Commit 5733f48e authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

optfrag: rename 'opts' to 'match'

parent 994f2316
...@@ -113,10 +113,10 @@ function M.Zone:optfrags(dir) ...@@ -113,10 +113,10 @@ function M.Zone:optfrags(dir)
aopts = {} aopts = {}
for i, hostdef in listpairs(self.addr) do for i, hostdef in listpairs(self.addr) do
for i, addr in ipairs(resolve(hostdef, self)) do for i, addr in ipairs(resolve(hostdef, self)) do
table.insert(aopts, table.insert(
{family=addr[1], aopts,
[aprop]=addr[2], {family=addr[1], [aprop]=addr[2], match='-'..aopt..' '..addr[2]}
opts='-'..aopt..' '..addr[2]}) )
end end
end end
end end
...@@ -125,7 +125,7 @@ function M.Zone:optfrags(dir) ...@@ -125,7 +125,7 @@ function M.Zone:optfrags(dir)
if self.ipsec ~= nil then if self.ipsec ~= nil then
popt = { popt = {
{ {
opts='-m policy --dir '..dir..' --pol '.. match='-m policy --dir '..dir..' --pol '..
(self.ipsec and 'ipsec' or 'none') (self.ipsec and 'ipsec' or 'none')
} }
} }
...@@ -134,7 +134,7 @@ function M.Zone:optfrags(dir) ...@@ -134,7 +134,7 @@ function M.Zone:optfrags(dir)
return combinations( return combinations(
maplist( maplist(
self.iface, self.iface,
function(x) return {[iprop]=x, opts='-'..iopt..' '..x} end function(x) return {[iprop]=x, match='-'..iopt..' '..x} end
), ),
aopts, aopts,
popt popt
...@@ -358,7 +358,7 @@ function M.Rule:servoptfrags() ...@@ -358,7 +358,7 @@ function M.Rule:servoptfrags()
self.reverse and sdef['reply-type'] or sdef.type self.reverse and sdef['reply-type'] or sdef.type
) )
end end
table.insert(res, {family=family, opts=opts}) table.insert(res, {family=family, match=opts})
end end
end end
end end
...@@ -396,10 +396,10 @@ function M.Rule:servoptfrags() ...@@ -396,10 +396,10 @@ function M.Rule:servoptfrags()
until len == 0 until len == 0
end end
table.insert(ofrags, {opts=opts}) table.insert(ofrags, {match=opts})
until len == 0 until len == 0
else table.insert(ofrags, {opts=propt}) end else table.insert(ofrags, {match=propt}) end
end end
extend(res, combinations(ofrags, {{family=family}})) extend(res, combinations(ofrags, {{family=family}}))
...@@ -487,12 +487,12 @@ function M.Rule:trules() ...@@ -487,12 +487,12 @@ function M.Rule:trules()
return 'dst' return 'dst'
end), end),
',') ',')
table.insert(ipsetofrags, {family=setdef.family, opts=setopts}) table.insert(ipsetofrags, {family=setdef.family, match=setopts})
end end
ofrags = combinations(ofrags, ipsetofrags) ofrags = combinations(ofrags, ipsetofrags)
end end
if self.match then ofrags = combinations(ofrags, {{opts=self.match}}) end if self.match then ofrags = combinations(ofrags, {{match=self.match}}) end
ofrags = combinations(ofrags, self:servoptfrags()) ofrags = combinations(ofrags, self:servoptfrags())
...@@ -561,10 +561,12 @@ function M.Rule:trules() ...@@ -561,10 +561,12 @@ function M.Rule:trules()
ofs = {{chain='FORWARD'}, {chain='OUTPUT'}} ofs = {{chain='FORWARD'}, {chain='OUTPUT'}}
recursive = true recursive = true
elseif ofrag.chain == 'INPUT' then elseif ofrag.chain == 'INPUT' then
ofs = {{opts='-m addrtype --dst-type LOCAL', chain='PREROUTING'}} ofs = {
{match='-m addrtype --dst-type LOCAL', chain='PREROUTING'}
}
elseif ofrag.chain == 'FORWARD' then elseif ofrag.chain == 'FORWARD' then
ofs = { ofs = {
{opts='-m addrtype ! --dst-type LOCAL', chain='PREROUTING'} {match='-m addrtype ! --dst-type LOCAL', chain='PREROUTING'}
} }
end end
...@@ -703,7 +705,7 @@ function M.Limit:limitofrags(name) ...@@ -703,7 +705,7 @@ function M.Limit:limitofrags(name)
ofrags, ofrags,
{ {
family=family, family=family,
opts=keys[1] and match=keys[1] and
'-m hashlimit --hashlimit-upto '..rate..' --hashlimit-burst '.. '-m hashlimit --hashlimit-upto '..rate..' --hashlimit-burst '..
self:intrate()..' --hashlimit-mode '..table.concat(keys, ',').. self:intrate()..' --hashlimit-mode '..table.concat(keys, ',')..
maskopts..' --hashlimit-name '..(name or self:uniqueid()) or maskopts..' --hashlimit-name '..(name or self:uniqueid()) or
......
--[[ --[[
TCP MSS clamping module for Alpine Wall TCP MSS clamping module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details See LICENSE file for license details
]]-- ]]--
...@@ -13,7 +13,7 @@ local ClampMSSRule = model.class(model.Rule) ...@@ -13,7 +13,7 @@ local ClampMSSRule = model.class(model.Rule)
function ClampMSSRule:table() return 'mangle' end function ClampMSSRule:table() return 'mangle' end
function ClampMSSRule:servoptfrags() function ClampMSSRule:servoptfrags()
return {{opts='-p tcp --tcp-flags SYN,RST SYN'}} return {{match='-p tcp --tcp-flags SYN,RST SYN'}}
end end
function ClampMSSRule:target() function ClampMSSRule:target()
......
...@@ -65,7 +65,7 @@ function FilterLimit:recentofrags(name) ...@@ -65,7 +65,7 @@ function FilterLimit:recentofrags(name)
local rec = { local rec = {
{ {
family=family, family=family,
opts='-m recent --name '..name..' --r'.. match='-m recent --name '..name..' --r'..
({src='source', dest='dest'})[attr]..' --mask '..mask ({src='source', dest='dest'})[attr]..' --mask '..mask
} }
} }
...@@ -74,10 +74,10 @@ function FilterLimit:recentofrags(name) ...@@ -74,10 +74,10 @@ function FilterLimit:recentofrags(name)
uofs, uofs,
combinations( combinations(
rec, rec,
{{opts='--update --hitcount '..count..' --seconds '..interval}} {{match='--update --hitcount '..count..' --seconds '..interval}}
) )
) )
extend(sofs, combinations(rec, {{opts='--set'}})) extend(sofs, combinations(rec, {{match='--set'}}))
end end
return uofs, sofs return uofs, sofs
...@@ -188,7 +188,8 @@ function RelatedRule:servoptfrags() ...@@ -188,7 +188,8 @@ function RelatedRule:servoptfrags()
if helper then if helper then
helpers[helper] = { helpers[helper] = {
family=sdef.family, family=sdef.family,
opts='-m conntrack --ctstate RELATED -m helper --helper '..helper match='-m conntrack --ctstate RELATED -m helper --helper '..
helper
} }
end end
end end
...@@ -400,11 +401,11 @@ local function stateful(config) ...@@ -400,11 +401,11 @@ local function stateful(config)
local er = combinations( local er = combinations(
fchains, fchains,
{{opts='-m conntrack --ctstate ESTABLISHED'}} {{match='-m conntrack --ctstate ESTABLISHED'}}
) )
for i, chain in ipairs({'INPUT', 'OUTPUT'}) do for i, chain in ipairs({'INPUT', 'OUTPUT'}) do
table.insert( table.insert(
er, {chain=chain, opts='-'..chain:sub(1, 1):lower()..' lo'} er, {chain=chain, match='-'..chain:sub(1, 1):lower()..' lo'}
) )
end end
extend( extend(
...@@ -449,8 +450,8 @@ local function stateful(config) ...@@ -449,8 +450,8 @@ local function stateful(config)
return res return res
end end
local icmp = {{family='inet', table='filter', opts='-p icmp'}} local icmp = {{family='inet', table='filter', match='-p icmp'}}
local icmp6 = {{family='inet6', table='filter', opts='-p icmpv6'}} local icmp6 = {{family='inet6', table='filter', match='-p icmpv6'}}
local ir = combinations( local ir = combinations(
icmp6, icmp6,
{{chain='INPUT'}, {chain='OUTPUT'}}, {{chain='INPUT'}, {chain='OUTPUT'}},
...@@ -462,12 +463,11 @@ extend(ir, combinations(icmp, fchains, {{target='icmp-routing'}})) ...@@ -462,12 +463,11 @@ extend(ir, combinations(icmp, fchains, {{target='icmp-routing'}}))
local function icmprules(ofrag, oname, types) local function icmprules(ofrag, oname, types)
extend( extend(
ir, ir,
combinations(ofrag, combinations(
{{chain='icmp-routing', target='ACCEPT'}}, ofrag,
util.map(types, {{chain='icmp-routing', target='ACCEPT'}},
function(t) util.map(types, function(t) return {match='--'..oname..' '..t} end)
return {opts='--'..oname..' '..t} )
end))
) )
end end
icmprules(icmp, 'icmp-type', {3, 11, 12}) icmprules(icmp, 'icmp-type', {3, 11, 12})
...@@ -481,6 +481,6 @@ return { ...@@ -481,6 +481,6 @@ return {
['%filter-after']={rules=ir, after='filter'} ['%filter-after']={rules=ir, after='filter'}
}, },
achains=combinations( achains=combinations(
{{chain='tarpit'}}, {{opts='-p tcp', target='TARPIT'}, {target='DROP'}} {{chain='tarpit'}}, {{match='-p tcp', target='TARPIT'}, {target='DROP'}}
) )
} }
--[[ --[[
Packet logging module for Alpine Wall Packet logging module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details See LICENSE file for license details
]]-- ]]--
...@@ -35,12 +35,12 @@ function Log:matchofrags() ...@@ -35,12 +35,12 @@ function Log:matchofrags()
if sel == 'every' then if sel == 'every' then
ofrags = { ofrags = {
{opts='-m statistic --mode nth --every '..value..' --packet 0'} {match='-m statistic --mode nth --every '..value..' --packet 0'}
} }
elseif sel == 'limit' then elseif sel == 'limit' then
ofrags = self:create(LogLimit, value, 'loglimit'):limitofrags() ofrags = self:create(LogLimit, value, 'loglimit'):limitofrags()
elseif sel == 'probability' then elseif sel == 'probability' then
ofrags = {{opts='-m statistic --mode random --probability '..value}} ofrags = {{match='-m statistic --mode random --probability '..value}}
else assert(false) end else assert(false) end
end end
end end
......
--[[ --[[
Packet marking module for Alpine Wall Packet marking module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details See LICENSE file for license details
]]-- ]]--
...@@ -30,7 +30,7 @@ function RouteTrackRule:target() return self:uniqueid('mark') end ...@@ -30,7 +30,7 @@ function RouteTrackRule:target() return self:uniqueid('mark') end
function RouteTrackRule:servoptfrags() function RouteTrackRule:servoptfrags()
return combinations( return combinations(
RouteTrackRule.super(self):servoptfrags(), {{opts='-m mark --mark 0'}} RouteTrackRule.super(self):servoptfrags(), {{match='-m mark --mark 0'}}
) )
end end
...@@ -50,7 +50,7 @@ local function restoremark(config) ...@@ -50,7 +50,7 @@ local function restoremark(config)
{ {
{ {
table='mangle', table='mangle',
opts='-m connmark ! --mark 0', match='-m connmark ! --mark 0',
target='CONNMARK --restore-mark' target='CONNMARK --restore-mark'
} }
} }
......
--[[ --[[
IPSet-based masquerading module for Alpine Wall IPSet-based masquerading module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details See LICENSE file for license details
]]-- ]]--
...@@ -14,14 +14,14 @@ return { ...@@ -14,14 +14,14 @@ return {
family='inet', family='inet',
table='nat', table='nat',
chain='POSTROUTING', chain='POSTROUTING',
opts='-m set --match-set awall-masquerade src', match='-m set --match-set awall-masquerade src',
target='awall-masquerade' target='awall-masquerade'
}, },
{ {
family='inet', family='inet',
table='nat', table='nat',
chain='awall-masquerade', chain='awall-masquerade',
opts='-m set ! --match-set awall-masquerade dst', match='-m set ! --match-set awall-masquerade dst',
target='MASQUERADE' target='MASQUERADE'
} }
}, },
......
--[[ --[[
Transparent proxy module for Alpine Wall Transparent proxy module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details See LICENSE file for license details
]]-- ]]--
...@@ -55,7 +55,7 @@ local function divert(config) ...@@ -55,7 +55,7 @@ local function divert(config)
) )
table.insert( table.insert(
ofrags, ofrags,
{chain='PREROUTING', opts='-m socket', target='divert'} {chain='PREROUTING', match='-m socket', target='divert'}
) )
return combinations( return combinations(
{{family='inet'}, {family='inet6'}}, {{family='inet'}, {family='inet6'}},
......
--[[ --[[
Option fragment module for Alpine Wall Option fragment module for Alpine Wall
Copyright (C) 2012-2014 Kaarle Ritvanen Copyright (C) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details See LICENSE file for license details
]]-- ]]--
...@@ -24,12 +24,12 @@ function M.combinations(of1, ...) ...@@ -24,12 +24,12 @@ function M.combinations(of1, ...)
local of = {} local of = {}
for k, v in pairs(x) do for k, v in pairs(x) do
if k ~= 'opts' then of[k] = v end if k ~= 'match' then of[k] = v end
end end
local match = true local match = true
for k, v in pairs(y) do for k, v in pairs(y) do
if k ~= 'opts' then if k ~= 'match' then
if of[k] and v ~= of[k] then if of[k] and v ~= of[k] then
match = false match = false
break break
...@@ -39,10 +39,10 @@ function M.combinations(of1, ...) ...@@ -39,10 +39,10 @@ function M.combinations(of1, ...)
end end
if match then if match then
if x.opts then if x.match then
if y.opts then of.opts = x.opts..' '..y.opts if y.match then of.match = x.match..' '..y.match
else of.opts = x.opts end else of.match = x.match end
else of.opts = y.opts end else of.match = y.match end
table.insert(res, of) table.insert(res, of)
end end
end end
...@@ -54,7 +54,7 @@ end ...@@ -54,7 +54,7 @@ end
function M.location(of) return of.family..'/'..of.table..'/'..of.chain end function M.location(of) return of.family..'/'..of.table..'/'..of.chain end
function M.command(of) function M.command(of)
return (of.opts and of.opts..' ' or '').. return (of.match and of.match..' ' or '')..
(of.target and '-j '..of.target or '') (of.target and '-j '..of.target or '')
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment