[PATCH] rules.pl: Fix automatic ipset sets cleanup.

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH] rules.pl: Fix automatic ipset sets cleanup.
@ 2022-04-25 19:04 Stefan Schantl
  2022-04-25 19:09 ` Peter Müller
  2022-04-29 19:45 ` Peter Müller
  0 siblings, 2 replies; 4+ messages in thread
From: Stefan Schantl @ 2022-04-25 19:04 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1520 bytes --]

The array of used/loaded ipsets needs to be reloaded before
the cleanup can be started to also handle sets which are loaded during
runtime.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/firewall/rules.pl | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 649bd49f0..799b2667d 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -137,7 +137,7 @@ undef (@dummy);
 
 sub main {
 	# Get currently used ipset sets.
-	&ipset_get_sets();
+	@ipset_used_sets = &ipset_get_sets();
 
 	# Flush all chains.
 	&flush();
@@ -993,6 +993,8 @@ sub firewall_chain_exists ($) {
 }
 
 sub ipset_get_sets () {
+	my @sets;
+
 	# Get all currently used ipset lists and store them in an array.
 	my @output = `$IPSET -n list`;
 
@@ -1002,14 +1004,17 @@ sub ipset_get_sets () {
 		chomp($set);
 
 		# Add the set the array of used sets.
-		push(@ipset_used_sets, $set);
+		push(@sets, $set);
 	}
 
 	# Display used sets in debug mode.
 	if($DEBUG) {
 		print "Used ipset sets:\n";
-		print "@ipset_used_sets\n\n";
+		print "@sets\n\n";
 	}
+
+	# Return the array of sets.
+	return @sets;
 }
 
 sub ipset_restore ($) {
@@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) {
 }
 
 sub ipset_cleanup () {
+	# Reload the array of used sets.
+	@ipset_used_sets = &ipset_get_sets();
+
 	# Loop through the array of used sets.
 	foreach my $set (@ipset_used_sets) {
 		# Check if this set is still in use.
-- 
2.30.2


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] rules.pl: Fix automatic ipset sets cleanup.
  2022-04-25 19:04 [PATCH] rules.pl: Fix automatic ipset sets cleanup Stefan Schantl
@ 2022-04-25 19:09 ` Peter Müller
  2022-04-26  3:40   ` Stefan Schantl
  2022-04-29 19:45 ` Peter Müller
  1 sibling, 1 reply; 4+ messages in thread
From: Peter Müller @ 2022-04-25 19:09 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1825 bytes --]

Hello Stefan,

thank you for submitting this.

Is this an important fix that has to go into Core Update 167? Or can it wait
until the next Core Update?

Thanks, and best regards,
Peter Müller


> The array of used/loaded ipsets needs to be reloaded before
> the cleanup can be started to also handle sets which are loaded during
> runtime.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/firewall/rules.pl | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index 649bd49f0..799b2667d 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -137,7 +137,7 @@ undef (@dummy);
>  
>  sub main {
>  	# Get currently used ipset sets.
> -	&ipset_get_sets();
> +	@ipset_used_sets = &ipset_get_sets();
>  
>  	# Flush all chains.
>  	&flush();
> @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) {
>  }
>  
>  sub ipset_get_sets () {
> +	my @sets;
> +
>  	# Get all currently used ipset lists and store them in an array.
>  	my @output = `$IPSET -n list`;
>  
> @@ -1002,14 +1004,17 @@ sub ipset_get_sets () {
>  		chomp($set);
>  
>  		# Add the set the array of used sets.
> -		push(@ipset_used_sets, $set);
> +		push(@sets, $set);
>  	}
>  
>  	# Display used sets in debug mode.
>  	if($DEBUG) {
>  		print "Used ipset sets:\n";
> -		print "@ipset_used_sets\n\n";
> +		print "@sets\n\n";
>  	}
> +
> +	# Return the array of sets.
> +	return @sets;
>  }
>  
>  sub ipset_restore ($) {
> @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) {
>  }
>  
>  sub ipset_cleanup () {
> +	# Reload the array of used sets.
> +	@ipset_used_sets = &ipset_get_sets();
> +
>  	# Loop through the array of used sets.
>  	foreach my $set (@ipset_used_sets) {
>  		# Check if this set is still in use.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] rules.pl: Fix automatic ipset sets cleanup.
  2022-04-25 19:09 ` Peter Müller
@ 2022-04-26  3:40   ` Stefan Schantl
  0 siblings, 0 replies; 4+ messages in thread
From: Stefan Schantl @ 2022-04-26  3:40 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 2570 bytes --]

Hello Peter,

> Hello Stefan,
> 
> thank you for submitting this.
> 
> Is this an important fix that has to go into Core Update 167? Or can
> it wait
> until the next Core Update?

This is not an urgent fix, we are fine to ship it with C168.

Best regards,

-Stefan
> 
> Thanks, and best regards,
> Peter Müller
> 
> 
> > The array of used/loaded ipsets needs to be reloaded before
> > the cleanup can be started to also handle sets which are loaded
> > during
> > runtime.
> > 
> > Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> > ---
> >  config/firewall/rules.pl | 14 +++++++++++---
> >  1 file changed, 11 insertions(+), 3 deletions(-)
> > 
> > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> > index 649bd49f0..799b2667d 100644
> > --- a/config/firewall/rules.pl
> > +++ b/config/firewall/rules.pl
> > @@ -137,7 +137,7 @@ undef (@dummy);
> >  
> >  sub main {
> >         # Get currently used ipset sets.
> > -       &ipset_get_sets();
> > +       @ipset_used_sets = &ipset_get_sets();
> >  
> >         # Flush all chains.
> >         &flush();
> > @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) {
> >  }
> >  
> >  sub ipset_get_sets () {
> > +       my @sets;
> > +
> >         # Get all currently used ipset lists and store them in an
> > array.
> >         my @output = `$IPSET -n list`;
> >  
> > @@ -1002,14 +1004,17 @@ sub ipset_get_sets () {
> >                 chomp($set);
> >  
> >                 # Add the set the array of used sets.
> > -               push(@ipset_used_sets, $set);
> > +               push(@sets, $set);
> >         }
> >  
> >         # Display used sets in debug mode.
> >         if($DEBUG) {
> >                 print "Used ipset sets:\n";
> > -               print "@ipset_used_sets\n\n";
> > +               print "@sets\n\n";
> >         }
> > +
> > +       # Return the array of sets.
> > +       return @sets;
> >  }
> >  
> >  sub ipset_restore ($) {
> > @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) {
> >  }
> >  
> >  sub ipset_cleanup () {
> > +       # Reload the array of used sets.
> > +       @ipset_used_sets = &ipset_get_sets();
> > +
> >         # Loop through the array of used sets.
> >         foreach my $set (@ipset_used_sets) {
> >                 # Check if this set is still in use.


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] rules.pl: Fix automatic ipset sets cleanup.
  2022-04-25 19:04 [PATCH] rules.pl: Fix automatic ipset sets cleanup Stefan Schantl
  2022-04-25 19:09 ` Peter Müller
@ 2022-04-29 19:45 ` Peter Müller
  1 sibling, 0 replies; 4+ messages in thread
From: Peter Müller @ 2022-04-29 19:45 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1684 bytes --]

Acked-by: Peter Müller <peter.mueller(a)ipfire.org>

> The array of used/loaded ipsets needs to be reloaded before
> the cleanup can be started to also handle sets which are loaded during
> runtime.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/firewall/rules.pl | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index 649bd49f0..799b2667d 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -137,7 +137,7 @@ undef (@dummy);
>  
>  sub main {
>  	# Get currently used ipset sets.
> -	&ipset_get_sets();
> +	@ipset_used_sets = &ipset_get_sets();
>  
>  	# Flush all chains.
>  	&flush();
> @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) {
>  }
>  
>  sub ipset_get_sets () {
> +	my @sets;
> +
>  	# Get all currently used ipset lists and store them in an array.
>  	my @output = `$IPSET -n list`;
>  
> @@ -1002,14 +1004,17 @@ sub ipset_get_sets () {
>  		chomp($set);
>  
>  		# Add the set the array of used sets.
> -		push(@ipset_used_sets, $set);
> +		push(@sets, $set);
>  	}
>  
>  	# Display used sets in debug mode.
>  	if($DEBUG) {
>  		print "Used ipset sets:\n";
> -		print "@ipset_used_sets\n\n";
> +		print "@sets\n\n";
>  	}
> +
> +	# Return the array of sets.
> +	return @sets;
>  }
>  
>  sub ipset_restore ($) {
> @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) {
>  }
>  
>  sub ipset_cleanup () {
> +	# Reload the array of used sets.
> +	@ipset_used_sets = &ipset_get_sets();
> +
>  	# Loop through the array of used sets.
>  	foreach my $set (@ipset_used_sets) {
>  		# Check if this set is still in use.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-04-29 19:45 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-25 19:04 [PATCH] rules.pl: Fix automatic ipset sets cleanup Stefan Schantl
2022-04-25 19:09 ` Peter Müller
2022-04-26  3:40   ` Stefan Schantl
2022-04-29 19:45 ` Peter Müller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox