log entry 2013-02-24

iptables-optimizer 95% tested

The optimizer grew as well, tests have been build in. Recently I found a nice abstract description of what I'm doing here, partition is a wording from settheory:

definition

This exactly describes my view of a chain divided into parts.

def make_partitions(self):
    """make_partitions creates a list of 2-Elements-lists,
    each representing a consecutive sequence with ACCEPT,
    DROP, or the like. One 2-Element-list is called a
    partition, it is [p_strt, p_ende], and taken form self.liste
    Numbers in partions are Element-Positions, not indices!
    It returns len(self.partitions), used for testing purpose.
    """
    self.partitions = []              # start with empty list
    p_policy = "DROP"
    p_po_old = None
    p_strt = 1
    p_ende = 1
    last = len(self.liste)
    for index in range(0, last):      # iterate complete list
        rule_txt = ""
        for k in self.liste[index]:
            rule_txt = rule_txt + k + " "
        if "ACCEPT" in rule_txt:
            p_policy = "ACCEPT"
        elif "DROP" in rule_txt:
            p_policy = "DROP"
        elif "REJECT" in rule_txt:
            p_policy = "REJECT"     # we have mercy with LOG or the like
        if p_po_old == None:        # initialize old value once
            p_po_old = p_policy

        if (p_policy == p_po_old):
            p_ende = index + 1
        else:
            self.partitions.append([p_strt, p_ende])
            p_strt = index + 1
        p_ende = index + 1
        p_po_old = p_policy
    # special case: no rules in chain
    if len(self.liste) == 0:
        self.partitions = []
    elif len(self.liste) == 1:
        self.partitions = [[1, 1]]
    else:
        self.partitions.append([p_strt, p_ende])
    retVal = len(self.partitions)
    return retVal

It was a bit tricky to catch all the cases, some tests showed errors in the code, which means the code produced wrong results. Testing is great.

hans@jha:~/gh/opti$ nosetests -v --with-coverage  iptables_optimizer_tests.py
test_01_create_chainobject (iptables_optimizer_tests.Chain_Test) ... ok
test_02_make_partitions_0 (iptables_optimizer_tests.Chain_Test) ... ok
test_02_make_partitions_1a (iptables_optimizer_tests.Chain_Test) ... ok
test_02_make_partitions_1d (iptables_optimizer_tests.Chain_Test) ... ok
test_02_make_partitions_1l (iptables_optimizer_tests.Chain_Test) ... ok
test_02_make_partitions_1r (iptables_optimizer_tests.Chain_Test) ... ok
test_02_make_partitions_2a (iptables_optimizer_tests.Chain_Test) ... ok
test_02_make_partitions_2ad (iptables_optimizer_tests.Chain_Test) ... ok
test_02_make_partitions_5ada (iptables_optimizer_tests.Chain_Test) ... ok
test_03_empty_opti_0 (iptables_optimizer_tests.Chain_Test) ... ok
test_03_insert_three_aaa (iptables_optimizer_tests.Chain_Test) ... ok
test_03_insert_three_aar (iptables_optimizer_tests.Chain_Test) ... ok
test_04_filter_file_NOread (iptables_optimizer_tests.Filter_Test) ... ok
test_05_filter_file_OKread (iptables_optimizer_tests.Filter_Test) ... ok
test_06_optimize_algorithm (iptables_optimizer_tests.Filter_Test) ... ok
test_07_filter_output (iptables_optimizer_tests.Filter_Test) ... ok

Name                 Stmts   Miss  Cover   Missing
--------------------------------------------------
iptables_optimizer     150      8    95%   224-231
----------------------------------------------------------------------
Ran 16 tests in 0.023s

OK

Have fun!

social