summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2020-01-16 21:00:46 +0100
committerJo-Philipp Wich <jo@mein.io>2020-01-16 21:00:46 +0100
commitaa62419e5ba92a0cdd8ceb487e9b9b819cf357d0 (patch)
tree595f3091a344a6a48e10c74d5e5701f4932bc1b7
parent3c0fcf49d4f1a5ee95a82eba50f43e0c2ad67aa7 (diff)
luci-app-firewall: support 'DSCP' action and matches for rules
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r--applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js86
1 files changed, 80 insertions, 6 deletions
diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
index f26457140f..9d8d8d1559 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@@ -395,6 +395,7 @@ return L.view.extend({
o.value('HELPER', _('assign conntrack helper'));
o.value('MARK_SET', _('apply firewall mark'));
o.value('MARK_XOR', _('XOR firewall mark'));
+ o.value('DSCP', _('DSCP classification'));
o.cfgvalue = function(section_id) {
var t = uci.get('firewall', section_id, 'target'),
m = uci.get('firewall', section_id, 'set_mark');
@@ -413,9 +414,6 @@ return L.view.extend({
o.rmempty = false;
o.depends('target', 'MARK_SET');
o.validate = function(section_id, value) {
- if (value == '')
- return true;
-
var m = String(value).match(/^(0x[0-9a-f]{1,8}|[0-9]{1,10})(?:\/(0x[0-9a-f]{1,8}|[0-9]{1,10}))?$/i);
if (!m || +m[1] > 0xffffffff || (m[2] != null && +m[2] > 0xffffffff))
@@ -429,9 +427,6 @@ return L.view.extend({
o.rmempty = false;
o.depends('target', 'MARK_XOR');
o.validate = function(section_id, value) {
- if (value == '')
- return true;
-
var m = String(value).match(/^(0x[0-9a-f]{1,8}|[0-9]{1,10})(?:\/(0x[0-9a-f]{1,8}|[0-9]{1,10}))?$/i);
if (!m || +m[1] > 0xffffffff || (m[2] != null && +m[2] > 0xffffffff))
@@ -440,6 +435,44 @@ return L.view.extend({
return true;
};
+ o = s.taboption('general', form.Value, 'set_dhcp', _('DSCP mark'), _('Apply the given DSCP class or value to established connections.'));
+ o.modalonly = true;
+ o.rmempty = false;
+ o.depends('target', 'DSCP');
+ o.value('CS0');
+ o.value('CS1');
+ o.value('CS2');
+ o.value('CS3');
+ o.value('CS4');
+ o.value('CS5');
+ o.value('CS6');
+ o.value('CS7');
+ o.value('BE');
+ o.value('AF11');
+ o.value('AF12');
+ o.value('AF13');
+ o.value('AF21');
+ o.value('AF22');
+ o.value('AF23');
+ o.value('AF31');
+ o.value('AF32');
+ o.value('AF33');
+ o.value('AF41');
+ o.value('AF42');
+ o.value('AF43');
+ o.value('EF');
+ o.validate = function(section_id, value) {
+ if (value == '')
+ return _('DSCP mark required');
+
+ var m = String(value).match(/^(?:CS[0-7]|BE|AF[1234][123]|EF|(0x[0-9a-f]{1,2}|[0-9]{1,2}))$/);
+
+ if (!m || (m[1] != null && +m[1] > 0x3f))
+ return _('Invalid DSCP mark');
+
+ return true;
+ };
+
o = s.taboption('general', form.ListValue, 'set_helper', _('Tracking helper'), _('Assign the specified connection tracking helper to matched traffic.'));
o.modalonly = true;
o.placeholder = _('any');
@@ -481,6 +514,47 @@ return L.view.extend({
return true;
};
+ o = s.taboption('advanced', form.Value, 'dscp', _('Match DSCP'),
+ _('Matches traffic carrying the specified DSCP marking.'));
+ o.modalonly = true;
+ o.rmempty = true;
+ o.placeholder = _('any');
+ o.value('CS0');
+ o.value('CS1');
+ o.value('CS2');
+ o.value('CS3');
+ o.value('CS4');
+ o.value('CS5');
+ o.value('CS6');
+ o.value('CS7');
+ o.value('BE');
+ o.value('AF11');
+ o.value('AF12');
+ o.value('AF13');
+ o.value('AF21');
+ o.value('AF22');
+ o.value('AF23');
+ o.value('AF31');
+ o.value('AF32');
+ o.value('AF33');
+ o.value('AF41');
+ o.value('AF42');
+ o.value('AF43');
+ o.value('EF');
+ o.validate = function(section_id, value) {
+ if (value == '')
+ return true;
+
+ value = String(value).replace(/^!\s*/, '');
+
+ var m = value.match(/^(?:CS[0-7]|BE|AF[1234][123]|EF|(0x[0-9a-f]{1,2}|[0-9]{1,2}))$/);
+
+ if (!m || +m[1] > 0xffffffff || (m[2] != null && +m[2] > 0xffffffff))
+ return _('Invalid DSCP mark');
+
+ return true;
+ };
+
o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
_('Passes additional arguments to iptables. Use with care!'));
o.modalonly = true;