From 56fa6bd78acf916793631e1bd15996210c23d3c7 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 19 Jul 2014 10:22:12 -0700
Subject: [PATCH] Revert "Correct ipset detection on later kernels."

This reverts commit b207f64a85f22a1e9aebdf7133db62f8cd167ee5.
---
 Shorewall/Perl/Shorewall/Config.pm | 34 +++++++-----------------------
 1 file changed, 8 insertions(+), 26 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 6b9494fb6..b257100db 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -4109,7 +4109,7 @@ sub Old_IPSet_Match() {
 sub IPSet_Match() {
     my $ipset  = $config{IPSET} || 'ipset';
     my $result = 0;
-    my $have_ipset;
+    my $fam    = $family == F_IPV4 ? 'inet' : 'inet6';
 
     $ipset = which $ipset unless $ipset =~ '/';
 
@@ -4118,36 +4118,18 @@ sub IPSet_Match() {
     if ( $ipset && -x $ipset ) {
 	qt( "$ipset -X $sillyname" );
 
-	if ( $family == F_IPV4 ) {
-	    if ( qt("$ipset -N $sillyname hash:ip family inet") ) {
-		$capabilities{IPSET_V5} = 1;
-		$have_ipset = 1;
-	    } elsif ( qt( "ipset -N $sillyname iphash" ) ) {
-		$have_ipset = 1;
-	    }
-
-	    if ( $have_ipset ) {
-		if ( qt1( "$iptables $iptablesw -A $sillyname -m set --match-set $sillyname src -j ACCEPT" ) ) {
-		    $capabilities{IPSET_MATCH_NOMATCH}  = qt1( "$iptables $iptablesw -A $sillyname -m set --match-set $sillyname src --return-nomatch -j ACCEPT" );
-		    $capabilities{IPSET_MATCH_COUNTERS} = qt1( "$iptables $iptablesw -A $sillyname -m set --match-set $sillyname src --packets-lt 100 -j ACCEPT" );
-		    qt1( "$iptables $iptablesw -F $sillyname" );
-		    $result = ! ( $capabilities{OLD_IPSET_MATCH} = 0 );
-		} elsif ( qt1( "iptables $iptablesw -A $sillyname -m set --set $sillyname src -j ACCEPT" ) ) {
-		    qt1( "$iptables $iptablesw -F $sillyname" );
-		    $result = ! ( $capabilities{OLD_IPSET_MATCH} = 0 );
-		}
-
-		qt( "$ipset -X $sillyname" );
-	    }
-	} elsif ( qt( "$ipset -N $sillyname hash:ip family inet6" ) ) {
-	    $capabilities{IPSET_V5} = 1;
+	if ( qt( "$ipset -N $sillyname iphash" ) || qt( "$ipset -N $sillyname hash:ip family $fam") ) {
 	    if ( qt1( "$iptables $iptablesw -A $sillyname -m set --match-set $sillyname src -j ACCEPT" ) ) {
+		$capabilities{IPSET_MATCH_NOMATCH}  = qt1( "$iptables $iptablesw -A $sillyname -m set --match-set $sillyname src --return-nomatch -j ACCEPT" );
+		$capabilities{IPSET_MATCH_COUNTERS} = qt1( "$iptables $iptablesw -A $sillyname -m set --match-set $sillyname src --packets-lt 100 -j ACCEPT" );
 		qt1( "$iptables $iptablesw -F $sillyname" );
 		$result = ! ( $capabilities{OLD_IPSET_MATCH} = 0 );
+	    } else {
+		$result = have_capability 'OLD_IPSET_MATCH';
 	    }
-	}
 
-	qt( "$ipset -X $sillyname" );
+	    qt( "$ipset -X $sillyname" );
+	}
     }
 
     $result;