Store ipset storage method and matches in state file, keep iprange and ports if set

diff --git a/ipsets.c b/ipsets.c
index eb37d0a82e6a831462ca19bf4825640b07c2b02a..713b34378dd0551c2a1860c120f10438610bd1cb 100644 (file)
--- a/ipsets.c
+++ b/ipsets.c
@@ -91,15 +91,6 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset)
        uint32_t typelist = 0;
        struct fw3_ipset_datatype *type;
 
-       const char *methods[] = {
-               "(bug)",
-               "bitmap",
-               "hash",
-               "list",
-       };
-
-       typelist = 0;
-
        list_for_each_entry(type, &ipset->datatypes, list)
        {
                if (i >= 3)
@@ -121,7 +112,7 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset)
                                ipset->method = ipset_types[i].method;
 
                                warn_elem(e, "defines no storage method, assuming '%s'",
-                                         methods[ipset->method]);
+                                         fw3_ipset_method_names[ipset->method]);
 
                                break;
                        }
@@ -277,33 +268,17 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 
        struct fw3_ipset_datatype *type;
 
-       const char *methods[] = {
-               "(bug)",
-               "bitmap",
-               "hash",
-               "list",
-       };
-
-       const char *types[] = {
-               "(bug)",
-               "ip",
-               "port",
-               "mac",
-               "net",
-               "set",
-       };
-
        if (ipset->external && *ipset->external)
                return;
 
        info(" * Creating ipset %s", ipset->name);
 
        first = true;
-       fw3_pr("create %s %s", ipset->name, methods[ipset->method]);
+       fw3_pr("create %s %s", ipset->name, fw3_ipset_method_names[ipset->method]);
 
        list_for_each_entry(type, &ipset->datatypes, list)
        {
-               fw3_pr("%c%s", first ? ':' : ',', types[type->type]);
+               fw3_pr("%c%s", first ? ':' : ',', fw3_ipset_type_names[type->type]);
                first = false;
        }
 

diff --git a/options.c b/options.c
index 724a2153dfc816b72657db172d3b348ea1da6003..47cd7277aa3ac7efa93594398f2331d092086010 100644 (file)
--- a/options.c
+++ b/options.c
@@ -91,13 +91,15 @@ static const char *limit_units[] = {
        "day",
 };
 
-static const char *ipset_methods[] = {
+const char *fw3_ipset_method_names[__FW3_IPSET_METHOD_MAX] = {
+       "(bug)",
        "bitmap",
        "hash",
        "list",
 };
 
-static const char *ipset_types[] = {
+const char *fw3_ipset_type_names[__FW3_IPSET_TYPE_MAX] = {
+       "(bug)",
        "ip",
        "port",
        "mac",
@@ -558,7 +560,7 @@ fw3_parse_protocol(void *ptr, const char *val, bool is_list)
 bool
 fw3_parse_ipset_method(void *ptr, const char *val, bool is_list)
 {
-       return parse_enum(ptr, val, ipset_methods,
+       return parse_enum(ptr, val, &fw3_ipset_method_names[FW3_IPSET_METHOD_BITMAP],
                          FW3_IPSET_METHOD_BITMAP, FW3_IPSET_METHOD_LIST);
 }
 
@@ -583,7 +585,7 @@ fw3_parse_ipset_datatype(void *ptr, const char *val, bool is_list)
                type.dest = false;
        }
 
-       if (parse_enum(&type.type, val, ipset_types,
+       if (parse_enum(&type.type, val, &fw3_ipset_type_names[FW3_IPSET_TYPE_IP],
                       FW3_IPSET_TYPE_IP, FW3_IPSET_TYPE_SET))
        {
                put_value(ptr, &type, sizeof(type), is_list);

diff --git a/options.h b/options.h
index e242f67d9a8ec87ba08fe9f481e0cf4a14a033ab..567845103187c059d3233864d31945b37d8b90a6 100644 (file)
--- a/options.h
+++ b/options.h
@@ -100,6 +100,8 @@ enum fw3_ipset_method
        FW3_IPSET_METHOD_BITMAP = 1,
        FW3_IPSET_METHOD_HASH   = 2,
        FW3_IPSET_METHOD_LIST   = 3,
+
+       __FW3_IPSET_METHOD_MAX
 };
 
 enum fw3_ipset_type
@@ -110,8 +112,14 @@ enum fw3_ipset_type
        FW3_IPSET_TYPE_MAC    = 3,
        FW3_IPSET_TYPE_NET    = 4,
        FW3_IPSET_TYPE_SET    = 5,
+
+       __FW3_IPSET_TYPE_MAX
 };
 
+extern const char *fw3_ipset_method_names[__FW3_IPSET_METHOD_MAX];
+extern const char *fw3_ipset_type_names[__FW3_IPSET_TYPE_MAX];
+
+
 enum fw3_include_type
 {
        FW3_INC_TYPE_SCRIPT   = 0,

diff --git a/utils.c b/utils.c
index aef1cc68b77d342a91e77f890126908ecb0e06b5..a728e77b3fde6a3d064d0f4741b06238540d9fe6 100644 (file)
--- a/utils.c
+++ b/utils.c
@@ -490,7 +490,9 @@ static void
 write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s,
                 struct uci_package *dest)
 {
-       char buf[sizeof("0xffffffff\0")];
+       struct fw3_ipset_datatype *type;
+
+       char buf[sizeof("65535-65535\0")];
 
        struct uci_ptr ptr = { .p = dest };
 
@@ -504,17 +506,38 @@ write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s,
        ptr.value  = s->name;
        uci_set(ctx, &ptr);
 
-       sprintf(buf, "0x%x", s->flags[0]);
        ptr.o      = NULL;
-       ptr.option = "__flags_v4";
-       ptr.value  = buf;
+       ptr.option = "storage";
+       ptr.value  = fw3_ipset_method_names[s->method];
        uci_set(ctx, &ptr);
 
-       sprintf(buf, "0x%x", s->flags[1]);
-       ptr.o      = NULL;
-       ptr.option = "__flags_v6";
-       ptr.value  = buf;
-       uci_set(ctx, &ptr);
+       list_for_each_entry(type, &s->datatypes, list)
+       {
+               sprintf(buf, "%s_%s", type->dest ? "dst" : "src",
+                                     fw3_ipset_type_names[type->type]);
+
+               ptr.o      = NULL;
+               ptr.option = "match";
+               ptr.value  = buf;
+               uci_add_list(ctx, &ptr);
+       }
+
+       if (s->iprange.set)
+       {
+               ptr.o      = NULL;
+               ptr.option = "iprange";
+               ptr.value  = fw3_address_to_string(&s->iprange, false);
+               uci_set(ctx, &ptr);
+       }
+
+       if (s->portrange.set)
+       {
+               sprintf(buf, "%u-%u", s->portrange.port_min, s->portrange.port_max);
+               ptr.o      = NULL;
+               ptr.option = "portrange";
+               ptr.value  = buf;
+               uci_set(ctx, &ptr);
+       }
 }
 
 void