From 54c0625e83a5ddf77e1753885c96f488ba38f78a Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sun, 10 Mar 2013 19:39:39 +0100 Subject: [PATCH] Separate running from current state flags in ipset handling, remove ipsets per family --- ipsets.c | 13 +++++-------- ipsets.h | 2 +- main.c | 14 ++++++++------ options.h | 1 + utils.c | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/ipsets.c b/ipsets.c index 62877c8..d6ff9bd 100644 --- a/ipsets.c +++ b/ipsets.c @@ -373,20 +373,17 @@ fw3_create_ipsets(struct fw3_state *state) } void -fw3_destroy_ipsets(struct fw3_state *state) +fw3_destroy_ipsets(struct fw3_state *state, enum fw3_family family) { struct fw3_ipset *s, *tmp; - int mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6); + uint32_t family_mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6); list_for_each_entry_safe(s, tmp, &state->running_ipsets, running_list) { - if (!hasbit(state->defaults.flags, FW3_FAMILY_V4)) - delbit(s->flags, FW3_FAMILY_V4); + if (hasbit(s->running_flags, family)) + delbit(s->flags, family); - if (!hasbit(state->defaults.flags, FW3_FAMILY_V6)) - delbit(s->flags, FW3_FAMILY_V6); - - if (!(s->flags & mask)) + if (!(s->flags & family_mask)) { info("Deleting ipset %s", s->name); diff --git a/ipsets.h b/ipsets.h index debe0e8..186a417 100644 --- a/ipsets.h +++ b/ipsets.h @@ -27,7 +27,7 @@ extern const struct fw3_option fw3_ipset_opts[]; struct fw3_ipset * fw3_alloc_ipset(void); void fw3_load_ipsets(struct fw3_state *state, struct uci_package *p); void fw3_create_ipsets(struct fw3_state *state); -void fw3_destroy_ipsets(struct fw3_state *state); +void fw3_destroy_ipsets(struct fw3_state *state, enum fw3_family family); struct fw3_ipset * fw3_lookup_ipset(struct fw3_state *state, const char *name, bool running); diff --git a/main.c b/main.c index ad34968..09baca9 100644 --- a/main.c +++ b/main.c @@ -219,17 +219,19 @@ stop(struct fw3_state *state, bool complete, bool reload) fw3_command_close(); if (!reload) + { + if (fw3_command_pipe(false, "ipset", "-exist", "-")) + { + fw3_destroy_ipsets(state, family); + fw3_command_close(); + } + family_set(state, family, false); + } rv = 0; } - if (!reload && fw3_command_pipe(false, "ipset", "-exist", "-")) - { - fw3_destroy_ipsets(state); - fw3_command_close(); - } - if (complete && (ct = fopen("/proc/net/nf_conntrack", "w")) != NULL) { info("Flushing conntrack table ..."); diff --git a/options.h b/options.h index e731eef..c4d94d2 100644 --- a/options.h +++ b/options.h @@ -399,6 +399,7 @@ struct fw3_ipset const char *external; uint32_t flags; + uint32_t running_flags; }; struct fw3_include diff --git a/utils.c b/utils.c index fbc6a9a..b20c67b 100644 --- a/utils.c +++ b/utils.c @@ -422,7 +422,7 @@ fw3_read_statefile(void *state) list_add_tail(&ipset->list, &s->ipsets); } - ipset->flags = flags[0]; + ipset->running_flags = flags[0]; list_add_tail(&ipset->running_list, &s->running_ipsets); break; } -- 2.25.1