From 49234912119c224bf4c28df5573937668d03e651 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Mon, 2 Jan 2023 18:51:47 +0000
Subject: T4904: keepalived virtual-server allow multiple ports with fwmark

Allow multiple ports for high-availability virtual-server
The current implementation allows balance only one "virtual" address
and port between between several "real servers"
Allow matching "fwmark" to set traffic which should be balanced

Allow to set port 0 (all traffic) if we use "fwmark"
Add health-check script

  set high-availability virtual-server 203.0.113.1 fwmark '111'
  set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script '/bin/true'
  set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '0'
---
 interface-definitions/high-availability.xml.in       | 20 ++++++++++++++++++--
 interface-definitions/include/firewall/fwmark.xml.i  | 14 ++++++++++++++
 .../include/port-number-start-zero.xml.i             | 15 +++++++++++++++
 3 files changed, 47 insertions(+), 2 deletions(-)
 create mode 100644 interface-definitions/include/firewall/fwmark.xml.i
 create mode 100644 interface-definitions/include/port-number-start-zero.xml.i

(limited to 'interface-definitions')

diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in
index 784e51151..d67a142d1 100644
--- a/interface-definitions/high-availability.xml.in
+++ b/interface-definitions/high-availability.xml.in
@@ -365,7 +365,8 @@
             </properties>
             <defaultValue>nat</defaultValue>
           </leafNode>
-          #include <include/port-number.xml.i>
+          #include <include/firewall/fwmark.xml.i>
+          #include <include/port-number-start-zero.xml.i>
           <leafNode name="persistence-timeout">
             <properties>
               <help>Timeout for persistent connections</help>
@@ -404,7 +405,7 @@
               <help>Real server address</help>
             </properties>
             <children>
-              #include <include/port-number.xml.i>
+              #include <include/port-number-start-zero.xml.i>
               <leafNode name="connection-timeout">
                 <properties>
                   <help>Server connection timeout</help>
@@ -417,6 +418,21 @@
                   </constraint>
                 </properties>
               </leafNode>
+              <node name="health-check">
+                <properties>
+                  <help>Health check script</help>
+                </properties>
+                <children>
+                  <leafNode name="script">
+                    <properties>
+                      <help>Health check script file</help>
+                      <constraint>
+                        <validator name="script"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
             </children>
           </tagNode>
         </children>
diff --git a/interface-definitions/include/firewall/fwmark.xml.i b/interface-definitions/include/firewall/fwmark.xml.i
new file mode 100644
index 000000000..4607ef58f
--- /dev/null
+++ b/interface-definitions/include/firewall/fwmark.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from firewall/fwmark.xml.i -->
+<leafNode name="fwmark">
+  <properties>
+    <help>Match fwmark value</help>
+    <valueHelp>
+      <format>u32:1-2147483647</format>
+      <description>Match firewall mark value</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-2147483647"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/port-number-start-zero.xml.i b/interface-definitions/include/port-number-start-zero.xml.i
new file mode 100644
index 000000000..04a144216
--- /dev/null
+++ b/interface-definitions/include/port-number-start-zero.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from port-number-start-zero.xml.i -->
+<leafNode name="port">
+  <properties>
+    <help>Port number used by connection</help>
+    <valueHelp>
+      <format>u32:0-65535</format>
+      <description>Numeric IP port</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 0-65535"/>
+    </constraint>
+    <constraintErrorMessage>Port number must be in range 0 to 65535</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
-- 
cgit v1.2.3