diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lbdata.hh | 5 | ||||
| -rw-r--r-- | src/lbdatafactory.cc | 9 | ||||
| -rw-r--r-- | src/lbdatafactory.hh | 3 | ||||
| -rw-r--r-- | src/lbdecision.cc | 46 |
4 files changed, 42 insertions, 21 deletions
diff --git a/src/lbdata.hh b/src/lbdata.hh index 532bc2f..5486e8c 100644 --- a/src/lbdata.hh +++ b/src/lbdata.hh @@ -23,7 +23,8 @@ class LBRule { typedef enum {ALL,ICMP,UDP,TCP} Protocol; LBRule() : - _proto("all") + _proto("all"), + _exclude(false) {} public: @@ -36,6 +37,8 @@ class LBRule { string _d_port; string _d_port_ipt; + bool _exclude; + string _in_iface; InterfaceDistColl _iface_dist_coll; }; diff --git a/src/lbdatafactory.cc b/src/lbdatafactory.cc index 85f3283..5e3da83 100644 --- a/src/lbdatafactory.cc +++ b/src/lbdatafactory.cc @@ -140,6 +140,9 @@ LBDataFactory::process(const vector<string> &path, int depth, const string &key, else if (depth > 0 && path[1] == "protocol") { process_rule_protocol(l_key,l_value); } + else if (depth > 0 && path[1] == "exclude") { + process_rule_exclude(l_key,l_value); + } else { process_rule(l_key,l_value); } @@ -266,6 +269,12 @@ LBDataFactory::process_rule_protocol(const string &key, const string &value) } void +LBDataFactory::process_rule_exclude(const string &key, const string &value) +{ + _rule_iter->second._exclude = true; +} + +void LBDataFactory::process_rule_source(const string &key, const string &value) { if (key == "address") { diff --git a/src/lbdatafactory.hh b/src/lbdatafactory.hh index a9c6a3e..2ff0eb1 100644 --- a/src/lbdatafactory.hh +++ b/src/lbdatafactory.hh @@ -50,6 +50,9 @@ private: process_rule(const string &key, const string &value); void + process_rule_exclude(const string &key, const string &value); + + void process_rule_protocol(const string &key, const string &value); void diff --git a/src/lbdecision.cc b/src/lbdecision.cc index 9bf56cf..0f51d84 100644 --- a/src/lbdecision.cc +++ b/src/lbdecision.cc @@ -209,34 +209,40 @@ LBDecision::run(LBData &lb_data) //and compute the new set and apply LBData::LBRuleIter iter = lb_data._lb_rule_coll.begin(); while (iter != lb_data._lb_rule_coll.end()) { - map<int,float> weights = get_new_weights(lb_data,iter->second); - map<int,float>::iterator w_iter = weights.begin(); //NEED TO HANDLE APPLICATION SPECIFIC DETAILS string app_cmd = get_application_cmd(iter->second); - char fbuf[20],dbuf[20]; - if (weights.empty()) { - //no rules here! - } - else if (weights.size() == 1) { - sprintf(dbuf,"%d",w_iter->first); - execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout); - execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout); + if (iter->second._exclude == true) { + execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j ACCEPT", stdout); } else { - map<int,float>::iterator w_end = weights.end(); - --w_end; - while (w_iter != w_end) { - sprintf(fbuf,"%f",w_iter->second); + map<int,float> weights = get_new_weights(lb_data,iter->second); + map<int,float>::iterator w_iter = weights.begin(); + + char fbuf[20],dbuf[20]; + if (weights.empty()) { + //no rules here! + } + else if (weights.size() == 1) { sprintf(dbuf,"%d",w_iter->first); - execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout); + execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout); + execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout); + } + else { + map<int,float>::iterator w_end = weights.end(); + --w_end; + while (w_iter != w_end) { + sprintf(fbuf,"%f",w_iter->second); + sprintf(dbuf,"%d",w_iter->first); + execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout); + ++w_iter; + } + //last one is special case, the catch all rule ++w_iter; + sprintf(dbuf,"%d",w_iter->first); + execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout); + execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout); } - //last one is special case, the catch all rule - ++w_iter; - sprintf(dbuf,"%d",w_iter->first); - execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout); - execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout); } ++iter; continue; |