Commit 071952b1 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

refactor extra chain formation

parent b82c8837
--[[
Base data model for Alpine Wall
Copyright (C) 2012-2016 Kaarle Ritvanen
Copyright (C) 2012-2017 Kaarle Ritvanen
See LICENSE file for license details
]]--
......@@ -521,29 +521,27 @@ function M.Rule:trules()
end
end
local custom = self:customtarget()
local final = custom or self:target()
local nxt
if combined then
nxt = final
ofrags = combined
else nxt = self:uniqueid('address') end
if combined then ofrags = combined end
tag(ofrags, 'position', self:position())
ofrags = combinations(ofrags, {{target=nxt}})
local addrchain
if not combined then
extend(ofrags, combinations(addrofrags, {{chain=nxt, target=final}}))
addrchain = self:uniqueid('address')
self:settarget(ofrags, addrchain)
extend(ofrags, combinations(addrofrags, {{chain=addrchain}}))
end
local function extofrags(new)
if not custom then extend(ofrags, new)
elseif new[1] then self:error('Custom action not allowed here') end
end
local function bancustom() self:error('Custom action not allowed here') end
local custom = self:customtarget()
extofrags(self:extraoptfrags())
ofrags = self:mangleoptfrags(ofrags)
for _, ofrag in ipairs(ofrags) do
if custom and ofrag.target and ofrag.target ~= addrchain then
bancustom()
end
end
self:settarget(ofrags, custom or self:target())
local tbl = self:table()
......@@ -601,9 +599,10 @@ function M.Rule:trules()
combinations(ofrags, ffilter({{family='inet'}, {family='inet6'}})),
function(r) return self:trulefilter(r) end
)
extofrags(self:extratrules(ofrags))
return ofrags
local extra = self:extratrules(ofrags)
if custom and extra[1] then bancustom() end
return extend(ofrags, extra)
end
function M.Rule:customtarget()
......@@ -615,7 +614,12 @@ function M.Rule:customtarget()
end
end
function M.Rule:extraoptfrags() return {} end
function M.Rule:settarget(ofrags, target)
for _, ofrag in ipairs(ofrags) do setdefault(ofrag, 'target', target) end
return ofrags
end
function M.Rule:mangleoptfrags(ofrags) return ofrags end
function M.Rule:trulefilter(rule) return true end
......
......@@ -156,12 +156,7 @@ end
function LoggingRule:logdefault() return false end
function LoggingRule:actiontarget() return 'ACCEPT' end
function LoggingRule:target()
if self.log then return self:uniqueid('log'..self.action) end
return self:actiontarget()
end
function LoggingRule:target() return 'ACCEPT' end
function LoggingRule:logchain(log, action, target)
if not log then return {}, target end
......@@ -173,10 +168,10 @@ function LoggingRule:logchain(log, action, target)
return combinations({{chain=chain}}, ofrags), chain
end
function LoggingRule:extraoptfrags()
return self.log and
self:logchain(self.log, self.action, self:actiontarget()) or
LoggingRule.super(self):extraoptfrags()
function LoggingRule:mangleoptfrags(ofrags)
if not self.log then return ofrags end
local ofs, chain = self:logchain(self.log, self.action, self:target())
return extend(self:settarget(ofrags, chain), ofs)
end
......@@ -334,7 +329,7 @@ function Filter:logdefault()
return contains({'drop', 'reject', 'tarpit'}, self.action)
end
function Filter:actiontarget()
function Filter:target()
if self.action == 'pass' then return end
if self.action ~= 'accept' and not self:logdefault() then
self:error('Invalid filter action: '..self.action)
......@@ -342,20 +337,17 @@ function Filter:actiontarget()
return self.action == 'tarpit' and 'tarpit' or self.action:upper()
end
function Filter:target()
if self:limit() then return self:uniqueid('limit') end
return Filter.super(self).target()
end
function Filter:extraoptfrags()
function Filter:mangleoptfrags(ofrags)
local limit = self:limit()
if not limit then return Filter.super(self):extraoptfrags() end
if not limit then return Filter.super(self):mangleoptfrags(ofrags) end
if self.action ~= 'accept' then
self:error('Cannot specify limit for '..self.action..' filter')
end
local limitchain = self:uniqueid('limit')
self:settarget(ofrags, limitchain)
local limitlog = self[limit].log
local limitobj = self:create(FilterLimit, self[limit], 'limit')
......@@ -370,9 +362,7 @@ function Filter:extraoptfrags()
limitofs = combinations(uofs, {{target=logch}})
if accept and self.log then extend(limitofs, self.log:optfrags()) end
extend(
limitofs, combinations(sofs, {{target=accept and 'ACCEPT' or nil}})
)
extend(limitofs, combinations(sofs, {{target=accept and 'ACCEPT'}}))
else
if accept then ofs, logch = self:logchain(self.log, 'accept', 'ACCEPT')
......@@ -385,8 +375,8 @@ function Filter:extraoptfrags()
table.insert(limitofs, {target='DROP'})
end
extend(ofs, combinations({{chain=limitchain}}, limitofs))
return ofs
extend(ofrags, ofs)
return extend(ofrags, combinations({{chain=limitchain}}, limitofs))
end
......
--[[
Packet marking module for Alpine Wall
Copyright (C) 2012-2016 Kaarle Ritvanen
Copyright (C) 2012-2017 Kaarle Ritvanen
See LICENSE file for license details
]]--
......@@ -9,7 +9,7 @@ local model = require('awall.model')
local class = model.class
local combinations = require('awall.optfrag').combinations
local list = require('awall.util').list
local util = require('awall.util')
local MarkRule = class(model.Rule)
......@@ -26,24 +26,19 @@ function MarkRule:target() return 'MARK --set-mark '..self.mark end
local RouteTrackRule = class(MarkRule)
function RouteTrackRule:target() return self:uniqueid('mark') end
function RouteTrackRule:servoptfrags()
return combinations(
RouteTrackRule.super(self):servoptfrags(), {{match='-m mark --mark 0'}}
function RouteTrackRule:mangleoptfrags(ofrags)
local markchain = self:uniqueid('mark')
return util.extend(
self:settarget(
combinations(ofrags, {{match='-m mark --mark 0'}}), markchain
),
{{chain=markchain}, {chain=markchain, target='CONNMARK --save-mark'}}
)
end
function RouteTrackRule:extraoptfrags()
return {
{chain=self:target(), target=RouteTrackRule.super(self).target()},
{chain=self:target(), target='CONNMARK --save-mark'}
}
end
local function restoremark(config)
if list(config['route-track'])[1] then
if util.list(config['route-track'])[1] then
return combinations(
{{family='inet'}, {family='inet6'}},
{{chain='OUTPUT'}, {chain='PREROUTING'}},
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment