From d4b2b6c72df30d9ee19fa56e5e005bc6f3395547 Mon Sep 17 00:00:00 2001 From: Domingo Dirutigliano Date: Wed, 26 Mar 2025 22:25:09 +0100 Subject: [PATCH] niceness on firegex process --- backend/docker-entrypoint.sh | 4 ++-- backend/modules/nfproxy/firegex.py | 2 ++ backend/modules/nfregex/firegex.py | 2 ++ backend/utils/__init__.py | 9 +++++++++ start.py | 3 ++- tests/comparemark.py | 2 +- 6 files changed, 18 insertions(+), 4 deletions(-) diff --git a/backend/docker-entrypoint.sh b/backend/docker-entrypoint.sh index b329d1d..3db67b8 100644 --- a/backend/docker-entrypoint.sh +++ b/backend/docker-entrypoint.sh @@ -2,5 +2,5 @@ chown nobody -R /execute/ -exec capsh --caps="cap_net_admin+eip cap_setpcap,cap_setuid,cap_setgid+ep" \ - --keep=1 --user=nobody --addamb=cap_net_admin -- -c "python3 /execute/app.py DOCKER" +exec capsh --caps="cap_net_admin,cap_setpcap,cap_setuid,cap_setgid,cap_sys_nice+eip" \ + --keep=1 --user=nobody --addamb=cap_net_admin,cap_sys_nice -- -c "python3 /execute/app.py DOCKER" diff --git a/backend/modules/nfproxy/firegex.py b/backend/modules/nfproxy/firegex.py index 821f116..9ef3fef 100644 --- a/backend/modules/nfproxy/firegex.py +++ b/backend/modules/nfproxy/firegex.py @@ -7,6 +7,7 @@ from fastapi import HTTPException import time from utils import run_func from utils import DEBUG +from utils import nicenessify nft = FiregexTables() @@ -95,6 +96,7 @@ class FiregexInterceptor: "FIREGEX_NFPROXY_SOCK": self.sock_path }, ) + nicenessify(-10, self.process.pid) self.outstrem_task = asyncio.create_task(self._stream_handler()) try: async with asyncio.timeout(3): diff --git a/backend/modules/nfregex/firegex.py b/backend/modules/nfregex/firegex.py index 701ca9d..3d62666 100644 --- a/backend/modules/nfregex/firegex.py +++ b/backend/modules/nfregex/firegex.py @@ -6,6 +6,7 @@ import asyncio import traceback from utils import DEBUG from fastapi import HTTPException +from utils import nicenessify nft = FiregexTables() @@ -106,6 +107,7 @@ class FiregexInterceptor: "FIREGEX_NFQUEUE_FAIL_OPEN": "1" if self.srv.fail_open else "0", }, ) + nicenessify(-10, self.process.pid) line_fut = self.process.stdout.readuntil() try: line_fut = await asyncio.wait_for(line_fut, timeout=3) diff --git a/backend/utils/__init__.py b/backend/utils/__init__.py index c4fc13d..b18b80f 100644 --- a/backend/utils/__init__.py +++ b/backend/utils/__init__.py @@ -207,3 +207,12 @@ def register_event(sio_server: AsyncServer, event_name: str, model: BaseModel, r return wrapper return decorator +def nicenessify(priority:int, pid:int|None=None): + try: + pid = os.getpid() if pid is None else pid + ps = psutil.Process(pid) + if os.name == 'posix': + ps.nice(priority) + except Exception as e: + print(f"Error setting priority: {e} {traceback.format_exc()}") + pass diff --git a/start.py b/start.py index f6dfcb0..78c76c5 100755 --- a/start.py +++ b/start.py @@ -184,7 +184,8 @@ def write_compose(skip_password = True): } ], "cap_add": [ - "NET_ADMIN" + "NET_ADMIN", + "SYS_NICE" ] } }, diff --git a/tests/comparemark.py b/tests/comparemark.py index c9a36df..36ed467 100644 --- a/tests/comparemark.py +++ b/tests/comparemark.py @@ -196,7 +196,7 @@ elif args.module == "nfproxy": for _ in range(args.number_of_values): #Get baseline reading data = getReading(args.port) - puts("Baseline nfregex with no filter: ", color=colors.blue, end='') + puts("Baseline nfproxy with no filter: ", color=colors.blue, end='') no_filters.append(data) print(f"{data} MB/s")