projects / project / firewall3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c320b26)
Separate running from current state flags in ipset handling, remove ipsets per family
authorJo-Philipp Wich <jow@openwrt.org>
Sun, 10 Mar 2013 18:39:39 +0000 (19:39 +0100)
committerJo-Philipp Wich <jow@openwrt.org>
Sun, 10 Mar 2013 18:42:32 +0000 (19:42 +0100)
ipsets.c patch | blob | history
ipsets.h patch | blob | history
main.c patch | blob | history
options.h patch | blob | history
utils.c patch | blob | history

diff --git a/ipsets.c b/ipsets.c
index 62877c8456622a2e9e8b615cd29d9d13a872e5ea..d6ff9bd272a7dc3d5b96773be473a34e9664cd1a 100644 (file)
--- a/ipsets.c
+++ b/ipsets.c
@@ -373,20 +373,17 @@ fw3_create_ipsets(struct fw3_state *state)
 }
 
 void
-fw3_destroy_ipsets(struct fw3_state *state)
+fw3_destroy_ipsets(struct fw3_state *state, enum fw3_family family)
 {
        struct fw3_ipset *s, *tmp;
-       int mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6);
+       uint32_t family_mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6);
 
        list_for_each_entry_safe(s, tmp, &state->running_ipsets, running_list)
        {
-               if (!hasbit(state->defaults.flags, FW3_FAMILY_V4))
-                       delbit(s->flags, FW3_FAMILY_V4);
+               if (hasbit(s->running_flags, family))
+                       delbit(s->flags, family);
 
-               if (!hasbit(state->defaults.flags, FW3_FAMILY_V6))
-                       delbit(s->flags, FW3_FAMILY_V6);
-
-               if (!(s->flags & mask))
+               if (!(s->flags & family_mask))
                {
                        info("Deleting ipset %s", s->name);
 
diff --git a/ipsets.h b/ipsets.h
index debe0e88962f6748ffc617b96808f1646d61b709..186a4171b1bd4e1f4d791f491c906388d49db544 100644 (file)
--- a/ipsets.h
+++ b/ipsets.h
@@ -27,7 +27,7 @@ extern const struct fw3_option fw3_ipset_opts[];
 struct fw3_ipset * fw3_alloc_ipset(void);
 void fw3_load_ipsets(struct fw3_state *state, struct uci_package *p);
 void fw3_create_ipsets(struct fw3_state *state);
-void fw3_destroy_ipsets(struct fw3_state *state);
+void fw3_destroy_ipsets(struct fw3_state *state, enum fw3_family family);
 
 struct fw3_ipset * fw3_lookup_ipset(struct fw3_state *state, const char *name,
                                     bool running);
diff --git a/main.c b/main.c
index ad349686b088c21c746b89e46c312f5cfda8286c..09baca9579e96e1c944080c55dff531f3c9026ca 100644 (file)
--- a/main.c
+++ b/main.c
@@ -219,17 +219,19 @@ stop(struct fw3_state *state, bool complete, bool reload)
                fw3_command_close();
 
                if (!reload)
+               {
+                       if (fw3_command_pipe(false, "ipset", "-exist", "-"))
+                       {
+                               fw3_destroy_ipsets(state, family);
+                               fw3_command_close();
+                       }
+
                        family_set(state, family, false);
+               }
 
                rv = 0;
        }
 
-       if (!reload && fw3_command_pipe(false, "ipset", "-exist", "-"))
-       {
-               fw3_destroy_ipsets(state);
-               fw3_command_close();
-       }
-
        if (complete && (ct = fopen("/proc/net/nf_conntrack", "w")) != NULL)
        {
                info("Flushing conntrack table ...");
diff --git a/options.h b/options.h
index e731eefff4d430cab63cfd7458f55ee51316307c..c4d94d260297239cc398040334af8d79d256f889 100644 (file)
--- a/options.h
+++ b/options.h
@@ -399,6 +399,7 @@ struct fw3_ipset
        const char *external;
 
        uint32_t flags;
+       uint32_t running_flags;
 };
 
 struct fw3_include
diff --git a/utils.c b/utils.c
index fbc6a9a7dbab9fe8f510a64554635dc52a637306..b20c67b290387391833e0dc5658e0537b1d18ea0 100644 (file)
--- a/utils.c
+++ b/utils.c
@@ -422,7 +422,7 @@ fw3_read_statefile(void *state)
                                list_add_tail(&ipset->list, &s->ipsets);
                        }
 
-                       ipset->flags = flags[0];
+                       ipset->running_flags = flags[0];
                        list_add_tail(&ipset->running_list, &s->running_ipsets);
                        break;
                }
OpenWrt firewall configuration utility