firewaller: added port counter for global mode

worker/firewaller/firewaller.go

Index: worker/firewaller/firewaller.go
=== modified file 'worker/firewaller/firewaller.go'
--- worker/firewaller/firewaller.go	2012-10-01 12:29:05 +0000
+++ worker/firewaller/firewaller.go	2012-10-08 15:40:31 +0000
@@ -3,6 +3,7 @@
 import (
 	"fmt"
 	"launchpad.net/juju-core/environs"
+	"launchpad.net/juju-core/environs/config"
 	"launchpad.net/juju-core/log"
 	"launchpad.net/juju-core/state"
 	"launchpad.net/juju-core/state/watcher"
@@ -22,6 +23,7 @@
 	unitsChange     chan *unitsChange
 	unitds          map[string]*unitData
 	portsChange     chan *portsChange
+	globalPorts     map[state.Port]int
 	serviceds       map[string]*serviceData
 	exposedChange   chan *exposedChange
 }
@@ -36,6 +38,7 @@
 		unitsChange:     make(chan *unitsChange),
 		unitds:          make(map[string]*unitData),
 		portsChange:     make(chan *portsChange),
+		globalPorts:     make(map[state.Port]int),
 		serviceds:       make(map[string]*serviceData),
 		exposedChange:   make(chan *exposedChange),
 	}
@@ -160,6 +163,7 @@
 	}
 	toOpen := diff(want, machined.ports)
 	toClose := diff(machined.ports, want)
+	toOpen, toClose = fw.filterGlobalPorts(toOpen, toClose)
 	machined.ports = want
 
 	// If there's nothing to do, do nothing.
@@ -206,6 +210,33 @@
 	return nil
 }
 
+// filterGlobalPorts checks in case of the global firewall mode, which ports are
+// already open (for opening) and which are still needed (for closing).

[rog, 2012/10/08 16:10:36]

// filterGlobalPorts returns the ports that actually need
// opening and closing, given the ports that have been opened
// and closed on a particular machine.

?

+func (fw *Firewaller) filterGlobalPorts(openIn, closeIn []state.Port) (openOut, closeOut []state.Port) {
+	if fw.environ.Config().FirewallMode() == config.FwDefault {
+		return openIn, closeIn
+	}
+	// Global mode, so filter and count.
+	openOut = []state.Port{}

[rog, 2012/10/08 16:10:36]

d

+	closeOut = []state.Port{}

[rog, 2012/10/08 16:10:36]

d

+	for _, port := range openIn {
+		if fw.globalPorts[port] == 0 {
+			// Open only the first one.

[rog, 2012/10/08 16:10:36]

// The port is not already open.

?

+			openOut = append(openOut, port)
+		}
+		fw.globalPorts[port]++
+	}
+	for _, port := range closeIn {
+		if fw.globalPorts[port] == 1 {

[rog, 2012/10/08 16:10:36]

i'd prefer to see this after the decrement, so it's obvious we're looking for
zero.

+			// Close only the last one.

[rog, 2012/10/08 16:10:36]

// The last reference to the port is gone,
// so close the port globally.

+			closeOut = append(closeOut, port)
+			delete(fw.globalPorts, port)
+		}
+		fw.globalPorts[port]--
+	}
+	return
+}
+
 // machineLifeChanged starts watching new machines when the firewaller
 // is starting, or when new machines come to life, and stops watching
 // machines that are dying.