Hello, just a small FYI after discussing this with Seth on IRC some days ago:
I did some speed comparisons for the various array types and defining
them globally vs. in the function using the OP_TYPE_FILE_OR_NET array
from the patch I just sent.
The results are:
# py3, 10000000 runs
8.30721783638000 [] global
10.27099061012268 [] inside fn
8.67911791801452 () global
8.52981829643249 () inside fn
5.45463919639587 {} global
14.80267071723938 {} inside fn
It's not too surprising that defining the array inside the function
(which means to rebuild it each time the function is called) is slower,
however it's not terribly bad (the times above are from 10 000 000
runs!)
An interesting detail is that using (...) inside the function isn't
slower than using it outside. (...) arrays are read-only, so python
probably caches them after running the function the first time.
(...) and [...] keep the original sort order.
{...} doesn't care about the order. This seems to improve the lookup
speed quite a bit (but also makes building the array slower).
If you want to check yourself - my test script is attached.
Yes, I know that the definition of the global arrays isn't included in
the time measurement - but I'm quite sure this doesn't really change the
results ;-)
Regards,
Christian Boltz
--
Wir waren vor einiger Zeit schonmal "soweit fertig". Dann kam
Gerald, fand 1000 Sachen Scheisse, hat 500 Sachen nicht begriffen
und 250 falsch gemacht. :-)))))) [Ratti in fontlinge-devel]
#!/usr/bin/python3
import time
OP_TYPE_FILE_OR_NET_1 = [
# Note: op_type() also uses some startswith() checks which are not listed here!
'create',
'post_create',
'bind',
'connect',
'listen',
'accept',
'sendmsg',
'recvmsg',
'getsockname',
'getpeername',
'getsockopt',
'setsockopt',
'socket_create',
'sock_shutdown',
'open',
'truncate',
'mkdir',
'mknod',
'chmod',
'chown',
'rename_src',
'rename_dest',
'unlink',
'rmdir',
'symlink_create',
'link',
'sysctl',
'getattr',
'setattr',
'xattr',
]
OP_TYPE_FILE_OR_NET_2 = (
# Note: op_type() also uses some startswith() checks which are not listed here!
'create',
'post_create',
'bind',
'connect',
'listen',
'accept',
'sendmsg',
'recvmsg',
'getsockname',
'getpeername',
'getsockopt',
'setsockopt',
'socket_create',
'sock_shutdown',
'open',
'truncate',
'mkdir',
'mknod',
'chmod',
'chown',
'rename_src',
'rename_dest',
'unlink',
'rmdir',
'symlink_create',
'link',
'sysctl',
'getattr',
'setattr',
'xattr',
)
OP_TYPE_FILE_OR_NET_3 = {
# Note: op_type() also uses some startswith() checks which are not listed here!
'create',
'post_create',
'bind',
'connect',
'listen',
'accept',
'sendmsg',
'recvmsg',
'getsockname',
'getpeername',
'getsockopt',
'setsockopt',
'socket_create',
'sock_shutdown',
'open',
'truncate',
'mkdir',
'mknod',
'chmod',
'chown',
'rename_src',
'rename_dest',
'unlink',
'rmdir',
'symlink_create',
'link',
'sysctl',
'getattr',
'setattr',
'xattr',
}
def op_type_1a(event):
"""Returns the operation type if known, unkown otherwise"""
if ( event['operation'].startswith('file_') or event['operation'].startswith('inode_') or event['operation'] in OP_TYPE_FILE_OR_NET_1 ):
# file or network event?
if event['family'] and event['protocol'] and event['sock_type']:
# 'unix' events also use keywords like 'connect', but protocol is 0 and should therefore be filtered out
return True
elif event['denied_mask']:
return True
else:
raise AppArmorException('unknown file or network event type')
else:
return 'unknown'
def op_type_2a(event):
"""Returns the operation type if known, unkown otherwise"""
if ( event['operation'].startswith('file_') or event['operation'].startswith('inode_') or event['operation'] in OP_TYPE_FILE_OR_NET_2 ):
# file or network event?
if event['family'] and event['protocol'] and event['sock_type']:
# 'unix' events also use keywords like 'connect', but protocol is 0 and should therefore be filtered out
return True
elif event['denied_mask']:
return True
else:
raise AppArmorException('unknown file or network event type')
else:
return 'unknown'
def op_type_3a(event):
"""Returns the operation type if known, unkown otherwise"""
if ( event['operation'].startswith('file_') or event['operation'].startswith('inode_') or event['operation'] in OP_TYPE_FILE_OR_NET_3 ):
# file or network event?
if event['family'] and event['protocol'] and event['sock_type']:
# 'unix' events also use keywords like 'connect', but protocol is 0 and should therefore be filtered out
return True
elif event['denied_mask']:
return True
else:
raise AppArmorException('unknown file or network event type')
else:
return 'unknown'
def op_type_1b(event):
"""Returns the operation type if known, unkown otherwise"""
OP_TYPE_FILE_OR_NET = [
# Note: op_type() also uses some startswith() checks which are not listed here!
'create',
'post_create',
'bind',
'connect',
'listen',
'accept', 'sendmsg',
'recvmsg',
'getsockname',
'getpeername',
'getsockopt',
'setsockopt',
'socket_create',
'sock_shutdown',
'open',
'truncate',
'mkdir',
'mknod',
'chmod',
'chown',
'rename_src',
'rename_dest',
'unlink',
'rmdir',
'symlink_create',
'link',
'sysctl',
'getattr',
'setattr',
'xattr',
]
if ( event['operation'].startswith('file_') or event['operation'].startswith('inode_') or event['operation'] in OP_TYPE_FILE_OR_NET ):
# file or network event?
if event['family'] and event['protocol'] and event['sock_type']:
# 'unix' events also use keywords like 'connect', but protocol is 0 and should therefore be filtered out
return True
elif event['denied_mask']:
return True
else:
raise AppArmorException('unknown file or network event type')
else:
return 'unknown'
def op_type_2b(event):
"""Returns the operation type if known, unkown otherwise"""
OP_TYPE_FILE_OR_NET = (
# Note: op_type() also uses some startswith() checks which are not listed here!
'create',
'post_create',
'bind',
'connect',
'listen',
'accept', 'sendmsg',
'recvmsg',
'getsockname',
'getpeername',
'getsockopt',
'setsockopt',
'socket_create',
'sock_shutdown',
'open',
'truncate',
'mkdir',
'mknod',
'chmod',
'chown',
'rename_src',
'rename_dest',
'unlink',
'rmdir',
'symlink_create',
'link',
'sysctl',
'getattr',
'setattr',
'xattr',
)
if ( event['operation'].startswith('file_') or event['operation'].startswith('inode_') or event['operation'] in OP_TYPE_FILE_OR_NET ):
# file or network event?
if event['family'] and event['protocol'] and event['sock_type']:
# 'unix' events also use keywords like 'connect', but protocol is 0 and should therefore be filtered out
return True
elif event['denied_mask']:
return True
else:
raise AppArmorException('unknown file or network event type')
else:
return 'unknown'
def op_type_3b(event):
"""Returns the operation type if known, unkown otherwise"""
OP_TYPE_FILE_OR_NET = {
# Note: op_type() also uses some startswith() checks which are not listed here!
'create',
'post_create',
'bind',
'connect',
'listen',
'accept', 'sendmsg',
'recvmsg',
'getsockname',
'getpeername',
'getsockopt',
'setsockopt',
'socket_create',
'sock_shutdown',
'open',
'truncate',
'mkdir',
'mknod',
'chmod',
'chown',
'rename_src',
'rename_dest',
'unlink',
'rmdir',
'symlink_create',
'link',
'sysctl',
'getattr',
'setattr',
'xattr',
}
if ( event['operation'].startswith('file_') or event['operation'].startswith('inode_') or event['operation'] in OP_TYPE_FILE_OR_NET ):
# file or network event?
if event['family'] and event['protocol'] and event['sock_type']:
# 'unix' events also use keywords like 'connect', but protocol is 0 and should therefore be filtered out
return True
elif event['denied_mask']:
return True
else:
raise AppArmorException('unknown file or network event type')
else:
return 'unknown'
dummy_event = {
'operation': 'unlink',
'family': 1,
'protocol': 1,
'sock_type': 1,
}
start = time.time()
for i in range(10000000):
op_type_1a(dummy_event)
print (time.time() - start)
start = time.time()
for i in range(10000000):
op_type_1b(dummy_event)
print (time.time() - start)
start = time.time()
for i in range(10000000):
op_type_2a(dummy_event)
print (time.time() - start)
start = time.time()
for i in range(10000000):
op_type_2b(dummy_event)
print (time.time() - start)
start = time.time()
for i in range(10000000):
op_type_3a(dummy_event)
print (time.time() - start)
start = time.time()
for i in range(10000000):
op_type_3b(dummy_event)
print (time.time() - start)
# py3, 10000000 runs
# 8.307217836380005 [] external
# 10.27099061012268 [] inside fn
# 8.679117918014526 () external
# 8.529818296432495 () inside fn
# 5.454639196395874 {} external
# 14.80267071723938 {} inside fn
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
