global variables eliminated

(except for the DNS resolution cache) context, IPTables, and IPSet objects introduced

global variables eliminated
(except for the DNS resolution cache) context, IPTables, and IPSet objects introduced
2a788938 · Kaarle Ritvanen · 4bfc8d8b · 2a788938 · 2a788938 · 2a788938
Commit 2a788938 authored Mar 22, 2012 by Kaarle Ritvanen
Hide whitespace changes
Inline Side-by-side

Showing with 60 additions and 41 deletions

awall/init.lua awall/init.lua +16 -11

awall/ipset.lua awall/ipset.lua +15 -8

awall/iptables.lua awall/iptables.lua +16 -11

awall/model.lua awall/model.lua +13 -11

No files found.
--- a/awall/init.lua
+++ b/awall/init.lua
@@ -36,9 +36,9 @@ end
 local function readconfig()
-   config = {}
+   local config = {}
-   awall.model.reset()
+   local iptables = awall.iptables.new()
-   awall.iptables.reset()
+   local context = {input=config, iptables=iptables}
   for i, dir in ipairs(confdirs) do
      local fnames = {}
@@ -93,7 +93,7 @@ local function readconfig()
   function insertrule(trule)
-      local t = awall.iptables.config[trule.family][trule.table][trule.chain]
+      local t = iptables.config[trule.family][trule.table][trule.chain]
      if trule.position == 'prepend' then
 	 table.insert(t, 1, trule.opts)
      else
@@ -106,7 +106,8 @@ local function readconfig()
   for i, mod in ipairs(modules) do
      for path, cls in pairs(mod.classmap) do
 	 if config[path] then	    
-	    awall.util.map(config[path], cls.morph)
+	    awall.util.map(config[path],
+			   function(obj) return cls.morph(obj, context) end)
 	    table.insert(locations, config[path])
 	 end
      end
@@ -120,16 +121,20 @@ local function readconfig()
 	 for i, trule in ipairs(rule:trules()) do insertrule(trule) end
      end
   end
+   context.ipset = awall.ipset.new(config.ipset)
+   return context
 end
 function dump()
-   readconfig()
+   local context = readconfig()
-   awall.ipset.dump(ipsfile)
+   context.ipset:dump(ipsfile)
-   awall.iptables.dump(iptdir)
+   context.iptables:dump(iptdir)
 end
 function test()
-   readconfig()
+   local context = readconfig()
-   awall.ipset.create()
+   context.ipset:create()
-   awall.iptables.test()
+   context.iptables:test()
 end
--- a/awall/ipset.lua
+++ b/awall/ipset.lua
@@ -7,11 +7,18 @@ Licensed under the terms of GPL2
 module(..., package.seeall)
-local function commands()
+local IPSet = {}
-   local config = awall.config
+function new(config)
+   local res = {config=config}
+   setmetatable(res, {__index=IPSet})
+   return res
+end
+function IPSet:commands()
   local res = {}
-   if config.ipset then
+   if self.config then
-      for name, params in pairs(config.ipset) do
+      for name, params in pairs(self.config) do
 	 if not params.type then error('Type not defined for set '..name) end
 	 local line = 'create '..name..' '..params.type
 	 if params.family then line = line..' family '..params.family end
@@ -21,8 +28,8 @@ local function commands()
   return res
 end
-function create()
+function IPSet:create()
-   for i, line in ipairs(commands()) do
+   for i, line in ipairs(self:commands()) do
      local pid, stdin = lpc.run('ipset', '-!', 'restore')
      stdin:write(line)
      stdin:close()
@@ -32,8 +39,8 @@ function create()
   end
 end
-function dump(ipsfile)
+function IPSet:dump(ipsfile)
   local file = io.output(ipsfile)
-   for i, line in ipairs(commands()) do file:write(line) end
+   for i, line in ipairs(self:commands()) do file:write(line) end
   file:close()
 end
--- a/awall/iptables.lua
+++ b/awall/iptables.lua
@@ -18,20 +18,25 @@ local families = {inet={cmd='iptables-restore', file='rules-save'},
 local builtin = {'INPUT', 'FORWARD', 'OUTPUT',
 		 'PREROUTING', 'POSTROUTING'}
-function reset()
+local IPTables = {}
-   config = {}
+function new()
+   local config = {}
   setmetatable(config,
 		{__index=function(t, k)
 			    t[k] = {}
 			    setmetatable(t[k], getmetatable(t))
 			    return t[k]
 			 end})
+   local res = {config=config}
+   setmetatable(res, {__index=IPTables})
+   return res
 end
-reset()
-local function dumpfile(family, iptfile)
+function IPTables:dumpfile(family, iptfile)
   iptfile:write('# '..families[family].file..' generated by awall\n')
-   for tbl, chains in pairs(config[family]) do
+   for tbl, chains in pairs(self.config[family]) do
      iptfile:write('*'..tbl..'\n')
      for chain, rules in pairs(chains) do
 	 iptfile:write(':'..chain..' '..(contains(builtin, chain) and
@@ -46,17 +51,17 @@ local function dumpfile(family, iptfile)
   end
 end
-function test()
+function IPTables:test()
-   for family, tbls in pairs(config) do
+   for family, tbls in pairs(self.config) do
      local pid, stdin = lpc.run(families[family].cmd, '-t')
-      dumpfile(family, stdin)
+      self:dumpfile(family, stdin)
      stdin:close()
      assert(lpc.wait(pid) == 0)
   end
 end
-function dump(dir)
+function IPTables:dump(dir)
-   for family, tbls in pairs(config) do
+   for family, tbls in pairs(self.config) do
-      dumpfile(family, io.output(dir..'/'..families[family].file))
+      self:dumpfile(family, io.output(dir..'/'..families[family].file))
   end
 end
--- a/awall/model.lua
+++ b/awall/model.lua
@@ -28,8 +28,14 @@ function class(base)
      return inst
   end
-   function cls:morph()
+   function cls:morph(context)
      setmetatable(self, mt)
+      if context then
+	 self.context = context
+	 self.root = context.input
+      end
      self:init()
   end
@@ -78,13 +84,11 @@ Rule = class(Object)
 function Rule:init()
-   local config = awall.config
   for i, prop in ipairs({'in', 'out'}) do
      self[prop] = self[prop] and util.maplist(self[prop],
 					       function(z)
 						  return z == '_fw' and fwzone or
-						     config.zone[z] or
+						     self.root.zone[z] or
 						     error('Invalid zone: '..z)
 					       end) or self:defaultzones()
   end
@@ -93,7 +97,7 @@ function Rule:init()
      if type(self.service) == 'string' then self.label = self.service end
      self.service = util.maplist(self.service,
 				  function(s)
-				     return config.service[s] or error('Invalid service: '..s)
+				     return self.root.service[s] or error('Invalid service: '..s)
 				  end)
   end
 end
@@ -280,7 +284,7 @@ function Rule:trules()
      for i, ipset in util.listpairs(self.ipset) do
 	 if not ipset.name then error('Set name not defined') end
-	 local setdef = awall.config.ipset and awall.config.ipset[ipset.name]
+	 local setdef = self.root.ipset and self.root.ipset[ipset.name]
 	 if not setdef then error('Invalid set name') end
 	 if not ipset.args then
@@ -352,18 +356,16 @@ end
 function Rule:extraoptfrags() return {} end
-local lastid = {}
 function Rule:newchain(base)
+   if not self.context.lastid then self.context.lastid = {} end
+   local lastid = self.context.lastid
   if self.label then base = base..'-'..self.label end
   if not lastid[base] then lastid[base] = -1 end
   lastid[base] = lastid[base] + 1
   return base..'-'..lastid[base]
 end
-function reset()
-   lastid = {}
-end
 classmap = {zone=Zone}