From c75e3a93c089ce958fac60a83a4e897e12ccd03b Mon Sep 17 00:00:00 2001 From: Deepti Kulkarni Date: Sat, 3 Mar 2012 02:23:05 -0800 Subject: new branch --- .frlog | 1 + 1 file changed, 1 insertion(+) diff --git a/.frlog b/.frlog index 4fbe4cb..92c8104 100644 --- a/.frlog +++ b/.frlog @@ -1,3 +1,4 @@ Fri Nov 4 05:42:12 NOVT 2011: [Force build] at [debian/0.1] Wed Jan 4 01:55:59 NOVT 2012: [Force release] at [debian/0.26] Tue Jan 31 11:14:11 PST 2012: [reset epoch] at [debian/0.27] +Sat Mar 3 02:23:05 PST 2012: [new branch] at [debian/0.28] -- cgit v1.2.3 From d9f9ee7c8ed1634853f6064340f8a2ac96efa913 Mon Sep 17 00:00:00 2001 From: Deepti Kulkarni Date: Sat, 3 Mar 2012 02:23:06 -0800 Subject: 0.28+oxnard1 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 9934a86..c30146f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-conntrack (0.28+oxnard1) unstable; urgency=low + + * new branch + + -- Deepti Kulkarni Sat, 03 Mar 2012 02:23:06 -0800 + vyatta-conntrack (0.28) unstable; urgency=low * reset epoch -- cgit v1.2.3 From e9e6c678e9f133ba8645b26f107650a9a103768c Mon Sep 17 00:00:00 2001 From: Gaurav Sinha Date: Fri, 16 Mar 2012 15:41:31 -0700 Subject: fixing 7866 --- scripts/vyatta-delete-conntrack.pl | 18 ++++++++++++++---- scripts/vyatta-show-conntrack.pl | 17 +++++++++++++---- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/scripts/vyatta-delete-conntrack.pl b/scripts/vyatta-delete-conntrack.pl index 96f176d..ccd69de 100755 --- a/scripts/vyatta-delete-conntrack.pl +++ b/scripts/vyatta-delete-conntrack.pl @@ -99,10 +99,20 @@ sub print_data_from_xml { $timeout, $state_connection); $proto = $proto{original}; $protonum = $protonum{original}; - $in_src = "$src{original}"; - $in_src .= ":$sport{original}" if defined $sport{original}; - $in_dst = "$dst{original}"; - $in_dst .= ":$dport{original}" if defined $dport{original}; + if (( $family eq 'ipv6') and (defined $sport{original})) { + $in_src = "\[$src{original}]:$sport{original}"; + } else { + $in_src = "$src{original}"; + $in_src .= ":$sport{original}" if defined $sport{original}; + } + + if (( $family eq 'ipv6') and (defined $dport{original})) { + $in_dst = "\[$dst{original}]:$dport{original}"; + } else { + $in_dst = "$dst{original}"; + $in_dst .= ":$dport{original}" if defined $dport{original}; + } + $connection_id = "$connection_id_ref"; $timeout = "$timeout_ref"; diff --git a/scripts/vyatta-show-conntrack.pl b/scripts/vyatta-show-conntrack.pl index bfbc63e..57a9799 100755 --- a/scripts/vyatta-show-conntrack.pl +++ b/scripts/vyatta-show-conntrack.pl @@ -80,10 +80,19 @@ sub print_xml { $timeout, $state_connection); $proto = $proto{original}; $protonum = $protonum{original}; - $in_src = "$src{original}"; - $in_src .= ":$sport{original}" if defined $sport{original}; - $in_dst = "$dst{original}"; - $in_dst .= ":$dport{original}" if defined $dport{original}; + if (( $family eq 'ipv6') and (defined $sport{original})) { + $in_src = "\[$src{original}]:$sport{original}"; + } else { + $in_src = "$src{original}"; + $in_src .= ":$sport{original}" if defined $sport{original}; + } + + if (( $family eq 'ipv6') and (defined $dport{original})) { + $in_dst = "\[$dst{original}]:$dport{original}"; + } else { + $in_dst = "$dst{original}"; + $in_dst .= ":$dport{original}" if defined $dport{original}; + } $connection_id = "$connection_id_ref"; $timeout = "$timeout_ref"; -- cgit v1.2.3 From 613330a8acca0535df5bc1fc839fb29ce1261272 Mon Sep 17 00:00:00 2001 From: Gaurav Sinha Date: Fri, 16 Mar 2012 15:42:47 -0700 Subject: 0.28+oxnard2 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index c30146f..a2dc273 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-conntrack (0.28+oxnard2) unstable; urgency=low + + * fixing 7866 + + -- Gaurav Sinha Fri, 16 Mar 2012 15:42:47 -0700 + vyatta-conntrack (0.28+oxnard1) unstable; urgency=low * new branch -- cgit v1.2.3 From 9e6dec7e0fbf269074a15b0fcfa0aee2e4cc43fb Mon Sep 17 00:00:00 2001 From: Gaurav Date: Tue, 20 Mar 2012 18:49:18 -0700 Subject: 0.28+oxnard3 --- debian/changelog | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/debian/changelog b/debian/changelog index a2dc273..30d76f1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,58 @@ +vyatta-conntrack (0.28+oxnard3) unstable; urgency=low + + [ Deepti Kulkarni ] + * new branch + * 0.28+oxnard1 + + [ Gaurav Sinha ] + * fixing 7866 + * 0.28+oxnard2 + * Initial commit for per-flow timeout CLI + * Removed unwanted address-group/network group etc. from CLI + * adding an initial version of conntrack-timeouts script + * timeouts script, and new nodes + + [ Gaurav ] + * timeout script, similar to firewall one, with a few differences. + * Adding rule and address setup/parsing libraries + * Removing newly added file AddressFilterCT.pm. + * removing AddressFilterCT.pm + * modified to use AddressFilter from IpTables + * adding various timers in custom rule template + * changing structure of hashes kept for timeouts + * Add function to create nfct-timeout policy + * Fixing templates to avoid defaults since these rules override the + global defaults + * Fixing nfct-command string:only modified timer is included in the + command + * Removed default timeouts for override udp/icmp/other, fixed minor + bugs + * Error checks for ports with other/icmp, as not allowed + * Adding deletion, error handling etc. + * adding apply/remove policy function, still dummy + * add run_cmd function with error checking + * re-factored + * handle modification, disabled error handling for now as iptables + does not support timeout target yet + * do_protocol_check function, mandates one protocol subtree per rule + max + * Updated help strings to avoid confusion with global timeouts + * check presence of protocol config subtree + * Using connection instead of flow to refer to 5 tuple in help strings + * changing nfct-timeout to nfct timeout + * use right path of the nfct executable + + [ Gaurav Sinha ] + * use add instead of create, use inet, pre-pend protocol to iptables + rule + * fixed generic timeout, udp stream->replied and other->unreplied, + fixed bug with protocol string comparision + * delete nfct fixed, use only policy name, modified deletion function + + [ Gaurav ] + + -- Gaurav Tue, 20 Mar 2012 18:49:18 -0700 + vyatta-conntrack (0.28+oxnard2) unstable; urgency=low * fixing 7866 -- cgit v1.2.3