Merge "Improve performance of _modify_rules"

2016-12-02 04:00:01 +00:00 · 2016-12-02 04:00:01 +00:00 · 43b66c7f24
parent b511d5c6ff e83d07d00a
commit 43b66c7f24
1 changed files with 7 additions and 7 deletions
--- a/neutron/agent/linux/iptables_manager.py
+++ b/neutron/agent/linux/iptables_manager.py
@ -561,11 +561,17 @@ class IptablesManager(object):
        # Sort the output chains here to make their order predictable.
        unwrapped_chains = sorted(table.unwrapped_chains)
        chains = sorted(table.chains)
+        rules = set(map(str, table.rules))

        # we don't want to change any rules that don't belong to us so we start
        # the new_filter with these rules
+        # there are some rules that belong to us but they don't have the wrap
+        # name. we want to add them in the right location in case our new rules
+        # changed the order
+        # (e.g. '-A FORWARD -j neutron-filter-top')
        new_filter = [line.strip() for line in current_lines
-                      if self.wrap_name not in line]
+                      if self.wrap_name not in line and
+                      line.strip() not in rules]

        # generate our list of chain names
        our_chains = [':%s-%s' % (self.wrap_name, name) for name in chains]
@ -580,12 +586,6 @@ class IptablesManager(object):
        our_bottom_rules = []
        for rule in table.rules:
            rule_str = str(rule)
-            # similar to the unwrapped chains, there are some rules that belong
-            # to us but they don't have the wrap name. we want to remove them
-            # from the new_filter and then add them in the right location in
-            # case our new rules changed the order.
-            # (e.g. '-A FORWARD -j neutron-filter-top')
-            new_filter = [s for s in new_filter if rule_str not in s]

            if rule.top:
                # rule.top == True means we want this rule to be at the top.