Add new attribute to 'all' rules

2024-01-04 16:53:24 +01:00
parent 307e5d1b50
commit 8cd32d35e2
5 changed files with 291 additions and 98 deletions
--- a/virtweb_frontend/src/api/NWFilterApi.ts
+++ b/virtweb_frontend/src/api/NWFilterApi.ts
@@ -6,18 +6,6 @@ export interface NWFilterChain {
  suffix?: string;
 }

-export interface NWFSAllBase {
-  comment?: string;
-}
-
-export type NWFSAll = NWFSAllBase & {
-  type: "all";
-};
-
-export type NWFSAllIPv6 = NWFSAllBase & {
-  type: "allipv6";
-};
-
 export interface NWFSMac {
  type: "mac";
  src_mac_addr?: string;
@@ -97,9 +85,29 @@ export type NFWSUDPv6 = NWFSLayer4Base & { type: "udpipv6" };
 export type NFWSSCTPv6 = NWFSLayer4Base & { type: "sctpipv6" };
 export type NFWSICMPv6 = NWFSLayer4Base & { type: "icmpipv6" };

+export interface NWFSAllBase {
+  srcmacaddr?: string;
+  srcipaddr?: string;
+  srcipmask?: number;
+  dstipaddr?: string;
+  dstipmask?: number;
+  srcipfrom?: string;
+  srcipto?: string;
+  dstipfrom?: string;
+  dstipto?: string;
+  state?: Layer4State;
+  comment?: string;
+}
+
+export type NWFSAll = NWFSAllBase & {
+  type: "all";
+};
+
+export type NWFSAllIPv6 = NWFSAllBase & {
+  type: "allipv6";
+};
+
 export type NWFSelector =
-  | NWFSAll
-  | NWFSAllIPv6
  | NWFSMac
  | NWFSArp
  | NWFSRArp
@@ -109,10 +117,12 @@ export type NWFSelector =
  | NFWSUDPv4
  | NFWSSCTPv4
  | NFWSICMPv4
+  | NWFSAll
  | NFWSTCPv6
  | NFWSUDPv6
  | NFWSSCTPv6
-  | NFWSICMPv6;
+  | NFWSICMPv6
+  | NWFSAllIPv6;

 export interface NWFilterRule {
  action: "drop" | "reject" | "accept" | "return" | "continue";
--- a/virtweb_frontend/src/widgets/forms/NWFConnStateInput.tsx
+++ b/virtweb_frontend/src/widgets/forms/NWFConnStateInput.tsx
@@ -0,0 +1,27 @@
+import { Layer4State } from "../../api/NWFilterApi";
+import { SelectInput } from "./SelectInput";
+
+export function NWFConnStateInput(p: {
+  editable: boolean;
+  value?: Layer4State;
+  onChange: (s?: Layer4State) => void;
+}): React.ReactElement {
+  return (
+    <SelectInput
+      {...p}
+      label="Connection state"
+      value={p.value}
+      onValueChange={(s) => {
+        p.onChange?.(s as any);
+      }}
+      options={[
+        { label: "None", value: undefined },
+        { label: "NEW", value: "NEW" },
+        { label: "ESTABLISHED", value: "ESTABLISHED" },
+        { label: "RELATED", value: "RELATED" },
+        { label: "INVALID", value: "INVALID" },
+        { label: "NONE", value: "NONE" },
+      ]}
+    />
+  );
+}
--- a/virtweb_frontend/src/widgets/forms/NWFilterRules.tsx
+++ b/virtweb_frontend/src/widgets/forms/NWFilterRules.tsx
@@ -12,6 +12,7 @@ import {
  Tooltip,
 } from "@mui/material";
 import {
+  NWFSAllBase,
  NWFSArpOrRARP,
  NWFSIPBase,
  NWFSLayer4Base,
@@ -23,10 +24,11 @@ import { ServerApi } from "../../api/ServerApi";
 import { EditSection } from "./EditSection";
 import { IPInput, IPInputWithMask } from "./IPInput";
 import { MACInput } from "./MACInput";
+import { NWFConnStateInput } from "./NWFConnStateInput";
+import { NWFilterPriorityInput } from "./NWFilterPriorityInput";
 import { PortInput } from "./PortInput";
 import { SelectInput } from "./SelectInput";
 import { TextInput } from "./TextInput";
-import { NWFilterPriorityInput } from "./NWFilterPriorityInput";

 export function NWFilterRules(p: {
  editable: boolean;
@@ -216,9 +218,6 @@ function NWFSelectorEdit(p: {
            }}
            value={p.selector.type}
            options={[
-              { label: "All over IPv4", value: "all" },
-              { label: "All over IPv6", value: "allipv6" },
-
              { label: "MAC (Ethernet)", value: "mac" },

              { label: "ARP", value: "arp" },
@@ -232,10 +231,14 @@ function NWFSelectorEdit(p: {
              { label: "SCTP over IPv4", value: "sctp" },
              { label: "ICMPv4", value: "icmp" },

+              { label: "All over IPv4", value: "all" },
+
              { label: "TCP over IPv6", value: "tcpipv6" },
              { label: "UDP over IPv6", value: "udpipv6" },
              { label: "SCTP over IPv6", value: "sctpipv6" },
              { label: "ICMPv6", value: "icmpipv6" },
+
+              { label: "All over IPv6", value: "allipv6" },
            ]}
          />

@@ -262,6 +265,10 @@ function NWFSelectorEdit(p: {
            <NWFSelectorLayer4 {...p} selector={p.selector} version={4} />
          )}

+          {p.selector.type === "all" && (
+            <NWFSelectorAll {...p} selector={p.selector} version={4} />
+          )}
+
          {(p.selector.type === "tcpipv6" ||
            p.selector.type === "udpipv6" ||
            p.selector.type === "sctpipv6" ||
@@ -269,6 +276,10 @@ function NWFSelectorEdit(p: {
            <NWFSelectorLayer4 {...p} selector={p.selector} version={6} />
          )}

+          {p.selector.type === "allipv6" && (
+            <NWFSelectorAll {...p} selector={p.selector} version={6} />
+          )}
+
          <TextInput
            editable={p.editable}
            label="Comment"
@@ -599,22 +610,99 @@ function NWFSelectorLayer4(
          p.onChange?.();
        }}
      />
-      <SelectInput
+      <NWFConnStateInput
        {...p}
-        label="Connection state"
        value={p.selector.state}
-        onValueChange={(s) => {
-          p.selector.state = s as any;
+        onChange={(v) => {
+          p.selector.state = v;
+          p.onChange?.();
+        }}
+      />
+    </>
+  );
+}
+
+function NWFSelectorAll(
+  p: SpecificSelectorEditorWithIPVersion<NWFSAllBase>
+): React.ReactElement {
+  return (
+    <>
+      <MACInput
+        {...p}
+        label="Src mac address"
+        value={p.selector.srcmacaddr}
+        onValueChange={(v) => {
+          p.selector.srcmacaddr = v;
+          p.onChange?.();
+        }}
+      />
+      <IPInputWithMask
+        {...p}
+        label="Source IP address / mask"
+        ip={p.selector.srcipaddr}
+        mask={p.selector.srcipmask}
+        version={p.version}
+        onValueChange={(ip, mask) => {
+          p.selector.srcipaddr = ip;
+          p.selector.srcipmask = mask;
+          p.onChange?.();
+        }}
+      />
+      <IPInputWithMask
+        {...p}
+        label="Destination IP address / mask"
+        ip={p.selector.dstipaddr}
+        mask={p.selector.dstipmask}
+        version={p.version}
+        onValueChange={(ip, mask) => {
+          p.selector.dstipaddr = ip;
+          p.selector.dstipmask = mask;
+          p.onChange?.();
+        }}
+      />
+      <IPInput
+        {...p}
+        label="Source IP from"
+        value={p.selector.srcipfrom}
+        onValueChange={(ip) => {
+          p.selector.srcipfrom = ip;
+          p.onChange?.();
+        }}
+      />
+      <IPInput
+        {...p}
+        label="Source IP to"
+        value={p.selector.srcipto}
+        onValueChange={(ip) => {
+          p.selector.srcipto = ip;
+          p.onChange?.();
+        }}
+      />
+      <IPInput
+        {...p}
+        label="Destination IP from"
+        value={p.selector.dstipfrom}
+        onValueChange={(ip) => {
+          p.selector.dstipfrom = ip;
+          p.onChange?.();
+        }}
+      />
+      <IPInput
+        {...p}
+        label="Destination IP to"
+        value={p.selector.dstipto}
+        onValueChange={(ip) => {
+          p.selector.dstipto = ip;
+          p.onChange?.();
+        }}
+      />
+      <NWFConnStateInput
+        {...p}
+        value={p.selector.state}
+        onChange={(v) => {
+          p.selector.state = v;
          p.onChange?.();
        }}
-        options={[
-          { label: "None", value: undefined },
-          { label: "NEW", value: "NEW" },
-          { label: "ESTABLISHED", value: "ESTABLISHED" },
-          { label: "RELATED", value: "RELATED" },
-          { label: "INVALID", value: "INVALID" },
-          { label: "NONE", value: "NONE" },
-        ]}
      />
    </>
  );