From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] rules.pl: Fix automatic ipset sets cleanup.
Date: Fri, 29 Apr 2022 19:45:40 +0000
Message-ID: <9c66f99a-3c2d-71f1-6fb8-a25adf878bfd@ipfire.org>
In-Reply-To: <20220425190453.7996-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5696293852825864874=="
List-Id: <development.lists.ipfire.org>

--===============5696293852825864874==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Acked-by: Peter Müller <peter.mueller(a)ipfire.org>

> The array of used/loaded ipsets needs to be reloaded before
> the cleanup can be started to also handle sets which are loaded during
> runtime.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
>  config/firewall/rules.pl | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
> index 649bd49f0..799b2667d 100644
> --- a/config/firewall/rules.pl
> +++ b/config/firewall/rules.pl
> @@ -137,7 +137,7 @@ undef (@dummy);
>  
>  sub main {
>  	# Get currently used ipset sets.
> -	&ipset_get_sets();
> +	@ipset_used_sets = &ipset_get_sets();
>  
>  	# Flush all chains.
>  	&flush();
> @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) {
>  }
>  
>  sub ipset_get_sets () {
> +	my @sets;
> +
>  	# Get all currently used ipset lists and store them in an array.
>  	my @output = `$IPSET -n list`;
>  
> @@ -1002,14 +1004,17 @@ sub ipset_get_sets () {
>  		chomp($set);
>  
>  		# Add the set the array of used sets.
> -		push(@ipset_used_sets, $set);
> +		push(@sets, $set);
>  	}
>  
>  	# Display used sets in debug mode.
>  	if($DEBUG) {
>  		print "Used ipset sets:\n";
> -		print "@ipset_used_sets\n\n";
> +		print "@sets\n\n";
>  	}
> +
> +	# Return the array of sets.
> +	return @sets;
>  }
>  
>  sub ipset_restore ($) {
> @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) {
>  }
>  
>  sub ipset_cleanup () {
> +	# Reload the array of used sets.
> +	@ipset_used_sets = &ipset_get_sets();
> +
>  	# Loop through the array of used sets.
>  	foreach my $set (@ipset_used_sets) {
>  		# Check if this set is still in use.

--===============5696293852825864874==--