ipset updates now happen in bulk

diff --git a/common.sh b/common.sh
index 312ecdb0c75e10ce793857cd92c41484615f1264..b3bcda876348f8c4b3b25ec2129ebea0063d1171 100644 (file)
--- a/common.sh
+++ b/common.sh
@@ -19,7 +19,7 @@ die(){
 }
 
 function decommentcat(){
 }
 
 function decommentcat(){

-       sed 's/\s*#.*$//;/^\s*$/d' "$@"
+       cat "$@" | sed 's/\s*#.*$//;/^\s*$/d'

 }
 
 function create_set(){
 }
 
 function create_set(){


@@ -78,7 +78,40 @@ function insert_setmatch_rules(){
        done
 }
 
        done
 }
 

+# try to recreate sets faster than one-at-a-time by generating restore rules
+function ipset_restore_from_cidr(){
+       local vmatch
+       local set_name="$1"
+
+       for v in '' '6'
+       do
+               case "$v" in
+               6) vmatch=':';;
+               *) vmatch='\.';;
+               esac
+               # extract existing set configuration to create temporary set
+               (set -o pipefail; $IPSET save "${set_name}${v}" 2>/dev/null | grep -m 1 '^create ' | sed "s/\(create ${set_name}${v}\)/\1-tmp/") || continue
+               # populate with new data
+               decommentcat "${set_name}.cidr" "${set_name}.cidr.$(hostname -s)" 2>/dev/null | sed -n 's/\(.*'"${vmatch}"'.*\)/add '"${set_name}${v}-tmp"' \1/p'
+       done
+}
+

 function reload_cidr_sets(){
 function reload_cidr_sets(){

+       local v n
+       local set_name="$1"
+
+       ipset_restore_from_cidr "${set_name}" | ipset restore
+        for v in '' 6
+        do
+                n="${set_name}${v}"
+                $IPSET swap "${n}-tmp" "${n}"
+                $IPSET destroy "${n}-tmp"
+                $IPSET list -t "${n}"
+        done
+}
+
+function _old_reload_cidr_sets(){
+       local sfx n s v

        local set_name="$1"
        shift
 
        local set_name="$1"
        shift