Add new attribute to 'all' rules
This commit is contained in:
parent
307e5d1b50
commit
8cd32d35e2
@ -9,13 +9,6 @@ pub struct NetworkFilterRefXML {
|
|||||||
pub filter: String,
|
pub filter: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(serde::Serialize, serde::Deserialize, Debug)]
|
|
||||||
#[serde(rename = "all")]
|
|
||||||
pub struct NetworkFilterRuleProtocolAllXML {
|
|
||||||
#[serde(rename = "@comment", skip_serializing_if = "Option::is_none")]
|
|
||||||
pub comment: Option<String>,
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(serde::Serialize, serde::Deserialize, Debug)]
|
#[derive(serde::Serialize, serde::Deserialize, Debug)]
|
||||||
#[serde(rename = "mac")]
|
#[serde(rename = "mac")]
|
||||||
pub struct NetworkFilterRuleProtocolMac {
|
pub struct NetworkFilterRuleProtocolMac {
|
||||||
@ -50,7 +43,6 @@ pub struct NetworkFilterRuleProtocolArpXML {
|
|||||||
pub arpdstipaddr: Option<String>,
|
pub arpdstipaddr: Option<String>,
|
||||||
#[serde(rename = "@arpdstipmask", skip_serializing_if = "Option::is_none")]
|
#[serde(rename = "@arpdstipmask", skip_serializing_if = "Option::is_none")]
|
||||||
pub arpdstipmask: Option<u8>,
|
pub arpdstipmask: Option<u8>,
|
||||||
|
|
||||||
#[serde(rename = "@comment", skip_serializing_if = "Option::is_none")]
|
#[serde(rename = "@comment", skip_serializing_if = "Option::is_none")]
|
||||||
pub comment: Option<String>,
|
pub comment: Option<String>,
|
||||||
}
|
}
|
||||||
@ -114,7 +106,37 @@ pub struct NetworkFilterRuleProtocolLayer4<IPv> {
|
|||||||
pub dstportend: Option<u16>,
|
pub dstportend: Option<u16>,
|
||||||
#[serde(rename = "@state", skip_serializing_if = "Option::is_none")]
|
#[serde(rename = "@state", skip_serializing_if = "Option::is_none")]
|
||||||
pub state: Option<String>,
|
pub state: Option<String>,
|
||||||
|
#[serde(rename = "@comment", skip_serializing_if = "Option::is_none")]
|
||||||
|
pub comment: Option<String>,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(serde::Serialize, serde::Deserialize, Debug)]
|
||||||
|
#[serde(rename = "all")]
|
||||||
|
pub struct NetworkFilterRuleProtocolAllXML<IPv> {
|
||||||
|
#[serde(rename = "@srcmacaddr", skip_serializing_if = "Option::is_none")]
|
||||||
|
pub srcmacaddr: Option<String>,
|
||||||
|
#[serde(rename = "@srcipaddr", skip_serializing_if = "Option::is_none")]
|
||||||
|
pub srcipaddr: Option<IPv>,
|
||||||
|
#[serde(rename = "@srcipmask", skip_serializing_if = "Option::is_none")]
|
||||||
|
pub srcipmask: Option<u8>,
|
||||||
|
#[serde(rename = "@dstipaddr", skip_serializing_if = "Option::is_none")]
|
||||||
|
pub dstipaddr: Option<IPv>,
|
||||||
|
#[serde(rename = "@dstipmask", skip_serializing_if = "Option::is_none")]
|
||||||
|
pub dstipmask: Option<u8>,
|
||||||
|
/// Start of range of source IP address
|
||||||
|
#[serde(rename = "@srcipfrom", skip_serializing_if = "Option::is_none")]
|
||||||
|
pub srcipfrom: Option<IPv>,
|
||||||
|
/// End of range of source IP address
|
||||||
|
#[serde(rename = "@srcipto", skip_serializing_if = "Option::is_none")]
|
||||||
|
pub srcipto: Option<IPv>,
|
||||||
|
/// Start of range of destination IP address
|
||||||
|
#[serde(rename = "@dstipfrom", skip_serializing_if = "Option::is_none")]
|
||||||
|
pub dstipfrom: Option<IPv>,
|
||||||
|
/// End of range of destination IP address
|
||||||
|
#[serde(rename = "@dstipto", skip_serializing_if = "Option::is_none")]
|
||||||
|
pub dstipto: Option<IPv>,
|
||||||
|
#[serde(rename = "@state", skip_serializing_if = "Option::is_none")]
|
||||||
|
pub state: Option<String>,
|
||||||
#[serde(rename = "@comment", skip_serializing_if = "Option::is_none")]
|
#[serde(rename = "@comment", skip_serializing_if = "Option::is_none")]
|
||||||
pub comment: Option<String>,
|
pub comment: Option<String>,
|
||||||
}
|
}
|
||||||
@ -129,14 +151,6 @@ pub struct NetworkFilterRuleXML {
|
|||||||
#[serde(rename = "@priority")]
|
#[serde(rename = "@priority")]
|
||||||
pub priority: Option<i32>,
|
pub priority: Option<i32>,
|
||||||
|
|
||||||
/// Match all protocols
|
|
||||||
#[serde(default, rename = "all", skip_serializing_if = "Vec::is_empty")]
|
|
||||||
pub all_selectors: Vec<NetworkFilterRuleProtocolAllXML>,
|
|
||||||
|
|
||||||
/// Match all ipv6 protocols
|
|
||||||
#[serde(default, rename = "all-ipv6", skip_serializing_if = "Vec::is_empty")]
|
|
||||||
pub all_ipv6_selectors: Vec<NetworkFilterRuleProtocolAllXML>,
|
|
||||||
|
|
||||||
/// Match mac protocol
|
/// Match mac protocol
|
||||||
#[serde(default, rename = "mac", skip_serializing_if = "Vec::is_empty")]
|
#[serde(default, rename = "mac", skip_serializing_if = "Vec::is_empty")]
|
||||||
pub mac_selectors: Vec<NetworkFilterRuleProtocolMac>,
|
pub mac_selectors: Vec<NetworkFilterRuleProtocolMac>,
|
||||||
@ -173,6 +187,10 @@ pub struct NetworkFilterRuleXML {
|
|||||||
#[serde(default, rename = "icmp", skip_serializing_if = "Vec::is_empty")]
|
#[serde(default, rename = "icmp", skip_serializing_if = "Vec::is_empty")]
|
||||||
pub icmp_selectors: Vec<NetworkFilterRuleProtocolLayer4<Ipv4Addr>>,
|
pub icmp_selectors: Vec<NetworkFilterRuleProtocolLayer4<Ipv4Addr>>,
|
||||||
|
|
||||||
|
/// Match all protocols
|
||||||
|
#[serde(default, rename = "all", skip_serializing_if = "Vec::is_empty")]
|
||||||
|
pub all_selectors: Vec<NetworkFilterRuleProtocolAllXML<Ipv4Addr>>,
|
||||||
|
|
||||||
/// Match TCP IPv6 protocol
|
/// Match TCP IPv6 protocol
|
||||||
#[serde(default, rename = "tcp-ipv6", skip_serializing_if = "Vec::is_empty")]
|
#[serde(default, rename = "tcp-ipv6", skip_serializing_if = "Vec::is_empty")]
|
||||||
pub tcp_ipv6_selectors: Vec<NetworkFilterRuleProtocolLayer4<Ipv6Addr>>,
|
pub tcp_ipv6_selectors: Vec<NetworkFilterRuleProtocolLayer4<Ipv6Addr>>,
|
||||||
@ -188,6 +206,10 @@ pub struct NetworkFilterRuleXML {
|
|||||||
/// Match ICMP IPv6 protocol
|
/// Match ICMP IPv6 protocol
|
||||||
#[serde(default, rename = "icmpv6", skip_serializing_if = "Vec::is_empty")]
|
#[serde(default, rename = "icmpv6", skip_serializing_if = "Vec::is_empty")]
|
||||||
pub imcp_ipv6_selectors: Vec<NetworkFilterRuleProtocolLayer4<Ipv6Addr>>,
|
pub imcp_ipv6_selectors: Vec<NetworkFilterRuleProtocolLayer4<Ipv6Addr>>,
|
||||||
|
|
||||||
|
/// Match all ipv6 protocols
|
||||||
|
#[serde(default, rename = "all-ipv6", skip_serializing_if = "Vec::is_empty")]
|
||||||
|
pub all_ipv6_selectors: Vec<NetworkFilterRuleProtocolAllXML<Ipv6Addr>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(serde::Serialize, serde::Deserialize, Debug)]
|
#[derive(serde::Serialize, serde::Deserialize, Debug)]
|
||||||
|
@ -308,11 +308,6 @@ impl Layer4State {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
|
|
||||||
pub struct NetworkSelectorAll {
|
|
||||||
comment: Option<String>,
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
|
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
|
||||||
pub struct NetworkSelectorMac {
|
pub struct NetworkSelectorMac {
|
||||||
src_mac_addr: Option<NetworkFilterMacAddressOrVar>,
|
src_mac_addr: Option<NetworkFilterMacAddressOrVar>,
|
||||||
@ -371,10 +366,28 @@ pub struct NetworkFilterSelectorLayer4<IPv> {
|
|||||||
comment: Option<String>,
|
comment: Option<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
|
||||||
|
pub struct NetworkSelectorAll<IPv> {
|
||||||
|
comment: Option<String>,
|
||||||
|
srcmacaddr: Option<NetworkFilterMacAddressOrVar>,
|
||||||
|
srcipaddr: Option<IPv>,
|
||||||
|
srcipmask: Option<u8>,
|
||||||
|
dstipaddr: Option<IPv>,
|
||||||
|
dstipmask: Option<u8>,
|
||||||
|
/// Start of range of source IP address
|
||||||
|
srcipfrom: Option<IPv>,
|
||||||
|
/// End of range of source IP address
|
||||||
|
srcipto: Option<IPv>,
|
||||||
|
/// Start of range of destination IP address
|
||||||
|
dstipfrom: Option<IPv>,
|
||||||
|
/// End of range of destination IP address
|
||||||
|
dstipto: Option<IPv>,
|
||||||
|
state: Option<Layer4State>,
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
|
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
|
||||||
#[serde(tag = "type", rename_all = "lowercase")]
|
#[serde(tag = "type", rename_all = "lowercase")]
|
||||||
pub enum NetworkFilterSelector {
|
pub enum NetworkFilterSelector {
|
||||||
All(NetworkSelectorAll),
|
|
||||||
Mac(NetworkSelectorMac),
|
Mac(NetworkSelectorMac),
|
||||||
Arp(NetworkSelectorARP),
|
Arp(NetworkSelectorARP),
|
||||||
Rarp(NetworkSelectorARP),
|
Rarp(NetworkSelectorARP),
|
||||||
@ -384,11 +397,12 @@ pub enum NetworkFilterSelector {
|
|||||||
UDP(NetworkFilterSelectorLayer4<Ipv4Addr>),
|
UDP(NetworkFilterSelectorLayer4<Ipv4Addr>),
|
||||||
SCTP(NetworkFilterSelectorLayer4<Ipv4Addr>),
|
SCTP(NetworkFilterSelectorLayer4<Ipv4Addr>),
|
||||||
ICMP(NetworkFilterSelectorLayer4<Ipv4Addr>),
|
ICMP(NetworkFilterSelectorLayer4<Ipv4Addr>),
|
||||||
Allipv6(NetworkSelectorAll),
|
All(NetworkSelectorAll<Ipv4Addr>),
|
||||||
TCPipv6(NetworkFilterSelectorLayer4<Ipv6Addr>),
|
TCPipv6(NetworkFilterSelectorLayer4<Ipv6Addr>),
|
||||||
UDPipv6(NetworkFilterSelectorLayer4<Ipv6Addr>),
|
UDPipv6(NetworkFilterSelectorLayer4<Ipv6Addr>),
|
||||||
SCTPipv6(NetworkFilterSelectorLayer4<Ipv6Addr>),
|
SCTPipv6(NetworkFilterSelectorLayer4<Ipv6Addr>),
|
||||||
ICMPipv6(NetworkFilterSelectorLayer4<Ipv6Addr>),
|
ICMPipv6(NetworkFilterSelectorLayer4<Ipv6Addr>),
|
||||||
|
Allipv6(NetworkSelectorAll<Ipv6Addr>),
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
|
#[derive(serde::Serialize, serde::Deserialize, Debug, Clone)]
|
||||||
@ -416,12 +430,6 @@ pub struct NetworkFilter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
impl NetworkFilter {
|
impl NetworkFilter {
|
||||||
fn lib2rest_process_all_rule(n: &NetworkFilterRuleProtocolAllXML) -> NetworkSelectorAll {
|
|
||||||
NetworkSelectorAll {
|
|
||||||
comment: n.comment.clone(),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
fn lib2rest_process_mac_rule(n: &NetworkFilterRuleProtocolMac) -> NetworkFilterSelector {
|
fn lib2rest_process_mac_rule(n: &NetworkFilterRuleProtocolMac) -> NetworkFilterSelector {
|
||||||
NetworkFilterSelector::Mac(NetworkSelectorMac {
|
NetworkFilterSelector::Mac(NetworkSelectorMac {
|
||||||
src_mac_addr: n.srcmacaddr.as_ref().map(|v| v.into()),
|
src_mac_addr: n.srcmacaddr.as_ref().map(|v| v.into()),
|
||||||
@ -484,28 +492,29 @@ impl NetworkFilter {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn lib2rest_process_all_rule<IPv: Copy>(
|
||||||
|
n: &NetworkFilterRuleProtocolAllXML<IPv>,
|
||||||
|
) -> anyhow::Result<NetworkSelectorAll<IPv>> {
|
||||||
|
Ok(NetworkSelectorAll {
|
||||||
|
srcmacaddr: n.srcmacaddr.as_ref().map(|v| v.into()),
|
||||||
|
srcipaddr: n.srcipaddr,
|
||||||
|
srcipmask: n.srcipmask,
|
||||||
|
dstipaddr: n.dstipaddr,
|
||||||
|
dstipmask: n.dstipmask,
|
||||||
|
srcipfrom: n.srcipfrom,
|
||||||
|
srcipto: n.srcipto,
|
||||||
|
dstipfrom: n.dstipfrom,
|
||||||
|
dstipto: n.dstipto,
|
||||||
|
state: n.state.as_deref().map(Layer4State::from_xml).transpose()?,
|
||||||
|
comment: n.comment.clone(),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
pub fn lib2rest(xml: NetworkFilterXML) -> anyhow::Result<Self> {
|
pub fn lib2rest(xml: NetworkFilterXML) -> anyhow::Result<Self> {
|
||||||
let mut rules = Vec::with_capacity(xml.rules.len());
|
let mut rules = Vec::with_capacity(xml.rules.len());
|
||||||
for rule in &xml.rules {
|
for rule in &xml.rules {
|
||||||
let mut selectors = Vec::new();
|
let mut selectors = Vec::new();
|
||||||
|
|
||||||
// All selectors
|
|
||||||
selectors.append(
|
|
||||||
&mut rule
|
|
||||||
.all_selectors
|
|
||||||
.iter()
|
|
||||||
.map(|r| NetworkFilterSelector::All(Self::lib2rest_process_all_rule(r)))
|
|
||||||
.collect(),
|
|
||||||
);
|
|
||||||
|
|
||||||
selectors.append(
|
|
||||||
&mut rule
|
|
||||||
.all_ipv6_selectors
|
|
||||||
.iter()
|
|
||||||
.map(|r| NetworkFilterSelector::Allipv6(Self::lib2rest_process_all_rule(r)))
|
|
||||||
.collect(),
|
|
||||||
);
|
|
||||||
|
|
||||||
// Mac selectors
|
// Mac selectors
|
||||||
selectors.append(
|
selectors.append(
|
||||||
&mut rule
|
&mut rule
|
||||||
@ -638,6 +647,31 @@ impl NetworkFilter {
|
|||||||
.collect::<Result<Vec<_>, anyhow::Error>>()?,
|
.collect::<Result<Vec<_>, anyhow::Error>>()?,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// All selectors
|
||||||
|
selectors.append(
|
||||||
|
&mut rule
|
||||||
|
.all_selectors
|
||||||
|
.iter()
|
||||||
|
.map(|r| {
|
||||||
|
Ok(NetworkFilterSelector::All(Self::lib2rest_process_all_rule(
|
||||||
|
r,
|
||||||
|
)?))
|
||||||
|
})
|
||||||
|
.collect::<Result<Vec<_>, anyhow::Error>>()?,
|
||||||
|
);
|
||||||
|
|
||||||
|
selectors.append(
|
||||||
|
&mut rule
|
||||||
|
.all_ipv6_selectors
|
||||||
|
.iter()
|
||||||
|
.map(|r| {
|
||||||
|
Ok(NetworkFilterSelector::Allipv6(
|
||||||
|
Self::lib2rest_process_all_rule(r)?,
|
||||||
|
))
|
||||||
|
})
|
||||||
|
.collect::<Result<Vec<_>, anyhow::Error>>()?,
|
||||||
|
);
|
||||||
|
|
||||||
rules.push(NetworkFilterRule {
|
rules.push(NetworkFilterRule {
|
||||||
action: NetworkFilterAction::from_xml(&rule.action)?,
|
action: NetworkFilterAction::from_xml(&rule.action)?,
|
||||||
direction: NetworkFilterDirection::from_xml(&rule.direction)?,
|
direction: NetworkFilterDirection::from_xml(&rule.direction)?,
|
||||||
@ -664,14 +698,6 @@ impl NetworkFilter {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
fn rest2lib_process_all_selector(
|
|
||||||
selector: &NetworkSelectorAll,
|
|
||||||
) -> anyhow::Result<NetworkFilterRuleProtocolAllXML> {
|
|
||||||
Ok(NetworkFilterRuleProtocolAllXML {
|
|
||||||
comment: extract_nw_filter_comment(&selector.comment)?,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
fn rest2lib_process_arp_selector(
|
fn rest2lib_process_arp_selector(
|
||||||
selector: &NetworkSelectorARP,
|
selector: &NetworkSelectorARP,
|
||||||
) -> anyhow::Result<NetworkFilterRuleProtocolArpXML> {
|
) -> anyhow::Result<NetworkFilterRuleProtocolArpXML> {
|
||||||
@ -728,6 +754,26 @@ impl NetworkFilter {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn rest2lib_process_all_selector<IPv: Copy>(
|
||||||
|
selector: &NetworkSelectorAll<IPv>,
|
||||||
|
) -> anyhow::Result<NetworkFilterRuleProtocolAllXML<IPv>> {
|
||||||
|
Ok(NetworkFilterRuleProtocolAllXML {
|
||||||
|
srcmacaddr: extract_mac_address_or_var(&selector.srcmacaddr)?,
|
||||||
|
srcipaddr: selector.srcipaddr,
|
||||||
|
// This IP mask is not checked
|
||||||
|
srcipmask: selector.srcipmask,
|
||||||
|
dstipaddr: selector.dstipaddr,
|
||||||
|
// This IP mask is not checked
|
||||||
|
dstipmask: selector.dstipmask,
|
||||||
|
srcipfrom: selector.srcipfrom,
|
||||||
|
srcipto: selector.srcipto,
|
||||||
|
dstipfrom: selector.dstipfrom,
|
||||||
|
dstipto: selector.dstipto,
|
||||||
|
state: selector.state.map(|s| s.to_xml()),
|
||||||
|
comment: extract_nw_filter_comment(&selector.comment)?,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
fn rest2lib_process_rule(rule: &NetworkFilterRule) -> anyhow::Result<NetworkFilterRuleXML> {
|
fn rest2lib_process_rule(rule: &NetworkFilterRule) -> anyhow::Result<NetworkFilterRuleXML> {
|
||||||
let mut rule_xml = NetworkFilterRuleXML {
|
let mut rule_xml = NetworkFilterRuleXML {
|
||||||
action: rule.action.to_xml(),
|
action: rule.action.to_xml(),
|
||||||
@ -738,18 +784,6 @@ impl NetworkFilter {
|
|||||||
|
|
||||||
for sel in &rule.selectors {
|
for sel in &rule.selectors {
|
||||||
match sel {
|
match sel {
|
||||||
NetworkFilterSelector::All(all) => {
|
|
||||||
rule_xml
|
|
||||||
.all_selectors
|
|
||||||
.push(Self::rest2lib_process_all_selector(all)?);
|
|
||||||
}
|
|
||||||
|
|
||||||
NetworkFilterSelector::Allipv6(all) => {
|
|
||||||
rule_xml
|
|
||||||
.all_ipv6_selectors
|
|
||||||
.push(Self::rest2lib_process_all_selector(all)?);
|
|
||||||
}
|
|
||||||
|
|
||||||
NetworkFilterSelector::Mac(mac) => {
|
NetworkFilterSelector::Mac(mac) => {
|
||||||
rule_xml.mac_selectors.push(NetworkFilterRuleProtocolMac {
|
rule_xml.mac_selectors.push(NetworkFilterRuleProtocolMac {
|
||||||
srcmacaddr: extract_mac_address_or_var(&mac.src_mac_addr)?,
|
srcmacaddr: extract_mac_address_or_var(&mac.src_mac_addr)?,
|
||||||
@ -765,6 +799,7 @@ impl NetworkFilter {
|
|||||||
.arp_selectors
|
.arp_selectors
|
||||||
.push(Self::rest2lib_process_arp_selector(a)?);
|
.push(Self::rest2lib_process_arp_selector(a)?);
|
||||||
}
|
}
|
||||||
|
|
||||||
NetworkFilterSelector::Rarp(a) => {
|
NetworkFilterSelector::Rarp(a) => {
|
||||||
rule_xml
|
rule_xml
|
||||||
.rarp_selectors
|
.rarp_selectors
|
||||||
@ -774,7 +809,6 @@ impl NetworkFilter {
|
|||||||
NetworkFilterSelector::IPv4(ip) => rule_xml
|
NetworkFilterSelector::IPv4(ip) => rule_xml
|
||||||
.ipv4_selectors
|
.ipv4_selectors
|
||||||
.push(Self::rest2lib_process_ip_selector(ip)?),
|
.push(Self::rest2lib_process_ip_selector(ip)?),
|
||||||
|
|
||||||
NetworkFilterSelector::IPv6(ip) => rule_xml
|
NetworkFilterSelector::IPv6(ip) => rule_xml
|
||||||
.ipv6_selectors
|
.ipv6_selectors
|
||||||
.push(Self::rest2lib_process_ip_selector(ip)?),
|
.push(Self::rest2lib_process_ip_selector(ip)?),
|
||||||
@ -795,6 +829,12 @@ impl NetworkFilter {
|
|||||||
.icmp_selectors
|
.icmp_selectors
|
||||||
.push(Self::rest2lib_process_layer4_selector(icmp)?),
|
.push(Self::rest2lib_process_layer4_selector(icmp)?),
|
||||||
|
|
||||||
|
NetworkFilterSelector::All(all) => {
|
||||||
|
rule_xml
|
||||||
|
.all_selectors
|
||||||
|
.push(Self::rest2lib_process_all_selector(all)?);
|
||||||
|
}
|
||||||
|
|
||||||
NetworkFilterSelector::TCPipv6(tcpv6) => rule_xml
|
NetworkFilterSelector::TCPipv6(tcpv6) => rule_xml
|
||||||
.tcp_ipv6_selectors
|
.tcp_ipv6_selectors
|
||||||
.push(Self::rest2lib_process_layer4_selector(tcpv6)?),
|
.push(Self::rest2lib_process_layer4_selector(tcpv6)?),
|
||||||
@ -810,6 +850,12 @@ impl NetworkFilter {
|
|||||||
NetworkFilterSelector::ICMPipv6(icmpv6) => rule_xml
|
NetworkFilterSelector::ICMPipv6(icmpv6) => rule_xml
|
||||||
.imcp_ipv6_selectors
|
.imcp_ipv6_selectors
|
||||||
.push(Self::rest2lib_process_layer4_selector(icmpv6)?),
|
.push(Self::rest2lib_process_layer4_selector(icmpv6)?),
|
||||||
|
|
||||||
|
NetworkFilterSelector::Allipv6(all) => {
|
||||||
|
rule_xml
|
||||||
|
.all_ipv6_selectors
|
||||||
|
.push(Self::rest2lib_process_all_selector(all)?);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -6,18 +6,6 @@ export interface NWFilterChain {
|
|||||||
suffix?: string;
|
suffix?: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
export interface NWFSAllBase {
|
|
||||||
comment?: string;
|
|
||||||
}
|
|
||||||
|
|
||||||
export type NWFSAll = NWFSAllBase & {
|
|
||||||
type: "all";
|
|
||||||
};
|
|
||||||
|
|
||||||
export type NWFSAllIPv6 = NWFSAllBase & {
|
|
||||||
type: "allipv6";
|
|
||||||
};
|
|
||||||
|
|
||||||
export interface NWFSMac {
|
export interface NWFSMac {
|
||||||
type: "mac";
|
type: "mac";
|
||||||
src_mac_addr?: string;
|
src_mac_addr?: string;
|
||||||
@ -97,9 +85,29 @@ export type NFWSUDPv6 = NWFSLayer4Base & { type: "udpipv6" };
|
|||||||
export type NFWSSCTPv6 = NWFSLayer4Base & { type: "sctpipv6" };
|
export type NFWSSCTPv6 = NWFSLayer4Base & { type: "sctpipv6" };
|
||||||
export type NFWSICMPv6 = NWFSLayer4Base & { type: "icmpipv6" };
|
export type NFWSICMPv6 = NWFSLayer4Base & { type: "icmpipv6" };
|
||||||
|
|
||||||
|
export interface NWFSAllBase {
|
||||||
|
srcmacaddr?: string;
|
||||||
|
srcipaddr?: string;
|
||||||
|
srcipmask?: number;
|
||||||
|
dstipaddr?: string;
|
||||||
|
dstipmask?: number;
|
||||||
|
srcipfrom?: string;
|
||||||
|
srcipto?: string;
|
||||||
|
dstipfrom?: string;
|
||||||
|
dstipto?: string;
|
||||||
|
state?: Layer4State;
|
||||||
|
comment?: string;
|
||||||
|
}
|
||||||
|
|
||||||
|
export type NWFSAll = NWFSAllBase & {
|
||||||
|
type: "all";
|
||||||
|
};
|
||||||
|
|
||||||
|
export type NWFSAllIPv6 = NWFSAllBase & {
|
||||||
|
type: "allipv6";
|
||||||
|
};
|
||||||
|
|
||||||
export type NWFSelector =
|
export type NWFSelector =
|
||||||
| NWFSAll
|
|
||||||
| NWFSAllIPv6
|
|
||||||
| NWFSMac
|
| NWFSMac
|
||||||
| NWFSArp
|
| NWFSArp
|
||||||
| NWFSRArp
|
| NWFSRArp
|
||||||
@ -109,10 +117,12 @@ export type NWFSelector =
|
|||||||
| NFWSUDPv4
|
| NFWSUDPv4
|
||||||
| NFWSSCTPv4
|
| NFWSSCTPv4
|
||||||
| NFWSICMPv4
|
| NFWSICMPv4
|
||||||
|
| NWFSAll
|
||||||
| NFWSTCPv6
|
| NFWSTCPv6
|
||||||
| NFWSUDPv6
|
| NFWSUDPv6
|
||||||
| NFWSSCTPv6
|
| NFWSSCTPv6
|
||||||
| NFWSICMPv6;
|
| NFWSICMPv6
|
||||||
|
| NWFSAllIPv6;
|
||||||
|
|
||||||
export interface NWFilterRule {
|
export interface NWFilterRule {
|
||||||
action: "drop" | "reject" | "accept" | "return" | "continue";
|
action: "drop" | "reject" | "accept" | "return" | "continue";
|
||||||
|
27
virtweb_frontend/src/widgets/forms/NWFConnStateInput.tsx
Normal file
27
virtweb_frontend/src/widgets/forms/NWFConnStateInput.tsx
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
import { Layer4State } from "../../api/NWFilterApi";
|
||||||
|
import { SelectInput } from "./SelectInput";
|
||||||
|
|
||||||
|
export function NWFConnStateInput(p: {
|
||||||
|
editable: boolean;
|
||||||
|
value?: Layer4State;
|
||||||
|
onChange: (s?: Layer4State) => void;
|
||||||
|
}): React.ReactElement {
|
||||||
|
return (
|
||||||
|
<SelectInput
|
||||||
|
{...p}
|
||||||
|
label="Connection state"
|
||||||
|
value={p.value}
|
||||||
|
onValueChange={(s) => {
|
||||||
|
p.onChange?.(s as any);
|
||||||
|
}}
|
||||||
|
options={[
|
||||||
|
{ label: "None", value: undefined },
|
||||||
|
{ label: "NEW", value: "NEW" },
|
||||||
|
{ label: "ESTABLISHED", value: "ESTABLISHED" },
|
||||||
|
{ label: "RELATED", value: "RELATED" },
|
||||||
|
{ label: "INVALID", value: "INVALID" },
|
||||||
|
{ label: "NONE", value: "NONE" },
|
||||||
|
]}
|
||||||
|
/>
|
||||||
|
);
|
||||||
|
}
|
@ -12,6 +12,7 @@ import {
|
|||||||
Tooltip,
|
Tooltip,
|
||||||
} from "@mui/material";
|
} from "@mui/material";
|
||||||
import {
|
import {
|
||||||
|
NWFSAllBase,
|
||||||
NWFSArpOrRARP,
|
NWFSArpOrRARP,
|
||||||
NWFSIPBase,
|
NWFSIPBase,
|
||||||
NWFSLayer4Base,
|
NWFSLayer4Base,
|
||||||
@ -23,10 +24,11 @@ import { ServerApi } from "../../api/ServerApi";
|
|||||||
import { EditSection } from "./EditSection";
|
import { EditSection } from "./EditSection";
|
||||||
import { IPInput, IPInputWithMask } from "./IPInput";
|
import { IPInput, IPInputWithMask } from "./IPInput";
|
||||||
import { MACInput } from "./MACInput";
|
import { MACInput } from "./MACInput";
|
||||||
|
import { NWFConnStateInput } from "./NWFConnStateInput";
|
||||||
|
import { NWFilterPriorityInput } from "./NWFilterPriorityInput";
|
||||||
import { PortInput } from "./PortInput";
|
import { PortInput } from "./PortInput";
|
||||||
import { SelectInput } from "./SelectInput";
|
import { SelectInput } from "./SelectInput";
|
||||||
import { TextInput } from "./TextInput";
|
import { TextInput } from "./TextInput";
|
||||||
import { NWFilterPriorityInput } from "./NWFilterPriorityInput";
|
|
||||||
|
|
||||||
export function NWFilterRules(p: {
|
export function NWFilterRules(p: {
|
||||||
editable: boolean;
|
editable: boolean;
|
||||||
@ -216,9 +218,6 @@ function NWFSelectorEdit(p: {
|
|||||||
}}
|
}}
|
||||||
value={p.selector.type}
|
value={p.selector.type}
|
||||||
options={[
|
options={[
|
||||||
{ label: "All over IPv4", value: "all" },
|
|
||||||
{ label: "All over IPv6", value: "allipv6" },
|
|
||||||
|
|
||||||
{ label: "MAC (Ethernet)", value: "mac" },
|
{ label: "MAC (Ethernet)", value: "mac" },
|
||||||
|
|
||||||
{ label: "ARP", value: "arp" },
|
{ label: "ARP", value: "arp" },
|
||||||
@ -232,10 +231,14 @@ function NWFSelectorEdit(p: {
|
|||||||
{ label: "SCTP over IPv4", value: "sctp" },
|
{ label: "SCTP over IPv4", value: "sctp" },
|
||||||
{ label: "ICMPv4", value: "icmp" },
|
{ label: "ICMPv4", value: "icmp" },
|
||||||
|
|
||||||
|
{ label: "All over IPv4", value: "all" },
|
||||||
|
|
||||||
{ label: "TCP over IPv6", value: "tcpipv6" },
|
{ label: "TCP over IPv6", value: "tcpipv6" },
|
||||||
{ label: "UDP over IPv6", value: "udpipv6" },
|
{ label: "UDP over IPv6", value: "udpipv6" },
|
||||||
{ label: "SCTP over IPv6", value: "sctpipv6" },
|
{ label: "SCTP over IPv6", value: "sctpipv6" },
|
||||||
{ label: "ICMPv6", value: "icmpipv6" },
|
{ label: "ICMPv6", value: "icmpipv6" },
|
||||||
|
|
||||||
|
{ label: "All over IPv6", value: "allipv6" },
|
||||||
]}
|
]}
|
||||||
/>
|
/>
|
||||||
|
|
||||||
@ -262,6 +265,10 @@ function NWFSelectorEdit(p: {
|
|||||||
<NWFSelectorLayer4 {...p} selector={p.selector} version={4} />
|
<NWFSelectorLayer4 {...p} selector={p.selector} version={4} />
|
||||||
)}
|
)}
|
||||||
|
|
||||||
|
{p.selector.type === "all" && (
|
||||||
|
<NWFSelectorAll {...p} selector={p.selector} version={4} />
|
||||||
|
)}
|
||||||
|
|
||||||
{(p.selector.type === "tcpipv6" ||
|
{(p.selector.type === "tcpipv6" ||
|
||||||
p.selector.type === "udpipv6" ||
|
p.selector.type === "udpipv6" ||
|
||||||
p.selector.type === "sctpipv6" ||
|
p.selector.type === "sctpipv6" ||
|
||||||
@ -269,6 +276,10 @@ function NWFSelectorEdit(p: {
|
|||||||
<NWFSelectorLayer4 {...p} selector={p.selector} version={6} />
|
<NWFSelectorLayer4 {...p} selector={p.selector} version={6} />
|
||||||
)}
|
)}
|
||||||
|
|
||||||
|
{p.selector.type === "allipv6" && (
|
||||||
|
<NWFSelectorAll {...p} selector={p.selector} version={6} />
|
||||||
|
)}
|
||||||
|
|
||||||
<TextInput
|
<TextInput
|
||||||
editable={p.editable}
|
editable={p.editable}
|
||||||
label="Comment"
|
label="Comment"
|
||||||
@ -599,22 +610,99 @@ function NWFSelectorLayer4(
|
|||||||
p.onChange?.();
|
p.onChange?.();
|
||||||
}}
|
}}
|
||||||
/>
|
/>
|
||||||
<SelectInput
|
<NWFConnStateInput
|
||||||
{...p}
|
{...p}
|
||||||
label="Connection state"
|
|
||||||
value={p.selector.state}
|
value={p.selector.state}
|
||||||
onValueChange={(s) => {
|
onChange={(v) => {
|
||||||
p.selector.state = s as any;
|
p.selector.state = v;
|
||||||
|
p.onChange?.();
|
||||||
|
}}
|
||||||
|
/>
|
||||||
|
</>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
function NWFSelectorAll(
|
||||||
|
p: SpecificSelectorEditorWithIPVersion<NWFSAllBase>
|
||||||
|
): React.ReactElement {
|
||||||
|
return (
|
||||||
|
<>
|
||||||
|
<MACInput
|
||||||
|
{...p}
|
||||||
|
label="Src mac address"
|
||||||
|
value={p.selector.srcmacaddr}
|
||||||
|
onValueChange={(v) => {
|
||||||
|
p.selector.srcmacaddr = v;
|
||||||
|
p.onChange?.();
|
||||||
|
}}
|
||||||
|
/>
|
||||||
|
<IPInputWithMask
|
||||||
|
{...p}
|
||||||
|
label="Source IP address / mask"
|
||||||
|
ip={p.selector.srcipaddr}
|
||||||
|
mask={p.selector.srcipmask}
|
||||||
|
version={p.version}
|
||||||
|
onValueChange={(ip, mask) => {
|
||||||
|
p.selector.srcipaddr = ip;
|
||||||
|
p.selector.srcipmask = mask;
|
||||||
|
p.onChange?.();
|
||||||
|
}}
|
||||||
|
/>
|
||||||
|
<IPInputWithMask
|
||||||
|
{...p}
|
||||||
|
label="Destination IP address / mask"
|
||||||
|
ip={p.selector.dstipaddr}
|
||||||
|
mask={p.selector.dstipmask}
|
||||||
|
version={p.version}
|
||||||
|
onValueChange={(ip, mask) => {
|
||||||
|
p.selector.dstipaddr = ip;
|
||||||
|
p.selector.dstipmask = mask;
|
||||||
|
p.onChange?.();
|
||||||
|
}}
|
||||||
|
/>
|
||||||
|
<IPInput
|
||||||
|
{...p}
|
||||||
|
label="Source IP from"
|
||||||
|
value={p.selector.srcipfrom}
|
||||||
|
onValueChange={(ip) => {
|
||||||
|
p.selector.srcipfrom = ip;
|
||||||
|
p.onChange?.();
|
||||||
|
}}
|
||||||
|
/>
|
||||||
|
<IPInput
|
||||||
|
{...p}
|
||||||
|
label="Source IP to"
|
||||||
|
value={p.selector.srcipto}
|
||||||
|
onValueChange={(ip) => {
|
||||||
|
p.selector.srcipto = ip;
|
||||||
|
p.onChange?.();
|
||||||
|
}}
|
||||||
|
/>
|
||||||
|
<IPInput
|
||||||
|
{...p}
|
||||||
|
label="Destination IP from"
|
||||||
|
value={p.selector.dstipfrom}
|
||||||
|
onValueChange={(ip) => {
|
||||||
|
p.selector.dstipfrom = ip;
|
||||||
|
p.onChange?.();
|
||||||
|
}}
|
||||||
|
/>
|
||||||
|
<IPInput
|
||||||
|
{...p}
|
||||||
|
label="Destination IP to"
|
||||||
|
value={p.selector.dstipto}
|
||||||
|
onValueChange={(ip) => {
|
||||||
|
p.selector.dstipto = ip;
|
||||||
|
p.onChange?.();
|
||||||
|
}}
|
||||||
|
/>
|
||||||
|
<NWFConnStateInput
|
||||||
|
{...p}
|
||||||
|
value={p.selector.state}
|
||||||
|
onChange={(v) => {
|
||||||
|
p.selector.state = v;
|
||||||
p.onChange?.();
|
p.onChange?.();
|
||||||
}}
|
}}
|
||||||
options={[
|
|
||||||
{ label: "None", value: undefined },
|
|
||||||
{ label: "NEW", value: "NEW" },
|
|
||||||
{ label: "ESTABLISHED", value: "ESTABLISHED" },
|
|
||||||
{ label: "RELATED", value: "RELATED" },
|
|
||||||
{ label: "INVALID", value: "INVALID" },
|
|
||||||
{ label: "NONE", value: "NONE" },
|
|
||||||
]}
|
|
||||||
/>
|
/>
|
||||||
</>
|
</>
|
||||||
);
|
);
|
||||||
|
Loading…
Reference in New Issue
Block a user