Commit 0a9a8db2 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

Limit: split mask attribute

parent aaececd5
...@@ -209,18 +209,17 @@ default value is 1. ...@@ -209,18 +209,17 @@ default value is 1.
The maximum rate defined by a limit may be absolute or specific to The maximum rate defined by a limit may be absolute or specific to
blocks of IP addresses or pairs thereof. The number of most blocks of IP addresses or pairs thereof. The number of most
significant bits taken into account when mapping the source and significant bits taken into account when mapping the source and
destination IP addresses to blocks can be specified with the **mask** destination IP addresses to blocks can be specified with the
attribute. The **mask** attribute is an object with two attributes **src-mask** and **dest-mask** attributes, respectively. If set to
defining the prefix lengths, named **src** and **true** (boolean), all bits are considered. The value of **false**
**dest**. Alternatively, the **mask** object may have object causes the respective address to be ignored. Address
attributes named **inet** and **inet6** which contain address family–specific prefix lengths can be set by defining the mask
family–specific prefix length pairs. If **mask** is defined as as an object with attributes named **inet** and **inet6**.
an integer, it is interpreted as the source address prefix length.
The default behavior with respect to the masks depends on the type of
The default value for **mask** depends on the type of the enclosing the enclosing object. For [filters](#filter), the default behavior is
object. For [filters](#filter), the default behavior is to apply the to apply the limit for each source address separately. For [logging
limit for each source address separately. For [logging classes](#log), classes](#log), the limit is considered absolute by default.
the limit is considered absolute by default.
### <a name="log"></a>Logging Classes ### <a name="log"></a>Logging Classes
......
...@@ -690,28 +690,48 @@ function M.Limit:init(...) ...@@ -690,28 +690,48 @@ function M.Limit:init(...)
setdefault(self, 'interval', 1) setdefault(self, 'interval', 1)
if type(setdefault(self, 'mask', {})) == 'number' then -- alpine v3.5 compatibility
self.mask = {src=self.mask} if self.mask then
end self:warning(
"'mask' attribute is deprecated, please use 'src-mask' and 'dest-mask'"
)
self['src-mask'] = {}
self['dest-mask'] = {}
if type(self.mask) == 'number' then self.mask = {src=self.mask} end
for _, family in ipairs{'inet', 'inet6'} do for _, family in ipairs{'inet', 'inet6'} do
setdefault(self.mask, family, util.copy(self.mask)) setdefault(self.mask, family, util.copy(self.mask))
for _, attr in ipairs{'src', 'dest'} do for _, attr in ipairs{'src', 'dest'} do
setdefault( self[attr..'-mask'][family] = self.mask[family][attr] or
self.mask[family],
attr,
({src=({inet=32, inet6=128})[family], dest=0})[attr] ({src=({inet=32, inet6=128})[family], dest=0})[attr]
) end
end
end
setdefault(self, 'src-mask', not self['dest-mask'])
setdefault(self, 'dest-mask', false)
for _, addr in ipairs{'src', 'dest'} do
local mask = addr..'-mask'
if type(self[mask]) ~= 'table' then
self[mask] = {inet=self[mask], inet6=self[mask]}
end
for _, family in ipairs{'inet', 'inet6'} do
local value = self[mask][family]
if not value then self[mask][family] = 0
elseif value == true then
self[mask][family] = ({inet=32, inet6=128})[family]
end
end end
end end
end end
function M.Limit:maskmode(family) function M.Limit:maskmode(family)
local res local res
for _, attr in ipairs{'src', 'dest'} do for _, addr in ipairs{'src', 'dest'} do
local mask = self.mask[family][attr] local mask = self[addr..'-mask'][family]
if mask > 0 then if mask > 0 then
if res then return end if res then return end
res = {attr, mask} res = {addr, mask}
end end
end end
if res then return table.unpack(res) end if res then return table.unpack(res) end
...@@ -738,10 +758,10 @@ function M.Limit:limitofrags(name) ...@@ -738,10 +758,10 @@ function M.Limit:limitofrags(name)
for _, family in ipairs{'inet', 'inet6'} do for _, family in ipairs{'inet', 'inet6'} do
local keys = {} local keys = {}
local maskopts = '' local maskopts = ''
for _, attr in ipairs{'src', 'dest'} do for _, addr in ipairs{'src', 'dest'} do
local mask = self.mask[family][attr] local mask = self[addr..'-mask'][family]
if mask > 0 then if mask > 0 then
local opt = ({src='src', dest='dst'})[attr] local opt = ({src='src', dest='dst'})[addr]
table.insert(keys, opt..'ip') table.insert(keys, opt..'ip')
maskopts = maskopts..' --hashlimit-'..opt..'mask '..mask maskopts = maskopts..' --hashlimit-'..opt..'mask '..mask
end end
......
--[[ --[[
Packet logging module for Alpine Wall Packet logging module for Alpine Wall
Copyright (C) 2012-2016 Kaarle Ritvanen Copyright (C) 2012-2017 Kaarle Ritvanen
See LICENSE file for license details See LICENSE file for license details
]]-- ]]--
...@@ -15,7 +15,7 @@ local setdefault = require('awall.util').setdefault ...@@ -15,7 +15,7 @@ local setdefault = require('awall.util').setdefault
local LogLimit = class(model.Limit) local LogLimit = class(model.Limit)
function LogLimit:init(...) function LogLimit:init(...)
setdefault(self, 'mask', 0) setdefault(self, 'src-mask', false)
LogLimit.super(self):init(...) LogLimit.super(self):init(...)
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment