From 3231736cab15aa2eabe2f3081b4b7d277146d543 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Tue, 14 Mar 2017 13:57:45 +0100 Subject: [PATCH 1/2] net/mwan3: reset conntrack table on iface up/down event Signed-off-by: Florian Eckert --- net/mwan3/Makefile | 2 +- net/mwan3/files/etc/hotplug.d/iface/15-mwan3 | 2 ++ net/mwan3/files/lib/mwan3/mwan3.sh | 34 ++++++++++++++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/net/mwan3/Makefile b/net/mwan3/Makefile index 328c2d0e9..f26a5ab58 100644 --- a/net/mwan3/Makefile +++ b/net/mwan3/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mwan3 -PKG_VERSION:=2.0 +PKG_VERSION:=2.1 PKG_RELEASE:=4 PKG_MAINTAINER:=Jeroen Louwes , \ Florian Eckert diff --git a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 index 86e60e133..7d6cd98c4 100644 --- a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 +++ b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 @@ -46,6 +46,7 @@ case "$ACTION" in mwan3_track $INTERFACE $DEVICE mwan3_set_policies_iptables mwan3_set_user_rules + mwan3_flush_conntrack $INTERFACE $DEVICE "ifup" ;; ifdown) mwan3_delete_iface_rules $INTERFACE @@ -54,6 +55,7 @@ case "$ACTION" in mwan3_delete_iface_ipset_entries $INTERFACE mwan3_set_policies_iptables mwan3_set_user_rules + mwan3_flush_conntrack $INTERFACE $DEVICE "ifdown" ;; esac diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index 1e1de969f..a633bedd5 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -6,6 +6,7 @@ IPS="/usr/sbin/ipset" IPT4="/usr/sbin/iptables -t mangle -w" IPT6="/usr/sbin/ip6tables -t mangle -w" LOG="/usr/bin/logger -t mwan3 -p" +CONNTRACK_FILE="/proc/net/nf_conntrack" mwan3_get_iface_id() { @@ -804,3 +805,36 @@ mwan3_report_rules_v6() $IPT6 -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /' fi } + +mwan3_flush_conntrack() +{ + local flush_conntrack + + config_get flush_conntrack $1 flush_conntrack never + + if [ -e "$CONNTRACK_FILE" ]; then + case $flush_conntrack in + ifup) + [ "$3" = "ifup" ] && { + echo f > ${CONNTRACK_FILE} + $LOG info "connection tracking flushed on interface $1 ($2) $3" + } + ;; + ifdown) + [ "$3" = "ifdown" ] && { + echo f > ${CONNTRACK_FILE} + $LOG info "connection tracking flushed on interface $1 ($2) $3" + } + ;; + always) + echo f > ${CONNTRACK_FILE} + $LOG info "connection tracking flushed on interface $1 ($2) $3" + ;; + never) + $LOG info "connection tracking not flushed on interface $1 ($2) $3" + ;; + esac + else + $LOG warning "connection tracking not enabled" + fi +} From 6d44a7679a92717126f1da4b274d91322c7c56b7 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Wed, 15 Mar 2017 14:14:35 +0100 Subject: [PATCH 2/2] net/mwan3: add ping size option to mwan3track Signed-off-by: Florian Eckert --- net/mwan3/files/lib/mwan3/mwan3.sh | 5 +++-- net/mwan3/files/usr/sbin/mwan3track | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index a633bedd5..0d139be04 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -361,7 +361,7 @@ mwan3_delete_iface_ipset_entries() mwan3_track() { - local track_ip track_ips reliability count timeout interval down up + local track_ip track_ips reliability count timeout interval down up size mwan3_list_track_ips() { @@ -381,8 +381,9 @@ mwan3_track() config_get interval $1 interval 10 config_get down $1 down 5 config_get up $1 up 5 + config_get size $1 size 56 - [ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $1 $2 $reliability $count $timeout $interval $down $up $track_ips & + [ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $1 $2 $reliability $count $timeout $interval $down $up $size $track_ips & fi } diff --git a/net/mwan3/files/usr/sbin/mwan3track b/net/mwan3/files/usr/sbin/mwan3track index 35f97fe0d..ca541714c 100755 --- a/net/mwan3/files/usr/sbin/mwan3track +++ b/net/mwan3/files/usr/sbin/mwan3track @@ -1,6 +1,6 @@ #!/bin/sh -[ -z "$9" ] && echo "Error: should not be started manually" && exit 0 +[ -z "$10" ] && echo "Error: should not be started manually" && exit 0 if [ -e /var/run/mwan3track-$1.pid ] ; then kill $(cat /var/run/mwan3track-$1.pid) &> /dev/null @@ -17,7 +17,7 @@ lost=0 while true; do for track_ip in $track_ips; do - ping -I $2 -c $4 -W $5 -q $track_ip &> /dev/null + ping -I $2 -c $4 -W $5 -s $9 -q $track_ip &> /dev/null if [ $? -eq 0 ]; then let host_up_count++ else