From: Florian Eckert Date: Tue, 14 Mar 2017 12:57:45 +0000 (+0100) Subject: net/mwan3: reset conntrack table on iface up/down event X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=3231736cab15aa2eabe2f3081b4b7d277146d543;p=feed%2Fpackages.git net/mwan3: reset conntrack table on iface up/down event Signed-off-by: Florian Eckert --- diff --git a/net/mwan3/Makefile b/net/mwan3/Makefile index 328c2d0e95..f26a5ab58b 100644 --- a/net/mwan3/Makefile +++ b/net/mwan3/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mwan3 -PKG_VERSION:=2.0 +PKG_VERSION:=2.1 PKG_RELEASE:=4 PKG_MAINTAINER:=Jeroen Louwes , \ Florian Eckert diff --git a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 index 86e60e1330..7d6cd98c4a 100644 --- a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 +++ b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 @@ -46,6 +46,7 @@ case "$ACTION" in mwan3_track $INTERFACE $DEVICE mwan3_set_policies_iptables mwan3_set_user_rules + mwan3_flush_conntrack $INTERFACE $DEVICE "ifup" ;; ifdown) mwan3_delete_iface_rules $INTERFACE @@ -54,6 +55,7 @@ case "$ACTION" in mwan3_delete_iface_ipset_entries $INTERFACE mwan3_set_policies_iptables mwan3_set_user_rules + mwan3_flush_conntrack $INTERFACE $DEVICE "ifdown" ;; esac diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index 1e1de969fa..a633bedd59 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -6,6 +6,7 @@ IPS="/usr/sbin/ipset" IPT4="/usr/sbin/iptables -t mangle -w" IPT6="/usr/sbin/ip6tables -t mangle -w" LOG="/usr/bin/logger -t mwan3 -p" +CONNTRACK_FILE="/proc/net/nf_conntrack" mwan3_get_iface_id() { @@ -804,3 +805,36 @@ mwan3_report_rules_v6() $IPT6 -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /' fi } + +mwan3_flush_conntrack() +{ + local flush_conntrack + + config_get flush_conntrack $1 flush_conntrack never + + if [ -e "$CONNTRACK_FILE" ]; then + case $flush_conntrack in + ifup) + [ "$3" = "ifup" ] && { + echo f > ${CONNTRACK_FILE} + $LOG info "connection tracking flushed on interface $1 ($2) $3" + } + ;; + ifdown) + [ "$3" = "ifdown" ] && { + echo f > ${CONNTRACK_FILE} + $LOG info "connection tracking flushed on interface $1 ($2) $3" + } + ;; + always) + echo f > ${CONNTRACK_FILE} + $LOG info "connection tracking flushed on interface $1 ($2) $3" + ;; + never) + $LOG info "connection tracking not flushed on interface $1 ($2) $3" + ;; + esac + else + $LOG warning "connection tracking not enabled" + fi +}