/* Take a snapshot of the rules. Returns NULL on error. */
iptc_handle_t iptc_init(const char *tablename);
+/* Cleanup after iptc_init(). */
+void iptc_free(iptc_handle_t *h);
+
/* Iterator functions to run through the chains. Returns NULL at end. */
const char *iptc_first_chain(iptc_handle_t *handle);
const char *iptc_next_chain(iptc_handle_t *handle);
* Rusty Russell <rusty@linuxcare.com.au>
* This code is distributed under the terms of GNU GPL v2
*
- * $Id: ip6tables-restore.c,v 1.10 2002/08/14 11:40:41 laforge Exp $
+ * $Id: ip6tables-restore.c,v 1.11 2003/03/05 07:46:15 laforge Exp $
*/
#include <getopt.h>
int main(int argc, char *argv[])
{
- ip6tc_handle_t handle;
+ ip6tc_handle_t handle = NULL;
char buffer[10240];
int c;
char curtable[IP6T_TABLE_MAXNAMELEN + 1];
}
strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
+ if (handle)
+ ip6tc_free(&handle);
+
handle = create_handle(table, modprobe);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
exit_error(OTHER_PROBLEM, "Binary NYI\n");
}
+ ip6tc_free(&h);
+
return 1;
}
const char *modprobe = NULL;
int proto_used = 0;
char icmp6p[] = "icmpv6";
+ int no_handle = 0;
memset(&fw, 0, sizeof(fw));
chain, IP6T_FUNCTION_MAXNAMELEN);
/* only allocate handle if we weren't called with a handle */
- if (!*handle)
+ if (!*handle) {
*handle = ip6tc_init(*table);
+ no_handle = 1;
+ }
if (!*handle) {
/* try to insmod the module if iptc_init failed */
if (verbose > 1)
dump_entries6(*handle);
+ if (no_handle)
+ ip6tc_free(handle);
+
return ret;
}
*
* This code is distributed under the terms of GNU GPL v2
*
- * $Id: iptables-restore.c,v 1.24 2003/03/03 08:08:37 laforge Exp $
+ * $Id: iptables-restore.c,v 1.25 2003/03/06 11:56:31 laforge Exp $
*/
#include <getopt.h>
int main(int argc, char *argv[])
{
- iptc_handle_t handle;
+ iptc_handle_t handle = NULL;
char buffer[10240];
int c;
char curtable[IPT_TABLE_MAXNAMELEN + 1];
}
strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
+ if (handle)
+ iptc_free(&handle);
+
handle = create_handle(table, modprobe);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
exit_error(OTHER_PROBLEM, "Binary NYI\n");
}
+ iptc_free(&h);
+
return 1;
}
char *protocol = NULL;
const char *modprobe = NULL;
int proto_used = 0;
+ int no_handle = 0;
memset(&fw, 0, sizeof(fw));
chain, IPT_FUNCTION_MAXNAMELEN);
/* only allocate handle if we weren't called with a handle */
- if (!*handle)
+ if (!*handle) {
*handle = iptc_init(*table);
+ no_handle = 1;
+ }
if (!*handle) {
/* try to insmod the module if iptc_init failed */
if (verbose > 1)
dump_entries(*handle);
+ if (no_handle)
+ iptc_free(handle);
+
return ret;
}
#define TC_SET_POLICY iptc_set_policy
#define TC_GET_RAW_SOCKET iptc_get_raw_socket
#define TC_INIT iptc_init
+#define TC_FREE iptc_free
#define TC_COMMIT iptc_commit
#define TC_STRERROR iptc_strerror
#define TC_SET_POLICY ip6tc_set_policy
#define TC_GET_RAW_SOCKET ip6tc_get_raw_socket
#define TC_INIT ip6tc_init
+#define TC_FREE ip6tc_free
#define TC_COMMIT ip6tc_commit
#define TC_STRERROR ip6tc_strerror
-/* Library which manipulates firewall rules. Version $Revision: 1.35 $ */
+/* Library which manipulates firewall rules. Version $Revision: 1.36 $ */
/* Architecture of firewall rules is as follows:
*
if (sockfd != -1)
close(sockfd);
+ if (strlen(tablename) >= TABLE_MAXNAMELEN) {
+ errno = EINVAL;
+ return NULL;
+ }
+
sockfd = socket(TC_AF, SOCK_RAW, IPPROTO_RAW);
if (sockfd < 0)
return NULL;
s = sizeof(info);
- if (strlen(tablename) >= TABLE_MAXNAMELEN) {
- errno = EINVAL;
- return NULL;
- }
+
strcpy(info.name, tablename);
if (getsockopt(sockfd, TC_IPPROTO, SO_GET_INFO, &info, &s) < 0)
return NULL;
if ((h = alloc_handle(info.name, info.size, info.num_entries))
- == NULL)
+ == NULL) {
+ close(sockfd);
return NULL;
+ }
/* Too hard --RR */
#if 0
if (getsockopt(sockfd, TC_IPPROTO, SO_GET_ENTRIES, &h->entries,
&tmp) < 0) {
+ close(sockfd);
free(h);
return NULL;
}
return h;
}
+void
+TC_FREE(TC_HANDLE_T *h)
+{
+ close(sockfd);
+ if ((*h)->cache_chain_heads)
+ free((*h)->cache_chain_heads);
+ free(*h);
+ *h = NULL;
+}
+
static inline int
print_match(const STRUCT_ENTRY_MATCH *m)
{
(*handle)->cache_chain_iteration++;
if ((*handle)->cache_chain_iteration - (*handle)->cache_chain_heads
- == (*handle)->cache_num_chains) {
- free((*handle)->cache_chain_heads);
+ == (*handle)->cache_num_chains)
return NULL;
- }
return (*handle)->cache_chain_iteration->name;
}
STRUCT_REPLACE *repl;
STRUCT_COUNTERS_INFO *newcounters;
unsigned int i;
- size_t counterlen
- = sizeof(STRUCT_COUNTERS_INFO)
- + sizeof(STRUCT_COUNTERS) * (*handle)->new_number;
+ size_t counterlen;
CHECK(*handle);
+
+ counterlen = sizeof(STRUCT_COUNTERS_INFO)
+ + sizeof(STRUCT_COUNTERS) * (*handle)->new_number;
+
#if 0
TC_DUMP_ENTRIES(*handle);
#endif
free(newcounters);
finished:
- if ((*handle)->cache_chain_heads)
- free((*handle)->cache_chain_heads);
- free(*handle);
- *handle = NULL;
+ TC_FREE(handle);
return 1;
}
projects / thirdparty / iptables.git / commitdiff
