diff options
author | Christian Breunig <christian@breunig.cc> | 2024-07-26 13:43:31 +0200 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-07-30 07:47:39 +0000 |
commit | 2cbd1c66276cec855ead81a5b7a19a27b90961bb (patch) | |
tree | e80dd2721cb12f4e946b85f58fd14ddb90780400 /src/conf_mode | |
parent | 6fead781cb16eee0884615134d34edc31aec2705 (diff) | |
download | vyos-1x-2cbd1c66276cec855ead81a5b7a19a27b90961bb.tar.gz vyos-1x-2cbd1c66276cec855ead81a5b7a19a27b90961bb.zip |
vrf: T6603: improve code runtime when retrieving info from nftables vrf zone
(cherry picked from commit 31acb42ecdf4ecf0f636f831f42a845b8a00d367)
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/vrf.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 33ef70559..72b178c89 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -273,6 +273,7 @@ def apply(vrf): if not has_rule(afi, 2000, 'l3mdev'): call(f'ip {afi} rule add pref 2000 l3mdev unreachable') + nft_vrf_zone_rule_setup = False for name, config in vrf['name'].items(): table = config['table'] if not interface_exists(name): @@ -311,8 +312,12 @@ def apply(vrf): nft_add_element = f'add element inet vrf_zones ct_iface_map {{ "{name}" : {table} }}' cmd(f'nft {nft_add_element}') + # Only call into nftables as long as there is nothing setup to avoid wasting + # CPU time and thus lenghten the commit process + if not nft_vrf_zone_rule_setup: + nft_vrf_zone_rule_setup = is_nft_vrf_zone_rule_setup() # Install nftables conntrack rules only once - if vrf['conntrack'] and not is_nft_vrf_zone_rule_setup(): + if vrf['conntrack'] and not nft_vrf_zone_rule_setup: for chain, rule in nftables_rules.items(): cmd(f'nft add rule inet vrf_zones {chain} {rule}') |