| Message ID | 20220425190453.7996-1-stefan.schantl@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 8b97a537f5f9e798a1ab307b2c32bd9a8b0f6913 |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4KnDwf5BVxz3x1v for <patchwork@web04.haj.ipfire.org>; Mon, 25 Apr 2022 19:05:06 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4KnDwc2cM3z3vH; Mon, 25 Apr 2022 19:05:04 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4KnDwc1Qkcz2xdf; Mon, 25 Apr 2022 19:05:04 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4KnDwZ2PBSz2xbW for <development@lists.ipfire.org>; Mon, 25 Apr 2022 19:05:02 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4KnDwY4PS7zYR; Mon, 25 Apr 2022 19:05:01 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1650913501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oAlU5AY7KUpbUEpuVU06Erz4dWgjqu5hYtVTlPOEe+0=; b=eM6YjaETw4iNXI4JLbjdksg0x/Ck5i4bEWQguMlBTgqINpbJnDDARjYsHZiPBjhqkWEx+3 skvyY2F8qeo2SfDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1650913501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oAlU5AY7KUpbUEpuVU06Erz4dWgjqu5hYtVTlPOEe+0=; b=HE5fNkZ1wmXqbAl4syZTwP06WLBENeDBCo4UOaCqdhavcmNHGpQyBQ43GpsJB9jOkqcLI4 nY/AYdCjPcZMybTWmenTLtNvIba1z74kHNazzzKZ4EQD+TWt5ybKiuxleKkpQQ3HE+6IMT U4hSb8SVwzNFhquDhOfB4zO0RyvFJA+90/m7BEY8SJnhOulQeHsQAB53U1t86dgyOFhwF+ m7uW1PfBG0/fY4ieDA7netMMx2+7fpB5W/oow8EG11V31QopMe4dhxqrrqKIhoccNTvlzM 2TTbCKoSd6GbxTbyuxfkm6cHdiReKSBrvlX6LGjP8ZJ9Xy+E/VYB/XRQFZH6yQ== From: Stefan Schantl <stefan.schantl@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] rules.pl: Fix automatic ipset sets cleanup. Date: Mon, 25 Apr 2022 21:04:53 +0200 Message-Id: <20220425190453.7996-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
rules.pl: Fix automatic ipset sets cleanup.
|
|
Commit Message
Stefan Schantl
April 25, 2022, 7:04 p.m. UTC
The array of used/loaded ipsets needs to be reloaded before
the cleanup can be started to also handle sets which are loaded during
runtime.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
config/firewall/rules.pl | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
Comments
Hello Stefan, thank you for submitting this. Is this an important fix that has to go into Core Update 167? Or can it wait until the next Core Update? Thanks, and best regards, Peter Müller > The array of used/loaded ipsets needs to be reloaded before > the cleanup can be started to also handle sets which are loaded during > runtime. > > Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > --- > config/firewall/rules.pl | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl > index 649bd49f0..799b2667d 100644 > --- a/config/firewall/rules.pl > +++ b/config/firewall/rules.pl > @@ -137,7 +137,7 @@ undef (@dummy); > > sub main { > # Get currently used ipset sets. > - &ipset_get_sets(); > + @ipset_used_sets = &ipset_get_sets(); > > # Flush all chains. > &flush(); > @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) { > } > > sub ipset_get_sets () { > + my @sets; > + > # Get all currently used ipset lists and store them in an array. > my @output = `$IPSET -n list`; > > @@ -1002,14 +1004,17 @@ sub ipset_get_sets () { > chomp($set); > > # Add the set the array of used sets. > - push(@ipset_used_sets, $set); > + push(@sets, $set); > } > > # Display used sets in debug mode. > if($DEBUG) { > print "Used ipset sets:\n"; > - print "@ipset_used_sets\n\n"; > + print "@sets\n\n"; > } > + > + # Return the array of sets. > + return @sets; > } > > sub ipset_restore ($) { > @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) { > } > > sub ipset_cleanup () { > + # Reload the array of used sets. > + @ipset_used_sets = &ipset_get_sets(); > + > # Loop through the array of used sets. > foreach my $set (@ipset_used_sets) { > # Check if this set is still in use.
Hello Peter, > Hello Stefan, > > thank you for submitting this. > > Is this an important fix that has to go into Core Update 167? Or can > it wait > until the next Core Update? This is not an urgent fix, we are fine to ship it with C168. Best regards, -Stefan > > Thanks, and best regards, > Peter Müller > > > > The array of used/loaded ipsets needs to be reloaded before > > the cleanup can be started to also handle sets which are loaded > > during > > runtime. > > > > Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > > --- > > config/firewall/rules.pl | 14 +++++++++++--- > > 1 file changed, 11 insertions(+), 3 deletions(-) > > > > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl > > index 649bd49f0..799b2667d 100644 > > --- a/config/firewall/rules.pl > > +++ b/config/firewall/rules.pl > > @@ -137,7 +137,7 @@ undef (@dummy); > > > > sub main { > > # Get currently used ipset sets. > > - &ipset_get_sets(); > > + @ipset_used_sets = &ipset_get_sets(); > > > > # Flush all chains. > > &flush(); > > @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) { > > } > > > > sub ipset_get_sets () { > > + my @sets; > > + > > # Get all currently used ipset lists and store them in an > > array. > > my @output = `$IPSET -n list`; > > > > @@ -1002,14 +1004,17 @@ sub ipset_get_sets () { > > chomp($set); > > > > # Add the set the array of used sets. > > - push(@ipset_used_sets, $set); > > + push(@sets, $set); > > } > > > > # Display used sets in debug mode. > > if($DEBUG) { > > print "Used ipset sets:\n"; > > - print "@ipset_used_sets\n\n"; > > + print "@sets\n\n"; > > } > > + > > + # Return the array of sets. > > + return @sets; > > } > > > > sub ipset_restore ($) { > > @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) { > > } > > > > sub ipset_cleanup () { > > + # Reload the array of used sets. > > + @ipset_used_sets = &ipset_get_sets(); > > + > > # Loop through the array of used sets. > > foreach my $set (@ipset_used_sets) { > > # Check if this set is still in use.
Acked-by: Peter Müller <peter.mueller@ipfire.org> > The array of used/loaded ipsets needs to be reloaded before > the cleanup can be started to also handle sets which are loaded during > runtime. > > Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > --- > config/firewall/rules.pl | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl > index 649bd49f0..799b2667d 100644 > --- a/config/firewall/rules.pl > +++ b/config/firewall/rules.pl > @@ -137,7 +137,7 @@ undef (@dummy); > > sub main { > # Get currently used ipset sets. > - &ipset_get_sets(); > + @ipset_used_sets = &ipset_get_sets(); > > # Flush all chains. > &flush(); > @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) { > } > > sub ipset_get_sets () { > + my @sets; > + > # Get all currently used ipset lists and store them in an array. > my @output = `$IPSET -n list`; > > @@ -1002,14 +1004,17 @@ sub ipset_get_sets () { > chomp($set); > > # Add the set the array of used sets. > - push(@ipset_used_sets, $set); > + push(@sets, $set); > } > > # Display used sets in debug mode. > if($DEBUG) { > print "Used ipset sets:\n"; > - print "@ipset_used_sets\n\n"; > + print "@sets\n\n"; > } > + > + # Return the array of sets. > + return @sets; > } > > sub ipset_restore ($) { > @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) { > } > > sub ipset_cleanup () { > + # Reload the array of used sets. > + @ipset_used_sets = &ipset_get_sets(); > + > # Loop through the array of used sets. > foreach my $set (@ipset_used_sets) { > # Check if this set is still in use.
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl index 649bd49f0..799b2667d 100644 --- a/config/firewall/rules.pl +++ b/config/firewall/rules.pl @@ -137,7 +137,7 @@ undef (@dummy); sub main { # Get currently used ipset sets. - &ipset_get_sets(); + @ipset_used_sets = &ipset_get_sets(); # Flush all chains. &flush(); @@ -993,6 +993,8 @@ sub firewall_chain_exists ($) { } sub ipset_get_sets () { + my @sets; + # Get all currently used ipset lists and store them in an array. my @output = `$IPSET -n list`; @@ -1002,14 +1004,17 @@ sub ipset_get_sets () { chomp($set); # Add the set the array of used sets. - push(@ipset_used_sets, $set); + push(@sets, $set); } # Display used sets in debug mode. if($DEBUG) { print "Used ipset sets:\n"; - print "@ipset_used_sets\n\n"; + print "@sets\n\n"; } + + # Return the array of sets. + return @sets; } sub ipset_restore ($) { @@ -1089,6 +1094,9 @@ sub ipset_call_restore ($) { } sub ipset_cleanup () { + # Reload the array of used sets. + @ipset_used_sets = &ipset_get_sets(); + # Loop through the array of used sets. foreach my $set (@ipset_used_sets) { # Check if this set is still in use.