# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1458214030 0
# Node ID f445f43b9ba18bb480bc03fd6c9b20d5c8842b41
# Parent  f2ee508315e129fac96cb051a57e0df01cb0df9f
mod_firewall: Add support for session marking (MARK_ORIGIN, UNMARK_ORIGIN, ORIGIN_MARKED)

diff -r f2ee508315e1 -r f445f43b9ba1 mod_firewall/actions.lib.lua
--- a/mod_firewall/actions.lib.lua	Thu Mar 17 11:26:20 2016 +0000
+++ b/mod_firewall/actions.lib.lua	Thu Mar 17 11:27:10 2016 +0000
@@ -183,4 +183,12 @@
 	return ("if fire_event(%q, event) then return true; end"):format("firewall/chains/"..name);
 end
 
+function action_handlers.MARK_ORIGIN(name)
+	return [[session.firewall_marked_]]..idsafe(name)..[[ = current_timestamp;]], { "timestamp" };
+end
+
+function action_handlers.UNMARK_ORIGIN(name)
+	return [[session.firewall_marked_]]..idsafe(name)..[[ = nil;]]
+end
+
 return action_handlers;
diff -r f2ee508315e1 -r f445f43b9ba1 mod_firewall/conditions.lib.lua
--- a/mod_firewall/conditions.lib.lua	Thu Mar 17 11:26:20 2016 +0000
+++ b/mod_firewall/conditions.lib.lua	Thu Mar 17 11:27:10 2016 +0000
@@ -180,4 +180,18 @@
 	return ("not throttle_%s:poll(1)"):format(name), { "throttle:"..name };
 end
 
+function condition_handlers.ORIGIN_MARKED(name_and_time)
+	local name, time = name_and_time:match("^%s*(%w+)%s+%(([^)]+)s%)%s*$");
+	if not name then
+		name = name_and_time:match("^%s*(%w+)%s*$");
+	end
+	if not name then
+		error("Error parsing mark name, see documentation for usage examples");
+	end
+	if time then
+		return ("(current_time - (session.firewall_marked_%s or 0)) < %d"):format(idsafe(name), tonumber(time)), { "timestamp" };
+	end
+	return ("not not session.firewall_marked_"..idsafe(name));
+end
+
 return condition_handlers;