Firewall: Aliases / generic MVC - performance improvments, for https://github.com/opnsense/core/issues/7509

refactor service name existence check as getservbyname() seems to be quite slow when large lists of entries need to be validated.
2026-03-14 16:44:39 +00:00 · 2024-06-04 21:04:49 +02:00 · 2024-06-04 21:04:49 +02:00 · edd7a00a39
commit edd7a00a39
parent 112777fb75
2 changed files with 12 additions and 13 deletions
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/Util.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/Util.php
@ -279,20 +279,20 @@ class Util
    }

    /**
-     * cached version of getservbyname()
+     * cached version of getservbyname() existence check
     * @param string $service service name
-     * @param string $protocol protocol name
     * @return boolean
     */
-    private static function getservbyname($service, $protocol)
+    public static function getservbyname($service)
    {
-        if (!isset(self::$servbynames[$protocol])) {
-            self::$servbynames[$protocol] = [];
+        if (empty(self::$servbynames)) {
+            foreach (explode("\n", file_get_contents('/etc/services')) as $line) {
+                if (strlen($line) > 1 && $line[0] != '#') {
+                    self::$servbynames[preg_split('/\s+/', $line)[0]] = true;
+                }
+            }
        }
-        if (!isset(self::$servbynames[$protocol][$service])) {
-            self::$servbynames[$protocol][$service] = getservbyname($service, $protocol);
-        }
-        return self::$servbynames[$protocol][$service];
+        return isset(self::$servbynames[$service]);
    }

    /**
@ -308,7 +308,7 @@ class Util
            if (
                (filter_var($port, FILTER_VALIDATE_INT, array(
                  "options" => array("min_range" => 1, "max_range" => 65535))) === false || !ctype_digit($port)) &&
-                !self::getservbyname($port, "tcp") && !self::getservbyname($port, "udp")
+                !self::getservbyname($port)
            ) {
                return false;
            }
--- a/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasNameField.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasNameField.php
@ -30,6 +30,7 @@ namespace OPNsense\Firewall\FieldTypes;

 use OPNsense\Base\FieldTypes\BaseField;
 use OPNsense\Base\Validators\CallbackValidator;
+use OPNsense\Firewall\Util;

 /**
 * Class AliasNameField
@ -84,9 +85,7 @@ class AliasNameField extends BaseField
                        if (in_array($value, $reservedwords)) {
                            $result[] = gettext('The name cannot be the internally reserved keyword "%s".');
                        }
-                        if (
-                            getservbyname($value, 'tcp') || getservbyname($value, 'udp') || getprotobyname($value)
-                        ) {
+                        if (Util::getservbyname($value) || getprotobyname($value)) {
                            $result[] = gettext('Reserved protocol or service names may not be used');
                        }
                        return $result;