diff options
| author | root <root@eng-140.vyatta.com> | 2008-08-22 13:21:15 -0700 |
|---|---|---|
| committer | root <root@eng-140.vyatta.com> | 2008-08-22 13:21:15 -0700 |
| commit | 065c25acb5c3d10f4015b5bfa181445c3bce901a (patch) | |
| tree | 5a043317f02d331fdc6db1862d8e09596a78179e | |
| parent | 8237284fe73cc722ad58ebdc47838f7fd4a969d7 (diff) | |
| download | vyatta-wanloadbalance-065c25acb5c3d10f4015b5bfa181445c3bce901a.tar.gz vyatta-wanloadbalance-065c25acb5c3d10f4015b5bfa181445c3bce901a.zip | |
Partial fix for bug 3332. WLB can now be configured to run without creating implicit source nat rules.
This configuration element applies to the complete wan load balance configuration.
| -rw-r--r-- | scripts/vyatta-wanloadbalance.pl | 5 | ||||
| -rw-r--r-- | src/lbdata.hh | 4 | ||||
| -rw-r--r-- | src/lbdatafactory.cc | 10 | ||||
| -rw-r--r-- | src/lbdatafactory.hh | 3 | ||||
| -rw-r--r-- | src/lbdecision.cc | 22 |
5 files changed, 35 insertions, 9 deletions
diff --git a/scripts/vyatta-wanloadbalance.pl b/scripts/vyatta-wanloadbalance.pl index b71c54d..9e273c5 100644 --- a/scripts/vyatta-wanloadbalance.pl +++ b/scripts/vyatta-wanloadbalance.pl @@ -24,6 +24,11 @@ sub write_health { my $valid = "false"; + + if ($config->exists("load-balancing wan disable-source-nat")) { + print FILE_LCK "disable-source-nat\n"; + } + $config->setLevel("load-balancing wan interface-health"); my @eths = $config->listNodes(); diff --git a/src/lbdata.hh b/src/lbdata.hh index 5486e8c..8077841 100644 --- a/src/lbdata.hh +++ b/src/lbdata.hh @@ -109,7 +109,7 @@ class LBData { typedef map<string,LBHealth>::iterator InterfaceHealthIter; typedef map<string,LBHealth>::const_iterator InterfaceHealthConstIter; - LBData() {} + LBData() : _disable_source_nat(false) {} bool error() {return false;} @@ -131,6 +131,8 @@ class LBData { LBRuleColl _lb_rule_coll; InterfaceHealthColl _iface_health_coll; + + bool _disable_source_nat; }; #endif //__LBDATA_HH__ diff --git a/src/lbdatafactory.cc b/src/lbdatafactory.cc index bc7d4bc..086beed 100644 --- a/src/lbdatafactory.cc +++ b/src/lbdatafactory.cc @@ -118,7 +118,10 @@ LBDataFactory::process(const vector<string> &path, int depth, const string &key, std::transform(value.begin(), value.end(), std::back_inserter(l_value), static_cast < int(*)(int) > (std::tolower)); - if (path[0] == "health") { + if (path[0] == "disable-source-nat") { + process_disablesourcenat(l_key,l_value); + } + else if (path[0] == "health") { if (l_key == "interface") { process_health(l_key,l_value); } @@ -151,6 +154,11 @@ LBDataFactory::process(const vector<string> &path, int depth, const string &key, } } +void +LBDataFactory::process_disablesourcenat(const string &key, const string &value) +{ + _lb_data._disable_source_nat = true; +} void LBDataFactory::process_health(const string &key, const string &value) diff --git a/src/lbdatafactory.hh b/src/lbdatafactory.hh index 2ff0eb1..1f6e0a0 100644 --- a/src/lbdatafactory.hh +++ b/src/lbdatafactory.hh @@ -41,6 +41,9 @@ private: process(const vector<string> &path, int depth, const string &key, const string &value); void + process_disablesourcenat(const string &key, const string &value); + + void process_health(const string &key, const string &value); void diff --git a/src/lbdecision.cc b/src/lbdecision.cc index 0f51d84..507d3b5 100644 --- a/src/lbdecision.cc +++ b/src/lbdecision.cc @@ -108,11 +108,12 @@ if so then this stuff goes here! string stdout; //set up special nat rules - execute(string("iptables -t nat -N WANLOADBALANCE"), stdout); - execute(string("iptables -t nat -F WANLOADBALANCE"), stdout); - execute(string("iptables -t nat -D POSTROUTING -j WANLOADBALANCE"), stdout); - execute(string("iptables -t nat -A POSTROUTING -j WANLOADBALANCE"), stdout); - + if (lbdata._disable_source_nat == false) { + execute(string("iptables -t nat -N WANLOADBALANCE"), stdout); + execute(string("iptables -t nat -F WANLOADBALANCE"), stdout); + execute(string("iptables -t nat -D POSTROUTING -j WANLOADBALANCE"), stdout); + execute(string("iptables -t nat -A POSTROUTING -j WANLOADBALANCE"), stdout); + } //set up the conntrack table execute(string("iptables -t raw -N NAT_CONNTRACK"), stdout); execute(string("iptables -t raw -F NAT_CONNTRACK"), stdout); @@ -143,8 +144,10 @@ if so then this stuff goes here! char hex_buf[40]; sprintf(hex_buf,"%X",ct); execute(string("ip rule add fwmark ") + hex_buf + " table " + buf, stdout); - - execute(string("iptables -t nat -A WANLOADBALANCE -m connmark --mark ") + buf + " -j SNAT --to-source " + fetch_iface_addr(iface), stdout); + + if (lbdata._disable_source_nat == false) { + execute(string("iptables -t nat -A WANLOADBALANCE -m connmark --mark ") + buf + " -j SNAT --to-source " + fetch_iface_addr(iface), stdout); + } ++ct; ++iter; @@ -261,6 +264,11 @@ LBDecision::shutdown() //then if we do, flush all execute("iptables -t mangle -F PREROUTING", stdout); + //clear out nat as well + execute("iptables -t nat -F WANLOADBALANCE", stdout); + execute("iptables -t nat -D POSTROUTING -j WANLOADBALANCE", stdout); + + //remove the policy entries InterfaceMarkIter iter = _iface_mark_coll.begin(); while (iter != _iface_mark_coll.end()) { |