extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-21 10:18:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Reduce the cost of optimization substantially.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-09-29 11:54:39 -07:00
parent 8017f603a0
commit 46f1074422
1 changed files with 152 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1757,15 +1757,10 @@ sub check_optimization( $ ) {
# #
# Perform Optimization # Perform Optimization
# #
sub optimize_ruleset() { sub optimize_level4( $$ ) {
for my $table ( qw/raw mangle nat filter/ ) { my ( $table, $tableref ) = @_;
next if $family == F_IPV6 && $table eq 'nat';
my $progress = 1; my $progress = 1;
my $passes = 0; my $passes = 0;
if ( $config{OPTIMIZE} & 4 ) {
# #
# Make repeated passes through each table looking for short chains (those with less than 2 entries) # Make repeated passes through each table looking for short chains (those with less than 2 entries)
# #
@ -1782,7 +1777,7 @@ sub optimize_ruleset() {
progress_message "\n Table $table pass $passes, level 4a..."; progress_message "\n Table $table pass $passes, level 4a...";
for my $chainref ( grep $_->{referenced}, values %{$chain_table{$table}} ) { for my $chainref ( grep $_->{referenced}, values %{$tableref} ) {
# #
# If the chain isn't branched to, then delete it # If the chain isn't branched to, then delete it
# #
@ -1877,13 +1872,13 @@ sub optimize_ruleset() {
progress_message "\n Table $table pass $passes, level 4b..."; progress_message "\n Table $table pass $passes, level 4b...";
for my $chainref ( grep $_->{referenced}, values %{$chain_table{$table}} ) { for my $chainref ( grep $_->{referenced}, values %{$tableref} ) {
my $lastrule = $chainref->{rules}[-1]; my $lastrule = $chainref->{rules}[-1];
if ( defined $lastrule && $lastrule =~ /^-A -[jg] (.*)$/ ) { if ( defined $lastrule && $lastrule =~ /^-A -[jg] (.*)$/ ) {
# #
# Last rule is a simple branch # Last rule is a simple branch
my $targetref = $chain_table{$table}{$1}; my $targetref = $tableref->{$1};
if ( $targetref && ! ( $targetref->{builtin} || $targetref->{dont_move} ) ) { if ( $targetref && ! ( $targetref->{builtin} || $targetref->{dont_move} ) ) {
copy_rules( $targetref, $chainref ); copy_rules( $targetref, $chainref );
@ -1892,22 +1887,26 @@ sub optimize_ruleset() {
} }
} }
} }
} }
if ( $config{OPTIMIZE} & 8 ) { sub optimize_level8( $$ ) {
my ( $table, $tableref ) = @_;
my $progress = 1;
my $passes = 0;
my @chains = ( grep $_->{referenced} && ! $_->{builtin}, values %{$tableref} );
my @chains1 = @chains;
# #
# Now delete duplicate chains # Delete duplicate chains
# #
$passes++;
progress_message "\n Table $table pass $passes, level 8..."; progress_message "\n Table $table pass $passes, level 8...";
for my $chainref ( grep $_->{referenced} && ! $_->{builtin}, values %{$chain_table{$table}} ) { for my $chainref ( @chains ) {
my $rules = $chainref->{rules}; my $rules = $chainref->{rules};
shift @chains1;
next if not @$rules; next if not @$rules;
CHAIN: CHAIN:
for my $chainref1 ( grep $_->{referenced}, values %{$chain_table{$table}} ) { for my $chainref1 ( @chains1 ) {
next if $chainref eq $chainref1;
my $rules1 = $chainref1->{rules}; my $rules1 = $chainref1->{rules};
next if @$rules != @$rules1; next if @$rules != @$rules1;
next if $chainref1->{dont_delete}; next if $chainref1->{dont_delete};
@ -1919,7 +1918,18 @@ sub optimize_ruleset() {
replace_references1 $chainref1, $chainref->{name}, ''; replace_references1 $chainref1, $chainref->{name}, '';
} }
} }
} }
sub optimize_ruleset() {
for my $table ( qw/raw mangle nat filter/ ) {
next if $family == F_IPV6 && $table eq 'nat';
my $tableref = $chain_table{$table};
my $passes = 0;
$passes = optimize_level4( $table, $tableref ) if $config{OPTIMIZE} & 4;
$passes++, optimize_level8( $table, $tableref ) if $config{OPTIMIZE} & 8;
progress_message " Table $table Optimized -- Passes = $passes"; progress_message " Table $table Optimized -- Passes = $passes";
progress_message ''; progress_message '';