holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Optimize 8

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-04-14 13:21:10 -07:00
parent 3b6b7a4099
commit f8bacb54ef
3 changed files with 139 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1621,6 +1621,8 @@ sub optimize_ruleset() {
my $progress = 1;
my $passes = 0;
if ( $config{OPTIMIZE} & 4 ) {
#
# Make repeated passes through each table looking for short chains (those with less than 2 entries)
#
@ -1744,6 +1746,39 @@ sub optimize_ruleset() {
}
}
}
}
if ( $config{OPTIMIZE} & 8 ) {
#
# Now delete duplicate chains
#
$progress = 1;
while ( $progress ) {
$progress = 0;
$passes++;
for my $chainref ( grep $_->{referenced} && ! $_->{builtin}, values %{$chain_table{$table}} ) {
my $rules = $chainref->{rules};
CHAIN:
for my $chainref1 ( grep $_->{referenced}, values %{$chain_table{$table}} ) {
next if $chainref->{name} eq $chainref1->{name};
my $rules1 = $chainref1->{rules};
next if @$rules != @$rules1;
next if $chainref1->{dont_delete};
next if $chainref1->{builtin};
for ( my $i = 0; $i <= $#$rules; $i++ ) {
my $rule = $rules->[$i];
$rule =~ s/^-A $chainref->{name} /-A $chainref1->{name} /;
next CHAIN unless $rule eq $rules1->[$i];
}
replace_references $chainref1, $chainref->{name};
}
}
}
}
progress_message " Table $table Optimized -- Passes = $passes";
progress_message '';

4
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -830,7 +830,7 @@ sub compiler {
#
generate_matrix;
if ( $config{OPTIMIZE} & 6 ) {
if ( $config{OPTIMIZE} & 0xD ) {
progress_message2 'Optimizing Ruleset...';
#
# Optimize Policy Chains
@ -839,7 +839,7 @@ sub compiler {
#
# More Optimization
#
optimize_ruleset if $config{OPTIMIZE} & 4;
optimize_ruleset if $config{OPTIMIZE} & 0xC;
}
enable_script;

2
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3060,7 +3060,7 @@ sub get_configuration( $ ) {
$val = numeric_value $config{OPTIMIZE};
fatal_error "Invalid OPTIMIZE value ($config{OPTIMIZE})" unless defined( $val ) && $val >= 0 && ( $val & ( 4096 ^ -1 ) ) <= 7;
fatal_error "Invalid OPTIMIZE value ($config{OPTIMIZE})" unless defined( $val ) && $val >= 0 && ( $val & ( 4096 ^ -1 ) ) <= 15;
$globals{MARKING_CHAIN} = $config{MARK_IN_FORWARD_CHAIN} ? 'tcfor' : 'tcpre';