I had a concern about the default option with conntrack clearing in man3: What if a lower priority uplink drops out, I don't want all conntrack connections reset. So I did a little poking around and came up with the below to ensure connections aren't left open on lower priority uplinks while preventing the issue I was seeing.
For understanding my connection heiarchy is
- Ethernet WAN
- WiFi WAN
- Easytether TAP
- RNDIS USB
requires conntrack-tools
. /lib/functions/network.sh
#If ANY uplink goes into disconnected state, all connections for it should be deleted
if [ "${ACTION}" = "disconnected" ]; then
network_get_ipaddr NET_IP ${INTERFACE}
if [ ! -z NET_IP ]; then conntrack -D -n $NET_IP;fi
fi
#Just a framework for individual uplink disconnect events
if [ "${ACTION}" = "disconnected" ] && [ "${INTERFACE}" = "easytether" ]; then
##
elif [ "${ACTION}" = "disconnected" ] && [ "${INTERFACE}" = "usb" ]; then
##
elif [ "${ACTION}" = "disconnected" ] && [ "${INTERFACE}" = "wwan" ]; then
##
fi
#This pattern should be followed with higher priority uplinks entering the connected state
#One block for each lower priority uplink should be added. Here WWAN calls a reset
#of easytether, and WAN calls a reset of both easytether and wwan
if [ "${ACTION}" = "connected" ] && [ "${INTERFACE}" = "wwan" ]; then
network_get_ipaddr NET_IP easytether
if [ ! -z NET_IP ]; then conntrack -D -n $NET_IP;fi
elif [ "${ACTION}" = "connected" ] && [ "${INTERFACE}" = "wan"]; then
network_get_ipaddr NET_IP easytether
if [ ! -z NET_IP ]; then conntrack -D -n $NET_IP;fi
network_get_ipaddr NET_IP wwan
if [ ! -z NET_IP ]; then conntrack -D -n $NET_IP;fi
fi
+1. Actually, I am using "option flush_conntrack", but this is not so selective like your proposal, taking into account the prio (metric) of the interface concerned. I was considering already to implement something similar to your proposal within mwan3.user, or hot hotplug event. Having at least 2 interfaces (wan, wwan), or 3, sometimes (wifiwan, too), I am facing the requirement, to break a permanently active internet connection from one app, running on the router, ASAP because of switchover. App will re-establish connection, afterwards.
When wan (highest prio) is down, wwan active, the app has an active connection via wwan. In case, wan comes up again, this connection is still maintained for quite some time. Would be better, connection to be broken and then re-established. To use wan.
As long as the app handles connection resets gracefully, this seems to address the issues well.
Ive been streaming in plex all day, and i very rarely have the connection changes kill the stream. Other apps like youtube also handle this well, even when flapping from secondary to backup severaltimes in a 15 minute period.
If theres a complete loss and it results to blackhole, this is one situation that will cause an app failure. I also have an action to use ifdown ifup on my wireguard tunnels to make sure that they reconnect, it works great.
Just a note, when i was testing this the conntrack -D -n command was working and reporting deleted connections
However for reasons i dont quite know yet, this doesnt always work.
So for the time being, im supplementing this with a "ifdown easytether;ifup easytether" which does clear the connections that were getting pinned to the backup connection.
I cant confidently say yet if apps handle this well yet.
Thanx for clarification. The critical app, with always-active-connection to AWS-IoT, I did myself (lua). So, I can handle misbehaviour, I suppose.
Single connection apps like uploading an attachment to webmail, do not handle being reset in the middle of the connection.
Persistent connection apps like VPN, streaming media, etc...do handle being reset most of the time, because they can just reconnect with the same session ID and ask for the file in the last position.
So as long as your lua app can cache data and will re-try it's connection when it's existing connection TCP window expires, then it could be sucessfull.
In general, my browsing experience as a "home user" using mwan.user script I posted, I almost do not notice my connection flapping between two connections every 10 minutes unless I try to connect in the short window the higher priority connection fails or I try to send a medium email attachment. before the connection fails over/back