hi list,
on my wrt54gs i use the following scrip to flush stale voip connections from
the conntrack table when my isp kicks me and my pppd gets a new ip on
reconnect. although i wrote it for this one purpose it should point out
what to tweak to get rid of stale conntrack-entries w/o unloading the
module (hint: there are more interesting files in /proc/sys/net/ipv4/netfilter/).
-snip-
#!/bin/ash
ppp_ip=foo
ppp_ip_old=bar
rm /tmp/conntrack_fix.log
udpstimeout=180
udptimeout=30
while true ; do ppp_ip=$(ifconfig ppp0 |grep inet |awk '{print $2}' |sed 's/addr:\(\)/\1/')
if [ x"$ppp_ip" = x"$ppp_ip_old" ] ; then
sleep 10
elif [ x"$ppp_ip_old" = x"bar" ] ; then
ppp_ip_old=$ppp_ip
else
echo "ppp ip changed: $ppp_ip_old -> $ppp_ip" >> /tmp/conntrack_fix.log
while (cat /proc/net/ip_conntrack |grep 5060 |grep -v "dst=$ppp_ip" \
|| cat /proc/net/ip_conntrack |grep 5036 |grep -v "dst=$ppp_ip" \
|| cat /proc/net/ip_conntrack |grep 4569 |grep -v "dst=$ppp_ip") ; do
echo "trying to flush conntrack cache" >> /tmp/conntrack_fix.log
echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
sleep 10
echo $udpstimeout > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
echo $udptimeout > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
done
ppp_ip_old=$ppp_ip
fi
done &
-snap-
hth,
ali
Attachment:
pgpLRa_6vlCrH.pgp
Description: PGP signature