Commit 89514168 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

optimize chains out more often

parent 071952b1
......@@ -24,6 +24,7 @@ local extend = util.extend
local filter = util.filter
local join = util.join
local listpairs = util.listpairs
local map = util.map
local maplist = util.maplist
local setdefault = util.setdefault
......@@ -430,6 +431,49 @@ function M.Rule:target()
end
function M.Rule:combine(ofs1, ofs2, key, unique)
local function connect()
local chain = self:uniqueid(key)
local function setvar(name)
return function(of)
setdefault(of, name, chain)
return of
end
end
return extend(map(ofs1, setvar('target')), map(ofs2, setvar('chain')))
end
local chainless = filter(ofs2, function(of) return not of.chain end)
local created = {}
local res = {}
for _, of in ipairs(ofs1) do
if of.target == nil then
local ofs = combinations(chainless, {{family=of.family}})
assert(#ofs > 0)
if unique then
assert(of.family)
if created[of.family] then return connect() end
created[of.family] = true
if #ofs > 1 then return connect() end
end
local comb = combinations({of}, ofs)
if #comb < #ofs then return connect() end
extend(res, comb)
else table.insert(res, of) end
end
return res
end
function M.Rule:trules()
local function tag(ofrags, tag, value)
......@@ -496,52 +540,26 @@ function M.Rule:trules()
ofrags = combinations(ofrags, self:servoptfrags())
tag(ofrags, 'position', self:position())
setfamilies(ofrags)
local addrofrags = combinations(
self:create(M.Zone, {addr=self.src}):optfrags(self:direction('in')),
self:destoptfrags()
)
local combined = ofrags
if addrofrags then
addrofrags = ffilter(addrofrags)
setfamilies(addrofrags)
ofrags = ffilter(ofrags)
combined = {}
for i, ofrag in ipairs(ofrags) do
local aofs = combinations(addrofrags, {{family=ofrag.family}})
local cc = combinations({ofrag}, aofs)
if #cc < #aofs then
combined = nil
break
end
extend(combined, cc)
end
ofrags = self:combine(ffilter(ofrags), addrofrags, 'address')
end
if combined then ofrags = combined end
tag(ofrags, 'position', self:position())
local addrchain
if not combined then
addrchain = self:uniqueid('address')
self:settarget(ofrags, addrchain)
extend(ofrags, combinations(addrofrags, {{chain=addrchain}}))
end
ofrags = self:mangleoptfrags(ofrags)
local function bancustom() self:error('Custom action not allowed here') end
local custom = self:customtarget()
ofrags = self:mangleoptfrags(ofrags)
for _, ofrag in ipairs(ofrags) do
if custom and ofrag.target and ofrag.target ~= addrchain then
bancustom()
end
setdefault(ofrag, 'target', custom or self:target())
end
self:settarget(ofrags, custom or self:target())
local tbl = self:table()
......@@ -601,7 +619,7 @@ function M.Rule:trules()
)
local extra = self:extratrules(ofrags)
if custom and extra[1] then bancustom() end
if custom and extra[1] then self:error('Custom action not allowed here') end
return extend(ofrags, extra)
end
......@@ -614,11 +632,6 @@ function M.Rule:customtarget()
end
end
function M.Rule:settarget(ofrags, target)
for _, ofrag in ipairs(ofrags) do setdefault(ofrag, 'target', target) end
return ofrags
end
function M.Rule:mangleoptfrags(ofrags) return ofrags end
function M.Rule:trulefilter(rule) return true end
......
......@@ -158,20 +158,20 @@ function LoggingRule:logdefault() return false end
function LoggingRule:target() return 'ACCEPT' end
function LoggingRule:logchain(log, action, target)
if not log then return {}, target end
local chain = self:uniqueid('log'..action)
local ofrags = log:optfrags()
if target then table.insert(ofrags, {target=target}) end
function LoggingRule:actofrags(log, target)
local res = log and log:optfrags() or {}
if target ~= nil then table.insert(res, {target=target}) end
return res
end
return combinations({{chain=chain}}, ofrags), chain
function LoggingRule:combinelog(ofrags, log, action, target)
local actions = self:actofrags(log, target)
return actions[1] and
self:combine(ofrags, actions, 'log'..action, log) or ofrags
end
function LoggingRule:mangleoptfrags(ofrags)
if not self.log then return ofrags end
local ofs, chain = self:logchain(self.log, self.action, self:target())
return extend(self:settarget(ofrags, chain), ofs)
return self:combinelog(ofrags, self.log, self.action, self:target())
end
......@@ -346,37 +346,28 @@ function Filter:mangleoptfrags(ofrags)
end
local limitchain = self:uniqueid('limit')
self:settarget(ofrags, limitchain)
local limitlog = self[limit].log
local limitobj = self:create(FilterLimit, self[limit], 'limit')
local ofs = {}
local logch, limitofs
local ofs
local accept = self:position() == 'append'
local uofs, sofs = limitobj:recentofrags(limitchain)
if uofs then
ofs, logch = self:logchain(limitlog, 'drop', 'DROP')
limitofs = combinations(uofs, {{target=logch}})
if accept and self.log then extend(limitofs, self.log:optfrags()) end
extend(limitofs, combinations(sofs, {{target=accept and 'ACCEPT'}}))
ofs = self:combinelog(uofs, limitlog, 'drop', 'DROP')
if accept then extend(ofs, self:actofrags(self.log)) end
extend(ofs, combinations(sofs, {{target=accept and 'ACCEPT'}}))
else
if accept then ofs, logch = self:logchain(self.log, 'accept', 'ACCEPT')
else logch = 'RETURN' end
local limofs = limitobj:limitofrags(limitchain)
ofs = accept and Filter.super(self):mangleoptfrags(limofs) or
combinations(limofs, {{target='RETURN'}})
limitofs = combinations(
limitobj:limitofrags(limitchain), {{target=logch}}
)
if limitlog then extend(limitofs, limitlog:optfrags()) end
table.insert(limitofs, {target='DROP'})
extend(ofs, self:actofrags(limitlog, 'DROP'))
end
extend(ofrags, ofs)
return extend(ofrags, combinations({{chain=limitchain}}, limitofs))
return self:combine(ofrags, ofs, 'limit', true)
end
......
......@@ -9,7 +9,7 @@ local model = require('awall.model')
local class = model.class
local combinations = require('awall.optfrag').combinations
local util = require('awall.util')
local list = require('awall.util').list
local MarkRule = class(model.Rule)
......@@ -27,18 +27,16 @@ function MarkRule:target() return 'MARK --set-mark '..self.mark end
local RouteTrackRule = class(MarkRule)
function RouteTrackRule:mangleoptfrags(ofrags)
local markchain = self:uniqueid('mark')
return util.extend(
self:settarget(
combinations(ofrags, {{match='-m mark --mark 0'}}), markchain
),
{{chain=markchain}, {chain=markchain, target='CONNMARK --save-mark'}}
return self:combine(
combinations(ofrags, {{match='-m mark --mark 0'}}),
{{}, {target='CONNMARK --save-mark'}},
'mark'
)
end
local function restoremark(config)
if util.list(config['route-track'])[1] then
if list(config['route-track'])[1] then
return combinations(
{{family='inet'}, {family='inet6'}},
{{chain='OUTPUT'}, {chain='PREROUTING'}},
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment