From 5eaa7fc19d374d4fb2e2961953893557fe2e24db Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sat, 28 Dec 2024 18:28:38 +0100
Subject: [PATCH] Firewall: Automation: Filter - add set-prio[-low] for
 https://github.com/opnsense/core/issues/8143

---
 .../Firewall/forms/dialogFilterRule.xml       | 24 +++++++++++++++++
 .../app/models/OPNsense/Firewall/Filter.php   | 12 ++++++++-
 .../app/models/OPNsense/Firewall/Filter.xml   | 26 +++++++++++++++++++
 3 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
index 249796623..d647d71d6 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
@@ -240,4 +240,28 @@
             Determines how packets route back in the opposite direction (replies), when set to default, packets on WAN type interfaces reply to their connected gateway on the interface (unless globally disabled). A specific gateway may be chosen as well here. This setting is only relevant in the context of a state, for stateless rules there is no defined opposite direction.
         </help>
     </field>
+    <field>
+        <type>header</type>
+        <label>Packet mangling</label>
+    </field>
+    <field>
+        <id>rule.set-prio</id>
+        <label>Set priority</label>
+        <type>dropdown</type>
+        <help>
+            Packets matching this rule will be assigned a specific queueing priority. If the
+            packet is transmitted on a vlan(4) interface, the queueing priority
+            will be written as the priority code point in the 802.1Q VLAN
+            header
+        </help>
+    </field>
+    <field>
+        <id>rule.set-prio-low</id>
+        <label>Set priority [low-delay]</label>
+        <type>dropdown</type>
+        <help>
+            Used in combination with set priority, packets which have a TOS of lowdelay and TCP ACKs with no
+            data payload will be assigned this priority when offered.
+        </help>
+    </field>
 </form>
diff --git a/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php b/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
index 0bcfbff11..3d1b2c55c 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
@@ -143,7 +143,8 @@ class Filter extends BaseModel
                     }
                     if (empty((string)$rule->max) && ($rule->adaptivestart == '0' || $rule->adaptiveend == '0')) {
                         $messages->appendMessage(new Message(
-                            gettext('Disabling adaptive timeouts is only supported in combination with a configured maximum number of states for the same rule.'),
+                            gettext('Disabling adaptive timeouts is only supported in ".
+                                "combination with a configured maximum number of states for the same rule.'),
                             $rule->max->__reference
                         ));
                     } elseif ($rule->adaptivestart == '0' xor $rule->adaptiveend == '0') {
@@ -175,6 +176,15 @@ class Filter extends BaseModel
                             $rule->adaptiveend->__reference
                         ));
                     }
+
+                    if ((string)$rule->{'set-prio'} == '' && (string)$rule->{'set-prio-low'} != '') {
+                        $messages->appendMessage(new Message(
+                            gettext("Set priority for low latency and acknowledgements ".
+                                "requires a set priority for normal packets."),
+                            $rule->{'set-prio-low'}->__reference
+                        ));
+                    }
+
                 }
             }
         }
diff --git a/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml b/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
index 007ce0e83..ef4b624d9 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
@@ -164,6 +164,32 @@
                 <adaptiveend type="IntegerField">
                     <MinimumValue>0</MinimumValue>
                 </adaptiveend>
+                <set-prio type="OptionField">
+                    <BlankDesc>Keep current priority</BlankDesc>
+                    <OptionValues>
+                        <opt1 value="1">Background (1, lowest)</opt1>
+                        <opt0 value="0">Best Effort (0, default)</opt0>
+                        <opt2 value="2">Excellent Effort (2)</opt2>
+                        <opt3 value="3">Critical Applications (3)</opt3>
+                        <opt4 value="4">Video (4)</opt4>
+                        <opt5 value="5">Voice (5)</opt5>
+                        <opt6 value="6">Internetwork Control (6)</opt6>
+                        <opt7 value="7">Network Control (7, highest)</opt7>
+                    </OptionValues>
+                </set-prio>
+                <set-prio-low type="OptionField">
+                    <BlankDesc>Keep current priority</BlankDesc>
+                    <OptionValues>
+                        <opt1 value="1">Background (1, lowest)</opt1>
+                        <opt0 value="0">Best Effort (0, default)</opt0>
+                        <opt2 value="2">Excellent Effort (2)</opt2>
+                        <opt3 value="3">Critical Applications (3)</opt3>
+                        <opt4 value="4">Video (4)</opt4>
+                        <opt5 value="5">Voice (5)</opt5>
+                        <opt6 value="6">Internetwork Control (6)</opt6>
+                        <opt7 value="7">Network Control (7, highest)</opt7>
+                    </OptionValues>
+                </set-prio-low>
                 <categories type="ModelRelationField">
                     <Model>
                         <rulesets>