Mercurial > prosody-modules
comparison mod_firewall/mod_firewall.lua @ 996:37af655ca575
mod_firewall: Cache conditions, so that they are only calculated once per chain execution
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 07 May 2013 09:28:20 +0100 |
| parents | aeb11522a44f |
| children | 6fdcebbd2284 |
comparison
equal
deleted
inserted
replaced
| 995:716a2b9cc18d | 996:37af655ca575 |
|---|---|
| 262 local chain_handlers = {}; | 262 local chain_handlers = {}; |
| 263 | 263 |
| 264 -- Loop through the chains in the parsed ruleset (e.g. incoming, outgoing) | 264 -- Loop through the chains in the parsed ruleset (e.g. incoming, outgoing) |
| 265 for chain_name, rules in pairs(ruleset) do | 265 for chain_name, rules in pairs(ruleset) do |
| 266 local code = { included_deps = {}, global_header = {} }; | 266 local code = { included_deps = {}, global_header = {} }; |
| 267 local condition_cache, n_conditions = {}, 0; | |
| 267 -- This inner loop assumes chain is an event-based, not a filter-based | 268 -- This inner loop assumes chain is an event-based, not a filter-based |
| 268 -- chain (filter-based will be added later) | 269 -- chain (filter-based will be added later) |
| 269 for _, rule in ipairs(rules) do | 270 for _, rule in ipairs(rules) do |
| 270 for _, dep in ipairs(rule.deps) do | 271 for _, dep in ipairs(rule.deps) do |
| 271 include_dep(dep, code); | 272 include_dep(dep, code); |
| 272 end | 273 end |
| 273 local rule_code = table.concat(rule.actions, "\n\t"); | 274 local rule_code = table.concat(rule.actions, "\n\t"); |
| 274 if #rule.conditions > 0 then | 275 if #rule.conditions > 0 then |
| 275 rule_code = "if ("..table.concat(rule.conditions, ") and (")..") then\n\t" | 276 for i, condition in ipairs(rule.conditions) do |
| 277 local negated = condition:match("^not%b()$"); | |
| 278 if negated then | |
| 279 condition = condition:match("^not%((.+)%)$"); | |
| 280 end | |
| 281 if condition_cache[condition] then | |
| 282 rule.conditions[i] = (negated and "not(" or "")..condition_cache[condition]..(negated and "_" or ""); | |
| 283 else | |
| 284 n_conditions = n_conditions + 1; | |
| 285 local name = "condition"..n_conditions; | |
| 286 condition_cache[condition] = name; | |
| 287 table.insert(code, "local "..name.." = "..condition..";\n\t"); | |
| 288 rule.conditions[i] = (negated and "not(" or "")..name..(negated and ")" or ""); | |
| 289 end | |
| 290 end | |
| 291 rule_code = "if "..table.concat(rule.conditions, " and ").." then\n\t" | |
| 276 ..rule_code | 292 ..rule_code |
| 277 .."\n end\n"; | 293 .."\n end\n"; |
| 278 end | 294 end |
| 279 table.insert(code, rule_code); | 295 table.insert(code, rule_code); |
| 280 end | 296 end |