[fwbuilder-commits] r3158 - in branches/v4_1: . doc src/res/configlets/linux24 src/res/help/en_US

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Author: vadim
Date: 2010-07-26 18:14:04 -0700 (Mon, 26 Jul 2010)
New Revision: 3158

Modified:
   branches/v4_1/build_num
   branches/v4_1/doc/ChangeLog
   branches/v4_1/src/res/configlets/linux24/run_time_address_tables
   branches/v4_1/src/res/help/en_US/release_notes_4.1.0.html
Log:
implemented support for mixed address lists for run-time address table objects with ipset module

Modified: branches/v4_1/build_num
===================================================================

--- branches/v4_1/build_num	2010-07-26 19:54:27 UTC (rev 3157)
+++ branches/v4_1/build_num	2010-07-27 01:14:04 UTC (rev 3158)
@@ -1 +1 @@
-#define BUILD_NUM 3153
+#define BUILD_NUM 3157

Modified: branches/v4_1/doc/ChangeLog
===================================================================
--- branches/v4_1/doc/ChangeLog	2010-07-26 19:54:27 UTC (rev 3157)
+++ branches/v4_1/doc/ChangeLog	2010-07-27 01:14:04 UTC (rev 3158)
@@ -1,3 +1,17 @@
+2010-07-26  Vadim Kurland  <va...@vk...>
+
+	* configlets/linux24/run_time_address_tables: implemented support
+	for mixed address lists for run-time address table objects using
+	ipset module. Normally, one ipset set can either contain
+	individual ip addresses or subnets. We create a "setlist" type set
+	that includes two sub-sets, one for ip addresses and the other for
+	subnets. Function reload_ipset in the configlet
+	run_time_address_tables takes care of managing these three sets
+	automatically. Address list file has the same format as for all
+	other supported types of Address Table object: one address per
+	line, subnets are defined using '/bitlength' or '/netmask' syntax,
+	comments start with '#' or ';' character.
+
 2010-07-24  Vadim Kurland  <va...@vk...>
 
 	* code cleanup. Removed bunch of warnings and cleaned up some test

Modified: branches/v4_1/src/res/configlets/linux24/run_time_address_tables
===================================================================
--- branches/v4_1/src/res/configlets/linux24/run_time_address_tables	2010-07-26 19:54:27 UTC (rev 3157)
+++ branches/v4_1/src/res/configlets/linux24/run_time_address_tables	2010-07-27 01:14:04 UTC (rev 3158)
@@ -52,15 +52,42 @@
         exit 1
     }
 
-    set_type="iphash"
-    grep -q "/" $data_file && set_type="nethash"
+    $IPSET -X tmp_fwb_set:ip -q
+    $IPSET -X tmp_fwb_set:net -q
 
-    $IPSET -N tmp_fwb_set $set_type
+    $IPSET -N tmp_fwb_set:ip  iphash
+    $IPSET -N tmp_fwb_set:net nethash
+
     grep -Ev '^#|^;|^\s*$' $data_file | while read L ; do
-        set $L; $IPSET -A tmp_fwb_set $1
+        set $L
+        addr=$1
+        echo $addr | grep -q "/" && {
+            $IPSET -A tmp_fwb_set:net $1
+        } || {
+            $IPSET -A tmp_fwb_set:ip $1
+        }
     done
-    $IPSET -W $set_name tmp_fwb_set
-    $IPSET -X tmp_fwb_set
+
+    $IPSET --list ${set_name}:ip >/dev/null || $IPSET -N ${set_name}:ip iphash
+    $IPSET --list ${set_name}:net >/dev/null || $IPSET -N ${set_name}:net nethash
+
+    $IPSET -W ${set_name}:ip tmp_fwb_set:ip
+    $IPSET -W ${set_name}:net tmp_fwb_set:net
+
+    $IPSET --list ${set_name} >/dev/null || {
+        $IPSET -N ${set_name} setlist
+    }
+
+    $IPSET --list ${set_name} | grep -q ${set_name}:ip || {
+        $IPSET -A ${set_name} ${set_name}:ip
+    }
+
+    $IPSET --list ${set_name} | grep -q ${set_name}:net || {
+        $IPSET -A ${set_name} ${set_name}:net
+    }
+
+    $IPSET -X tmp_fwb_set:ip
+    $IPSET -X tmp_fwb_set:net
 }
 
 load_run_time_address_table_files() {

Modified: branches/v4_1/src/res/help/en_US/release_notes_4.1.0.html
===================================================================
--- branches/v4_1/src/res/help/en_US/release_notes_4.1.0.html	2010-07-26 19:54:27 UTC (rev 3157)
+++ branches/v4_1/src/res/help/en_US/release_notes_4.1.0.html	2010-07-27 01:14:04 UTC (rev 3158)
@@ -542,6 +542,21 @@
     </p>
   </li>
 
+  <li>
+    <p>
+      Implemented support for mixed address lists for run-time address
+      table objects using ipset module. Normally, one ipset set can
+      either contain individual ip addresses or subnets. We create a
+      "setlist" type set that includes two sub-sets, one for ip
+      addresses and the other for subnets. Function reload_ipset in
+      the configlet run_time_address_tables takes care of managing
+      these three sets automatically. Address list file has the same
+      format as for all other supported types of Address Table object:
+      one address per line, subnets are defined using '/bitlength' or
+      '/netmask' syntax, comments start with '#' or ';' character.
+    </p>
+  </li>
+
 </ul>
 
 



