Wait for ipsets to appear before continuing

diff --git a/ipsets.c b/ipsets.c
index 955d4349875f279f4857c8accce788920de42b0b..e149b5baa6ef24d0a49d7b28f492d10174bcfb1e 100644 (file)
--- a/ipsets.c
+++ b/ipsets.c
@@ -281,9 +281,6 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 
        struct fw3_ipset_datatype *type;
 
-       if (ipset->external)
-               return;
-
        info(" * Creating ipset %s", ipset->name);
 
        first = true;
@@ -325,31 +322,80 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 void
 fw3_create_ipsets(struct fw3_state *state)
 {
+       int tries;
+       bool exec = false;
        struct fw3_ipset *ipset;
 
        if (state->disable_ipsets)
                return;
 
+       /* spawn ipsets */
        list_for_each_entry(ipset, &state->ipsets, list)
+       {
+               if (ipset->external)
+                       continue;
+
+               if (!exec)
+               {
+                       exec = fw3_command_pipe(false, "ipset", "-exist", "-");
+
+                       if (!exec)
+                               return;
+               }
+
                create_ipset(ipset, state);
+       }
 
        fw3_pr("quit\n");
+       fw3_command_close();
+
+       /* wait for ipsets to appear */
+       list_for_each_entry(ipset, &state->ipsets, list)
+       {
+               if (ipset->external)
+                       continue;
+
+               for (tries = 0; !fw3_check_ipset(ipset) && tries < 10; tries++)
+                       usleep(50000);
+       }
 }
 
 void
 fw3_destroy_ipsets(struct fw3_state *state)
 {
-       struct fw3_ipset *s;
+       int tries;
+       bool exec = false;
+       struct fw3_ipset *ipset;
 
-       list_for_each_entry(s, &state->ipsets, list)
+       /* destroy ipsets */
+       list_for_each_entry(ipset, &state->ipsets, list)
        {
-               info(" * Deleting ipset %s", s->name);
+               if (!exec)
+               {
+                       exec = fw3_command_pipe(false, "ipset", "-exist", "-");
+
+                       if (!exec)
+                               return;
+               }
 
-               fw3_pr("flush %s\n", s->name);
-               fw3_pr("destroy %s\n", s->name);
+               info(" * Deleting ipset %s", ipset->name);
+
+               fw3_pr("flush %s\n", ipset->name);
+               fw3_pr("destroy %s\n", ipset->name);
        }
 
        fw3_pr("quit\n");
+       fw3_command_close();
+
+       /* wait for ipsets to disappear */
+       list_for_each_entry(ipset, &state->ipsets, list)
+       {
+               if (ipset->external)
+                       continue;
+
+               for (tries = 0; fw3_check_ipset(ipset) && tries < 10; tries++)
+                       usleep(50000);
+       }
 }
 
 struct fw3_ipset *

diff --git a/main.c b/main.c
index 7a8969fae7a5683d4b3a75011dc7f3464bb6891c..8305f9f28330cf7e1d6884fad7ee4c9bf0440a1d 100644 (file)
--- a/main.c
+++ b/main.c
@@ -214,13 +214,7 @@ stop(bool complete)
        }
 
        if (run_state)
-       {
-               if (fw3_command_pipe(false, "ipset", "-exist", "-"))
-               {
-                       fw3_destroy_ipsets(run_state);
-                       fw3_command_close();
-               }
-       }
+               fw3_destroy_ipsets(run_state);
 
        if (complete && (ct = fopen("/proc/net/nf_conntrack", "w")) != NULL)
        {
@@ -245,13 +239,7 @@ start(void)
        struct fw3_ipt_handle *handle;
 
        if (!print_family)
-       {
-               if (fw3_command_pipe(false, "ipset", "-exist", "-"))
-               {
-                       fw3_create_ipsets(cfg_state);
-                       fw3_command_close();
-               }
-       }
+               fw3_create_ipsets(cfg_state);
 
        for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
        {