[iptables PATCH 10/15] ebtables: Free statically loaded extensions again

Phil Sutter <phil@xxxxxx> · Wed, 6 May 2020 19:33:26 +0200

All ebtables extensions are loaded upon program start as due to the lack
of '-m' parameters, loading on demand is not possible. Introduce
nft_fini_eb() to counteract nft_init_eb() and free dynamic memory in
matches and targets from there.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft.h                   |  1 +
 iptables/xtables-eb-standalone.c |  2 +-
 iptables/xtables-eb.c            | 17 +++++++++++++++++
 iptables/xtables-restore.c       |  2 +-
 4 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/iptables/nft.h b/iptables/nft.h
index aeacc608fcb9f..bd783231156b7 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -225,6 +225,7 @@ int nft_init_arp(struct nft_handle *h, const char *pname);
 int do_commandarp(struct nft_handle *h, int argc, char *argv[], char **table, bool restore);
 /* For xtables-eb.c */
 int nft_init_eb(struct nft_handle *h, const char *pname);
+void nft_fini_eb(struct nft_handle *h);
 int ebt_get_current_chain(const char *chain);
 int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table, bool restore);
 
diff --git a/iptables/xtables-eb-standalone.c b/iptables/xtables-eb-standalone.c
index ff74ddbb37334..181cf2d0cbe11 100644
--- a/iptables/xtables-eb-standalone.c
+++ b/iptables/xtables-eb-standalone.c
@@ -53,7 +53,7 @@ int xtables_eb_main(int argc, char *argv[])
 	if (ret)
 		ret = nft_bridge_commit(&h);
 
-	nft_fini(&h);
+	nft_fini_eb(&h);
 
 	if (!ret)
 		fprintf(stderr, "ebtables: %s\n", nft_strerror(errno));
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 07ed651370913..0df1345ae5cd3 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -752,6 +752,23 @@ int nft_init_eb(struct nft_handle *h, const char *pname)
 	return 0;
 }
 
+void nft_fini_eb(struct nft_handle *h)
+{
+	struct xtables_match *match;
+	struct xtables_target *target;
+
+	for (match = xtables_matches; match; match = match->next) {
+		free(match->m);
+	}
+	for (target = xtables_targets; target; target = target->next) {
+		free(target->t);
+	}
+
+	free(opts);
+
+	nft_fini(h);
+}
+
 int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
 		 bool restore)
 {
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 44eaf8ab6c483..f1ffcbe246217 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -446,7 +446,7 @@ int xtables_eb_restore_main(int argc, char *argv[])
 	nft_init_eb(&h, "ebtables-restore");
 	h.noflush = noflush;
 	xtables_restore_parse(&h, &p);
-	nft_fini(&h);
+	nft_fini_eb(&h);
 
 	return 0;
 }
-- 
2.25.1







