fixed output mangle rule creation. need to suppress inbound interface on rule creation for output rule entry as these are locally sourced packets.

2 files changed, 10 insertions, 9 deletions

diff --git a/src/lbdecision.cc b/src/lbdecision.cc
index 56c772d..7b76f7b 100644
--- a/src/lbdecision.cc
+++ b/src/lbdecision.cc
@@ -248,10 +248,11 @@ LBDecision::run(LBData &lb_data)
   while (iter != lb_data._lb_rule_coll.end()) {
     //NEED TO HANDLE APPLICATION SPECIFIC DETAILS
     string app_cmd = get_application_cmd(iter->second);
+    string app_cmd_local = get_application_cmd(iter->second,true);
 
     if (iter->second._exclude == true) {
       execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j ACCEPT", stdout);
-      execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -j ACCEPT", stdout);
+      execute(string("iptables -t mangle -A OUTPUT ") + app_cmd_local + " -j ACCEPT", stdout);
     }
     else {
       map<int,float> weights = get_new_weights(lb_data,iter->second);
@@ -267,24 +268,24 @@ LBDecision::run(LBData &lb_data)
 	  sprintf(dbuf,"%d",w_iter->first);
 	  if (lb_data._enable_source_based_routing) {
 	    execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
-	    execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
+	    execute(string("iptables -t mangle -A OUTPUT ") + app_cmd_local + " -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
 	  }
 	  else {
 	    execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
-	    execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
+	    execute(string("iptables -t mangle -A OUTPUT ") + app_cmd_local + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
 	  }
 	}
 	sprintf(dbuf,"%d",(--weights.end())->first);
 	if (lb_data._enable_source_based_routing) {
 	  execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j ISP_" + dbuf, stdout);
-	  execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -j ISP_" + dbuf, stdout);
+	  execute(string("iptables -t mangle -A OUTPUT ") + app_cmd_local + " -j ISP_" + dbuf, stdout);
 	}
 	else {
 	  execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
-	  execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
+	  execute(string("iptables -t mangle -A OUTPUT ") + app_cmd_local + " -m state --state NEW -j ISP_" + dbuf, stdout);
 	}
 	execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout);
-	execute(string("iptables -t mangle -A OUTPUT ") + app_cmd + " -j CONNMARK --restore-mark", stdout);
+	execute(string("iptables -t mangle -A OUTPUT ") + app_cmd_local + " -j CONNMARK --restore-mark", stdout);
       }
     }
     ++iter;
@@ -438,11 +439,11 @@ LBDecision::get_new_weights(LBData &data, LBRule &rule)
  *
  **/
 string
-LBDecision::get_application_cmd(LBRule &rule)
+LBDecision::get_application_cmd(LBRule &rule, bool local)
 {
   string filter;
 
-  if (rule._in_iface.empty() == false) {
+  if (rule._in_iface.empty() == false && local == false) {
     filter += "-i " + rule._in_iface + " ";
   }
 
diff --git a/src/lbdecision.hh b/src/lbdecision.hh
index e8771e0..887a0d6 100644
--- a/src/lbdecision.hh
+++ b/src/lbdecision.hh
@@ -43,7 +43,7 @@ private:
   get_new_weights(LBData &data, LBRule &rule);
 
   string
-  get_application_cmd(LBRule &rule);
+  get_application_cmd(LBRule &rule, bool local = false);
 
   string
   fetch_iface_addr(const string &iface);