hi list, on my wrt54gs i use the following scrip to flush stale voip connections from the conntrack table when my isp kicks me and my pppd gets a new ip on reconnect. although i wrote it for this one purpose it should point out what to tweak to get rid of stale conntrack-entries w/o unloading the module (hint: there are more interesting files in /proc/sys/net/ipv4/netfilter/).
-snip-
#!/bin/ash
ppp_ip=foo
ppp_ip_old=bar
rm /tmp/conntrack_fix.log
udpstimeout=180
udptimeout=30
while true ; do ppp_ip=$(ifconfig ppp0 |grep inet |awk '{print $2}' |sed
's/addr:\(\)/\1/')
if [ x"$ppp_ip" = x"$ppp_ip_old" ] ; then
sleep 10
elif [ x"$ppp_ip_old" = x"bar" ] ; then
ppp_ip_old=$ppp_ip
else
echo "ppp ip changed: $ppp_ip_old -> $ppp_ip" >>
/tmp/conntrack_fix.log
while (cat /proc/net/ip_conntrack |grep 5060 |grep -v
"dst=$ppp_ip" \
|| cat /proc/net/ip_conntrack |grep 5036 |grep -v "dst=$ppp_ip"
\
|| cat /proc/net/ip_conntrack |grep 4569 |grep -v
"dst=$ppp_ip") ; do
echo "trying to flush conntrack cache" >>
/tmp/conntrack_fix.log
echo 0 >
/proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
echo 0 >
/proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
sleep 10
echo $udpstimeout >
/proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
echo $udptimeout >
/proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
done
ppp_ip_old=$ppp_ip
fi
done &
-snap-
hth,
ali
pgp2EFznSNXVq.pgp
Description: PGP signature
