From: Phil Sutter <phil@nwl.cc>
Date: Sat, 27 Jul 2024 13:08:08 +0000 (+0200)
Subject: nft: Add potentially missing init_cs calls
X-Git-Tag: v1.8.11~41
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0b2e2f38d6c5c373373ab35157b406280b86b503;p=thirdparty%2Fiptables.git

nft: Add potentially missing init_cs calls

The callback is there for arptables only, so other family specific code
does not need it. Not calling it from family-agnostic code is wrong
though, as is ignoring it in arptables-specific code.

Fixes: cfdda18044d81 ("nft-shared: Introduce init_cs family ops callback")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 5d66e271..2784f12a 100644
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -356,6 +356,8 @@ nft_arp_save_rule(const struct iptables_command_state *cs, unsigned int format)
 	printf("\n");
 }
 
+static void nft_arp_init_cs(struct iptables_command_state *cs);
+
 static void
 nft_arp_print_rule(struct nft_handle *h, struct nftnl_rule *r,
 		   unsigned int num, unsigned int format)
@@ -365,6 +367,7 @@ nft_arp_print_rule(struct nft_handle *h, struct nftnl_rule *r,
 	if (format & FMT_LINENUMBERS)
 		printf("%u ", num);
 
+	nft_arp_init_cs(&cs);
 	nft_rule_to_iptables_command_state(h, r, &cs);
 
 	nft_arp_print_rule_details(&cs, format);
diff --git a/iptables/nft.c b/iptables/nft.c
index 243b794f..8b180318 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1797,6 +1797,8 @@ nft_rule_print_save(struct nft_handle *h, const struct nftnl_rule *r,
 	struct nft_family_ops *ops = h->ops;
 	bool ret;
 
+	if (ops->init_cs)
+		ops->init_cs(&cs);
 	ret = ops->rule_to_cs(h, r, &cs);
 
 	if (!(format & (FMT_NOCOUNTS | FMT_C_COUNTS)))
@@ -2395,6 +2397,11 @@ static bool nft_rule_cmp(struct nft_handle *h, struct nftnl_rule *r,
 	struct iptables_command_state _cs = {}, this = {}, *cs = &_cs;
 	bool ret = false, ret_this, ret_that;
 
+	if (h->ops->init_cs) {
+		h->ops->init_cs(&this);
+		h->ops->init_cs(cs);
+	}
+
 	ret_this = h->ops->rule_to_cs(h, r, &this);
 	ret_that = h->ops->rule_to_cs(h, rule, cs);
 
@@ -2679,6 +2686,8 @@ static int nft_rule_change_counters(struct nft_handle *h, const char *table,
 		(unsigned long long)
 		nftnl_rule_get_u64(r, NFTNL_RULE_HANDLE));
 
+	if (h->ops->init_cs)
+		h->ops->init_cs(&cs);
 	h->ops->rule_to_cs(h, r, &cs);
 
 	if (counter_op & CTR_OP_INC_PKTS)
@@ -2976,6 +2985,8 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain,
 		goto error;
 	}
 
+	if (h->ops->init_cs)
+		h->ops->init_cs(&cs);
 	h->ops->rule_to_cs(h, r, &cs);
 	cs.counters.pcnt = cs.counters.bcnt = 0;
 	new_rule = nft_rule_new(h, &ctx, chain, table, &cs);