From 365647ef056828bc3cb56efef12114951fcb730d Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 25 Nov 2022 21:42:20 +0100 Subject: xtables: Introduce xtables_clear_iptables_command_state() This is nft_clear_iptables_command_state() but in a location reachable by legacy iptables, too. Changes callers in non-family-specific code to use clear_cs callback instead of directly calling it - ebtables still has a custom variant. Signed-off-by: Phil Sutter --- iptables/nft-arp.c | 4 ++-- iptables/nft-ipv4.c | 4 ++-- iptables/nft-ipv6.c | 4 ++-- iptables/nft-shared.c | 14 -------------- iptables/nft-shared.h | 1 - iptables/xshared.c | 17 +++++++++++++++++ iptables/xshared.h | 2 ++ iptables/xtables-translate.c | 2 +- iptables/xtables.c | 2 +- 9 files changed, 27 insertions(+), 23 deletions(-) diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 59f100af..d670cbe6 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -490,7 +490,7 @@ nft_arp_print_rule(struct nft_handle *h, struct nftnl_rule *r, if (!(format & FMT_NONEWLINE)) fputc('\n', stdout); - nft_clear_iptables_command_state(&cs); + xtables_clear_iptables_command_state(&cs); } static bool nft_arp_is_same(const struct iptables_command_state *cs_a, @@ -787,7 +787,7 @@ struct nft_family_ops nft_family_ops_arp = { }, .rule_to_cs = nft_rule_to_iptables_command_state, .init_cs = nft_arp_init_cs, - .clear_cs = nft_clear_iptables_command_state, + .clear_cs = xtables_clear_iptables_command_state, .parse_target = nft_ipv46_parse_target, .add_entry = nft_arp_add_entry, .delete_entry = nft_arp_delete_entry, diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 6c62dd46..42167351 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -247,7 +247,7 @@ static void nft_ipv4_print_rule(struct nft_handle *h, struct nftnl_rule *r, if (!(format & FMT_NONEWLINE)) fputc('\n', stdout); - nft_clear_iptables_command_state(&cs); + xtables_clear_iptables_command_state(&cs); } static void nft_ipv4_save_rule(const struct iptables_command_state *cs, @@ -454,7 +454,7 @@ struct nft_family_ops nft_family_ops_ipv4 = { }, .parse_target = nft_ipv46_parse_target, .rule_to_cs = nft_rule_to_iptables_command_state, - .clear_cs = nft_clear_iptables_command_state, + .clear_cs = xtables_clear_iptables_command_state, .xlate = nft_ipv4_xlate, .add_entry = nft_ipv4_add_entry, .delete_entry = nft_ipv4_delete_entry, diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c index 98c35afa..3a373b7e 100644 --- a/iptables/nft-ipv6.c +++ b/iptables/nft-ipv6.c @@ -211,7 +211,7 @@ static void nft_ipv6_print_rule(struct nft_handle *h, struct nftnl_rule *r, if (!(format & FMT_NONEWLINE)) fputc('\n', stdout); - nft_clear_iptables_command_state(&cs); + xtables_clear_iptables_command_state(&cs); } static void nft_ipv6_save_rule(const struct iptables_command_state *cs, @@ -423,7 +423,7 @@ struct nft_family_ops nft_family_ops_ipv6 = { }, .parse_target = nft_ipv46_parse_target, .rule_to_cs = nft_rule_to_iptables_command_state, - .clear_cs = nft_clear_iptables_command_state, + .clear_cs = xtables_clear_iptables_command_state, .xlate = nft_ipv6_xlate, .add_entry = nft_ipv6_add_entry, .delete_entry = nft_ipv6_delete_entry, diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 63d25198..f1503b6c 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -1293,20 +1293,6 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h, return ret; } -void nft_clear_iptables_command_state(struct iptables_command_state *cs) -{ - xtables_rule_matches_free(&cs->matches); - if (cs->target) { - free(cs->target->t); - cs->target->t = NULL; - - if (cs->target == cs->target->next) { - free(cs->target); - cs->target = NULL; - } - } -} - void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy) { const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME); diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index e2c3ac7b..07d39131 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -216,7 +216,6 @@ void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv); bool nft_rule_to_iptables_command_state(struct nft_handle *h, const struct nftnl_rule *r, struct iptables_command_state *cs); -void nft_clear_iptables_command_state(struct iptables_command_state *cs); void print_matches_and_target(struct iptables_command_state *cs, unsigned int format); void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy); diff --git a/iptables/xshared.c b/iptables/xshared.c index d400dc59..2a894c19 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -1356,6 +1356,23 @@ static const char *optstring_lookup(int family) return ""; } +void xtables_clear_iptables_command_state(struct iptables_command_state *cs) +{ + xtables_rule_matches_free(&cs->matches); + if (cs->target) { + free(cs->target->t); + cs->target->t = NULL; + + free(cs->target->udata); + cs->target->udata = NULL; + + if (cs->target == cs->target->next) { + free(cs->target); + cs->target = NULL; + } + } +} + void do_parse(int argc, char *argv[], struct xt_cmd_parse *p, struct iptables_command_state *cs, struct xtables_args *args) diff --git a/iptables/xshared.h b/iptables/xshared.h index bfae4b4e..0ed9f3c2 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -130,6 +130,8 @@ struct iptables_command_state { bool restore; }; +void xtables_clear_iptables_command_state(struct iptables_command_state *cs); + typedef int (*mainfunc_t)(int, char **); struct subcommand { diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index 6b71fcef..102973a6 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -334,7 +334,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[], exit(1); } - nft_clear_iptables_command_state(&cs); + h->ops->clear_cs(&cs); if (h->family == AF_INET) { free(args.s.addr.v4); diff --git a/iptables/xtables.c b/iptables/xtables.c index 70924176..22d6ea58 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -262,7 +262,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, *table = p.table; - nft_clear_iptables_command_state(&cs); + h->ops->clear_cs(&cs); free(args.s.addr.ptr); free(args.s.mask.ptr); -- cgit v1.2.3