Mercurial > prosody-modules
comparison mod_firewall/mod_firewall.lua @ 1304:9f24ccaa66a6
mod_firewall: Do not cache conditions with only a single use
| author | Florian Zeitz <florob@babelmonkeys.de> |
|---|---|
| date | Sun, 16 Feb 2014 18:19:12 +0100 |
| parents | 8a3f3f485675 |
| children | 853a382c9bd6 |
comparison
equal
deleted
inserted
replaced
| 1303:8a3f3f485675 | 1304:9f24ccaa66a6 |
|---|---|
| 274 local chain_handlers = {}; | 274 local chain_handlers = {}; |
| 275 | 275 |
| 276 -- Loop through the chains in the parsed ruleset (e.g. incoming, outgoing) | 276 -- Loop through the chains in the parsed ruleset (e.g. incoming, outgoing) |
| 277 for chain_name, rules in pairs(ruleset) do | 277 for chain_name, rules in pairs(ruleset) do |
| 278 local code = { included_deps = {}, global_header = {} }; | 278 local code = { included_deps = {}, global_header = {} }; |
| 279 local condition_cache, n_conditions = {}, 0; | 279 local condition_uses = {}; |
| 280 -- This inner loop assumes chain is an event-based, not a filter-based | 280 -- This inner loop assumes chain is an event-based, not a filter-based |
| 281 -- chain (filter-based will be added later) | 281 -- chain (filter-based will be added later) |
| 282 for _, rule in ipairs(rules) do | |
| 283 for _, condition in ipairs(rule.conditions) do | |
| 284 if condition:match("^not%(.+%)$") then | |
| 285 condition = condition:match("^not%((.+)%)$"); | |
| 286 end | |
| 287 condition_uses[condition] = (condition_uses[condition] or 0) + 1; | |
| 288 end | |
| 289 end | |
| 290 | |
| 291 local condition_cache, n_conditions = {}, 0; | |
| 282 for _, rule in ipairs(rules) do | 292 for _, rule in ipairs(rules) do |
| 283 for _, dep in ipairs(rule.deps) do | 293 for _, dep in ipairs(rule.deps) do |
| 284 include_dep(dep, code); | 294 include_dep(dep, code); |
| 285 end | 295 end |
| 286 table.insert(code, "\n\t\t"); | 296 table.insert(code, "\n\t\t"); |
| 289 for i, condition in ipairs(rule.conditions) do | 299 for i, condition in ipairs(rule.conditions) do |
| 290 local negated = condition:match("^not%(.+%)$"); | 300 local negated = condition:match("^not%(.+%)$"); |
| 291 if negated then | 301 if negated then |
| 292 condition = condition:match("^not%((.+)%)$"); | 302 condition = condition:match("^not%((.+)%)$"); |
| 293 end | 303 end |
| 294 if condition_cache[condition] then | 304 if condition_uses[condition] > 1 then |
| 295 rule.conditions[i] = (negated and "not(" or "")..condition_cache[condition]..(negated and "_" or ""); | 305 local name = condition_cache[condition]; |
| 306 if not name then | |
| 307 n_conditions = n_conditions + 1; | |
| 308 name = "condition"..n_conditions; | |
| 309 condition_cache[condition] = name; | |
| 310 table.insert(code, "local "..name.." = "..condition..";\n\t\t"); | |
| 311 end | |
| 312 rule.conditions[i] = (negated and "not(" or "")..name..(negated and ")" or ""); | |
| 296 else | 313 else |
| 297 n_conditions = n_conditions + 1; | 314 rule.conditions[i] = (negated and "not(" or "(")..condition..")"; |
| 298 local name = "condition"..n_conditions; | |
| 299 condition_cache[condition] = name; | |
| 300 table.insert(code, "local "..name.." = "..condition..";\n\t\t"); | |
| 301 rule.conditions[i] = (negated and "not(" or "")..name..(negated and ")" or ""); | |
| 302 end | 315 end |
| 303 end | 316 end |
| 317 | |
| 304 rule_code = "if "..table.concat(rule.conditions, " and ").." then\n\t\t\t" | 318 rule_code = "if "..table.concat(rule.conditions, " and ").." then\n\t\t\t" |
| 305 ..table.concat(rule.actions, "\n\t\t\t") | 319 ..table.concat(rule.actions, "\n\t\t\t") |
| 306 .."\n\t\tend\n"; | 320 .."\n\t\tend\n"; |
| 307 else | 321 else |
| 308 rule_code = table.concat(rule.actions, "\n\t\t"); | 322 rule_code = table.concat(rule.actions, "\n\t\t"); |