From fb3ef9af5e394aa25692003fb3c185bfedefe3cb Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Mon, 18 Sep 2023 20:24:22 +0200 Subject: conntrack: T5217: Add tcp flag matching to `system conntrack ignore` - Moves MSS node out of `tcp-flags.xml.i` and into `tcp-mss.xml.i` - Update smoketest to verify TCP flag matching --- .../include/firewall/common-rule-inet.xml.i | 1 + .../include/firewall/common-rule-ipv4-raw.xml.i | 1 + .../include/firewall/common-rule.xml.i | 1 + .../include/firewall/tcp-flags.xml.i | 18 +--------------- .../include/firewall/tcp-mss.xml.i | 25 ++++++++++++++++++++++ .../include/policy/route-common.xml.i | 1 + interface-definitions/system-conntrack.xml.in | 2 ++ 7 files changed, 32 insertions(+), 17 deletions(-) create mode 100644 interface-definitions/include/firewall/tcp-mss.xml.i (limited to 'interface-definitions') diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index 7a2eb86d4..e51dd0056 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -303,6 +303,7 @@ #include +#include Time to match rule diff --git a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i index a1071a09a..e040c9b13 100644 --- a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i @@ -260,6 +260,7 @@ #include +#include Time to match rule diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i index 7417a3c58..c62bf2c5f 100644 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -315,6 +315,7 @@ #include +#include Time to match rule diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i index e2ce7b9fd..36546c2e4 100644 --- a/interface-definitions/include/firewall/tcp-flags.xml.i +++ b/interface-definitions/include/firewall/tcp-flags.xml.i @@ -1,7 +1,7 @@ - TCP flags to match + TCP options to match @@ -114,22 +114,6 @@ - - - Maximum segment size (MSS) - - u32:1-16384 - Maximum segment size - - - <min>-<max> - TCP MSS range (use '-' as delimiter) - - - - - - diff --git a/interface-definitions/include/firewall/tcp-mss.xml.i b/interface-definitions/include/firewall/tcp-mss.xml.i new file mode 100644 index 000000000..dc49b4272 --- /dev/null +++ b/interface-definitions/include/firewall/tcp-mss.xml.i @@ -0,0 +1,25 @@ + + + + TCP options to match + + + + + Maximum segment size (MSS) + + u32:1-16384 + Maximum segment size + + + <min>-<max> + TCP MSS range (use '-' as delimiter) + + + + + + + + + diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i index 216ec9bea..6551d23ab 100644 --- a/interface-definitions/include/policy/route-common.xml.i +++ b/interface-definitions/include/policy/route-common.xml.i @@ -314,6 +314,7 @@ #include +#include Time to match rule diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in index 78d19090c..4452f1a74 100644 --- a/interface-definitions/system-conntrack.xml.in +++ b/interface-definitions/system-conntrack.xml.in @@ -127,6 +127,7 @@ #include + #include @@ -212,6 +213,7 @@ #include + #include -- cgit v1.2.3