From 3231736cab15aa2eabe2f3081b4b7d277146d543 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Tue, 14 Mar 2017 13:57:45 +0100 Subject: [PATCH] net/mwan3: reset conntrack table on iface up/down event Signed-off-by: Florian Eckert --- net/mwan3/Makefile | 2 +- net/mwan3/files/etc/hotplug.d/iface/15-mwan3 | 2 ++ net/mwan3/files/lib/mwan3/mwan3.sh | 34 ++++++++++++++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/net/mwan3/Makefile b/net/mwan3/Makefile index 328c2d0e9..f26a5ab58 100644 --- a/net/mwan3/Makefile +++ b/net/mwan3/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mwan3 -PKG_VERSION:=2.0 +PKG_VERSION:=2.1 PKG_RELEASE:=4 PKG_MAINTAINER:=Jeroen Louwes , \ Florian Eckert diff --git a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 index 86e60e133..7d6cd98c4 100644 --- a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 +++ b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 @@ -46,6 +46,7 @@ case "$ACTION" in mwan3_track $INTERFACE $DEVICE mwan3_set_policies_iptables mwan3_set_user_rules + mwan3_flush_conntrack $INTERFACE $DEVICE "ifup" ;; ifdown) mwan3_delete_iface_rules $INTERFACE @@ -54,6 +55,7 @@ case "$ACTION" in mwan3_delete_iface_ipset_entries $INTERFACE mwan3_set_policies_iptables mwan3_set_user_rules + mwan3_flush_conntrack $INTERFACE $DEVICE "ifdown" ;; esac diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index 1e1de969f..a633bedd5 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -6,6 +6,7 @@ IPS="/usr/sbin/ipset" IPT4="/usr/sbin/iptables -t mangle -w" IPT6="/usr/sbin/ip6tables -t mangle -w" LOG="/usr/bin/logger -t mwan3 -p" +CONNTRACK_FILE="/proc/net/nf_conntrack" mwan3_get_iface_id() { @@ -804,3 +805,36 @@ mwan3_report_rules_v6() $IPT6 -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /' fi } + +mwan3_flush_conntrack() +{ + local flush_conntrack + + config_get flush_conntrack $1 flush_conntrack never + + if [ -e "$CONNTRACK_FILE" ]; then + case $flush_conntrack in + ifup) + [ "$3" = "ifup" ] && { + echo f > ${CONNTRACK_FILE} + $LOG info "connection tracking flushed on interface $1 ($2) $3" + } + ;; + ifdown) + [ "$3" = "ifdown" ] && { + echo f > ${CONNTRACK_FILE} + $LOG info "connection tracking flushed on interface $1 ($2) $3" + } + ;; + always) + echo f > ${CONNTRACK_FILE} + $LOG info "connection tracking flushed on interface $1 ($2) $3" + ;; + never) + $LOG info "connection tracking not flushed on interface $1 ($2) $3" + ;; + esac + else + $LOG warning "connection tracking not enabled" + fi +}