Skip to content

Commit 0a01e82

Browse files
author
kollyma
committed
speedup iptables by prefetching the variables
1 parent 2d68893 commit 0a01e82

File tree

1 file changed

+21
-16
lines changed

1 file changed

+21
-16
lines changed

systemvm/patches/debian/config/opt/cloud/bin/configure.py

Lines changed: 21 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -775,66 +775,71 @@ def processForwardRule(self, rule):
775775
self.forward_vr(rule)
776776

777777
def forward_vr(self, rule):
778+
#prefetch iptables variables
779+
public_fwinterface = self.getDeviceByIp(rule['public_ip'])
780+
internal_fwinterface = self.getDeviceByIp(rule['internal_ip'])
781+
public_fwports = self.portsToString(rule['public_ports'], ':')
782+
internal_fwports = self.portsToString(rule['internal_ports'], '-')
778783
fw1 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \
779784
(
780785
rule['public_ip'],
781-
self.getDeviceByIp(rule['public_ip']),
786+
public_fwinterface,
782787
rule['protocol'],
783788
rule['protocol'],
784-
self.portsToString(rule['public_ports'], ':'),
789+
public_fwports,
785790
rule['internal_ip'],
786-
self.portsToString(rule['internal_ports'], '-')
791+
internal_fwports
787792
)
788793
fw2 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \
789794
(
790795
rule['public_ip'],
791-
self.getDeviceByIp(rule['internal_ip']),
796+
internal_fwinterface,
792797
rule['protocol'],
793798
rule['protocol'],
794-
self.portsToString(rule['public_ports'], ':'),
799+
public_fwports,
795800
rule['internal_ip'],
796-
self.portsToString(rule['internal_ports'], '-')
801+
internal_fwports
797802
)
798803
fw3 = "-A OUTPUT -d %s/32 -p %s -m %s --dport %s -j DNAT --to-destination %s:%s" % \
799804
(
800805
rule['public_ip'],
801806
rule['protocol'],
802807
rule['protocol'],
803-
self.portsToString(rule['public_ports'], ':'),
808+
public_fwports,
804809
rule['internal_ip'],
805-
self.portsToString(rule['internal_ports'], '-')
810+
internal_fwports
806811
)
807812
fw4 = "-j SNAT --to-source %s -A POSTROUTING -s %s -d %s/32 -o %s -p %s -m %s --dport %s" % \
808813
(
809814
self.getGuestIp(),
810815
self.getNetworkByIp(rule['internal_ip']),
811816
rule['internal_ip'],
812-
self.getDeviceByIp(rule['internal_ip']),
817+
internal_fwinterface,
813818
rule['protocol'],
814819
rule['protocol'],
815820
self.portsToString(rule['internal_ports'], ':')
816821
)
817822
fw5 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -j MARK --set-xmark %s/0xffffffff" % \
818823
(
819824
rule['public_ip'],
820-
self.getDeviceByIp(rule['public_ip']),
825+
public_fwinterface,
821826
rule['protocol'],
822827
rule['protocol'],
823-
self.portsToString(rule['public_ports'], ':'),
824-
hex(int(self.getDeviceByIp(rule['public_ip'])[3:]))
828+
public_fwports,
829+
hex(int(public_fwinterface[3:]))
825830
)
826831
fw6 = "-A PREROUTING -d %s/32 -i %s -p %s -m %s --dport %s -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \
827832
(
828833
rule['public_ip'],
829-
self.getDeviceByIp(rule['public_ip']),
834+
public_fwinterface,
830835
rule['protocol'],
831836
rule['protocol'],
832-
self.portsToString(rule['public_ports'], ':'),
837+
public_fwports,
833838
)
834839
fw7 = "-A FORWARD -i %s -o %s -p %s -m %s --dport %s -m state --state NEW,ESTABLISHED -j ACCEPT" % \
835840
(
836-
self.getDeviceByIp(rule['public_ip']),
837-
self.getDeviceByIp(rule['internal_ip']),
841+
public_fwinterface,
842+
internal_fwinterface,
838843
rule['protocol'],
839844
rule['protocol'],
840845
self.portsToString(rule['internal_ports'], ':')

0 commit comments

Comments
 (0)