Commit 071952b1 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

refactor extra chain formation

parent b82c8837
--[[ --[[
Base data model for Alpine Wall Base data model for Alpine Wall
Copyright (C) 2012-2016 Kaarle Ritvanen Copyright (C) 2012-2017 Kaarle Ritvanen
See LICENSE file for license details See LICENSE file for license details
]]-- ]]--
...@@ -521,29 +521,27 @@ function M.Rule:trules() ...@@ -521,29 +521,27 @@ function M.Rule:trules()
end end
end end
local custom = self:customtarget() if combined then ofrags = combined end
local final = custom or self:target()
local nxt
if combined then
nxt = final
ofrags = combined
else nxt = self:uniqueid('address') end
tag(ofrags, 'position', self:position()) tag(ofrags, 'position', self:position())
ofrags = combinations(ofrags, {{target=nxt}}) local addrchain
if not combined then if not combined then
extend(ofrags, combinations(addrofrags, {{chain=nxt, target=final}})) addrchain = self:uniqueid('address')
self:settarget(ofrags, addrchain)
extend(ofrags, combinations(addrofrags, {{chain=addrchain}}))
end end
local function extofrags(new) local function bancustom() self:error('Custom action not allowed here') end
if not custom then extend(ofrags, new) local custom = self:customtarget()
elseif new[1] then self:error('Custom action not allowed here') end
end
extofrags(self:extraoptfrags()) ofrags = self:mangleoptfrags(ofrags)
for _, ofrag in ipairs(ofrags) do
if custom and ofrag.target and ofrag.target ~= addrchain then
bancustom()
end
end
self:settarget(ofrags, custom or self:target())
local tbl = self:table() local tbl = self:table()
...@@ -601,9 +599,10 @@ function M.Rule:trules() ...@@ -601,9 +599,10 @@ function M.Rule:trules()
combinations(ofrags, ffilter({{family='inet'}, {family='inet6'}})), combinations(ofrags, ffilter({{family='inet'}, {family='inet6'}})),
function(r) return self:trulefilter(r) end function(r) return self:trulefilter(r) end
) )
extofrags(self:extratrules(ofrags))
return ofrags local extra = self:extratrules(ofrags)
if custom and extra[1] then bancustom() end
return extend(ofrags, extra)
end end
function M.Rule:customtarget() function M.Rule:customtarget()
...@@ -615,7 +614,12 @@ function M.Rule:customtarget() ...@@ -615,7 +614,12 @@ function M.Rule:customtarget()
end end
end end
function M.Rule:extraoptfrags() return {} end function M.Rule:settarget(ofrags, target)
for _, ofrag in ipairs(ofrags) do setdefault(ofrag, 'target', target) end
return ofrags
end
function M.Rule:mangleoptfrags(ofrags) return ofrags end
function M.Rule:trulefilter(rule) return true end function M.Rule:trulefilter(rule) return true end
......
...@@ -156,12 +156,7 @@ end ...@@ -156,12 +156,7 @@ end
function LoggingRule:logdefault() return false end function LoggingRule:logdefault() return false end
function LoggingRule:actiontarget() return 'ACCEPT' end function LoggingRule:target() return 'ACCEPT' end
function LoggingRule:target()
if self.log then return self:uniqueid('log'..self.action) end
return self:actiontarget()
end
function LoggingRule:logchain(log, action, target) function LoggingRule:logchain(log, action, target)
if not log then return {}, target end if not log then return {}, target end
...@@ -173,10 +168,10 @@ function LoggingRule:logchain(log, action, target) ...@@ -173,10 +168,10 @@ function LoggingRule:logchain(log, action, target)
return combinations({{chain=chain}}, ofrags), chain return combinations({{chain=chain}}, ofrags), chain
end end
function LoggingRule:extraoptfrags() function LoggingRule:mangleoptfrags(ofrags)
return self.log and if not self.log then return ofrags end
self:logchain(self.log, self.action, self:actiontarget()) or local ofs, chain = self:logchain(self.log, self.action, self:target())
LoggingRule.super(self):extraoptfrags() return extend(self:settarget(ofrags, chain), ofs)
end end
...@@ -334,7 +329,7 @@ function Filter:logdefault() ...@@ -334,7 +329,7 @@ function Filter:logdefault()
return contains({'drop', 'reject', 'tarpit'}, self.action) return contains({'drop', 'reject', 'tarpit'}, self.action)
end end
function Filter:actiontarget() function Filter:target()
if self.action == 'pass' then return end if self.action == 'pass' then return end
if self.action ~= 'accept' and not self:logdefault() then if self.action ~= 'accept' and not self:logdefault() then
self:error('Invalid filter action: '..self.action) self:error('Invalid filter action: '..self.action)
...@@ -342,20 +337,17 @@ function Filter:actiontarget() ...@@ -342,20 +337,17 @@ function Filter:actiontarget()
return self.action == 'tarpit' and 'tarpit' or self.action:upper() return self.action == 'tarpit' and 'tarpit' or self.action:upper()
end end
function Filter:target() function Filter:mangleoptfrags(ofrags)
if self:limit() then return self:uniqueid('limit') end
return Filter.super(self).target()
end
function Filter:extraoptfrags()
local limit = self:limit() local limit = self:limit()
if not limit then return Filter.super(self):extraoptfrags() end if not limit then return Filter.super(self):mangleoptfrags(ofrags) end
if self.action ~= 'accept' then if self.action ~= 'accept' then
self:error('Cannot specify limit for '..self.action..' filter') self:error('Cannot specify limit for '..self.action..' filter')
end end
local limitchain = self:uniqueid('limit') local limitchain = self:uniqueid('limit')
self:settarget(ofrags, limitchain)
local limitlog = self[limit].log local limitlog = self[limit].log
local limitobj = self:create(FilterLimit, self[limit], 'limit') local limitobj = self:create(FilterLimit, self[limit], 'limit')
...@@ -370,9 +362,7 @@ function Filter:extraoptfrags() ...@@ -370,9 +362,7 @@ function Filter:extraoptfrags()
limitofs = combinations(uofs, {{target=logch}}) limitofs = combinations(uofs, {{target=logch}})
if accept and self.log then extend(limitofs, self.log:optfrags()) end if accept and self.log then extend(limitofs, self.log:optfrags()) end
extend( extend(limitofs, combinations(sofs, {{target=accept and 'ACCEPT'}}))
limitofs, combinations(sofs, {{target=accept and 'ACCEPT' or nil}})
)
else else
if accept then ofs, logch = self:logchain(self.log, 'accept', 'ACCEPT') if accept then ofs, logch = self:logchain(self.log, 'accept', 'ACCEPT')
...@@ -385,8 +375,8 @@ function Filter:extraoptfrags() ...@@ -385,8 +375,8 @@ function Filter:extraoptfrags()
table.insert(limitofs, {target='DROP'}) table.insert(limitofs, {target='DROP'})
end end
extend(ofs, combinations({{chain=limitchain}}, limitofs)) extend(ofrags, ofs)
return ofs return extend(ofrags, combinations({{chain=limitchain}}, limitofs))
end end
......
--[[ --[[
Packet marking module for Alpine Wall Packet marking module for Alpine Wall
Copyright (C) 2012-2016 Kaarle Ritvanen Copyright (C) 2012-2017 Kaarle Ritvanen
See LICENSE file for license details See LICENSE file for license details
]]-- ]]--
...@@ -9,7 +9,7 @@ local model = require('awall.model') ...@@ -9,7 +9,7 @@ local model = require('awall.model')
local class = model.class local class = model.class
local combinations = require('awall.optfrag').combinations local combinations = require('awall.optfrag').combinations
local list = require('awall.util').list local util = require('awall.util')
local MarkRule = class(model.Rule) local MarkRule = class(model.Rule)
...@@ -26,24 +26,19 @@ function MarkRule:target() return 'MARK --set-mark '..self.mark end ...@@ -26,24 +26,19 @@ function MarkRule:target() return 'MARK --set-mark '..self.mark end
local RouteTrackRule = class(MarkRule) local RouteTrackRule = class(MarkRule)
function RouteTrackRule:target() return self:uniqueid('mark') end function RouteTrackRule:mangleoptfrags(ofrags)
local markchain = self:uniqueid('mark')
function RouteTrackRule:servoptfrags() return util.extend(
return combinations( self:settarget(
RouteTrackRule.super(self):servoptfrags(), {{match='-m mark --mark 0'}} combinations(ofrags, {{match='-m mark --mark 0'}}), markchain
),
{{chain=markchain}, {chain=markchain, target='CONNMARK --save-mark'}}
) )
end end
function RouteTrackRule:extraoptfrags()
return {
{chain=self:target(), target=RouteTrackRule.super(self).target()},
{chain=self:target(), target='CONNMARK --save-mark'}
}
end
local function restoremark(config) local function restoremark(config)
if list(config['route-track'])[1] then if util.list(config['route-track'])[1] then
return combinations( return combinations(
{{family='inet'}, {family='inet6'}}, {{family='inet'}, {family='inet6'}},
{{chain='OUTPUT'}, {chain='PREROUTING'}}, {{chain='OUTPUT'}, {chain='PREROUTING'}},
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment