lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 09:04:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

(trafficshaper) add match tcp ACK/non-ACK selection, closes https://github.com/opnsense/core/issues/528

Browse Source
This commit is contained in:
Ad Schellevis 2015-12-16 11:29:20 +01:00
parent 454e8b3cfd
commit edbac06d20
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
View File

@ -146,6 +146,8 @@
<ip6>ipv6</ip6>
<udp>udp</udp>
<tcp>tcp</tcp>
<tcp_ack>tcp (ACK packets only)</tcp_ack>
<tcp_ack_not>tcp (non-ACK packages)</tcp_ack_not>
<icmp>icmp</icmp>
<igmp>igmp</igmp>
<esp>esp</esp>

17
src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
View File

@ -154,20 +154,25 @@ add 60000 return via any
{% if rule.interface2 and helpers.getNodeByTag('interfaces.'+rule.interface2) %}
{# 2 interface defined, use both to match packets (2 rules) #}
add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
helpers.getUUID(rule.target).number }} {{ rule.proto }} from {{ rule.source }} to {{rule.destination
helpers.getUUID(rule.target).number }} {{ rule.proto.split('_')[0] }} from {{ rule.source }} to {{rule.destination
}} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} recv {{
helpers.getNodeByTag('interfaces.'+rule.interface).if }} xmit {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
helpers.getNodeByTag('interfaces.'+rule.interface).if }} {%
if rule.proto.split('_')[1]|default('') == 'ack' %} {{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif
%} xmit {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
}}
add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
helpers.getUUID(rule.target).number }} {{ rule.proto }} from {{ rule.source }} to {{rule.destination
helpers.getUUID(rule.target).number }} {{ rule.proto.split('_')[0] }} from {{ rule.source }} to {{rule.destination
}} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} xmit {{
helpers.getNodeByTag('interfaces.'+rule.interface).if }} recv {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
helpers.getNodeByTag('interfaces.'+rule.interface).if }} {%
if rule.proto.split('_')[1]|default('') == 'ack' %} {{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif
%} recv {{helpers.getNodeByTag('interfaces.'+rule.interface2).if
}}
{% else %}
{# normal, single interface situation #}
add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{
helpers.getUUID(rule.target).number }} {{ rule.proto }} from {{ rule.source }} to {{rule.destination
}} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} via {{
helpers.getUUID(rule.target).number }} {{ rule.proto.split('_')[0] }} from {{ rule.source }} to {{rule.destination
}} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} {%
if rule.proto.split('_')[1]|default('') == 'ack' %} {{ rule.proto.split('_')[2]|default('') }} tcpflags ack {% endif %} via {{
helpers.getNodeByTag('interfaces.'+rule.interface).if
}}
{% endif %}