changeset 2107:f445f43b9ba1

mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)
author Matthew Wild <mwild1@gmail.com>
date Thu, 17 Mar 2016 11:27:10 +0000
parents f2ee508315e1
children 573fe9825fba
files mod_firewall/actions.lib.lua mod_firewall/conditions.lib.lua
diffstat 2 files changed, 22 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_firewall/actions.lib.lua	Thu Mar 17 11:26:20 2016 +0000
+++ b/mod_firewall/actions.lib.lua	Thu Mar 17 11:27:10 2016 +0000
@@ -183,4 +183,12 @@
 	return ("if fire_event(%q, event) then return true; end"):format("firewall/chains/"..name);
 end
 
+function action_handlers.MARK_ORIGIN(name)
+	return [[session.firewall_marked_]]..idsafe(name)..[[ = current_timestamp;]], { "timestamp" };
+end
+
+function action_handlers.UNMARK_ORIGIN(name)
+	return [[session.firewall_marked_]]..idsafe(name)..[[ = nil;]]
+end
+
 return action_handlers;
--- a/mod_firewall/conditions.lib.lua	Thu Mar 17 11:26:20 2016 +0000
+++ b/mod_firewall/conditions.lib.lua	Thu Mar 17 11:27:10 2016 +0000
@@ -180,4 +180,18 @@
 	return ("not throttle_%s:poll(1)"):format(name), { "throttle:"..name };
 end
 
+function condition_handlers.ORIGIN_MARKED(name_and_time)
+	local name, time = name_and_time:match("^%s*(%w+)%s+%(([^)]+)s%)%s*$");
+	if not name then
+		name = name_and_time:match("^%s*(%w+)%s*$");
+	end
+	if not name then
+		error("Error parsing mark name, see documentation for usage examples");
+	end
+	if time then
+		return ("(current_time - (session.firewall_marked_%s or 0)) < %d"):format(idsafe(name), tonumber(time)), { "timestamp" };
+	end
+	return ("not not session.firewall_marked_"..idsafe(name));
+end
+
 return condition_handlers;