-
Notifications
You must be signed in to change notification settings - Fork 51
/
ipsets.go
57 lines (45 loc) · 1.23 KB
/
ipsets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package iptablesctrl
import (
"fmt"
"github.com/bvandewalle/go-ipset/ipset"
"go.uber.org/zap"
)
// updateTargetNetworks updates the set of target networks. Tries to minimize
// read/writes to the ipset structures
func (i *Instance) updateTargetNetworks(old, new []string) error {
deleteMap := map[string]bool{}
for _, net := range old {
deleteMap[net] = true
}
for _, net := range new {
if _, ok := deleteMap[net]; ok {
deleteMap[net] = false
continue
}
if err := i.targetSet.Add(net, 0); err != nil {
return fmt.Errorf("Failed to update target set")
}
}
for net, delete := range deleteMap {
if delete {
if err := i.targetSet.Del(net); err != nil {
zap.L().Debug("Failed to remove network from set")
}
}
}
return nil
}
// createTargetSet creates a new target set
func (i *Instance) createTargetSet(networks []string) error {
ips, err := i.ipset.NewIpset(targetNetworkSet, "hash:net", &ipset.Params{})
if err != nil {
return fmt.Errorf("Couldn't create IPSet for %s: %s", targetNetworkSet, err)
}
i.targetSet = ips
for _, net := range networks {
if err := i.targetSet.Add(net, 0); err != nil {
return fmt.Errorf("Error adding ip %s to target networks IPSet: %s", net, err)
}
}
return nil
}