kill established connections only on fw/monitor changes

evilsocket · May 19, 2024 · 661e3da · 661e3da
1 parent 8c25c3f
commit 661e3da
Showing 1 changed file with 9 additions and 7 deletions.
diff --git a/daemon/ui/config_utils.go b/daemon/ui/config_utils.go
@@ -165,11 +165,13 @@ func (c *Client) reloadConfiguration(reload bool, newConfig config.Config) *moni
 		log.Debug("[config] config.rules.path not changed")
 	}
 
+	reloadFw := false
 	if c.GetFirewallType() != newConfig.Firewall ||
 		newConfig.FwOptions.ConfigPath != c.config.FwOptions.ConfigPath ||
 		newConfig.FwOptions.QueueNum != c.config.FwOptions.QueueNum ||
 		newConfig.FwOptions.MonitorInterval != c.config.FwOptions.MonitorInterval {
 		log.Debug("[config] reloading config.firewall")
+		reloadFw = true
 
 		firewall.Reload(
 			newConfig.Firewall,
@@ -181,13 +183,6 @@ func (c *Client) reloadConfiguration(reload bool, newConfig config.Config) *moni
 		log.Debug("[config] config.firewall not changed")
 	}
 
-	if newConfig.Internal.FlushConnsOnStart {
-		log.Debug("[config] flushing established connections")
-		netlink.FlushConnections()
-	} else {
-		log.Debug("[config] not flushing established connections")
-	}
-
 	reloadProc := false
 	if c.config.ProcMonitorMethod == "" ||
 		newConfig.ProcMonitorMethod != c.config.ProcMonitorMethod {
@@ -213,5 +208,12 @@ func (c *Client) reloadConfiguration(reload bool, newConfig config.Config) *moni
 		log.Debug("[config] config.procmon not changed")
 	}
 
+	if (reloadProc || reloadFw) && newConfig.Internal.FlushConnsOnStart {
+		log.Debug("[config] flushing established connections")
+		netlink.FlushConnections()
+	} else {
+		log.Debug("[config] not flushing established connections")
+	}
+
 	return nil
 }