[PATCH] xtables-standalone: call nft

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] xtables-standalone: call nft_fini in the error path
@ 2013-12-02 10:43 Ana Rey
  2013-12-04 11:18 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Ana Rey @ 2013-12-02 10:43 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Ana Rey

This error is shown with valgrind tools:

valgrind --leak-check=full xtables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

==7377== 16 bytes in 1 blocks are still reachable in loss record 1 of 14
==7377==    at 0x4C2B514: calloc (vg_replace_malloc.c:593)
==7377==    by 0x574CC76: mnl_socket_open (socket.c:117)
==7377==    by 0x417495: nft_init (nft.c:598)
==7377==    by 0x4134C2: xtables_main (xtables-standalone.c:64)
==7377==    by 0x5B87994: (below main) (libc-start.c:260)

This patch calls nft_fini to release the objects that have been allocated in
nft_init. This function was not used so far.
---
 iptables/xtables-standalone.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index cb685d6..c9f8e15 100644
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -66,6 +66,7 @@ xtables_main(int argc, char *argv[])
 				xtables_globals.program_name,
 				xtables_globals.program_version,
 				strerror(errno));
+		nft_fini(&h);
 		exit(EXIT_FAILURE);
 	}
 
@@ -73,6 +74,8 @@ xtables_main(int argc, char *argv[])
 	if (ret)
 		ret = nft_commit(&h);
 
+	nft_fini(&h);
+
 	if (!ret) {
 		if (errno == EINVAL) {
 			fprintf(stderr, "iptables: %s. "
-- 
1.8.4.rc3


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] xtables-standalone: call nft_fini in the error path
  2013-12-02 10:43 [PATCH] xtables-standalone: call nft_fini in the error path Ana Rey
@ 2013-12-04 11:18 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2013-12-04 11:18 UTC (permalink / raw)
  To: Ana Rey; +Cc: netfilter-devel

On Mon, Dec 02, 2013 at 11:43:25AM +0100, Ana Rey wrote:
> This error is shown with valgrind tools:
> 
> valgrind --leak-check=full xtables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
> 
> ==7377== 16 bytes in 1 blocks are still reachable in loss record 1 of 14
> ==7377==    at 0x4C2B514: calloc (vg_replace_malloc.c:593)
> ==7377==    by 0x574CC76: mnl_socket_open (socket.c:117)
> ==7377==    by 0x417495: nft_init (nft.c:598)
> ==7377==    by 0x4134C2: xtables_main (xtables-standalone.c:64)
> ==7377==    by 0x5B87994: (below main) (libc-start.c:260)
> 
> This patch calls nft_fini to release the objects that have been allocated in
> nft_init. This function was not used so far.

Applied, thanks Ana.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-12-04 11:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-12-02 10:43 [PATCH] xtables-standalone: call nft_fini in the error path Ana Rey
2013-12-04 11:18 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).