X-Git-Url: http://git.archive.openwrt.org/?a=blobdiff_plain;f=ipsets.c;h=74706ff5f05dc2d3029d9c52fa4865549f832302;hb=a4b710143626b399783865a3ea31bdb25aa1bac9;hp=e2c857568c058174ed90341860bc6e30de84367b;hpb=5df8137ebc5db2bc9c6e71b2d154a5f77679d9d8;p=project%2Ffirewall3.git

diff --git a/ipsets.c b/ipsets.c
index e2c8575..74706ff 100644
--- a/ipsets.c
+++ b/ipsets.c
@@ -20,13 +20,15 @@
 
 
 const struct fw3_option fw3_ipset_opts[] = {
+	FW3_OPT("enabled",       bool,           ipset,     enabled),
+
 	FW3_OPT("name",          string,         ipset,     name),
 	FW3_OPT("family",        family,         ipset,     family),
 
 	FW3_OPT("storage",       ipset_method,   ipset,     method),
 	FW3_LIST("match",        ipset_datatype, ipset,     datatypes),
 
-	FW3_LIST("iprange",      address,        ipset,     iprange),
+	FW3_OPT("iprange",       address,        ipset,     iprange),
 	FW3_OPT("portrange",     port,           ipset,     portrange),
 
 	FW3_OPT("netmask",       int,            ipset,     netmask),
@@ -136,7 +138,7 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset)
 			if (!ipset->external || !*ipset->external)
 			{
 				if ((ipset_types[i].required & OPT_IPRANGE) &&
-					list_empty(&ipset->iprange))
+					!ipset->iprange.set)
 				{
 					warn_elem(e, "requires an ip range");
 					return false;
@@ -150,17 +152,17 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset)
 				}
 
 				if (!(ipset_types[i].required & OPT_IPRANGE) &&
-				    !list_empty(&ipset->iprange))
+				    ipset->iprange.set)
 				{
 					warn_elem(e, "iprange ignored");
-					fw3_free_list(&ipset->iprange);
+					ipset->iprange.set = false;
 				}
 
 				if (!(ipset_types[i].required & OPT_PORTRANGE) &&
 				    ipset->portrange.set)
 				{
 					warn_elem(e, "portrange ignored");
-					memset(&ipset->portrange, 0, sizeof(ipset->portrange));
+					ipset->portrange.set = false;
 				}
 
 				if (!(ipset_types[i].optional & OPT_NETMASK) &&
@@ -213,7 +215,6 @@ fw3_alloc_ipset(void)
 	memset(ipset, 0, sizeof(*ipset));
 
 	INIT_LIST_HEAD(&ipset->datatypes);
-	INIT_LIST_HEAD(&ipset->iprange);
 
 	return ipset;
 }
@@ -274,7 +275,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 	char s[INET6_ADDRSTRLEN];
 
 	struct fw3_ipset_datatype *type;
-	struct fw3_address *a1, *a2;
+	struct fw3_address *a;
 
 	const char *methods[] = {
 		"(bug)",
@@ -295,7 +296,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 	if (ipset->external && *ipset->external)
 		return;
 
-	info("Creating ipset %s", ipset->name);
+	info(" * Creating ipset %s", ipset->name);
 
 	first = true;
 	fw3_pr("create %s %s", ipset->name, methods[ipset->method]);
@@ -306,29 +307,26 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 		first = false;
 	}
 
-	if (!list_empty(&ipset->iprange))
+	if (ipset->iprange.set)
 	{
-		a1 = list_first_entry(&ipset->iprange, struct fw3_address, list);
-		a2 = list_last_entry(&ipset->iprange, struct fw3_address, list);
+		a = &ipset->iprange;
 
-		if (a1 == a2)
+		if (!a->range)
 		{
-			inet_ntop(a1->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-			          &a1->address.v6, s, sizeof(s));
+			inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
+			          &a->address.v6, s, sizeof(s));
 
-			fw3_pr(" range %s/%u", s, a1->mask);
+			fw3_pr(" range %s/%u", s, a->mask);
 		}
-		else if (a1->family == a2->family &&
-		         fw3_is_family(ipset, a1->family) &&
-		         fw3_is_family(ipset, a2->family))
+		else
 		{
-			inet_ntop(a1->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-			          &a1->address.v6, s, sizeof(s));
+			inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
+			          &a->address.v6, s, sizeof(s));
 
 			fw3_pr(" range %s", s);
 
-			inet_ntop(a2->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-			          &a2->address.v6, s, sizeof(s));
+			inet_ntop(a->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
+			          &a->address2.v6, s, sizeof(s));
 
 			fw3_pr("-%s", s);
 		}
@@ -375,22 +373,17 @@ fw3_create_ipsets(struct fw3_state *state)
 }
 
 void
-fw3_destroy_ipsets(struct fw3_state *state)
+fw3_destroy_ipsets(struct fw3_state *state, enum fw3_family family)
 {
 	struct fw3_ipset *s, *tmp;
-	int mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6);
 
 	list_for_each_entry_safe(s, tmp, &state->running_ipsets, running_list)
 	{
-		if (!hasbit(state->defaults.flags, FW3_FAMILY_V4))
-			delbit(s->flags, FW3_FAMILY_V4);
-
-		if (!hasbit(state->defaults.flags, FW3_FAMILY_V6))
-			delbit(s->flags, FW3_FAMILY_V6);
+		delbit(s->running_flags, family);
 
-		if (!(s->flags & mask))
+		if (fw3_no_family(s->running_flags))
 		{
-			info("Deleting ipset %s", s->name);
+			info(" * Deleting ipset %s", s->name);
 
 			fw3_pr("flush %s\n", s->name);
 			fw3_pr("destroy %s\n", s->name);