From b328f5021ef0c9fcb7c27a00a51e3b85ce3dd4bd Mon Sep 17 00:00:00 2001 From: sherlock2010 <15151851377@163.com> Date: Fri, 5 Jul 2024 06:09:32 +0000 Subject: [PATCH] fix(nm): release NM client after a timeout (cherry picked from commit 0b0813ba54b315a2b73f5e583da5811edc62ccee) --- ...nm-release-NM-client-after-a-timeout.patch | 61 +++++++++++++++++++ firewalld.spec | 10 ++- 2 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 backport-fix-nm-release-NM-client-after-a-timeout.patch diff --git a/backport-fix-nm-release-NM-client-after-a-timeout.patch b/backport-fix-nm-release-NM-client-after-a-timeout.patch new file mode 100644 index 0000000..b4c22a9 --- /dev/null +++ b/backport-fix-nm-release-NM-client-after-a-timeout.patch @@ -0,0 +1,61 @@ +From eb76e2a80a43481da7a54ff784edf1c76651db96 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 22 Nov 2023 12:10:09 -0500 +Subject: [PATCH] fix(nm): release NM client after a timeout + +Conflict: NA +Reference: https://github.com/firewalld/firewalld/commit/eb76e2a80a43481da7a54ff784edf1c76651db96 + +libnm will accumulate a bunch of data, e.g. routes, that is irrelevant +to firewalld. To avoid unbound growth in memory we can destroy the +client and reinitialize it when we query NM. + +Fixes: #1232 +--- + src/firewall/core/fw_nm.py | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/src/firewall/core/fw_nm.py b/src/firewall/core/fw_nm.py +index 0e38dd4..c1f8e1d 100644 +--- a/src/firewall/core/fw_nm.py ++++ b/src/firewall/core/fw_nm.py +@@ -39,6 +39,7 @@ else: + except (ImportError, ValueError, GLib.Error): + _nm_imported = False + _nm_client = None ++_nm_client_timeout = None + + from firewall import errors + from firewall.errors import FirewallError +@@ -61,9 +62,28 @@ def nm_get_client(): + """Returns the NM client object or None if the import of NM failed + @return NM.Client instance if import was successful, None otherwise + """ ++ ++ def _release(): ++ """ ++ Release the client to avoid excess memory usage when libnm pushes ++ irrelevant (to firewalld) updates. ++ """ ++ global _nm_client ++ global _nm_client_timeout ++ _nm_client = None ++ _nm_client_timeout = None ++ + global _nm_client ++ global _nm_client_timeout ++ + if not _nm_client: + _nm_client = NM.Client.new(None) ++ else: ++ # refresh timer ++ GLib.source_remove(_nm_client_timeout) ++ ++ _nm_client_timeout = GLib.timeout_add_seconds(5, _release) ++ + return _nm_client + + def nm_get_zone_of_connection(connection): +-- +2.33.0 + diff --git a/firewalld.spec b/firewalld.spec index bb0202b..829f394 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -1,6 +1,6 @@ Name: firewalld Version: 1.0.2 -Release: 8 +Release: 9 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall License: GPLv2+ URL: http://www.firewalld.org @@ -20,6 +20,8 @@ Patch8: 0001-fix-config-Specify-the-translation-encoding-format-a.patch Patch9: backport-chore-nftables-add-delete-table-helper.patch Patch10: backport-fix-nftables-always-flush-main-table-on-start.patch +Patch11: backport-fix-nm-release-NM-client-after-a-timeout.patch + BuildArch: noarch BuildRequires: autoconf automake desktop-file-utils gettext intltool glib2 glib2-devel systemd-units docbook-style-xsl BuildRequires: libxslt iptables ebtables ipset python3-devel @@ -241,6 +243,12 @@ sed -i "s/CleanupModulesOnExit=no/CleanupModulesOnExit=yes/g" %{_sysconfdir}/fir %{_datadir}/firewalld/testsuite/python/firewalld_test.py %changelog +* Fri Jul 05 2024 zhouyihang - 1.0.2-9 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix(nm): release NM client after a timeout + * Fri Jun 07 2024 zhouyihang - 1.0.2-8 - Type:requirement - ID:NA -- Gitee