luci-app-firewall: support 'DSCP' action and matches for rules

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit aa62419e5ba92a0cdd8ceb487e9b9b819cf357d0)

diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
index f26457140fdbfbc99dad9cb803dab4bd2a02ba1b..9d8d8d15598312ae370e61864f8cdb7d51e4c6f6 100644 (file)
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@@ -395,6 +395,7 @@ return L.view.extend({
                o.value('HELPER', _('assign conntrack helper'));
                o.value('MARK_SET', _('apply firewall mark'));
                o.value('MARK_XOR', _('XOR firewall mark'));
+               o.value('DSCP', _('DSCP classification'));
                o.cfgvalue = function(section_id) {
                        var t = uci.get('firewall', section_id, 'target'),
                            m = uci.get('firewall', section_id, 'set_mark');
@@ -413,9 +414,6 @@ return L.view.extend({
                o.rmempty = false;
                o.depends('target', 'MARK_SET');
                o.validate = function(section_id, value) {
-                       if (value == '')
-                               return true;
-
                        var m = String(value).match(/^(0x[0-9a-f]{1,8}|[0-9]{1,10})(?:\/(0x[0-9a-f]{1,8}|[0-9]{1,10}))?$/i);
 
                        if (!m || +m[1] > 0xffffffff || (m[2] != null && +m[2] > 0xffffffff))
@@ -429,9 +427,6 @@ return L.view.extend({
                o.rmempty = false;
                o.depends('target', 'MARK_XOR');
                o.validate = function(section_id, value) {
-                       if (value == '')
-                               return true;
-
                        var m = String(value).match(/^(0x[0-9a-f]{1,8}|[0-9]{1,10})(?:\/(0x[0-9a-f]{1,8}|[0-9]{1,10}))?$/i);
 
                        if (!m || +m[1] > 0xffffffff || (m[2] != null && +m[2] > 0xffffffff))
@@ -440,6 +435,44 @@ return L.view.extend({
                        return true;
                };
 
+               o = s.taboption('general', form.Value, 'set_dhcp', _('DSCP mark'), _('Apply the given DSCP class or value to established connections.'));
+               o.modalonly = true;
+               o.rmempty = false;
+               o.depends('target', 'DSCP');
+               o.value('CS0');
+               o.value('CS1');
+               o.value('CS2');
+               o.value('CS3');
+               o.value('CS4');
+               o.value('CS5');
+               o.value('CS6');
+               o.value('CS7');
+               o.value('BE');
+               o.value('AF11');
+               o.value('AF12');
+               o.value('AF13');
+               o.value('AF21');
+               o.value('AF22');
+               o.value('AF23');
+               o.value('AF31');
+               o.value('AF32');
+               o.value('AF33');
+               o.value('AF41');
+               o.value('AF42');
+               o.value('AF43');
+               o.value('EF');
+               o.validate = function(section_id, value) {
+                       if (value == '')
+                               return _('DSCP mark required');
+
+                       var m = String(value).match(/^(?:CS[0-7]|BE|AF[1234][123]|EF|(0x[0-9a-f]{1,2}|[0-9]{1,2}))$/);
+
+                       if (!m || (m[1] != null && +m[1] > 0x3f))
+                               return _('Invalid DSCP mark');
+
+                       return true;
+               };
+
                o = s.taboption('general', form.ListValue, 'set_helper', _('Tracking helper'), _('Assign the specified connection tracking helper to matched traffic.'));
                o.modalonly = true;
                o.placeholder = _('any');
@@ -481,6 +514,47 @@ return L.view.extend({
                        return true;
                };
 
+               o = s.taboption('advanced', form.Value, 'dscp', _('Match DSCP'),
+                       _('Matches traffic carrying the specified DSCP marking.'));
+               o.modalonly = true;
+               o.rmempty = true;
+               o.placeholder = _('any');
+               o.value('CS0');
+               o.value('CS1');
+               o.value('CS2');
+               o.value('CS3');
+               o.value('CS4');
+               o.value('CS5');
+               o.value('CS6');
+               o.value('CS7');
+               o.value('BE');
+               o.value('AF11');
+               o.value('AF12');
+               o.value('AF13');
+               o.value('AF21');
+               o.value('AF22');
+               o.value('AF23');
+               o.value('AF31');
+               o.value('AF32');
+               o.value('AF33');
+               o.value('AF41');
+               o.value('AF42');
+               o.value('AF43');
+               o.value('EF');
+               o.validate = function(section_id, value) {
+                       if (value == '')
+                               return true;
+
+                       value = String(value).replace(/^!\s*/, '');
+
+                       var m = value.match(/^(?:CS[0-7]|BE|AF[1234][123]|EF|(0x[0-9a-f]{1,2}|[0-9]{1,2}))$/);
+
+                       if (!m || +m[1] > 0xffffffff || (m[2] != null && +m[2] > 0xffffffff))
+                               return _('Invalid DSCP mark');
+
+                       return true;
+               };
+
                o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
                        _('Passes additional arguments to iptables. Use with care!'));
                o.modalonly = true;