Further speed up creating child chains.
Currently createChildChain creates and adds child chains by using
-F -X -N and -A iptables commands. This guarantees that the child
chains are emtpy. are guaranteed to be empty. Therefore, it is
safe to create all the child chains with a single
iptables-restore command that flushes all the child chains and
appends them to the parent chain.
This makes it possible to create chains quickly even if the
parent chain is touched by vendor code and thus cannot be safely
flushed.
This substantially speeds up netd startup. Before:
02-03 12:52:47.786 492 492 I Netd : Creating child chains: 1543.5ms
02-03 12:52:48.103 492 492 I Netd : Netd started in 1929ms
After:
02-03 12:51:46.831 511 511 I Netd : Creating child chains: 672.5ms
02-03 12:51:47.244 511 511 I Netd : Netd started in 1115ms
Test: builds, boots
Test: before/after comparison shows no expected rule changes
Bug: 34873832
Change-Id: I88f4e539d727e3b542cf6f8acd61728cadda972f
1 file changed