From f399e875f98ce20f024caa8228e58290136d8a06 Mon Sep 17 00:00:00 2001 From: sherlock2010 <15151851377@163.com> Date: Fri, 5 Jul 2024 07:36:25 +0000 Subject: [PATCH] bugfix sync --- ...nm-release-NM-client-after-a-timeout.patch | 61 +++++++++++++++++++ firewalld.spec | 12 +++- 2 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 backport-fix-nm-release-NM-client-after-a-timeout.patch diff --git a/backport-fix-nm-release-NM-client-after-a-timeout.patch b/backport-fix-nm-release-NM-client-after-a-timeout.patch new file mode 100644 index 0000000..b4c22a9 --- /dev/null +++ b/backport-fix-nm-release-NM-client-after-a-timeout.patch @@ -0,0 +1,61 @@ +From eb76e2a80a43481da7a54ff784edf1c76651db96 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 22 Nov 2023 12:10:09 -0500 +Subject: [PATCH] fix(nm): release NM client after a timeout + +Conflict: NA +Reference: https://github.com/firewalld/firewalld/commit/eb76e2a80a43481da7a54ff784edf1c76651db96 + +libnm will accumulate a bunch of data, e.g. routes, that is irrelevant +to firewalld. To avoid unbound growth in memory we can destroy the +client and reinitialize it when we query NM. + +Fixes: #1232 +--- + src/firewall/core/fw_nm.py | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/src/firewall/core/fw_nm.py b/src/firewall/core/fw_nm.py +index 0e38dd4..c1f8e1d 100644 +--- a/src/firewall/core/fw_nm.py ++++ b/src/firewall/core/fw_nm.py +@@ -39,6 +39,7 @@ else: + except (ImportError, ValueError, GLib.Error): + _nm_imported = False + _nm_client = None ++_nm_client_timeout = None + + from firewall import errors + from firewall.errors import FirewallError +@@ -61,9 +62,28 @@ def nm_get_client(): + """Returns the NM client object or None if the import of NM failed + @return NM.Client instance if import was successful, None otherwise + """ ++ ++ def _release(): ++ """ ++ Release the client to avoid excess memory usage when libnm pushes ++ irrelevant (to firewalld) updates. ++ """ ++ global _nm_client ++ global _nm_client_timeout ++ _nm_client = None ++ _nm_client_timeout = None ++ + global _nm_client ++ global _nm_client_timeout ++ + if not _nm_client: + _nm_client = NM.Client.new(None) ++ else: ++ # refresh timer ++ GLib.source_remove(_nm_client_timeout) ++ ++ _nm_client_timeout = GLib.timeout_add_seconds(5, _release) ++ + return _nm_client + + def nm_get_zone_of_connection(connection): +-- +2.33.0 + diff --git a/firewalld.spec b/firewalld.spec index 3dac5eb..fe90ecb 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -1,6 +1,6 @@ Name: firewalld Version: 0.6.6 -Release: 7 +Release: 8 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPLv2+ URL: http://www.firewalld.org @@ -11,13 +11,14 @@ Patch0: firewalld-0.2.6-MDNS-default.patch Patch1: 0001-fedora-patch-to-default-to-iptables-backend.patch Patch2: add-Restart-on-failure-on-firewalld.service.patch Patch3: fix-config-Specify-the-translation-encoding-format-a.patch +Patch4: backport-fix-nm-release-NM-client-after-a-timeout.patch BuildArch: noarch BuildRequires: autoconf automake desktop-file-utils gettext intltool glib2 glib2-devel systemd-units docbook-style-xsl BuildRequires: libxslt iptables ebtables ipset nftables python3-devel -Requires: iptables ebtables ipset systemd hicolor-icon-theme python3-gobject NetworkManager-libnm dbus-x11 gtk3 +Requires: iptables iptables-nft ipset systemd hicolor-icon-theme python3-gobject NetworkManager-libnm dbus-x11 gtk3 Requires: nftables >= 0.9.0 python3-firewall = %{version}-%{release} %{name}-doc Obsoletes: firewalld-selinux < 0.4.4.2-2 @@ -195,6 +196,13 @@ fi %changelog +* Fri Jul 05 2024 zhouyihang - 0.6.6-8 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:To reduce unnecessary loading of ebtables-related kernel modules + fix(nm): release NM client after a timeout + * Thu Dec 29 2022 yanglu - 0.6.6-7 - Type:bugfix - ID:NA -- Gitee