From aa62419e5ba92a0cdd8ceb487e9b9b819cf357d0 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 16 Jan 2020 21:00:46 +0100 Subject: luci-app-firewall: support 'DSCP' action and matches for rules Signed-off-by: Jo-Philipp Wich --- .../luci-static/resources/view/firewall/rules.js | 86 ++++++++++++++++++++-- 1 file changed, 80 insertions(+), 6 deletions(-) (limited to 'applications/luci-app-firewall') diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js index f26457140..9d8d8d155 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js @@ -395,6 +395,7 @@ return L.view.extend({ o.value('HELPER', _('assign conntrack helper')); o.value('MARK_SET', _('apply firewall mark')); o.value('MARK_XOR', _('XOR firewall mark')); + o.value('DSCP', _('DSCP classification')); o.cfgvalue = function(section_id) { var t = uci.get('firewall', section_id, 'target'), m = uci.get('firewall', section_id, 'set_mark'); @@ -413,9 +414,6 @@ return L.view.extend({ o.rmempty = false; o.depends('target', 'MARK_SET'); o.validate = function(section_id, value) { - if (value == '') - return true; - var m = String(value).match(/^(0x[0-9a-f]{1,8}|[0-9]{1,10})(?:\/(0x[0-9a-f]{1,8}|[0-9]{1,10}))?$/i); if (!m || +m[1] > 0xffffffff || (m[2] != null && +m[2] > 0xffffffff)) @@ -429,9 +427,6 @@ return L.view.extend({ o.rmempty = false; o.depends('target', 'MARK_XOR'); o.validate = function(section_id, value) { - if (value == '') - return true; - var m = String(value).match(/^(0x[0-9a-f]{1,8}|[0-9]{1,10})(?:\/(0x[0-9a-f]{1,8}|[0-9]{1,10}))?$/i); if (!m || +m[1] > 0xffffffff || (m[2] != null && +m[2] > 0xffffffff)) @@ -440,6 +435,44 @@ return L.view.extend({ return true; }; + o = s.taboption('general', form.Value, 'set_dhcp', _('DSCP mark'), _('Apply the given DSCP class or value to established connections.')); + o.modalonly = true; + o.rmempty = false; + o.depends('target', 'DSCP'); + o.value('CS0'); + o.value('CS1'); + o.value('CS2'); + o.value('CS3'); + o.value('CS4'); + o.value('CS5'); + o.value('CS6'); + o.value('CS7'); + o.value('BE'); + o.value('AF11'); + o.value('AF12'); + o.value('AF13'); + o.value('AF21'); + o.value('AF22'); + o.value('AF23'); + o.value('AF31'); + o.value('AF32'); + o.value('AF33'); + o.value('AF41'); + o.value('AF42'); + o.value('AF43'); + o.value('EF'); + o.validate = function(section_id, value) { + if (value == '') + return _('DSCP mark required'); + + var m = String(value).match(/^(?:CS[0-7]|BE|AF[1234][123]|EF|(0x[0-9a-f]{1,2}|[0-9]{1,2}))$/); + + if (!m || (m[1] != null && +m[1] > 0x3f)) + return _('Invalid DSCP mark'); + + return true; + }; + o = s.taboption('general', form.ListValue, 'set_helper', _('Tracking helper'), _('Assign the specified connection tracking helper to matched traffic.')); o.modalonly = true; o.placeholder = _('any'); @@ -481,6 +514,47 @@ return L.view.extend({ return true; }; + o = s.taboption('advanced', form.Value, 'dscp', _('Match DSCP'), + _('Matches traffic carrying the specified DSCP marking.')); + o.modalonly = true; + o.rmempty = true; + o.placeholder = _('any'); + o.value('CS0'); + o.value('CS1'); + o.value('CS2'); + o.value('CS3'); + o.value('CS4'); + o.value('CS5'); + o.value('CS6'); + o.value('CS7'); + o.value('BE'); + o.value('AF11'); + o.value('AF12'); + o.value('AF13'); + o.value('AF21'); + o.value('AF22'); + o.value('AF23'); + o.value('AF31'); + o.value('AF32'); + o.value('AF33'); + o.value('AF41'); + o.value('AF42'); + o.value('AF43'); + o.value('EF'); + o.validate = function(section_id, value) { + if (value == '') + return true; + + value = String(value).replace(/^!\s*/, ''); + + var m = value.match(/^(?:CS[0-7]|BE|AF[1234][123]|EF|(0x[0-9a-f]{1,2}|[0-9]{1,2}))$/); + + if (!m || +m[1] > 0xffffffff || (m[2] != null && +m[2] > 0xffffffff)) + return _('Invalid DSCP mark'); + + return true; + }; + o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'), _('Passes additional arguments to iptables. Use with care!')); o.modalonly = true; -- cgit v1.2.3