|
 |
725d6a |
From 0f94133731fa497b04744fa4a37cfa5fd5e45fab Mon Sep 17 00:00:00 2001
|
|
|
725d6a |
From: Eric Garver <eric@garver.life>
|
|
|
725d6a |
Date: Wed, 26 Aug 2020 11:38:36 -0400
|
|
|
725d6a |
Subject: [PATCH 57/62] fix(policy): cache rule_str for rich rules
|
|
|
725d6a |
|
|
|
725d6a |
There are various areas that we use list comprehensions to convert
|
|
|
725d6a |
Rich_Rule to rule_str. This isn't cheap. Let's just cache the rule_str
|
|
|
725d6a |
and avoid the cost.
|
|
|
725d6a |
|
|
|
725d6a |
Fixes: rhbz 1871298
|
|
|
725d6a |
(cherry picked from commit 5402724221a3dddc9c139663d28ababed4057cc6)
|
|
|
725d6a |
(cherry picked from commit 763b07972fd80e7b2f28b29efe812b92f6dff1d1)
|
|
|
725d6a |
---
|
|
|
725d6a |
src/firewall/core/io/zone.py | 17 ++++++++---------
|
|
|
725d6a |
1 file changed, 8 insertions(+), 9 deletions(-)
|
|
|
725d6a |
|
|
|
725d6a |
diff --git a/src/firewall/core/io/zone.py b/src/firewall/core/io/zone.py
|
|
|
725d6a |
index 529b92c25b62..ec81762be100 100644
|
|
|
725d6a |
--- a/src/firewall/core/io/zone.py
|
|
|
725d6a |
+++ b/src/firewall/core/io/zone.py
|
|
|
725d6a |
@@ -120,6 +120,7 @@ class Zone(IO_Object):
|
|
|
725d6a |
self.sources = [ ]
|
|
|
725d6a |
self.fw_config = None # to be able to check services and a icmp_blocks
|
|
|
725d6a |
self.rules = [ ]
|
|
|
725d6a |
+ self.rules_str = [ ]
|
|
|
725d6a |
self.icmp_block_inversion = False
|
|
|
725d6a |
self.combined = False
|
|
|
725d6a |
self.applied = False
|
|
|
725d6a |
@@ -141,6 +142,7 @@ class Zone(IO_Object):
|
|
|
725d6a |
del self.sources[:]
|
|
|
725d6a |
self.fw_config = None # to be able to check services and a icmp_blocks
|
|
|
725d6a |
del self.rules[:]
|
|
|
725d6a |
+ del self.rules_str[:]
|
|
|
725d6a |
self.icmp_block_inversion = False
|
|
|
725d6a |
self.combined = False
|
|
|
725d6a |
self.applied = False
|
|
|
725d6a |
@@ -163,17 +165,13 @@ class Zone(IO_Object):
|
|
|
725d6a |
self.interfaces = [u2b_if_py2(i) for i in self.interfaces]
|
|
|
725d6a |
self.sources = [u2b_if_py2(s) for s in self.sources]
|
|
|
725d6a |
self.rules = [u2b_if_py2(s) for s in self.rules]
|
|
|
725d6a |
-
|
|
|
725d6a |
- def __getattr__(self, name):
|
|
|
725d6a |
- if name == "rules_str":
|
|
|
725d6a |
- rules_str = [str(rule) for rule in self.rules]
|
|
|
725d6a |
- return rules_str
|
|
|
725d6a |
- else:
|
|
|
725d6a |
- return getattr(super(Zone, self), name)
|
|
|
725d6a |
+ self.rules_str = [u2b_if_py2(s) for s in self.rules_str]
|
|
|
725d6a |
|
|
|
725d6a |
def __setattr__(self, name, value):
|
|
|
725d6a |
if name == "rules_str":
|
|
|
725d6a |
self.rules = [rich.Rich_Rule(rule_str=s) for s in value]
|
|
|
725d6a |
+ # must convert back to string to get the canonical string.
|
|
|
725d6a |
+ super(Zone, self).__setattr__(name, [str(s) for s in self.rules])
|
|
|
725d6a |
else:
|
|
|
725d6a |
super(Zone, self).__setattr__(name, value)
|
|
|
725d6a |
|
|
|
725d6a |
@@ -307,6 +305,7 @@ class Zone(IO_Object):
|
|
|
725d6a |
self.source_ports.append(port)
|
|
|
725d6a |
for rule in zone.rules:
|
|
|
725d6a |
self.rules.append(rule)
|
|
|
725d6a |
+ self.rules_str.append(str(rule))
|
|
|
725d6a |
if zone.icmp_block_inversion:
|
|
|
725d6a |
self.icmp_block_inversion = True
|
|
|
725d6a |
|
|
|
725d6a |
@@ -687,9 +686,9 @@ class zone_ContentHandler(IO_Object_ContentHandler):
|
|
|
725d6a |
except Exception as e:
|
|
|
725d6a |
log.warning("%s: %s", e, str(self._rule))
|
|
|
725d6a |
else:
|
|
|
725d6a |
- if str(self._rule) not in \
|
|
|
725d6a |
- [ str(x) for x in self.item.rules ]:
|
|
|
725d6a |
+ if str(self._rule) not in self.item.rules_str:
|
|
|
725d6a |
self.item.rules.append(self._rule)
|
|
|
725d6a |
+ self.item.rules_str.append(str(self._rule))
|
|
|
725d6a |
else:
|
|
|
725d6a |
log.warning("Rule '%s' already set, ignoring.",
|
|
|
725d6a |
str(self._rule))
|
|
|
725d6a |
--
|
|
|
725d6a |
2.28.0
|
|
|
725d6a |
|