svc/conntrack: Add magic `down' peer tags.

The tags `down' and `down/ANYTHING' mean that no peer from the group
should be selected.

diff --git a/svc/conntrack.8.in b/svc/conntrack.8.in
index 3e4fc72521c35b05a33d557bfa289d0d294a68e2..3d1a54a4ed65f2df3647c34e2fa346f58d4bbceb 100644 (file)
--- a/svc/conntrack.8.in
+++ b/svc/conntrack.8.in
@@ -101,6 +101,14 @@ connecting the new one.  If no match is found in a particular group,
 then no peers in the group are connected.  Strange and unhelpful things
 will happen if you put the same peer in several different groups.
 .PP
+The tags
+.B down
+and
+.BI down/ anything
+are special and mean that no peer from the group should be active.  This
+is useful for detecting a `home' network, where a VPN is unnecessary
+(or, worse, break routing completely).
+.PP
 The notion of `current IP address' is somewhat vague.  The
 .B conntrack
 service calculates it as the source address that the host would put on

diff --git a/svc/conntrack.in b/svc/conntrack.in
index 827598fe211e20b1e8123c5f0fbffb63efb53393..a7431321619423310c288ce43bd35b958f98ae7a 100644 (file)
--- a/svc/conntrack.in
+++ b/svc/conntrack.in
@@ -253,7 +253,10 @@ def kickpeers():
         if upness and ip is None and \
               ipq is not None and (ipq & m) == a:
           map[t] = 'up'
-          want = t
+          if t == 'down' or t.startswith('down/'):
+            want = None
+          else:
+            want = t
           ip = ipq
         else:
           map[t] = 'down'