From a6c8718a9788655fff54e5fa20f0cc14de24814b Mon Sep 17 00:00:00 2001 From: Allen <979347228@qq.com> Date: Wed, 11 Jan 2023 15:03:37 +0800 Subject: [PATCH] ToStringSlice will lead to high CPU usage, early conversion can reduce cpu usage --- machine.go | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/machine.go b/machine.go index 41270b21..0b38f52c 100644 --- a/machine.go +++ b/machine.go @@ -194,6 +194,7 @@ func getFilteredByACLPeers( peers := make(map[uint64]Machine) // Aclfilter peers here. We are itering through machines in all namespaces and search through the computed aclRules // for match between rule SrcIPs and DstPorts. If the rule is a match we allow the machine to be viewable. + machineIPs := machine.IPAddresses.ToStringSlice() for _, peer := range machines { if peer.ID == machine.ID { continue @@ -203,22 +204,23 @@ func getFilteredByACLPeers( for _, d := range rule.DstPorts { dst = append(dst, d.IP) } + peerIPs := peer.IPAddresses.ToStringSlice() if matchSourceAndDestinationWithRule( rule.SrcIPs, dst, - machine.IPAddresses.ToStringSlice(), - peer.IPAddresses.ToStringSlice(), + machineIPs, + peerIPs, ) || // match source and destination matchSourceAndDestinationWithRule( rule.SrcIPs, dst, - peer.IPAddresses.ToStringSlice(), - machine.IPAddresses.ToStringSlice(), + peerIPs, + machineIPs, ) || // match return path matchSourceAndDestinationWithRule( rule.SrcIPs, dst, - machine.IPAddresses.ToStringSlice(), + machineIPs, []string{"*"}, ) || // match source and all destination matchSourceAndDestinationWithRule( @@ -231,13 +233,13 @@ func getFilteredByACLPeers( rule.SrcIPs, dst, []string{"*"}, - peer.IPAddresses.ToStringSlice(), + peerIPs, ) || // match source and all destination matchSourceAndDestinationWithRule( rule.SrcIPs, dst, []string{"*"}, - machine.IPAddresses.ToStringSlice(), + machineIPs, ) { // match all sources and source peers[peer.ID] = peer }