Software /
code /
prosody-modules
Comparison
mod_firewall/mod_firewall.lua @ 1304:9f24ccaa66a6
mod_firewall: Do not cache conditions with only a single use
author | Florian Zeitz <florob@babelmonkeys.de> |
---|---|
date | Sun, 16 Feb 2014 18:19:12 +0100 |
parent | 1303:8a3f3f485675 |
child | 1324:853a382c9bd6 |
comparison
equal
deleted
inserted
replaced
1303:8a3f3f485675 | 1304:9f24ccaa66a6 |
---|---|
274 local chain_handlers = {}; | 274 local chain_handlers = {}; |
275 | 275 |
276 -- Loop through the chains in the parsed ruleset (e.g. incoming, outgoing) | 276 -- Loop through the chains in the parsed ruleset (e.g. incoming, outgoing) |
277 for chain_name, rules in pairs(ruleset) do | 277 for chain_name, rules in pairs(ruleset) do |
278 local code = { included_deps = {}, global_header = {} }; | 278 local code = { included_deps = {}, global_header = {} }; |
279 local condition_cache, n_conditions = {}, 0; | 279 local condition_uses = {}; |
280 -- This inner loop assumes chain is an event-based, not a filter-based | 280 -- This inner loop assumes chain is an event-based, not a filter-based |
281 -- chain (filter-based will be added later) | 281 -- chain (filter-based will be added later) |
282 for _, rule in ipairs(rules) do | |
283 for _, condition in ipairs(rule.conditions) do | |
284 if condition:match("^not%(.+%)$") then | |
285 condition = condition:match("^not%((.+)%)$"); | |
286 end | |
287 condition_uses[condition] = (condition_uses[condition] or 0) + 1; | |
288 end | |
289 end | |
290 | |
291 local condition_cache, n_conditions = {}, 0; | |
282 for _, rule in ipairs(rules) do | 292 for _, rule in ipairs(rules) do |
283 for _, dep in ipairs(rule.deps) do | 293 for _, dep in ipairs(rule.deps) do |
284 include_dep(dep, code); | 294 include_dep(dep, code); |
285 end | 295 end |
286 table.insert(code, "\n\t\t"); | 296 table.insert(code, "\n\t\t"); |
289 for i, condition in ipairs(rule.conditions) do | 299 for i, condition in ipairs(rule.conditions) do |
290 local negated = condition:match("^not%(.+%)$"); | 300 local negated = condition:match("^not%(.+%)$"); |
291 if negated then | 301 if negated then |
292 condition = condition:match("^not%((.+)%)$"); | 302 condition = condition:match("^not%((.+)%)$"); |
293 end | 303 end |
294 if condition_cache[condition] then | 304 if condition_uses[condition] > 1 then |
295 rule.conditions[i] = (negated and "not(" or "")..condition_cache[condition]..(negated and "_" or ""); | 305 local name = condition_cache[condition]; |
306 if not name then | |
307 n_conditions = n_conditions + 1; | |
308 name = "condition"..n_conditions; | |
309 condition_cache[condition] = name; | |
310 table.insert(code, "local "..name.." = "..condition..";\n\t\t"); | |
311 end | |
312 rule.conditions[i] = (negated and "not(" or "")..name..(negated and ")" or ""); | |
296 else | 313 else |
297 n_conditions = n_conditions + 1; | 314 rule.conditions[i] = (negated and "not(" or "(")..condition..")"; |
298 local name = "condition"..n_conditions; | |
299 condition_cache[condition] = name; | |
300 table.insert(code, "local "..name.." = "..condition..";\n\t\t"); | |
301 rule.conditions[i] = (negated and "not(" or "")..name..(negated and ")" or ""); | |
302 end | 315 end |
303 end | 316 end |
317 | |
304 rule_code = "if "..table.concat(rule.conditions, " and ").." then\n\t\t\t" | 318 rule_code = "if "..table.concat(rule.conditions, " and ").." then\n\t\t\t" |
305 ..table.concat(rule.actions, "\n\t\t\t") | 319 ..table.concat(rule.actions, "\n\t\t\t") |
306 .."\n\t\tend\n"; | 320 .."\n\t\tend\n"; |
307 else | 321 else |
308 rule_code = table.concat(rule.actions, "\n\t\t"); | 322 rule_code = table.concat(rule.actions, "\n\t\t"); |