From 68bb3fa5c3eb8b3e6f88049e0966a9758b67007e Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Sun, 24 Jan 2016 19:20:42 +0100
Subject: [PATCH] firewall: remove non-standard dscp feature

FreeBSD never implemented this.  OpenBSD did it differently and
more consequently: the `tos' tag of pf.conf(4) was properly extended
and their pf(4) can only be used to set the DSCP bit for symmetry
and general usefulness.  Until this comes back around to FreeBSD,
we'll leave it out.
---
 src/etc/inc/filter.inc          | 19 +++----------------
 src/etc/inc/upgrade_config.inc  | 18 ------------------
 src/www/firewall_rules_edit.php | 21 ++-------------------
 3 files changed, 5 insertions(+), 53 deletions(-)

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 54c7775fa..ca73919e4 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -2415,7 +2415,7 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
     $int = "";
     $aline = array();
     // initialize array with empty tags
-    foreach (array('schedlabel','divert','icmp-type','icmp6-type','tag','tagged','dscp','route','os','reply','prot','log') as $tag) {
+    foreach (array('schedlabel','divert','icmp-type','icmp6-type','tag','tagged','route','os','reply','prot','log') as $tag) {
         $aline[$tag] = "";
     }
 
@@ -2591,19 +2591,6 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
     if (!empty($rule['tagged'])) {
         $aline['tagged'] = " tagged " .$rule['tagged'] . " ";
     }
-    if (!empty($rule['dscp'])) {
-        switch (strtolower($rule['dscp'])) {
-            case 'va':  $aline['dscp'] = " dscp 44 "; break;
-            case 'cs1': $aline['dscp'] = " dscp 8 ";  break;
-            case 'cs2': $aline['dscp'] = " dscp 16 "; break;
-            case 'cs3': $aline['dscp'] = " dscp 24 "; break;
-            case 'cs4': $aline['dscp'] = " dscp 32 "; break;
-            case 'cs5': $aline['dscp'] = " dscp 40 "; break;
-            case 'cs6': $aline['dscp'] = " dscp 48 "; break;
-            case 'cs7': $aline['dscp'] = " dscp 56 "; break;
-            default:    $aline['dscp'] = " dscp " . $rule['dscp'] . " "; break;
-        }
-    }
     $aline['allowopts'] = "";
     if ($type == "pass") {
         if (isset($rule['allowopts'])) {
@@ -2765,13 +2752,13 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
         $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] .
           $aline['interface'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] .
           $negate_networks . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] .
-          $aline['dscp']  . $aline['allowopts'] . $aline['flags'] . $aline['schedlabel'] .
+          $aline['allowopts'] . $aline['flags'] . $aline['schedlabel'] .
           " label \"NEGATE_ROUTE: Negate policy routing for destination\"\n";
     }
     /* piece together the actual user rule */
     $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] .
       $aline['reply'] . $aline['route'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] .
-      $aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] .
+      $aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] .
       $aline['allowopts'] . $aline['flags'] . $aline['schedlabel'];
 
     unset($aline);
diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc
index 3567b114c..19219c88e 100644
--- a/src/etc/inc/upgrade_config.inc
+++ b/src/etc/inc/upgrade_config.inc
@@ -3274,24 +3274,6 @@ function upgrade_105_to_106() {
 	}
 }
 
-function upgrade_108_to_109()
-{
-	global $config;
-
-	if (!isset($config['filter']['rule']) || !is_array($config['filter']['rule']))
-		return;
-
-	foreach ($config['filter']['rule'] as &$rule) {
-		if (!isset($rule['dscp']) || empty($rule['dscp']))
-			continue;
-
-		$pos = strpos($rule['dscp'], ' ');
-		if ($pos !== false)
-			$rule['dscp'] = substr($rule['dscp'], 0, $pos);
-		unset($pos);
-	}
-}
-
 function upgrade_109_to_110()
 {
 	global $config;
diff --git a/src/www/firewall_rules_edit.php b/src/www/firewall_rules_edit.php
index 4f87c4e73..1cabc4aad 100644
--- a/src/www/firewall_rules_edit.php
+++ b/src/www/firewall_rules_edit.php
@@ -148,7 +148,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     }
 
     // define form fields
-    $config_fields = array('interface','type','direction','ipprotocol','protocol','icmptype','os','dscp','disabled','log'
+    $config_fields = array('interface','type','direction','ipprotocol','protocol','icmptype','os','disabled','log'
                           ,'descr','tcpflags_any','tcpflags1','tcpflags2','tag','tagged','quick','allowopts'
                           ,'disablereplyto','max','max-src-nodes','max-src-conn','max-src-states','statetype'
                           ,'statetimeout','nopfsync','nosync','max-src-conn-rate','max-src-conn-rates','gateway','sched'
@@ -412,7 +412,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         $filterent = array();
         // 1-on-1 copy of form values
         $copy_fields = array('type', 'interface', 'ipprotocol', 'tag', 'tagged', 'max', 'max-src-nodes'
-                            , 'max-src-conn', 'max-src-states', 'statetimeout', 'statetype', 'os', 'dscp', 'descr', 'gateway'
+                            , 'max-src-conn', 'max-src-states', 'statetimeout', 'statetype', 'os', 'descr', 'gateway'
                             , 'sched', 'associated-rule-id', 'direction', 'quick'
                             , 'max-src-conn-rate', 'max-src-conn-rates') ;
 
@@ -1168,23 +1168,6 @@ include("head.inc");
                         </div>
                     </td>
                   </tr>
-                  <tr>
-                    <td><i class="fa fa-info-circle text-muted"></i>  <?=gettext("Diffserv Code Point");?></td>
-                    <td>
-                        <select name="dscp" class="selectpicker" data-live-search="true" data-size="5" data-width="auto">
-                          <option value=""><?=gettext("none");?></option>
-<?php
-                          $firewall_rules_dscp_types = array("af11","af12","af13","af21","af22","af23","af31","af32","af33","af41"
-                                  ,"af42","af43","VA","EF","cs1","cs2","cs3","cs4","cs5","cs6","cs7","0x01","0x02","0x04");
-                          foreach($firewall_rules_dscp_types as $frdt):?>
-                            <option value="<?=$frdt?>"<?= $pconfig['dscp'] == $frdt ? " selected=\"selected\"" :""; ?>>
-                              <?=$frdt?>
-                            </option>
-<?php
-                        endforeach; ?>
-                        </select>
-                    </td>
-                  </tr>
                   <tr>
                     <td><a id="help_for_nosync" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a>  <?=gettext("No XMLRPC Sync"); ?></td>
                     <td>