diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2021-09-10 13:58:28 +0900 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2021-09-14 20:30:09 +0900 |
commit | 84ebe6f01381c21b88e37e856956c9c9ee6781d6 (patch) | |
tree | fc82c6bb7bd8a3ac2e28636715c85358960f7b04 /src/analyze/analyze-security.c | |
parent | 60da07ecc7bb318d217810778e430399ab9a2ec7 (diff) | |
download | systemd-84ebe6f01381c21b88e37e856956c9c9ee6781d6.tar.gz |
core: replace IPAddressAccessItem with struct in_addr_prefix
Previously, if a unit file which contains n IPAddressAllow/Deny= lines,
then the computational order of parsing the file was O(n^3), as
ip_address_access_reduce(), whose order is O(n^2), is called for each line.
By replacing in_addr_prefix related functions, now the computational
order is O(n log n).
Fixes #20680.
Diffstat (limited to 'src/analyze/analyze-security.c')
-rw-r--r-- | src/analyze/analyze-security.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index c674961001..400eebbda8 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -11,7 +11,7 @@ #include "bus-util.h" #include "env-util.h" #include "format-table.h" -#include "in-addr-util.h" +#include "in-addr-prefix-util.h" #include "locale-util.h" #include "macro.h" #include "manager.h" @@ -2582,10 +2582,10 @@ static int get_security_info(Unit *u, ExecContext *c, CGroupContext *g, Security return log_oom(); } - IPAddressAccessItem *i; + struct in_addr_prefix *i; bool deny_ipv4 = false, deny_ipv6 = false; - LIST_FOREACH(items, i, g->ip_address_deny) { + SET_FOREACH(i, g->ip_address_deny) { if (i->family == AF_INET && i->prefixlen == 0) deny_ipv4 = true; else if (i->family == AF_INET6 && i->prefixlen == 0) @@ -2594,7 +2594,7 @@ static int get_security_info(Unit *u, ExecContext *c, CGroupContext *g, Security info->ip_address_deny_all = deny_ipv4 && deny_ipv6; info->ip_address_allow_localhost = info->ip_address_allow_other = false; - LIST_FOREACH(items, i, g->ip_address_allow) { + SET_FOREACH(i, g->ip_address_allow) { if (in_addr_is_localhost(i->family, &i->address)) info->ip_address_allow_localhost = true; else |