Updated CHANGELOG, README and version #s

netfoundry · Sep 2, 2024 · 65fa13b · 65fa13b
1 parent cb242e2
commit 65fa13b
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+###
+# [0.8.16] - 2024-09-02
+- Fixed incorrect waitpid success/failure conditional checks in zfw.c and zfw_tunnel_wrapper.c.  This did not cause an operational issue but would not
+  report correctly in case system call failures.
+- Updated README with latest ```zfw -Q``` printout. 
+
 ###
 # [0.8.15] - 2024-08-26
 - Refactored all startup scripts to default InternalInterfaces to have outbound tracking enabled

diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ This function requires that both ingress and egress TC filters are enabled on ou
 static PAT.  Note: When running on later kernels i.e. 6+ some older network hardware may not work with ebpf Dynamic PAT.   
 
 ### Explicit Deny Rules
-This feature adds the ability to enter explicit deny rules by appending ```-d, --disable to the -I, --insert rule``` to both ingress and egress rules.  Rule precedence is based on longest match prefix.  If the prefix is the same then the precedence follows the order entry of the rules, which when listed will go from top to bottom for ports with in the same prefix e.g.  
+This feature adds the ability to enter explicit deny rules by appending ```-d, --disable``` to the ```-I, --insert rule``` to either ingress or egress rules.  Rule precedence is based on longest match prefix.  If the prefix is the same then the precedence follows the order entry of the rules, which when listed will go from top to bottom for ports with in the same prefix e.g.  
 
 If you wanted to allow all tcp 443 traffic outbound except to 10.1.0.0/16 you would enter the following egress rules:
 

diff --git a/src/zfw.c b/src/zfw.c
@@ -246,7 +246,7 @@ char *direction_string;
 char *masq_interface;
 char check_alt[IF_NAMESIZE];
 
-const char *argp_program_version = "0.8.15";
+const char *argp_program_version = "0.8.16";
 struct ring_buffer *ring_buffer;
 
 __u32 if_list[MAX_IF_LIST_ENTRIES];

diff --git a/src/zfw_monitor.c b/src/zfw_monitor.c
@@ -85,7 +85,7 @@ char check_alt[IF_NAMESIZE];
 char doc[] = "zfw_monitor -- ebpf firewall monitor tool";
 const char *rb_map_path = "/sys/fs/bpf/tc/globals/rb_map";
 const char *tproxy_map_path = "/sys/fs/bpf/tc/globals/zt_tproxy_map";
-const char *argp_program_version = "0.8.15";
+const char *argp_program_version = "0.8.16";
 union bpf_attr rb_map;
 int rb_fd = -1;