summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/container.xml.in324
-rw-r--r--interface-definitions/firewall-options.xml.in24
-rw-r--r--interface-definitions/include/interface/inbound-interface.xml.i10
-rw-r--r--interface-definitions/interfaces-dummy.xml.in19
-rw-r--r--interface-definitions/policy-local-route.xml.in125
-rw-r--r--interface-definitions/service_router-advert.xml.in13
-rw-r--r--interface-definitions/service_webproxy.xml.in1
-rw-r--r--interface-definitions/system-option.xml.in1
8 files changed, 512 insertions, 5 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
new file mode 100644
index 000000000..4bac305d1
--- /dev/null
+++ b/interface-definitions/container.xml.in
@@ -0,0 +1,324 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="container" owner="${vyos_conf_scripts_dir}/container.py">
+ <properties>
+ <help>Container applications</help>
+ <priority>1280</priority>
+ </properties>
+ <children>
+ <tagNode name="name">
+ <properties>
+ <help>Container name</help>
+ <constraint>
+ <regex>[-a-zA-Z0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>Container name must be alphanumeric and can contain hyphens</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="allow-host-networks">
+ <properties>
+ <help>Allow host networks in container</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="cap-add">
+ <properties>
+ <help>Container capabilities/permissions</help>
+ <completionHelp>
+ <list>net-admin net-bind-service net-raw setpcap sys-admin sys-time</list>
+ </completionHelp>
+ <valueHelp>
+ <format>net-admin</format>
+ <description>Network operations (interface, firewall, routing tables)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>net-bind-service</format>
+ <description>Bind a socket to privileged ports (port numbers less than 1024)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>net-raw</format>
+ <description>Permission to create raw network sockets</description>
+ </valueHelp>
+ <valueHelp>
+ <format>setpcap</format>
+ <description>Capability sets (from bounded or inherited set)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>sys-admin</format>
+ <description>Administation operations (quotactl, mount, sethostname, setdomainame)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>sys-time</format>
+ <description>Permission to set system clock</description>
+ </valueHelp>
+ <constraint>
+ <regex>(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-time)</regex>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ #include <include/generic-description.xml.i>
+ <tagNode name="device">
+ <properties>
+ <help>Add a host device to the container</help>
+ </properties>
+ <children>
+ <leafNode name="source">
+ <properties>
+ <help>Source device (Example: "/dev/x")</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Source device</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="destination">
+ <properties>
+ <help>Destination container device (Example: "/dev/x")</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Destination container device</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ #include <include/generic-disable-node.xml.i>
+ <tagNode name="environment">
+ <properties>
+ <help>Add custom environment variables</help>
+ <constraint>
+ <regex>[-_a-zA-Z0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>Environment variable name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="value">
+ <properties>
+ <help>Set environment option value</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Set environment option value</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <leafNode name="image">
+ <properties>
+ <help>Image name in the hub-registry</help>
+ </properties>
+ </leafNode>
+ <leafNode name="memory">
+ <properties>
+ <help>Memory (RAM) available to this container</help>
+ <valueHelp>
+ <format>u32:0</format>
+ <description>Unlimited</description>
+ </valueHelp>
+ <valueHelp>
+ <format>u32:1-16384</format>
+ <description>Container memory in megabytes (MB)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-16384"/>
+ </constraint>
+ <constraintErrorMessage>Container memory must be in range 0 to 16384 MB</constraintErrorMessage>
+ </properties>
+ <defaultValue>512</defaultValue>
+ </leafNode>
+ <leafNode name="shared-memory">
+ <properties>
+ <help>Shared memory available to this container</help>
+ <valueHelp>
+ <format>u32:0</format>
+ <description>Unlimited</description>
+ </valueHelp>
+ <valueHelp>
+ <format>u32:1-8192</format>
+ <description>Container memory in megabytes (MB)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-8192"/>
+ </constraint>
+ <constraintErrorMessage>Container memory must be in range 0 to 8192 MB</constraintErrorMessage>
+ </properties>
+ <defaultValue>64</defaultValue>
+ </leafNode>
+ <tagNode name="network">
+ <properties>
+ <help>Attach user defined network to container</help>
+ <completionHelp>
+ <path>container network</path>
+ </completionHelp>
+ </properties>
+ <children>
+ <leafNode name="address">
+ <properties>
+ <!-- PODMAN currently does not support more then one IPv4 or IPv6 address assignments to a container -->
+ <help>Assign static IP address to container</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <tagNode name="port">
+ <properties>
+ <help>Publish port to the container</help>
+ </properties>
+ <children>
+ <leafNode name="source">
+ <properties>
+ <help>Source host port</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Source host port</description>
+ </valueHelp>
+ <valueHelp>
+ <format>start-end</format>
+ <description>Source host port range (e.g. 10025-10030)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="port-range"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="destination">
+ <properties>
+ <help>Destination container port</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Destination container port</description>
+ </valueHelp>
+ <valueHelp>
+ <format>start-end</format>
+ <description>Destination container port range (e.g. 10025-10030)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="port-range"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="protocol">
+ <properties>
+ <help>Transport protocol used for port mapping</help>
+ <completionHelp>
+ <list>tcp udp</list>
+ </completionHelp>
+ <valueHelp>
+ <format>tcp</format>
+ <description>Use Transmission Control Protocol for given port</description>
+ </valueHelp>
+ <valueHelp>
+ <format>udp</format>
+ <description>Use User Datagram Protocol for given port</description>
+ </valueHelp>
+ <constraint>
+ <regex>(tcp|udp)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>tcp</defaultValue>
+ </leafNode>
+ </children>
+ </tagNode>
+ <leafNode name="restart">
+ <properties>
+ <help>Restart options for container</help>
+ <completionHelp>
+ <list>no on-failure always</list>
+ </completionHelp>
+ <valueHelp>
+ <format>no</format>
+ <description>Do not restart containers on exit</description>
+ </valueHelp>
+ <valueHelp>
+ <format>on-failure</format>
+ <description>Restart containers when they exit with a non-zero exit code, retrying indefinitely</description>
+ </valueHelp>
+ <valueHelp>
+ <format>always</format>
+ <description>Restart containers when they exit, regardless of status, retrying indefinitely</description>
+ </valueHelp>
+ <constraint>
+ <regex>(no|on-failure|always)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>on-failure</defaultValue>
+ </leafNode>
+ <tagNode name="volume">
+ <properties>
+ <help>Mount a volume into the container</help>
+ </properties>
+ <children>
+ <leafNode name="source">
+ <properties>
+ <help>Source host directory</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Source host directory</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="destination">
+ <properties>
+ <help>Destination container directory</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Destination container directory</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ <tagNode name="network">
+ <properties>
+ <help>Network name</help>
+ <constraint>
+ <regex>[-_a-zA-Z0-9]{1,11}</regex>
+ </constraint>
+ <constraintErrorMessage>Network name cannot be longer than 11 characters</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="description">
+ <properties>
+ <help>Network description</help>
+ </properties>
+ </leafNode>
+ <leafNode name="prefix">
+ <properties>
+ <help>Prefix which allocated to that network</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 network prefix</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 network prefix</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <leafNode name="registry">
+ <properties>
+ <help>Registry Name</help>
+ <multi/>
+ </properties>
+ <defaultValue>docker.io quay.io</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/firewall-options.xml.in b/interface-definitions/firewall-options.xml.in
index 8d9225a9a..1bcee2011 100644
--- a/interface-definitions/firewall-options.xml.in
+++ b/interface-definitions/firewall-options.xml.in
@@ -20,24 +20,40 @@
<leafNode name="adjust-mss">
<properties>
<help>Adjust MSS for IPv4 transit packets</help>
+ <completionHelp>
+ <list>clamp-mss-to-pmtu</list>
+ </completionHelp>
<valueHelp>
- <format>500-1460</format>
+ <format>clamp-mss-to-pmtu</format>
+ <description>Automatically sets the MSS to the proper value</description>
+ </valueHelp>
+ <valueHelp>
+ <format>536-65535</format>
<description>TCP Maximum segment size in bytes</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 500-1460"/>
+ <validator name="numeric" argument="--range 536-65535"/>
+ <regex>(clamp-mss-to-pmtu)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="adjust-mss6">
<properties>
<help>Adjust MSS for IPv6 transit packets</help>
+ <completionHelp>
+ <list>clamp-mss-to-pmtu</list>
+ </completionHelp>
+ <valueHelp>
+ <format>clamp-mss-to-pmtu</format>
+ <description>Automatically sets the MSS to the proper value</description>
+ </valueHelp>
<valueHelp>
- <format>1280-1492</format>
+ <format>1220-65535</format>
<description>TCP Maximum segment size in bytes</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1280-1492"/>
+ <validator name="numeric" argument="--range 1220-65535"/>
+ <regex>(clamp-mss-to-pmtu)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/interface/inbound-interface.xml.i b/interface-definitions/include/interface/inbound-interface.xml.i
new file mode 100644
index 000000000..5a8d47280
--- /dev/null
+++ b/interface-definitions/include/interface/inbound-interface.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from interface/inbound-interface.xml.i -->
+<leafNode name="inbound-interface">
+ <properties>
+ <help>Inbound Interface</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in
index 2bc88c1a7..ac1a35cf5 100644
--- a/interface-definitions/interfaces-dummy.xml.in
+++ b/interface-definitions/interfaces-dummy.xml.in
@@ -25,8 +25,27 @@
</properties>
<children>
#include <include/interface/source-validation.xml.i>
+ #include <include/interface/disable-forwarding.xml.i>
</children>
</node>
+ <node name="ipv6">
+ <properties>
+ <help>IPv6 routing parameters</help>
+ </properties>
+ <children>
+ #include <include/interface/disable-forwarding.xml.i>
+ <node name="address">
+ <properties>
+ <help>IPv6 address configuration modes</help>
+ </properties>
+ <children>
+ #include <include/interface/ipv6-address-eui64.xml.i>
+ #include <include/interface/ipv6-address-no-default-link-local.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
+ #include <include/interface/mtu-68-16000.xml.i>
#include <include/interface/vrf.xml.i>
</children>
</tagNode>
diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy-local-route.xml.in
index 3769c3748..8619e839e 100644
--- a/interface-definitions/policy-local-route.xml.in
+++ b/interface-definitions/policy-local-route.xml.in
@@ -6,6 +6,7 @@
<node name="local-route" owner="${vyos_conf_scripts_dir}/policy-local-route.py">
<properties>
<help>IPv4 policy route of local traffic</help>
+ <priority>500</priority>
</properties>
<children>
<tagNode name="rule">
@@ -14,7 +15,7 @@
<valueHelp>
<!-- table main with prio 32766 -->
<format>u32:1-32765</format>
- <description>Local-route rule number (1-219)</description>
+ <description>Local-route rule number (1-32765)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-32765"/>
@@ -40,6 +41,18 @@
</leafNode>
</children>
</node>
+ <leafNode name="fwmark">
+ <properties>
+ <help>Match fwmark value</help>
+ <valueHelp>
+ <format>u32:1-2147483647</format>
+ <description>Address to match against</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-2147483647"/>
+ </constraint>
+ </properties>
+ </leafNode>
<leafNode name="source">
<properties>
<help>Source address or prefix</help>
@@ -58,6 +71,116 @@
<multi/>
</properties>
</leafNode>
+ <leafNode name="destination">
+ <properties>
+ <help>Destination address or prefix</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Address to match against</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>Prefix to match against</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ip-prefix"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ #include <include/interface/inbound-interface.xml.i>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <node name="local-route6" owner="${vyos_conf_scripts_dir}/policy-local-route.py">
+ <properties>
+ <help>IPv6 policy route of local traffic</help>
+ <priority>500</priority>
+ </properties>
+ <children>
+ <tagNode name="rule">
+ <properties>
+ <help>IPv6 policy local-route rule set number</help>
+ <valueHelp>
+ <!-- table main with prio 32766 -->
+ <format>u32:1-32765</format>
+ <description>Local-route rule number (1-32765)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-32765"/>
+ </constraint>
+ </properties>
+ <children>
+ <node name="set">
+ <properties>
+ <help>Packet modifications</help>
+ </properties>
+ <children>
+ <leafNode name="table">
+ <properties>
+ <help>Routing table to forward packet with</help>
+ <valueHelp>
+ <format>u32:1-200</format>
+ <description>Table number</description>
+ </valueHelp>
+ <completionHelp>
+ <list>main</list>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="fwmark">
+ <properties>
+ <help>Match fwmark value</help>
+ <valueHelp>
+ <format>u32:1-2147483647</format>
+ <description>Address to match against</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-2147483647"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="source">
+ <properties>
+ <help>Source address or prefix</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>Address to match against</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>Prefix to match against</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="destination">
+ <properties>
+ <help>Destination address or prefix</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>Address to match against</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>Prefix to match against</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ #include <include/interface/inbound-interface.xml.i>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in
index 0f4009f5c..a15ce8b8f 100644
--- a/interface-definitions/service_router-advert.xml.in
+++ b/interface-definitions/service_router-advert.xml.in
@@ -276,6 +276,19 @@
</leafNode>
</children>
</tagNode>
+ <leafNode name="source-address">
+ <properties>
+ <help>Use IPv6 address as source address. Useful with VRRP.</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address to be advertized (must be configured on interface)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
<leafNode name="reachable-time">
<properties>
<help>Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation</help>
diff --git a/interface-definitions/service_webproxy.xml.in b/interface-definitions/service_webproxy.xml.in
index bd5396291..9136e2fe7 100644
--- a/interface-definitions/service_webproxy.xml.in
+++ b/interface-definitions/service_webproxy.xml.in
@@ -513,6 +513,7 @@
<validator name="ipv4-prefix"/>
<validator name="ipv4-range"/>
</constraint>
+ <multi/>
</properties>
</leafNode>
<leafNode name="description">
diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system-option.xml.in
index 5f80e064d..b47dde0a0 100644
--- a/interface-definitions/system-option.xml.in
+++ b/interface-definitions/system-option.xml.in
@@ -105,6 +105,7 @@
</properties>
<children>
#include <include/source-address-ipv4-ipv6.xml.i>
+ #include <include/source-interface.xml.i>
</children>
</node>
<leafNode name="startup-beep">
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-19 14:38:30 +0000