nft: make nft_init self-contained

nft_init() should rollback all changes it made during init
when something goes wrong, callers should NOT call nft_fini()
on error.

Note that this change is irrelevant at the moment, all users
call exit() on failure.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/iptables/nft.c b/iptables/nft.c
index b3d9646d5d7c4b63dfd3848a7bfd1292a2140573..fa01e241503cf07a5c2bad95eca5460b7f5f02f6 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -767,8 +767,10 @@ int nft_init(struct nft_handle *h, struct builtin_table *t)
        if (h->nl == NULL)
                return -1;
 
-       if (mnl_socket_bind(h->nl, 0, MNL_SOCKET_AUTOPID) < 0)
+       if (mnl_socket_bind(h->nl, 0, MNL_SOCKET_AUTOPID) < 0) {
+               mnl_socket_close(h->nl);
                return -1;
+       }
 
        h->portid = mnl_socket_get_portid(h->nl);
        h->tables = t;

diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index 139c477fea8d1e8320d2ccf93a40f06aeeb2cf23..1a28c5480629f5ad2d0292bc224c9e55a579d085 100644 (file)
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -66,7 +66,6 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
                                xtables_globals.program_name,
                                xtables_globals.program_version,
                                strerror(errno));
-               nft_fini(&h);
                exit(EXIT_FAILURE);
        }