Commit b0075a6f authored by djGrrr's avatar djGrrr Committed by Franco Fichtner

Add priority settings to advanced firewall rule options (#1392)

* Add priority settings to advanced firewall rule options

* fix all the previous issues with the priority rules patch and add support for the 2 prio setting

* make the advanced options auto expand, even with various priorities set to 0
parent f6014c36
...@@ -2231,7 +2231,7 @@ function filter_generate_user_rule(&$FilterIflist, $rule) ...@@ -2231,7 +2231,7 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
$int = ""; $int = "";
$aline = array(); $aline = array();
// initialize array with empty tags // initialize array with empty tags
foreach (array('schedlabel','divert','icmp-type','icmp6-type','tag','tagged','route','os','reply','prot','log') as $tag) { foreach (array('schedlabel','divert','icmp-type','icmp6-type','tag','tagged','route','os','reply','prot','log', 'set-prio', 'set-prio-alt', 'prio') as $tag) {
$aline[$tag] = ""; $aline[$tag] = "";
} }
...@@ -2388,6 +2388,22 @@ function filter_generate_user_rule(&$FilterIflist, $rule) ...@@ -2388,6 +2388,22 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
if (isset($rule['protocol']) && $rule['protocol'] == "icmp" && $rule['icmptype'] && $rule['ipprotocol'] == "inet6") { if (isset($rule['protocol']) && $rule['protocol'] == "icmp" && $rule['icmptype'] && $rule['ipprotocol'] == "inet6") {
$aline['icmp6-type'] = "icmp6-type {$rule['icmptype']} "; $aline['icmp6-type'] = "icmp6-type {$rule['icmptype']} ";
} }
if (isset($rule['set-prio']) && $rule['set-prio'] !== '') {
if (isset($rule['set-prio-alt']) && $rule['set-prio-alt'] !== '') {
$prio = '('.$rule['set-prio'].','.$rule['set-prio-alt'].')';
}
else {
$prio = $rule['set-prio'];
}
$aline['set-prio'] = ' set prio '.$prio.' ';
}
if (isset($rule['prio']) && $rule['prio'] !== '') {
$aline['prio'] = ' prio '.$rule['prio'].' ';
}
if (!empty($rule['tag'])) { if (!empty($rule['tag'])) {
$aline['tag'] = " tag " .$rule['tag']. " "; $aline['tag'] = " tag " .$rule['tag']. " ";
} }
...@@ -2539,7 +2555,7 @@ function filter_generate_user_rule(&$FilterIflist, $rule) ...@@ -2539,7 +2555,7 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] .
$aline['reply'] . $aline['route'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] . $aline['reply'] . $aline['route'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] .
$aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] . $aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] .
$aline['allowopts'] . $aline['flags'] . $aline['schedlabel']; $aline['set-prio'] . $aline['prio'] . $aline['allowopts'] . $aline['flags'] . $aline['schedlabel'];
unset($aline); unset($aline);
......
...@@ -55,6 +55,13 @@ function FormSetAdvancedOptions(&$item) { ...@@ -55,6 +55,13 @@ function FormSetAdvancedOptions(&$item) {
return true; return true;
} }
} }
// check these fields for anything being set except a blank string
foreach (array('set-prio', 'set-prio-alt', 'prio') as $fieldname) {
if (isset($item[$fieldname]) && $item[$fieldname] !== '') {
return true;
}
}
if (!empty($item["statetype"]) && $item["statetype"] != 'keep state') { if (!empty($item["statetype"]) && $item["statetype"] != 'keep state') {
return true; return true;
} }
...@@ -89,7 +96,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -89,7 +96,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
,'descr','tcpflags_any','tcpflags1','tcpflags2','tag','tagged','quick','allowopts' ,'descr','tcpflags_any','tcpflags1','tcpflags2','tag','tagged','quick','allowopts'
,'disablereplyto','max','max-src-nodes','max-src-conn','max-src-states','statetype' ,'disablereplyto','max','max-src-nodes','max-src-conn','max-src-states','statetype'
,'statetimeout','nopfsync','nosync','max-src-conn-rate','max-src-conn-rates','gateway','sched' ,'statetimeout','nopfsync','nosync','max-src-conn-rate','max-src-conn-rates','gateway','sched'
,'associated-rule-id','floating', 'category' ,'associated-rule-id','floating', 'category', 'set-prio', 'set-prio-alt', 'prio'
); );
$pconfig = array(); $pconfig = array();
...@@ -349,6 +356,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -349,6 +356,18 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well."); $input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well.");
if (!empty($pconfig['set-prio']) && (!is_numericint($pconfig['set-prio']) || $pconfig['set-prio'] < 0 || $pconfig['set-prio'] > 7)) {
$input_errors[] = gettext('Set priority must be an integer between 0 and 7.');
if (!empty($pconfig['set-prio-alt']) && (!is_numericint($pconfig['set-prio-alt']) || $pconfig['set-prio-alt'] < 0 || $pconfig['set-prio-alt'] > 7)) {
$input_errors[] = gettext('Set alternate priority must be an integer between 0 and 7.');
}
}
if (!empty($pconfig['prio']) && ($pconfig['prio'] < 0 || $pconfig['prio'] > 7)) {
$input_errors[] = gettext('Priority match must be an integer between 0 and 7.');
}
if (count($input_errors) == 0) { if (count($input_errors) == 0) {
$filterent = array(); $filterent = array();
// 1-on-1 copy of form values // 1-on-1 copy of form values
...@@ -412,6 +431,19 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -412,6 +431,19 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$filterent['log'] = true; $filterent['log'] = true;
} }
if (isset($pconfig['set-prio']) && $pconfig['set-prio'] !== '') {
$filterent['set-prio'] = (int)$pconfig['set-prio'];
if (isset($pconfig['set-prio-alt']) && $pconfig['set-prio-alt'] !== '') {
$filterent['set-prio-alt'] = (int)$pconfig['set-prio-alt'];
}
}
if (isset($pconfig['prio']) && $pconfig['prio'] !== '') {
$filterent['prio'] = (int)$pconfig['prio'];
}
if ($pconfig['protocol'] != "any") { if ($pconfig['protocol'] != "any") {
$filterent['protocol'] = $pconfig['protocol']; $filterent['protocol'] = $pconfig['protocol'];
} }
...@@ -1202,6 +1234,62 @@ include("head.inc"); ...@@ -1202,6 +1234,62 @@ include("head.inc");
</div> </div>
</td> </td>
</tr> </tr>
<?
$priorities = array(
'' => '',
1 => gettext('1 - Background'),
0 => gettext('0 - Best Effort (default)'),
2 => gettext('2 - Excellent Effort'),
3 => gettext('3 - Critical Applications'),
4 => gettext('4 - Video'),
5 => gettext('5 - Voice'),
6 => gettext('6 - Internetwork Control'),
7 => gettext('7 - Network Control'),
);
?>
<tr class="opt_advanced hidden">
<td><a id="help_for_set-prio" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Set priority"); ?></td>
<td>
<table class="table table-condensed">
<tr>
<th>Main:</th>
<th>Alternate (optional):</th>
</tr>
<tr>
<td>
<select name="set-prio">
<? foreach ($priorities as $prio => $priority) { ?>
<option value="<?=$prio;?>"<?=(isset($pconfig['set-prio']) && $pconfig['set-prio'] !== '' && $pconfig['set-prio'] == $prio ? ' selected="selected"' : '');?>><?=htmlspecialchars($priority);?></option>
<? } ?>
</select>
</td>
<td>
<select name="set-prio-alt">
<? foreach ($priorities as $prio => $priority) { ?>
<option value="<?=$prio;?>"<?=(isset($pconfig['set-prio-alt']) && $pconfig['set-prio-alt'] !== '' && $pconfig['set-prio-alt'] == $prio ? ' selected="selected"' : '');?>><?=htmlspecialchars($priority);?></option>
<? } ?>
</select>
</td>
</tr>
</table>
<div class="hidden" for="help_for_set-prio">
<?=sprintf(gettext('Set the priority of packets matching this rule. If an alternate priority is set, packets with a TOS of %slowdelay%s and TCP ACKs with no data payload will be assigned this priority.'), '<strong>', '</strong>');?>
</div>
</td>
</tr>
<tr class="opt_advanced hidden">
<td><a id="help_for_prio" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Match priority"); ?></td>
<td>
<select name="prio">
<? foreach ($priorities as $prio => $priority) { ?>
<option value="<?=$prio;?>"<?=(isset($pconfig['prio']) && $pconfig['prio'] !== '' && $pconfig['prio'] == $prio ? ' selected="selected"' : '');?>><?=htmlspecialchars($priority);?></option>
<? } ?>
</select>
<div class="hidden" for="help_for_prio">
<?=gettext('Match on the priority of packets.');?>
</div>
</td>
</tr>
<tr class="opt_advanced hidden"> <tr class="opt_advanced hidden">
<td><a id="help_for_tag" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Set local tag"); ?></td> <td><a id="help_for_tag" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Set local tag"); ?></td>
<td> <td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment