Commit cc8135a1 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

Filter: fix simple update-limit

parent b4d83b01
......@@ -234,20 +234,25 @@ function Filter:init(...)
self[limit].log = loadclass('log').get(self, self[limit].log, true)
end
if ul then
if self.action ~= 'pass' then
self:error('Cannot specify action with update-limit')
end
if ul and self.action ~= 'pass' then
self:error('Cannot specify action with update-limit')
end
end
function Filter:updatelimit()
local ul = util.copy(self['update-limit'])
if type(ul) == 'table' then
if not contains({'conn', 'flow'}, setdefault(ul, 'measure', 'conn')) then
self:error('Invalid value for measure: '..ul.measure)
end
if self['no-track'] and ul.measure == 'conn' then
self:error('Tracking required when measuring connection rate')
end
self:create(LimitReference, ul, 'update-limit')
end
return ul and self:create(LimitReference, ul, 'update-limit')
end
function Filter:extratrules()
......@@ -351,10 +356,9 @@ function Filter:limit()
end
function Filter:position()
local ul = self:updatelimit()
return not self['no-track'] and (
self:limit() == 'flow-limit' or (
self['update-limit'] and self['update-limit'].measure == 'flow'
)
self:limit() == 'flow-limit' or (ul and ul.measure == 'flow')
) and 'prepend' or 'append'
end
......@@ -372,9 +376,11 @@ end
function Filter:mangleoptfrags(ofrags)
local limit = self:limit()
local ul = self:updatelimit()
if not limit then
if self['update-limit'] then
ofrags = self:combine(ofrags, self['update-limit']:recentofrags())
if ul then
ofrags = self:combine(ofrags, ul:recentofrags())
end
return Filter.super(self):mangleoptfrags(ofrags)
end
......@@ -383,7 +389,7 @@ function Filter:mangleoptfrags(ofrags)
self:error('Limit incompatible with '..item)
end
if self['update-limit'] then incompatible('update-limit') end
if ul then incompatible('update-limit') end
if self:customtarget() or self:logdefault() then
incompatible('action: '..self.action)
......
......@@ -53,6 +53,8 @@ add('conn', {out='B'})
add('flow')
add('flow', {['in']='A', out='_fw', ['no-track']=true})
table.insert(res, {['update-limit']='foo'})
for _, measure in ipairs{'conn', 'flow'} do
for _, addr in ipairs{'src', 'dest'} do
table.insert(
......
This diff is collapsed.
......@@ -746,6 +746,7 @@
-A FORWARD -j logaccept-final-19
-A FORWARD -j ACCEPT
-A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A FORWARD -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A FORWARD -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-109
......@@ -1110,6 +1111,7 @@
-A INPUT -i eth0 -j limit-334
-A INPUT -i eth0 -j limit-335
-A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A INPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A INPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A INPUT -j ACCEPT
-A INPUT -j logdrop-109
......@@ -1490,6 +1492,7 @@
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A OUTPUT -m recent --name user:foo --rsource --mask 255.255.255.255 --set
-A OUTPUT -m recent --name user:foo --rdest --mask 255.255.255.255 --set
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-109
......
......@@ -746,6 +746,7 @@
-A FORWARD -j logaccept-final-19
-A FORWARD -j ACCEPT
-A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A FORWARD -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A FORWARD -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-109
......@@ -1080,6 +1081,7 @@
-A INPUT -i eth0 -j limit-334
-A INPUT -i eth0 -j limit-335
-A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A INPUT -j ACCEPT
-A INPUT -j logdrop-109
......@@ -1454,6 +1456,7 @@
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A OUTPUT -m recent --name user:foo --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A OUTPUT -m recent --name user:foo --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
-A OUTPUT -j ACCEPT
-A OUTPUT -j logdrop-109
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment