etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge release branch 4.8 to master 

* 4.8:
  speedup iptables by prefetching the variables
This commit is contained in:
Will Stevens 2016-04-12 10:11:08 -04:00
parent f313facb87 f8e71b0235
commit 0dcaf197b4
1 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
systemvm/patches/debian/config/opt/cloud/bin/configure.py
View File

@ -775,41 +775,46 @@ class CsForwardingRules(CsDataBag):
self.forward_vr(rule) self.forward_vr(rule)
def forward_vr(self, rule): def forward_vr(self, rule):
#prefetch iptables variables
public_fwinterface = self.getDeviceByIp(rule['public_ip'])
internal_fwinterface = self.getDeviceByIp(rule['internal_ip'])
public_fwports = self.portsToString(rule['public_ports'], ':')
internal_fwports = self.portsToString(rule['internal_ports'], '-')
fw1 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ fw1 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \
( (
rule['public_ip'], rule['public_ip'],
self.getDeviceByIp(rule['public_ip']), public_fwinterface,
rule['protocol'], rule['protocol'],
rule['protocol'], rule['protocol'],
self.portsToString(rule['public_ports'], ':'), public_fwports,
rule['internal_ip'], rule['internal_ip'],
self.portsToString(rule['internal_ports'], '-') internal_fwports
) )
fw2 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ fw2 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \
( (
rule['public_ip'], rule['public_ip'],
self.getDeviceByIp(rule['internal_ip']), internal_fwinterface,
rule['protocol'], rule['protocol'],
rule['protocol'], rule['protocol'],
self.portsToString(rule['public_ports'], ':'), public_fwports,
rule['internal_ip'], rule['internal_ip'],
self.portsToString(rule['internal_ports'], '-') internal_fwports
) )
fw3 = "-A OUTPUT -d %s/32 -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \ fw3 = "-A OUTPUT -d %s/32 -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \
( (
rule['public_ip'], rule['public_ip'],
rule['protocol'], rule['protocol'],
rule['protocol'], rule['protocol'],
self.portsToString(rule['public_ports'], ':'), public_fwports,
rule['internal_ip'], rule['internal_ip'],
self.portsToString(rule['internal_ports'], '-') internal_fwports
) )
fw4 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \ fw4 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \
( (
self.getGuestIp(), self.getGuestIp(),
self.getNetworkByIp(rule['internal_ip']), self.getNetworkByIp(rule['internal_ip']),
rule['internal_ip'], rule['internal_ip'],
self.getDeviceByIp(rule['internal_ip']), internal_fwinterface,
rule['protocol'], rule['protocol'],
rule['protocol'], rule['protocol'],
self.portsToString(rule['internal_ports'], ':') self.portsToString(rule['internal_ports'], ':')
@ -817,24 +822,24 @@ class CsForwardingRules(CsDataBag):
fw5 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j MARK --set-xmark %s/0xffffffff" % \ fw5 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j MARK --set-xmark %s/0xffffffff" % \
( (
rule['public_ip'], rule['public_ip'],
self.getDeviceByIp(rule['public_ip']), public_fwinterface,
rule['protocol'], rule['protocol'],
rule['protocol'], rule['protocol'],
self.portsToString(rule['public_ports'], ':'), public_fwports,
hex(int(self.getDeviceByIp(rule['public_ip'])[3:])) hex(int(public_fwinterface[3:]))
) )
fw6 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \ fw6 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \
( (
rule['public_ip'], rule['public_ip'],
self.getDeviceByIp(rule['public_ip']), public_fwinterface,
rule['protocol'], rule['protocol'],
rule['protocol'], rule['protocol'],
self.portsToString(rule['public_ports'], ':'), public_fwports,
) )
fw7 = "-A FORWARD -i %s -o %s -p %s -m %s --dport %s -m state --state NEW,ESTABLISHED -j ACCEPT" % \ fw7 = "-A FORWARD -i %s -o %s -p %s -m %s --dport %s -m state --state NEW,ESTABLISHED -j ACCEPT" % \
( (
self.getDeviceByIp(rule['public_ip']), public_fwinterface,
self.getDeviceByIp(rule['internal_ip']), internal_fwinterface,
rule['protocol'], rule['protocol'],
rule['protocol'], rule['protocol'],
self.portsToString(rule['internal_ports'], ':') self.portsToString(rule['internal_ports'], ':')