apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

speedup iptables by prefetching the variables

Browse Source
This commit is contained in:
kollyma 2016-04-11 20:58:03 +02:00
parent 2d68893ee6
commit 0a01e82c23
1 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
systemvm/patches/debian/config/opt/cloud/bin/configure.py
View File

@ -775,41 +775,46 @@ class CsForwardingRules(CsDataBag):
self.forward_vr(rule)
def forward_vr(self, rule):
#prefetch iptables variables
public_fwinterface = self.getDeviceByIp(rule['public_ip'])
internal_fwinterface = self.getDeviceByIp(rule['internal_ip'])
public_fwports = self.portsToString(rule['public_ports'], ':')
internal_fwports = self.portsToString(rule['internal_ports'], '-')
fw1 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \
(
rule['public_ip'],
self.getDeviceByIp(rule['public_ip']),
public_fwinterface,
rule['protocol'],
rule['protocol'],
self.portsToString(rule['public_ports'], ':'),
public_fwports,
rule['internal_ip'],
self.portsToString(rule['internal_ports'], '-')
internal_fwports
)
fw2 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \
(
rule['public_ip'],
self.getDeviceByIp(rule['internal_ip']),
internal_fwinterface,
rule['protocol'],
rule['protocol'],
self.portsToString(rule['public_ports'], ':'),
public_fwports,
rule['internal_ip'],
self.portsToString(rule['internal_ports'], '-')
internal_fwports
)
fw3 = "-A OUTPUT -d %s/32 -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \
(
rule['public_ip'],
rule['protocol'],
rule['protocol'],
self.portsToString(rule['public_ports'], ':'),
public_fwports,
rule['internal_ip'],
self.portsToString(rule['internal_ports'], '-')
internal_fwports
)
fw4 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \
(
self.getGuestIp(),
self.getNetworkByIp(rule['internal_ip']),
rule['internal_ip'],
self.getDeviceByIp(rule['internal_ip']),
internal_fwinterface,
rule['protocol'],
rule['protocol'],
self.portsToString(rule['internal_ports'], ':')
@ -817,24 +822,24 @@ class CsForwardingRules(CsDataBag):
fw5 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j MARK --set-xmark %s/0xffffffff" % \
(
rule['public_ip'],
self.getDeviceByIp(rule['public_ip']),
public_fwinterface,
rule['protocol'],
rule['protocol'],
self.portsToString(rule['public_ports'], ':'),
hex(int(self.getDeviceByIp(rule['public_ip'])[3:]))
public_fwports,
hex(int(public_fwinterface[3:]))
)
fw6 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \
(
rule['public_ip'],
self.getDeviceByIp(rule['public_ip']),
public_fwinterface,
rule['protocol'],
rule['protocol'],
self.portsToString(rule['public_ports'], ':'),
public_fwports,
)
fw7 = "-A FORWARD -i %s -o %s -p %s -m %s --dport %s -m state --state NEW,ESTABLISHED -j ACCEPT" % \
(
self.getDeviceByIp(rule['public_ip']),
self.getDeviceByIp(rule['internal_ip']),
public_fwinterface,
internal_fwinterface,
rule['protocol'],
rule['protocol'],
self.portsToString(rule['internal_ports'], ':')