forked from extern/shorewall_code
Make optimize 8 a multi-pass operation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
c820c54f41
commit
5beae475f5
@ -3089,122 +3089,130 @@ sub optimize_level4( $$ ) {
|
|||||||
sub optimize_level8( $$$ ) {
|
sub optimize_level8( $$$ ) {
|
||||||
my ( $table, $tableref , $passes ) = @_;
|
my ( $table, $tableref , $passes ) = @_;
|
||||||
my $progress = 1;
|
my $progress = 1;
|
||||||
my @chains = ( grep $_->{referenced} && ! $_->{builtin}, values %{$tableref} );
|
|
||||||
my @chains1 = @chains;
|
|
||||||
my $chains = @chains;
|
|
||||||
my $chainseq = 0;
|
my $chainseq = 0;
|
||||||
my %rename;
|
|
||||||
my %combined;
|
|
||||||
|
|
||||||
$passes++;
|
|
||||||
|
|
||||||
progress_message "\n Table $table pass $passes, $chains referenced user chains, level 8...";
|
|
||||||
|
|
||||||
%renamed = ();
|
%renamed = ();
|
||||||
|
|
||||||
for my $chainref ( @chains ) {
|
while ( $progress ) {
|
||||||
my $digest = '';
|
my @chains = ( grep $_->{referenced} && ! $_->{builtin}, values %{$tableref} );
|
||||||
|
my @chains1 = @chains;
|
||||||
|
my $chains = @chains;
|
||||||
|
my %rename;
|
||||||
|
my %combined;
|
||||||
|
|
||||||
for ( @{$chainref->{rules}} ) {
|
$progress = 0;
|
||||||
if ( $digest ) {
|
|
||||||
$digest .= ' |' . format_rule( $chainref, $_, 1 );
|
|
||||||
} else {
|
|
||||||
$digest = format_rule( $chainref, $_, 1 );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$chainref->{digest} = sha1 $digest;
|
progress_message "\n Table $table pass $passes, $chains referenced user chains, level 8...";
|
||||||
}
|
|
||||||
|
|
||||||
for my $chainref ( @chains ) {
|
$passes++;
|
||||||
my $rules = $chainref->{rules};
|
|
||||||
#
|
|
||||||
# Shift the current $chainref off of @chains1
|
|
||||||
#
|
|
||||||
shift @chains1;
|
|
||||||
#
|
|
||||||
# Skip empty chains
|
|
||||||
#
|
|
||||||
for my $chainref1 ( @chains1 ) {
|
|
||||||
next unless @{$chainref1->{rules}};
|
|
||||||
next if $chainref1->{optflags} & DONT_DELETE;
|
|
||||||
if ( $chainref->{digest} eq $chainref1->{digest} ) {
|
|
||||||
progress_message " Chain $chainref1->{name} combined with $chainref->{name}";
|
|
||||||
replace_references $chainref1, $chainref->{name}, undef;
|
|
||||||
|
|
||||||
unless ( $chainref->{name} =~ /^~/ ) {
|
for my $chainref ( grep ! $_->{digest}, @chains ) {
|
||||||
#
|
my $digest = '';
|
||||||
# For simple use of the BLACKLIST section, we can end up with many identical
|
|
||||||
# chains. To distinguish them from other renamed chains, we keep track of
|
|
||||||
# these chains via the 'blacklistsection' member.
|
|
||||||
#
|
|
||||||
$rename{ $chainref->{name} } = $chainref->{blacklistsection} ? '~blacklist' : '~comb';
|
|
||||||
}
|
|
||||||
|
|
||||||
$combined{ $chainref1->{name} } = $chainref->{name};
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
my @rename = keys %rename;
|
|
||||||
|
|
||||||
if ( @rename ) {
|
|
||||||
#
|
|
||||||
# First create aliases for each renamed chain and change the {name} member.
|
|
||||||
#
|
|
||||||
for my $oldname ( @rename ) {
|
|
||||||
my $newname = $renamed{ $oldname } = $rename{ $oldname } . $chainseq++;
|
|
||||||
|
|
||||||
trace( $tableref->{$oldname}, 'RN', 0, " Renamed $newname" ) if $debug;
|
|
||||||
$tableref->{$newname} = $tableref->{$oldname};
|
|
||||||
$tableref->{$oldname}{name} = $newname;
|
|
||||||
progress_message " Chain $oldname renamed to $newname";
|
|
||||||
}
|
|
||||||
#
|
|
||||||
# Next, map the combined names
|
|
||||||
#
|
|
||||||
while ( my ( $oldname, $combinedname ) = each %combined ) {
|
|
||||||
$renamed{$oldname} = $renamed{$combinedname} || $combinedname;
|
|
||||||
}
|
|
||||||
#
|
|
||||||
# Now adjust the references to point to the new name
|
|
||||||
#
|
|
||||||
while ( my ($chain, $chainref ) = each %$tableref ) {
|
|
||||||
my %references = %{$chainref->{references}};
|
|
||||||
|
|
||||||
if ( my $newname = $renamed{$chainref->{policychain} || ''} ) {
|
|
||||||
$chainref->{policychain} = $newname;
|
|
||||||
}
|
|
||||||
|
|
||||||
while ( my ( $chain1, $chainref1 ) = each %references ) {
|
|
||||||
if ( my $newname = $renamed{$chainref->{references}{$chain1}} ) {
|
|
||||||
$chainref->{references}{$newname} = $chainref->{references}{$chain1};
|
|
||||||
delete $chainref->{references}{$chain1};
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#
|
|
||||||
# Delete the old names from the table
|
|
||||||
#
|
|
||||||
delete $tableref->{$_} for @rename;
|
|
||||||
#
|
|
||||||
# And fix up the rules
|
|
||||||
#
|
|
||||||
for my $chainref ( values %$tableref ) {
|
|
||||||
my $rulenum = 0;
|
|
||||||
|
|
||||||
for ( @{$chainref->{rules}} ) {
|
for ( @{$chainref->{rules}} ) {
|
||||||
$rulenum++;
|
if ( $digest ) {
|
||||||
|
$digest .= ' |' . format_rule( $chainref, $_, 1 );
|
||||||
|
} else {
|
||||||
|
$digest = format_rule( $chainref, $_, 1 );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if ( my $newname = $renamed{$_->{target}} ) {
|
$chainref->{digest} = sha1 $digest;
|
||||||
$_->{target} = $newname;
|
}
|
||||||
trace( $chainref, 'R', $rulenum, $_ ) if $debug;
|
|
||||||
|
for my $chainref ( @chains ) {
|
||||||
|
my $rules = $chainref->{rules};
|
||||||
|
#
|
||||||
|
# Shift the current $chainref off of @chains1
|
||||||
|
#
|
||||||
|
shift @chains1;
|
||||||
|
#
|
||||||
|
# Skip empty chains
|
||||||
|
#
|
||||||
|
for my $chainref1 ( @chains1 ) {
|
||||||
|
next unless @{$chainref1->{rules}};
|
||||||
|
next if $chainref1->{optflags} & DONT_DELETE;
|
||||||
|
if ( $chainref->{digest} eq $chainref1->{digest} ) {
|
||||||
|
progress_message " Chain $chainref1->{name} combined with $chainref->{name}";
|
||||||
|
$progress = 1;
|
||||||
|
replace_references $chainref1, $chainref->{name}, undef;
|
||||||
|
|
||||||
|
unless ( $chainref->{name} =~ /^~/ ) {
|
||||||
|
#
|
||||||
|
# For simple use of the BLACKLIST section, we can end up with many identical
|
||||||
|
# chains. To distinguish them from other renamed chains, we keep track of
|
||||||
|
# these chains via the 'blacklistsection' member.
|
||||||
|
#
|
||||||
|
$rename{ $chainref->{name} } = $chainref->{blacklistsection} ? '~blacklist' : '~comb';
|
||||||
|
}
|
||||||
|
|
||||||
|
$combined{ $chainref1->{name} } = $chainref->{name};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
my @rename = keys %rename;
|
||||||
|
|
||||||
|
if ( @rename ) {
|
||||||
|
#
|
||||||
|
# First create aliases for each renamed chain and change the {name} member.
|
||||||
|
#
|
||||||
|
for my $oldname ( @rename ) {
|
||||||
|
my $newname = $renamed{ $oldname } = $rename{ $oldname } . $chainseq++;
|
||||||
|
|
||||||
|
trace( $tableref->{$oldname}, 'RN', 0, " Renamed $newname" ) if $debug;
|
||||||
|
$tableref->{$newname} = $tableref->{$oldname};
|
||||||
|
$tableref->{$oldname}{name} = $newname;
|
||||||
|
progress_message " Chain $oldname renamed to $newname";
|
||||||
|
}
|
||||||
|
#
|
||||||
|
# Next, map the combined names
|
||||||
|
#
|
||||||
|
while ( my ( $oldname, $combinedname ) = each %combined ) {
|
||||||
|
$renamed{$oldname} = $renamed{$combinedname} || $combinedname;
|
||||||
|
}
|
||||||
|
#
|
||||||
|
# Now adjust the references to point to the new name
|
||||||
|
#
|
||||||
|
while ( my ($chain, $chainref ) = each %$tableref ) {
|
||||||
|
my %references = %{$chainref->{references}};
|
||||||
|
|
||||||
|
if ( my $newname = $renamed{$chainref->{policychain} || ''} ) {
|
||||||
|
$chainref->{policychain} = $newname;
|
||||||
|
}
|
||||||
|
|
||||||
|
while ( my ( $chain1, $chainref1 ) = each %references ) {
|
||||||
|
if ( my $newname = $renamed{$chainref->{references}{$chain1}} ) {
|
||||||
|
$chainref->{references}{$newname} = $chainref->{references}{$chain1};
|
||||||
|
delete $chainref->{references}{$chain1};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#
|
||||||
|
# Delete the old names from the table
|
||||||
|
#
|
||||||
|
delete $tableref->{$_} for @rename;
|
||||||
|
#
|
||||||
|
# And fix up the rules
|
||||||
|
#
|
||||||
|
for my $chainref ( values %$tableref ) {
|
||||||
|
my $rulenum = 0;
|
||||||
|
|
||||||
|
for ( @{$chainref->{rules}} ) {
|
||||||
|
$rulenum++;
|
||||||
|
|
||||||
|
if ( my $newname = $renamed{$_->{target}} ) {
|
||||||
|
$_->{target} = $newname;
|
||||||
|
delete $chainref->{digest};
|
||||||
|
trace( $chainref, 'R', $rulenum, $_ ) if $debug;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$passes;
|
$passes;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user