From 05eaec986b08debee4ff606bd62c699195c8c678 Mon Sep 17 00:00:00 2001
From: Jeroen Louwes <jeroen.louwes@gmail.com>
Date: Mon, 21 Dec 2015 16:50:59 +0100
Subject: [PATCH] mwan3: update to version 2.0-2

Fix iptables issue where a needed ipset was not created if first wan that came online was not a member of policy.

Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
---
 net/mwan3/Makefile                 |  2 +-
 net/mwan3/files/lib/mwan3/mwan3.sh | 22 +++++++++++-----------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/net/mwan3/Makefile b/net/mwan3/Makefile
index 028ffa59b..25ad2bab4 100644
--- a/net/mwan3/Makefile
+++ b/net/mwan3/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mwan3
 PKG_VERSION:=2.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
 PKG_LICENSE:=GPLv2
 
diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh
index dab1fbd4d..3afc72df2 100644
--- a/net/mwan3/files/lib/mwan3/mwan3.sh
+++ b/net/mwan3/files/lib/mwan3/mwan3.sh
@@ -85,16 +85,16 @@ mwan3_set_general_iptables()
 			$IPT -N mwan3_ifaces_in
 		fi
 
-		if ! $IPT -S mwan3_ifaces_out &> /dev/null; then
-			$IPT -N mwan3_ifaces_out
-		fi
-
 		if ! $IPT -S mwan3_connected &> /dev/null; then
 			$IPT -N mwan3_connected
 			$IPS -! create mwan3_connected list:set
 			$IPT -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0xff00/0xff00
 		fi
 
+		if ! $IPT -S mwan3_ifaces_out &> /dev/null; then
+			$IPT -N mwan3_ifaces_out
+		fi
+
 		if ! $IPT -S mwan3_rules &> /dev/null; then
 			$IPT -N mwan3_rules
 		fi
@@ -103,8 +103,8 @@ mwan3_set_general_iptables()
 			$IPT -N mwan3_hook
 			$IPT -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00
 			$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces_in
-			$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces_out
 			$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_connected
+			$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces_out
 			$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_rules
 			$IPT -A mwan3_hook -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00
 			$IPT -A mwan3_hook -m mark ! --mark 0xff00/0xff00 -j mwan3_connected
@@ -529,12 +529,6 @@ mwan3_set_sticky_iptables()
 
 			[ -n "$id" ] || return 0
 
-			$IPS -! create mwan3_sticky_v4_$rule hash:ip,mark markmask 0xff00 timeout $timeout
-			$IPS -! create mwan3_sticky_v6_$rule hash:ip,mark markmask 0xff00 timeout $timeout family inet6
-			$IPS -! create mwan3_sticky_$rule list:set
-			$IPS -! add mwan3_sticky_$rule mwan3_sticky_v4_$rule
-			$IPS -! add mwan3_sticky_$rule mwan3_sticky_v6_$rule
-
 			for IPT in "$IPT4" "$IPT6"; do
 				if [ -n "$($IPT -S mwan3_iface_in_$1 2> /dev/null)" -a -n "$($IPT -S mwan3_iface_out_$1 2> /dev/null)" ]; then
 					$IPT -I mwan3_rule_$rule -m mark --mark $(($id*256))/0xff00 -m set ! --match-set mwan3_sticky_$rule src,src -j MARK --set-xmark 0x0/0xff00
@@ -594,6 +588,12 @@ mwan3_set_user_iptables_rule()
 					$IPT -F mwan3_rule_$1
 				done
 
+				$IPS -! create mwan3_sticky_v4_$rule hash:ip,mark markmask 0xff00 timeout $timeout
+				$IPS -! create mwan3_sticky_v6_$rule hash:ip,mark markmask 0xff00 timeout $timeout family inet6
+				$IPS -! create mwan3_sticky_$rule list:set
+				$IPS -! add mwan3_sticky_$rule mwan3_sticky_v4_$rule
+				$IPS -! add mwan3_sticky_$rule mwan3_sticky_v6_$rule
+
 				config_foreach mwan3_set_sticky_iptables interface
 
 				for IPT in "$IPT4" "$IPT6"; do