diff options
author | bcyrill <cyrill@bannwart.info> | 2012-10-01 14:44:02 +0200 |
---|---|---|
committer | bcyrill <cyrill@bannwart.info> | 2012-10-01 14:44:02 +0200 |
commit | 79cc9e6b910339a69a83e3926b2776def08ae9ab (patch) | |
tree | d10018de031652901f330394112431fb02b92deb /etc | |
parent | 19d61d2731c1fb0baf877632e8e482bf3ff57bdd (diff) | |
download | pfsense-79cc9e6b910339a69a83e3926b2776def08ae9ab.zip pfsense-79cc9e6b910339a69a83e3926b2776def08ae9ab.tar.gz |
Add ECE and CWR TCP flags as defined in RFC 3168
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 18 | ||||
-rw-r--r-- | etc/inc/globals.inc | 2 |
2 files changed, 15 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index c62bba5..8b596ee 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2200,14 +2200,24 @@ function filter_generate_user_rule($rule) { $aline['flags'] = "flags "; if (!empty($rule['tcpflags1'])) { $flags1 = explode(",", $rule['tcpflags1']); - foreach ($flags1 as $flag1) - $aline['flags'] .= strtoupper($flag1[0]); + foreach ($flags1 as $flag1) { + // CWR flag needs special treatment + if($flag1[0] == "c") + $aline['flags'] .= "W"; + else + $aline['flags'] .= strtoupper($flag1[0]); + } } $aline['flags'] .= "/"; if (!empty($rule['tcpflags2'])) { $flags2 = explode(",", $rule['tcpflags2']); - foreach ($flags2 as $flag2) - $aline['flags'] .= strtoupper($flag2[0]); + foreach ($flags2 as $flag2) { + // CWR flag needs special treatment + if($flag1[0] == "c") + $aline['flags'] .= "W"; + else + $aline['flags'] .= strtoupper($flag2[0]); + } } $aline['flags'] .= " "; } else diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 51fbc22..b5c4eee 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -100,7 +100,7 @@ $g = array( $iptos = array("lowdelay", "throughput", "reliability"); /* TCP flags */ -$tcpflags = array("syn", "ack", "fin", "rst", "psh", "urg"); +$tcpflags = array("syn", "ack", "fin", "rst", "psh", "urg", "ece", "cwr"); if(file_exists("/etc/platform")) { $arch = php_uname("m"); |