From 64668771d5f14fc4b68fff382d166238c164bdde Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Sat, 15 Jan 2022 12:48:48 +0100 Subject: firewall: policy: T4178: Migrate and refactor tcp flags * Add support for ECN and CWR flags --- .../include/firewall/common-rule.xml.i | 51 +-------- .../include/firewall/tcp-flags.xml.i | 119 +++++++++++++++++++++ .../include/policy/route-common-rule-ipv6.xml.i | 51 +-------- .../include/policy/route-common-rule.xml.i | 51 +-------- 4 files changed, 122 insertions(+), 150 deletions(-) create mode 100644 interface-definitions/include/firewall/tcp-flags.xml.i (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i index 6e8203c88..5ffbd639c 100644 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -264,56 +264,7 @@ - - - TCP flags to match - - - - - TCP flags to match - - txt - Multiple comma-separated flags - - - syn - Syncronise flag - - - ack - Acknowledge flag - - - fin - Finish flag - - - rst - Reset flag - - - urg - Urgent flag - - - psh - Push flag - - - - \n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset - - - syn ack fin rst urg psh - - - - - - - - +#include Time to match rule diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i new file mode 100644 index 000000000..b99896687 --- /dev/null +++ b/interface-definitions/include/firewall/tcp-flags.xml.i @@ -0,0 +1,119 @@ + + + + TCP flags to match + + + + + TCP flags to match + + + + + Synchronise flag + + + + + + Acknowledge flag + + + + + + Finish flag + + + + + + Reset flag + + + + + + Urgent flag + + + + + + Push flag + + + + + + Explicit Congestion Notification flag + + + + + + Congestion Window Reduced flag + + + + + + Match flags not set + + + + + Synchronise flag + + + + + + Acknowledge flag + + + + + + Finish flag + + + + + + Reset flag + + + + + + Urgent flag + + + + + + Push flag + + + + + + Explicit Congestion Notification flag + + + + + + Congestion Window Reduced flag + + + + + + + + + + diff --git a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i index b8fee4b7b..735edbd48 100644 --- a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i +++ b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i @@ -320,56 +320,7 @@ - - - TCP flags to match - - - - - TCP flags to match - - txt - Multiple comma-separated flags - - - syn - Syncronise flag - - - ack - Acknowledge flag - - - fin - Finish flag - - - rst - Reset flag - - - urg - Urgent flag - - - psh - Push flag - - - - \n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset - - - syn ack fin rst urg psh - - - - - - - - +#include Time to match rule diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common-rule.xml.i index 17b47474d..4452f78fc 100644 --- a/interface-definitions/include/policy/route-common-rule.xml.i +++ b/interface-definitions/include/policy/route-common-rule.xml.i @@ -320,56 +320,7 @@ - - - TCP flags to match - - - - - TCP flags to match - - txt - Multiple comma-separated flags - - - syn - Syncronise flag - - - ack - Acknowledge flag - - - fin - Finish flag - - - rst - Reset flag - - - urg - Urgent flag - - - psh - Push flag - - - - \n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset - - - syn ack fin rst urg psh - - - - - - - - +#include Time to match rule -- cgit v1.2.3