From d601e79da593528599829290859769d72412f426 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Thu, 16 Jan 2020 16:12:38 +0100
Subject: [PATCH] luci-app-firewall: support 'helper' and 'set_helper'
 parameters for rules

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 .../resources/view/firewall/rules.js          | 45 ++++++++++++++++---
 1 file changed, 40 insertions(+), 5 deletions(-)

diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
index 8c50baa820..1d9af33fca 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@@ -148,14 +148,23 @@ return L.view.extend({
 		expect: { '': {} }
 	}),
 
+	callConntrackHelpers: rpc.declare({
+		object: 'luci',
+		method: 'getConntrackHelpers',
+		expect: { result: [] }
+	}),
+
 	load: function() {
-		return this.callHostHints().catch(function(e) {
-			console.debug('load fail', e);
-		});
+		return Promise.all([
+			this.callHostHints(),
+			this.callConntrackHelpers()
+		]);
 	},
 
-	render: function(hosts) {
-		var m, s, o;
+	render: function(data) {
+		var hosts = data[0],
+		    ctHelpers = data[1],
+		    m, s, o;
 
 		m = new form.Map('firewall', _('Firewall - Traffic Rules'),
 			_('Traffic rules define policies for packets traveling between different zones, for example to reject traffic between certain hosts or to open WAN ports on the router.'));
@@ -383,6 +392,32 @@ return L.view.extend({
 		o.value('ACCEPT', _('accept'));
 		o.value('REJECT', _('reject'));
 		o.value('NOTRACK', _("don't track"));
+		o.value('HELPER', _('assign conntrack helper'));
+
+		o = s.taboption('general', form.ListValue, 'set_helper', _('Tracking helper'), _('Assign the specified connection tracking helper to matched traffic.'));
+		o.modalonly = true;
+		o.placeholder = _('any');
+		o.depends('target', 'HELPER');
+		for (var i = 0; i < ctHelpers.length; i++)
+			o.value(ctHelpers[i].name, '%s (%s)'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase()));
+
+		o = s.taboption('advanced', form.Value, 'helper', _('Match helper'), _('Match traffic using the specified connection tracking helper.'));
+		o.modalonly = true;
+		o.placeholder = _('any');
+		for (var i = 0; i < ctHelpers.length; i++)
+			o.value(ctHelpers[i].name, '%s (%s)'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase()));
+		o.validate = function(section_id, value) {
+			if (value == '' || value == null)
+				return true;
+
+			value = value.replace(/^!\s*/, '');
+
+			for (var i = 0; i < ctHelpers.length; i++)
+				if (value == ctHelpers[i].name)
+					return true;
+
+			return _('Unknown or not installed conntrack helper "%s"').format(value);
+		};
 
 		o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
 			_('Passes additional arguments to iptables. Use with care!'));
-- 
2.30.2