From 90e03e1833ecf0d747fa440a5f504a6ed434c830 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 25 Nov 2011 14:46:37 -0800
Subject: [PATCH] Even more tweaks to optimize 16

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 33 ++++++++++++++++++------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index b908b02e6..6ec445d35 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -2883,6 +2883,13 @@ sub get_multi_sports( $ ) {
     $ports;
 }
 
+#
+# Return an array of keys for the passed rule. 'dport' and 'comment' are omitted;
+#
+sub get_keys( $ ) {
+    sort grep $_ ne 'dport' && $_ ne 'comment',  keys %{$_[0]};
+}
+
 #
 # The arguments are a list of rule references; function returns a similar list with adjacent compatible rules combined
 #
@@ -2904,14 +2911,14 @@ sub combine_dports {
 	    my $ports1;
 	    
 	    if ( $ports1 = get_dports( $baseref ) ) {
-		my $proto       = $baseref->{p};
-		my @keys1       = sort grep $_ ne 'dport' && $_ ne 'comment', keys %$baseref;
-		my @ports       = ( split ',', $ports1 );
-		my $ports       = port_count( $ports1 );
-		my $origports   = @ports;
-		my $comment     = $baseref->{comment} || '';
-		my $lastcomment = $comment;
-		my $sourceports = get_multi_sports( $baseref );
+		my $proto        = $baseref->{p};
+		my @keys1        = get_keys( $baseref );
+		my @ports        = ( split ',', $ports1 );
+		my $ports        = port_count( $ports1 );
+		my $origports    = @ports;
+		my $comment      = $baseref->{comment} || '';
+		my $lastcomment  = $comment;
+		my $multi_sports = get_multi_sports( $baseref );
 
 	      RULE:
 
@@ -2926,7 +2933,7 @@ sub combine_dports {
 
 			last if $comment2 ne $lastcomment && length( $comment ) + length( $comment2 ) > 253;
 
-			my @keys2 = sort grep $_ ne 'dport' && $_ ne 'comment',  keys %$ruleref;
+			my @keys2 = get_keys( $ruleref );
 
 			last unless @keys1 == @keys2 ;
 
@@ -2935,7 +2942,7 @@ sub combine_dports {
 			for my $key ( @keys1 ) {
 			    last RULE unless $key eq $keys2[$keynum++];
 			    next if $baseref->{$key} eq $ruleref->{$key};
-			    last RULE unless $key eq 'multiport' && $sourceports eq get_multi_sports( $ruleref );
+			    last RULE unless $key eq 'multiport' && $multi_sports eq get_multi_sports( $ruleref );
 			}
    
 			last if ( $ports += port_count( $ports2 ) ) > 15;
@@ -2970,8 +2977,8 @@ sub combine_dports {
 		if ( @ports > $origports ) {
 		    delete $baseref->{dport} if $baseref->{dport};
 
-		    if ( $sourceports ) {
-			$baseref->{multiport} = [ '--sports ' . $sourceports , '--dports ' . join(',', @ports ) ];
+		    if ( $multi_sports ) {
+			$baseref->{multiport} = [ '--sports ' . $multi_sports , '--dports ' . join(',', @ports ) ];
 		    } else {
 			$baseref->{'multiport'} = '--dports ' . join( ',' , @ports  );
 		    }
@@ -2991,7 +2998,7 @@ sub combine_dports {
 	
 sub optimize_level16( $$$ ) {
     my ( $table, $tableref , $passes ) = @_;
-    my @chains   = ( grep $_->{referenced} && ! $_->{builtin}, values %{$tableref} );
+    my @chains   = ( grep $_->{referenced}, values %{$tableref} );
     my @chains1  = @chains;
     my $chains   = @chains;