Skip to content

Commit 84b3889

Browse files
committed
Merge remote-tracking branch 'origin/pr/595'
* origin/pr/595: chore(network-agent): consistently memoize ip_address stringification perf(network-agent): use cycle instead of manually doubling nameserver list for zip Pull request description: - I guess the existing memoization of `dns_` is for efficiency reasons? This uses the same pattern for the other `ip_address` instance in the string `vm_nameserver`. If nothing else it makes it more consistent. - Use `itertools.cycle` instead of list-doubling to match up `zip` side lengths. - Broken out from #592
2 parents 9311abb + 7014a24 commit 84b3889

1 file changed

Lines changed: 8 additions & 8 deletions

File tree

network/qubes-setup-dnat-to-ns

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121

2222
from __future__ import annotations
2323

24+
from itertools import cycle
2425
import subprocess
2526
import sys
2627

@@ -110,19 +111,18 @@ def install_firewall_rules(dns):
110111
# Or maybe user wants to enforce DNS-Over-HTTPS.
111112
# Drop IPv4 DNS requests to qubesdb_dns addresses.
112113
for vm_nameserver in qubesdb_dns:
114+
vm_ns_ = str(vm_nameserver)
113115
rules += [
114-
f"ip daddr {vm_nameserver} udp dport 53 drop",
115-
f"ip daddr {vm_nameserver} tcp dport 53 drop",
116+
f"ip daddr {vm_ns_} udp dport 53 drop",
117+
f"ip daddr {vm_ns_} tcp dport 53 drop",
116118
]
117119
else:
118-
while len(qubesdb_dns) > len(dns_resolved):
119-
# Ensure that upstream DNS pool is larger than qubesdb_dns pool
120-
dns_resolved = dns_resolved + dns_resolved
121-
for vm_nameserver, dest in zip(qubesdb_dns, dns_resolved):
120+
for vm_nameserver, dest in zip(qubesdb_dns, cycle(dns_resolved)):
121+
vm_ns_ = str(vm_nameserver)
122122
dns_ = str(dest)
123123
rules += [
124-
f"ip daddr {vm_nameserver} udp dport 53 dnat to {dns_}",
125-
f"ip daddr {vm_nameserver} tcp dport 53 dnat to {dns_}",
124+
f"ip daddr {vm_ns_} udp dport 53 dnat to {dns_}",
125+
f"ip daddr {vm_ns_} tcp dport 53 dnat to {dns_}",
126126
]
127127
rules += ["}", "}"]
128128

0 commit comments

Comments
 (0)