xtables: Introduce xtables_clear_iptables_command_state()

This is nft_clear_iptables_command_state() but in a location reachable
by legacy iptables, too.

Changes callers in non-family-specific code to use clear_cs callback
instead of directly calling it - ebtables still has a custom variant.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 59f100af2a6b91b66cf17f57681a809de9368ffa..d670cbe629fe4104d3e8dfa5d82b43e1f399c6be 100644 (file)
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -490,7 +490,7 @@ nft_arp_print_rule(struct nft_handle *h, struct nftnl_rule *r,
        if (!(format & FMT_NONEWLINE))
                fputc('\n', stdout);
 
-       nft_clear_iptables_command_state(&cs);
+       xtables_clear_iptables_command_state(&cs);
 }
 
 static bool nft_arp_is_same(const struct iptables_command_state *cs_a,
@@ -787,7 +787,7 @@ struct nft_family_ops nft_family_ops_arp = {
        },
        .rule_to_cs             = nft_rule_to_iptables_command_state,
        .init_cs                = nft_arp_init_cs,
-       .clear_cs               = nft_clear_iptables_command_state,
+       .clear_cs               = xtables_clear_iptables_command_state,
        .parse_target           = nft_ipv46_parse_target,
        .add_entry              = nft_arp_add_entry,
        .delete_entry           = nft_arp_delete_entry,

diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 6c62dd46dddacdf3d050083aa780d7922e51a7b4..42167351710e6af658872c1e5a7eb5313c01a08a 100644 (file)
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -247,7 +247,7 @@ static void nft_ipv4_print_rule(struct nft_handle *h, struct nftnl_rule *r,
        if (!(format & FMT_NONEWLINE))
                fputc('\n', stdout);
 
-       nft_clear_iptables_command_state(&cs);
+       xtables_clear_iptables_command_state(&cs);
 }
 
 static void nft_ipv4_save_rule(const struct iptables_command_state *cs,
@@ -454,7 +454,7 @@ struct nft_family_ops nft_family_ops_ipv4 = {
        },
        .parse_target           = nft_ipv46_parse_target,
        .rule_to_cs             = nft_rule_to_iptables_command_state,
-       .clear_cs               = nft_clear_iptables_command_state,
+       .clear_cs               = xtables_clear_iptables_command_state,
        .xlate                  = nft_ipv4_xlate,
        .add_entry              = nft_ipv4_add_entry,
        .delete_entry           = nft_ipv4_delete_entry,

diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 98c35afa67ad901e34975edb616079aab6c7834c..3a373b7eb2cfe23872b8a111a0108ebc0b8616df 100644 (file)
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -211,7 +211,7 @@ static void nft_ipv6_print_rule(struct nft_handle *h, struct nftnl_rule *r,
        if (!(format & FMT_NONEWLINE))
                fputc('\n', stdout);
 
-       nft_clear_iptables_command_state(&cs);
+       xtables_clear_iptables_command_state(&cs);
 }
 
 static void nft_ipv6_save_rule(const struct iptables_command_state *cs,
@@ -423,7 +423,7 @@ struct nft_family_ops nft_family_ops_ipv6 = {
        },
        .parse_target           = nft_ipv46_parse_target,
        .rule_to_cs             = nft_rule_to_iptables_command_state,
-       .clear_cs               = nft_clear_iptables_command_state,
+       .clear_cs               = xtables_clear_iptables_command_state,
        .xlate                  = nft_ipv6_xlate,
        .add_entry              = nft_ipv6_add_entry,
        .delete_entry           = nft_ipv6_delete_entry,

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 63d251986f65b1236d414fd900bff948aa4f88be..f1503b6ce0cbc16e9c1ff481007e97e2e2ac06cf 100644 (file)
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -1293,20 +1293,6 @@ bool nft_rule_to_iptables_command_state(struct nft_handle *h,
        return ret;
 }
 
-void nft_clear_iptables_command_state(struct iptables_command_state *cs)
-{
-       xtables_rule_matches_free(&cs->matches);
-       if (cs->target) {
-               free(cs->target->t);
-               cs->target->t = NULL;
-
-               if (cs->target == cs->target->next) {
-                       free(cs->target);
-                       cs->target = NULL;
-               }
-       }
-}
-
 void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy)
 {
        const char *chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);

diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index e2c3ac7b0cc5c084f22bc16a5cb406d1e1ec39ea..07d39131cb0d6eda38410fd0bde67dfd0411672d 100644 (file)
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -216,7 +216,6 @@ void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv);
 bool nft_rule_to_iptables_command_state(struct nft_handle *h,
                                        const struct nftnl_rule *r,
                                        struct iptables_command_state *cs);
-void nft_clear_iptables_command_state(struct iptables_command_state *cs);
 void print_matches_and_target(struct iptables_command_state *cs,
                              unsigned int format);
 void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy);

diff --git a/iptables/xshared.c b/iptables/xshared.c
index d400dc595ea992887e4b037d249c9ef00de79dea..2a894c19a011d06d0c0ecd0d6c09806d2d533769 100644 (file)
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1356,6 +1356,23 @@ static const char *optstring_lookup(int family)
        return "";
 }
 
+void xtables_clear_iptables_command_state(struct iptables_command_state *cs)
+{
+       xtables_rule_matches_free(&cs->matches);
+       if (cs->target) {
+               free(cs->target->t);
+               cs->target->t = NULL;
+
+               free(cs->target->udata);
+               cs->target->udata = NULL;
+
+               if (cs->target == cs->target->next) {
+                       free(cs->target);
+                       cs->target = NULL;
+               }
+       }
+}
+
 void do_parse(int argc, char *argv[],
              struct xt_cmd_parse *p, struct iptables_command_state *cs,
              struct xtables_args *args)

diff --git a/iptables/xshared.h b/iptables/xshared.h
index bfae4b4e1b5d365de1147e5643d83a2b579899e0..0ed9f3c29c6004e4585c111c2ea342ba709f9d8d 100644 (file)
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -130,6 +130,8 @@ struct iptables_command_state {
        bool restore;
 };
 
+void xtables_clear_iptables_command_state(struct iptables_command_state *cs);
+
 typedef int (*mainfunc_t)(int, char **);
 
 struct subcommand {

diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 6b71fcef74b9c3c25d1f0d77b4d60b4f6ca39156..102973a6240a761f1551911306fdb9a7b6487148 100644 (file)
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -334,7 +334,7 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
                exit(1);
        }
 
-       nft_clear_iptables_command_state(&cs);
+       h->ops->clear_cs(&cs);
 
        if (h->family == AF_INET) {
                free(args.s.addr.v4);

diff --git a/iptables/xtables.c b/iptables/xtables.c
index 70924176df8c19a7c0baebf0d896c303a44ca5b2..22d6ea58376fc0d0e0db6acc850aa712c1858abb 100644 (file)
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -262,7 +262,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
 
        *table = p.table;
 
-       nft_clear_iptables_command_state(&cs);
+       h->ops->clear_cs(&cs);
 
        free(args.s.addr.ptr);
        free(args.s.mask.ptr);