diff options
| author | Michael Larson <slioch@slioch.vyatta.com> | 2010-07-16 15:19:13 -0700 |
|---|---|---|
| committer | Michael Larson <slioch@slioch.vyatta.com> | 2010-07-16 15:19:13 -0700 |
| commit | 063be62a70d2b15b19cb92a353129652e1682283 (patch) | |
| tree | 485bf10ccd91a32633695caf2566628d698f0c92 | |
| parent | d9bdf5b6ad287716b0a0b72ceb52a86ed59e6cc9 (diff) | |
| download | vyatta-wanloadbalance-063be62a70d2b15b19cb92a353129652e1682283.tar.gz vyatta-wanloadbalance-063be62a70d2b15b19cb92a353129652e1682283.zip | |
fix for bug 5583.
| -rw-r--r-- | src/lbdecision.cc | 41 | ||||
| -rw-r--r-- | src/lbdecision.hh | 3 |
2 files changed, 42 insertions, 2 deletions
diff --git a/src/lbdecision.cc b/src/lbdecision.cc index ed68ddd..0f951a9 100644 --- a/src/lbdecision.cc +++ b/src/lbdecision.cc @@ -116,11 +116,23 @@ if so then this stuff goes here! execute(string("iptables -t raw -N WLB_CONNTRACK"), stdout); execute(string("iptables -t raw -F WLB_CONNTRACK"), stdout); execute(string("iptables -t raw -A WLB_CONNTRACK -j ACCEPT"), stdout); + execute(string("iptables -t raw -D PREROUTING -j WLB_CONNTRACK"), stdout); - execute(string("iptables -t raw -I PREROUTING 1 -j WLB_CONNTRACK"), stdout); + + int index = find_iptables_index("raw","PREROUTING","VYATTA_PRE_CT_PREROUTING_HOOK"); + ++index; + sprintf(buf,"%d",index); + execute(string("iptables -t raw -I PREROUTING ") + buf + " -j WLB_CONNTRACK", stdout); + + if (lbdata._enable_local_traffic == true) { execute(string("iptables -t raw -D OUTPUT -j WLB_CONNTRACK"), stdout); - execute(string("iptables -t raw -I OUTPUT 1 -j WLB_CONNTRACK"), stdout); + + int index = find_iptables_index("raw","OUTPUT","VYATTA_PRE_CT_OUTPUT_HOOK"); + ++index; + sprintf(buf,"%d",index); + execute(string("iptables -t raw -I OUTPUT ") + buf + " -j WLB_CONNTRACK", stdout); + } //set up mangle table execute(string("iptables -t mangle -N WANLOADBALANCE_PRE"), stdout); @@ -784,3 +796,28 @@ LBDecision::get_limit_cmd(LBRule &rule) cmd += string("--limit-burst ") + rule._limit_burst; return cmd; } + +/** + * + **/ +int +LBDecision::find_iptables_index(string location, string table, string name) +{ + string stdout; + string cmd = "iptables -t " + location + " -L " + table; + int err = execute(cmd, stdout, true); + if (err != 0) { + return 1; + } + + size_t loc = stdout.find(name); + string found_str = stdout.substr(0,loc); + //now count the number of carriage returns + loc = 0; + int ct = 0; + while ((loc = found_str.find("\n",loc)) != string::npos) { + ++loc; + ++ct; + } + return ct-1; //offset from headers on command +} diff --git a/src/lbdecision.hh b/src/lbdecision.hh index e4b5378..b7ececf 100644 --- a/src/lbdecision.hh +++ b/src/lbdecision.hh @@ -54,6 +54,9 @@ private: string get_limit_cmd(LBRule &rule); + int + find_iptables_index(string location, string table, string name); + private: bool _debug; }; |