summaryrefslogtreecommitdiff
path: root/interface-definitions/system-conntrack.xml.in
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2021-09-11 08:44:24 +0700
committerGitHub <noreply@github.com>2021-09-11 08:44:24 +0700
commit669be75e7e16d584c83ec73a0b433627849c2959 (patch)
tree191f1da538403fda2a29bfdb33340a9dcca02445 /interface-definitions/system-conntrack.xml.in
parentf9d56f2feaf64f078ee019ecfbe470ddefcfe064 (diff)
parentd73c862e24a8e5eaf4ff3058836f6fae50653f6e (diff)
downloadvyos-1x-669be75e7e16d584c83ec73a0b433627849c2959.tar.gz
vyos-1x-669be75e7e16d584c83ec73a0b433627849c2959.zip
Merge pull request #1001 from erkin/equuleus
T3275: conntrack: Backport XML/Python implementation of conntrack CLI
Diffstat (limited to 'interface-definitions/system-conntrack.xml.in')
-rw-r--r--interface-definitions/system-conntrack.xml.in334
1 files changed, 334 insertions, 0 deletions
diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in
new file mode 100644
index 000000000..daa4177c9
--- /dev/null
+++ b/interface-definitions/system-conntrack.xml.in
@@ -0,0 +1,334 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="system">
+ <children>
+ <node name="conntrack" owner="${vyos_conf_scripts_dir}/conntrack.py">
+ <properties>
+ <help>Connection Tracking Engine Options</help>
+ <!-- Before NAT and conntrack-sync are configured -->
+ <priority>218</priority>
+ </properties>
+ <children>
+ <leafNode name="expect-table-size">
+ <properties>
+ <help>Size of connection tracking expect table</help>
+ <valueHelp>
+ <format>u32:1-50000000</format>
+ <description>Number of entries allowed in connection tracking expect table</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-50000000"/>
+ </constraint>
+ </properties>
+ <defaultValue>2048</defaultValue>
+ </leafNode>
+ <leafNode name="hash-size">
+ <properties>
+ <help>Hash size for connection tracking table</help>
+ <valueHelp>
+ <format>u32:1-50000000</format>
+ <description>Size of hash to use for connection tracking table</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-50000000"/>
+ </constraint>
+ </properties>
+ <defaultValue>32768</defaultValue>
+ </leafNode>
+ <node name="modules">
+ <properties>
+ <help>Connection tracking modules</help>
+ </properties>
+ <children>
+ <leafNode name="ftp">
+ <properties>
+ <help>FTP connection tracking</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="h323">
+ <properties>
+ <help>H.323 connection tracking</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="nfs">
+ <properties>
+ <help>NFS connection tracking</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="pptp">
+ <properties>
+ <help>PPTP connection tracking</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="sip">
+ <properties>
+ <help>SIP connection tracking</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="sqlnet">
+ <properties>
+ <help>SQLnet connection tracking</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="tftp">
+ <properties>
+ <help>TFTP connection tracking</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="table-size">
+ <properties>
+ <help>Size of connection tracking table</help>
+ <valueHelp>
+ <format>u32:1-50000000</format>
+ <description>Number of entries allowed in connection tracking table</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-50000000"/>
+ </constraint>
+ </properties>
+ <defaultValue>262144</defaultValue>
+ </leafNode>
+ <node name="tcp">
+ <properties>
+ <help>TCP options</help>
+ </properties>
+ <children>
+ <leafNode name="half-open-connections">
+ <properties>
+ <help>Maximum number of TCP half-open connections</help>
+ <valueHelp>
+ <format>u32:1-2147483647</format>
+ <description>Generic connection timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-2147483647"/>
+ </constraint>
+ </properties>
+ <defaultValue>512</defaultValue>
+ </leafNode>
+ <leafNode name="loose">
+ <properties>
+ <help>Policy to track previously established connections</help>
+ <completionHelp>
+ <list>enable disable</list>
+ </completionHelp>
+ <valueHelp>
+ <format>enable</format>
+ <description>Allow tracking of previously established connections</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disable</format>
+ <description>Do not allow tracking of previously established connections</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(enable|disable)$</regex>
+ </constraint>
+ </properties>
+ <defaultValue>enable</defaultValue>
+ </leafNode>
+ <leafNode name="max-retrans">
+ <properties>
+ <help>TCP maximum retransmit attempts</help>
+ <valueHelp>
+ <format>u32:1-2147483647</format>
+ <description>Generic connection timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-2147483647"/>
+ </constraint>
+ </properties>
+ <defaultValue>3</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ <node name="timeout">
+ <properties>
+ <help>Connection timeout options</help>
+ </properties>
+ <children>
+ <leafNode name="icmp">
+ <properties>
+ <help>ICMP timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>ICMP timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>30</defaultValue>
+ </leafNode>
+ <leafNode name="other">
+ <properties>
+ <help>Generic connection timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>Generic connection timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>600</defaultValue>
+ </leafNode>
+ <node name="tcp">
+ <properties>
+ <help>TCP connection timeout options</help>
+ </properties>
+ <children>
+ <leafNode name="close-wait">
+ <properties>
+ <help>TCP CLOSE-WAIT timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>TCP CLOSE-WAIT timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>60</defaultValue>
+ </leafNode>
+ <leafNode name="close">
+ <properties>
+ <help>TCP CLOSE timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>TCP CLOSE timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>10</defaultValue>
+ </leafNode>
+ <leafNode name="established">
+ <properties>
+ <help>TCP ESTABLISHED timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>TCP ESTABLISHED timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>432000</defaultValue>
+ </leafNode>
+ <leafNode name="fin-wait">
+ <properties>
+ <help>TCP FIN-WAIT timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>TCP FIN-WAIT timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>120</defaultValue>
+ </leafNode>
+ <leafNode name="last-ack">
+ <properties>
+ <help>TCP LAST-ACK timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>TCP LAST-ACK timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>30</defaultValue>
+ </leafNode>
+ <leafNode name="syn-recv">
+ <properties>
+ <help>TCP SYN-RECEIVED timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>TCP SYN-RECEIVED timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>60</defaultValue>
+ </leafNode>
+ <leafNode name="syn-sent">
+ <properties>
+ <help>TCP SYN-SENT timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>TCP SYN-SENT timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>120</defaultValue>
+ </leafNode>
+ <leafNode name="time-wait">
+ <properties>
+ <help>TCP TIME-WAIT timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>TCP TIME-WAIT timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>120</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ <node name="udp">
+ <properties>
+ <help>UDP timeout options</help>
+ </properties>
+ <children>
+ <leafNode name="other">
+ <properties>
+ <help>UDP generic timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>UDP generic timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>30</defaultValue>
+ </leafNode>
+ <leafNode name="stream">
+ <properties>
+ <help>UDP stream timeout in seconds</help>
+ <valueHelp>
+ <format>u32:1-21474836</format>
+ <description>UDP stream timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-21474836"/>
+ </constraint>
+ </properties>
+ <defaultValue>180</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>