mod_firewall: Initialize compiled chunk just once for all handlers
This should fix a case where some stateful dependencies (such as throttles)
produce separate instances for every call to new_handler(), leading to
surprising behaviour (e.g. rules executed via JUMP CHAIN vs ::deliver would
have separate rate limits).
This also adds better error handling in case the compiled code fails to run
for some reason.
--- a/mod_firewall/mod_firewall.lua Thu Apr 27 20:56:24 2023 +0200
+++ b/mod_firewall/mod_firewall.lua Fri Apr 28 13:27:06 2023 +0100
@@ -558,8 +558,12 @@
local function fire_event(name, data)
return module:fire_event(name, data);
end
+ local init_ok, initialized_chunk = pcall(chunk);
+ if not init_ok then
+ return nil, "Error initializing compiled rules: "..initialized_chunk;
+ end
return function (pass_return)
- return chunk()(active_definitions, fire_event, logger(filename), module, pass_return); -- Returns event handler with upvalues
+ return initialized_chunk(active_definitions, fire_event, logger(filename), module, pass_return); -- Returns event handler with upvalues
end
end