From fcc96054a0935a2eb4aa380ccf0fc8c44987715f Mon Sep 17 00:00:00 2001
From: Renato Botelho <garga@FreeBSD.org>
Date: Thu, 11 Dec 2014 19:47:05 -0200
Subject: Split ICMP and ICMPv6 types on Firewall Rules

- Remove redundant declaration of $icmptypes and move it to a common
place (filter.inc)
- Add missing ICMP types for v4
- Add ICMPv6 types
- Adjust javascripts to show correct options depending of IP Protocol
- Hide ICMP type selection when protocol is IPv4+v6

It fixes #3389
---
 etc/inc/filter.inc                                 | 61 ++++++++++++++++++++++
 usr/local/www/firewall_rules.php                   | 24 ++-------
 usr/local/www/firewall_rules_edit.php              | 52 +++++++++---------
 .../firewall_rules_edit/firewall_rules_edit.js     | 14 ++++-
 4 files changed, 104 insertions(+), 47 deletions(-)

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 2c04067..e65ca64 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -57,6 +57,67 @@ $filterdns = array();
 /* Used for aliases and interface macros */
 $aliases = "";
 
+/* ICMP v4 types */
+$icmptypes = array(
+	""		=> gettext("any"),
+	"echoreq"	=> gettext("Echo request"),
+	"echorep"	=> gettext("Echo reply"),
+	"unreach"	=> gettext("Destination unreachable"),
+	"squench"	=> gettext("Source quench"),
+	"redir"		=> gettext("Redirect"),
+	"althost"	=> gettext("Alternate Host"),
+	"routeradv"	=> gettext("Router advertisement"),
+	"routersol"	=> gettext("Router solicitation"),
+	"timex"		=> gettext("Time exceeded"),
+	"paramprob"	=> gettext("Invalid IP header"),
+	"timereq"	=> gettext("Timestamp"),
+	"timerep"	=> gettext("Timestamp reply"),
+	"inforeq"	=> gettext("Information request"),
+	"inforep"	=> gettext("Information reply"),
+	"maskreq"	=> gettext("Address mask request"),
+	"maskrep"	=> gettext("Address mask reply"),
+	"trace"		=> gettext("Traceroute"),
+	"dataconv"	=> gettext("Datagram conversion error"),
+	"mobredir"	=> gettext("Mobile host redirect"),
+	"ipv6-where"	=> gettext("IPv6 where-are-you"),
+	"ipv6-here"	=> gettext("IPv6 I-am-here"),
+	"mobregreq"	=> gettext("Mobile registration request"),
+	"mobregrep"	=> gettext("Mobile registration reply"),
+	"skip"		=> gettext("SKIP"),
+	"photuris"	=> gettext("Photuris")
+);
+
+/* ICMP v6 types */
+$icmp6types = array(
+	""		=> gettext("any"),
+	"unreach"	=> gettext("Destination unreachable"),
+	"toobig"	=> gettext("Packet too big"),
+	"timex"		=> gettext("Time exceeded"),
+	"paramprob"	=> gettext("Parameter problem"),
+	"echoreq"	=> gettext("Echo request"),
+	"echorep"	=> gettext("Echo reply"),
+	"groupqry"	=> gettext("Group membership query"),
+	"listqry"	=> gettext("Multicast listener query"),
+	"grouprep"	=> gettext("Group membership report"),
+	"listenrep"	=> gettext("Multicast listener report"),
+	"groupterm"	=> gettext("Group membership termination"),
+	"listendone"	=> gettext("Multicast listener done"),
+	"routersol"	=> gettext("Router solicitation"),
+	"routeradv"	=> gettext("Router advertisement"),
+	"neighbrsol"	=> gettext("Neighbor solicitation"),
+	"neighbradv"	=> gettext("Neighbor advertisement"),
+	"redir"		=> gettext("Redirect"),
+	"routrrenum"	=> gettext("Router renumbering"),
+	"wrureq"	=> gettext("Who are you request"),
+	"wrurep"	=> gettext("Who are you reply"),
+	"fqdnreq"	=> gettext("FQDN query"),
+	"fqdnrep"	=> gettext("FQDN reply"),
+	"niqry"		=> gettext("Node information request"),
+	"nirep"		=> gettext("Node information reply"),
+	"mtraceresp"	=> gettext("mtrace resp"),
+	"mtrace"	=> gettext("mtrace messages")
+);
+
 global $tracker;
 $tracker = 1000000000;
 
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php
index fe98195..250ce64 100644
--- a/usr/local/www/firewall_rules.php
+++ b/usr/local/www/firewall_rules.php
@@ -123,26 +123,6 @@ if($_REQUEST['dragdroporder']) {
 	exit;
 }
 
-$icmptypes = array(
-	"" => gettext("any"),
-	"echoreq" => gettext("Echo request"),
-	"echorep" => gettext("Echo reply"),
-	"unreach" => gettext("Destination unreachable"),
-	"squench" => gettext("Source quench"),
-	"redir" => gettext("Redirect"),
-	"althost" => gettext("Alternate Host"),
-	"routeradv" => gettext("Router advertisement"),
-	"routersol" => gettext("Router solicitation"),
-	"timex" => gettext("Time exceeded"),
-	"paramprob" => gettext("Invalid IP header"),
-	"timereq" => gettext("Timestamp"),
-	"timerep" => gettext("Timestamp reply"),
-	"inforeq" => gettext("Information request"),
-	"inforep" => gettext("Information reply"),
-	"maskreq" => gettext("Address mask request"),
-	"maskrep" => gettext("Address mask reply")
-);
-
 /* add group interfaces */
 if (is_array($config['ifgroups']['ifgroupentry']))
 	foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
@@ -714,7 +694,9 @@ if($_REQUEST['undodrag']) {
 				if (isset($filterent['protocol'])) {
 					echo strtoupper($filterent['protocol']);
 					if (strtoupper($filterent['protocol']) == "ICMP" && !empty($filterent['icmptype'])) {
-						echo ' <span style="cursor: help;" title="ICMP type: ' . $icmptypes[$filterent['icmptype']] . '"><u>';
+						echo ' <span style="cursor: help;" title="ICMP type: ' .
+							( $filterent['ipprotocol'] == "inet6" ?  $icmp6types[$filterent['icmptype']] : $icmptypes[$filterent['icmptype']] ) .
+							'"><u>';
 						echo $filterent['icmptype'];
 						echo '</u></span>';
 					}
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 1b81349..ae12d96 100644
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -691,9 +691,14 @@ if ($_POST) {
 		else
 			unset($filterent['protocol']);
 
-		if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
-			$filterent['icmptype'] = $_POST['icmptype'];
-		else
+		if ($_POST['proto'] == "icmp") {
+			if ($filterent['ipprotocol'] == 'inet6' && $_POST['icmp6type'])
+				$filterent['icmptype'] = $_POST['icmp6type'];
+			else if ($filterent['ipprotocol'] != 'inet6' && $_POST['icmptype'])
+				$filterent['icmptype'] = $_POST['icmptype'];
+			else
+				unset($filterent['icmptype']);
+		} else
 			unset($filterent['icmptype']);
 
 		pconfig_to_address($filterent['source'], $_POST['src'],
@@ -966,7 +971,7 @@ include("head.inc");
 		<tr>
 			<td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td>
 			<td width="78%" class="vtable">
-				<select name="ipprotocol" class="formselect">
+				<select name="ipprotocol" class="formselect" onchange="proto_change()">
 					<?php      $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6' );
 				foreach ($ipproto as $proto => $name): ?>
 				<option value="<?=$proto;?>"
@@ -998,27 +1003,24 @@ include("head.inc");
 			<td class="vtable">
 				<select <?=$edit_disabled;?> name="icmptype" class="formselect">
 <?php
-				$icmptypes = array(
-				"" => gettext("any"),
-				"echoreq" => gettext("Echo request"),
-				"echorep" => gettext("Echo reply"),
-				"unreach" => gettext("Destination unreachable"),
-				"squench" => gettext("Source quench"),
-				"redir" => gettext("Redirect"),
-				"althost" => gettext("Alternate Host"),
-				"routeradv" => gettext("Router advertisement"),
-				"routersol" => gettext("Router solicitation"),
-				"timex" => gettext("Time exceeded"),
-				"paramprob" => gettext("Invalid IP header"),
-				"timereq" => gettext("Timestamp"),
-				"timerep" => gettext("Timestamp reply"),
-				"inforeq" => gettext("Information request"),
-				"inforep" => gettext("Information reply"),
-				"maskreq" => gettext("Address mask request"),
-				"maskrep" => gettext("Address mask reply")
-				);
-
-				foreach ($icmptypes as $icmptype => $descr): ?>
+				foreach ($icmptypes as $icmptype => $descr):
+?>
+					<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($descr);?></option>
+<?php
+				endforeach;
+?>
+				</select>
+				<br />
+				<span class="vexpl"><?=gettext("If you selected ICMP for the protocol above, you may specify an ICMP type here.");?></span>
+			</td>
+		</tr>
+		<tr id="icmp6box">
+			<td valign="top" class="vncell"><?=gettext("ICMPv6 type");?></td>
+			<td class="vtable">
+				<select <?=$edit_disabled;?> name="icmp6type" class="formselect">
+<?php
+				foreach ($icmp6types as $icmptype => $descr):
+?>
 					<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($descr);?></option>
 <?php
 				endforeach;
diff --git a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js
index f8d714d..de1ff0c 100644
--- a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js
+++ b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js
@@ -111,16 +111,28 @@ function proto_change() {
 
 	if (document.iform.proto.selectedIndex == 3) {
 		document.iform.icmptype.disabled = 0;
+		document.iform.icmp6type.disabled = 0;
 	} else {
 		document.iform.icmptype.disabled = 1;
+		document.iform.icmp6type.disabled = 1;
 	}
 
 	ext_change();
 
 	if(document.iform.proto.selectedIndex == 3 || document.iform.proto.selectedIndex == 4) {
-		document.getElementById("icmpbox").style.display = '';
+		if(document.iform.ipprotocol.selectedIndex == 0) { // IPv4
+			document.getElementById("icmpbox").style.display = '';
+			document.getElementById("icmp6box").style.display = 'none';
+		} else if(document.iform.ipprotocol.selectedIndex == 1) { // IPv6
+			document.getElementById("icmpbox").style.display = 'none';
+			document.getElementById("icmp6box").style.display = '';
+		} else { // IPv4 + IPv6
+			document.getElementById("icmpbox").style.display = 'none';
+			document.getElementById("icmp6box").style.display = 'none';
+		}
 	} else {
 		document.getElementById("icmpbox").style.display = 'none';
+		document.getElementById("icmp6box").style.display = 'none';
 	}
 
 	if(document.iform.proto.selectedIndex >= 0 && document.iform.proto.selectedIndex <= 2) {
-- 
cgit v1.1