prosody-modules: mod_firewall/mod_firewall.lua@165d2877eeac (annotated)

947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	1
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	2	local lfs = require "lfs";
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	3	local resolve_relative_path = require "core.configmanager".resolve_relative_path;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	4	local logger = require "util.logger".init;
971 53e158e44a44 mod_firewall: Add rate limiting capabilities, and keep zones and throttle objects in shared tables Matthew Wild <mwild1@gmail.com> parents: 967 diff changeset	5	local it = require "util.iterators";
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	6	local set = require "util.set";
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	7
2583 5e948d1392a5 mod_firewall: Add some comments Matthew Wild <mwild1@gmail.com> parents: 2582 diff changeset	8	-- [definition_type] = definition_factory(param)
999 197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	9	local definitions = module:shared("definitions");
2583 5e948d1392a5 mod_firewall: Add some comments Matthew Wild <mwild1@gmail.com> parents: 2582 diff changeset	10
5e948d1392a5 mod_firewall: Add some comments Matthew Wild <mwild1@gmail.com> parents: 2582 diff changeset	11	-- When a definition instance has been instantiated, it lives here
5e948d1392a5 mod_firewall: Add some comments Matthew Wild <mwild1@gmail.com> parents: 2582 diff changeset	12	-- [definition_type][definition_name] = definition_object
2378 d630fa0d4dba mod_firewall: Add default zone called '$local' containing all local hosts (dynamically) Matthew Wild <mwild1@gmail.com> parents: 2372 diff changeset	13	local active_definitions = {
d630fa0d4dba mod_firewall: Add default zone called '$local' containing all local hosts (dynamically) Matthew Wild <mwild1@gmail.com> parents: 2372 diff changeset	14	ZONE = {
d630fa0d4dba mod_firewall: Add default zone called '$local' containing all local hosts (dynamically) Matthew Wild <mwild1@gmail.com> parents: 2372 diff changeset	15	-- Default zone that includes all local hosts
d630fa0d4dba mod_firewall: Add default zone called '$local' containing all local hosts (dynamically) Matthew Wild <mwild1@gmail.com> parents: 2372 diff changeset	16	["$local"] = setmetatable({}, { __index = prosody.hosts });
2531 5ff7eb601d60 mod_firewall: Code formatting Matthew Wild <mwild1@gmail.com> parents: 2530 diff changeset	17	};
2378 d630fa0d4dba mod_firewall: Add default zone called '$local' containing all local hosts (dynamically) Matthew Wild <mwild1@gmail.com> parents: 2372 diff changeset	18	};
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	19
2117 d75145297bf9 mod_firewall: Support for defining extra chains in the config file Matthew Wild <mwild1@gmail.com> parents: 2105 diff changeset	20	local default_chains = {
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	21	preroute = {
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	22	type = "event";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	23	priority = 0.1;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	24	"pre-message/bare", "pre-message/full", "pre-message/host";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	25	"pre-presence/bare", "pre-presence/full", "pre-presence/host";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	26	"pre-iq/bare", "pre-iq/full", "pre-iq/host";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	27	};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	28	deliver = {
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	29	type = "event";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	30	priority = 0.1;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	31	"message/bare", "message/full", "message/host";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	32	"presence/bare", "presence/full", "presence/host";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	33	"iq/bare", "iq/full", "iq/host";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	34	};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	35	deliver_remote = {
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	36	type = "event"; "route/remote";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	37	priority = 0.1;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	38	};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	39	};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	40
2117 d75145297bf9 mod_firewall: Support for defining extra chains in the config file Matthew Wild <mwild1@gmail.com> parents: 2105 diff changeset	41	local extra_chains = module:get_option("firewall_extra_chains", {});
d75145297bf9 mod_firewall: Support for defining extra chains in the config file Matthew Wild <mwild1@gmail.com> parents: 2105 diff changeset	42
d75145297bf9 mod_firewall: Support for defining extra chains in the config file Matthew Wild <mwild1@gmail.com> parents: 2105 diff changeset	43	local chains = {};
d75145297bf9 mod_firewall: Support for defining extra chains in the config file Matthew Wild <mwild1@gmail.com> parents: 2105 diff changeset	44	for k,v in pairs(default_chains) do
d75145297bf9 mod_firewall: Support for defining extra chains in the config file Matthew Wild <mwild1@gmail.com> parents: 2105 diff changeset	45	chains[k] = v;
d75145297bf9 mod_firewall: Support for defining extra chains in the config file Matthew Wild <mwild1@gmail.com> parents: 2105 diff changeset	46	end
d75145297bf9 mod_firewall: Support for defining extra chains in the config file Matthew Wild <mwild1@gmail.com> parents: 2105 diff changeset	47	for k,v in pairs(extra_chains) do
d75145297bf9 mod_firewall: Support for defining extra chains in the config file Matthew Wild <mwild1@gmail.com> parents: 2105 diff changeset	48	chains[k] = v;
d75145297bf9 mod_firewall: Support for defining extra chains in the config file Matthew Wild <mwild1@gmail.com> parents: 2105 diff changeset	49	end
d75145297bf9 mod_firewall: Support for defining extra chains in the config file Matthew Wild <mwild1@gmail.com> parents: 2105 diff changeset	50
2128 89363766202c mod_firewall: Add comment to document idsafe() Matthew Wild <mwild1@gmail.com> parents: 2122 diff changeset	51	-- Returns the input if it is safe to be used as a variable name, otherwise nil
2103 a8c701631d0b mod_firewall: Make idsafe() a global function so libraries can re-use it Matthew Wild <mwild1@gmail.com> parents: 2084 diff changeset	52	function idsafe(name)
2531 5ff7eb601d60 mod_firewall: Code formatting Matthew Wild <mwild1@gmail.com> parents: 2530 diff changeset	53	return name:match("^%a[%w_]*$");
971 53e158e44a44 mod_firewall: Add rate limiting capabilities, and keep zones and throttle objects in shared tables Matthew Wild <mwild1@gmail.com> parents: 967 diff changeset	54	end
53e158e44a44 mod_firewall: Add rate limiting capabilities, and keep zones and throttle objects in shared tables Matthew Wild <mwild1@gmail.com> parents: 967 diff changeset	55
2522 0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	56	local meta_funcs = {
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	57	bare = function (code)
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	58	return "jid_bare("..code..")", {"jid_bare"};
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	59	end;
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	60	node = function (code)
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	61	return "(jid_split("..code.."))", {"jid_split"};
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	62	end;
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	63	host = function (code)
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	64	return "(select(2, jid_split("..code..")))", {"jid_split"};
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	65	end;
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	66	resource = function (code)
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	67	return "(select(3, jid_split("..code..")))", {"jid_split"};
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	68	end;
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	69	};
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	70
2129 edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it Matthew Wild <mwild1@gmail.com> parents: 2128 diff changeset	71	-- Run quoted (%q) strings through this to allow them to contain code. e.g.: LOG=Received: $(stanza:top_tag())
2522 0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	72	function meta(s, deps, extra)
2389 c0c2f8665c3e mod_firewall: Fix for raw code expressions that contain escape-worthy characters Matthew Wild <mwild1@gmail.com> parents: 2378 diff changeset	73	return (s:gsub("$(%b())", function (expr)
c0c2f8665c3e mod_firewall: Fix for raw code expressions that contain escape-worthy characters Matthew Wild <mwild1@gmail.com> parents: 2378 diff changeset	74	expr = expr:gsub("\\(.)", "%1");
c0c2f8665c3e mod_firewall: Fix for raw code expressions that contain escape-worthy characters Matthew Wild <mwild1@gmail.com> parents: 2378 diff changeset	75	return [["..tostring(]]..expr..[[).."]];
c0c2f8665c3e mod_firewall: Fix for raw code expressions that contain escape-worthy characters Matthew Wild <mwild1@gmail.com> parents: 2378 diff changeset	76	end)
2129 edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it Matthew Wild <mwild1@gmail.com> parents: 2128 diff changeset	77	:gsub("$(%b<>)", function (expr)
edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it Matthew Wild <mwild1@gmail.com> parents: 2128 diff changeset	78	expr = expr:sub(2,-2);
2542 a1b6a6b0aabb mod_firewall: Reinstate the ability to set a default for stanza expressions Matthew Wild <mwild1@gmail.com> parents: 2537 diff changeset	79	local default = "<undefined>";
2565 3da0e3c917cc mod_firewall: Accept backslash escapes in definitions Matthew Wild <mwild1@gmail.com> parents: 2562 diff changeset	80	expr = expr:gsub("\|\|(%b\"\")$", function (default_string)
3da0e3c917cc mod_firewall: Accept backslash escapes in definitions Matthew Wild <mwild1@gmail.com> parents: 2562 diff changeset	81	default = stripslashes(default_string:sub(2,-2));
2542 a1b6a6b0aabb mod_firewall: Reinstate the ability to set a default for stanza expressions Matthew Wild <mwild1@gmail.com> parents: 2537 diff changeset	82	return "";
a1b6a6b0aabb mod_firewall: Reinstate the ability to set a default for stanza expressions Matthew Wild <mwild1@gmail.com> parents: 2537 diff changeset	83	end);
2522 0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	84	local func_chain = expr:match("\|[%w\|]+$");
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	85	if func_chain then
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	86	expr = expr:sub(1, -1-#func_chain);
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	87	end
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	88	local code;
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	89	if expr:match("^@") then
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	90	-- Skip stanza:find() for simple attribute lookup
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	91	local attr_name = expr:sub(2);
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	92	if deps and (attr_name == "to" or attr_name == "from" or attr_name == "type") then
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	93	-- These attributes may be cached in locals
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	94	code = attr_name;
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	95	table.insert(deps, attr_name);
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	96	else
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	97	code = "stanza.attr["..("%q"):format(attr_name).."]";
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	98	end
2528 0404476ecfe3 mod_firewall: More meta() enhancements Matthew Wild <mwild1@gmail.com> parents: 2524 diff changeset	99	elseif expr:match("^%w+#$") then
0404476ecfe3 mod_firewall: More meta() enhancements Matthew Wild <mwild1@gmail.com> parents: 2524 diff changeset	100	code = ("stanza:get_child_text(%q)"):format(expr:sub(1, -2));
2372 7e1d8c46d788 mod_firewall: Support for default values in stanza paths Matthew Wild <mwild1@gmail.com> parents: 2371 diff changeset	101	else
2528 0404476ecfe3 mod_firewall: More meta() enhancements Matthew Wild <mwild1@gmail.com> parents: 2524 diff changeset	102	code = ("stanza:find(%q)"):format(expr);
2372 7e1d8c46d788 mod_firewall: Support for default values in stanza paths Matthew Wild <mwild1@gmail.com> parents: 2371 diff changeset	103	end
2522 0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	104	if func_chain then
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	105	for func_name in func_chain:gmatch("\|(%w+)") do
2577 24dbad147aef mod_firewall: Fix meta functions with to/from that weren't JID-based Matthew Wild <mwild1@gmail.com> parents: 2566 diff changeset	106	-- to/from are already available in local variables, use those if possible
24dbad147aef mod_firewall: Fix meta functions with to/from that weren't JID-based Matthew Wild <mwild1@gmail.com> parents: 2566 diff changeset	107	if (code == "to" or code == "from") and func_name == "bare" then
24dbad147aef mod_firewall: Fix meta functions with to/from that weren't JID-based Matthew Wild <mwild1@gmail.com> parents: 2566 diff changeset	108	code = "bare_"..code;
24dbad147aef mod_firewall: Fix meta functions with to/from that weren't JID-based Matthew Wild <mwild1@gmail.com> parents: 2566 diff changeset	109	table.insert(deps, code);
24dbad147aef mod_firewall: Fix meta functions with to/from that weren't JID-based Matthew Wild <mwild1@gmail.com> parents: 2566 diff changeset	110	elseif (code == "to" or code == "from") and (func_name == "node" or func_name == "host" or func_name == "resource") then
24dbad147aef mod_firewall: Fix meta functions with to/from that weren't JID-based Matthew Wild <mwild1@gmail.com> parents: 2566 diff changeset	111	table.insert(deps, "split_"..code);
24dbad147aef mod_firewall: Fix meta functions with to/from that weren't JID-based Matthew Wild <mwild1@gmail.com> parents: 2566 diff changeset	112	code = code.."_"..func_name;
2522 0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	113	else
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	114	assert(meta_funcs[func_name], "unknown function: "..func_name);
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	115	local new_code, new_deps = meta_funcs[func_name](code);
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	116	code = new_code;
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	117	if new_deps and #new_deps > 0 then
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	118	assert(deps, "function not supported here: "..func_name);
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	119	for _, dep in ipairs(new_deps) do
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	120	table.insert(deps, dep);
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	121	end
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	122	end
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	123	end
0e1054c19f9d mod_firewall: More meta! Allow simple functions to be applied to $<> expressions Matthew Wild <mwild1@gmail.com> parents: 2521 diff changeset	124	end
2129 edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it Matthew Wild <mwild1@gmail.com> parents: 2128 diff changeset	125	end
2542 a1b6a6b0aabb mod_firewall: Reinstate the ability to set a default for stanza expressions Matthew Wild <mwild1@gmail.com> parents: 2537 diff changeset	126	return "\"..tostring("..code.." or "..("%q"):format(default)..")..\"";
2129 edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it Matthew Wild <mwild1@gmail.com> parents: 2128 diff changeset	127	end)
edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it Matthew Wild <mwild1@gmail.com> parents: 2128 diff changeset	128	:gsub("$$(%a+)", extra or {})
edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it Matthew Wild <mwild1@gmail.com> parents: 2128 diff changeset	129	:gsub([[^""%.%.]], "")
edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it Matthew Wild <mwild1@gmail.com> parents: 2128 diff changeset	130	:gsub([[%.%.""$]], ""));
edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it Matthew Wild <mwild1@gmail.com> parents: 2128 diff changeset	131	end
edf5cf3c474b mod_firewall: Move meta() function to main module, and make it a global so libs can use it Matthew Wild <mwild1@gmail.com> parents: 2128 diff changeset	132
2551 eb4f45bd7fef mod_firewall: Add metaq(), like meta() but takes an unquoted string Matthew Wild <mwild1@gmail.com> parents: 2550 diff changeset	133	function metaq(s, ...)
eb4f45bd7fef mod_firewall: Add metaq(), like meta() but takes an unquoted string Matthew Wild <mwild1@gmail.com> parents: 2550 diff changeset	134	return meta(("%q"):format(s), ...);
eb4f45bd7fef mod_firewall: Add metaq(), like meta() but takes an unquoted string Matthew Wild <mwild1@gmail.com> parents: 2550 diff changeset	135	end
eb4f45bd7fef mod_firewall: Add metaq(), like meta() but takes an unquoted string Matthew Wild <mwild1@gmail.com> parents: 2550 diff changeset	136
2550 6e4494772328 mod_firewall: Add stripslashes() function Matthew Wild <mwild1@gmail.com> parents: 2548 diff changeset	137	local escape_chars = {
6e4494772328 mod_firewall: Add stripslashes() function Matthew Wild <mwild1@gmail.com> parents: 2548 diff changeset	138	a = "\a", b = "\b", f = "\f", n = "\n", r = "\r", t = "\t",
6e4494772328 mod_firewall: Add stripslashes() function Matthew Wild <mwild1@gmail.com> parents: 2548 diff changeset	139	v = "\v", ["\\"] = "\\", ["\""] = "\"", ["\'"] = "\'"
6e4494772328 mod_firewall: Add stripslashes() function Matthew Wild <mwild1@gmail.com> parents: 2548 diff changeset	140	};
6e4494772328 mod_firewall: Add stripslashes() function Matthew Wild <mwild1@gmail.com> parents: 2548 diff changeset	141	function stripslashes(s)
6e4494772328 mod_firewall: Add stripslashes() function Matthew Wild <mwild1@gmail.com> parents: 2548 diff changeset	142	return (s:gsub("\\(.)", escape_chars));
6e4494772328 mod_firewall: Add stripslashes() function Matthew Wild <mwild1@gmail.com> parents: 2548 diff changeset	143	end
6e4494772328 mod_firewall: Add stripslashes() function Matthew Wild <mwild1@gmail.com> parents: 2548 diff changeset	144
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	145	-- Dependency locations:
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	146	-- <type lib>
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	147	-- <type global>
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	148	-- function handler()
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	149	-- <local deps>
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	150	-- if <conditions> then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	151	-- <actions>
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	152	-- end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	153	-- end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	154
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	155	local available_deps = {
1303 8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	156	st = { global_code = [[local st = require "util.stanza";]]};
2548 223eea31588d mod_firewall: Add it(erators) and it_count dependencies Matthew Wild <mwild1@gmail.com> parents: 2547 diff changeset	157	it = { global_code = [[local it = require "util.iterators";]]};
223eea31588d mod_firewall: Add it(erators) and it_count dependencies Matthew Wild <mwild1@gmail.com> parents: 2547 diff changeset	158	it_count = { global_code = [[local it_count = it.count;]], depends = { "it" } };
2552 ce08a57e516b mod_firewall: Add 'current_host' variable/dependency Matthew Wild <mwild1@gmail.com> parents: 2551 diff changeset	159	current_host = { global_code = [[local current_host = module.host;]] };
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	160	jid_split = {
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	161	global_code = [[local jid_split = require "util.jid".split;]];
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	162	};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	163	jid_bare = {
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	164	global_code = [[local jid_bare = require "util.jid".bare;]];
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	165	};
2416 9159f9166893 mod_firewall: Use the sender bare JID instead of 'to' for stanzas to self Kim Alvefur <zash@zash.se> parents: 2408 diff changeset	166	to = { local_code = [[local to = stanza.attr.to or jid_bare(session.full_jid);]]; depends = { "jid_bare" } };
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	167	from = { local_code = [[local from = stanza.attr.from;]] };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	168	type = { local_code = [[local type = stanza.attr.type;]] };
2419 07d7036040ee mod_firewall: Insert semicolons after some statements to prevent ambiguous syntax in output (fixes #797) Kim Alvefur <zash@zash.se> parents: 2416 diff changeset	169	name = { local_code = [[local name = stanza.name;]] };
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	170	split_to = { -- The stanza's split to address
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	171	depends = { "jid_split", "to" };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	172	local_code = [[local to_node, to_host, to_resource = jid_split(to);]];
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	173	};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	174	split_from = { -- The stanza's split from address
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	175	depends = { "jid_split", "from" };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	176	local_code = [[local from_node, from_host, from_resource = jid_split(from);]];
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	177	};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	178	bare_to = { depends = { "jid_bare", "to" }, local_code = "local bare_to = jid_bare(to)"};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	179	bare_from = { depends = { "jid_bare", "from" }, local_code = "local bare_from = jid_bare(from)"};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	180	group_contains = {
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	181	global_code = [[local group_contains = module:depends("groups").group_contains]];
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	182	};
2422 ef95853cf900 mod_firewall: More semicolons Kim Alvefur <zash@zash.se> parents: 2420 diff changeset	183	is_admin = { global_code = [[local is_admin = require "core.usermanager".is_admin;]]};
ef95853cf900 mod_firewall: More semicolons Kim Alvefur <zash@zash.se> parents: 2420 diff changeset	184	core_post_stanza = { global_code = [[local core_post_stanza = prosody.core_post_stanza;]] };
965 d4e24fb289c0 mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone). Matthew Wild <mwild1@gmail.com> parents: 960 diff changeset	185	zone = { global_code = function (zone)
971 53e158e44a44 mod_firewall: Add rate limiting capabilities, and keep zones and throttle objects in shared tables Matthew Wild <mwild1@gmail.com> parents: 967 diff changeset	186	assert(idsafe(zone), "Invalid zone name: "..zone);
965 d4e24fb289c0 mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone). Matthew Wild <mwild1@gmail.com> parents: 960 diff changeset	187	return ("local zone_%s = zones[%q] or {};"):format(zone, zone);
d4e24fb289c0 mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone). Matthew Wild <mwild1@gmail.com> parents: 960 diff changeset	188	end };
966 a65df6e97d94 mod_firewall: Add time and date deps Matthew Wild <mwild1@gmail.com> parents: 965 diff changeset	189	date_time = { global_code = [[local os_date = os.date]]; local_code = [[local current_date_time = os_date("*t");]] };
a65df6e97d94 mod_firewall: Add time and date deps Matthew Wild <mwild1@gmail.com> parents: 965 diff changeset	190	time = { local_code = function (what)
a65df6e97d94 mod_firewall: Add time and date deps Matthew Wild <mwild1@gmail.com> parents: 965 diff changeset	191	local defs = {};
a65df6e97d94 mod_firewall: Add time and date deps Matthew Wild <mwild1@gmail.com> parents: 965 diff changeset	192	for field in what:gmatch("%a+") do
a65df6e97d94 mod_firewall: Add time and date deps Matthew Wild <mwild1@gmail.com> parents: 965 diff changeset	193	table.insert(defs, ("local current_%s = current_date_time.%s;"):format(field, field));
a65df6e97d94 mod_firewall: Add time and date deps Matthew Wild <mwild1@gmail.com> parents: 965 diff changeset	194	end
a65df6e97d94 mod_firewall: Add time and date deps Matthew Wild <mwild1@gmail.com> parents: 965 diff changeset	195	return table.concat(defs, " ");
a65df6e97d94 mod_firewall: Add time and date deps Matthew Wild <mwild1@gmail.com> parents: 965 diff changeset	196	end, depends = { "date_time" }; };
2422 ef95853cf900 mod_firewall: More semicolons Kim Alvefur <zash@zash.se> parents: 2420 diff changeset	197	timestamp = { global_code = [[local get_time = require "socket".gettime;]]; local_code = [[local current_timestamp = get_time();]]; };
2132 21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental) Matthew Wild <mwild1@gmail.com> parents: 2130 diff changeset	198	globalthrottle = {
971 53e158e44a44 mod_firewall: Add rate limiting capabilities, and keep zones and throttle objects in shared tables Matthew Wild <mwild1@gmail.com> parents: 967 diff changeset	199	global_code = function (throttle)
53e158e44a44 mod_firewall: Add rate limiting capabilities, and keep zones and throttle objects in shared tables Matthew Wild <mwild1@gmail.com> parents: 967 diff changeset	200	assert(idsafe(throttle), "Invalid rate limit name: "..throttle);
999 197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	201	assert(active_definitions.RATE[throttle], "Unknown rate limit: "..throttle);
2132 21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental) Matthew Wild <mwild1@gmail.com> parents: 2130 diff changeset	202	return ("local global_throttle_%s = rates.%s:single();"):format(throttle, throttle);
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental) Matthew Wild <mwild1@gmail.com> parents: 2130 diff changeset	203	end;
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental) Matthew Wild <mwild1@gmail.com> parents: 2130 diff changeset	204	};
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental) Matthew Wild <mwild1@gmail.com> parents: 2130 diff changeset	205	multithrottle = {
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental) Matthew Wild <mwild1@gmail.com> parents: 2130 diff changeset	206	global_code = function (throttle)
2134 9239893a2400 mod_firewall: Don't use util.cache unless it's needed, and add explanatory error if it is not available Matthew Wild <mwild1@gmail.com> parents: 2132 diff changeset	207	assert(pcall(require, "util.cache"), "Using LIMIT with 'on' requires Prosody 0.10 or higher");
2132 21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental) Matthew Wild <mwild1@gmail.com> parents: 2130 diff changeset	208	assert(idsafe(throttle), "Invalid rate limit name: "..throttle);
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental) Matthew Wild <mwild1@gmail.com> parents: 2130 diff changeset	209	assert(active_definitions.RATE[throttle], "Unknown rate limit: "..throttle);
21bc4d7cddae mod_firewall: Add support for throttling based on user-defined properties (experimental) Matthew Wild <mwild1@gmail.com> parents: 2130 diff changeset	210	return ("local multi_throttle_%s = rates.%s:multi();"):format(throttle, throttle);
971 53e158e44a44 mod_firewall: Add rate limiting capabilities, and keep zones and throttle objects in shared tables Matthew Wild <mwild1@gmail.com> parents: 967 diff changeset	211	end;
53e158e44a44 mod_firewall: Add rate limiting capabilities, and keep zones and throttle objects in shared tables Matthew Wild <mwild1@gmail.com> parents: 967 diff changeset	212	};
2406 2040330586e4 mod_firewall: Split import of rostermanager into its own dependency Kim Alvefur <zash@zash.se> parents: 2389 diff changeset	213	rostermanager = {
2040330586e4 mod_firewall: Split import of rostermanager into its own dependency Kim Alvefur <zash@zash.se> parents: 2389 diff changeset	214	global_code = [[local rostermanager = require "core.rostermanager";]];
2040330586e4 mod_firewall: Split import of rostermanager into its own dependency Kim Alvefur <zash@zash.se> parents: 2389 diff changeset	215	};
2346 6848297cf40a mod_firewall: Add conditions for testing whether a sender of a stanza is in the recipient's roster (or in a certain roster group) Matthew Wild <mwild1@gmail.com> parents: 2134 diff changeset	216	roster_entry = {
2420 ade918cd9ca7 mod_firewall: Only call rostermanager if username is available (fixes #796) Kim Alvefur <zash@zash.se> parents: 2419 diff changeset	217	local_code = [[local roster_entry = (to_node and rostermanager.load_roster(to_node, to_host) or {})[bare_from];]];
2406 2040330586e4 mod_firewall: Split import of rostermanager into its own dependency Kim Alvefur <zash@zash.se> parents: 2389 diff changeset	218	depends = { "rostermanager", "split_to", "bare_from" };
2040330586e4 mod_firewall: Split import of rostermanager into its own dependency Kim Alvefur <zash@zash.se> parents: 2389 diff changeset	219	};
2524 c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP Matthew Wild <mwild1@gmail.com> parents: 2522 diff changeset	220	list = { global_code = function (list)
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP Matthew Wild <mwild1@gmail.com> parents: 2522 diff changeset	221	assert(idsafe(list), "Invalid list name: "..list);
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP Matthew Wild <mwild1@gmail.com> parents: 2522 diff changeset	222	assert(active_definitions.LIST[list], "Unknown list: "..list);
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP Matthew Wild <mwild1@gmail.com> parents: 2522 diff changeset	223	return ("local list_%s = lists[%q];"):format(list, list);
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP Matthew Wild <mwild1@gmail.com> parents: 2522 diff changeset	224	end
c6fd8975704b mod_firewall: Initial support for lists, in-memory and HTTP Matthew Wild <mwild1@gmail.com> parents: 2522 diff changeset	225	};
2532 44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	226	search = {
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	227	local_code = function (search_name)
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	228	local search_path = assert(active_definitions.SEARCH[search_name], "Undefined search path: "..search_name);
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	229	return ("local search_%s = tostring(stanza:find(%q) or \"\")"):format(search_name, search_path);
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	230	end;
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	231	};
2547 3c16f0a8d66c mod_firewall: Do patterns properly, instead of cheating Matthew Wild <mwild1@gmail.com> parents: 2543 diff changeset	232	pattern = {
3c16f0a8d66c mod_firewall: Do patterns properly, instead of cheating Matthew Wild <mwild1@gmail.com> parents: 2543 diff changeset	233	local_code = function (pattern_name)
3c16f0a8d66c mod_firewall: Do patterns properly, instead of cheating Matthew Wild <mwild1@gmail.com> parents: 2543 diff changeset	234	local pattern = assert(active_definitions.PATTERN[pattern_name], "Undefined pattern: "..pattern_name);
3c16f0a8d66c mod_firewall: Do patterns properly, instead of cheating Matthew Wild <mwild1@gmail.com> parents: 2543 diff changeset	235	return ("local pattern_%s = %q"):format(pattern_name, pattern);
3c16f0a8d66c mod_firewall: Do patterns properly, instead of cheating Matthew Wild <mwild1@gmail.com> parents: 2543 diff changeset	236	end;
3c16f0a8d66c mod_firewall: Do patterns properly, instead of cheating Matthew Wild <mwild1@gmail.com> parents: 2543 diff changeset	237	};
2532 44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	238	tokens = {
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	239	local_code = function (search_and_pattern)
2588 d64fc9c3cffd mod_firewall: Remove ambiguity from tokens dep parameter Matthew Wild <mwild1@gmail.com> parents: 2587 diff changeset	240	local search_name, pattern_name = search_and_pattern:match("^([^%-]+)-(.+)$");
2532 44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	241	local code = ([[local tokens_%s_%s = {};
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	242	if search_%s then
2547 3c16f0a8d66c mod_firewall: Do patterns properly, instead of cheating Matthew Wild <mwild1@gmail.com> parents: 2543 diff changeset	243	for s in search_%s:gmatch(pattern_%s) do
2532 44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	244	tokens_%s_%s[s] = true;
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	245	end
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	246	end
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	247	]]):format(search_name, pattern_name, search_name, search_name, pattern_name, search_name, pattern_name);
2547 3c16f0a8d66c mod_firewall: Do patterns properly, instead of cheating Matthew Wild <mwild1@gmail.com> parents: 2543 diff changeset	248	return code, { "search:"..search_name, "pattern:"..pattern_name };
2532 44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	249	end;
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	250	};
44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	251	scan_list = {
2537 9aed7f4e9f07 mod_firewall: Fix scan_list() syntax error in generated code Matthew Wild <mwild1@gmail.com> parents: 2532 diff changeset	252	global_code = [[local function scan_list(list, items) for item in pairs(items) do if list:contains(item) then return true; end end end]];
2532 44a71584521d mod_firewall: Add SEARCH, PATTERN definitions and SCAN condition to check tokenized stanza:find() against a list Matthew Wild <mwild1@gmail.com> parents: 2531 diff changeset	253	}
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	254	};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	255
2081 368b091e723b mod_firewall: Rename argument to avoid name clash [luacheck] Kim Alvefur <zash@zash.se> parents: 2080 diff changeset	256	local function include_dep(dependency, code)
368b091e723b mod_firewall: Rename argument to avoid name clash [luacheck] Kim Alvefur <zash@zash.se> parents: 2080 diff changeset	257	local dep, dep_param = dependency:match("^([^:]+):?(.*)$");
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	258	local dep_info = available_deps[dep];
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	259	if not dep_info then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	260	module:log("error", "Dependency not found: %s", dep);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	261	return;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	262	end
2587 b6b10f57aa56 mod_firewall: Fix for including the same dependency with different parameters Matthew Wild <mwild1@gmail.com> parents: 2584 diff changeset	263	if code.included_deps[dependency] ~= nil then
b6b10f57aa56 mod_firewall: Fix for including the same dependency with different parameters Matthew Wild <mwild1@gmail.com> parents: 2584 diff changeset	264	if code.included_deps[dependency] ~= true then
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	265	module:log("error", "Circular dependency on %s", dep);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	266	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	267	return;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	268	end
2587 b6b10f57aa56 mod_firewall: Fix for including the same dependency with different parameters Matthew Wild <mwild1@gmail.com> parents: 2584 diff changeset	269	code.included_deps[dependency] = false; -- Pending flag (used to detect circular references)
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	270	for _, dep_dep in ipairs(dep_info.depends or {}) do
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	271	include_dep(dep_dep, code);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	272	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	273	if dep_info.global_code then
965 d4e24fb289c0 mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone). Matthew Wild <mwild1@gmail.com> parents: 960 diff changeset	274	if dep_param ~= "" then
2529 a35d85cfda92 mod_firewall: Fix for deps dynamically including deps Matthew Wild <mwild1@gmail.com> parents: 2528 diff changeset	275	local global_code, deps = dep_info.global_code(dep_param);
a35d85cfda92 mod_firewall: Fix for deps dynamically including deps Matthew Wild <mwild1@gmail.com> parents: 2528 diff changeset	276	if deps then
2566 78efd064aef3 mod_firewall: Rename variables to avoid shadowing #luacheck Matthew Wild <mwild1@gmail.com> parents: 2565 diff changeset	277	for _, dep_dep in ipairs(deps) do
78efd064aef3 mod_firewall: Rename variables to avoid shadowing #luacheck Matthew Wild <mwild1@gmail.com> parents: 2565 diff changeset	278	include_dep(dep_dep, code);
2529 a35d85cfda92 mod_firewall: Fix for deps dynamically including deps Matthew Wild <mwild1@gmail.com> parents: 2528 diff changeset	279	end
a35d85cfda92 mod_firewall: Fix for deps dynamically including deps Matthew Wild <mwild1@gmail.com> parents: 2528 diff changeset	280	end
a35d85cfda92 mod_firewall: Fix for deps dynamically including deps Matthew Wild <mwild1@gmail.com> parents: 2528 diff changeset	281	table.insert(code.global_header, global_code);
965 d4e24fb289c0 mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone). Matthew Wild <mwild1@gmail.com> parents: 960 diff changeset	282	else
d4e24fb289c0 mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone). Matthew Wild <mwild1@gmail.com> parents: 960 diff changeset	283	table.insert(code.global_header, dep_info.global_code);
d4e24fb289c0 mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone). Matthew Wild <mwild1@gmail.com> parents: 960 diff changeset	284	end
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	285	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	286	if dep_info.local_code then
965 d4e24fb289c0 mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone). Matthew Wild <mwild1@gmail.com> parents: 960 diff changeset	287	if dep_param ~= "" then
2529 a35d85cfda92 mod_firewall: Fix for deps dynamically including deps Matthew Wild <mwild1@gmail.com> parents: 2528 diff changeset	288	local local_code, deps = dep_info.local_code(dep_param);
a35d85cfda92 mod_firewall: Fix for deps dynamically including deps Matthew Wild <mwild1@gmail.com> parents: 2528 diff changeset	289	if deps then
2566 78efd064aef3 mod_firewall: Rename variables to avoid shadowing #luacheck Matthew Wild <mwild1@gmail.com> parents: 2565 diff changeset	290	for _, dep_dep in ipairs(deps) do
78efd064aef3 mod_firewall: Rename variables to avoid shadowing #luacheck Matthew Wild <mwild1@gmail.com> parents: 2565 diff changeset	291	include_dep(dep_dep, code);
2529 a35d85cfda92 mod_firewall: Fix for deps dynamically including deps Matthew Wild <mwild1@gmail.com> parents: 2528 diff changeset	292	end
a35d85cfda92 mod_firewall: Fix for deps dynamically including deps Matthew Wild <mwild1@gmail.com> parents: 2528 diff changeset	293	end
a35d85cfda92 mod_firewall: Fix for deps dynamically including deps Matthew Wild <mwild1@gmail.com> parents: 2528 diff changeset	294	table.insert(code, "\n\t\t-- "..dep.."\n\t\t"..local_code.."\n");
965 d4e24fb289c0 mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone). Matthew Wild <mwild1@gmail.com> parents: 960 diff changeset	295	else
1303 8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	296	table.insert(code, "\n\t\t-- "..dep.."\n\t\t"..dep_info.local_code.."\n");
965 d4e24fb289c0 mod_firewall: Improve zone handling, make it more efficient, and support dynamic dependencies in the compiler. ENTERING and LEAVING conditions now work at expected (not matching stanzas flowing within a zone). Matthew Wild <mwild1@gmail.com> parents: 960 diff changeset	297	end
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	298	end
2587 b6b10f57aa56 mod_firewall: Fix for including the same dependency with different parameters Matthew Wild <mwild1@gmail.com> parents: 2584 diff changeset	299	code.included_deps[dependency] = true;
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	300	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	301
999 197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	302	local definition_handlers = module:require("definitions");
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	303	local condition_handlers = module:require("conditions");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	304	local action_handlers = module:require("actions");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	305
2898 165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag Kim Alvefur <zash@zash.se> parents: 2863 diff changeset	306	if module:get_option_boolean("firewall_experimental_user_marks", false) then
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag Kim Alvefur <zash@zash.se> parents: 2863 diff changeset	307	module:require"marks";
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag Kim Alvefur <zash@zash.se> parents: 2863 diff changeset	308	end
165d2877eeac mod_firewall: Add experimental user-centric persistent marks behind a feature flag Kim Alvefur <zash@zash.se> parents: 2863 diff changeset	309
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	310	local function new_rule(ruleset, chain)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	311	assert(chain, "no chain specified");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	312	local rule = { conditions = {}, actions = {}, deps = {} };
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	313	table.insert(ruleset[chain], rule);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	314	return rule;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	315	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	316
2082 11539785cb92 mod_firewall: Split compile function into two parts in order to separate their scopes Kim Alvefur <zash@zash.se> parents: 2081 diff changeset	317	local function parse_firewall_rules(filename)
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	318	local line_no = 0;
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 1325 diff changeset	319
956 33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	320	local function errmsg(err)
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	321	return "Error compiling "..filename.." on line "..line_no..": "..err;
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	322	end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 1325 diff changeset	323
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	324	local ruleset = {
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	325	deliver = {};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	326	};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	327
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	328	local chain = "deliver"; -- Default chain
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	329	local rule;
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 1325 diff changeset	330
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	331	local file, err = io.open(filename);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	332	if not file then return nil, err; end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 1325 diff changeset	333
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	334	local state; -- nil -> "rules" -> "actions" -> nil -> ...
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 1325 diff changeset	335
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	336	local line_hold;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	337	for line in file:lines() do
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	338	line = line:match("^%s(.-)%s$");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	339	if line_hold and line:sub(-1,-1) ~= "\\" then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	340	line = line_hold..line;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	341	line_hold = nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	342	elseif line:sub(-1,-1) == "\\" then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	343	line_hold = (line_hold or "")..line:sub(1,-2);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	344	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	345	line_no = line_no + 1;
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 1325 diff changeset	346
2084 a435db77a5e5 mod_firewall: Silence warning about empty if branch [luacheck] Kim Alvefur <zash@zash.se> parents: 2082 diff changeset	347	if line_hold or line:find("^[#;]") then -- luacheck: ignore 542
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	348	-- No action; comment or partial line
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	349	elseif line == "" then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	350	if state == "rules" then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	351	return nil, ("Expected an action on line %d for preceding criteria")
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	352	:format(line_no);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	353	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	354	state = nil;
2074 2356114ff505 mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned Kim Alvefur <zash@zash.se> parents: 1343 diff changeset	355	elseif not(state) and line:sub(1, 2) == "::" then
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	356	chain = line:gsub("^::%s*", "");
980 aeb11522a44f mod_firewall: Fix variable name Kim Alvefur <zash@zash.se> parents: 971 diff changeset	357	local chain_info = chains[chain];
956 33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	358	if not chain_info then
2368 17d236129118 mod_firewall: Allow implicit defitions of chains in scripts if they begin with 'user/' Matthew Wild <mwild1@gmail.com> parents: 2346 diff changeset	359	if chain:match("^user/") then
2562 2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN Matthew Wild <mwild1@gmail.com> parents: 2554 diff changeset	360	chains[chain] = { type = "event", priority = 1, pass_return = false };
2368 17d236129118 mod_firewall: Allow implicit defitions of chains in scripts if they begin with 'user/' Matthew Wild <mwild1@gmail.com> parents: 2346 diff changeset	361	else
17d236129118 mod_firewall: Allow implicit defitions of chains in scripts if they begin with 'user/' Matthew Wild <mwild1@gmail.com> parents: 2346 diff changeset	362	return nil, errmsg("Unknown chain: "..chain);
17d236129118 mod_firewall: Allow implicit defitions of chains in scripts if they begin with 'user/' Matthew Wild <mwild1@gmail.com> parents: 2346 diff changeset	363	end
956 33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	364	elseif chain_info.type ~= "event" then
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	365	return nil, errmsg("Only event chains supported at the moment");
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	366	end
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	367	ruleset[chain] = ruleset[chain] or {};
2074 2356114ff505 mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned Kim Alvefur <zash@zash.se> parents: 1343 diff changeset	368	elseif not(state) and line:sub(1,1) == "%" then -- Definition (zone, limit, etc.)
999 197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	369	local what, name = line:match("^%%%s*(%w+) +([^ :]+)");
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	370	if not definition_handlers[what] then
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	371	return nil, errmsg("Definition of unknown object: "..what);
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	372	elseif not name or not idsafe(name) then
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	373	return nil, errmsg("Invalid "..what.." name");
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	374	end
999 197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	375
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	376	local val = line:match(": ?(.*)$");
2074 2356114ff505 mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned Kim Alvefur <zash@zash.se> parents: 1343 diff changeset	377	if not val and line:find(":<") then -- Read from file
999 197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	378	local fn = line:match(":< ?(.-)%s*$");
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	379	if not fn then
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	380	return nil, errmsg("Unable to parse filename");
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	381	end
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	382	local f, err = io.open(fn);
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	383	if not f then return nil, errmsg(err); end
2530 b2fc41001c8e mod_firewall: Fix pattern Matthew Wild <mwild1@gmail.com> parents: 2529 diff changeset	384	val = f:read("*a"):gsub("\r?\n", " "):gsub("%s+$", "");
999 197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	385	end
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	386	if not val then
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	387	return nil, errmsg("No value given for definition");
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	388	end
2554 19a182651a9b mod_firewall: Allow backslash escapes in definitions Matthew Wild <mwild1@gmail.com> parents: 2553 diff changeset	389	val = stripslashes(val);
999 197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	390	local ok, ret = pcall(definition_handlers[what], name, val);
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	391	if not ok then
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	392	return nil, errmsg(ret);
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	393	end
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	394
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	395	if not active_definitions[what] then
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	396	active_definitions[what] = {};
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	397	end
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	398	active_definitions[what][name] = ret;
2543 1510b66a43fc mod_firewall: Allow using spaces instead of underscores in actions, as well as conditions Matthew Wild <mwild1@gmail.com> parents: 2542 diff changeset	399	elseif line:find("^[%w_ ]+[%.=]") then
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	400	-- Action
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	401	if state == nil then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	402	-- This is a standalone action with no conditions
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	403	rule = new_rule(ruleset, chain);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	404	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	405	state = "actions";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	406	-- Action handlers?
2543 1510b66a43fc mod_firewall: Allow using spaces instead of underscores in actions, as well as conditions Matthew Wild <mwild1@gmail.com> parents: 2542 diff changeset	407	local action = line:match("^[%w_ ]+"):upper():gsub(" ", "_");
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	408	if not action_handlers[action] then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	409	return nil, ("Unknown action on line %d: %s"):format(line_no, action or "<unknown>");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	410	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	411	table.insert(rule.actions, "-- "..line)
956 33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	412	local ok, action_string, action_deps = pcall(action_handlers[action], line:match("=(.+)$"));
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	413	if not ok then
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	414	return nil, errmsg(action_string);
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	415	end
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	416	table.insert(rule.actions, action_string);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	417	for _, dep in ipairs(action_deps or {}) do
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	418	table.insert(rule.deps, dep);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	419	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	420	elseif state == "actions" then -- state is actions but action pattern did not match
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	421	state = nil; -- Awaiting next rule, etc.
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	422	table.insert(ruleset[chain], rule);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	423	rule = nil;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	424	else
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	425	if not state then
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	426	state = "rules";
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	427	rule = new_rule(ruleset, chain);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	428	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	429	-- Check standard modifiers for the condition (e.g. NOT)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	430	local negated;
2408 9af2d36567a8 mod_firewall: Allow conditions to end with a question mark Kim Alvefur <zash@zash.se> parents: 2406 diff changeset	431	local condition = line:match("^[^:=%.?]*");
2074 2356114ff505 mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned Kim Alvefur <zash@zash.se> parents: 1343 diff changeset	432	if condition:find("%f[%w]NOT%f[^%w]") then
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	433	local s, e = condition:match("%f[%w]()NOT()%f[^%w]");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	434	condition = (condition:sub(1,s-1)..condition:sub(e+1, -1)):match("^%s(.-)%s$");
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	435	negated = true;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	436	end
998 6fdcebbd2284 mod_firewall: Fix conditions with spaces Matthew Wild <mwild1@gmail.com> parents: 996 diff changeset	437	condition = condition:gsub(" ", "_");
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	438	if not condition_handlers[condition] then
998 6fdcebbd2284 mod_firewall: Fix conditions with spaces Matthew Wild <mwild1@gmail.com> parents: 996 diff changeset	439	return nil, ("Unknown condition on line %d: %s"):format(line_no, (condition:gsub("_", " ")));
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	440	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	441	-- Get the code for this condition
956 33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	442	local ok, condition_code, condition_deps = pcall(condition_handlers[condition], line:match(":%s?(.+)$"));
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	443	if not ok then
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	444	return nil, errmsg(condition_code);
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	445	end
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	446	if negated then condition_code = "not("..condition_code..")"; end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	447	table.insert(rule.conditions, condition_code);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	448	for _, dep in ipairs(condition_deps or {}) do
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	449	table.insert(rule.deps, dep);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	450	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	451	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	452	end
2082 11539785cb92 mod_firewall: Split compile function into two parts in order to separate their scopes Kim Alvefur <zash@zash.se> parents: 2081 diff changeset	453	return ruleset;
11539785cb92 mod_firewall: Split compile function into two parts in order to separate their scopes Kim Alvefur <zash@zash.se> parents: 2081 diff changeset	454	end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 1325 diff changeset	455
2082 11539785cb92 mod_firewall: Split compile function into two parts in order to separate their scopes Kim Alvefur <zash@zash.se> parents: 2081 diff changeset	456	local function process_firewall_rules(ruleset)
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	457	-- Compile ruleset and return complete code
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 1325 diff changeset	458
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	459	local chain_handlers = {};
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	460
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	461	-- Loop through the chains in the parsed ruleset (e.g. incoming, outgoing)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	462	for chain_name, rules in pairs(ruleset) do
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	463	local code = { included_deps = {}, global_header = {} };
1304 9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	464	local condition_uses = {};
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	465	-- This inner loop assumes chain is an event-based, not a filter-based
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	466	-- chain (filter-based will be added later)
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	467	for _, rule in ipairs(rules) do
1304 9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	468	for _, condition in ipairs(rule.conditions) do
2074 2356114ff505 mod_firewall: Optimize string match operations, string.find is faster than .match since no string is returned Kim Alvefur <zash@zash.se> parents: 1343 diff changeset	469	if condition:find("^not%(.+%)$") then
1304 9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	470	condition = condition:match("^not%((.+)%)$");
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	471	end
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	472	condition_uses[condition] = (condition_uses[condition] or 0) + 1;
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	473	end
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	474	end
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	475
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	476	local condition_cache, n_conditions = {}, 0;
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	477	for _, rule in ipairs(rules) do
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	478	for _, dep in ipairs(rule.deps) do
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	479	include_dep(dep, code);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	480	end
1303 8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	481	table.insert(code, "\n\t\t");
8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	482	local rule_code;
967 a88f33fe6970 mod_firewall: Don't add empty conditions check when no conditions are listed in a rule Matthew Wild <mwild1@gmail.com> parents: 966 diff changeset	483	if #rule.conditions > 0 then
996 37af655ca575 mod_firewall: Cache conditions, so that they are only calculated once per chain execution Matthew Wild <mwild1@gmail.com> parents: 980 diff changeset	484	for i, condition in ipairs(rule.conditions) do
1001 c0850793b716 mod_firewall: don't use %b() (not technically correct) Matthew Wild <mwild1@gmail.com> parents: 999 diff changeset	485	local negated = condition:match("^not%(.+%)$");
996 37af655ca575 mod_firewall: Cache conditions, so that they are only calculated once per chain execution Matthew Wild <mwild1@gmail.com> parents: 980 diff changeset	486	if negated then
37af655ca575 mod_firewall: Cache conditions, so that they are only calculated once per chain execution Matthew Wild <mwild1@gmail.com> parents: 980 diff changeset	487	condition = condition:match("^not%((.+)%)$");
37af655ca575 mod_firewall: Cache conditions, so that they are only calculated once per chain execution Matthew Wild <mwild1@gmail.com> parents: 980 diff changeset	488	end
1304 9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	489	if condition_uses[condition] > 1 then
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	490	local name = condition_cache[condition];
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	491	if not name then
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	492	n_conditions = n_conditions + 1;
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	493	name = "condition"..n_conditions;
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	494	condition_cache[condition] = name;
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	495	table.insert(code, "local "..name.." = "..condition..";\n\t\t");
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	496	end
9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	497	rule.conditions[i] = (negated and "not(" or "")..name..(negated and ")" or "");
996 37af655ca575 mod_firewall: Cache conditions, so that they are only calculated once per chain execution Matthew Wild <mwild1@gmail.com> parents: 980 diff changeset	498	else
1304 9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	499	rule.conditions[i] = (negated and "not(" or "(")..condition..")";
996 37af655ca575 mod_firewall: Cache conditions, so that they are only calculated once per chain execution Matthew Wild <mwild1@gmail.com> parents: 980 diff changeset	500	end
37af655ca575 mod_firewall: Cache conditions, so that they are only calculated once per chain execution Matthew Wild <mwild1@gmail.com> parents: 980 diff changeset	501	end
1304 9f24ccaa66a6 mod_firewall: Do not cache conditions with only a single use Florian Zeitz <florob@babelmonkeys.de> parents: 1303 diff changeset	502
1303 8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	503	rule_code = "if "..table.concat(rule.conditions, " and ").." then\n\t\t\t"
8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	504	..table.concat(rule.actions, "\n\t\t\t")
8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	505	.."\n\t\tend\n";
8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	506	else
8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	507	rule_code = table.concat(rule.actions, "\n\t\t");
967 a88f33fe6970 mod_firewall: Don't add empty conditions check when no conditions are listed in a rule Matthew Wild <mwild1@gmail.com> parents: 966 diff changeset	508	end
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	509	table.insert(code, rule_code);
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	510	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	511
999 197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	512	for name in pairs(definition_handlers) do
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	513	table.insert(code.global_header, 1, "local "..name:lower().."s = definitions."..name..";");
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	514	end
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	515
2562 2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN Matthew Wild <mwild1@gmail.com> parents: 2554 diff changeset	516	local code_string = "return function (definitions, fire_event, log, module, pass_return)\n\t"
1303 8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	517	..table.concat(code.global_header, "\n\t")
8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	518	.."\n\tlocal db = require 'util.debug';\n\n\t"
8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	519	.."return function (event)\n\t\t"
8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	520	.."local stanza, session = event.stanza, event.origin;\n"
8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	521	..table.concat(code, "")
8a3f3f485675 mod_firewall: Produce code with nicer indentation Florian Zeitz <florob@babelmonkeys.de> parents: 1052 diff changeset	522	.."\n\tend;\nend";
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	523
956 33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	524	chain_handlers[chain_name] = code_string;
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	525	end
1343 7dbde05b48a9 all the things: Remove trailing whitespace Florian Zeitz <florob@babelmonkeys.de> parents: 1325 diff changeset	526
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	527	return chain_handlers;
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	528	end
c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	529
2082 11539785cb92 mod_firewall: Split compile function into two parts in order to separate their scopes Kim Alvefur <zash@zash.se> parents: 2081 diff changeset	530	local function compile_firewall_rules(filename)
11539785cb92 mod_firewall: Split compile function into two parts in order to separate their scopes Kim Alvefur <zash@zash.se> parents: 2081 diff changeset	531	local ruleset, err = parse_firewall_rules(filename);
11539785cb92 mod_firewall: Split compile function into two parts in order to separate their scopes Kim Alvefur <zash@zash.se> parents: 2081 diff changeset	532	if not ruleset then return nil, err; end
11539785cb92 mod_firewall: Split compile function into two parts in order to separate their scopes Kim Alvefur <zash@zash.se> parents: 2081 diff changeset	533	local chain_handlers = process_firewall_rules(ruleset);
11539785cb92 mod_firewall: Split compile function into two parts in order to separate their scopes Kim Alvefur <zash@zash.se> parents: 2081 diff changeset	534	return chain_handlers;
11539785cb92 mod_firewall: Split compile function into two parts in order to separate their scopes Kim Alvefur <zash@zash.se> parents: 2081 diff changeset	535	end
11539785cb92 mod_firewall: Split compile function into two parts in order to separate their scopes Kim Alvefur <zash@zash.se> parents: 2081 diff changeset	536
2562 2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN Matthew Wild <mwild1@gmail.com> parents: 2554 diff changeset	537	-- Compile handler code into a factory that produces a valid event handler. Factory accepts
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN Matthew Wild <mwild1@gmail.com> parents: 2554 diff changeset	538	-- a value to be returned on PASS
956 33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	539	local function compile_handler(code_string, filename)
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	540	-- Prepare event handler function
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	541	local chunk, err = loadstring(code_string, "="..filename);
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	542	if not chunk then
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	543	return nil, "Error compiling (probably a compiler bug, please report): "..err;
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	544	end
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	545	local function fire_event(name, data)
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	546	return module:fire_event(name, data);
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	547	end
2562 2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN Matthew Wild <mwild1@gmail.com> parents: 2554 diff changeset	548	return function (pass_return)
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN Matthew Wild <mwild1@gmail.com> parents: 2554 diff changeset	549	return chunk()(active_definitions, fire_event, logger(filename), module, pass_return); -- Returns event handler with upvalues
2b533a7b5236 mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN Matthew Wild <mwild1@gmail.com> parents: 2554 diff changeset	550	end
956 33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	551	end
33d6642f4db7 mod_firewall: Tighten up error handling, and split rules->Lua and Lua->bytecode compilation into separate functions Matthew Wild <mwild1@gmail.com> parents: 955 diff changeset	552
2370 14021c93a962 mod_firewall: Allow prefixing script paths with 'module:' to specify path relative to module file Matthew Wild <mwild1@gmail.com> parents: 2369 diff changeset	553	local function resolve_script_path(script_path)
14021c93a962 mod_firewall: Allow prefixing script paths with 'module:' to specify path relative to module file Matthew Wild <mwild1@gmail.com> parents: 2369 diff changeset	554	local relative_to = prosody.paths.config;
14021c93a962 mod_firewall: Allow prefixing script paths with 'module:' to specify path relative to module file Matthew Wild <mwild1@gmail.com> parents: 2369 diff changeset	555	if script_path:match("^module:") then
14021c93a962 mod_firewall: Allow prefixing script paths with 'module:' to specify path relative to module file Matthew Wild <mwild1@gmail.com> parents: 2369 diff changeset	556	relative_to = module.path:sub(1, -#("/mod_"..module.name..".lua"));
14021c93a962 mod_firewall: Allow prefixing script paths with 'module:' to specify path relative to module file Matthew Wild <mwild1@gmail.com> parents: 2369 diff changeset	557	script_path = script_path:match("^module:(.+)$");
14021c93a962 mod_firewall: Allow prefixing script paths with 'module:' to specify path relative to module file Matthew Wild <mwild1@gmail.com> parents: 2369 diff changeset	558	end
14021c93a962 mod_firewall: Allow prefixing script paths with 'module:' to specify path relative to module file Matthew Wild <mwild1@gmail.com> parents: 2369 diff changeset	559	return resolve_relative_path(relative_to, script_path);
14021c93a962 mod_firewall: Allow prefixing script paths with 'module:' to specify path relative to module file Matthew Wild <mwild1@gmail.com> parents: 2369 diff changeset	560	end
14021c93a962 mod_firewall: Allow prefixing script paths with 'module:' to specify path relative to module file Matthew Wild <mwild1@gmail.com> parents: 2369 diff changeset	561
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	562	-- [filename] = { last_modified = ..., events_hooked = { [name] = handler } }
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	563	local loaded_scripts = {};
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	564
2578 f65c5927ee8e mod_firewall: Factor out script loading Matthew Wild <mwild1@gmail.com> parents: 2577 diff changeset	565	function load_script(script)
f65c5927ee8e mod_firewall: Factor out script loading Matthew Wild <mwild1@gmail.com> parents: 2577 diff changeset	566	script = resolve_script_path(script);
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	567	local last_modified = (lfs.attributes(script) or {}).modification or os.time();
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	568	if loaded_scripts[script] then
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	569	if loaded_scripts[script].last_modified == last_modified then
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	570	return; -- Already loaded, and source file hasn't changed
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	571	end
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	572	module:log("debug", "Reloading %s", script);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	573	-- Already loaded, but the source file has changed
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	574	-- unload it now, and we'll load the new version below
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	575	unload_script(script, true);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	576	end
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	577	local chain_functions, err = compile_firewall_rules(script);
2863 22e11645a895 mod_firewall: Trim trailing whitespace [luacheck] Kim Alvefur <zash@zash.se> parents: 2589 diff changeset	578
2578 f65c5927ee8e mod_firewall: Factor out script loading Matthew Wild <mwild1@gmail.com> parents: 2577 diff changeset	579	if not chain_functions then
f65c5927ee8e mod_firewall: Factor out script loading Matthew Wild <mwild1@gmail.com> parents: 2577 diff changeset	580	module:log("error", "Error compiling %s: %s", script, err or "unknown error");
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	581	return;
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	582	end
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	583
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	584	-- Loop through the chains in the script, and for each chain attach the compiled code to the
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	585	-- relevant events, keeping track in events_hooked so we can cleanly unload later
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	586	local events_hooked = {};
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	587	for chain, handler_code in pairs(chain_functions) do
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	588	local new_handler, err = compile_handler(handler_code, "mod_firewall::"..chain);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	589	if not new_handler then
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	590	module:log("error", "Compilation error for %s: %s", script, err);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	591	else
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	592	local chain_definition = chains[chain];
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	593	if chain_definition and chain_definition.type == "event" then
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	594	local handler = new_handler(chain_definition.pass_return);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	595	for _, event_name in ipairs(chain_definition) do
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	596	events_hooked[event_name] = handler;
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	597	module:hook(event_name, handler, chain_definition.priority);
2578 f65c5927ee8e mod_firewall: Factor out script loading Matthew Wild <mwild1@gmail.com> parents: 2577 diff changeset	598	end
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	599	elseif not chain:sub(1, 5) == "user/" then
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	600	module:log("warn", "Unknown chain %q", chain);
2578 f65c5927ee8e mod_firewall: Factor out script loading Matthew Wild <mwild1@gmail.com> parents: 2577 diff changeset	601	end
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	602	local event_name, handler = "firewall/chains/"..chain, new_handler(false);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	603	events_hooked[event_name] = handler;
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	604	module:hook(event_name, handler);
2578 f65c5927ee8e mod_firewall: Factor out script loading Matthew Wild <mwild1@gmail.com> parents: 2577 diff changeset	605	end
f65c5927ee8e mod_firewall: Factor out script loading Matthew Wild <mwild1@gmail.com> parents: 2577 diff changeset	606	end
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	607	loaded_scripts[script] = { last_modified = last_modified, events_hooked = events_hooked };
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	608	module:log("debug", "Loaded %s", script);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	609	end
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	610
2584 aaff2716f022 mod_firewall: Compatibility fix for 0.9 (no module:unhook()) Matthew Wild <mwild1@gmail.com> parents: 2583 diff changeset	611	--COMPAT w/0.9 (no module:unhook()!)
aaff2716f022 mod_firewall: Compatibility fix for 0.9 (no module:unhook()) Matthew Wild <mwild1@gmail.com> parents: 2583 diff changeset	612	local function module_unhook(event, handler)
aaff2716f022 mod_firewall: Compatibility fix for 0.9 (no module:unhook()) Matthew Wild <mwild1@gmail.com> parents: 2583 diff changeset	613	return module:unhook_object_event((hosts[module.host] or prosody).events, event, handler);
aaff2716f022 mod_firewall: Compatibility fix for 0.9 (no module:unhook()) Matthew Wild <mwild1@gmail.com> parents: 2583 diff changeset	614	end
aaff2716f022 mod_firewall: Compatibility fix for 0.9 (no module:unhook()) Matthew Wild <mwild1@gmail.com> parents: 2583 diff changeset	615
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	616	function unload_script(script, is_reload)
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	617	script = resolve_script_path(script);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	618	local script_info = loaded_scripts[script];
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	619	if not script_info then
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	620	return; -- Script not loaded
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	621	end
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	622	local events_hooked = script_info.events_hooked;
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	623	for event_name, event_handler in pairs(events_hooked) do
2584 aaff2716f022 mod_firewall: Compatibility fix for 0.9 (no module:unhook()) Matthew Wild <mwild1@gmail.com> parents: 2583 diff changeset	624	module_unhook(event_name, event_handler);
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	625	events_hooked[event_name] = nil;
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	626	end
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	627	loaded_scripts[script] = nil;
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	628	if not is_reload then
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	629	module:log("debug", "Unloaded %s", script);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	630	end
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	631	end
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	632
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	633	-- Given a set of scripts (e.g. from config) figure out which ones need to
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	634	-- be loaded, which are already loaded but need unloading, and which to reload
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	635	function load_unload_scripts(script_list)
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	636	local wanted_scripts = script_list / resolve_script_path;
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	637	local currently_loaded = set.new(it.to_array(it.keys(loaded_scripts)));
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	638	local scripts_to_unload = currently_loaded - wanted_scripts;
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	639	for script in wanted_scripts do
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	640	-- If the script is already loaded, this is fine - it will
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	641	-- reload the script for us if the file has changed
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	642	load_script(script);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	643	end
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	644	for script in scripts_to_unload do
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	645	unload_script(script);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	646	end
2578 f65c5927ee8e mod_firewall: Factor out script loading Matthew Wild <mwild1@gmail.com> parents: 2577 diff changeset	647	end
f65c5927ee8e mod_firewall: Factor out script loading Matthew Wild <mwild1@gmail.com> parents: 2577 diff changeset	648
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	649	function module.load()
1052 80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	650	if not prosody.arg then return end -- Don't run in prosodyctl
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	651	local firewall_scripts = module:get_option_set("firewall_scripts", {});
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	652	load_unload_scripts(firewall_scripts);
999 197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	653	-- Replace contents of definitions table (shared) with active definitions
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	654	for k in it.keys(definitions) do definitions[k] = nil; end
197af8440ffb mod_firewall: Make defining objects generic (currently zones and rate limits), so more can easily be added. Also a syntax change... definition lines must begin with % Matthew Wild <mwild1@gmail.com> parents: 998 diff changeset	655	for k,v in pairs(active_definitions) do definitions[k] = v; end
947 c91cac3b823f mod_firewall: General stanza filtering plugin with a declarative rule-based syntax Matthew Wild <mwild1@gmail.com> parents: diff changeset	656	end
1052 80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	657
2582 6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	658	function module.save()
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	659	return { active_definitions = active_definitions, loaded_scripts = loaded_scripts };
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	660	end
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	661
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	662	function module.restore(state)
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	663	active_definitions = state.active_definitions;
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	664	loaded_scripts = state.loaded_scripts;
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	665	end
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	666
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	667	module:hook_global("config-reloaded", function ()
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	668	load_unload_scripts(module:get_option_set("firewall_scripts", {}));
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	669	end);
6dbd07f9a868 mod_firewall: Various improvements allowing dynamic load/reload/unload of scripts Matthew Wild <mwild1@gmail.com> parents: 2578 diff changeset	670
1052 80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	671	function module.command(arg)
80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	672	if not arg[1] or arg[1] == "--help" then
80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	673	require"util.prosodyctl".show_usage([[mod_firewall <firewall.pfw>]], [[Compile files with firewall rules to Lua code]]);
80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	674	return 1;
80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	675	end
2122 643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	676	local verbose = arg[1] == "-v";
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	677	if verbose then table.remove(arg, 1); end
1052 80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	678
2589 02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules Matthew Wild <mwild1@gmail.com> parents: 2588 diff changeset	679	if arg[1] == "test" then
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules Matthew Wild <mwild1@gmail.com> parents: 2588 diff changeset	680	table.remove(arg, 1);
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules Matthew Wild <mwild1@gmail.com> parents: 2588 diff changeset	681	return module:require("test")(arg);
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules Matthew Wild <mwild1@gmail.com> parents: 2588 diff changeset	682	end
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules Matthew Wild <mwild1@gmail.com> parents: 2588 diff changeset	683
2121 5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	684	local serialize = require "util.serialization".serialize;
2122 643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	685	if verbose then
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	686	print("local logger = require \"util.logger\".init;");
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	687	print();
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	688	print("local function fire_event(name, data)\n\tmodule:fire_event(name, data)\nend");
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	689	print();
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	690	end
2121 5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	691
1052 80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	692	for _, filename in ipairs(arg) do
2370 14021c93a962 mod_firewall: Allow prefixing script paths with 'module:' to specify path relative to module file Matthew Wild <mwild1@gmail.com> parents: 2369 diff changeset	693	filename = resolve_script_path(filename);
2121 5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	694	print("do -- File "..filename);
2369 05dae9adf778 mod_firewall: Fix for when compiling on the command line and specifying multiple files Matthew Wild <mwild1@gmail.com> parents: 2368 diff changeset	695	local chain_functions = assert(compile_firewall_rules(filename));
2122 643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	696	if verbose then
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	697	print();
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	698	print("local active_definitions = "..serialize(active_definitions)..";");
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	699	print();
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	700	end
2371 3ebd3cb4d7d2 mod_firewall: When compiling on the command-line with -v, ensure chain function names are unique and valid ids Matthew Wild <mwild1@gmail.com> parents: 2370 diff changeset	701	local c = 0;
1052 80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	702	for chain, handler_code in pairs(chain_functions) do
2371 3ebd3cb4d7d2 mod_firewall: When compiling on the command-line with -v, ensure chain function names are unique and valid ids Matthew Wild <mwild1@gmail.com> parents: 2370 diff changeset	703	c = c + 1;
2121 5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	704	print("---- Chain "..chain:gsub("_", " "));
2371 3ebd3cb4d7d2 mod_firewall: When compiling on the command-line with -v, ensure chain function names are unique and valid ids Matthew Wild <mwild1@gmail.com> parents: 2370 diff changeset	705	local chain_func_name = "chain_"..tostring(c).."_"..chain:gsub("%p", "_");
2122 643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	706	if not verbose then
2371 3ebd3cb4d7d2 mod_firewall: When compiling on the command-line with -v, ensure chain function names are unique and valid ids Matthew Wild <mwild1@gmail.com> parents: 2370 diff changeset	707	print(("%s = %s;"):format(chain_func_name, handler_code:sub(8)));
2122 643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	708	else
2121 5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	709
2371 3ebd3cb4d7d2 mod_firewall: When compiling on the command-line with -v, ensure chain function names are unique and valid ids Matthew Wild <mwild1@gmail.com> parents: 2370 diff changeset	710	print(("local %s = (%s)(active_definitions, fire_event, logger(%q));"):format(chain_func_name, handler_code:sub(8), filename));
2122 643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	711	print();
2121 5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	712
2122 643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	713	local chain_definition = chains[chain];
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	714	if chain_definition and chain_definition.type == "event" then
643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	715	for _, event_name in ipairs(chain_definition) do
2371 3ebd3cb4d7d2 mod_firewall: When compiling on the command-line with -v, ensure chain function names are unique and valid ids Matthew Wild <mwild1@gmail.com> parents: 2370 diff changeset	716	print(("module:hook(%q, %s, %d);"):format(event_name, chain_func_name, chain_definition.priority or 0));
2122 643b254e75de mod_firewall: Disable more realistic output by default, activated by adding a -v flag Kim Alvefur <zash@zash.se> parents: 2121 diff changeset	717	end
2121 5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	718	end
2371 3ebd3cb4d7d2 mod_firewall: When compiling on the command-line with -v, ensure chain function names are unique and valid ids Matthew Wild <mwild1@gmail.com> parents: 2370 diff changeset	719	print(("module:hook(%q, %s, %d);"):format("firewall/chains/"..chain, chain_func_name, chain_definition.priority or 0));
2121 5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	720	end
5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	721
5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	722	print("---- End of chain "..chain);
5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	723	print();
1052 80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	724	end
2121 5aa3b93cd37a mod_firewall: Make prosodyctl command output more realistic source (not guaranteed to work) Kim Alvefur <zash@zash.se> parents: 2117 diff changeset	725	print("end -- End of file "..filename);
1052 80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	726	end
80f0a3231c59 mod_firewall: Add support for being called as a prosodyctl command Kim Alvefur <zash@zash.se> parents: 1051 diff changeset	727	end

author	Kim Alvefur <zash@zash.se>
	Sat, 24 Feb 2018 21:40:56 +0100
changeset 2898	165d2877eeac
parent 2863	22e11645a895
child 2932	b0d92332b87f
permissions	-rw-r--r--