.c55
2 files changed, 48 insertions, 42 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index c8605dc9..386da869 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -25,16 +25,45 @@
void ebt_cs_clean(struct iptables_command_state *cs)
{
struct ebt_match *m, *nm;
+ struct xtables_rule_match *matchp, *tmp;
- xtables_rule_matches_free(&cs->matches);
+ for (matchp = cs->matches; matchp;) {
+ tmp = matchp->next;
+
+ if (matchp->match == matchp->match->next) {
+ free(matchp->match);
+ matchp->match = NULL;
+ }
+ free(matchp);
+ matchp = tmp;
+ }
for (m = cs->match_list; m;) {
+ if (m->ismatch) {
+ struct xtables_match *match = m->u.match;
+
+ memset(match->m->data, 0,
+ match->m->u.match_size - sizeof(*match->m));
+ if (match->init)
+ match->init(match->m);
+ } else {
+ struct xtables_target *target = m->u.watcher;
+
+ memset(target->t->data, 0,
+ target->t->u.target_size - sizeof(*target->t));
+ if (target->init)
+ target->init(target->t);
+ }
+
nm = m->next;
- if (!m->ismatch)
- free(m->u.watcher->t);
free(m);
m = nm;
}
+
+ if (cs->target) {
+ if (cs->target->udata_size)
+ free(cs->target->udata);
+ }
}
/* 0: default, print only 2 digits if necessary
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index c5c98c33..ac3ecb8e 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -380,33 +380,22 @@ static struct option *merge_options(struct option *oldopts,
/*
* More glue code.
*/
-static struct xtables_target *command_jump(struct iptables_command_state *cs,
- const char *jumpto)
+static struct xtables_target *command_jump(const char *jumpto)
{
struct xtables_target *target;
- size_t size;
-
- /* XTF_TRY_LOAD (may be chain name) */
- target = xtables_find_target(jumpto, XTF_TRY_LOAD);
-
- if (!target)
- return NULL;
-
- size = XT_ALIGN(sizeof(struct xt_entry_target))
- + target->size;
-
- target->t = xtables_calloc(1, size);
- target->t->u.target_size = size;
- snprintf(target->t->u.user.name,
- sizeof(target->t->u.user.name), "%s", jumpto);
- target->t->u.user.name[sizeof(target->t->u.user.name)-1] = '\0';
- target->t->u.user.revision = target->revision;
+ unsigned int verdict;
- xs_init_target(target);
+ /* Standard target? */
+ if (!ebt_fill_target(jumpto, &verdict))
+ jumpto = "standard";
- opts = merge_options(opts, target->extra_opts, &target->option_offset);
- if (opts == NULL)
- xtables_error(OTHER_PROBLEM, "Can't alloc memory");
+ /* For ebtables, all targets are preloaded. Hence it is either in
+ * xtables_targets or a custom chain to jump to, in which case
+ * returning NULL is fine. */
+ for (target = xtables_targets; target; target = target->next) {
+ if (!strcmp(target->name, jumpto))
+ break;
+ }
return target;
}
@@ -668,6 +657,7 @@ void ebt_load_match_extensions(void)
ebt_load_target("dnat");
ebt_load_target("snat");
ebt_load_target("redirect");
+ ebt_load_target("standard");
}
void ebt_add_match(struct xtables_match *m,
@@ -787,20 +777,6 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
struct xtables_rule_match *xtrm_i;
struct ebt_match *match;
- if (nft_init(h, xtables_bridge) < 0)
- xtables_error(OTHER_PROBLEM,
- "Could not initialize nftables layer.");
-
- h->ops = nft_family_ops_lookup(h->family);
- if (h->ops == NULL)
- xtables_error(PARAMETER_PROBLEM, "Unknown family");
-
- /* manually registering ebt matches, given the original ebtables parser
- * don't use '-m matchname' and the match can't loaded dinamically when
- * the user calls it.
- */
- ebt_load_match_extensions();
-
/* clear mflags in case do_commandeb gets called a second time
* (we clear the global list of all matches for security)*/
for (m = xtables_matches; m; m = m->next)
@@ -1047,7 +1023,7 @@ print_zero:
} else if (c == 'j') {
ebt_check_option2(&flags, OPT_JUMP);
cs.jumpto = parse_target(optarg);
- cs.target = command_jump(&cs, cs.jumpto);
+ cs.target = command_jump(cs.jumpto);
break;
} else if (c == 's') {
ebt_check_option2(&flags, OPT_SOURCE);
@@ -1231,7 +1207,8 @@ print_zero:
/* Is it a watcher option? */
for (w = xtables_targets; w; w = w->next) {
- if (w->parse(c - w->option_offset, argv,
+ if (w->parse &&
+ w->parse(c - w->option_offset, argv,
ebt_invert, &w->tflags,
NULL, &w->t)) {
ebt_add_watcher(w, &cs);