From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH 00/15] cache evaluation phase bonus material
Date: Wed, 6 May 2020 19:33:16 +0200 [thread overview]
Message-ID: <20200506173331.9347-1-phil@nwl.cc> (raw)
Play a bit with valgrind I thought. This will be easy, I thought. So
here's what this turned into:
Patches 1-4 fix bugs in the previous series "iptables: introduce cache
evaluation phase" and hence will get folded into respective commits
before pushing upstream. I left those separate to ease reviews and
provide some explanation in commit messages.
Patch 5 reveals what happens if I'm too lazy to create test cases for
use with valgrind but am not too lazy for shell scripting: In a "big
hammer turns everything into a nail" style, I hacked tests/shell for
memleak analysis.
The remaining patches fix old code, mostly to get rid of reachable
memory at zero-status program exit. This is not just cosmetics: Reducing
noise in valgrind output does a great deal to emphasize real issues.
Phil Sutter (15):
nft: Free rule pointer in nft_cmd_free()
nft: Add missing clear_cs() calls
nft: Avoid use-after-free when rebuilding cache
nft: Call nft_release_cache() in nft_fini()
tests: shell: Implement --valgrind mode
nft: cache: Re-establish cache consistency check
nft: Clear all lists in nft_fini()
nft: Fix leaks in ebt_add_policy_rule()
nft: Fix leak when deleting rules
ebtables: Free statically loaded extensions again
libxtables: Introduce xtables_fini()
nft: Use clear_cs() instead of open coding
arptables: Fix leak in nft_arp_print_rule()
nft: Fix leak when replacing a rule
nft: Don't exit early after printing help texts
configure.ac | 4 +--
include/xtables.h | 1 +
iptables/ip6tables-standalone.c | 2 ++
iptables/iptables-restore.c | 14 ++++++---
iptables/iptables-save.c | 14 +++++++--
iptables/iptables-standalone.c | 2 ++
iptables/nft-arp.c | 3 ++
iptables/nft-bridge.c | 1 +
iptables/nft-cache.c | 25 +++++++++++++---
iptables/nft-cmd.c | 9 +++++-
iptables/nft-ipv4.c | 2 +-
iptables/nft-ipv6.c | 2 +-
iptables/nft-shared.c | 1 +
iptables/nft.c | 37 ++++++++++++++++--------
iptables/nft.h | 5 ++--
iptables/tests/shell/run-tests.sh | 47 +++++++++++++++++++++++++++++++
iptables/xtables-arp-standalone.c | 1 +
iptables/xtables-arp.c | 14 ++++-----
iptables/xtables-eb-standalone.c | 2 +-
iptables/xtables-eb.c | 20 ++++++++++++-
iptables/xtables-monitor.c | 2 ++
iptables/xtables-restore.c | 4 ++-
iptables/xtables-save.c | 1 +
iptables/xtables-standalone.c | 1 +
iptables/xtables-translate.c | 2 ++
iptables/xtables.c | 13 ++++-----
libxtables/xtables.c | 44 ++++++++++++++++++++++++++++-
27 files changed, 224 insertions(+), 49 deletions(-)
--
2.25.1
next reply other threads:[~2020-05-06 17:33 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-06 17:33 Phil Sutter [this message]
2020-05-06 17:33 ` [iptables PATCH 01/15] nft: Free rule pointer in nft_cmd_free() Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 02/15] nft: Add missing clear_cs() calls Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 03/15] nft: Avoid use-after-free when rebuilding cache Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 04/15] nft: Call nft_release_cache() in nft_fini() Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 05/15] tests: shell: Implement --valgrind mode Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 06/15] nft: cache: Re-establish cache consistency check Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 07/15] nft: Clear all lists in nft_fini() Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 08/15] nft: Fix leaks in ebt_add_policy_rule() Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 09/15] nft: Fix leak when deleting rules Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 10/15] ebtables: Free statically loaded extensions again Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 11/15] libxtables: Introduce xtables_fini() Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 12/15] nft: Use clear_cs() instead of open coding Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 13/15] arptables: Fix leak in nft_arp_print_rule() Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 14/15] nft: Fix leak when replacing a rule Phil Sutter
2020-05-06 17:33 ` [iptables PATCH 15/15] nft: Don't exit early after printing help texts Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200506173331.9347-1-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).