From 085b27ee8d6563479b9fa85d19322297c5b52e29 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 22 Apr 2023 09:30:14 +0200 Subject: [PATCH] ipset-functions.pl: Improve hashtype detection Cleanup code and allow to detect hashtypes of bitmap:port. Signed-off-by: Stefan Schantl --- config/cfgroot/ipset-functions.pl | 33 +++++++++++++++++++------------ 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/config/cfgroot/ipset-functions.pl b/config/cfgroot/ipset-functions.pl index e4c10b41b3..293f8a8702 100644 --- a/config/cfgroot/ipset-functions.pl +++ b/config/cfgroot/ipset-functions.pl @@ -237,21 +237,28 @@ sub ipset_load_set($@) { sub detect_hashtype (@) { my @data = @_; - # XXX - Currently we only support sets with single addresses and/or networks. - # Improve the detection if neccessary at a later time. + # Currently we only support sets with single addresses, networks and + # ports. Improve the detection if neccessary at a later time. # - # Default to a hashtype of hash:ip for only single addresses. - my $hashtype = "hash:ip"; - - # Use perl grep to check if a "/" could be found in the data. - # In this case the list contains at least one network and we have to use the - # hash:net as hashtype. - if(grep(/\//, @data)) { - # The set contains a network, switching hashtype. - $hashtype = "hash:net"; - } + # Check if the data contains a comma, which is used by the + # multip element sets. + return "Not supported" if(grep(/\,/, @data)); + + # Check if the data contains a slash, which assumes it contains + # at least one network. + return "hash:net" if(grep(/\//, @data)); + + # Check if the data contains dots, which assumes it contains + # IP addresses. + return "hash:ip" if(grep(/\./, @data)); + + # Check if the first data element is nummeric, in this case + # decide it contains only ports. + return "bitmap:port" if( $data[0] =~ /\d+/); - return $hashtype; + # If we got here, no rule matched and we could not determine + # a type for the given data. + return "Not detected"; } # -- 2.39.5