Selectively flush conntrack

Record active IP addresses in firewall state file and trigger conntrack flush for changed IP addresses on firewall reload. Additionally trigger a complete flush on the first firewall start in order to clear out streams which might have bypassed the masquerading rules. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
author: Jo-Philipp Wich <jow@openwrt.org> 2014-08-06 19:00:18 +0200
committer: Jo-Philipp Wich <jow@openwrt.org> 2014-08-11 11:34:19 +0200
commit: 2807cc26b8e46eef5f23c06534a853dd48183331 (patch)
tree: a5676af6d0bd293e1f3bd01442b4cb43121d54bd /utils.h
parent: 91953d6a6e90df988f442f53097bd208784a295d (diff)
download: firewall3-2807cc26b8e46eef5f23c06534a853dd48183331.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/utils.h b/utils.h
index d2e1aa6..834d979 100644
--- a/utils.h
+++ b/utils.h
@@ -28,6 +28,8 @@
 #include <sys/stat.h>
 #include <sys/wait.h>
 #include <sys/file.h>
+#include <sys/types.h>
+#include <ifaddrs.h>
 
 #include <libubox/list.h>
 #include <uci.h>
@@ -99,4 +101,6 @@ int fw3_netmask2bitlen(int family, void *mask);
 
 bool fw3_bitlen2netmask(int family, int bits, void *mask);
 
+void fw3_flush_conntrack(void *zone);
+
 #endif
author	Jo-Philipp Wich <jow@openwrt.org>	2014-08-06 19:00:18 +0200
committer	Jo-Philipp Wich <jow@openwrt.org>	2014-08-11 11:34:19 +0200
commit	2807cc26b8e46eef5f23c06534a853dd48183331 (patch)
tree	a5676af6d0bd293e1f3bd01442b4cb43121d54bd /utils.h
parent	91953d6a6e90df988f442f53097bd208784a295d (diff)
download	firewall3-2807cc26b8e46eef5f23c06534a853dd48183331.tar.gz