summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-07-26 13:43:31 +0200
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-07-30 07:47:39 +0000
commitebac16ea3f242c0a5a35d38b65e549130db7b763 (patch)
tree8f18aea528d20cb814f8dc66a907aad102e1ef3c
parenta05251f766c68fbff506bc01f6c095350f904bb7 (diff)
downloadvyos-1x-ebac16ea3f242c0a5a35d38b65e549130db7b763.tar.gz
vyos-1x-ebac16ea3f242c0a5a35d38b65e549130db7b763.zip
vrf: T6603: improve code runtime when retrieving info from nftables vrf zonemergify/bp/circinus/pr-3883
(cherry picked from commit 31acb42ecdf4ecf0f636f831f42a845b8a00d367)
-rwxr-xr-xsrc/conf_mode/vrf.py7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index 33ef70559..72b178c89 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -273,6 +273,7 @@ def apply(vrf):
if not has_rule(afi, 2000, 'l3mdev'):
call(f'ip {afi} rule add pref 2000 l3mdev unreachable')
+ nft_vrf_zone_rule_setup = False
for name, config in vrf['name'].items():
table = config['table']
if not interface_exists(name):
@@ -311,8 +312,12 @@ def apply(vrf):
nft_add_element = f'add element inet vrf_zones ct_iface_map {{ "{name}" : {table} }}'
cmd(f'nft {nft_add_element}')
+ # Only call into nftables as long as there is nothing setup to avoid wasting
+ # CPU time and thus lenghten the commit process
+ if not nft_vrf_zone_rule_setup:
+ nft_vrf_zone_rule_setup = is_nft_vrf_zone_rule_setup()
# Install nftables conntrack rules only once
- if vrf['conntrack'] and not is_nft_vrf_zone_rule_setup():
+ if vrf['conntrack'] and not nft_vrf_zone_rule_setup:
for chain, rule in nftables_rules.items():
cmd(f'nft add rule inet vrf_zones {chain} {rule}')