As the number of ports per default security group increases, the
number of iptables entries on the Compute Node grows. Because of
this, there is a gradual increase in the time taken to apply chains
and rules.
Currently we are using list comprehensions to find if a new chain or
rule matches an existing one. Instead, walk through the list in
reverse to find a matching entry.
Added a new method, _find_last_entry(), to return the entry we are
searching for.
Reviewed: https:/ /review. openstack. org/98692 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=6fd5a20132e 1327913c0a00997 81a903f37c3ee9
Committed: https:/
Submitter: Jenkins
Branch: stable/icehouse
commit 6fd5a20132e1327 913c0a0099781a9 03f37c3ee9
Author: Sudhakar <email address hidden>
Date: Mon Mar 3 15:35:20 2014 +0530
Improve iptables_manager _modify_rules() method
As the number of ports per default security group increases, the
number of iptables entries on the Compute Node grows. Because of
this, there is a gradual increase in the time taken to apply chains
and rules.
Currently we are using list comprehensions to find if a new chain or
rule matches an existing one. Instead, walk through the list in
reverse to find a matching entry.
Added a new method, _find_last_entry(), to return the entry we are
searching for.
Change-Id: I3585479ffa00be 556b8b21dc9dbd6 b36ad37f4de c09f04978e4fce3 0d6ee6350c)
Closes-Bug: #1302272
Related-Bug: #1253993
(cherry picked from commit 0c202ab3e453e38