fix(nm): release NM client after a timeout

libnm will accumulate a bunch of data, e.g. routes, that is irrelevant to firewalld. To avoid unbound growth in memory we can destroy the client and reinitialize it when we query NM. Fixes: firewalld#1232
Fisiu · Nov 22, 2023 · eb76e2a · eb76e2a
1 parent ed8222c
commit eb76e2a
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/src/firewall/core/fw_nm.py b/src/firewall/core/fw_nm.py
@@ -22,6 +22,7 @@
     except (ImportError, ValueError, GLib.Error):
         _nm_imported = False
 _nm_client = None
+_nm_client_timeout = None
 
 from firewall import errors
 from firewall.errors import FirewallError
@@ -46,9 +47,28 @@ def nm_get_client():
     """Returns the NM client object or None if the import of NM failed
     @return NM.Client instance if import was successful, None otherwise
     """
+
+    def _release():
+        """
+        Release the client to avoid excess memory usage when libnm pushes
+        irrelevant (to firewalld) updates.
+        """
+        global _nm_client
+        global _nm_client_timeout
+        _nm_client = None
+        _nm_client_timeout = None
+
     global _nm_client
+    global _nm_client_timeout
+
     if not _nm_client:
         _nm_client = NM.Client.new(None)
+    else:
+        # refresh timer
+        GLib.source_remove(_nm_client_timeout)
+
+    _nm_client_timeout = GLib.timeout_add_seconds(5, _release)
+
     return _nm_client