The code to find the matching entry was scanning through a
list of all rules for every rule. This became extremely slow
as the number of rules became large, leading to long delays
waiting for firewall rules to be applied.
This patch switches to the use of a dictionary so the cost
becomes a hash lookup instead of a list scan.
Reviewed: https:/ /review. fuel-infra. org/9535 ci/fuel- 7.0/2015. 1.0
Submitter: mos-infra-ci <>
Branch: openstack-
Commit: 65c8910beb6a731 f486aaaf7d5a0dd 997f845bb5
Author: Kevin Benton <email address hidden>
Date: Fri Jul 17 14:54:41 2015
Switch to dictionary for iptables find
The code to find the matching entry was scanning through a
list of all rules for every rule. This became extremely slow
as the number of rules became large, leading to long delays
waiting for firewall rules to be applied.
This patch switches to the use of a dictionary so the cost
becomes a hash lookup instead of a list scan.
(Cherry-picked from https:/ /review. openstack. org/#/c/ 184318)
Closes-Bug: #1453264 066c966c252cadc 8ed1d08f686
Closes-Bug: #1455675
Closes-Bug: #1399168
Change-Id: I1e6fe5e50b9c13