Don't rollback the database when we don't use transactions (they are
useless here, with single select being done to refresh again and again).

Also, don't recycle the cursor, clean it up (it is reportedly better for
the DB).

So the main thread can still answer queries and not get blocked.

Refresh the data from DB every 15 minutes. If it fails, try again next
time.

So we don't access the DB all the time.

Allow changing the size of an IPset. The infrastructure should be able
to handle it now.

Ensure the inet→text conversion in build_fwup_sets.pl doesn't produce
/32 at the end, as ucollect master doesn't handle that.

Don't try to create the IPset if it already exists. It may be of wrong
size (which will be fixed on the refill). Also, recreate IPsets if they
are missing on refill (may be caused by a queue breakage during setup)
and handle leftover temporary sets.

Use sanity instead of assert in the fake plugin

Use a class variable where appropriate instead of overriding it in each
object.

Keep the attackers that drop out of the fake logs still blocked if they
get caught on the firewall. Do so by scanning the firewall logs for
addresses we would like to delete from the filter.

Sanity reports an error to logs, which may help us debug some of the
problems and crashes.

Also, fix result check at getsockname.

So we generate logout before the new login.

Recover from broken DB connection even if it happens in the
__connection.cursor()

Newer uci mandates flags are before commands. Older one doesn't mind
either way.

In case ipset terminates with error, wait with closing the output until
EOF comes. Closing it right away may cause losing error messages.

When the set size needs to be updated, warn about it, as the firewall
definitions need to be updated.

The firewall rules use names ending with _X, the plain ones are the
temporary sets.

These are filled with bare IP addresses for now. We need them for the
same purpose we had net:ip ones, but there needs to be interoperability
with firewall scripts and these use hash:net.

And try to make the chance of reaching the ipset max name length limit
(31 chars) smaller. We actually hit the limit in practice.

Make the timeout for reload of the sets longer. In case there's some
serious problem (like kmod-ipset not loaded), it wouldn't clutter logs
this way, but if it is recoverable, it'd recover after relatively short
time anyway.

Don't set rights on the router_loggedpacket.archived, since the column
is no longer there.

They are related, so put them together. Its just nicer this way, no real
change.

Don't mention the client ID before the ID is known. No functional
change, just logging cleanup.

Update the state field of sets when updates come. While not updating it
was mostly harmless, this optimises out some downloading of data and
some passing of data to kernel. And it was the original intention.

When the set size is being changed, it is not needed to remove the set
from kernel and create it again. And it wouldn't even work in case the
ipset is already linked into the firewall.

Simply reloading the content by swapping with a newly created set is OK.