From d7e0e1579b84215eee801e0e033c0b60eb09a1c8 Mon Sep 17 00:00:00 2001
From: root <root@eng-140.vyatta.com>
Date: Fri, 22 Aug 2008 09:41:27 -0700
Subject: fix for bug 3620. exclusion option is now provided and will create an
 accept rule. For an exclusion the user does not need to configure interfaces
 for that rule to balance across.

---
 src/lbdata.hh        |  5 ++++-
 src/lbdatafactory.cc |  9 +++++++++
 src/lbdatafactory.hh |  3 +++
 src/lbdecision.cc    | 46 ++++++++++++++++++++++++++--------------------
 4 files changed, 42 insertions(+), 21 deletions(-)

(limited to 'src')

diff --git a/src/lbdata.hh b/src/lbdata.hh
index 532bc2f..5486e8c 100644
--- a/src/lbdata.hh
+++ b/src/lbdata.hh
@@ -23,7 +23,8 @@ class LBRule {
   typedef enum {ALL,ICMP,UDP,TCP} Protocol;
 
   LBRule() :
-    _proto("all")
+    _proto("all"),
+    _exclude(false)
       {}
 
  public:
@@ -36,6 +37,8 @@ class LBRule {
   string _d_port;
   string _d_port_ipt;
 
+  bool _exclude;
+
   string _in_iface;
   InterfaceDistColl _iface_dist_coll;
 };
diff --git a/src/lbdatafactory.cc b/src/lbdatafactory.cc
index 85f3283..5e3da83 100644
--- a/src/lbdatafactory.cc
+++ b/src/lbdatafactory.cc
@@ -140,6 +140,9 @@ LBDataFactory::process(const vector<string> &path, int depth, const string &key,
     else if (depth > 0 && path[1] == "protocol") {
       process_rule_protocol(l_key,l_value);
     }
+    else if (depth > 0 && path[1] == "exclude") {
+      process_rule_exclude(l_key,l_value);
+    }
     else {
       process_rule(l_key,l_value);
     }
@@ -265,6 +268,12 @@ LBDataFactory::process_rule_protocol(const string &key, const string &value)
   }
 }
 
+void
+LBDataFactory::process_rule_exclude(const string &key, const string &value)
+{
+  _rule_iter->second._exclude = true;
+}
+
 void
 LBDataFactory::process_rule_source(const string &key, const string &value)
 {
diff --git a/src/lbdatafactory.hh b/src/lbdatafactory.hh
index a9c6a3e..2ff0eb1 100644
--- a/src/lbdatafactory.hh
+++ b/src/lbdatafactory.hh
@@ -49,6 +49,9 @@ private:
   void
   process_rule(const string &key, const string &value);
 
+  void
+  process_rule_exclude(const string &key, const string &value);
+
   void
   process_rule_protocol(const string &key, const string &value);
 
diff --git a/src/lbdecision.cc b/src/lbdecision.cc
index 9bf56cf..0f51d84 100644
--- a/src/lbdecision.cc
+++ b/src/lbdecision.cc
@@ -209,34 +209,40 @@ LBDecision::run(LBData &lb_data)
   //and compute the new set and apply
   LBData::LBRuleIter iter = lb_data._lb_rule_coll.begin();
   while (iter != lb_data._lb_rule_coll.end()) {
-    map<int,float> weights = get_new_weights(lb_data,iter->second);
-    map<int,float>::iterator w_iter = weights.begin();
     //NEED TO HANDLE APPLICATION SPECIFIC DETAILS
     string app_cmd = get_application_cmd(iter->second);
 
-    char fbuf[20],dbuf[20];
-    if (weights.empty()) {
-      //no rules here!
-    }
-    else if (weights.size() == 1) {
-      sprintf(dbuf,"%d",w_iter->first);
-      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
-      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout);
+    if (iter->second._exclude == true) {
+      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j ACCEPT", stdout);
     }
     else {
-      map<int,float>::iterator w_end = weights.end();
-      --w_end;
-      while (w_iter != w_end) {      
-	sprintf(fbuf,"%f",w_iter->second);
+      map<int,float> weights = get_new_weights(lb_data,iter->second);
+      map<int,float>::iterator w_iter = weights.begin();
+      
+      char fbuf[20],dbuf[20];
+      if (weights.empty()) {
+	//no rules here!
+      }
+      else if (weights.size() == 1) {
 	sprintf(dbuf,"%d",w_iter->first);
-	execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
+	execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
+	execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout);
+      }
+      else {
+	map<int,float>::iterator w_end = weights.end();
+	--w_end;
+	while (w_iter != w_end) {      
+	  sprintf(fbuf,"%f",w_iter->second);
+	  sprintf(dbuf,"%d",w_iter->first);
+	  execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -m statistic --mode random --probability " + fbuf + " -j ISP_" + dbuf, stdout);
+	  ++w_iter;
+	}
+	//last one is special case, the catch all rule
 	++w_iter;
+	sprintf(dbuf,"%d",w_iter->first);
+	execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
+	execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout);
       }
-      //last one is special case, the catch all rule
-      ++w_iter;
-      sprintf(dbuf,"%d",w_iter->first);
-      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -m state --state NEW -j ISP_" + dbuf, stdout);
-      execute(string("iptables -t mangle -A PREROUTING ") + app_cmd + " -j CONNMARK --restore-mark", stdout);
     }
     ++iter;
     continue;
-- 
cgit v1.2.3