From 475b8111718ea4eec058bb9db108ca055334dafc Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 3 Feb 2011 09:57:59 -0800 Subject: [PATCH] Document accounting fixes --- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 23 ++++++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 2b0f4556f..fbd285d45 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -10,6 +10,8 @@ Changes in Shorewall 4.4.17 RC 1 5) Several fixes to IPv6 tcfilters. +6) Correct three issues in per-IP accounting. + Changes in Shorewall 4.4.17 Beta 3 1) Allow run-time address variables in the masq file. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index ce13a7eda..ef4ce7118 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -39,7 +39,28 @@ RC 1 compile time. c) There is now an ipv6 tcfilters skeleton included with - Shorewall6. + Shorewall6. + +3) Several issues with accounting are corrected. + + a) If an accounting rule of the form: + + chain1 chain2 + + was configured and neither chain was referenced again in the + configuration, then an internal error was generated when + optimize level 4 was selected and OPTIMIZE_ACCOUNTING=Yes. + + b) If there was only a single accounting rule and that rule + specified an interface in the SOURCE or DEST columns, then the + generated ruleset would fail to load when + OPTIMIZE_ACCOUNTING=Yes. + + c) If a per-IP accounting table name appeared in more than one + rule and the specified network was not the same in all + occurrences, then the generated ruleset would fail to load. + + This is now flagged as an error at compile time. Beta 3