From 0f94133731fa497b04744fa4a37cfa5fd5e45fab Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Wed, 26 Aug 2020 11:38:36 -0400 Subject: [PATCH 57/62] fix(policy): cache rule_str for rich rules There are various areas that we use list comprehensions to convert Rich_Rule to rule_str. This isn't cheap. Let's just cache the rule_str and avoid the cost. Fixes: rhbz 1871298 (cherry picked from commit 5402724221a3dddc9c139663d28ababed4057cc6) (cherry picked from commit 763b07972fd80e7b2f28b29efe812b92f6dff1d1) --- src/firewall/core/io/zone.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/src/firewall/core/io/zone.py b/src/firewall/core/io/zone.py index 529b92c25b62..ec81762be100 100644 --- a/src/firewall/core/io/zone.py +++ b/src/firewall/core/io/zone.py @@ -120,6 +120,7 @@ class Zone(IO_Object): self.sources = [ ] self.fw_config = None # to be able to check services and a icmp_blocks self.rules = [ ] + self.rules_str = [ ] self.icmp_block_inversion = False self.combined = False self.applied = False @@ -141,6 +142,7 @@ class Zone(IO_Object): del self.sources[:] self.fw_config = None # to be able to check services and a icmp_blocks del self.rules[:] + del self.rules_str[:] self.icmp_block_inversion = False self.combined = False self.applied = False @@ -163,17 +165,13 @@ class Zone(IO_Object): self.interfaces = [u2b_if_py2(i) for i in self.interfaces] self.sources = [u2b_if_py2(s) for s in self.sources] self.rules = [u2b_if_py2(s) for s in self.rules] - - def __getattr__(self, name): - if name == "rules_str": - rules_str = [str(rule) for rule in self.rules] - return rules_str - else: - return getattr(super(Zone, self), name) + self.rules_str = [u2b_if_py2(s) for s in self.rules_str] def __setattr__(self, name, value): if name == "rules_str": self.rules = [rich.Rich_Rule(rule_str=s) for s in value] + # must convert back to string to get the canonical string. + super(Zone, self).__setattr__(name, [str(s) for s in self.rules]) else: super(Zone, self).__setattr__(name, value) @@ -307,6 +305,7 @@ class Zone(IO_Object): self.source_ports.append(port) for rule in zone.rules: self.rules.append(rule) + self.rules_str.append(str(rule)) if zone.icmp_block_inversion: self.icmp_block_inversion = True @@ -687,9 +686,9 @@ class zone_ContentHandler(IO_Object_ContentHandler): except Exception as e: log.warning("%s: %s", e, str(self._rule)) else: - if str(self._rule) not in \ - [ str(x) for x in self.item.rules ]: + if str(self._rule) not in self.item.rules_str: self.item.rules.append(self._rule) + self.item.rules_str.append(str(self._rule)) else: log.warning("Rule '%s' already set, ignoring.", str(self._rule)) -- 2.28.0