xenbits.xensource.com Git - libvirt.git/commit

author	Daniel P. Berrangé <berrange@redhat.com>
	Tue, 21 May 2019 11:40:13 +0000 (12:40 +0100)
committer	Daniel P. Berrangé <berrange@redhat.com>
	Thu, 23 May 2019 15:29:48 +0000 (16:29 +0100)
commit	c6cbe18771c832fba02e8edda250eb67d4afe5a5
tree	fd0f920cbd3e9156d2585460c0cf0ca20ee366d9	tree
parent	3b66bd9aa1bc463f7123f7b966e5c38e72d650f7	commit \| diff

network: delay global firewall setup if no networks are running

Creating firewall rules for the virtual networks causes the kernel to
load the conntrack module. This imposes a significant performance
penalty on Linux network traffic. Thus we want to only take that hit if
we actually have virtual networks running.

We need to create global firewall rules during startup in order to
"upgrade" rules for any running networks created by older libvirt.
If no running networks are present though, we can safely delay setup
until the time we actually start a network.

Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

src/network/bridge_driver.c		diff \| blob \| blame \| history
src/network/bridge_driver_linux.c		diff \| blob \| blame \| history
src/network/bridge_driver_nop.c		diff \| blob \| blame \| history
src/network/bridge_driver_platform.h		diff \| blob \| blame \| history
tests/networkxml2firewalldata/base.args	[new file with mode: 0644]	blob
tests/networkxml2firewalltest.c		diff \| blob \| blame \| history