(trafficshaper) add match tcp ACK/non-ACK selection, closes...

(trafficshaper) add match tcp ACK/non-ACK selection, closes https://github.com/opnsense/core/issues/528

(trafficshaper) add match tcp ACK/non-ACK selection, closes...
(trafficshaper) add match tcp ACK/non-ACK selection, closes https://github.com/opnsense/core/issues/528
edbac06d · Ad Schellevis · 454e8b3c · edbac06d · edbac06d
Commit edbac06d authored Dec 16, 2015 by Ad Schellevis
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 6 deletions

TrafficShaper.xml ...e/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml +2 -0

ipfw.conf src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf +11 -6

No files found.
--- a/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
@@ -146,6 +146,8 @@
                        <ip6>ipv6</ip6>
                        <udp>udp</udp>
                        <tcp>tcp</tcp>
+                        <tcp_ack>tcp (ACK packets only)</tcp_ack>
+                        <tcp_ack_not>tcp (non-ACK packages)</tcp_ack_not>
                        <icmp>icmp</icmp>
                        <igmp>igmp</igmp>
                        <esp>esp</esp>

--- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
@@ -154,20 +154,25 @@ add 60000 return via any
 {%                       if rule.interface2 and helpers.getNodeByTag('interfaces.'+rule.interface2) %}
 {#  2 interface defined, use both to match packets (2 rules)  #}
 add {{loop.index  + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
-    helpers.getUUID(rule.target).number }} {{ rule.proto }} from {{ rule.source }} to {{rule.destination
+    helpers.getUUID(rule.target).number }} {{ rule.proto.split('_')[0] }} from {{ rule.source }} to {{rule.destination
    }} src-port  {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} recv {{
-    helpers.getNodeByTag('interfaces.'+rule.interface).if }} xmit {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
+    helpers.getNodeByTag('interfaces.'+rule.interface).if }} {%
+    if rule.proto.split('_')[1]|default('') == 'ack' %} {{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif
+    %} xmit {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
    }}
 add {{loop.index  + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
-    helpers.getUUID(rule.target).number }} {{ rule.proto }} from {{ rule.source }} to {{rule.destination
+    helpers.getUUID(rule.target).number }} {{ rule.proto.split('_')[0] }} from {{ rule.source }} to {{rule.destination
    }} src-port  {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} xmit {{
-    helpers.getNodeByTag('interfaces.'+rule.interface).if }} recv {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
+    helpers.getNodeByTag('interfaces.'+rule.interface).if }} {%
+    if rule.proto.split('_')[1]|default('') == 'ack' %} {{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif
+    %} recv {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
    }}
 {%                       else %}
 {#  normal, single interface situation  #}
 add {{loop.index  + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
-    helpers.getUUID(rule.target).number }} {{ rule.proto }} from {{ rule.source }} to {{rule.destination
+    helpers.getUUID(rule.target).number }} {{ rule.proto.split('_')[0] }} from {{ rule.source }} to {{rule.destination
-    }} src-port  {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} via {{
+    }} src-port  {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} {%
+    if rule.proto.split('_')[1]|default('') == 'ack' %} {{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif %} via {{
    helpers.getNodeByTag('interfaces.'+rule.interface).if
    }}
 {%                       endif %}