Commit 5733f48e authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

optfrag: rename 'opts' to 'match'

parent 994f2316
......@@ -113,10 +113,10 @@ function M.Zone:optfrags(dir)
aopts = {}
for i, hostdef in listpairs(self.addr) do
for i, addr in ipairs(resolve(hostdef, self)) do
table.insert(aopts,
{family=addr[1],
[aprop]=addr[2],
opts='-'..aopt..' '..addr[2]})
table.insert(
aopts,
{family=addr[1], [aprop]=addr[2], match='-'..aopt..' '..addr[2]}
)
end
end
end
......@@ -125,7 +125,7 @@ function M.Zone:optfrags(dir)
if self.ipsec ~= nil then
popt = {
{
opts='-m policy --dir '..dir..' --pol '..
match='-m policy --dir '..dir..' --pol '..
(self.ipsec and 'ipsec' or 'none')
}
}
......@@ -134,7 +134,7 @@ function M.Zone:optfrags(dir)
return combinations(
maplist(
self.iface,
function(x) return {[iprop]=x, opts='-'..iopt..' '..x} end
function(x) return {[iprop]=x, match='-'..iopt..' '..x} end
),
aopts,
popt
......@@ -358,7 +358,7 @@ function M.Rule:servoptfrags()
self.reverse and sdef['reply-type'] or sdef.type
)
end
table.insert(res, {family=family, opts=opts})
table.insert(res, {family=family, match=opts})
end
end
end
......@@ -396,10 +396,10 @@ function M.Rule:servoptfrags()
until len == 0
end
table.insert(ofrags, {opts=opts})
table.insert(ofrags, {match=opts})
until len == 0
else table.insert(ofrags, {opts=propt}) end
else table.insert(ofrags, {match=propt}) end
end
extend(res, combinations(ofrags, {{family=family}}))
......@@ -487,12 +487,12 @@ function M.Rule:trules()
return 'dst'
end),
',')
table.insert(ipsetofrags, {family=setdef.family, opts=setopts})
table.insert(ipsetofrags, {family=setdef.family, match=setopts})
end
ofrags = combinations(ofrags, ipsetofrags)
end
if self.match then ofrags = combinations(ofrags, {{opts=self.match}}) end
if self.match then ofrags = combinations(ofrags, {{match=self.match}}) end
ofrags = combinations(ofrags, self:servoptfrags())
......@@ -561,10 +561,12 @@ function M.Rule:trules()
ofs = {{chain='FORWARD'}, {chain='OUTPUT'}}
recursive = true
elseif ofrag.chain == 'INPUT' then
ofs = {{opts='-m addrtype --dst-type LOCAL', chain='PREROUTING'}}
ofs = {
{match='-m addrtype --dst-type LOCAL', chain='PREROUTING'}
}
elseif ofrag.chain == 'FORWARD' then
ofs = {
{opts='-m addrtype ! --dst-type LOCAL', chain='PREROUTING'}
{match='-m addrtype ! --dst-type LOCAL', chain='PREROUTING'}
}
end
......@@ -703,7 +705,7 @@ function M.Limit:limitofrags(name)
ofrags,
{
family=family,
opts=keys[1] and
match=keys[1] and
'-m hashlimit --hashlimit-upto '..rate..' --hashlimit-burst '..
self:intrate()..' --hashlimit-mode '..table.concat(keys, ',')..
maskopts..' --hashlimit-name '..(name or self:uniqueid()) or
......
--[[
TCP MSS clamping module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen
Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details
]]--
......@@ -13,7 +13,7 @@ local ClampMSSRule = model.class(model.Rule)
function ClampMSSRule:table() return 'mangle' end
function ClampMSSRule:servoptfrags()
return {{opts='-p tcp --tcp-flags SYN,RST SYN'}}
return {{match='-p tcp --tcp-flags SYN,RST SYN'}}
end
function ClampMSSRule:target()
......
......@@ -65,7 +65,7 @@ function FilterLimit:recentofrags(name)
local rec = {
{
family=family,
opts='-m recent --name '..name..' --r'..
match='-m recent --name '..name..' --r'..
({src='source', dest='dest'})[attr]..' --mask '..mask
}
}
......@@ -74,10 +74,10 @@ function FilterLimit:recentofrags(name)
uofs,
combinations(
rec,
{{opts='--update --hitcount '..count..' --seconds '..interval}}
{{match='--update --hitcount '..count..' --seconds '..interval}}
)
)
extend(sofs, combinations(rec, {{opts='--set'}}))
extend(sofs, combinations(rec, {{match='--set'}}))
end
return uofs, sofs
......@@ -188,7 +188,8 @@ function RelatedRule:servoptfrags()
if helper then
helpers[helper] = {
family=sdef.family,
opts='-m conntrack --ctstate RELATED -m helper --helper '..helper
match='-m conntrack --ctstate RELATED -m helper --helper '..
helper
}
end
end
......@@ -400,11 +401,11 @@ local function stateful(config)
local er = combinations(
fchains,
{{opts='-m conntrack --ctstate ESTABLISHED'}}
{{match='-m conntrack --ctstate ESTABLISHED'}}
)
for i, chain in ipairs({'INPUT', 'OUTPUT'}) do
table.insert(
er, {chain=chain, opts='-'..chain:sub(1, 1):lower()..' lo'}
er, {chain=chain, match='-'..chain:sub(1, 1):lower()..' lo'}
)
end
extend(
......@@ -449,8 +450,8 @@ local function stateful(config)
return res
end
local icmp = {{family='inet', table='filter', opts='-p icmp'}}
local icmp6 = {{family='inet6', table='filter', opts='-p icmpv6'}}
local icmp = {{family='inet', table='filter', match='-p icmp'}}
local icmp6 = {{family='inet6', table='filter', match='-p icmpv6'}}
local ir = combinations(
icmp6,
{{chain='INPUT'}, {chain='OUTPUT'}},
......@@ -462,12 +463,11 @@ extend(ir, combinations(icmp, fchains, {{target='icmp-routing'}}))
local function icmprules(ofrag, oname, types)
extend(
ir,
combinations(ofrag,
{{chain='icmp-routing', target='ACCEPT'}},
util.map(types,
function(t)
return {opts='--'..oname..' '..t}
end))
combinations(
ofrag,
{{chain='icmp-routing', target='ACCEPT'}},
util.map(types, function(t) return {match='--'..oname..' '..t} end)
)
)
end
icmprules(icmp, 'icmp-type', {3, 11, 12})
......@@ -481,6 +481,6 @@ return {
['%filter-after']={rules=ir, after='filter'}
},
achains=combinations(
{{chain='tarpit'}}, {{opts='-p tcp', target='TARPIT'}, {target='DROP'}}
{{chain='tarpit'}}, {{match='-p tcp', target='TARPIT'}, {target='DROP'}}
)
}
--[[
Packet logging module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen
Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details
]]--
......@@ -35,12 +35,12 @@ function Log:matchofrags()
if sel == 'every' then
ofrags = {
{opts='-m statistic --mode nth --every '..value..' --packet 0'}
{match='-m statistic --mode nth --every '..value..' --packet 0'}
}
elseif sel == 'limit' then
ofrags = self:create(LogLimit, value, 'loglimit'):limitofrags()
elseif sel == 'probability' then
ofrags = {{opts='-m statistic --mode random --probability '..value}}
ofrags = {{match='-m statistic --mode random --probability '..value}}
else assert(false) end
end
end
......
--[[
Packet marking module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen
Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details
]]--
......@@ -30,7 +30,7 @@ function RouteTrackRule:target() return self:uniqueid('mark') end
function RouteTrackRule:servoptfrags()
return combinations(
RouteTrackRule.super(self):servoptfrags(), {{opts='-m mark --mark 0'}}
RouteTrackRule.super(self):servoptfrags(), {{match='-m mark --mark 0'}}
)
end
......@@ -50,7 +50,7 @@ local function restoremark(config)
{
{
table='mangle',
opts='-m connmark ! --mark 0',
match='-m connmark ! --mark 0',
target='CONNMARK --restore-mark'
}
}
......
--[[
IPSet-based masquerading module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen
Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details
]]--
......@@ -14,14 +14,14 @@ return {
family='inet',
table='nat',
chain='POSTROUTING',
opts='-m set --match-set awall-masquerade src',
match='-m set --match-set awall-masquerade src',
target='awall-masquerade'
},
{
family='inet',
table='nat',
chain='awall-masquerade',
opts='-m set ! --match-set awall-masquerade dst',
match='-m set ! --match-set awall-masquerade dst',
target='MASQUERADE'
}
},
......
--[[
Transparent proxy module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen
Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details
]]--
......@@ -55,7 +55,7 @@ local function divert(config)
)
table.insert(
ofrags,
{chain='PREROUTING', opts='-m socket', target='divert'}
{chain='PREROUTING', match='-m socket', target='divert'}
)
return combinations(
{{family='inet'}, {family='inet6'}},
......
--[[
Option fragment module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen
Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details
]]--
......@@ -24,12 +24,12 @@ function M.combinations(of1, ...)
local of = {}
for k, v in pairs(x) do
if k ~= 'opts' then of[k] = v end
if k ~= 'match' then of[k] = v end
end
local match = true
for k, v in pairs(y) do
if k ~= 'opts' then
if k ~= 'match' then
if of[k] and v ~= of[k] then
match = false
break
......@@ -39,10 +39,10 @@ function M.combinations(of1, ...)
end
if match then
if x.opts then
if y.opts then of.opts = x.opts..' '..y.opts
else of.opts = x.opts end
else of.opts = y.opts end
if x.match then
if y.match then of.match = x.match..' '..y.match
else of.match = x.match end
else of.match = y.match end
table.insert(res, of)
end
end
......@@ -54,7 +54,7 @@ end
function M.location(of) return of.family..'/'..of.table..'/'..of.chain end
function M.command(of)
return (of.opts and of.opts..' ' or '')..
return (of.match and of.match..' ' or '')..
(of.target and '-j '..of.target or '')
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment