mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-21 10:18:58 +02:00
Reduce the cost of optimization substantially.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
8017f603a0
commit
46f1074422
@ -1757,15 +1757,10 @@ sub check_optimization( $ ) {
|
||||
#
|
||||
# Perform Optimization
|
||||
#
|
||||
sub optimize_ruleset() {
|
||||
for my $table ( qw/raw mangle nat filter/ ) {
|
||||
|
||||
next if $family == F_IPV6 && $table eq 'nat';
|
||||
|
||||
sub optimize_level4( $$ ) {
|
||||
my ( $table, $tableref ) = @_;
|
||||
my $progress = 1;
|
||||
my $passes = 0;
|
||||
|
||||
if ( $config{OPTIMIZE} & 4 ) {
|
||||
#
|
||||
# Make repeated passes through each table looking for short chains (those with less than 2 entries)
|
||||
#
|
||||
@ -1782,7 +1777,7 @@ sub optimize_ruleset() {
|
||||
|
||||
progress_message "\n Table $table pass $passes, level 4a...";
|
||||
|
||||
for my $chainref ( grep $_->{referenced}, values %{$chain_table{$table}} ) {
|
||||
for my $chainref ( grep $_->{referenced}, values %{$tableref} ) {
|
||||
#
|
||||
# If the chain isn't branched to, then delete it
|
||||
#
|
||||
@ -1877,13 +1872,13 @@ sub optimize_ruleset() {
|
||||
|
||||
progress_message "\n Table $table pass $passes, level 4b...";
|
||||
|
||||
for my $chainref ( grep $_->{referenced}, values %{$chain_table{$table}} ) {
|
||||
for my $chainref ( grep $_->{referenced}, values %{$tableref} ) {
|
||||
my $lastrule = $chainref->{rules}[-1];
|
||||
|
||||
if ( defined $lastrule && $lastrule =~ /^-A -[jg] (.*)$/ ) {
|
||||
#
|
||||
# Last rule is a simple branch
|
||||
my $targetref = $chain_table{$table}{$1};
|
||||
my $targetref = $tableref->{$1};
|
||||
|
||||
if ( $targetref && ! ( $targetref->{builtin} || $targetref->{dont_move} ) ) {
|
||||
copy_rules( $targetref, $chainref );
|
||||
@ -1892,22 +1887,26 @@ sub optimize_ruleset() {
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ( $config{OPTIMIZE} & 8 ) {
|
||||
sub optimize_level8( $$ ) {
|
||||
my ( $table, $tableref ) = @_;
|
||||
my $progress = 1;
|
||||
my $passes = 0;
|
||||
my @chains = ( grep $_->{referenced} && ! $_->{builtin}, values %{$tableref} );
|
||||
my @chains1 = @chains;
|
||||
#
|
||||
# Now delete duplicate chains
|
||||
# Delete duplicate chains
|
||||
#
|
||||
$passes++;
|
||||
|
||||
progress_message "\n Table $table pass $passes, level 8...";
|
||||
|
||||
for my $chainref ( grep $_->{referenced} && ! $_->{builtin}, values %{$chain_table{$table}} ) {
|
||||
for my $chainref ( @chains ) {
|
||||
my $rules = $chainref->{rules};
|
||||
shift @chains1;
|
||||
|
||||
next if not @$rules;
|
||||
CHAIN:
|
||||
for my $chainref1 ( grep $_->{referenced}, values %{$chain_table{$table}} ) {
|
||||
next if $chainref eq $chainref1;
|
||||
for my $chainref1 ( @chains1 ) {
|
||||
my $rules1 = $chainref1->{rules};
|
||||
next if @$rules != @$rules1;
|
||||
next if $chainref1->{dont_delete};
|
||||
@ -1919,7 +1918,18 @@ sub optimize_ruleset() {
|
||||
replace_references1 $chainref1, $chainref->{name}, '';
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sub optimize_ruleset() {
|
||||
for my $table ( qw/raw mangle nat filter/ ) {
|
||||
|
||||
next if $family == F_IPV6 && $table eq 'nat';
|
||||
|
||||
my $tableref = $chain_table{$table};
|
||||
my $passes = 0;
|
||||
|
||||
$passes = optimize_level4( $table, $tableref ) if $config{OPTIMIZE} & 4;
|
||||
$passes++, optimize_level8( $table, $tableref ) if $config{OPTIMIZE} & 8;
|
||||
|
||||
progress_message " Table $table Optimized -- Passes = $passes";
|
||||
progress_message '';
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user