filter-specific subclass of Limit

author: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2014-09-18 15:30:06 +0300
committer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2014-09-18 18:55:47 +0300
commit: 6ab14ed775b47a554f26e7cbc55f5f2e3200ccfe (patch)
tree: ca0bf5e98569ff6ba66f65271a3c6995a8a07410
parent: 61baa3447a38112b49345337cb6cad45135cd5aa (diff)
download: awall-6ab14ed775b47a554f26e7cbc55f5f2e3200ccfe.tar.bz2
awall-6ab14ed775b47a554f26e7cbc55f5f2e3200ccfe.tar.xz
2 files changed, 65 insertions, 63 deletions
diff --git a/awall/model.lua b/awall/model.lua
index 54a9795..4001ce2 100644
--- a/awall/model.lua
+++ b/awall/model.lua
@@ -31,9 +31,6 @@ local setdefault = util.setdefault
 local startswith = require('stringy').startswith
 
 
-local RECENT_MAX_COUNT = 20
-
-
 M.ConfigObject = M.class()
 
 function M.ConfigObject:init(context, location)
@@ -597,65 +594,6 @@ end
 
 function M.Limit:rate() return math.ceil(self.count / self.interval) end
 
-function M.Limit:recentofrags(name)
-   local count = self.count
-   local interval = self.interval
-
-   if count > RECENT_MAX_COUNT then
-      count = self:rate()
-      interval = 1
-   end
-
-   if count > RECENT_MAX_COUNT then return end
-
-   local uofs = {}
-   local sofs = {}
-
-   for _, family in ipairs{'inet', 'inet6'} do
-      if type(self.mask[family].mode) ~= 'table' then return end
-      local mask = ''
-      local attr, len = unpack(self.mask[family].mode)
-
-      if family == 'inet' then
-	 local octet
-	 for i = 0, 3 do
-	    if len <= i * 8 then octet = 0
-	    elseif len > i * 8 + 7 then octet = 255
-	    else octet = 256 - 2^(8 - len % 8) end
-	    mask = util.join(mask, '.', octet)
-	 end
-
-      elseif family == 'inet6' then
-	 while len > 0 do
-	    if #mask % 5 == 4 then mask = mask..':' end
-	    mask = mask..('%x'):format(16 - 2^math.max(0, 4 - len))
-	    len = len - 4
-	 end
-	 while #mask % 5 < 4 do mask = mask..'0' end
-	 if #mask < 39 then mask = mask..'::' end
-      end
-
-      local rec = {
-	 {
-	    family=family,
-	    opts='-m recent --name '..name..' --r'..
-	       ({src='source', dest='dest'})[attr]..' --mask '..mask
-	 }
-      }
-
-      extend(
-	 uofs,
-	 combinations(
-	    rec,
-	    {{opts='--update --hitcount '..count..' --seconds '..interval}}
-	 )
-      )
-      extend(sofs, combinations(rec, {{opts='--set'}}))
-   end
-
-   return uofs, sofs
-end
-
 function M.Limit:limitofrags(name)
    local rate = self:rate()
    local ofrags = {}
diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua
index a084d1a..a2e116a 100644
--- a/awall/modules/filter.lua
+++ b/awall/modules/filter.lua
@@ -20,6 +20,70 @@ local extend = util.extend
 local listpairs = util.listpairs
 
 
+local RECENT_MAX_COUNT = 20
+
+local FilterLimit = class(model.Limit)
+
+function FilterLimit:recentofrags(name)
+   local count = self.count
+   local interval = self.interval
+
+   if count > RECENT_MAX_COUNT then
+      count = self:rate()
+      interval = 1
+   end
+
+   if count > RECENT_MAX_COUNT then return end
+
+   local uofs = {}
+   local sofs = {}
+
+   for _, family in ipairs{'inet', 'inet6'} do
+      if type(self.mask[family].mode) ~= 'table' then return end
+      local mask = ''
+      local attr, len = unpack(self.mask[family].mode)
+
+      if family == 'inet' then
+	 local octet
+	 for i = 0, 3 do
+	    if len <= i * 8 then octet = 0
+	    elseif len > i * 8 + 7 then octet = 255
+	    else octet = 256 - 2^(8 - len % 8) end
+	    mask = util.join(mask, '.', octet)
+	 end
+
+      elseif family == 'inet6' then
+	 while len > 0 do
+	    if #mask % 5 == 4 then mask = mask..':' end
+	    mask = mask..('%x'):format(16 - 2^math.max(0, 4 - len))
+	    len = len - 4
+	 end
+	 while #mask % 5 < 4 do mask = mask..'0' end
+	 if #mask < 39 then mask = mask..'::' end
+      end
+
+      local rec = {
+	 {
+	    family=family,
+	    opts='-m recent --name '..name..' --r'..
+	       ({src='source', dest='dest'})[attr]..' --mask '..mask
+	 }
+      }
+
+      extend(
+	 uofs,
+	 combinations(
+	    rec,
+	    {{opts='--update --hitcount '..count..' --seconds '..interval}}
+	 )
+      )
+      extend(sofs, combinations(rec, {{opts='--set'}}))
+   end
+
+   return uofs, sofs
+end
+
+
 local TranslatingRule = class(Rule)
 
 function TranslatingRule:destoptfrags()
@@ -238,7 +302,7 @@ function Filter:extraoptfrags()
 
       local limitchain = self:uniqueid('limit')
       local limitlog = self[limit].log
-      local limitobj = self:create(model.Limit, self[limit], 'limit')
+      local limitobj = self:create(FilterLimit, self[limit], 'limit')
 
       local ofrags = {}
       local logch, limitofs
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2014-09-18 15:30:06 +0300
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2014-09-18 18:55:47 +0300
commit	6ab14ed775b47a554f26e7cbc55f5f2e3200ccfe (patch)
tree	ca0bf5e98569ff6ba66f65271a3c6995a8a07410
parent	61baa3447a38112b49345337cb6cad45135cd5aa (diff)
download	awall-6ab14ed775b47a554f26e7cbc55f5f2e3200ccfe.tar.bz2 awall-6ab14ed775b47a554f26e7cbc55f5f2e3200ccfe.tar.xz