Commit 68bb3fa5 authored by Franco Fichtner's avatar Franco Fichtner

firewall: remove non-standard dscp feature

FreeBSD never implemented this.  OpenBSD did it differently and
more consequently: the `tos' tag of pf.conf(4) was properly extended
and their pf(4) can only be used to set the DSCP bit for symmetry
and general usefulness.  Until this comes back around to FreeBSD,
we'll leave it out.
parent 93be8b94
...@@ -2415,7 +2415,7 @@ function filter_generate_user_rule(&$FilterIflist, $rule) ...@@ -2415,7 +2415,7 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
$int = ""; $int = "";
$aline = array(); $aline = array();
// initialize array with empty tags // initialize array with empty tags
foreach (array('schedlabel','divert','icmp-type','icmp6-type','tag','tagged','dscp','route','os','reply','prot','log') as $tag) { foreach (array('schedlabel','divert','icmp-type','icmp6-type','tag','tagged','route','os','reply','prot','log') as $tag) {
$aline[$tag] = ""; $aline[$tag] = "";
} }
...@@ -2591,19 +2591,6 @@ function filter_generate_user_rule(&$FilterIflist, $rule) ...@@ -2591,19 +2591,6 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
if (!empty($rule['tagged'])) { if (!empty($rule['tagged'])) {
$aline['tagged'] = " tagged " .$rule['tagged'] . " "; $aline['tagged'] = " tagged " .$rule['tagged'] . " ";
} }
if (!empty($rule['dscp'])) {
switch (strtolower($rule['dscp'])) {
case 'va': $aline['dscp'] = " dscp 44 "; break;
case 'cs1': $aline['dscp'] = " dscp 8 "; break;
case 'cs2': $aline['dscp'] = " dscp 16 "; break;
case 'cs3': $aline['dscp'] = " dscp 24 "; break;
case 'cs4': $aline['dscp'] = " dscp 32 "; break;
case 'cs5': $aline['dscp'] = " dscp 40 "; break;
case 'cs6': $aline['dscp'] = " dscp 48 "; break;
case 'cs7': $aline['dscp'] = " dscp 56 "; break;
default: $aline['dscp'] = " dscp " . $rule['dscp'] . " "; break;
}
}
$aline['allowopts'] = ""; $aline['allowopts'] = "";
if ($type == "pass") { if ($type == "pass") {
if (isset($rule['allowopts'])) { if (isset($rule['allowopts'])) {
...@@ -2765,13 +2752,13 @@ function filter_generate_user_rule(&$FilterIflist, $rule) ...@@ -2765,13 +2752,13 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] .
$aline['interface'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['interface'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] .
$negate_networks . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] . $negate_networks . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] .
$aline['dscp'] . $aline['allowopts'] . $aline['flags'] . $aline['schedlabel'] . $aline['allowopts'] . $aline['flags'] . $aline['schedlabel'] .
" label \"NEGATE_ROUTE: Negate policy routing for destination\"\n"; " label \"NEGATE_ROUTE: Negate policy routing for destination\"\n";
} }
/* piece together the actual user rule */ /* piece together the actual user rule */
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] .
$aline['reply'] . $aline['route'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] . $aline['reply'] . $aline['route'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] .
$aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . $aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] .
$aline['allowopts'] . $aline['flags'] . $aline['schedlabel']; $aline['allowopts'] . $aline['flags'] . $aline['schedlabel'];
unset($aline); unset($aline);
......
...@@ -3274,24 +3274,6 @@ function upgrade_105_to_106() { ...@@ -3274,24 +3274,6 @@ function upgrade_105_to_106() {
} }
} }
function upgrade_108_to_109()
{
global $config;
if (!isset($config['filter']['rule']) || !is_array($config['filter']['rule']))
return;
foreach ($config['filter']['rule'] as &$rule) {
if (!isset($rule['dscp']) || empty($rule['dscp']))
continue;
$pos = strpos($rule['dscp'], ' ');
if ($pos !== false)
$rule['dscp'] = substr($rule['dscp'], 0, $pos);
unset($pos);
}
}
function upgrade_109_to_110() function upgrade_109_to_110()
{ {
global $config; global $config;
......
...@@ -148,7 +148,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -148,7 +148,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} }
// define form fields // define form fields
$config_fields = array('interface','type','direction','ipprotocol','protocol','icmptype','os','dscp','disabled','log' $config_fields = array('interface','type','direction','ipprotocol','protocol','icmptype','os','disabled','log'
,'descr','tcpflags_any','tcpflags1','tcpflags2','tag','tagged','quick','allowopts' ,'descr','tcpflags_any','tcpflags1','tcpflags2','tag','tagged','quick','allowopts'
,'disablereplyto','max','max-src-nodes','max-src-conn','max-src-states','statetype' ,'disablereplyto','max','max-src-nodes','max-src-conn','max-src-states','statetype'
,'statetimeout','nopfsync','nosync','max-src-conn-rate','max-src-conn-rates','gateway','sched' ,'statetimeout','nopfsync','nosync','max-src-conn-rate','max-src-conn-rates','gateway','sched'
...@@ -412,7 +412,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -412,7 +412,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$filterent = array(); $filterent = array();
// 1-on-1 copy of form values // 1-on-1 copy of form values
$copy_fields = array('type', 'interface', 'ipprotocol', 'tag', 'tagged', 'max', 'max-src-nodes' $copy_fields = array('type', 'interface', 'ipprotocol', 'tag', 'tagged', 'max', 'max-src-nodes'
, 'max-src-conn', 'max-src-states', 'statetimeout', 'statetype', 'os', 'dscp', 'descr', 'gateway' , 'max-src-conn', 'max-src-states', 'statetimeout', 'statetype', 'os', 'descr', 'gateway'
, 'sched', 'associated-rule-id', 'direction', 'quick' , 'sched', 'associated-rule-id', 'direction', 'quick'
, 'max-src-conn-rate', 'max-src-conn-rates') ; , 'max-src-conn-rate', 'max-src-conn-rates') ;
...@@ -1168,23 +1168,6 @@ include("head.inc"); ...@@ -1168,23 +1168,6 @@ include("head.inc");
</div> </div>
</td> </td>
</tr> </tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Diffserv Code Point");?></td>
<td>
<select name="dscp" class="selectpicker" data-live-search="true" data-size="5" data-width="auto">
<option value=""><?=gettext("none");?></option>
<?php
$firewall_rules_dscp_types = array("af11","af12","af13","af21","af22","af23","af31","af32","af33","af41"
,"af42","af43","VA","EF","cs1","cs2","cs3","cs4","cs5","cs6","cs7","0x01","0x02","0x04");
foreach($firewall_rules_dscp_types as $frdt):?>
<option value="<?=$frdt?>"<?= $pconfig['dscp'] == $frdt ? " selected=\"selected\"" :""; ?>>
<?=$frdt?>
</option>
<?php
endforeach; ?>
</select>
</td>
</tr>
<tr> <tr>
<td><a id="help_for_nosync" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("No XMLRPC Sync"); ?></td> <td><a id="help_for_nosync" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("No XMLRPC Sync"); ?></td>
<td> <td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment