forked from extern/shorewall_code
Some tweaks to optimize 16
This commit is contained in:
Tom Eastep
parent
0f02b497f6
commit
71bbd7963c
@ -2847,20 +2847,18 @@ sub optimize_level8( $$$ ) {
|
|||||||
sub get_dports( $ ) {
|
sub get_dports( $ ) {
|
||||||
my $ruleref = shift;
|
my $ruleref = shift;
|
||||||
|
|
||||||
return $ruleref->{dport} if $ruleref->{dport};
|
my $ports = $ruleref->{dport} || '';
|
||||||
|
|
||||||
my $multiref = $ruleref->{multiport};
|
unless ( $ports ) {
|
||||||
|
if ( my $multiref = $ruleref->{multiport} ) {
|
||||||
return undef unless $multiref;
|
if ( reftype $multiref ) {
|
||||||
|
for ( @$multiref ) {
|
||||||
my $ports = '';
|
$ports .= ",$1" if /^--dports (.*)/;
|
||||||
|
}
|
||||||
if ( reftype $multiref ) {
|
} else {
|
||||||
for ( @$multiref ) {
|
$ports = $1 if $multiref =~ /^--dports (.*)/;
|
||||||
$ports .= ",$1" if /^--dports (.*)/;
|
}
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
$ports = $1 if $multiref =~ /^--dports (.*)/;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$ports;
|
$ports;
|
||||||
@ -2870,10 +2868,9 @@ sub get_dports( $ ) {
|
|||||||
# Returns a comma-separated list of multiport source ports from the passed rule
|
# Returns a comma-separated list of multiport source ports from the passed rule
|
||||||
#
|
#
|
||||||
sub get_multi_sports( $ ) {
|
sub get_multi_sports( $ ) {
|
||||||
my $ruleref = shift;
|
|
||||||
my $ports = '';
|
my $ports = '';
|
||||||
|
|
||||||
if ( my $multiref = $ruleref->{multiport} ) {
|
if ( my $multiref = $_[0]->{multiport} ) {
|
||||||
if ( reftype $multiref ) {
|
if ( reftype $multiref ) {
|
||||||
for ( @$multiref ) {
|
for ( @$multiref ) {
|
||||||
$ports .= ",$1" if /^--sports (.*)/;
|
$ports .= ",$1" if /^--sports (.*)/;
|
||||||
@ -2887,7 +2884,7 @@ sub get_multi_sports( $ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# The arguments are a list of rule references; returns a similar list with adjacent compatible rules combined
|
# The arguments are a list of rule references; function returns a similar list with adjacent compatible rules combined
|
||||||
#
|
#
|
||||||
# Adjacent rules are compatible if:
|
# Adjacent rules are compatible if:
|
||||||
#
|
#
|
||||||
@ -2899,8 +2896,9 @@ sub get_multi_sports( $ ) {
|
|||||||
sub combine_dports {
|
sub combine_dports {
|
||||||
my @rules;
|
my @rules;
|
||||||
|
|
||||||
if ( my $baseref = shift ) {
|
my $baseref = shift;
|
||||||
BASE:
|
|
||||||
|
while ( $baseref ) {
|
||||||
{
|
{
|
||||||
my $ruleref;
|
my $ruleref;
|
||||||
my $ports1;
|
my $ports1;
|
||||||
@ -2914,7 +2912,9 @@ sub combine_dports {
|
|||||||
my $comment = $baseref->{comment} || '';
|
my $comment = $baseref->{comment} || '';
|
||||||
my $lastcomment = $comment;
|
my $lastcomment = $comment;
|
||||||
my $sourceports = get_multi_sports( $baseref );
|
my $sourceports = get_multi_sports( $baseref );
|
||||||
|
|
||||||
RULE:
|
RULE:
|
||||||
|
|
||||||
while ( ( $ruleref = shift ) && $ports < 15 ) {
|
while ( ( $ruleref = shift ) && $ports < 15 ) {
|
||||||
my $ports2;
|
my $ports2;
|
||||||
|
|
||||||
@ -2927,17 +2927,17 @@ sub combine_dports {
|
|||||||
last if $comment2 ne $lastcomment && length( $comment ) + length( $comment2 ) > 253;
|
last if $comment2 ne $lastcomment && length( $comment ) + length( $comment2 ) > 253;
|
||||||
|
|
||||||
my @keys2 = sort grep $_ ne 'dport' && $_ ne 'comment', keys %$ruleref;
|
my @keys2 = sort grep $_ ne 'dport' && $_ ne 'comment', keys %$ruleref;
|
||||||
|
|
||||||
last unless @keys1 == @keys2 ;
|
last unless @keys1 == @keys2 ;
|
||||||
|
|
||||||
my $keynum = 0;
|
my $keynum = 0;
|
||||||
|
|
||||||
for my $key ( @keys1 ) {
|
for my $key ( @keys1 ) {
|
||||||
last RULE unless $key eq $keys2[$keynum++];
|
last RULE unless $key eq $keys2[$keynum++];
|
||||||
next if $baseref->{$key} eq $ruleref->{$key};
|
next if $baseref->{$key} eq $ruleref->{$key};
|
||||||
last RULE unless $key eq 'multiport' && $sourceports eq get_multi_sports( $ruleref );
|
last RULE unless $key eq 'multiport' && $sourceports eq get_multi_sports( $ruleref );
|
||||||
}
|
}
|
||||||
|
|
||||||
last if ( $ports += port_count( $ports2 ) ) > 15;
|
last if ( $ports += port_count( $ports2 ) ) > 15;
|
||||||
|
|
||||||
if ( $comment2 ) {
|
if ( $comment2 ) {
|
||||||
@ -2966,7 +2966,7 @@ sub combine_dports {
|
|||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( @ports > $origports ) {
|
if ( @ports > $origports ) {
|
||||||
delete $baseref->{dport} if $baseref->{dport};
|
delete $baseref->{dport} if $baseref->{dport};
|
||||||
|
|
||||||
@ -2979,12 +2979,10 @@ sub combine_dports {
|
|||||||
$baseref->{comment} = $comment if $comment;
|
$baseref->{comment} = $comment if $comment;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
push @rules, $baseref;
|
push @rules, $baseref;
|
||||||
|
|
||||||
$baseref = $ruleref ? $ruleref : shift;
|
$baseref = $ruleref ? $ruleref : shift;
|
||||||
|
|
||||||
redo BASE if $baseref;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3014,9 +3012,9 @@ sub optimize_ruleset() {
|
|||||||
my $tableref = $chain_table{$table};
|
my $tableref = $chain_table{$table};
|
||||||
my $passes = 0;
|
my $passes = 0;
|
||||||
|
|
||||||
$passes = optimize_level4( $table, $tableref ) if $config{OPTIMIZE} & 4;
|
$passes = optimize_level4( $table, $tableref ) if $config{OPTIMIZE} & 4;
|
||||||
$passes = optimize_level8( $table, $tableref , $passes ) if $config{OPTIMIZE} & 8;
|
$passes = optimize_level8( $table, $tableref , $passes ) if $config{OPTIMIZE} & 8;
|
||||||
$passes = optimize_level16( $table, $tableref , $passes ) if $config{OPTIMIZE} & 16;
|
$passes = optimize_level16( $table, $tableref , $passes ) if $config{OPTIMIZE} & 16;
|
||||||
|
|
||||||
progress_message " Table $table Optimized -- Passes = $passes";
|
progress_message " Table $table Optimized -- Passes = $passes";
|
||||||
progress_message '';
|
progress_message '';
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user