From 64668771d5f14fc4b68fff382d166238c164bdde Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Sat, 15 Jan 2022 12:48:48 +0100
Subject: firewall: policy: T4178: Migrate and refactor tcp flags

* Add support for ECN and CWR flags
---
 .../include/firewall/common-rule.xml.i             |  51 +--------
 .../include/firewall/tcp-flags.xml.i               | 119 +++++++++++++++++++++
 .../include/policy/route-common-rule-ipv6.xml.i    |  51 +--------
 .../include/policy/route-common-rule.xml.i         |  51 +--------
 4 files changed, 122 insertions(+), 150 deletions(-)
 create mode 100644 interface-definitions/include/firewall/tcp-flags.xml.i

(limited to 'interface-definitions')

diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i
index 6e8203c88..5ffbd639c 100644
--- a/interface-definitions/include/firewall/common-rule.xml.i
+++ b/interface-definitions/include/firewall/common-rule.xml.i
@@ -264,56 +264,7 @@
     </leafNode>
   </children>
 </node>
-<node name="tcp">
-  <properties>
-    <help>TCP flags to match</help>
-  </properties>
-  <children>
-    <leafNode name="flags">
-      <properties>
-        <help>TCP flags to match</help>
-        <valueHelp>
-          <format>txt</format>
-          <description>Multiple comma-separated flags</description>
-        </valueHelp>
-        <valueHelp>
-          <format>syn</format>
-          <description>Syncronise flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>ack</format>
-          <description>Acknowledge flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>fin</format>
-          <description>Finish flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>rst</format>
-          <description>Reset flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>urg</format>
-          <description>Urgent flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>psh</format>
-          <description>Push flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format> </format>
-          <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description>
-        </valueHelp>
-        <completionHelp>
-          <list>syn ack fin rst urg psh</list>
-        </completionHelp>
-        <constraint>
-          <validator name="tcp-flag"/>
-        </constraint>
-      </properties>
-    </leafNode>
-  </children>
-</node>
+#include <include/firewall/tcp-flags.xml.i>
 <node name="time">
   <properties>
     <help>Time to match rule</help>
diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i
new file mode 100644
index 000000000..b99896687
--- /dev/null
+++ b/interface-definitions/include/firewall/tcp-flags.xml.i
@@ -0,0 +1,119 @@
+<!-- include start from firewall/tcp-flags.xml.i -->
+<node name="tcp">
+  <properties>
+    <help>TCP flags to match</help>
+  </properties>
+  <children>
+    <node name="flags">
+      <properties>
+        <help>TCP flags to match</help>
+      </properties>
+      <children>
+        <leafNode name="syn">
+          <properties>
+            <help>Synchronise flag</help>
+            <valueless/>
+          </properties>
+        </leafNode>
+        <leafNode name="ack">
+          <properties>
+            <help>Acknowledge flag</help>
+            <valueless/>
+          </properties>
+        </leafNode>
+        <leafNode name="fin">
+          <properties>
+            <help>Finish flag</help>
+            <valueless/>
+          </properties>
+        </leafNode>
+        <leafNode name="rst">
+          <properties>
+            <help>Reset flag</help>
+            <valueless/>
+          </properties>
+        </leafNode>
+        <leafNode name="urg">
+          <properties>
+            <help>Urgent flag</help>
+            <valueless/>
+          </properties>
+        </leafNode>
+        <leafNode name="psh">
+          <properties>
+            <help>Push flag</help>
+            <valueless/>
+          </properties>
+        </leafNode>
+        <leafNode name="ecn">
+          <properties>
+            <help>Explicit Congestion Notification flag</help>
+            <valueless/>
+          </properties>
+        </leafNode>
+        <leafNode name="cwr">
+          <properties>
+            <help>Congestion Window Reduced flag</help>
+            <valueless/>
+          </properties>
+        </leafNode>
+        <node name="not">
+          <properties>
+            <help>Match flags not set</help>
+          </properties>
+          <children>
+            <leafNode name="syn">
+              <properties>
+                <help>Synchronise flag</help>
+                <valueless/>
+              </properties>
+            </leafNode>
+            <leafNode name="ack">
+              <properties>
+                <help>Acknowledge flag</help>
+                <valueless/>
+              </properties>
+            </leafNode>
+            <leafNode name="fin">
+              <properties>
+                <help>Finish flag</help>
+                <valueless/>
+              </properties>
+            </leafNode>
+            <leafNode name="rst">
+              <properties>
+                <help>Reset flag</help>
+                <valueless/>
+              </properties>
+            </leafNode>
+            <leafNode name="urg">
+              <properties>
+                <help>Urgent flag</help>
+                <valueless/>
+              </properties>
+            </leafNode>
+            <leafNode name="psh">
+              <properties>
+                <help>Push flag</help>
+                <valueless/>
+              </properties>
+            </leafNode>
+            <leafNode name="ecn">
+              <properties>
+                <help>Explicit Congestion Notification flag</help>
+                <valueless/>
+              </properties>
+            </leafNode>
+            <leafNode name="cwr">
+              <properties>
+                <help>Congestion Window Reduced flag</help>
+                <valueless/>
+              </properties>
+            </leafNode>
+          </children>
+        </node>
+      </children>
+    </node>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
index b8fee4b7b..735edbd48 100644
--- a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
+++ b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
@@ -320,56 +320,7 @@
     </leafNode>
   </children>
 </node>
-<node name="tcp">
-  <properties>
-    <help>TCP flags to match</help>
-  </properties>
-  <children>
-    <leafNode name="flags">
-      <properties>
-        <help>TCP flags to match</help>
-        <valueHelp>
-          <format>txt</format>
-          <description>Multiple comma-separated flags</description>
-        </valueHelp>
-        <valueHelp>
-          <format>syn</format>
-          <description>Syncronise flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>ack</format>
-          <description>Acknowledge flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>fin</format>
-          <description>Finish flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>rst</format>
-          <description>Reset flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>urg</format>
-          <description>Urgent flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>psh</format>
-          <description>Push flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format> </format>
-          <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description>
-        </valueHelp>
-        <completionHelp>
-          <list>syn ack fin rst urg psh</list>
-        </completionHelp>
-        <constraint>
-          <validator name="tcp-flag"/>
-        </constraint>
-      </properties>
-    </leafNode>
-  </children>
-</node>
+#include <include/firewall/tcp-flags.xml.i>
 <node name="time">
   <properties>
     <help>Time to match rule</help>
diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common-rule.xml.i
index 17b47474d..4452f78fc 100644
--- a/interface-definitions/include/policy/route-common-rule.xml.i
+++ b/interface-definitions/include/policy/route-common-rule.xml.i
@@ -320,56 +320,7 @@
     </leafNode>
   </children>
 </node>
-<node name="tcp">
-  <properties>
-    <help>TCP flags to match</help>
-  </properties>
-  <children>
-    <leafNode name="flags">
-      <properties>
-        <help>TCP flags to match</help>
-        <valueHelp>
-          <format>txt</format>
-          <description>Multiple comma-separated flags</description>
-        </valueHelp>
-        <valueHelp>
-          <format>syn</format>
-          <description>Syncronise flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>ack</format>
-          <description>Acknowledge flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>fin</format>
-          <description>Finish flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>rst</format>
-          <description>Reset flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>urg</format>
-          <description>Urgent flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format>psh</format>
-          <description>Push flag</description>
-        </valueHelp>
-        <valueHelp>
-          <format> </format>
-          <description>\n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset</description>
-        </valueHelp>
-        <completionHelp>
-          <list>syn ack fin rst urg psh</list>
-        </completionHelp>
-        <constraint>
-          <validator name="tcp-flag"/>
-        </constraint>
-      </properties>
-    </leafNode>
-  </children>
-</node>
+#include <include/firewall/tcp-flags.xml.i>
 <node name="time">
   <properties>
     <help>Time to match rule</help>
-- 
cgit v1.2.3