Hi Tom
Would you be amenable to optimising detect_configuration for the special
case of calling "enable iface_x"?
I use busybox on a smallish system (Alix 500Mhz) with 15 potential
providers enabled (generally only 3-5 will be available, but the rest
are there as dynamic options.
As standard:
$ time /bin/sh /var/lib/shorewall/firewall enable ppp0
Device "lan4" does not exist.
Cannot find device "lan4"
Device "wlan3" does not exist.
Cannot find device "wlan3"
Device "wlan2" does not exist.
Cannot find device "wlan2"
Device "lan3" does not exist.
Cannot find device "lan3"
Device "lan3" does not exist.
Device "lan4" does not exist.
Device "wlan2" does not exist.
Device "wlan3" does not exist.
Device "ppp1" does not exist.
Device "ppp2" does not exist.
Device "ppp3" does not exist.
Device "ppp10" does not exist.
Device "ppp11" does not exist.
Device "ppp12" does not exist.
Device "ppp13" does not exist.
ERROR: Interface ppp0 is already enabled: Firewall state not changed
Command terminated by signal 15
real 0m 2.03s
user 0m 0.40s
sys 0m 0.73s
However, if I comment out all the tests in detect_config except ppp0,
then I get something like:
root@redbox-DEV $ time /bin/sh /var/lib/shorewall/firewall enable ppp0
ERROR: Interface ppp0 is already enabled: Firewall state not changed
Command terminated by signal 15
real 0m 0.13s
user 0m 0.06s
sys 0m 0.05s
Whilst most users might not care about 2 seconds, I'm using this on a
satellite service which costs around $1.50/min, so the dynamic up/down
period is kept as short as possible. You might remember you originally
implemented the enable/disable based on a feature request from me in
order to optimise me needing to do 'shorewall restart' which is slow for me?
My suggestion on practical ways to implement this would be for
'detect_config()' to take an optional interface parameter. Then each of
the stanzas can be wrapped in a conditional and only run if either the
param is empty or set to detect that specific interface.
My simple benchmarks suggest that slowest function for me is
'interface_is_usable', consuming about 1s. Then 'detect_gateway' which
consumes about 0.7s, the remainder is
'find_first_interface_address_if_any'. Note these benchmarks and
observations run against shorewall 4.6.6.1.
Thanks for considering this?
Ed W
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
