X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=ipsets.c;h=06aafb77ecab50be9b5ffbdb8f917183e9b176b9;hp=b63db218aead1ea0761a2c2756eb737af619ba8c;hb=aeba5741d7ed3b53fb4f1bb3679feb0fa526f4c6;hpb=78e134ba7cdc473e7cdf0422b863579ac700ac13

diff --git a/ipsets.c b/ipsets.c
index b63db21..06aafb7 100644
--- a/ipsets.c
+++ b/ipsets.c
@@ -178,10 +178,10 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset)
 				}
 
 				if (!(ipset_types[i].optional & OPT_FAMILY) &&
-				    ipset->family != FW3_FAMILY_ANY)
+				    ipset->family != FW3_FAMILY_V4)
 				{
 					warn_elem(e, "family ignored");
-					ipset->family = FW3_FAMILY_ANY;
+					ipset->family = FW3_FAMILY_V4;
 				}
 			}
 
@@ -208,6 +208,7 @@ fw3_alloc_ipset(void)
 	INIT_LIST_HEAD(&ipset->datatypes);
 
 	ipset->enabled = true;
+	ipset->family  = FW3_FAMILY_V4;
 
 	return ipset;
 }
@@ -254,6 +255,10 @@ fw3_load_ipsets(struct fw3_state *state, struct uci_package *p)
 		//{
 		//	warn_elem(e, "has duplicated set name '%s'", ipset->name);
 		//}
+		else if (ipset->family == FW3_FAMILY_ANY)
+		{
+			warn_elem(e, "must not have family 'any'");
+		}
 		else if (list_empty(&ipset->datatypes))
 		{
 			warn_elem(e, "has no datatypes assigned");
@@ -276,9 +281,6 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 
 	struct fw3_ipset_datatype *type;
 
-	if (ipset->external)
-		return;
-
 	info(" * Creating ipset %s", ipset->name);
 
 	first = true;
@@ -300,8 +302,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 		       ipset->portrange.port_min, ipset->portrange.port_max);
 	}
 
-	if (ipset->family != FW3_FAMILY_ANY)
-		fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6");
+	fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6");
 
 	if (ipset->timeout > 0)
 		fw3_pr(" timeout %u", ipset->timeout);
@@ -321,31 +322,86 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 void
 fw3_create_ipsets(struct fw3_state *state)
 {
+	int tries;
+	bool exec = false;
 	struct fw3_ipset *ipset;
 
 	if (state->disable_ipsets)
 		return;
 
+	/* spawn ipsets */
 	list_for_each_entry(ipset, &state->ipsets, list)
+	{
+		if (ipset->external)
+			continue;
+
+		if (!exec)
+		{
+			exec = fw3_command_pipe(false, "ipset", "-exist", "-");
+
+			if (!exec)
+				return;
+		}
+
 		create_ipset(ipset, state);
+	}
+
+	if (exec)
+	{
+		fw3_pr("quit\n");
+		fw3_command_close();
+	}
 
-	fw3_pr("quit\n");
+	/* wait for ipsets to appear */
+	list_for_each_entry(ipset, &state->ipsets, list)
+	{
+		if (ipset->external)
+			continue;
+
+		for (tries = 0; !fw3_check_ipset(ipset) && tries < 10; tries++)
+			usleep(50000);
+	}
 }
 
 void
 fw3_destroy_ipsets(struct fw3_state *state)
 {
-	struct fw3_ipset *s;
+	int tries;
+	bool exec = false;
+	struct fw3_ipset *ipset;
 
-	list_for_each_entry(s, &state->ipsets, list)
+	/* destroy ipsets */
+	list_for_each_entry(ipset, &state->ipsets, list)
 	{
-		info(" * Deleting ipset %s", s->name);
+		if (!exec)
+		{
+			exec = fw3_command_pipe(false, "ipset", "-exist", "-");
+
+			if (!exec)
+				return;
+		}
+
+		info(" * Deleting ipset %s", ipset->name);
 
-		fw3_pr("flush %s\n", s->name);
-		fw3_pr("destroy %s\n", s->name);
+		fw3_pr("flush %s\n", ipset->name);
+		fw3_pr("destroy %s\n", ipset->name);
 	}
 
-	fw3_pr("quit\n");
+	if (exec)
+	{
+		fw3_pr("quit\n");
+		fw3_command_close();
+	}
+
+	/* wait for ipsets to disappear */
+	list_for_each_entry(ipset, &state->ipsets, list)
+	{
+		if (ipset->external)
+			continue;
+
+		for (tries = 0; fw3_check_ipset(ipset) && tries < 10; tries++)
+			usleep(50000);
+	}
 }
 
 struct fw3_ipset *