bridge, spoof check: remove drop rule index

Rules are appendend by default, thus using an index is redundant. Using an index also requires the full NFT cache, which causes a CNI ADD to be extremely slow. Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
containernetworking · Apr 4, 2023 · f117c7c · f117c7c
1 parent 63235a2
commit f117c7c
Showing 1 changed file with 0 additions and 2 deletions.
diff --git a/pkg/link/spoofcheck.go b/pkg/link/spoofcheck.go
@@ -195,12 +195,10 @@ func (sc *SpoofChecker) matchMacRule(chain string) *schema.Rule {
 }
 
 func (sc *SpoofChecker) dropRule(chain string) *schema.Rule {
-	macRulesIndex := nft.NewRuleIndex()
 	return &schema.Rule{
 		Family: schema.FamilyBridge,
 		Table:  natTableName,
 		Chain:  chain,
-		Index:  macRulesIndex.Next(),
 		Expr: []schema.Statement{
 			{Verdict: schema.Verdict{SimpleVerdict: schema.SimpleVerdict{Drop: true}}},
 		},