Commit 6ab14ed7 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen
Browse files

filter-specific subclass of Limit

parent 61baa344
...@@ -31,9 +31,6 @@ local setdefault = util.setdefault ...@@ -31,9 +31,6 @@ local setdefault = util.setdefault
local startswith = require('stringy').startswith local startswith = require('stringy').startswith
local RECENT_MAX_COUNT = 20
M.ConfigObject = M.class() M.ConfigObject = M.class()
function M.ConfigObject:init(context, location) function M.ConfigObject:init(context, location)
...@@ -597,65 +594,6 @@ end ...@@ -597,65 +594,6 @@ end
function M.Limit:rate() return math.ceil(self.count / self.interval) end function M.Limit:rate() return math.ceil(self.count / self.interval) end
function M.Limit:recentofrags(name)
local count = self.count
local interval = self.interval
if count > RECENT_MAX_COUNT then
count = self:rate()
interval = 1
end
if count > RECENT_MAX_COUNT then return end
local uofs = {}
local sofs = {}
for _, family in ipairs{'inet', 'inet6'} do
if type(self.mask[family].mode) ~= 'table' then return end
local mask = ''
local attr, len = unpack(self.mask[family].mode)
if family == 'inet' then
local octet
for i = 0, 3 do
if len <= i * 8 then octet = 0
elseif len > i * 8 + 7 then octet = 255
else octet = 256 - 2^(8 - len % 8) end
mask = util.join(mask, '.', octet)
end
elseif family == 'inet6' then
while len > 0 do
if #mask % 5 == 4 then mask = mask..':' end
mask = mask..('%x'):format(16 - 2^math.max(0, 4 - len))
len = len - 4
end
while #mask % 5 < 4 do mask = mask..'0' end
if #mask < 39 then mask = mask..'::' end
end
local rec = {
{
family=family,
opts='-m recent --name '..name..' --r'..
({src='source', dest='dest'})[attr]..' --mask '..mask
}
}
extend(
uofs,
combinations(
rec,
{{opts='--update --hitcount '..count..' --seconds '..interval}}
)
)
extend(sofs, combinations(rec, {{opts='--set'}}))
end
return uofs, sofs
end
function M.Limit:limitofrags(name) function M.Limit:limitofrags(name)
local rate = self:rate() local rate = self:rate()
local ofrags = {} local ofrags = {}
......
...@@ -20,6 +20,70 @@ local extend = util.extend ...@@ -20,6 +20,70 @@ local extend = util.extend
local listpairs = util.listpairs local listpairs = util.listpairs
local RECENT_MAX_COUNT = 20
local FilterLimit = class(model.Limit)
function FilterLimit:recentofrags(name)
local count = self.count
local interval = self.interval
if count > RECENT_MAX_COUNT then
count = self:rate()
interval = 1
end
if count > RECENT_MAX_COUNT then return end
local uofs = {}
local sofs = {}
for _, family in ipairs{'inet', 'inet6'} do
if type(self.mask[family].mode) ~= 'table' then return end
local mask = ''
local attr, len = unpack(self.mask[family].mode)
if family == 'inet' then
local octet
for i = 0, 3 do
if len <= i * 8 then octet = 0
elseif len > i * 8 + 7 then octet = 255
else octet = 256 - 2^(8 - len % 8) end
mask = util.join(mask, '.', octet)
end
elseif family == 'inet6' then
while len > 0 do
if #mask % 5 == 4 then mask = mask..':' end
mask = mask..('%x'):format(16 - 2^math.max(0, 4 - len))
len = len - 4
end
while #mask % 5 < 4 do mask = mask..'0' end
if #mask < 39 then mask = mask..'::' end
end
local rec = {
{
family=family,
opts='-m recent --name '..name..' --r'..
({src='source', dest='dest'})[attr]..' --mask '..mask
}
}
extend(
uofs,
combinations(
rec,
{{opts='--update --hitcount '..count..' --seconds '..interval}}
)
)
extend(sofs, combinations(rec, {{opts='--set'}}))
end
return uofs, sofs
end
local TranslatingRule = class(Rule) local TranslatingRule = class(Rule)
function TranslatingRule:destoptfrags() function TranslatingRule:destoptfrags()
...@@ -238,7 +302,7 @@ function Filter:extraoptfrags() ...@@ -238,7 +302,7 @@ function Filter:extraoptfrags()
local limitchain = self:uniqueid('limit') local limitchain = self:uniqueid('limit')
local limitlog = self[limit].log local limitlog = self[limit].log
local limitobj = self:create(model.Limit, self[limit], 'limit') local limitobj = self:create(FilterLimit, self[limit], 'limit')
local ofrags = {} local ofrags = {}
local logch, limitofs local logch, limitofs
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment