From: Justin Wind <justin.wind+git@gmail.com>
Date: Fri, 10 Feb 2017 22:22:13 +0000 (-0500)
Subject: ipset updates now happen in bulk
X-Git-Url: http://git.squeep.com/?p=firewall-squeep;a=commitdiff_plain;h=ca9917bf7fa7dc4b801385240cb8428ecde8608b

ipset updates now happen in bulk
---

diff --git a/common.sh b/common.sh
index 312ecdb..b3bcda8 100644
--- a/common.sh
+++ b/common.sh
@@ -19,7 +19,7 @@ die(){
 }
 
 function decommentcat(){
-	sed 's/\s*#.*$//;/^\s*$/d' "$@"
+	cat "$@" | sed 's/\s*#.*$//;/^\s*$/d'
 }
 
 function create_set(){
@@ -78,7 +78,40 @@ function insert_setmatch_rules(){
 	done
 }
 
+# try to recreate sets faster than one-at-a-time by generating restore rules
+function ipset_restore_from_cidr(){
+	local vmatch
+	local set_name="$1"
+
+	for v in '' '6'
+	do
+		case "$v" in
+		6) vmatch=':';;
+		*) vmatch='\.';;
+		esac
+		# extract existing set configuration to create temporary set
+		(set -o pipefail; $IPSET save "${set_name}${v}" 2>/dev/null | grep -m 1 '^create ' | sed "s/\(create ${set_name}${v}\)/\1-tmp/") || continue
+		# populate with new data
+		decommentcat "${set_name}.cidr" "${set_name}.cidr.$(hostname -s)" 2>/dev/null | sed -n 's/\(.*'"${vmatch}"'.*\)/add '"${set_name}${v}-tmp"' \1/p'
+	done
+}
+
 function reload_cidr_sets(){
+	local v n
+	local set_name="$1"
+
+	ipset_restore_from_cidr "${set_name}" | ipset restore
+        for v in '' 6
+        do
+                n="${set_name}${v}"
+                $IPSET swap "${n}-tmp" "${n}"
+                $IPSET destroy "${n}-tmp"
+                $IPSET list -t "${n}"
+        done
+}
+
+function _old_reload_cidr_sets(){
+	local sfx n s v
 	local set_name="$1"
 	shift