func (svc *service) startRejecting(s *model.Service) (serviceState, error) {
log.Info("rejecting service: ", s.Summary())
rule := []interface{}{
"-p", "tcp",
"-d", s.IP,
"--dport", s.Port,
"-j", "REJECT",
}
err := svc.ipTables.addRule("filter", rule)
if err != nil {
return nil, err
}
return rejecting(func() {
svc.ipTables.deleteRule("filter", rule)
}), nil
}
func (fc forwardingConfig) start(svc *model.Service) (serviceState, error) {
log.Info("forwarding service: ", svc.Summary())
ip, err := bridgeIP(fc.bridge)
if err != nil {
return nil, err
}
listener, err := net.ListenTCP("tcp", &net.TCPAddr{IP: ip})
if err != nil {
return nil, err
}
success := false
defer func() {
if !success {
listener.Close()
}
}()
rule := []interface{}{
"-p", "tcp",
"-d", svc.IP,
"--dport", svc.Port,
"-j", "DNAT",
"--to-destination", listener.Addr(),
}
err = fc.ipTables.addRule("nat", rule)
if err != nil {
return nil, err
}
fwd := &forwarding{
forwardingConfig: fc,
rule: rule,
listener: listener,
Service: svc,
}
fwd.chooseShim()
go fwd.run()
success = true
return fwd, nil
}
func (fwd *forwarding) update(svc *model.Service) (bool, error) {
if len(svc.Instances) == 0 {
return false, nil
}
fwd.lock.Lock()
defer fwd.lock.Unlock()
if svc.Equal(fwd.Service) {
return true, nil
}
if !svc.IP.Equal(fwd.Service.IP) || svc.Port != fwd.Service.Port {
return false, nil
}
log.Info("forwarding service: ", svc.Summary())
fwd.Service = svc
fwd.chooseShim()
return true, nil
}