bridge, spoof check: remove drop rule index

containernetworking / plugins

Some reference and example networking plugins, maintained by the CNI team.

Apache License 2.0

2.24k stars 789 forks source link

bridge, spoof check: remove drop rule index #873

Closed maiqueb closed 1 year ago

maiqueb commented 1 year ago

Rules are appendend by default, thus using an index is redundant. Using an index also requires the full NFT cache, which causes a CNI ADD to be extremely slow where there are a lot of chains (~ 10K).

This doesn't improve the CNI ADD times when there are a lot of tables though ...

Addresses BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2173485

maiqueb commented 1 year ago

/cc @mccv1r0 @dougbtv

maiqueb commented 1 year ago

The failed lint error is fixed by #871 ; we should merge it asap.

Let me know if I should rebase it.

maiqueb commented 1 year ago

/retest

mccv1r0 commented 1 year ago

/lgtm