From: Michael Tremer Date: Fri, 4 Aug 2017 14:01:09 +0000 (+0000) Subject: security-policies: Cache output of proposal generators X-Git-Tag: 009~62 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e1947a760c72963b77b860959ca41dc54d75b6fb;p=network.git security-policies: Cache output of proposal generators These functions are really really slow and the output stays constants as long as the configuration is not being changed. Signed-off-by: Michael Tremer --- diff --git a/src/functions/functions.constants b/src/functions/functions.constants index c56b1be6..64dacb73 100644 --- a/src/functions/functions.constants +++ b/src/functions/functions.constants @@ -37,6 +37,7 @@ NETWORK_HOOKS_DIR=/usr/lib/network/hooks NETWORK_HELPERS_DIR=/usr/lib/network/helpers NETWORK_TRIGGERS_DIR=/usr/lib/network/triggers NETWORK_SHARE_DIR=/usr/share/network +NETWORK_CACHE_DIR=/var/cache/network NETWORK_IPSEC_CONNS_DIR="${NETWORK_CONFIG_DIR}/vpn/ipsec/connections" NETWORK_IPSEC_SWANCTL_CONNECTIONS_DIR="/etc/swanctl/connections" diff --git a/src/functions/functions.util b/src/functions/functions.util index 4b032b04..e083f6a7 100644 --- a/src/functions/functions.util +++ b/src/functions/functions.util @@ -190,7 +190,7 @@ fwrite() { assert isset file shift - if [ ! -w "${file}" ]; then + if [ -e "${file}" ] && [ ! -w "${file}" ]; then log ERROR "${file}: No such file" return ${EXIT_ERROR} fi @@ -198,6 +198,37 @@ fwrite() { print "%s" "$@" >> ${file} 2>/dev/null } +file_exists() { + local file=${1} + + [ -e "${file}" ] && return ${EXIT_TRUE} || return ${EXIT_FALSE} +} + +file_is_newer_than() { + local file1="${1}" + local file2="${2}" + + local age1=$(file_get_age "${file1}") + local age2=$(file_get_age "${file2}") + + if [ ${age1} -gt ${age2} ]; then + return ${EXIT_TRUE} + else + return ${EXIT_FALSE} + fi +} + +file_get_age() { + local file="${1}" + + if [ -e "${file}" ]; then + stat --format="%Y" "${file}" + return $? + fi + + return ${EXIT_ERROR} +} + make_parent_dir() { local path="${1}" diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies index f73670be..fef15127 100644 --- a/src/functions/functions.vpn-security-policies +++ b/src/functions/functions.vpn-security-policies @@ -893,6 +893,33 @@ vpn_security_policies_cipher_is_aead() { vpn_security_policies_make_ah_proposal() { local name=${1} + if ! vpn_security_policy_exists ${name}; then + return ${EXIT_ERROR} + fi + + local config_path="$(vpn_security_policies_path ${name})" + local cache_path="${NETWORK_CACHE_DIR}/vpn/security-policies/${name}/ah-proposal" + + # Get data from cache if possible + if file_exists "${cache_path}" && ! file_is_newer_than "${config_path}" "${cache_path}"; then + fread "${cache_path}" + return ${EXIT_OK} + fi + + # No or invalid cache data found + local proposal=$(_vpn_security_policies_make_ah_proposal "${name}") + + # Write proposal to cache + if ! make_parent_dir "${cache_path}" || ! fwrite "${cache_path}" "${proposal}"; then + log WARNING "Could not write to cache: ${cache_path}" + fi + + print "${proposal}" +} + +_vpn_security_policies_make_ah_proposal() { + local name=${1} + # Read the config settings local ${VPN_SECURITY_POLICIES_CONFIG_SETTINGS} if ! vpn_security_policies_read_config "${name}"; then @@ -942,6 +969,33 @@ vpn_security_policies_make_ah_proposal() { vpn_security_policies_make_esp_proposal() { local name=${1} + if ! vpn_security_policy_exists ${name}; then + return ${EXIT_ERROR} + fi + + local config_path="$(vpn_security_policies_path ${name})" + local cache_path="${NETWORK_CACHE_DIR}/vpn/security-policies/${name}/esp-proposal" + + # Get data from cache if possible + if file_exists "${cache_path}" && ! file_is_newer_than "${config_path}" "${cache_path}"; then + fread "${cache_path}" + return ${EXIT_OK} + fi + + # No or invalid cache data found + local proposal=$(_vpn_security_policies_make_esp_proposal "${name}") + + # Write proposal to cache + if ! make_parent_dir "${cache_path}" || ! fwrite "${cache_path}" "${proposal}"; then + log WARNING "Could not write to cache: ${cache_path}" + fi + + print "${proposal}" +} + +_vpn_security_policies_make_esp_proposal() { + local name=${1} + # Read the config settings local ${VPN_SECURITY_POLICIES_CONFIG_SETTINGS} if ! vpn_security_policies_read_config "${name}"; then