nwfilters: support for TCP flags evaluation

This patch adds support for the evaluation of TCP flags in nwfilters. It adds documentation to the web page and extends the tests as well. Also, the nwfilter schema is extended. The following are some example for rules using the tcp flags: <rule action='accept' direction='in'> <tcp state='NONE' flags='SYN/ALL' dsptportstart='80'/> </rule> <rule action='drop' direction='in'> <tcp state='NONE' flags='SYN/ALL'/> </rule>
2025-02-25 18:55:26 -06:00 · 2011-04-07 20:13:38 -04:00
parent 80427f1d87
commit 6ab24feb44
8 changed files with 174 additions and 10 deletions
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@@ -755,6 +755,11 @@
         <td>STRING</td>
         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
       </tr>
+       <tr>
+         <td>flags <span class="since">(Since 0.9.1)</span></td>
+         <td>STRING</td>
+         <td>TCP-only: format of mask/flags with mask and flags each being a comma separated list of SYN,ACK,URG,PSH,FIN,RST or NONE or ALL</td>
+       </tr>
      </table>
    <p>
      <br/><br/>
@@ -1040,6 +1045,11 @@
         <td>STRING</td>
         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
       </tr>
+       <tr>
+         <td>flags <span class="since">(Since 0.9.1)</span></td>
+         <td>STRING</td>
+         <td>TCP-only: format of mask/flags with mask and flags each being a comma separated list of SYN,ACK,URG,PSH,FIN,RST or NONE or ALL</td>
+       </tr>
      </table>
    <p>
      <br/><br/>
--- a/docs/schemas/nwfilter.rng
+++ b/docs/schemas/nwfilter.rng
@@ -81,6 +81,7 @@
                  <ref name="common-port-attributes"/>
                  <ref name="common-ip-attributes-p1"/>
                  <ref name="common-ip-attributes-p2"/>
+                  <ref name="tcp-attributes"/>
                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
@@ -184,6 +185,7 @@
                  <ref name="common-port-attributes"/>
                  <ref name="common-ipv6-attributes-p1"/>
                  <ref name="common-ipv6-attributes-p2"/>
+                  <ref name="tcp-attributes"/>
                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
@@ -606,6 +608,14 @@
    </optional>
  </define>

+  <define name="tcp-attributes">
+    <optional>
+      <attribute name="flags">
+        <ref name="tcpflags-type"/>
+      </attribute>
+    </optional>
+  </define>
+
  <!-- ################  type library ################ -->

  <define name="UUID">
@@ -872,4 +882,10 @@
      <param name="pattern">((NEW|ESTABLISHED|RELATED|INVALID)(,(NEW|ESTABLISHED|RELATED|INVALID))*|NONE)</param>
    </data>
  </define>
+
+  <define name='tcpflags-type'>
+    <data type="string">
+      <param name="pattern">((SYN|ACK|URG|PSH|FIN|RST)(,(SYN|ACK|URG|PSH|FIN|RST))*|ALL|NONE)/((SYN|ACK|URG|PSH|FIN|RST)(,(SYN|ACK|URG|PSH|FIN|RST))*|ALL|NONE)</param>
+    </data>
+  </define>
 </grammar>