extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-21 18:21:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimization category 8 tweaks

Browse Source 
- Document cost of the category in shorewall.conf(5)
- Omit DONT_DELETE chains from consideration right off the bat

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2018-01-31 14:58:01 -08:00
parent a08f0cfe10
commit 7bdd69d151
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -3857,7 +3857,10 @@ sub optimize_level8( $$$ ) {
%renamed = (); %renamed = ();
while ( $progress ) { while ( $progress ) {
my @chains = ( sort { level8_compare($a, $b) } ( grep $_->{referenced} && ! $_->{builtin}, values %{$tableref} ) ); my @chains = ( sort { level8_compare($a, $b) } ( grep $_->{referenced} &&
@{$_->{rules}} &&
! $_->{builtin},
values %{$tableref} ) );
my @chains1 = @chains; my @chains1 = @chains;
my $chains = @chains; my $chains = @chains;
my %rename; my %rename;
@ -3877,12 +3880,15 @@ sub optimize_level8( $$$ ) {
# Shift the current $chainref off of @chains1 # Shift the current $chainref off of @chains1
# #
shift @chains1; shift @chains1;
#
# Skip empty chains
#
for my $chainref1 ( @chains1 ) { for my $chainref1 ( @chains1 ) {
next unless @{$chainref1->{rules}}; #
# Skip chain if it can't be deleted
#
next if $chainref1->{optflags} & DONT_DELETE; next if $chainref1->{optflags} & DONT_DELETE;
#
# Chains identical?
#
if ( $chainref->{digest} eq $chainref1->{digest} ) { if ( $chainref->{digest} eq $chainref1->{digest} ) {
progress_message " Chain $chainref1->{name} combined with $chainref->{name}"; progress_message " Chain $chainref1->{name} combined with $chainref->{name}";
$progress = 1; $progress = 1;

11
Shorewall/manpages/shorewall.conf.xml
View File

@ -2147,6 +2147,14 @@ LOG:info:,bar net fw</programlisting>
<para>Optimization category 8 - Added in Shorewall 4.4.9. When <para>Optimization category 8 - Added in Shorewall 4.4.9. When
set, causes chains with identical rules to be collapsed into a set, causes chains with identical rules to be collapsed into a
single chain.</para> single chain.</para>
<warning>
<para>While Optimization category 8 can significantly reduce
the size of the generated iptables ruleset, it can also take
significant system resources during compilation. If you find
that compilation takes an unreasonably long time, try
disabling this category by setting OPTIMIZE=23.</para>
</warning>
</listitem> </listitem>
<listitem> <listitem>
@ -2219,7 +2227,8 @@ LOG:info:,bar net fw</programlisting>
<para>In versions prior to 5.1.0, the default value is zero which <para>In versions prior to 5.1.0, the default value is zero which
disables all optimizations. Beginning with Shorewall 5.1.0, the disables all optimizations. Beginning with Shorewall 5.1.0, the
default value is All which enables all optimizations.</para> default value is <emphasis role="bold">All</emphasis> which enables
all optimizations.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>