[PATCH 0/2] Introduce chains per network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The previous patch series created separate global libvirt chains for
virtual network rules

This goes further and creates chains per virtual network. The idea is
that when stopping networks, we can just delet the chains, instead of
every individual rule.

Unfortunately creating/deleting/flushing chains appears surprisingly
expensive.

With 100 networks running, this series slows down libvirtd restart
from 13 seconds to 30 seconds :-(

Thus I'm not proposing to continue with this idea unless there's a
more compelling reason to do it.

Daniel P. Berrangé (2):
  util: add support for creating per-network chains
  util: move firewall rules into per network chains

 src/libvirt_private.syms                      |   3 +-
 src/network/bridge_driver_linux.c             |  28 ++-
 src/util/viriptables.c                        | 201 +++++++++++++++---
 src/util/viriptables.h                        |   8 +-
 .../nat-default-linux.args                    | 128 +++++++++--
 .../nat-ipv6-linux.args                       | 144 +++++++++++--
 .../nat-many-ips-linux.args                   | 156 +++++++++++---
 .../nat-no-dhcp-linux.args                    | 142 +++++++++++--
 .../nat-tftp-linux.args                       | 130 +++++++++--
 .../route-default-linux.args                  | 118 +++++++++-
 10 files changed, 901 insertions(+), 157 deletions(-)

-- 
2.19.2

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux