|
|
699691 |
From 748065d9d6a90548ecf07a62bf4cc0ab77696994 Mon Sep 17 00:00:00 2001
|
|
|
699691 |
From: Eric Garver <eric@garver.life>
|
|
|
699691 |
Date: Wed, 26 Aug 2020 11:38:36 -0400
|
|
|
699691 |
Subject: [PATCH 157/158] fix(policy): cache rule_str for rich rules
|
|
|
699691 |
|
|
|
699691 |
There are various areas that we use list comprehensions to convert
|
|
|
699691 |
Rich_Rule to rule_str. This isn't cheap. Let's just cache the rule_str
|
|
|
699691 |
and avoid the cost.
|
|
|
699691 |
|
|
|
699691 |
Fixes: rhbz 1871298
|
|
|
699691 |
(cherry picked from commit 5402724221a3dddc9c139663d28ababed4057cc6)
|
|
|
699691 |
(cherry picked from commit cc44042543a92393334d712ba8c3f3828aac33fb)
|
|
|
699691 |
---
|
|
|
699691 |
src/firewall/core/io/zone.py | 17 ++++++++---------
|
|
|
699691 |
1 file changed, 8 insertions(+), 9 deletions(-)
|
|
|
699691 |
|
|
|
699691 |
diff --git a/src/firewall/core/io/zone.py b/src/firewall/core/io/zone.py
|
|
|
699691 |
index 05368e9c73eb..57a43ce1e0ef 100644
|
|
|
699691 |
--- a/src/firewall/core/io/zone.py
|
|
|
699691 |
+++ b/src/firewall/core/io/zone.py
|
|
|
699691 |
@@ -120,6 +120,7 @@ class Zone(IO_Object):
|
|
|
699691 |
self.sources = [ ]
|
|
|
699691 |
self.fw_config = None # to be able to check services and a icmp_blocks
|
|
|
699691 |
self.rules = [ ]
|
|
|
699691 |
+ self.rules_str = [ ]
|
|
|
699691 |
self.icmp_block_inversion = False
|
|
|
699691 |
self.combined = False
|
|
|
699691 |
self.applied = False
|
|
|
699691 |
@@ -141,6 +142,7 @@ class Zone(IO_Object):
|
|
|
699691 |
del self.sources[:]
|
|
|
699691 |
self.fw_config = None # to be able to check services and a icmp_blocks
|
|
|
699691 |
del self.rules[:]
|
|
|
699691 |
+ del self.rules_str[:]
|
|
|
699691 |
self.icmp_block_inversion = False
|
|
|
699691 |
self.combined = False
|
|
|
699691 |
self.applied = False
|
|
|
699691 |
@@ -163,17 +165,13 @@ class Zone(IO_Object):
|
|
|
699691 |
self.interfaces = [u2b_if_py2(i) for i in self.interfaces]
|
|
|
699691 |
self.sources = [u2b_if_py2(s) for s in self.sources]
|
|
|
699691 |
self.rules = [u2b_if_py2(s) for s in self.rules]
|
|
|
699691 |
-
|
|
|
699691 |
- def __getattr__(self, name):
|
|
|
699691 |
- if name == "rules_str":
|
|
|
699691 |
- rules_str = [str(rule) for rule in self.rules]
|
|
|
699691 |
- return rules_str
|
|
|
699691 |
- else:
|
|
|
699691 |
- return getattr(super(Zone, self), name)
|
|
|
699691 |
+ self.rules_str = [u2b_if_py2(s) for s in self.rules_str]
|
|
|
699691 |
|
|
|
699691 |
def __setattr__(self, name, value):
|
|
|
699691 |
if name == "rules_str":
|
|
|
699691 |
self.rules = [rich.Rich_Rule(rule_str=s) for s in value]
|
|
|
699691 |
+ # must convert back to string to get the canonical string.
|
|
|
699691 |
+ super(Zone, self).__setattr__(name, [str(s) for s in self.rules])
|
|
|
699691 |
else:
|
|
|
699691 |
super(Zone, self).__setattr__(name, value)
|
|
|
699691 |
|
|
|
699691 |
@@ -292,6 +290,7 @@ class Zone(IO_Object):
|
|
|
699691 |
self.source_ports.append(port)
|
|
|
699691 |
for rule in zone.rules:
|
|
|
699691 |
self.rules.append(rule)
|
|
|
699691 |
+ self.rules_str.append(str(rule))
|
|
|
699691 |
if zone.icmp_block_inversion:
|
|
|
699691 |
self.icmp_block_inversion = True
|
|
|
699691 |
|
|
|
699691 |
@@ -669,9 +668,9 @@ class zone_ContentHandler(IO_Object_ContentHandler):
|
|
|
699691 |
except Exception as e:
|
|
|
699691 |
log.warning("%s: %s", e, str(self._rule))
|
|
|
699691 |
else:
|
|
|
699691 |
- if str(self._rule) not in \
|
|
|
699691 |
- [ str(x) for x in self.item.rules ]:
|
|
|
699691 |
+ if str(self._rule) not in self.item.rules_str:
|
|
|
699691 |
self.item.rules.append(self._rule)
|
|
|
699691 |
+ self.item.rules_str.append(str(self._rule))
|
|
|
699691 |
else:
|
|
|
699691 |
log.warning("Rule '%s' already set, ignoring.",
|
|
|
699691 |
str(self._rule))
|
|
|
699691 |
--
|
|
|
699691 |
2.27.0
|
|
|
699691 |
|