ipsets: add support for specifying entries

Introduce a new list option "entry" which can be used to specify entries
to add to the ipset, e.g.

    config ipset
      option name test
      ...
      list entry 1.2.3.4,8080
      list entry 5.6.7.8,8081

Also introduce a new option "loadfile" which refers to an external file
containing set entries to add, with one item per line.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

3 files changed, 55 insertions, 1 deletions

diff --git a/ipsets.c b/ipsets.c
index 30c6463..b73c3d2 100644
--- a/ipsets.c
+++ b/ipsets.c
@@ -38,6 +38,9 @@ const struct fw3_option fw3_ipset_opts[] = {
 
 	FW3_OPT("external",      string,         ipset,     external),
 
+	FW3_LIST("entry",        setentry,       ipset,     entries),
+	FW3_OPT("loadfile",      string,         ipset,     loadfile),
+
 	{ }
 };
 
@@ -247,6 +250,7 @@ fw3_alloc_ipset(struct fw3_state *state)
 		return NULL;
 
 	INIT_LIST_HEAD(&ipset->datatypes);
+	INIT_LIST_HEAD(&ipset->entries);
 
 	ipset->enabled = true;
 	ipset->family  = FW3_FAMILY_V4;
@@ -319,10 +323,34 @@ fw3_load_ipsets(struct fw3_state *state, struct uci_package *p,
 
 
 static void
+load_file(struct fw3_ipset *ipset)
+{
+	FILE *f;
+	char line[128];
+
+	if (!ipset->loadfile)
+		return;
+
+	info("   * Loading file %s", ipset->loadfile);
+
+	f = fopen(ipset->loadfile, "r");
+
+	if (!f) {
+		info("     ! Skipping due to open error: %s", strerror(errno));
+		return;
+	}
+
+	while (fgets(line, sizeof(line), f))
+		fw3_pr("add %s %s", ipset->name, line);
+
+	fclose(f);
+}
+
+static void
 create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 {
 	bool first = true;
-
+	struct fw3_setentry *entry;
 	struct fw3_ipset_datatype *type;
 
 	info(" * Creating ipset %s", ipset->name);
@@ -362,6 +390,11 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 		fw3_pr(" hashsize %u", ipset->hashsize);
 
 	fw3_pr("\n");
+
+	list_for_each_entry(entry, &ipset->entries, list)
+		fw3_pr("add %s %s\n", ipset->name, entry->value);
+
+	load_file(ipset);
 }
 
 void
diff --git a/options.c b/options.c
index d990cad..b5d5c02 100644
--- a/options.c
+++ b/options.c
@@ -920,6 +920,17 @@ fw3_parse_cthelper(void *ptr, const char *val, bool is_list)
 	return false;
 }
 
+bool
+fw3_parse_setentry(void *ptr, const char *val, bool is_list)
+{
+	struct fw3_setentry e = { };
+
+	e.value = val;
+	put_value(ptr, &e, sizeof(e), is_list);
+
+	return true;
+}
+
 
 bool
 fw3_parse_options(void *s, const struct fw3_option *opts,
diff --git a/options.h b/options.h
index 2d10801..5b2a769 100644
--- a/options.h
+++ b/options.h
@@ -495,6 +495,9 @@ struct fw3_ipset
 
 	const char *external;
 
+	struct list_head entries;
+	const char *loadfile;
+
 	uint32_t flags[2];
 };
 
@@ -525,6 +528,12 @@ struct fw3_cthelper
 	struct fw3_port port;
 };
 
+struct fw3_setentry
+{
+	struct list_head list;
+	const char *value;
+};
+
 struct fw3_state
 {
 	struct uci_context *uci;
@@ -593,6 +602,7 @@ bool fw3_parse_mark(void *ptr, const char *val, bool is_list);
 bool fw3_parse_setmatch(void *ptr, const char *val, bool is_list);
 bool fw3_parse_direction(void *ptr, const char *val, bool is_list);
 bool fw3_parse_cthelper(void *ptr, const char *val, bool is_list);
+bool fw3_parse_setentry(void *ptr, const char *val, bool is_list);
 
 bool fw3_parse_options(void *s, const struct fw3_option *opts,
                        struct uci_section *section);