func waitStart(pChan <-chan netfilter.NFPacket, chanId uint16, waitChan chan<- uint16, hostIp string) {
for true {
p := <-pChan
id, err := identifierForPacket(p)
if err != nil {
fmt.Println(err)
p.SetVerdict(netfilter.NF_ACCEPT)
waitChan <- chanId
continue
}
cInfo, err := systemd.Connection().GetUnitProperties(id.UnitNameFor())
if err != nil || cInfo["ActiveState"] != "active" {
//TODO: Placeholder for container start detection
fmt.Println("Waiting for application to start")
time.Sleep(time.Second * 5)
fmt.Println("Application started")
iptables.UnidleContainer(id, hostIp)
}
p.SetVerdict(netfilter.NF_ACCEPT)
waitChan <- chanId
}
}
func (idler *Idler) idleContainer(id containers.Identifier) {
portPairs, err := containers.GetExistingPorts(id)
if err != nil {
fmt.Printf("IDLE: Error retrieving ports for container: %v", id)
return
}
iptablePorts, err := iptables.GetIdlerRules(id)
if err != nil {
fmt.Printf("IDLE: Error retrieving ports from iptables: %v", id)
return
}
shouldRecreateRules := false
for _, portPair := range portPairs {
extPort := strconv.Itoa(int(portPair.External))
shouldRecreateRules = shouldRecreateRules || !iptablePorts[extPort]
}
if !shouldRecreateRules {
return
}
//TODO: Ask geard to idle container
fmt.Printf("Stopping container %v\n", id)
if err := systemd.Connection().StopUnitJob(id.UnitNameFor(), "fail"); err != nil {
fmt.Printf("idle: Could not stop container %s: %v", id.UnitNameFor(), err)
return
}
iptables.IdleContainer(id, idler.hostIp)
}
func (idler *Idler) unidleContainer(id containers.Identifier, p netfilter.NFPacket) {
newChanId, wasAlreadyAssigned := idler.getAvailableWaiter(id)
if newChanId == 0 {
fmt.Println("unidle: Error while finding wait channel")
return
}
if !wasAlreadyAssigned {
//TODO: Ask geard to unidle container
fmt.Printf("Starting container %v\n", id)
if err := systemd.Connection().StartUnitJob(id.UnitNameFor(), "fail"); err != nil {
fmt.Printf("unidle: Could not start container %s: %v", id.UnitNameFor(), err)
p.SetVerdict(netfilter.NF_ACCEPT)
return
}
}
p.SetRequeueVerdict(newChanId)
}