Hi,
Shorewall 4.6.4.3 here, but same code present in up to 4.6.10Beta2.
Let's define the following providers:
DSL1 1 0x10000 - dsl0 192.168.1.1
track,balance,load=0.25
DSL2 2 0x20000 - dsl1 192.168.2.1
track,balance,load=0.25
#DSL3 3 0x30000 - dsl2 192.168.3.1
track,balance,load=0.50
Last one disabled because its normalized probability goes over 1.
After starting Shorewall, show -t mangle:
Chain ~dsl0 (1 references)
pkts bytes target prot opt in out source
destination
48 3082 MARK all -- * * 0.0.0.0/0
0.0.0.0/0 statistic mode random probability 0.25000000000
MARK xset 0x10000/0xff0000
Chain ~dsl1 (1 references)
pkts bytes target prot opt in out source
destination
63 3950 MARK all -- * * 0.0.0.0/0
0.0.0.0/0 statistic mode random probability 0.50000000000
MARK xset 0x20000/0xff0000
Probabilities: 0.25, 0.5 instead of 0.5, 0.5
I don't really understand why function distribute_load() in lib.core
is taking into account the precomputed (before checking interface
availability) $maxload in the first place and normalizes probability
as: ( $load / $totalload ) * $maxload.
Attached patch works for my use case. It computes probability as $load
/ $totalload and removes $maxload calculation before checking for
interface availability.
diff -uar shorewall-4.6.10-Beta2.orig/Perl/lib.core shorewall-4.6.10-Beta2/Perl/lib.core
--- shorewall-4.6.10-Beta2.orig/Perl/lib.core 2015-05-22 16:20:51.000000000 +0200
+++ shorewall-4.6.10-Beta2/Perl/lib.core 2015-05-22 22:59:31.311136624 +0200
@@ -607,10 +607,6 @@
local totalload
local load
local mark
- local maxload
-
- maxload=$1
- shift
totalload=0
@@ -637,12 +633,7 @@
if [ -n "$load" ]; then
load=$(bc <<EOF
scale=8
-( $load / $totalload ) * $maxload
-EOF
-)
- totalload=$(bc <<EOF
-scale=8
-$totalload - $load
+( $load / $totalload )
EOF
)
run_iptables -t mangle -A ~$interface -m statistic --mode random --probability $load -j MARK --set-mark $mark
diff -uar shorewall-4.6.10-Beta2.orig/Perl/Shorewall/Providers.pm shorewall-4.6.10-Beta2/Perl/Shorewall/Providers.pm
--- shorewall-4.6.10-Beta2.orig/Perl/Shorewall/Providers.pm 2015-05-22 16:21:28.000000000 +0200
+++ shorewall-4.6.10-Beta2/Perl/Shorewall/Providers.pm 2015-05-22 22:59:31.311136624 +0200
@@ -68,7 +68,6 @@
our $metrics;
our $first_default_route;
our $first_fallback_route;
-our $maxload;
our $tproxies;
our %providers;
@@ -105,7 +104,6 @@
$metrics = 0;
$first_default_route = 1;
$first_fallback_route = 1;
- $maxload = 0;
$tproxies = 0;
#
# The 'id' member is initialized in process_providers(), after the .conf file has been processed
@@ -589,7 +587,6 @@
if ( $load ) {
fatal_error q(The 'balance=<weight>' and 'load=<load-factor>' options are mutually exclusive) if $balance > 1;
fatal_error q(The 'fallback=<weight>' and 'load=<load-factor>' options are mutually exclusive) if $default > 1;
- $maxload += $load;
}
fatal_error "A provider interface must have at least one associated zone" unless $tproxy || %{interface_zones($interface)};
@@ -961,7 +958,7 @@
$weight = 1;
}
- emit ( "distribute_load $maxload @load_interfaces" ) if $load;
+ emit ( "distribute_load @load_interfaces" ) if $load;
unless ( $shared ) {
emit( "setup_${dev}_tc" ) if $tcdevices->{$interface};
@@ -1056,7 +1053,7 @@
}
emit ( '',
- "distribute_load $maxload @load_interfaces" ) if $load;
+ "distribute_load @load_interfaces" ) if $load;
unless ( $shared ) {
emit( '',
@@ -2173,7 +2170,7 @@
sub setup_load_distribution() {
emit ( '',
- "distribute_load $maxload @load_interfaces" ,
+ "distribute_load @load_interfaces" ,
''
) if @load_interfaces;
}
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
