upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

net/haproxy: support many new conditions, refs #202

Browse source
This commit is contained in:
Frank Wall 2018-01-14 16:27:39 +01:00
parent d447b5d5a7
commit f171deba9f
4 changed files with 455 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

208
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
View file

@ -198,6 +198,214 @@
<type>text</type>
<help><![CDATA[Verify the source IPv4 address of the client of the session matches the specified IPv4 or IPv6 address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_bytes_in_rate</style>
</field>
<field>
<id>acl.src_bytes_in_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_bytes_in_rate</id>
<label>Incoming bytes rate</label>
<type>text</type>
<help><![CDATA[The average bytes rate from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_bytes_out_rate</style>
</field>
<field>
<id>acl.src_bytes_out_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_bytes_out_rate</id>
<label>Outgoing bytes rate</label>
<type>text</type>
<help><![CDATA[The average bytes rate to the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_conn_cnt</style>
</field>
<field>
<id>acl.src_conn_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_conn_cnt</id>
<label>Connections count</label>
<type>text</type>
<help><![CDATA[The cumulative number of connections initiated from the current incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_conn_cur</style>
</field>
<field>
<id>acl.src_conn_cur_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_conn_cur</id>
<label>Concurrent connections</label>
<type>text</type>
<help><![CDATA[The current amount of concurrent connections initiated from the current incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_conn_rate</style>
</field>
<field>
<id>acl.src_conn_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_conn_rate</id>
<label>Connection rate</label>
<type>text</type>
<help><![CDATA[The average connection rate from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_http_err_cnt</style>
</field>
<field>
<id>acl.src_http_err_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_http_err_cnt</id>
<label>HTTP error count</label>
<type>text</type>
<help><![CDATA[The cumulative number of HTTP errors from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_http_err_rate</style>
</field>
<field>
<id>acl.src_http_err_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_http_err_rate</id>
<label>HTTP error rate</label>
<type>text</type>
<help><![CDATA[The average rate of HTTP errors from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_http_req_cnt</style>
</field>
<field>
<id>acl.src_http_req_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_http_req_cnt</id>
<label>HTTP request count</label>
<type>text</type>
<help><![CDATA[The cumulative number of HTTP requests from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_http_req_rate</style>
</field>
<field>
<id>acl.src_http_req_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_http_req_rate</id>
<label>HTTP request rate</label>
<type>text</type>
<help><![CDATA[The average rate of HTTP requests from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_kbytes_in</style>
</field>
<field>
<id>acl.src_kbytes_in_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_kbytes_in</id>
<label>Data received</label>
<type>text</type>
<help><![CDATA[The total amount of data received from the incoming connection's source address (in kilobytes).]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_kbytes_out</style>
</field>
<field>
<id>acl.src_kbytes_out_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_kbytes_out</id>
<label>Data sent</label>
<type>text</type>
<help><![CDATA[The total amount of data sent to the incoming connection's source address (in kilobytes).]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_port</style>
</field>
<field>
<id>acl.src_port_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_port</id>
<label>Source port</label>
<type>text</type>
<help><![CDATA[An integer value corresponding to the TCP source port of the connection on the client side, which is the port the client connected from.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_sess_cnt</style>
</field>
<field>
<id>acl.src_sess_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_sess_cnt</id>
<label>Session count</label>
<type>text</type>
<help><![CDATA[The cumulative number of connections initiated from the incoming connection's source address.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>

2
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
View file

@ -86,7 +86,7 @@
<label>Stored data types</label>
<type>select_multiple</type>
<style>tokenize</style>
<help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
<help><![CDATA[This is used to store additional information in the stick-table. It may be used by ACLs in order to control various criteria related to the activity of the client matching the stick-table. Note that this directly impacts memory usage. See the <a target="_blank" href="http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#stick-table">HAProxy documentation</a> for a full description.]]></help>
</field>
<field>
<id>backend.stickiness_expire</id>

220
net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
View file

@ -951,9 +951,6 @@
<path_end>Path ends with</path_end>
<path>Path matches</path>
<path_reg>Path regex</path_reg>
<!-- XXX: Notes for migration (added a new similar option):
path_contains = path_dir (Path contains subdir)
NEW: path_sub (Path contains string) -->
<path_dir>Path contains subdir</path_dir>
<path_sub>Path contains string</path_sub>
<url_param>URL parameter contains</url_param>
@ -962,6 +959,26 @@
<ssl_c_verify_code>SSL Client certificate verify error result</ssl_c_verify_code>
<ssl_c_ca_commonname>SSL Client certificate issued by CA common-name</ssl_c_ca_commonname>
<src>Source IP matches specified IP</src>
<src_is_local>Source IP is local</src_is_local>
<src_port>Source IP: TCP source port</src_port>
<src_bytes_in_rate>Source IP: incoming bytes rate</src_bytes_in_rate>
<src_bytes_out_rate>Source IP: outgoing bytes rate</src_bytes_out_rate>
<src_kbytes_in>Source IP: amount of data received (in kilobytes)</src_kbytes_in>
<src_kbytes_out>Source IP: amount of data sent (in kilobytes)</src_kbytes_out>
<!-- <src_clr_gpc0>Source IP: clear first General Purpose Counter</src_clr_gpc0> -->
<src_conn_cnt>Source IP: cumulative number of connections</src_conn_cnt>
<src_conn_cur>Source IP: concurrent connections</src_conn_cur>
<src_conn_rate>Source IP: connection rate</src_conn_rate>
<!-- <src_get_gpc0>Source IP: get first General Purpose Counter</src_get_gpc0> -->
<!-- <src_get_gpt0>Source IP: get first General Purpose Tag</src_get_gpt0> -->
<!-- <src_gpc0_rate>Source IP: increment rate of the first General Purpose Counter</src_gpc0_rate> -->
<src_http_err_cnt>Source IP: cumulative number of HTTP errors</src_http_err_cnt>
<src_http_err_rate>Source IP: rate of HTTP errors</src_http_err_rate>
<src_http_req_cnt>Source IP: number of HTTP requests</src_http_req_cnt>
<src_http_req_rate>Source IP: rate of HTTP requests</src_http_req_rate>
<!-- <src_inc_gpc0>Source IP: increment the first General Purpose Counter</src_inc_gpc0> -->
<src_sess_cnt>Source IP: cumulative number of connections</src_sess_cnt>
<src_sess_rate>Source IP: session rate</src_sess_rate>
<nbsrv>Minimum number of usable servers in backend</nbsrv>
<traffic_is_http>Traffic is HTTP</traffic_is_http>
<traffic_is_ssl>Traffic is SSL</traffic_is_ssl>
@ -1054,6 +1071,202 @@
<mask>/^.{1,4096}$/u</mask>
<Required>N</Required>
</src>
<src_bytes_in_rate_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_bytes_in_rate_comparison>
<src_bytes_in_rate type="IntegerField">
<Required>N</Required>
</src_bytes_in_rate>
<src_bytes_out_rate_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_bytes_out_rate_comparison>
<src_bytes_out_rate type="IntegerField">
<Required>N</Required>
</src_bytes_out_rate>
<src_conn_cnt_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_conn_cnt_comparison>
<src_conn_cnt type="IntegerField">
<Required>N</Required>
</src_conn_cnt>
<src_conn_cur_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_conn_cur_comparison>
<src_conn_cur type="IntegerField">
<Required>N</Required>
</src_conn_cur>
<src_conn_rate_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_conn_rate_comparison>
<src_conn_rate type="IntegerField">
<Required>N</Required>
</src_conn_rate>
<src_http_err_cnt_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_http_err_cnt_comparison>
<src_http_err_cnt type="IntegerField">
<Required>N</Required>
</src_http_err_cnt>
<src_http_err_rate_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_http_err_rate_comparison>
<src_http_err_rate type="IntegerField">
<Required>N</Required>
</src_http_err_rate>
<src_http_req_cnt_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_http_req_cnt_comparison>
<src_http_req_cnt type="IntegerField">
<Required>N</Required>
</src_http_req_cnt>
<src_http_req_rate_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_http_req_rate_comparison>
<src_http_req_rate type="IntegerField">
<Required>N</Required>
</src_http_req_rate>
<src_kbytes_in_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_kbytes_in_comparison>
<src_kbytes_in type="IntegerField">
<Required>N</Required>
</src_kbytes_in>
<src_kbytes_out_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_kbytes_out_comparison>
<src_kbytes_out type="IntegerField">
<Required>N</Required>
</src_kbytes_out>
<src_port_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_port_comparison>
<src_port type="IntegerField">
<Required>N</Required>
</src_port>
<src_sess_cnt_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_sess_cnt_comparison>
<src_sess_cnt type="IntegerField">
<Required>N</Required>
</src_sess_cnt>
<src_sess_rate_comparison type="OptionField">
<Required>N</Required>
<default>gt</default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_sess_rate_comparison>
<src_sess_rate type="IntegerField">
<Required>N</Required>
</src_sess_rate>
<nbsrv type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>500000</MaximumValue>
@ -1158,7 +1371,6 @@
</operator>
<type type="OptionField">
<Required>Y</Required>
<!-- XXX TODO: use more user-friendly names instead of HAProxys option names -->
<OptionValues>
<use_backend>Use specified Backend Pool</use_backend>
<use_server>Override server in Backend Pool</use_server>

30
net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
View file

@ -172,6 +172,36 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_is_local' %}
{% do acl_options.append('src_is_local') %}
{% elif acl_data.expression == 'src_bytes_in_rate' %}
{% do acl_options.append('src_bytes_in_rate ' ~ acl_data.src_bytes_in_rate_comparison ~ ' ' ~ acl_data.src_bytes_in_rate) %}
{% elif acl_data.expression == 'src_bytes_out_rate' %}
{% do acl_options.append('src_bytes_out_rate ' ~ acl_data.src_bytes_out_rate_comparison ~ ' ' ~ acl_data.src_bytes_out_rate) %}
{% elif acl_data.expression == 'src_conn_cnt' %}
{% do acl_options.append('src_conn_cnt ' ~ acl_data.src_conn_cnt_comparison ~ ' ' ~ acl_data.src_conn_cnt) %}
{% elif acl_data.expression == 'src_conn_cur' %}
{% do acl_options.append('src_conn_cur ' ~ acl_data.src_conn_cur_comparison ~ ' ' ~ acl_data.src_conn_cur) %}
{% elif acl_data.expression == 'src_conn_rate' %}
{% do acl_options.append('src_conn_rate ' ~ acl_data.src_conn_rate_comparison ~ ' ' ~ acl_data.src_conn_rate) %}
{% elif acl_data.expression == 'src_http_err_cnt' %}
{% do acl_options.append('src_http_err_cnt ' ~ acl_data.src_http_err_cnt_comparison ~ ' ' ~ acl_data.src_http_err_cnt) %}
{% elif acl_data.expression == 'src_http_err_rate' %}
{% do acl_options.append('src_http_err_rate ' ~ acl_data.src_http_err_rate_comparison ~ ' ' ~ acl_data.src_http_err_rate) %}
{% elif acl_data.expression == 'src_http_req_cnt' %}
{% do acl_options.append('src_http_req_cnt ' ~ acl_data.src_http_req_cnt_comparison ~ ' ' ~ acl_data.src_http_req_cnt) %}
{% elif acl_data.expression == 'src_http_req_rate' %}
{% do acl_options.append('src_http_req_rate ' ~ acl_data.src_http_req_rate_comparison ~ ' ' ~ acl_data.src_http_req_rate) %}
{% elif acl_data.expression == 'src_kbytes_in' %}
{% do acl_options.append('src_kbytes_in ' ~ acl_data.src_kbytes_in_comparison ~ ' ' ~ acl_data.src_kbytes_in) %}
{% elif acl_data.expression == 'src_kbytes_out' %}
{% do acl_options.append('src_kbytes_out ' ~ acl_data.src_kbytes_out_comparison ~ ' ' ~ acl_data.src_kbytes_out) %}
{% elif acl_data.expression == 'src_port' %}
{% do acl_options.append('src_port ' ~ acl_data.src_port_comparison ~ ' ' ~ acl_data.src_port) %}
{% elif acl_data.expression == 'src_sess_cnt' %}
{% do acl_options.append('src_sess_cnt' ~ acl_data.src_sess_cnt_comparison ~ ' ' ~ acl_data.src_sess_cnt) %}
{% elif acl_data.expression == 'src_sess_rate' %}
{% do acl_options.append('src_sess_rate ' ~ acl_data.src_sess_rate_comparison ~ ' ' ~ acl_data.src_sess_rate) %}
{% elif acl_data.expression == 'nbsrv' %}
{% do acl_options.append('') %}
{% if acl_data.nbsrv|default("") != "" %}