e31c9fd3fe
One of two patches that fixes bug #1194438. In the iptables firewall driver, each port method (update_port_filter, prepare_port_filter, remove_port_filter) makes O(N) calls, where N=len(firewall.ports), to IptablesManager methods that update dozens of data structures. When the firewall methods are called in sequence, e.g., by SecurityGroupAgentRpcMixin, the calls to IptablesManager's methods start to add up. This patch changes IptablesFirewallDriver to defer and coalesce calls to IptablesManager. Now a sequence of M port method calls results in O(N) calls to IptablesManager methods instead of O(N*M) as before. Change-Id: If17eeaec197beae8b8aecffca1f19d4535a7226e
43 KiB
43 KiB