From c5ca01cc269c6a615ba19a7f61be53769c606691 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Sun, 19 Mar 2017 23:30:54 +0200
Subject: main/ipset: optimize init script performance

---
 main/ipset/ipset.initd | 60 +++++++++++++++++++++++++++-----------------------
 1 file changed, 32 insertions(+), 28 deletions(-)

(limited to 'main/ipset/ipset.initd')

diff --git a/main/ipset/ipset.initd b/main/ipset/ipset.initd
index 84b17c2aba..ee1668939b 100644
--- a/main/ipset/ipset.initd
+++ b/main/ipset/ipset.initd
@@ -1,6 +1,6 @@
 #!/sbin/openrc-run
 # Init script for ipset
-# Copyright (C) 2012 Kaarle Ritvanen
+# Copyright (C) 2012-2017 Kaarle Ritvanen
 # Licensed under the terms of the GPL2
 
 description="Manage IP sets in the Linux kernel"
@@ -26,11 +26,15 @@ set_file() {
 }
 
 set_exists() {
-	$IPSET save $1 &> /dev/null
+	$IPSET -n list $1 &> /dev/null
+}
+
+set_lists() {
+	$IPSET save | sed "s/^create \\([^ ]\\+\\) list:set.*/\\1/;ta;d;:a"
 }
 
 sets() {
-	$IPSET save | sed "s/^create \\([^ ]\\+\\) ${1:+$1 }.*/\\1/;ta;d;:a"
+	$IPSET -n list
 }
 
 
@@ -45,7 +49,7 @@ start() {
 stop() {
 	ebegin "Flushing firewall IP sets"
 
-	for name in $(sets list:set); do
+	for name in $(set_lists); do
 		ipset destroy $name
 	done
 
@@ -81,35 +85,35 @@ save() {
 reload() {
 	ebegin "Loading firewall IP sets"
 
-	local swap=
-	for name in $(set_files); do
-		local new=$name
-		if set_exists $name; then
-			new=_init_$name
-			swap="$swap $name"
-		fi
-		ipset create $new $(set_file $name | head -n 1)
-	done
+	(
+		local swap=
+		for name in $(set_files); do
+			local new=$name
+			if set_exists $name; then
+				new=_init_$name
+				swap="$swap $name"
+			fi
+			echo create $new $(set_file $name | head -n 1)
+		done
 
-	for name in $(set_files); do
-		local new=$name
-		set_exists _init_$name && new=_init_$name
-		set_file $name | tail -n +2 | while read m; do
-			ipset add $new $m
+		for name in $(set_files); do
+			local new=$name
+			set_exists _init_$name && new=_init_$name
+			set_file $name | sed "1d;s/^/add $new /"
 		done
-	done
 
-	for name in $swap; do
-		ipset swap $name _init_$name
-	done
+		for name in $swap; do
+			echo swap $name _init_$name
+		done
 
-	for name in $(sets list:set); do
-		[ -f $DIR/$name ] || ipset destroy $name
-	done
+		for name in $(set_lists); do
+			[ -f $DIR/$name ] || echo destroy $name
+		done
 
-	for name in $(sets); do
-		[ -f $DIR/$name ] || ipset destroy $name
-	done
+		for name in $(sets); do
+			[ -f $DIR/$name ] || echo destroy $name
+		done
+	) | ipset restore
 
 	eend $STATUS
 }
-- 
cgit v1.2.3