From 0369562e376225d56fb5c2f38f0842d89553330b Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 4 Oct 2006 18:04:24 +0000 Subject: [PATCH] Make log scanning more independent of LOGFORMAT git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4626 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-lite/shorewall-lite | 4 ++-- Shorewall/changelog.txt | 2 +- Shorewall/lib.nat | 1 - Shorewall/lib.tcrules | 4 ++-- Shorewall/shorewall | 4 ++-- docs/PacketMarking.xml | 11 +++++------ web/shorewall_index.htm | 10 +++++----- 7 files changed, 17 insertions(+), 19 deletions(-) diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite index 1c94ed4a4..6e46fcb0e 100755 --- a/Shorewall-lite/shorewall-lite +++ b/Shorewall-lite/shorewall-lite @@ -252,12 +252,12 @@ packet_log() # $1 = number of messages [ -n "$realtail" ] && options="-n$1" if [ -n "$SHOWMACS" -o $VERBOSE -gt 2 ]; then - grep "${LOGFORMAT}" $LOGFILE | \ + grep 'IN=.* OUT=' $LOGFILE | \ sed s/" kernel:"// | \ sed s/" $host $LOGFORMAT"/" "/ | \ tail $options else - grep "${LOGFORMAT}" $LOGFILE | \ + grep 'IN=.* OUT=' $LOGFILE | \ sed s/" kernel:"// | \ sed s/" $host $LOGFORMAT"/" "/ | \ sed 's/MAC=.* SRC=/SRC=/' | \ diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index ed4f964ad..212df4609 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,6 +1,6 @@ Changes in 3.3.3 -1) Fix exclusing in SUBNET column. +1) Fix excluding in SUBNET column. 2) Add logical AND and OR support for tcrules. diff --git a/Shorewall/lib.nat b/Shorewall/lib.nat index b952b6797..4ee359392 100644 --- a/Shorewall/lib.nat +++ b/Shorewall/lib.nat @@ -393,7 +393,6 @@ networks="\$(get_routed_networks $detectinterface)" for network in \$networks; do __EOF__ for destnet in $(separate_list $destnets); do - indent >&3 << __EOF__ run_iptables -t nat -A $chain -s \$network $(dest_ip_range $destnet) $proto $ports $policy -j $target $addrlist __EOF__ diff --git a/Shorewall/lib.tcrules b/Shorewall/lib.tcrules index 8cb6cdce3..5d487dad8 100644 --- a/Shorewall/lib.tcrules +++ b/Shorewall/lib.tcrules @@ -266,7 +266,7 @@ process_tc_rule() ;; \|*) [ $chain = tcpost ] && fatal_error "Invalid class ID: $mark" - [ -n "$did_connmark" ] && fatal_error "OR not valid with :C[FP]" + [ -n "$did_connmark" ] && fatal_error "Logical OR not valid with :C[FP]" target="MARK --or-mark" mark=${mark#|} validate_mark $mark @@ -276,7 +276,7 @@ process_tc_rule() ;; \&*) [ $chain = tcpost ] && fatal_error "Invalid class ID: $mark" - [ -n "$did_connmark" ] && fatal_error "AND not valid with :C[FP]" + [ -n "$did_connmark" ] && fatal_error "Logical AND not valid with :C[FP]" target="MARK --and-mark" mark=${mark#&} validate_mark $mark diff --git a/Shorewall/shorewall b/Shorewall/shorewall index bb0980de3..20d20cbd6 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -312,12 +312,12 @@ packet_log() # $1 = number of messages [ -n "$realtail" ] && options="-n$1" if [ -n "$SHOWMACS" -o $VERBOSE -gt 2 ]; then - grep "${LOGFORMAT}" $LOGFILE | \ + grep 'IN=.* OUT=' $LOGFILE | \ sed s/" kernel:"// | \ sed s/" $host $LOGFORMAT"/" "/ | \ tail $options else - grep "${LOGFORMAT}" $LOGFILE | \ + grep 'IN=.* OUT=' $LOGFILE | \ sed s/" kernel:"// | \ sed s/" $host $LOGFORMAT"/" "/ | \ sed 's/MAC=.* SRC=/SRC=/' | \ diff --git a/docs/PacketMarking.xml b/docs/PacketMarking.xml index f32016fd8..9a4928e05 100644 --- a/docs/PacketMarking.xml +++ b/docs/PacketMarking.xml @@ -225,12 +225,11 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport= As hinted above, marking rules can specify both a mark value and a - mask. The mask determines the subset of the 32 bits in the mark are to be - used in the operation — only those bits that are on in the mask are - manipulated when the rule is executed. For entries in tcrules, - Shorewall-generated rules use a mask value that depends on which program - the rule is part of, what the rule does, and the setting of - HIGH_ROUTE_MARKS. + mask. The mask determines the subset of the 32 bits in the mark to be used + in the operation — only those bits that are on in the mask are manipulated + when the rule is executed. For entries in tcrules, Shorewall-generated + rules use a mask value that depends on which program the rule is part of, + what the rule does, and the setting of HIGH_ROUTE_MARKS. For entries in tcrules, the default mask value is 0xffff except in these cases: diff --git a/web/shorewall_index.htm b/web/shorewall_index.htm index 836335aef..66aba9eb9 100644 --- a/web/shorewall_index.htm +++ b/web/shorewall_index.htm @@ -18,13 +18,13 @@ notes and here are the known problems and updates.

-

The current Development Version is 3.3.1 -- Get it from the +

The current Development Version is 3.3.2 -- Get it from the download sites. Here are the release + href="http://www1.shorewall.net/pub/shorewall/development/3.3/shorewall-3.3.2/releasenotes.txt">release notes and here are the known + href="http://www.shorewall.net/pub/shorewall/development/3.3/shorewall-3.3.2/known_problems.txt">known problems and updates.updates.

Copyright @@ -36,7 +36,7 @@ Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.

-

2006-09-26

+

2006-09-30

Table of Contents

Introduction