From 869e38fcdecda3de35d999b75fbaacc750fe3aaa Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 5 May 2020 13:45:06 +0200 Subject: ebtables: Free statically loaded extensions again All ebtables extensions are loaded upon program start as due to the lack of '-m' parameters, loading on demand is not possible. Introduce nft_fini_eb() to counteract nft_init_eb() and free dynamic memory in matches and targets from there. Signed-off-by: Phil Sutter --- iptables/nft.h | 1 + iptables/xtables-eb-standalone.c | 2 +- iptables/xtables-eb.c | 17 +++++++++++++++++ iptables/xtables-restore.c | 2 +- 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/iptables/nft.h b/iptables/nft.h index aeacc608..bd783231 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -225,6 +225,7 @@ int nft_init_arp(struct nft_handle *h, const char *pname); int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, bool restore); /* For xtables-eb.c */ int nft_init_eb(struct nft_handle *h, const char *pname); +void nft_fini_eb(struct nft_handle *h); int ebt_get_current_chain(const char *chain); int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, bool restore); diff --git a/iptables/xtables-eb-standalone.c b/iptables/xtables-eb-standalone.c index ff74ddbb..181cf2d0 100644 --- a/iptables/xtables-eb-standalone.c +++ b/iptables/xtables-eb-standalone.c @@ -53,7 +53,7 @@ int xtables_eb_main(int argc, char *argv[]) if (ret) ret = nft_bridge_commit(&h); - nft_fini(&h); + nft_fini_eb(&h); if (!ret) fprintf(stderr, "ebtables: %s\n", nft_strerror(errno)); diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c index 07ed6513..0df1345a 100644 --- a/iptables/xtables-eb.c +++ b/iptables/xtables-eb.c @@ -752,6 +752,23 @@ int nft_init_eb(struct nft_handle *h, const char *pname) return 0; } +void nft_fini_eb(struct nft_handle *h) +{ + struct xtables_match *match; + struct xtables_target *target; + + for (match = xtables_matches; match; match = match->next) { + free(match->m); + } + for (target = xtables_targets; target; target = target->next) { + free(target->t); + } + + free(opts); + + nft_fini(h); +} + int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, bool restore) { diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 418a7400..0d6fd642 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -448,7 +448,7 @@ int xtables_eb_restore_main(int argc, char *argv[]) nft_init_eb(&h, "ebtables-restore"); h.noflush = noflush; xtables_restore_parse(&h, &p); - nft_fini(&h); + nft_fini_eb(&h); return 0; } -- cgit v1.2.3