Rules overall, but for zedrouter we need more flexible approach. This didn't matter that much for NIM because it installs only few To even just a single rule required to recreate the whole chain. Previously, iptables chain with all its rules was representedĪs a single config Item (in the dependency graph) and modification pillar/iptables is a common package for all thingsĢ. This is because they willīe also used by Zedrouter for Network Instances (and not just by NIMįor DPCs). The iptables Items + Configurators (reconciler terminilogy) were movedįrom pillar/dpcreconciler to pillar/iptables. This commit makes few improvements/changes wrt. graph and configured by reconciler, just to keep things clean and unified. Some of the always-present custom chains and rules were created outside of the Reconciler, simply by running some iptables commands from within the NIM init() function.With this commit, Chain and Rule are separate Items and config changes are performed efficiently on rule-by-rule basis, without flushing chains. This didn't matter that much for NIM because it installs only few rules overall, but for zedrouter we need more flexible approach. Previously, iptables chain with all its rules was represented as a single config Item (in the dependency graph) and modification to even just a single rule required to recreate the whole chain.pillar/iptables is a common package for all things iptables related. This is because they will be also used by Zedrouter for Network Instances (and not just by NIM for DPCs). The iptables Items + Configurators (reconciler terminilogy) were moved from pillar/dpcreconciler to pillar/iptables.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |