github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reuse buffer for getting iptables contents

Browse Source
This commit is contained in:
Wojciech Tyczynski 2017-05-18 11:55:43 +02:00
parent bcfae7e1ed
commit 5464c39333
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/proxy/iptables/proxier.go
View File

@ -302,6 +302,10 @@ type Proxier struct {
recorder record.EventRecorder recorder record.EventRecorder
healthChecker healthcheck.Server healthChecker healthcheck.Server
healthzServer healthcheck.HealthzUpdater healthzServer healthcheck.HealthzUpdater
// The following buffers are used to reuse memory and avoid allocations
// that are significantly impacting performance.
iptablesLines *bytes.Buffer
} }
type localPort struct { type localPort struct {
@ -417,6 +421,7 @@ func NewProxier(ipt utiliptables.Interface,
recorder: recorder, recorder: recorder,
healthChecker: healthChecker, healthChecker: healthChecker,
healthzServer: healthzServer, healthzServer: healthzServer,
iptablesLines: bytes.NewBuffer(nil),
}, nil }, nil
} }
@ -976,19 +981,21 @@ func (proxier *Proxier) syncProxyRules(reason syncReason) {
// Get iptables-save output so we can check for existing chains and rules. // Get iptables-save output so we can check for existing chains and rules.
// This will be a map of chain name to chain with rules as stored in iptables-save/iptables-restore // This will be a map of chain name to chain with rules as stored in iptables-save/iptables-restore
existingFilterChains := make(map[utiliptables.Chain]string) existingFilterChains := make(map[utiliptables.Chain]string)
iptablesSaveRaw, err := proxier.iptables.Save(utiliptables.TableFilter) proxier.iptablesLines.Reset()
err := proxier.iptables.SaveInto(utiliptables.TableFilter, proxier.iptablesLines)
if err != nil { // if we failed to get any rules if err != nil { // if we failed to get any rules
glog.Errorf("Failed to execute iptables-save, syncing all rules: %v", err) glog.Errorf("Failed to execute iptables-save, syncing all rules: %v", err)
} else { // otherwise parse the output } else { // otherwise parse the output
existingFilterChains = utiliptables.GetChainLines(utiliptables.TableFilter, iptablesSaveRaw) existingFilterChains = utiliptables.GetChainLines(utiliptables.TableFilter, proxier.iptablesLines.Bytes())
} }
existingNATChains := make(map[utiliptables.Chain]string) existingNATChains := make(map[utiliptables.Chain]string)
iptablesSaveRaw, err = proxier.iptables.Save(utiliptables.TableNAT) proxier.iptablesLines.Reset()
err = proxier.iptables.SaveInto(utiliptables.TableNAT, proxier.iptablesLines)
if err != nil { // if we failed to get any rules if err != nil { // if we failed to get any rules
glog.Errorf("Failed to execute iptables-save, syncing all rules: %v", err) glog.Errorf("Failed to execute iptables-save, syncing all rules: %v", err)
} else { // otherwise parse the output } else { // otherwise parse the output
existingNATChains = utiliptables.GetChainLines(utiliptables.TableNAT, iptablesSaveRaw) existingNATChains = utiliptables.GetChainLines(utiliptables.TableNAT, proxier.iptablesLines.Bytes())
} }
filterChains := bytes.NewBuffer(nil) filterChains := bytes.NewBuffer(nil)

2
pkg/proxy/iptables/proxier_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package iptables package iptables
import ( import (
"bytes"
"reflect" "reflect"
"strconv" "strconv"
"testing" "testing"
@ -394,6 +395,7 @@ func NewFakeProxier(ipt utiliptables.Interface) *Proxier {
portsMap: make(map[localPort]closeable), portsMap: make(map[localPort]closeable),
portMapper: &fakePortOpener{[]*localPort{}}, portMapper: &fakePortOpener{[]*localPort{}},
healthChecker: newFakeHealthChecker(), healthChecker: newFakeHealthChecker(),
iptablesLines: bytes.NewBuffer(nil),
} }
} }