fix for bug 3620. exclusion option is now provided and will create an accept rule. For an exclusion the user does not need to configure interfaces for that rule to balance across.

6 files changed, 48 insertions, 21 deletions

diff --git a/scripts/vyatta-wanloadbalance.pl b/scripts/vyatta-wanloadbalance.pl
index e5c3373..b71c54d 100644
--- a/scripts/vyatta-wanloadbalance.pl
+++ b/scripts/vyatta-wanloadbalance.pl
@@ -86,6 +86,11 @@ sub write_rules {
 	
 	$config->setLevel('load-balancing wan rule');
 
+	if ($config->exists("$rule exclude")) {
+	    $valid = "true";
+	    print FILE_LCK "\texclude\n";
+	}
+
 	my $protocol = $config->returnValue("$rule protocol");
 	if (defined $protocol) {
 	    print FILE_LCK "\tprotocol " . $protocol . "\n"
diff --git a/src/lbdata.hh b/src/lbdata.hh
index 532bc2f..5486e8c 100644
--- a/src/lbdata.hh
+++ b/src/lbdata.hh
@@ -23,7 +23,8 @@ class LBRule {
   typedef enum {ALL,ICMP,UDP,TCP} Protocol;
 
   LBRule() :
-    _proto("all")
+    _proto("all"),
+    _exclude(false)
       {}
 
  public:
@@ -36,6 +37,8 @@ class LBRule {
   string _d_port;
   string _d_port_ipt;
 
+  bool _exclude;
+
   string _in_iface;
   InterfaceDistColl _iface_dist_coll;
 };
diff --git a/src/lbdatafactory.cc b/src/lbdatafactory.cc
index 85f3283..5e3da83 100644
--- a/src/lbdatafactory.cc
+++ b/src/lbdatafactory.cc
@@ -140,6 +140,9 @@ LBDataFactory::process(const vector<string> &path, int depth, const string &key,
     else if (depth > 0 && path[1] == "protocol") {
       process_rule_protocol(l_key,l_value);
     }
+    else if (depth > 0 && path[1] == "exclude") {
+      process_rule_exclude(l_key,l_value);
+    }
     else {
       process_rule(l_key,l_value);
     }
@@ -266,6 +269,12 @@ LBDataFactory::process_rule_protocol(const string &key, const string &value)
 }
 
 void
+LBDataFactory::process_rule_exclude(const string &key, const string &value)
+{
+  _rule_iter->second._exclude = true;
+}
+
+void
 LBDataFactory::process_rule_source(const string &key, const string &value)
 {
   if (key == "address") {
diff --git a/src/lbdatafactory.hh b/src/lbdatafactory.hh
index a9c6a3e..2ff0eb1 100644
--- a/src/lbdatafactory.hh
+++ b/src/lbdatafactory.hh
@@ -50,6 +50,9 @@ private:
   process_rule(const string &key, const string &value);
 
   void
+  process_rule_exclude(const string &key, const string &value);
+
+  void
   process_rule_protocol(const string &key, const string &value);
 
   void
diff --git a/src/lbdecision.cc b/src/lbdecision.cc
index 9bf56cf..0f51d84 100644
--- a/src/lbdecision.cc
+++ b/src/lbdecision.cc
@@ -209,34 +209,40 @@ LBDecision::run(LBData &lb_data)
   //and compute the new set and apply
   LBData::LBRuleIter iter = lb_data._lb_rule_coll.begin();
   while (iter != lb_data._lb_rule_coll.end()) {
-    map<int,float> weights = get_new_weights(lb_data,iter->second);
-    map<int,float>::iterator w_iter = weights.begin();
     //NEED TO HANDLE APPLICATION SPECIFIC DETAILS
     string app_cmd = get_application_cmd(iter->second);
 
-    char fbuf[20],dbuf[20];
-    if (weights.empty()) {
-      //no rules here!
-    }
-    else if (weights.size() == 1) {
-      sprintf(dbuf,"%d",w_iter->first);
-      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
-      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout);
+    if (iter->second._exclude == true) {
+      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j ACCEPT", stdout);
     }
     else {
-      map<int,float>::iterator w_end = weights.end();
-      --w_end;
-      while (w_iter != w_end) {      
-	sprintf(fbuf,"%f",w_iter->second);
+      map<int,float> weights = get_new_weights(lb_data,iter->second);
+      map<int,float>::iterator w_iter = weights.begin();
+      
+      char fbuf[20],dbuf[20];
+      if (weights.empty()) {
+	//no rules here!
+      }
+      else if (weights.size() == 1) {
 	sprintf(dbuf,"%d",w_iter->first);
-	execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
+	execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
+	execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout);
+      }
+      else {
+	map<int,float>::iterator w_end = weights.end();
+	--w_end;
+	while (w_iter != w_end) {      
+	  sprintf(fbuf,"%f",w_iter->second);
+	  sprintf(dbuf,"%d",w_iter->first);
+	  execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
+	  ++w_iter;
+	}
+	//last one is special case, the catch all rule
 	++w_iter;
+	sprintf(dbuf,"%d",w_iter->first);
+	execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
+	execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout);
       }
-      //last one is special case, the catch all rule
-      ++w_iter;
-      sprintf(dbuf,"%d",w_iter->first);
-      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
-      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout);
     }
     ++iter;
     continue;
diff --git a/templates/load-balancing/wan/rule/node.tag/exclude/node.def b/templates/load-balancing/wan/rule/node.tag/exclude/node.def
new file mode 100644
index 0000000..8c3acd3
--- /dev/null
+++ b/templates/load-balancing/wan/rule/node.tag/exclude/node.def
@@ -0,0 +1 @@
+help: Set to exclude packets matching this rule from wan load balance