net/mwan3: reset conntrack table on iface up/down event

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2026-04-30 15:38:40 +01:00 · 2017-03-14 13:57:45 +01:00
parent 00366f931c
commit 3231736cab
3 changed files with 37 additions and 1 deletions
@@ -6,6 +6,7 @@ IPS="/usr/sbin/ipset"
 IPT4="/usr/sbin/iptables -t mangle -w"
 IPT6="/usr/sbin/ip6tables -t mangle -w"
 LOG="/usr/bin/logger -t mwan3 -p"
+CONNTRACK_FILE="/proc/net/nf_conntrack"

 mwan3_get_iface_id()
 {
@@ -804,3 +805,36 @@ mwan3_report_rules_v6()
 		$IPT6 -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /'
 	fi
 }
+
+mwan3_flush_conntrack()
+{
+	local flush_conntrack
+
+	config_get flush_conntrack $1 flush_conntrack never
+
+	if [ -e "$CONNTRACK_FILE" ]; then
+		case $flush_conntrack in
+			ifup)
+				[ "$3" = "ifup" ] && {
+					echo f > ${CONNTRACK_FILE}
+					$LOG info "connection tracking flushed on interface $1 ($2) $3"
+				}
+				;;
+			ifdown)
+				[ "$3" = "ifdown" ] && {
+					echo f > ${CONNTRACK_FILE}
+					$LOG info "connection tracking flushed on interface $1 ($2) $3"
+				}
+				;;
+			always)
+				echo f > ${CONNTRACK_FILE}
+				$LOG info "connection tracking flushed on interface $1 ($2) $3"
+				;;
+			never)
+				$LOG info "connection tracking not flushed on interface $1 ($2) $3"
+				;;
+		esac
+	else
+		$LOG warning "connection tracking not enabled"
+	fi
+}