net/mwan3: reset conntrack table on iface up/down event

Signed-off-by: Florian Eckert <fe@dev.tdt.de>

net/mwan3/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mwan3
-PKG_VERSION:=2.0
+PKG_VERSION:=2.1
 PKG_RELEASE:=4
 PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>, \
 		Florian Eckert <fe@dev.tdt.de>

net/mwan3/files/etc/hotplug.d/iface/15-mwan3

@@ -46,6 +46,7 @@ case "$ACTION" in
 		mwan3_track $INTERFACE $DEVICE
 		mwan3_set_policies_iptables
 		mwan3_set_user_rules
+		mwan3_flush_conntrack $INTERFACE $DEVICE "ifup"
 	;;
 	ifdown)
 		mwan3_delete_iface_rules $INTERFACE
@@ -54,6 +55,7 @@ case "$ACTION" in
 		mwan3_delete_iface_ipset_entries $INTERFACE
 		mwan3_set_policies_iptables
 		mwan3_set_user_rules
+		mwan3_flush_conntrack $INTERFACE $DEVICE "ifdown"
 	;;
 esac
 

net/mwan3/files/lib/mwan3/mwan3.sh

@@ -6,6 +6,7 @@ IPS="/usr/sbin/ipset"
 IPT4="/usr/sbin/iptables -t mangle -w"
 IPT6="/usr/sbin/ip6tables -t mangle -w"
 LOG="/usr/bin/logger -t mwan3 -p"
+CONNTRACK_FILE="/proc/net/nf_conntrack"
 
 mwan3_get_iface_id()
 {
@@ -804,3 +805,36 @@ mwan3_report_rules_v6()
 		$IPT6 -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /'
 	fi
 }
+
+mwan3_flush_conntrack()
+{
+	local flush_conntrack
+
+	config_get flush_conntrack $1 flush_conntrack never
+
+	if [ -e "$CONNTRACK_FILE" ]; then
+		case $flush_conntrack in
+			ifup)
+				[ "$3" = "ifup" ] && {
+					echo f > ${CONNTRACK_FILE}
+					$LOG info "connection tracking flushed on interface $1 ($2) $3"
+				}
+				;;
+			ifdown)
+				[ "$3" = "ifdown" ] && {
+					echo f > ${CONNTRACK_FILE}
+					$LOG info "connection tracking flushed on interface $1 ($2) $3"
+				}
+				;;
+			always)
+				echo f > ${CONNTRACK_FILE}
+				$LOG info "connection tracking flushed on interface $1 ($2) $3"
+				;;
+			never)
+				$LOG info "connection tracking not flushed on interface $1 ($2) $3"
+				;;
+		esac
+	else
+		$LOG warning "connection tracking not enabled"
+	fi
+}