modified prerouting decisions to work with connmark. user needs to specify inbound interface now (although

this isn't currently required).
author: Michael Larson <slioch@eng-140.vyatta.com> 2008-06-10 16:58:13 -0700
committer: Michael Larson <slioch@eng-140.vyatta.com> 2008-06-10 16:58:13 -0700
commit: 98982243bb131c56f94f4bbcf89a58499fe27694 (patch)
tree: a75c8d8077a239435c66e8f2767526840c62ed0e /src
parent: 5510da8abc49783dc9b5b4f49577c668d3cb88fa (diff)
download: vyatta-wanloadbalance-98982243bb131c56f94f4bbcf89a58499fe27694.tar.gz
vyatta-wanloadbalance-98982243bb131c56f94f4bbcf89a58499fe27694.zip
4 files changed, 35 insertions, 2 deletions
diff --git a/src/lbdata.hh b/src/lbdata.hh
index 857c25a..532bc2f 100644
--- a/src/lbdata.hh
+++ b/src/lbdata.hh
@@ -36,6 +36,7 @@ class LBRule {
   string _d_port;
   string _d_port_ipt;
 
+  string _in_iface;
   InterfaceDistColl _iface_dist_coll;
 };
 
diff --git a/src/lbdatafactory.cc b/src/lbdatafactory.cc
index 877c78e..1655a12 100644
--- a/src/lbdatafactory.cc
+++ b/src/lbdatafactory.cc
@@ -130,6 +130,9 @@ LBDataFactory::process(const vector<string> &path, int depth, const string &key,
     else if (depth > 0 && path[1] == "destination") {
       process_rule_destination(l_key,l_value);
     }
+    else if (depth > 0 && path[1] == "inbound-interface") {
+      process_rule_inbound_interface(l_key,l_value);
+    }
     else if (depth > 1 && path[1] == "interface") {
       process_rule_interface(l_key,l_value);
     }
@@ -290,6 +293,24 @@ LBDataFactory::process_rule_destination(const string &key, const string &value)
 }
 
 void
+LBDataFactory::process_rule_inbound_interface(const string &key, const string &value)
+{
+  if (_debug) {
+    cout << "LBDataFactory::process_rule_inbound_interface(): " << key << ", " << value << endl;
+  }
+  if (key == "inbound-interface") {
+    _rule_iter->second._in_iface = value;
+  }
+  else {
+    if (_debug) {
+      cerr << "LBDataFactory::process_rule(): " << "don't understand this symbol: " << key << endl;
+    }
+  }
+}
+
+
+
+void
 LBDataFactory::process_rule_interface(const string &key, const string &value)
 {
   if (_debug) {
diff --git a/src/lbdatafactory.hh b/src/lbdatafactory.hh
index 449caa2..a9c6a3e 100644
--- a/src/lbdatafactory.hh
+++ b/src/lbdatafactory.hh
@@ -61,6 +61,9 @@ private:
   void
   process_rule_interface(const string &key, const string &value);
 
+  void
+  process_rule_inbound_interface(const string &key, const string &value);
+
 private:
   bool _debug;
   LBHealth _lb_health;
diff --git a/src/lbdecision.cc b/src/lbdecision.cc
index c959303..9c13017 100644
--- a/src/lbdecision.cc
+++ b/src/lbdecision.cc
@@ -99,7 +99,9 @@ if so then this stuff goes here!
   LBData::InterfaceHealthIter iter = lbdata._iface_health_coll.begin();
   while (iter != lbdata._iface_health_coll.end()) {
     string iface = iter->first;
+
     sprintf(buf,"%d",ct);
+    /*
     execute(string("iptables -t mangle -N ISP_") + buf);
     execute(string("iptables -t mangle -F ISP_") + buf);
     execute(string("iptables -t mangle -A ISP_") + buf + " -j CONNMARK --set-mark " + buf);
@@ -107,6 +109,7 @@ if so then this stuff goes here!
 
     //NOTE, WILL NEED A WAY TO CLEAN UP THIS RULE ON RESTART...
     execute(string("iptables -t mangle -A ISP_") + buf + " -j ACCEPT");
+    */
 
     execute(string("ip route replace table ") + buf + " default dev " + iface + " via " + iter->second._nexthop);
     execute(string("ip rule add fwmark ") + buf + " table " + buf);
@@ -169,14 +172,15 @@ LBDecision::run(LBData &lb_data)
     while (w_iter != w_end) {
       sprintf(fbuf,"%f",w_iter->second);
       sprintf(dbuf,"%d",w_iter->first);
-      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW,ESTABLISHED -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf);
+      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j CONNMARK --set-mark " + dbuf);
 
       ++w_iter;
     }
     //last one is special case, the catch all rule
     ++w_iter;
     sprintf(dbuf,"%d",w_iter->first);
-    execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW,ESTABLISHED -j ISP_" + dbuf);
+    execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j CONNMARK --set-mark " + dbuf);
+    execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark");
     ++iter;
   }
 }
@@ -272,6 +276,10 @@ LBDecision::get_application_cmd(LBRule &rule)
 {
   string filter;
 
+  if (rule._in_iface.empty() == false) {
+    filter += "-i " + rule._in_iface + " ";
+  }
+
   if (rule._proto.empty() == false) {
     filter += "--proto " + rule._proto + " ";
   }
author	Michael Larson <slioch@eng-140.vyatta.com>	2008-06-10 16:58:13 -0700
committer	Michael Larson <slioch@eng-140.vyatta.com>	2008-06-10 16:58:13 -0700
commit	98982243bb131c56f94f4bbcf89a58499fe27694 (patch)
tree	a75c8d8077a239435c66e8f2767526840c62ed0e /src
parent	5510da8abc49783dc9b5b4f49577c668d3cb88fa (diff)
download	vyatta-wanloadbalance-98982243bb131c56f94f4bbcf89a58499fe27694.tar.gz vyatta-wanloadbalance-98982243bb131c56f94f4bbcf89a58499fe27694.zip