extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-24 08:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make blacklist rule promotion much more effecient.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-09-18 13:35:24 -07:00
parent 74abd4ad54
commit ce9b5ee944
1 changed files with 9 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -3699,24 +3699,18 @@ sub promote_blacklist_rules() {
while ( $promoted ) {
$promoted = 0;
#
# Copy 'blacklst''s references since they will change in the following loop
#
my @references = map $filter_table->{$_}, keys %{$chainbref->{references}};
for my $chain1ref ( @references ) {
assert( $chain1ref->{blacklist} == 1 );
for my $chain1ref ( grep $_->{blacklist} , values %$filter_table ) {
my $copied = 0;
my $rule = $chain1ref->{rules}[0];
my $chain1 = $chain1ref->{name};
#
# Isolate the name of the blacklist chain
#
$rule =~ / -j ([^\s]+)/;
my $chainb = $1;
assert( $chainb && $chainb =~ /^black/ );
next unless $chainb eq 'blacklst';
#
# An 'in' blacklist rule
#
for my $chain2ref ( map $filter_table->{$_}, keys %{$chain1ref->{references}} ) {
unless ( $chain2ref->{builtin} ) {
#
@ -3738,7 +3732,7 @@ sub promote_blacklist_rules() {
if ( $copied ) {
shift @{$chain1ref->{rules}};
$chain1ref->{blacklist} = 0;
assert ( $chainbref->{references}{$chain1ref->{name}}-- > 0 );
delete $chainbref->{references}{$chain1} unless --$chainbref->{references}{$chain1} > 0;
$promoted = 1;
}
}