Play a bit with valgrind I thought. This will be easy, I thought. So here's what this turned into: Patches 1-4 fix bugs in the previous series "iptables: introduce cache evaluation phase" and hence will get folded into respective commits before pushing upstream. I left those separate to ease reviews and provide some explanation in commit messages. Patch 5 reveals what happens if I'm too lazy to create test cases for use with valgrind but am not too lazy for shell scripting: In a "big hammer turns everything into a nail" style, I hacked tests/shell for memleak analysis. The remaining patches fix old code, mostly to get rid of reachable memory at zero-status program exit. This is not just cosmetics: Reducing noise in valgrind output does a great deal to emphasize real issues. Phil Sutter (15): nft: Free rule pointer in nft_cmd_free() nft: Add missing clear_cs() calls nft: Avoid use-after-free when rebuilding cache nft: Call nft_release_cache() in nft_fini() tests: shell: Implement --valgrind mode nft: cache: Re-establish cache consistency check nft: Clear all lists in nft_fini() nft: Fix leaks in ebt_add_policy_rule() nft: Fix leak when deleting rules ebtables: Free statically loaded extensions again libxtables: Introduce xtables_fini() nft: Use clear_cs() instead of open coding arptables: Fix leak in nft_arp_print_rule() nft: Fix leak when replacing a rule nft: Don't exit early after printing help texts configure.ac | 4 +-- include/xtables.h | 1 + iptables/ip6tables-standalone.c | 2 ++ iptables/iptables-restore.c | 14 ++++++--- iptables/iptables-save.c | 14 +++++++-- iptables/iptables-standalone.c | 2 ++ iptables/nft-arp.c | 3 ++ iptables/nft-bridge.c | 1 + iptables/nft-cache.c | 25 +++++++++++++--- iptables/nft-cmd.c | 9 +++++- iptables/nft-ipv4.c | 2 +- iptables/nft-ipv6.c | 2 +- iptables/nft-shared.c | 1 + iptables/nft.c | 37 ++++++++++++++++-------- iptables/nft.h | 5 ++-- iptables/tests/shell/run-tests.sh | 47 +++++++++++++++++++++++++++++++ iptables/xtables-arp-standalone.c | 1 + iptables/xtables-arp.c | 14 ++++----- iptables/xtables-eb-standalone.c | 2 +- iptables/xtables-eb.c | 20 ++++++++++++- iptables/xtables-monitor.c | 2 ++ iptables/xtables-restore.c | 4 ++- iptables/xtables-save.c | 1 + iptables/xtables-standalone.c | 1 + iptables/xtables-translate.c | 2 ++ iptables/xtables.c | 13 ++++----- libxtables/xtables.c | 44 ++++++++++++++++++++++++++++- 27 files changed, 224 insertions(+), 49 deletions(-) -- 2.25.1
