diff options
author | Daniil Baturin <daniil@vyos.io> | 2021-09-11 08:44:24 +0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-11 08:44:24 +0700 |
commit | 669be75e7e16d584c83ec73a0b433627849c2959 (patch) | |
tree | 191f1da538403fda2a29bfdb33340a9dcca02445 /interface-definitions/system-conntrack.xml.in | |
parent | f9d56f2feaf64f078ee019ecfbe470ddefcfe064 (diff) | |
parent | d73c862e24a8e5eaf4ff3058836f6fae50653f6e (diff) | |
download | vyos-1x-669be75e7e16d584c83ec73a0b433627849c2959.tar.gz vyos-1x-669be75e7e16d584c83ec73a0b433627849c2959.zip |
Merge pull request #1001 from erkin/equuleus
T3275: conntrack: Backport XML/Python implementation of conntrack CLI
Diffstat (limited to 'interface-definitions/system-conntrack.xml.in')
-rw-r--r-- | interface-definitions/system-conntrack.xml.in | 334 |
1 files changed, 334 insertions, 0 deletions
diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in new file mode 100644 index 000000000..daa4177c9 --- /dev/null +++ b/interface-definitions/system-conntrack.xml.in @@ -0,0 +1,334 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="conntrack" owner="${vyos_conf_scripts_dir}/conntrack.py"> + <properties> + <help>Connection Tracking Engine Options</help> + <!-- Before NAT and conntrack-sync are configured --> + <priority>218</priority> + </properties> + <children> + <leafNode name="expect-table-size"> + <properties> + <help>Size of connection tracking expect table</help> + <valueHelp> + <format>u32:1-50000000</format> + <description>Number of entries allowed in connection tracking expect table</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-50000000"/> + </constraint> + </properties> + <defaultValue>2048</defaultValue> + </leafNode> + <leafNode name="hash-size"> + <properties> + <help>Hash size for connection tracking table</help> + <valueHelp> + <format>u32:1-50000000</format> + <description>Size of hash to use for connection tracking table</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-50000000"/> + </constraint> + </properties> + <defaultValue>32768</defaultValue> + </leafNode> + <node name="modules"> + <properties> + <help>Connection tracking modules</help> + </properties> + <children> + <leafNode name="ftp"> + <properties> + <help>FTP connection tracking</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="h323"> + <properties> + <help>H.323 connection tracking</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="nfs"> + <properties> + <help>NFS connection tracking</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="pptp"> + <properties> + <help>PPTP connection tracking</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="sip"> + <properties> + <help>SIP connection tracking</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="sqlnet"> + <properties> + <help>SQLnet connection tracking</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="tftp"> + <properties> + <help>TFTP connection tracking</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="table-size"> + <properties> + <help>Size of connection tracking table</help> + <valueHelp> + <format>u32:1-50000000</format> + <description>Number of entries allowed in connection tracking table</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-50000000"/> + </constraint> + </properties> + <defaultValue>262144</defaultValue> + </leafNode> + <node name="tcp"> + <properties> + <help>TCP options</help> + </properties> + <children> + <leafNode name="half-open-connections"> + <properties> + <help>Maximum number of TCP half-open connections</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Generic connection timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + <defaultValue>512</defaultValue> + </leafNode> + <leafNode name="loose"> + <properties> + <help>Policy to track previously established connections</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Allow tracking of previously established connections</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Do not allow tracking of previously established connections</description> + </valueHelp> + <constraint> + <regex>^(enable|disable)$</regex> + </constraint> + </properties> + <defaultValue>enable</defaultValue> + </leafNode> + <leafNode name="max-retrans"> + <properties> + <help>TCP maximum retransmit attempts</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Generic connection timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + <defaultValue>3</defaultValue> + </leafNode> + </children> + </node> + <node name="timeout"> + <properties> + <help>Connection timeout options</help> + </properties> + <children> + <leafNode name="icmp"> + <properties> + <help>ICMP timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>ICMP timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="other"> + <properties> + <help>Generic connection timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>Generic connection timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>600</defaultValue> + </leafNode> + <node name="tcp"> + <properties> + <help>TCP connection timeout options</help> + </properties> + <children> + <leafNode name="close-wait"> + <properties> + <help>TCP CLOSE-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP CLOSE-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> + </leafNode> + <leafNode name="close"> + <properties> + <help>TCP CLOSE timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP CLOSE timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + <leafNode name="established"> + <properties> + <help>TCP ESTABLISHED timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP ESTABLISHED timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>432000</defaultValue> + </leafNode> + <leafNode name="fin-wait"> + <properties> + <help>TCP FIN-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP FIN-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="last-ack"> + <properties> + <help>TCP LAST-ACK timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP LAST-ACK timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="syn-recv"> + <properties> + <help>TCP SYN-RECEIVED timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP SYN-RECEIVED timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> + </leafNode> + <leafNode name="syn-sent"> + <properties> + <help>TCP SYN-SENT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP SYN-SENT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="time-wait"> + <properties> + <help>TCP TIME-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP TIME-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + </children> + </node> + <node name="udp"> + <properties> + <help>UDP timeout options</help> + </properties> + <children> + <leafNode name="other"> + <properties> + <help>UDP generic timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>UDP generic timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="stream"> + <properties> + <help>UDP stream timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>UDP stream timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + <defaultValue>180</defaultValue> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> |