diff options
Diffstat (limited to 'iptables/nft-bridge.c')
-rw-r--r-- | iptables/nft-bridge.c | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index c8605dc9..386da869 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -25,16 +25,45 @@ void ebt_cs_clean(struct iptables_command_state *cs) { struct ebt_match *m, *nm; + struct xtables_rule_match *matchp, *tmp; - xtables_rule_matches_free(&cs->matches); + for (matchp = cs->matches; matchp;) { + tmp = matchp->next; + + if (matchp->match == matchp->match->next) { + free(matchp->match); + matchp->match = NULL; + } + free(matchp); + matchp = tmp; + } for (m = cs->match_list; m;) { + if (m->ismatch) { + struct xtables_match *match = m->u.match; + + memset(match->m->data, 0, + match->m->u.match_size - sizeof(*match->m)); + if (match->init) + match->init(match->m); + } else { + struct xtables_target *target = m->u.watcher; + + memset(target->t->data, 0, + target->t->u.target_size - sizeof(*target->t)); + if (target->init) + target->init(target->t); + } + nm = m->next; - if (!m->ismatch) - free(m->u.watcher->t); free(m); m = nm; } + + if (cs->target) { + if (cs->target->udata_size) + free(cs->target->udata); + } } /* 0: default, print only 2 digits if necessary |