From 8bdc71ddc20ec5695cc96ab00c62439c10a4aeb0 Mon Sep 17 00:00:00 2001
From: Faiyaz Ahmed <faiyaza@cs.princeton.edu>
Date: Fri, 25 Jul 2008 16:06:43 +0000
Subject: [PATCH] Remove iptables rule modification.  Assume rule exists
 (downloaded from conf_files), and check for IPs in I2 hash.  Add if absent.

---
 python/bwlimit.py | 31 +++++++++++++++----------------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/python/bwlimit.py b/python/bwlimit.py
index 073df7a..6591b83 100644
--- a/python/bwlimit.py
+++ b/python/bwlimit.py
@@ -573,22 +573,21 @@ def exempt_init(group_name, node_ips):
     (burst) cap.
     """
 
-    # Clean up
-    iptables = "/sbin/iptables -t mangle %s POSTROUTING" 
-    run(iptables % "-F")
-    run("/sbin/ipset -X " + group_name)
-
-    # Create a hashed IP set of all of these destinations
-    lines = ["-N %s iphash" % group_name]
-    add_cmd = "-A %s " % group_name
-    lines += [(add_cmd + ip) for ip in node_ips]
-    lines += ["COMMIT"]
-    restore = "\n".join(lines) + "\n"
-    run("/sbin/ipset -R", restore)
-
-    # Add rule to match on destination IP set
-    run((iptables + " -m set --set %s dst -j CLASSIFY --set-class 1:%x") %
-        ("-A", group_name, exempt_minor))
+    # Check of set exists
+    set = run("/sbin/ipset -S " + group_name)
+    if set == None:
+        # Create a hashed IP set of all of these destinations
+        lines = ["-N %s iphash" % group_name]
+        add_cmd = "-A %s " % group_name
+        lines += [(add_cmd + ip) for ip in node_ips]
+        lines += ["COMMIT"]
+        restore = "\n".join(lines) + "\n"
+        run("/sbin/ipset -R", restore)
+    else: # set exists
+        # Check all hosts and add missing.
+        for nodeip in node_ips:
+            if not run("/sbin/ipset -T %s %s" % (group_name, nodeip)):
+               run("/sbin/ipset -A %s %s" % (group_name, nodeip))
 
 
 def usage():
-- 
2.43.0