niceness on firegex process

2025-03-26 22:25:09 +01:00
parent d832c3cd98
commit d4b2b6c72d
6 changed files with 18 additions and 4 deletions
--- a/backend/docker-entrypoint.sh
+++ b/backend/docker-entrypoint.sh
@@ -2,5 +2,5 @@

 chown nobody -R /execute/

-exec capsh --caps="cap_net_admin+eip cap_setpcap,cap_setuid,cap_setgid+ep" \
-    --keep=1 --user=nobody --addamb=cap_net_admin -- -c "python3 /execute/app.py DOCKER"
+exec capsh --caps="cap_net_admin,cap_setpcap,cap_setuid,cap_setgid,cap_sys_nice+eip" \
+    --keep=1 --user=nobody --addamb=cap_net_admin,cap_sys_nice -- -c "python3 /execute/app.py DOCKER"
--- a/backend/modules/nfproxy/firegex.py
+++ b/backend/modules/nfproxy/firegex.py
@@ -7,6 +7,7 @@ from fastapi import HTTPException
 import time
 from utils import run_func
 from utils import DEBUG
+from utils import nicenessify

 nft = FiregexTables()

@@ -95,6 +96,7 @@ class FiregexInterceptor:
                "FIREGEX_NFPROXY_SOCK": self.sock_path
            },
        )
+        nicenessify(-10, self.process.pid)
        self.outstrem_task = asyncio.create_task(self._stream_handler())
        try:
            async with asyncio.timeout(3):
--- a/backend/modules/nfregex/firegex.py
+++ b/backend/modules/nfregex/firegex.py
@@ -6,6 +6,7 @@ import asyncio
 import traceback
 from utils import DEBUG
 from fastapi import HTTPException
+from utils import nicenessify

 nft = FiregexTables()

@@ -106,6 +107,7 @@ class FiregexInterceptor:
                "FIREGEX_NFQUEUE_FAIL_OPEN": "1" if self.srv.fail_open else "0",
            },
        )
+        nicenessify(-10, self.process.pid)
        line_fut = self.process.stdout.readuntil()
        try:
            line_fut = await asyncio.wait_for(line_fut, timeout=3)
--- a/backend/utils/init.py
+++ b/backend/utils/init.py
@@ -207,3 +207,12 @@ def register_event(sio_server: AsyncServer, event_name: str, model: BaseModel, r
        return wrapper
    return decorator

+def nicenessify(priority:int, pid:int|None=None):
+    try:
+        pid = os.getpid() if pid is None else pid
+        ps = psutil.Process(pid)
+        if os.name == 'posix':
+            ps.nice(priority)
+    except Exception as e:
+        print(f"Error setting priority: {e} {traceback.format_exc()}")
+        pass
--- a/start.py
+++ b/start.py
@@ -184,7 +184,8 @@ def write_compose(skip_password = True):
                            }
                        ],
                        "cap_add": [
-                            "NET_ADMIN"
+                            "NET_ADMIN",
+                            "SYS_NICE"
                        ]
                    }
                },
--- a/tests/comparemark.py
+++ b/tests/comparemark.py
@@ -196,7 +196,7 @@ elif args.module == "nfproxy":
    for _ in range(args.number_of_values):
        #Get baseline reading 
        data = getReading(args.port)
-        puts("Baseline nfregex with no filter: ", color=colors.blue, end='')
+        puts("Baseline nfproxy with no filter: ", color=colors.blue, end='')
        no_filters.append(data)
        print(f"{data} MB/s")