refactor extra chain formation

3 files changed, 47 insertions, 58 deletions

diff --git a/awall/model.lua b/awall/model.lua
index ca65e99..b217e0f 100644
--- a/awall/model.lua
+++ b/awall/model.lua
@@ -1,6 +1,6 @@
 --[[
 Base data model for Alpine Wall
-Copyright (C) 2012-2016 Kaarle Ritvanen
+Copyright (C) 2012-2017 Kaarle Ritvanen
 See LICENSE file for license details
 ]]--
 
@@ -521,29 +521,27 @@ function M.Rule:trules()
       end
    end
 
-   local custom = self:customtarget()
-   local final = custom or self:target()
-
-   local nxt
-   if combined then
-      nxt = final
-      ofrags = combined
-   else nxt = self:uniqueid('address') end
+   if combined then ofrags = combined end
 
    tag(ofrags, 'position', self:position())
 
-   ofrags = combinations(ofrags, {{target=nxt}})
-
+   local addrchain
    if not combined then
-      extend(ofrags, combinations(addrofrags, {{chain=nxt, target=final}}))
+      addrchain = self:uniqueid('address')
+      self:settarget(ofrags, addrchain)
+      extend(ofrags, combinations(addrofrags, {{chain=addrchain}}))
    end
 
-   local function extofrags(new)
-      if not custom then extend(ofrags, new)
-      elseif new[1] then self:error('Custom action not allowed here') end
-   end
+   local function bancustom() self:error('Custom action not allowed here') end
+   local custom = self:customtarget()
 
-   extofrags(self:extraoptfrags())
+   ofrags = self:mangleoptfrags(ofrags)
+   for _, ofrag in ipairs(ofrags) do
+      if custom and ofrag.target and ofrag.target ~= addrchain then
+	 bancustom()
+      end
+   end
+   self:settarget(ofrags, custom or self:target())
 
    local tbl = self:table()
 
@@ -601,9 +599,10 @@ function M.Rule:trules()
       combinations(ofrags, ffilter({{family='inet'}, {family='inet6'}})),
       function(r) return self:trulefilter(r) end
    )
-   extofrags(self:extratrules(ofrags))
 
-   return ofrags
+   local extra = self:extratrules(ofrags)
+   if custom and extra[1] then bancustom() end
+   return extend(ofrags, extra)
 end
 
 function M.Rule:customtarget()
@@ -615,7 +614,12 @@ function M.Rule:customtarget()
    end
 end
 
-function M.Rule:extraoptfrags() return {} end
+function M.Rule:settarget(ofrags, target)
+   for _, ofrag in ipairs(ofrags) do setdefault(ofrag, 'target', target) end
+   return ofrags
+end
+
+function M.Rule:mangleoptfrags(ofrags) return ofrags end
 
 function M.Rule:trulefilter(rule) return true end
 
diff --git a/awall/modules/filter.lua b/awall/modules/filter.lua
index f8a1047..59ad6a4 100644
--- a/awall/modules/filter.lua
+++ b/awall/modules/filter.lua
@@ -156,12 +156,7 @@ end
 
 function LoggingRule:logdefault() return false end
 
-function LoggingRule:actiontarget() return 'ACCEPT' end
-
-function LoggingRule:target()
-   if self.log then return self:uniqueid('log'..self.action) end
-   return self:actiontarget()
-end
+function LoggingRule:target() return 'ACCEPT' end
 
 function LoggingRule:logchain(log, action, target)
    if not log then return {}, target end
@@ -173,10 +168,10 @@ function LoggingRule:logchain(log, action, target)
    return combinations({{chain=chain}}, ofrags), chain
 end
 
-function LoggingRule:extraoptfrags()
-   return self.log and
-      self:logchain(self.log, self.action, self:actiontarget()) or
-      LoggingRule.super(self):extraoptfrags()
+function LoggingRule:mangleoptfrags(ofrags)
+   if not self.log then return ofrags end
+   local ofs, chain = self:logchain(self.log, self.action, self:target())
+   return extend(self:settarget(ofrags, chain), ofs)
 end
 
 
@@ -334,7 +329,7 @@ function Filter:logdefault()
    return contains({'drop', 'reject', 'tarpit'}, self.action)
 end
 
-function Filter:actiontarget()
+function Filter:target()
    if self.action == 'pass' then return end
    if self.action ~= 'accept' and not self:logdefault() then
       self:error('Invalid filter action: '..self.action)
@@ -342,20 +337,17 @@ function Filter:actiontarget()
    return self.action == 'tarpit' and 'tarpit' or self.action:upper()
 end
 
-function Filter:target()
-   if self:limit() then return self:uniqueid('limit') end
-   return Filter.super(self).target()
-end
-
-function Filter:extraoptfrags()
+function Filter:mangleoptfrags(ofrags)
    local limit = self:limit()
-   if not limit then return Filter.super(self):extraoptfrags() end
+   if not limit then return Filter.super(self):mangleoptfrags(ofrags) end
 
    if self.action ~= 'accept' then
       self:error('Cannot specify limit for '..self.action..' filter')
    end
 
    local limitchain = self:uniqueid('limit')
+   self:settarget(ofrags, limitchain)
+
    local limitlog = self[limit].log
    local limitobj = self:create(FilterLimit, self[limit], 'limit')
 
@@ -370,9 +362,7 @@ function Filter:extraoptfrags()
 
       limitofs = combinations(uofs, {{target=logch}})
       if accept and self.log then extend(limitofs, self.log:optfrags()) end
-      extend(
-	 limitofs, combinations(sofs, {{target=accept and 'ACCEPT' or nil}})
-      )
+      extend(limitofs, combinations(sofs, {{target=accept and 'ACCEPT'}}))
 
    else
       if accept then ofs, logch = self:logchain(self.log, 'accept', 'ACCEPT')
@@ -385,8 +375,8 @@ function Filter:extraoptfrags()
       table.insert(limitofs, {target='DROP'})
    end
 
-   extend(ofs, combinations({{chain=limitchain}}, limitofs))
-   return ofs
+   extend(ofrags, ofs)
+   return extend(ofrags, combinations({{chain=limitchain}}, limitofs))
 end
 
 
diff --git a/awall/modules/mark.lua b/awall/modules/mark.lua
index 56348d3..83d90b3 100644
--- a/awall/modules/mark.lua
+++ b/awall/modules/mark.lua
@@ -1,6 +1,6 @@
 --[[
 Packet marking module for Alpine Wall
-Copyright (C) 2012-2016 Kaarle Ritvanen
+Copyright (C) 2012-2017 Kaarle Ritvanen
 See LICENSE file for license details
 ]]--
 
@@ -9,7 +9,7 @@ local model = require('awall.model')
 local class = model.class
 
 local combinations = require('awall.optfrag').combinations
-local list = require('awall.util').list
+local util = require('awall.util')
 
 
 local MarkRule = class(model.Rule)
@@ -26,24 +26,19 @@ function MarkRule:target() return 'MARK --set-mark '..self.mark end
 
 local RouteTrackRule = class(MarkRule)
 
-function RouteTrackRule:target() return self:uniqueid('mark') end
-
-function RouteTrackRule:servoptfrags()
-   return combinations(
-      RouteTrackRule.super(self):servoptfrags(), {{match='-m mark --mark 0'}}
+function RouteTrackRule:mangleoptfrags(ofrags)
+   local markchain = self:uniqueid('mark')
+   return util.extend(
+      self:settarget(
+	 combinations(ofrags, {{match='-m mark --mark 0'}}), markchain
+      ),
+      {{chain=markchain}, {chain=markchain, target='CONNMARK --save-mark'}}
    )
 end
 
-function RouteTrackRule:extraoptfrags()
-   return {
-      {chain=self:target(), target=RouteTrackRule.super(self).target()},
-      {chain=self:target(), target='CONNMARK --save-mark'}
-   }
-end
-
 
 local function restoremark(config)
-   if list(config['route-track'])[1] then
+   if util.list(config['route-track'])[1] then
       return combinations(
 	 {{family='inet'}, {family='inet6'}},
 	 {{chain='OUTPUT'}, {chain='PREROUTING'}},