From 5c3791ef8bef2ea977fd98745e6b5eb7edd22ced Mon Sep 17 00:00:00 2001
From: Maxfield Allison <42394355+maxfield-allison@users.noreply.github.com>
Date: Wed, 24 Jun 2020 08:14:23 -0500
Subject: [PATCH] Add the iplen option to shaper rules (#4181)
---
.../OPNsense/TrafficShaper/forms/dialogRule.xml | 7 +++++++
.../app/models/OPNsense/TrafficShaper/TrafficShaper.xml | 6 ++++++
src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf | 3 +++
3 files changed, 16 insertions(+)
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogRule.xml b/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogRule.xml
index 25d022b71..c88589e69 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogRule.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogRule.xml
@@ -28,6 +28,13 @@
dropdown
+
+ rule.iplen
+
+ true
+ text
+ Specifies the maximum size of packets to match in bytes
+
rule.source
diff --git a/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml b/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
index 91c6af45a..36484d5e5 100644
--- a/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
@@ -273,6 +273,12 @@
gre
+
+ 2
+ 65535
+ N
+ The absolute limitation for packet size is 64K (65535 bytes)
+
Y
,
diff --git a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
index 6fd4573a4..5d696021a 100644
--- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
@@ -171,6 +171,7 @@ add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
}} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} recv {{
physical_interface(rule.interface) }} {%
if rule.proto.split('_')[1]|default('') == 'ack' %} {{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif %}{%
+ if rule.iplen|default('') != '' %} iplen 1-{{ rule.iplen }}{% endif %}{%
if rule.dscp|default('') != '' %} dscp {{ rule.dscp }}{% endif %}
xmit {{physical_interface(rule.interface2)
}} // {{ rule['@uuid'] }} {{rule.interface}} -> {{rule.interface2}}: {{helpers.getUUID(rule.target).description}}
@@ -183,6 +184,7 @@ add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
}} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} xmit {{
physical_interface(rule.interface) }} {%
if rule.proto.split('_')[1]|default('') == 'ack' %} {{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif %}{%
+ if rule.iplen|default('') != '' %} iplen 1-{{ rule.iplen }}{% endif %}{%
if rule.dscp|default('') != '' %} dscp {{ rule.dscp }}{% endif %}
recv {{physical_interface(rule.interface2)
}} // {{ rule['@uuid'] }} {{rule.interface2}} -> {{rule.interface}}: {{helpers.getUUID(rule.target).description}}
@@ -195,6 +197,7 @@ add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
if rule.destination_not|default('0') == '1' %}not {% endif %}{{rule.destination
}} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} {%
if rule.proto.split('_')[1]|default('') == 'ack' %}{{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif %} {%
+ if rule.iplen|default('') != '' %} iplen 1-{{ rule.iplen }}{% endif %}{%
if rule.dscp|default('') != '' %} dscp {{ rule.dscp }}{% endif %} via {{
physical_interface(rule.interface)
}} // {{ rule['@uuid'] }} {{rule.interface}}: {{helpers.getUUID(rule.target).description}}