diff options
Diffstat (limited to 'interface-definitions')
121 files changed, 17027 insertions, 0 deletions
diff --git a/interface-definitions/arp.xml.in b/interface-definitions/arp.xml.in new file mode 100644 index 000000000..b72f025a8 --- /dev/null +++ b/interface-definitions/arp.xml.in @@ -0,0 +1,37 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="static"> + <children> + <tagNode name="arp" owner="${vyos_conf_scripts_dir}/arp.py"> + <properties> + <help>Static ARP translation</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 destination address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="hwaddr"> + <properties> + <help>mac address to translate to</help> + <valueHelp> + <format>h:h:h:h:h:h</format> + <description>Hardware (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/bcast-relay.xml.in b/interface-definitions/bcast-relay.xml.in new file mode 100644 index 000000000..96ce16639 --- /dev/null +++ b/interface-definitions/bcast-relay.xml.in @@ -0,0 +1,80 @@ +<?xml version="1.0"?> +<!-- UDP broadcast relay configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="broadcast-relay" owner="${vyos_conf_scripts_dir}/bcast_relay.py"> + <properties> + <help>UDP broadcast relay service</help> + <priority>990</priority> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Globally disable broadcast relay service</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="id"> + <properties> + <help>Unique ID for each UDP port to forward</help> + <valueHelp> + <format>1-99</format> + <description>Numerical ID #</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-99"/> + </constraint> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Disable broadcast relay service instance</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="address"> + <properties> + <help>Set source IP of forwarded packets, otherwise original senders address is used</help> + <valueHelp> + <format>ipv4</format> + <description>Optional source address for forwarded packets</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="description"> + <properties> + <help>Description</help> + </properties> + </leafNode> + <leafNode name="interface"> + <properties> + <help>Interface to repeat UDP broadcasts to [REQUIRED]</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Destination or source port to listen and retransmit on [REQUIRED]</help> + <valueHelp> + <format>1-65535</format> + <description>UDP port to listen on</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/cron.xml.in b/interface-definitions/cron.xml.in new file mode 100644 index 000000000..2d4921bf0 --- /dev/null +++ b/interface-definitions/cron.xml.in @@ -0,0 +1,75 @@ +<?xml version="1.0"?> + +<!-- Cron configuration --> + +<interfaceDefinition> + <node name="system"> + <children> + <node name="task-scheduler"> + <properties> + <help>Task scheduler settings</help> + </properties> + <children> + <tagNode name="task" owner="${vyos_conf_scripts_dir}/task_scheduler.py"> + <properties> + <help>Scheduled task</help> + <valueHelp> + <format><string></format> + <description>Task name</description> + </valueHelp> + <priority>999</priority> + </properties> + <children> + <leafNode name="crontab-spec"> + <properties> + <help>UNIX crontab time specification string</help> + </properties> + </leafNode> + <leafNode name="interval"> + <properties> + <help>Execution interval</help> + <valueHelp> + <format><minutes></format> + <description>Execution interval in minutes</description> + </valueHelp> + <valueHelp> + <format><minutes>m</format> + <description>Execution interval in minutes</description> + </valueHelp> + <valueHelp> + <format><hours>h</format> + <description>Execution interval in hours</description> + </valueHelp> + <valueHelp> + <format><days>d</format> + <description>Execution interval in days</description> + </valueHelp> + <constraint> + <regex>[1-9]([0-9]*)([mhd]{0,1})</regex> + </constraint> + </properties> + </leafNode> + <node name="executable"> + <properties> + <help>Executable path and arguments</help> + </properties> + <children> + <leafNode name="path"> + <properties> + <help>Path to executable</help> + </properties> + </leafNode> + <leafNode name="arguments"> + <properties> + <help>Arguments passed to the executable</help> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/dhcp-relay.xml.in new file mode 100644 index 000000000..b83402aa1 --- /dev/null +++ b/interface-definitions/dhcp-relay.xml.in @@ -0,0 +1,98 @@ +<?xml version="1.0"?> +<!-- DHCP relay configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dhcp-relay" owner="${vyos_conf_scripts_dir}/dhcp_relay.py"> + <properties> + <help>Host Configuration Protocol (DHCP) relay agent</help> + <priority>910</priority> + </properties> + <children> + <leafNode name="interface"> + <properties> + <help>DHCP relay interface [REQUIRED]</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py -b</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <node name="relay-options"> + <properties> + <help>Relay options</help> + </properties> + <children> + <leafNode name="hop-count"> + <properties> + <help>Policy to discard packets that have reached specified hop-count</help> + <valueHelp> + <format>1-255</format> + <description>Hop count (default: 10)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + <constraintErrorMessage>hop-count must be a value between 1 and 255</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="max-size"> + <properties> + <help>Maximum packet size to send to a DHCPv4/BOOTP server</help> + <valueHelp> + <format>64-1400</format> + <description>Maximum packet size (default: 576)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 64-1400"/> + </constraint> + <constraintErrorMessage>max-size must be a value between 64 and 1400</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="relay-agents-packets"> + <properties> + <help>Policy to handle incoming DHCPv4 packets which already contain relay agent options (default: forward)</help> + <completionHelp> + <list>append replace forward discard</list> + </completionHelp> + <valueHelp> + <format>append</format> + <description>append own relay options to packet</description> + </valueHelp> + <valueHelp> + <format>replace</format> + <description>replace existing agent option field</description> + </valueHelp> + <valueHelp> + <format>forward</format> + <description>forward packet unchanged</description> + </valueHelp> + <valueHelp> + <format>discard</format> + <description>discard packet (default action if giaddr not set in packet)</description> + </valueHelp> + <constraint> + <regex>(append|replace|forward|discard)</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="server"> + <properties> + <help>DHCP server address</help> + <valueHelp> + <format>ipv4</format> + <description>DHCP server IPv4 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in new file mode 100644 index 000000000..e8bdff3df --- /dev/null +++ b/interface-definitions/dhcp-server.xml.in @@ -0,0 +1,467 @@ +<?xml version="1.0"?> +<!-- DHCP server configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dhcp-server" owner="${vyos_conf_scripts_dir}/dhcp_server.py"> + <properties> + <help>Dynamic Host Configuration Protocol (DHCP) for DHCP server</help> + <priority>911</priority> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable DHCP server</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="dynamic-dns-update"> + <properties> + <help>DHCP server to dynamically update the Domain Name System (DNS)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="global-parameters"> + <properties> + <help>Additional global parameters for DHCP server. You must + use the syntax of dhcpd.conf in this text-field. Using this + without proper knowledge may result in a crashed DHCP server. + Check system log to look for errors.</help> + <multi/> + </properties> + </leafNode> + <leafNode name="hostfile-update"> + <properties> + <help>Enable DHCP server updating /etc/hosts (per client lease)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="host-decl-name"> + <properties> + <help>Instruct server to use host declaration name for forward DNS name</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="shared-network-name"> + <properties> + <help>DHCP shared network name [REQUIRED]</help> + <constraint> + <regex>[-_a-zA-Z0-9.]+</regex> + </constraint> + <constraintErrorMessage>Invalid shared network name. May only contain letters, numbers and .-_</constraintErrorMessage> + </properties> + <children> + <leafNode name="authoritative"> + <properties> + <help>Option to make DHCP server authoritative for this physical network</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="description"> + <properties> + <help>Shared-network-name description</help> + </properties> + </leafNode> + <leafNode name="disable"> + <properties> + <help>Option to disable DHCP configuration for shared-network</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="shared-network-parameters"> + <properties> + <help>Additional shared-network parameters for DHCP server. + You must use the syntax of dhcpd.conf in this text-field. + Using this without proper knowledge may result in a crashed + DHCP server. Check system log to look for errors.</help> + <multi/> + </properties> + </leafNode> + <tagNode name="subnet"> + <properties> + <help>DHCP subnet for shared network</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="bootfile-name"> + <properties> + <help>Bootstrap file name</help> + </properties> + </leafNode> + <leafNode name="bootfile-server"> + <properties> + <help>Server (IP address or domain name) from which the initial + boot file is to be loaded</help> + </properties> + </leafNode> + <leafNode name="client-prefix-length"> + <properties> + <help>Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used.</help> + <valueHelp> + <format>0-32</format> + <description>DHCP client prefix length must be 0 to 32</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-32"/> + </constraint> + <constraintErrorMessage>DHCP client prefix length must be 0 to 32</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="default-router"> + <properties> + <help>IP address of default router</help> + <valueHelp> + <format>ipv4</format> + <description>Default router IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="dns-server"> + <properties> + <help>DNS server IPv4 address</help> + <valueHelp> + <format>ipv4</format> + <description>DNS server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="domain-name"> + <properties> + <help>Client domain name</help> + </properties> + </leafNode> + <leafNode name="domain-search"> + <properties> + <help>Client domain search</help> + <multi/> + </properties> + </leafNode> + <leafNode name="exclude"> + <properties> + <help>IP address to exclude from DHCP lease range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to exclude from lease range</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="failover"> + <properties> + <help>DHCP failover parameters</help> + </properties> + <children> + <leafNode name="local-address"> + <properties> + <help>IP address for failover peer to connect [REQUIRED]</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to exclude from lease range</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="name"> + <properties> + <help>DHCP failover peer name [REQUIRED]</help> + <constraint> + <regex>[-_a-zA-Z0-9.]+</regex> + </constraint> + <constraintErrorMessage>Invalid failover peer name. May only contain letters, numbers and .-_</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="peer-address"> + <properties> + <help>IP address of failover peer [REQUIRED]</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of failover peer</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="status"> + <properties> + <help>DHCP failover peer status (primary|secondary) [REQUIRED]</help> + <completionHelp> + <list>primary secondary</list> + </completionHelp> + <constraint> + <regex>(primary|secondary)</regex> + </constraint> + <constraintErrorMessage>Invalid DHCP failover peer status</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <leafNode name="ip-forwarding"> + <properties> + <help>Enable IP forwarding on client</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="lease"> + <properties> + <help>Lease timeout in seconds (default: 86400)</help> + <valueHelp> + <format>0-4294967295</format> + <description>DHCP lease time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + <constraintErrorMessage>DHCP lease time must be between 0 and 4294967295 (49 days)</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="ntp-server"> + <properties> + <help>IP address of NTP server</help> + <valueHelp> + <format>ipv4</format> + <description>NTP server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="pop-server"> + <properties> + <help>IP address of POP3 server</help> + <valueHelp> + <format>ipv4</format> + <description>POP3 server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="server-identifier"> + <properties> + <help>Address for DHCP server identifier</help> + <valueHelp> + <format>ipv4</format> + <description>DHCP server identifier IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="smtp-server"> + <properties> + <help>IP address of SMTP server</help> + <valueHelp> + <format>ipv4</format> + <description>SMTP server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <tagNode name="range"> + <properties> + <help>DHCP lease range</help> + <constraint> + <regex>[-_a-zA-Z0-9.]+</regex> + </constraint> + <constraintErrorMessage>Invalid DHCP lease range name. May only contain letters, numbers and .-_</constraintErrorMessage> + </properties> + <children> + <leafNode name="start"> + <properties> + <help>First IP address for DHCP lease range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 start address of pool</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Last IP address for DHCP lease range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 end address of pool</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="static-mapping"> + <properties> + <help>Name of static mapping</help> + <constraint> + <regex>[-_a-zA-Z0-9.]+</regex> + </constraint> + <constraintErrorMessage>Invalid static mapping name. May only contain letters, numbers and .-_</constraintErrorMessage> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable static mapping</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ip-address"> + <properties> + <help>Fixed IP address of static mapping</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address used in static mapping</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mac-address"> + <properties> + <help>MAC address of static mapping [REQUIRED]</help> + <valueHelp> + <format>h:h:h:h:h:h</format> + <description>MAC address used in static mapping [REQUIRED]</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="static-mapping-parameters"> + <properties> + <help>Additional static-mapping parameters for DHCP server. + Will be placed inside the "host" block of the mapping. + You must use the syntax of dhcpd.conf in this text-field. + Using this without proper knowledge may result in a crashed + DHCP server. Check system log to look for errors.</help> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <node name="static-route"> + <properties> + <help>Classless static route</help> + </properties> + <children> + <leafNode name="destination-subnet"> + <properties> + <help>Destination subnet [REQUIRED]</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="router"> + <properties> + <help>IP address of router to be used to reach the destination subnet [REQUIRED]</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of router</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="subnet-parameters"> + <properties> + <help>Additional subnet parameters for DHCP server. You must + use the syntax of dhcpd.conf in this text-field. Using this + without proper knowledge may result in a crashed DHCP server. + Check system log to look for errors.</help> + <multi/> + </properties> + </leafNode> + <leafNode name="tftp-server-name"> + <properties> + <help>TFTP server name</help> + </properties> + </leafNode> + <leafNode name="time-offset"> + <properties> + <help>Client subnet offset in seconds from Coordinated Universal Time (UTC)</help> + <valueHelp> + <format>[-]N</format> + <description>Time offset (number, may be negative)</description> + </valueHelp> + <constraint> + <regex>-?[0-9]+</regex> + </constraint> + <constraintErrorMessage>Invalid time offset value</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="time-server"> + <properties> + <help>IP address of time server</help> + <valueHelp> + <format>ipv4</format> + <description>Time server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="wins-server"> + <properties> + <help>IP address for Windows Internet Name Service (WINS) server</help> + <valueHelp> + <format>ipv4</format> + <description>WINS server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="wpad-url"> + <properties> + <help>Web Proxy Autodiscovery (WPAD) URL</help> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/dhcpv6-relay.xml.in b/interface-definitions/dhcpv6-relay.xml.in new file mode 100644 index 000000000..0beb09d05 --- /dev/null +++ b/interface-definitions/dhcpv6-relay.xml.in @@ -0,0 +1,80 @@ +<?xml version="1.0"?> +<!-- DHCPv6 relay configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dhcpv6-relay" owner="${vyos_conf_scripts_dir}/dhcpv6_relay.py"> + <properties> + <help>DHCPv6 Relay Agent parameters</help> + <priority>900</priority> + </properties> + <children> + <tagNode name="listen-interface"> + <properties> + <help>Interface for DHCPv6 Relay Agent to listen for requests</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IPv6 address on listen-interface listen for requests on</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address on listen interface</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="max-hop-count"> + <properties> + <help>Maximum hop count for which requests will be processed</help> + <valueHelp> + <format>1-255</format> + <description>Hop count (default: 10)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + <constraintErrorMessage>max-hop-count must be a value between 1 and 255</constraintErrorMessage> + </properties> + </leafNode> + <tagNode name="upstream-interface"> + <properties> + <help>Interface for DHCPv6 Relay Agent forward requests out</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IPv6 address to forward requests to</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of the DHCP server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="use-interface-id-option"> + <properties> + <help>Option to set DHCPv6 interface-ID option</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in new file mode 100644 index 000000000..4073b46b2 --- /dev/null +++ b/interface-definitions/dhcpv6-server.xml.in @@ -0,0 +1,344 @@ +<?xml version="1.0"?> +<!-- DHCPv6 server configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dhcpv6-server" owner="${vyos_conf_scripts_dir}/dhcpv6_server.py"> + <properties> + <help>DHCP for IPv6 (DHCPv6) server</help> + <priority>900</priority> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable DHCPv6 server</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="preference"> + <properties> + <help>Preference of this DHCPv6 server compared with others</help> + <valueHelp> + <format>0-255</format> + <description>DHCPv6 server preference (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>Preference must be between 0 and 255</constraintErrorMessage> + </properties> + </leafNode> + <tagNode name="shared-network-name"> + <properties> + <help>DHCPv6 shared network name [REQUIRED]</help> + <constraint> + <regex>[-_a-zA-Z0-9.]+</regex> + </constraint> + <constraintErrorMessage>Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_</constraintErrorMessage> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable DHCPv6 configuration for shared-network</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="subnet"> + <properties> + <help>IPv6 DHCP subnet for this shared network [REQUIRED]</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <node name="address-range"> + <properties> + <help>Parameters setting ranges for assigning IPv6 addresses</help> + </properties> + <children> + <tagNode name="prefix"> + <properties> + <help>IPv6 prefix defining range of addresses to assign</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="temporary"> + <properties> + <help>Address range will be used for temporary addresses</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="start"> + <properties> + <help>First in range of consecutive IPv6 addresses to assign</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + <leafNode name="stop"> + <properties> + <help>Last in range of consecutive IPv6 addresses</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <leafNode name="domain-search"> + <properties> + <help>Domain name for client to search</help> + <constraint> + <regex>[-_a-zA-Z0-9.]+</regex> + </constraint> + <constraintErrorMessage>Invalid domain name. May only contain letters, numbers and .-_</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <node name="lease-time"> + <properties> + <help>Parameters relating to the lease time</help> + </properties> + <children> + <leafNode name="default"> + <properties> + <help>Default time (in seconds) that will be assigned to a lease</help> + <valueHelp> + <format>1-4294967295</format> + <description>DHCPv6 valid lifetime</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="maximum"> + <properties> + <help>Maximum time (in seconds) that will be assigned to a lease</help> + <valueHelp> + <format>1-4294967295</format> + <description>Maximum lease time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="minimum"> + <properties> + <help>Minimum time (in seconds) that will be assigned to a lease</help> + <valueHelp> + <format>1-4294967295</format> + <description>Minimum lease time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="name-server"> + <properties> + <help>IPv6 address of a Recursive DNS Server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of DNS name server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="nis-domain"> + <properties> + <help>NIS domain name for client to use</help> + <constraint> + <regex>[-_a-zA-Z0-9.]+</regex> + </constraint> + <constraintErrorMessage>Invalid NIS domain name</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="nis-server"> + <properties> + <help>IPv6 address of a NIS Server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of NIS server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="nisplus-domain"> + <properties> + <help>NIS+ domain name for client to use</help> + <constraint> + <regex>[-_a-zA-Z0-9.]+</regex> + </constraint> + <constraintErrorMessage>Invalid NIS+ domain name. May only contain letters, numbers and .-_</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="nisplus-server"> + <properties> + <help>IPv6 address of a NIS+ Server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of NIS+ server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="prefix-delegation"> + <properties> + <help>Parameters relating to IPv6 prefix delegation</help> + </properties> + <children> + <tagNode name="start"> + <properties> + <help>First in range of IPv6 addresses to be used in prefix delegation</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address used in prefix delegation</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + <leafNode name="prefix-length"> + <properties> + <help>Length in bits of prefixes to be delegated</help> + <valueHelp> + <format>0-255</format> + <description>DHCPv6 server preference (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>Preference must be between 0 and 255</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Last in range of IPv6 addresses to be used in prefix delegation</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address used in prefix delegation</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <leafNode name="sip-server"> + <properties> + <help>IPv6 address of SIP server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of SIP server</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>FQDN of SIP server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="sntp-server"> + <properties> + <help>IPv6 address of an SNTP server for client to use</help> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <tagNode name="static-mapping"> + <properties> + <help>Name of static mapping</help> + <constraint> + <regex>[-_a-zA-Z0-9.]+</regex> + </constraint> + <constraintErrorMessage>Invalid static mapping name. May only contain letters, numbers and .-_</constraintErrorMessage> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable static mapping</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="identifier"> + <properties> + <help>Client identifier (DUID) for this static mapping</help> + <valueHelp> + <format>h[[:h]...]</format> + <description>DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id)</description> + </valueHelp> + <constraint> + <regex>([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2})</regex> + </constraint> + <constraintErrorMessage>Invalid DUID, must be in the format h[[:h]...]</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="ipv6-address"> + <properties> + <help>Client IPv6 address for this static mapping</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address for this static mapping</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in new file mode 100644 index 000000000..3b5843b53 --- /dev/null +++ b/interface-definitions/dns-domain-name.xml.in @@ -0,0 +1,117 @@ +<?xml version="1.0"?> +<!-- host-name configuration --> +<interfaceDefinition> + <node name="system"> + <children> + <leafNode name="name-server" owner="${vyos_conf_scripts_dir}/host_name.py"> + <properties> + <help>Domain Name Servers (DNS) used by the system (resolv.conf)</help> + <priority>400</priority> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="name-servers-dhcp" owner="${vyos_conf_scripts_dir}/host_name.py"> + <properties> + <help>Interfaces whose DHCP client nameservers will be used by the system (resolv.conf)</help> + <priority>400</priority> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="host-name" owner="${vyos_conf_scripts_dir}/host_name.py"> + <properties> + <help>System host name (default: vyos)</help> + <constraint> + <regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="domain-name" owner="${vyos_conf_scripts_dir}/host_name.py"> + <properties> + <help>System domain name</help> + <constraint> + <regex>[A-Za-z0-9][-.A-Za-z0-9]*</regex> + </constraint> + </properties> + </leafNode> + <node name="domain-search" owner="${vyos_conf_scripts_dir}/host_name.py"> + <properties> + <help>Domain Name Server (DNS) domain completion order</help> + <priority>400</priority> + </properties> + <children> + <leafNode name="domain"> + <properties> + <help>DNS domain completion order</help> + <constraint> + <regex>[-a-zA-Z0-9.]+$</regex> + </constraint> + <constraintErrorMessage>Invalid domain name</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> + <node name="static-host-mapping" owner="${vyos_conf_scripts_dir}/host_name.py"> + <properties> + <help>Map host names to addresses</help> + <priority>400</priority> + </properties> + <children> + <tagNode name="host-name"> + <properties> + <help>Host name for static address mapping</help> + <constraint> + <regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]$</regex> + </constraint> + <constraintErrorMessage>invalid hostname</constraintErrorMessage> + </properties> + <children> + <leafNode name="alias"> + <properties> + <help>Alias for this address</help> + <constraint> + <regex>.{1,63}$</regex> + </constraint> + <constraintErrorMessage>invalid alias hostname, needs to be between 1 and 63 charactes</constraintErrorMessage> + <multi /> + </properties> + </leafNode> + <leafNode name="inet"> + <properties> + <help>IP Address [REQUIRED]</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in new file mode 100644 index 000000000..143c04ef6 --- /dev/null +++ b/interface-definitions/dns-dynamic.xml.in @@ -0,0 +1,242 @@ +<?xml version="1.0"?> +<!-- Dynamic DNS configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dns"> + <properties> + <help>Domain Name System related services</help> + </properties> + <children> + <node name="dynamic" owner="${vyos_conf_scripts_dir}/dynamic_dns.py"> + <properties> + <help>Dynamic DNS</help> + <priority>919</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>Interface to send DDNS updates for [REQUIRED]</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <tagNode name="rfc2136"> + <properties> + <help>RFC2136 Update name</help> + </properties> + <children> + <leafNode name="key"> + <properties> + <help>File containing the secret key shared with remote DNS server [REQUIRED]</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="record"> + <properties> + <help>Record to be updated [REQUIRED]</help> + <multi/> + </properties> + </leafNode> + <leafNode name="server"> + <properties> + <help>Server to be updated [REQUIRED]</help> + </properties> + </leafNode> + <leafNode name="ttl"> + <properties> + <help>Time To Live (default: 600)</help> + <valueHelp> + <format>1-86400</format> + <description>DNS forwarding cache size</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-86400"/> + </constraint> + </properties> + </leafNode> + <leafNode name="zone"> + <properties> + <help>Zone to be updated [REQUIRED]</help> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="service"> + <properties> + <help>Service being used for Dynamic DNS [REQUIRED]</help> + <completionHelp> + <list><custom> afraid changeip cloudflare dnspark dslreports dyndns easydns namecheap noip sitelutions zoneedit</list> + </completionHelp> + <valueHelp> + <format><custom></format> + <description>Service with a custom name</description> + </valueHelp> + <valueHelp> + <format>afraid</format> + <description>afraid.org Services</description> + </valueHelp> + <valueHelp> + <format>changeip</format> + <description>changeip.com Services</description> + </valueHelp> + <valueHelp> + <format>cloudflare</format> + <description>cloudflare.com Services</description> + </valueHelp> + <valueHelp> + <format>dnspark</format> + <description>dnspark.com Services</description> + </valueHelp> + <valueHelp> + <format>dslreports</format> + <description>dslreports.com Services</description> + </valueHelp> + <valueHelp> + <format>dyndns</format> + <description>dyndns.com Services</description> + </valueHelp> + <valueHelp> + <format>easydns</format> + <description>easydns.com Services</description> + </valueHelp> + <valueHelp> + <format>namecheap</format> + <description>namecheap.com Services</description> + </valueHelp> + <valueHelp> + <format>noip</format> + <description>noip.com Services</description> + </valueHelp> + <valueHelp> + <format>sitelutions</format> + <description>sitelutions.com Services</description> + </valueHelp> + <valueHelp> + <format>zoneedit</format> + <description>zoneedit.com Services</description> + </valueHelp> + <constraint> + <regex>^(custom|afraid|changeip|cloudflare|dnspark|dslreports|dyndns|easydns|namecheap|noip|sitelutions|zoneedit|\w+)$</regex> + </constraint> + <constraintErrorMessage>You can use only predefined list of services or word characters (_, a-z, A-Z, 0-9) as service name</constraintErrorMessage> + </properties> + <children> + <leafNode name="host-name"> + <properties> + <help>Hostname registered with DDNS service [REQUIRED]</help> + <multi/> + </properties> + </leafNode> + <leafNode name="login"> + <properties> + <help>Login for DDNS service [REQUIRED]</help> + </properties> + </leafNode> + <leafNode name="password"> + <properties> + <help>Password for DDNS service [REQUIRED]</help> + </properties> + </leafNode> + <leafNode name="protocol"> + <properties> + <help>ddclient protocol used for DDNS service [REQUIRED FOR CUSTOM]</help> + <completionHelp> + <list>changeip cloudflare dnspark dslreports1 dyndns2 easydns namecheap noip sitelutions zoneedit1</list> + </completionHelp> + <valueHelp> + <format>changeip</format> + <description>changeip protocol</description> + </valueHelp> + <valueHelp> + <format>cloudflare</format> + <description>cloudflare protocol</description> + </valueHelp> + <valueHelp> + <format>dnspark</format> + <description>dnspark protocol</description> + </valueHelp> + <valueHelp> + <format>dslreports1</format> + <description>dslreports1 protocol</description> + </valueHelp> + <valueHelp> + <format>dyndns2</format> + <description>dyndns2 protocol</description> + </valueHelp> + <valueHelp> + <format>easydns</format> + <description>easydns protocol</description> + </valueHelp> + <valueHelp> + <format>namecheap</format> + <description>namecheap protocol</description> + </valueHelp> + <valueHelp> + <format>noip</format> + <description>noip protocol</description> + </valueHelp> + <valueHelp> + <format>sitelutions</format> + <description>sitelutions protocol</description> + </valueHelp> + <valueHelp> + <format>zoneedit1</format> + <description>zoneedit1 protocol</description> + </valueHelp> + <constraint> + <regex>(changeip|cloudflare|dnspark|dslreports1|dyndns2|easydns|namecheap|noip|sitelutions|zoneedit1)</regex> + </constraint> + <constraintErrorMessage>Please choose from the list of allowed protocols</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="server"> + <properties> + <help>Server to send DDNS update to [REQUIRED FOR CUSTOM]</help> + <valueHelp> + <format>IPv4</format> + <description>IP address of DDNS server</description> + </valueHelp> + <valueHelp> + <format>FQDN</format> + <description>Hostname of DDNS server</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="zone"> + <properties> + <help>DNS zone to update (only available with CloudFlare)</help> + </properties> + </leafNode> + </children> + </tagNode> + <node name="use-web"> + <properties> + <help>Web check used for obtaining the external IP address</help> + </properties> + <children> + <leafNode name="skip"> + <properties> + <help>Skip everything before this on the given URL</help> + </properties> + </leafNode> + <leafNode name="url"> + <properties> + <help>URL to obtain the current external IP address</help> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in new file mode 100644 index 000000000..aaf8bb27d --- /dev/null +++ b/interface-definitions/dns-forwarding.xml.in @@ -0,0 +1,189 @@ +<?xml version="1.0"?> +<!-- DNS forwarder configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dns"> + <properties> + <help>Domain Name System related services</help> + </properties> + <children> + <node name="forwarding" owner="${vyos_conf_scripts_dir}/dns_forwarding.py"> + <properties> + <help>DNS forwarding</help> + <priority>918</priority> + </properties> + <children> + <leafNode name="cache-size"> + <properties> + <help>DNS forwarding cache size</help> + <valueHelp> + <format>0-10000</format> + <description>DNS forwarding cache size</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-10000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="dhcp"> + <properties> + <help>Interfaces whose DHCP client nameservers to forward requests to</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="dnssec"> + <properties> + <help>DNSSEC mode</help> + <completionHelp> + <list>off process-no-validate process log-fail validate</list> + </completionHelp> + <valueHelp> + <format>off</format> + <description>No DNSSEC processing whatsoever!</description> + </valueHelp> + <valueHelp> + <format>process-no-validate</format> + <description>Respond with DNSSEC records to clients that ask for it. No validation done at all!</description> + </valueHelp> + <valueHelp> + <format>process</format> + <description>Respond with DNSSEC records to clients that ask for it. Validation for clients that request it.</description> + </valueHelp> + <valueHelp> + <format>log-fail</format> + <description>Similar behaviour to process, but validate RRSIGs on responses and log bogus responses.</description> + </valueHelp> + <valueHelp> + <format>validate</format> + <description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description> + </valueHelp> + <constraint> + <regex>(off|process-no-validate|process|log-fail|validate)</regex> + </constraint> + </properties> + </leafNode> + <tagNode name="domain"> + <properties> + <help>Domain to forward to a custom DNS server</help> + </properties> + <children> + <leafNode name="server"> + <properties> + <help>Domain Name Server (DNS) to forward queries to</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="addnta"> + <properties> + <help>Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="recursion-desired"> + <properties> + <help>Set the "recursion desired" bit in requests to the upstream nameserver</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="ignore-hosts-file"> + <properties> + <help>Do not use local /etc/hosts file in name resolution</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="allow-from"> + <properties> + <help>Networks allowed to query this server</help> + <valueHelp> + <format>ipv4net</format> + <description>IP address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ip-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="listen-address"> + <properties> + <help>Addresses to listen for DNS queries [REQUIRED]</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="negative-ttl"> + <properties> + <help>Maximum amount of time negative entries are cached</help> + <valueHelp> + <format>0-7200</format> + <description>Seconds to cache NXDOMAIN entries</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-7200"/> + </constraint> + </properties> + </leafNode> + <leafNode name="name-server"> + <properties> + <help>Domain Name Servers (DNS) addresses [OPTIONAL]</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="system"> + <properties> + <help>Use system name servers</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/firewall-options.xml.in b/interface-definitions/firewall-options.xml.in new file mode 100644 index 000000000..defd44f06 --- /dev/null +++ b/interface-definitions/firewall-options.xml.in @@ -0,0 +1,55 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="firewall"> + <children> + <node name="options"> + <properties> + <help>Firewall options/Packet manipulation</help> + <priority>990</priority> + </properties> + <children> + <tagNode name="interface" owner="${vyos_conf_scripts_dir}/firewall_options.py"> + <properties> + <help>Interface clamping options</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Disable this rule</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="adjust-mss"> + <properties> + <help>Adjust MSS for IPv4 transit packets</help> + <valueHelp> + <format>500-1460</format> + <description>TCP Maximum segment size in bytes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 500-1460"/> + </constraint> + </properties> + </leafNode> + <leafNode name="adjust-mss6"> + <properties> + <help>Adjust MSS for IPv6 transit packets</help> + <valueHelp> + <format>1280-1492</format> + <description>TCP Maximum segment size in bytes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1280-1492"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in new file mode 100644 index 000000000..239269235 --- /dev/null +++ b/interface-definitions/flow-accounting-conf.xml.in @@ -0,0 +1,431 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- flow-accounting configuration --> +<interfaceDefinition> + <node name="system"> + <children> + <node name="flow-accounting" owner="${vyos_conf_scripts_dir}/flow_accounting_conf.py"> + <properties> + <help>Flow accounting settings</help> + <priority>990</priority> + </properties> + <children> + <leafNode name="buffer-size"> + <properties> + <help>Buffer size</help> + <valueHelp> + <format>0-4294967295</format> + <description>Buffer size in MiB</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295" /> + </constraint> + </properties> + </leafNode> + <leafNode name="disable-imt"> + <properties> + <help>Disable in memory table plugin</help> + <valueless /> + </properties> + </leafNode> + <leafNode name="syslog-facility"> + <properties> + <help>Syslog facility for flow-accounting</help> + <completionHelp> + <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> + </completionHelp> + <constraint> + <regex>auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all</regex> + </constraint> + <valueHelp> + <format>auth</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>authpriv</format> + <description>Non-system authorization</description> + </valueHelp> + <valueHelp> + <format>cron</format> + <description>Cron daemon</description> + </valueHelp> + <valueHelp> + <format>daemon</format> + <description>System daemons</description> + </valueHelp> + <valueHelp> + <format>kern</format> + <description>Kernel</description> + </valueHelp> + <valueHelp> + <format>lpr</format> + <description>Line printer spooler</description> + </valueHelp> + <valueHelp> + <format>mail</format> + <description>Mail subsystem</description> + </valueHelp> + <valueHelp> + <format>mark</format> + <description>Timestamp</description> + </valueHelp> + <valueHelp> + <format>news</format> + <description>USENET subsystem</description> + </valueHelp> + <valueHelp> + <format>protocols</format> + <description>Routing protocols (local7)</description> + </valueHelp> + <valueHelp> + <format>security</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>user</format> + <description>Application processes</description> + </valueHelp> + <valueHelp> + <format>uucp</format> + <description>UUCP subsystem</description> + </valueHelp> + <valueHelp> + <format>local0</format> + <description>Local facility 0</description> + </valueHelp> + <valueHelp> + <format>local1</format> + <description>Local facility 1</description> + </valueHelp> + <valueHelp> + <format>local2</format> + <description>Local facility 2</description> + </valueHelp> + <valueHelp> + <format>local3</format> + <description>Local facility 3</description> + </valueHelp> + <valueHelp> + <format>local4</format> + <description>Local facility 4</description> + </valueHelp> + <valueHelp> + <format>local5</format> + <description>Local facility 5</description> + </valueHelp> + <valueHelp> + <format>local6</format> + <description>Local facility 6</description> + </valueHelp> + <valueHelp> + <format>local7</format> + <description>Local facility 7</description> + </valueHelp> + <valueHelp> + <format>all</format> + <description>Authentication and authorization</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="interface"> + <properties> + <help>Interface for flow-accounting [REQUIRED]</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <node name="netflow"> + <properties> + <help>NetFlow settings</help> + </properties> + <children> + <leafNode name="engine-id"> + <properties> + <help>NetFlow engine-id</help> + <valueHelp> + <format>0-255 or 0-255:0-255</format> + <description>NetFlow engine-id for v5</description> + </valueHelp> + <valueHelp> + <format>0-4294967295</format> + <description>NetFlow engine-id for v9 / IPFIX</description> + </valueHelp> + <constraint> + <regex>(\d|[1-9]\d{1,8}|[1-3]\d{9}|4[01]\d{8}|42[0-8]\d{7}|429[0-3]\d{6}|4294[0-8]\d{5}|42949[0-5]\d{4}|429496[0-6]\d{3}|4294967[01]\d{2}|42949672[0-8]\d|429496729[0-5])$|^(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]):(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5])$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="max-flows"> + <properties> + <help>NetFlow maximum flows</help> + <valueHelp> + <format>0-4294967295</format> + <description>NetFlow maximum flows</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295" /> + </constraint> + </properties> + </leafNode> + <leafNode name="sampling-rate"> + <properties> + <help>NetFlow sampling-rate</help> + <valueHelp> + <format>0-4294967295</format> + <description>Sampling rate (1 in N packets)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295" /> + </constraint> + </properties> + </leafNode> + <leafNode name="source-ip"> + <properties> + <help>IPv4 or IPv6 source address of NetFlow packets</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address of NetFlow packets</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 source address of NetFlow packets</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="version"> + <properties> + <help>NetFlow version to export</help> + <completionHelp> + <list>5 9 10</list> + </completionHelp> + <valueHelp> + <format>5</format> + <description>NetFlow version 5</description> + </valueHelp> + <valueHelp> + <format>9</format> + <description>NetFlow version 9 (default)</description> + </valueHelp> + <valueHelp> + <format>10</format> + <description>Internet Protocol Flow Information Export (IPFIX)</description> + </valueHelp> + </properties> + </leafNode> + <tagNode name="server"> + <properties> + <help>Server to export NetFlow [REQUIRED]</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 server to export NetFlow</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 server to export NetFlow</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + <leafNode name="port"> + <properties> + <help>NetFlow port number</help> + <valueHelp> + <format>1025-65535</format> + <description>NetFlow port number (default 2055)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1025-65535" /> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <node name="timeout"> + <properties> + <help>NetFlow timeout values</help> + </properties> + <children> + <leafNode name="expiry-interval"> + <properties> + <help>Expiry scan interval</help> + <valueHelp> + <format>0-2147483647</format> + <description>Expiry scan interval (default 60)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647" /> + </constraint> + </properties> + </leafNode> + <leafNode name="flow-generic"> + <properties> + <help>Generic flow timeout value</help> + <valueHelp> + <format>0-2147483647</format> + <description>Generic flow timeout in seconds (default 3600)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647" /> + </constraint> + </properties> + </leafNode> + <leafNode name="icmp"> + <properties> + <help>ICMP timeout value</help> + <valueHelp> + <format>0-2147483647</format> + <description>ICMP timeout in seconds (default 300)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647" /> + </constraint> + </properties> + </leafNode> + <leafNode name="max-active-life"> + <properties> + <help>Max active timeout value</help> + <valueHelp> + <format>0-2147483647</format> + <description>Max active timeout in seconds (default 604800)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647" /> + </constraint> + </properties> + </leafNode> + <leafNode name="tcp-fin"> + <properties> + <help>TCP finish timeout value</help> + <valueHelp> + <format>0-2147483647</format> + <description>TCP FIN timeout in seconds (default 300)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647" /> + </constraint> + </properties> + </leafNode> + <leafNode name="tcp-generic"> + <properties> + <help>TCP generic timeout value</help> + <valueHelp> + <format>0-2147483647</format> + <description>TCP generic timeout in seconds (default 3600)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647" /> + </constraint> + </properties> + </leafNode> + <leafNode name="tcp-rst"> + <properties> + <help>TCP reset timeout value</help> + <valueHelp> + <format>0-2147483647</format> + <description>TCP RST timeout in seconds (default 120)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647" /> + </constraint> + </properties> + </leafNode> + <leafNode name="udp"> + <properties> + <help>UDP timeout value</help> + <valueHelp> + <format>0-2147483647</format> + <description>UDP timeout in seconds (default 300)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647" /> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <node name="sflow"> + <properties> + <help>sFlow settings</help> + </properties> + <children> + <leafNode name="agent-address"> + <properties> + <help>sFlow agent IPv4 address</help> + <valueHelp> + <format>auto</format> + <description>auto select sFlow agent-address (default)</description> + </valueHelp> + <valueHelp> + <format>ipv4</format> + <description>sFlow IPv4 agent address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <regex>auto$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="sampling-rate"> + <properties> + <help>sFlow sampling-rate</help> + <valueHelp> + <format>0-4294967295</format> + <description>Sampling rate (1 in N packets)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295" /> + </constraint> + </properties> + </leafNode> + <tagNode name="server"> + <properties> + <help>Server to export sFlow [REQUIRED]</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 server to export sFlow</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 server to export sFlow</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + <leafNode name="port"> + <properties> + <help>sFlow port number</help> + <valueHelp> + <format>1025-65535</format> + <description>sFlow port number (default 6343)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1025-65535" /> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in new file mode 100644 index 000000000..9bb96f1f0 --- /dev/null +++ b/interface-definitions/https.xml.in @@ -0,0 +1,174 @@ +<?xml version="1.0"?> +<!-- HTTPS configuration --> +<interfaceDefinition> + <syntaxVersion component='https' version='2'></syntaxVersion> + <node name="service"> + <children> + <node name="https" owner="${vyos_conf_scripts_dir}/https.py"> + <properties> + <help>HTTPS configuration</help> + <priority>1001</priority> + </properties> + <children> + <tagNode name="virtual-host"> + <properties> + <help>Identifier for virtual host</help> + <constraint> + <regex>[a-zA-Z0-9-_.:]{1,255}</regex> + </constraint> + <constraintErrorMessage>illegal characters in identifier or identifier longer than 255 characters</constraintErrorMessage> + </properties> + <children> + <leafNode name="listen-address"> + <properties> + <help>Address to listen for HTTPS requests</help> + <valueHelp> + <format>ipv4</format> + <description>HTTPS IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>HTTPS IPv6 address</description> + </valueHelp> + <valueHelp> + <format>'*'</format> + <description>any</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + <regex>\*$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name='listen-port'> + <properties> + <help>Port to listen for HTTPS requests; default 443</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="server-name"> + <properties> + <help>Server names: exact, wildcard, or regex</help> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <node name="api" owner="${vyos_conf_scripts_dir}/http-api.py"> + <properties> + <help>VyOS HTTP API configuration</help> + <priority>1002</priority> + </properties> + <children> + <leafNode name="port"> + <properties> + <help>Port for HTTP API service</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <node name="keys"> + <properties> + <help>HTTP API keys</help> + </properties> + <children> + <tagNode name="id"> + <properties> + <help>HTTP API id</help> + </properties> + <children> + <leafNode name="key"> + <properties> + <help>HTTP API plaintext key</help> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <leafNode name="strict"> + <properties> + <help>Enforce strict path checking</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="debug"> + <properties> + <help>Debug</help> + <valueless/> + <hidden/> + </properties> + </leafNode> + </children> + </node> + <node name="api-restrict"> + <properties> + <help>Restrict api proxy to subset of virtual hosts</help> + </properties> + <children> + <leafNode name="virtual-host"> + <properties> + <help>Restrict proxy to virtual host(s)</help> + <multi/> + </properties> + </leafNode> + </children> + </node> + <node name="certificates"> + <properties> + <help>TLS certificates</help> + </properties> + <children> + <node name="system-generated-certificate" owner="${vyos_conf_scripts_dir}/vyos_cert.py"> + <properties> + <help>Use an automatically generated self-signed certificate</help> + </properties> + <children> + <leafNode name="lifetime"> + <properties> + <help>Lifetime in days; default is 365</help> + <valueHelp> + <format>1-65535</format> + <description>Number of days</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + <node name="certbot" owner="${vyos_conf_scripts_dir}/le_cert.py"> + <properties> + <help>Request or apply a letsencrypt certificate for domain-name</help> + </properties> + <children> + <leafNode name="domain-name"> + <properties> + <help>Domain name(s) for which to obtain certificate</help> + <multi/> + </properties> + </leafNode> + <leafNode name="email"> + <properties> + <help>Email address to associate with certificate</help> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/igmp-proxy.xml.in new file mode 100644 index 000000000..74fec6b48 --- /dev/null +++ b/interface-definitions/igmp-proxy.xml.in @@ -0,0 +1,100 @@ +<?xml version="1.0"?> +<!-- IGMP Proxy configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="igmp-proxy" owner="${vyos_conf_scripts_dir}/igmp_proxy.py"> + <properties> + <help>Internet Group Management Protocol (IGMP) proxy parameters</help> + <priority>740</priority> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable IGMP proxy</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-quickleave"> + <properties> + <help>Option to disable "quickleave"</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="interface"> + <properties> + <help>Interface for IGMP proxy [REQUIRED]</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="alt-subnet"> + <properties> + <help>Unicast source networks allowed for multicast traffic to be proxyed</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="role"> + <properties> + <help>Role of this IGMP interface</help> + <completionHelp> + <list>upstream downstream disabled</list> + </completionHelp> + <valueHelp> + <format>upstream</format> + <description>Upstream interface (only 1 allowed)</description> + </valueHelp> + <valueHelp> + <format>downstream</format> + <description>Downstream interface(s) (default)</description> + </valueHelp> + <valueHelp> + <format>disabled</format> + <description>Disabled interface</description> + </valueHelp> + <constraint> + <regex>(upstream|downstream|disabled)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="threshold"> + <properties> + <help>TTL threshold</help> + <valueHelp> + <format>1-255</format> + <description>TTL threshold for the interfaces (default: 1)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + <constraintErrorMessage>threshold must be between 1 and 255</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="whitelist"> + <properties> + <help>Group to whitelist</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/include/accel-auth-mode.xml.i b/interface-definitions/include/accel-auth-mode.xml.i new file mode 100644 index 000000000..e719112db --- /dev/null +++ b/interface-definitions/include/accel-auth-mode.xml.i @@ -0,0 +1,19 @@ +<leafNode name="mode"> + <properties> + <help>Authentication mode used by this server</help> + <valueHelp> + <format>local</format> + <description>Use local username/password configuration</description> + </valueHelp> + <valueHelp> + <format>radius</format> + <description>Use RADIUS server for user autentication</description> + </valueHelp> + <constraint> + <regex>(local|radius)</regex> + </constraint> + <completionHelp> + <list>local radius</list> + </completionHelp> + </properties> +</leafNode> diff --git a/interface-definitions/include/accel-client-ipv6-pool.xml.in b/interface-definitions/include/accel-client-ipv6-pool.xml.in new file mode 100644 index 000000000..455ada6ef --- /dev/null +++ b/interface-definitions/include/accel-client-ipv6-pool.xml.in @@ -0,0 +1,59 @@ +<node name="client-ipv6-pool"> + <properties> + <help>Pool of client IPv6 addresses</help> + </properties> + <children> + <tagNode name="prefix"> + <properties> + <help>Pool of addresses used to assign to clients</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="mask"> + <properties> + <help>Prefix length used for individual client</help> + <valueHelp> + <format><48-128></format> + <description>Client prefix length (default: 64)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 48-128"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="delegate"> + <properties> + <help>Subnet used to delegate prefix through DHCPv6-PD (RFC3633)</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="delegation-prefix"> + <properties> + <help>Prefix length delegated to client</help> + <valueHelp> + <format><32-64></format> + <description>Delegated prefix length</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 32-64"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> +</node> diff --git a/interface-definitions/include/accel-name-server.xml.in b/interface-definitions/include/accel-name-server.xml.in new file mode 100644 index 000000000..82ed6771d --- /dev/null +++ b/interface-definitions/include/accel-name-server.xml.in @@ -0,0 +1,18 @@ +<leafNode name="name-server"> + <properties> + <help>Domain Name Server (DNS) propagated to client</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> +</leafNode> diff --git a/interface-definitions/include/accel-radius-additions.xml.in b/interface-definitions/include/accel-radius-additions.xml.in new file mode 100644 index 000000000..e37b68514 --- /dev/null +++ b/interface-definitions/include/accel-radius-additions.xml.in @@ -0,0 +1,125 @@ +<node name="radius"> + <children> + <tagNode name="server"> + <children> + <leafNode name="acct-port"> + <properties> + <help>Accounting port</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port (default: 1813)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="fail-time"> + <properties> + <help>Mark server unavailable for <n> seconds on failure</help> + <valueHelp> + <format>0-600</format> + <description>Fail time penalty</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600"/> + </constraint> + <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="timeout"> + <properties> + <help>Timeout in seconds to wait response from RADIUS server</help> + <valueHelp> + <format>1-60</format> + <description>Timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-60"/> + </constraint> + <constraintErrorMessage>Timeout must be between 1 and 60 seconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="acct-timeout"> + <properties> + <help>Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds)</help> + <valueHelp> + <format>0-60</format> + <description>Timeout in seconds, 0 to keep active</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60"/> + </constraint> + <constraintErrorMessage>Timeout must be between 0 and 60 seconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="max-try"> + <properties> + <help>Number of tries to send Access-Request/Accounting-Request queries</help> + <valueHelp> + <format>1-20</format> + <description>Maximum tries</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-20"/> + </constraint> + <constraintErrorMessage>Maximum tries must be between 1 and 20</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="nas-identifier"> + <properties> + <help>NAS-Identifier attribute sent to RADIUS</help> + </properties> + </leafNode> + <leafNode name="nas-ip-address"> + <properties> + <help>NAS-IP-Address attribute sent to RADIUS</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <valueHelp> + <format>ipv4</format> + <description>NAS-IP-Address attribute</description> + </valueHelp> + </properties> + </leafNode> + <node name="dynamic-author"> + <properties> + <help>Dynamic Authorization Extension/Change of Authorization server</help> + </properties> + <children> + <leafNode name="server"> + <properties> + <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address for aynamic authorization server</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Port for Dynamic Authorization Extension server (DM/CoA)</help> + <valueHelp> + <format>number</format> + <description>TCP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="key"> + <properties> + <help>Shared secret for Dynamic Authorization Extension server</help> + </properties> + </leafNode> + </children> + </node> + </children> +</node> diff --git a/interface-definitions/include/accel-wins-server.xml.i b/interface-definitions/include/accel-wins-server.xml.i new file mode 100644 index 000000000..461a65ddf --- /dev/null +++ b/interface-definitions/include/accel-wins-server.xml.i @@ -0,0 +1,13 @@ +<leafNode name="wins-server"> + <properties> + <help>Windows Internet Name Service (WINS) servers propagated to client</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> +</leafNode> diff --git a/interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i b/interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i new file mode 100644 index 000000000..cca824d89 --- /dev/null +++ b/interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i @@ -0,0 +1,29 @@ +<leafNode name="address"> + <properties> + <help>IP address</help> + <completionHelp> + <list>dhcp dhcpv6</list> + </completionHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>dhcp</format> + <description>Dynamic Host Configuration Protocol</description> + </valueHelp> + <valueHelp> + <format>dhcpv6</format> + <description>Dynamic Host Configuration Protocol for IPv6</description> + </valueHelp> + <constraint> + <validator name="ip-host"/> + <regex>(dhcp|dhcpv6)</regex> + </constraint> + <multi/> + </properties> +</leafNode> diff --git a/interface-definitions/include/address-ipv4-ipv6.xml.i b/interface-definitions/include/address-ipv4-ipv6.xml.i new file mode 100644 index 000000000..a891085bd --- /dev/null +++ b/interface-definitions/include/address-ipv4-ipv6.xml.i @@ -0,0 +1,17 @@ +<leafNode name="address"> + <properties> + <help>IP address</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-host"/> + </constraint> + <multi/> + </properties> +</leafNode> diff --git a/interface-definitions/include/bgp-afi-aggregate-address.xml.i b/interface-definitions/include/bgp-afi-aggregate-address.xml.i new file mode 100644 index 000000000..050ee0074 --- /dev/null +++ b/interface-definitions/include/bgp-afi-aggregate-address.xml.i @@ -0,0 +1,12 @@ +<leafNode name="as-set"> + <properties> + <help>Generate AS-set path information for this aggregate address</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="summary-only"> + <properties> + <help>Announce the aggregate summary network only</help> + <valueless/> + </properties> +</leafNode> diff --git a/interface-definitions/include/bgp-afi-redistribute-metric-route-map.xml.i b/interface-definitions/include/bgp-afi-redistribute-metric-route-map.xml.i new file mode 100644 index 000000000..9b3f7a008 --- /dev/null +++ b/interface-definitions/include/bgp-afi-redistribute-metric-route-map.xml.i @@ -0,0 +1,17 @@ +<leafNode name="metric"> + <properties> + <help>Metric for redistributed routes</help> + <valueHelp> + <format><1-4294967295></format> + <description>Metric for redistributed routes</description> + </valueHelp> + </properties> +</leafNode> +<leafNode name="route-map"> + <properties> + <help>Route map to filter redistributed routes</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> +</leafNode> diff --git a/interface-definitions/include/bgp-neighbor-afi-ipv4-unicast.xml.i b/interface-definitions/include/bgp-neighbor-afi-ipv4-unicast.xml.i new file mode 100644 index 000000000..74afb8851 --- /dev/null +++ b/interface-definitions/include/bgp-neighbor-afi-ipv4-unicast.xml.i @@ -0,0 +1,285 @@ +<node name="ipv4-unicast"> + <properties> + <help>IPv4 BGP neighbor parameters</help> + </properties> + <children> + <node name="allowas-in"> + <properties> + <help>Accept a IPv4-route that contains the local-AS in the as-path</help> + </properties> + <children> + <leafNode name="number"> + <properties> + <help>Number of occurrences of AS number</help> + <valueHelp> + <format><1-10></format> + <description>Number of times AS is allowed in path</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="as-override"> + <properties> + <help>AS for routes sent to this neighbor to be the local AS</help> + <valueless/> + </properties> + </leafNode> + <node name="attribute-unchanged"> + <properties> + <help>BGP attributes are sent unchanged (IPv4)</help> + </properties> + <children> + <leafNode name="as-path"> + <properties> + <help>Send AS path unchanged (IPv4)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="med"> + <properties> + <help>Send multi-exit discriminator unchanged (IPv4)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="next-hop"> + <properties> + <help>Send nexthop unchanged (IPv4)</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="capability"> + <properties> + <help>Advertise capabilities to this neighbor (IPv4)</help> + </properties> + <children> + <node name="orf"> + <properties> + <help>Advertise ORF capability to this neighbor</help> + </properties> + <children> + <node name="prefix-list"> + <properties> + <help>Advertise prefix-list ORF capability to this neighbor</help> + </properties> + <children> + <leafNode name="receive"> + <properties> + <help>Capability to receive the ORF</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="send"> + <properties> + <help>Capability to send the ORF</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="default-originate"> + <properties> + <help>Send default IPv4-route to this neighbor</help> + </properties> + <children> + <leafNode name="route-map"> + <properties> + <help>IPv4-Route-map to specify criteria of the default</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <node name="distribute-list"> + <properties> + <help>Access-list to filter IPv4-route updates to/from this neighbor</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Access-list to filter outgoing IPv4-route updates to this neighbor</help> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <valueHelp> + <format><1-65535></format> + <description>Access-list to filter outgoing IPv4-route updates to this neighbor</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Access-list to filter incoming IPv4-route updates from this neighbor</help> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <valueHelp> + <format><1-65535></format> + <description>Access-list to filter incoming IPv4-route updates from this neighbor</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="filter-list"> + <properties> + <help>As-path-list to filter IPv4-route updates to/from this neighbor</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>As-path-list to filter outgoing IPv4-route updates to this neighbor</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>As-path-list to filter incoming IPv4-route updates from this neighbor</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="maximum-prefix"> + <properties> + <help>Maximum number of IPv4-prefixes to accept from this neighbor</help> + <valueHelp> + <format><1-4294967295></format> + <description>Prefix limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <node name="nexthop-self"> + <properties> + <help>Nexthop for IPv4-routes sent to this neighbor to be the local router</help> + </properties> + <children> + <leafNode name="force"> + <properties> + <help>Set the next hop to self for reflected routes</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="prefix-list"> + <properties> + <help>IPv4-Prefix-list to filter route updates to/from this neighbor</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>IPv4-Prefix-list to filter outgoing route updates to this neighbor</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>IPv4-Prefix-list to filter incoming route updates from this neighbor</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="remove-private-as"> + <properties> + <help>Remove private AS numbers from AS path in outbound IPv4-route updates</help> + <valueless/> + </properties> + </leafNode> + <node name="route-map"> + <properties> + <help>Route-map to filter IPv4-route updates to/from this neighbor</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>IPv4-Route-map to filter outgoing route updates to this neighbor</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>IPv4-Route-map to filter incoming route updates from this neighbor</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="route-reflector-client"> + <properties> + <help>Neighbor as a IPv4-route reflector client</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="route-server-client"> + <properties> + <help>Neighbor is IPv4-route server client</help> + <valueless/> + </properties> + </leafNode> + <node name="soft-reconfiguration"> + <properties> + <help>Soft reconfiguration for neighbor (IPv4)</help> + </properties> + <children> + <leafNode name="inbound"> + <properties> + <help>Inbound soft reconfiguration for this neighbor [REQUIRED]</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="unsuppress-map"> + <properties> + <help>Route-map to selectively unsuppress suppressed IPv4-routes</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="weight"> + <properties> + <help>Default weight for routes from this neighbor</help> + <valueHelp> + <format><1-65535></format> + <description>Weight for routes from this neighbor</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> +</node> diff --git a/interface-definitions/include/bgp-neighbor-afi-ipv6-unicast.xml.i b/interface-definitions/include/bgp-neighbor-afi-ipv6-unicast.xml.i new file mode 100644 index 000000000..e95cb6dd8 --- /dev/null +++ b/interface-definitions/include/bgp-neighbor-afi-ipv6-unicast.xml.i @@ -0,0 +1,322 @@ +<node name="ipv6-unicast"> + <properties> + <help>IPv6 BGP neighbor parameters</help> + </properties> + <children> + <node name="allowas-in"> + <properties> + <help>Accept a IPv6-route that contains the local-AS in the as-path</help> + </properties> + <children> + <leafNode name="number"> + <properties> + <help>Number of occurrences of AS number</help> + <valueHelp> + <format><1-10></format> + <description>Number of times AS is allowed in path</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="as-override"> + <properties> + <help>AS for routes sent to this neighbor to be the local AS</help> + <valueless/> + </properties> + </leafNode> + <node name="attribute-unchanged"> + <properties> + <help>BGP attributes are sent unchanged</help> + </properties> + <children> + <leafNode name="as-path"> + <properties> + <help>Send AS path unchanged</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="med"> + <properties> + <help>Send multi-exit discriminator unchanged</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="next-hop"> + <properties> + <help>Send nexthop unchanged</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="capability"> + <properties> + <help>Advertise capabilities to this neighbor (IPv6)</help> + </properties> + <children> + <node name="orf"> + <properties> + <help>Advertise ORF capability to this neighbor</help> + </properties> + <children> + <node name="prefix-list"> + <properties> + <help>Advertise prefix-list ORF capability to this neighbor</help> + </properties> + <children> + <leafNode name="receive"> + <properties> + <help>Capability to receive the ORF</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="send"> + <properties> + <help>Capability to send the ORF</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="default-originate"> + <properties> + <help>Send default IPv6-route to this neighbor</help> + </properties> + <children> + <leafNode name="route-map"> + <properties> + <help>Route-map to specify criteria of the default</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <node name="disable-send-community"> + <properties> + <help>Disable sending community attributes to this neighbor</help> + </properties> + <children> + <leafNode name="extended"> + <properties> + <help>Disable sending extended community attributes to this neighbor</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="standard"> + <properties> + <help>Disable sending standard community attributes to this neighbor</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="distribute-list"> + <properties> + <help>Access-list to filter route updates to/from this neighbor</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Access-list to filter outgoing route updates to this neighbor</help> + <completionHelp> + <path>policy access-list6</path> + </completionHelp> + <valueHelp> + <format><1-65535></format> + <description>Access-list to filter outgoing route updates to this neighbor</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Access-list to filter incoming route updates from this neighbor</help> + <completionHelp> + <path>policy access-list6</path> + </completionHelp> + <valueHelp> + <format><1-65535></format> + <description>Access-list to filter incoming route updates from this neighbor</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="filter-list"> + <properties> + <help>As-path-list to filter route updates to/from this neighbor</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>As-path-list to filter outgoing route updates to this neighbor</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>As-path-list to filter incoming route updates from this neighbor</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="maximum-prefix"> + <properties> + <help>Maximum number of prefixes to accept from this neighbor</help> + <valueHelp> + <format><1-4294967295></format> + <description>Prefix limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <node name="nexthop-local"> + <properties> + <help>Nexthop attributes</help> + </properties> + <children> + <leafNode name="unchanged"> + <properties> + <help>Leave link-local nexthop unchanged for this peer</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="nexthop-self"> + <properties> + <help>Nexthop for IPv6-routes sent to this neighbor to be the local router</help> + </properties> + <children> + <leafNode name="force"> + <properties> + <help>Set the next hop to self for reflected routes</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="peer-group"> + <properties> + <help>IPv6 peer group for this peer</help> + </properties> + </leafNode> + <node name="prefix-list"> + <properties> + <help>Prefix-list to filter route updates to/from this neighbor</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Prefix-list to filter outgoing route updates to this neighbor</help> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Prefix-list to filter incoming route updates from this neighbor</help> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="remove-private-as"> + <properties> + <help>Remove private AS numbers from AS path in outbound route updates</help> + <valueless/> + </properties> + </leafNode> + <node name="route-map"> + <properties> + <help>Route-map to filter route updates to/from this neighbor</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Route-map to filter outgoing route updates to this neighbor</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Route-map to filter incoming route updates from this neighbor</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="route-reflector-client"> + <properties> + <help>Neighbor as a IPv6-route reflector client</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="route-server-client"> + <properties> + <help>Neighbor is IPv6-route server client</help> + <valueless/> + </properties> + </leafNode> + <node name="soft-reconfiguration"> + <properties> + <help>Soft reconfiguration for neighbor (IPv6)</help> + </properties> + <children> + <leafNode name="inbound"> + <properties> + <help>Inbound soft reconfiguration for this neighbor [REQUIRED]</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="unsuppress-map"> + <properties> + <help>Route-map to selectively unsuppress suppressed IPv6-routes</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="weight"> + <properties> + <help>Default weight for routes from this neighbor</help> + <valueHelp> + <format><1-65535></format> + <description>Weight for routes from this neighbor</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> +</node> diff --git a/interface-definitions/include/bgp-peer-group-afi-ipv4-unicast.xml.i b/interface-definitions/include/bgp-peer-group-afi-ipv4-unicast.xml.i new file mode 100644 index 000000000..df051ace5 --- /dev/null +++ b/interface-definitions/include/bgp-peer-group-afi-ipv4-unicast.xml.i @@ -0,0 +1,301 @@ +<node name="ipv4-unicast"> + <properties> + <help>IPv4 BGP peer group parameters</help> + </properties> + <children> + <node name="allowas-in"> + <properties> + <help>Accept a route that contains the local-AS in the as-path</help> + </properties> + <children> + <leafNode name="number"> + <properties> + <help>Number of occurrences of AS number</help> + <valueHelp> + <format><1-10></format> + <description>Number of times AS is allowed in path</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="attribute-unchanged"> + <properties> + <help>BGP attributes are sent unchanged</help> + </properties> + <children> + <leafNode name="as-path"> + <properties> + <help>Send AS path unchanged</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="med"> + <properties> + <help>Send multi-exit discriminator unchanged</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="next-hop"> + <properties> + <help>Send nexthop unchanged</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="capability"> + <properties> + <help>Advertise capabilities to this peer-group</help> + </properties> + <children> + <leafNode name="dynamic"> + <properties> + <help>Advertise dynamic capability to this peer-group</help> + <valueless/> + </properties> + </leafNode> + <node name="orf"> + <properties> + <help>Advertise ORF capability to this peer-group</help> + </properties> + <children> + <node name="prefix-list"> + <properties> + <help>Advertise prefix-list ORF capability to this peer-group</help> + </properties> + <children> + <leafNode name="receive"> + <properties> + <help>Capability to receive the ORF</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="send"> + <properties> + <help>Capability to send the ORF</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="default-originate"> + <properties> + <help>Send default route to this peer-group</help> + </properties> + <children> + <leafNode name="route-map"> + <properties> + <help>Route-map to specify criteria of the default</help> + </properties> + </leafNode> + </children> + </node> + <node name="disable-send-community"> + <properties> + <help>Disable sending community attributes to this peer-group</help> + </properties> + <children> + <leafNode name="extended"> + <properties> + <help>Disable sending extended community attributes to this peer-group</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="standard"> + <properties> + <help>Disable sending standard community attributes to this peer-group</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="distribute-list"> + <properties> + <help>Access-list to filter route updates to/from this peer-group</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Access-list to filter outgoing route updates to this peer-group</help> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <valueHelp> + <format><1-65535></format> + <description>Access-list to filter outgoing route updates to this peer-group</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Access-list to filter incoming route updates from this peer-group</help> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <valueHelp> + <format><1-65535></format> + <description>Access-list to filter incoming route updates from this peer-group</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="filter-list"> + <properties> + <help>As-path-list to filter route updates to/from this peer-group</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>As-path-list to filter outgoing route updates to this peer-group</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>As-path-list to filter incoming route updates from this peer-group</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="maximum-prefix"> + <properties> + <help>Maximum number of prefixes to accept from this peer-group</help> + <valueHelp> + <format><1-4294967295></format> + <description>Prefix limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <node name="nexthop-self"> + <properties> + <help>Nexthop for routes sent to this peer-group to be the local router</help> + </properties> + <children> + <leafNode name="force"> + <properties> + <help>Set the next hop to self for reflected routes</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="prefix-list"> + <properties> + <help>Prefix-list to filter route updates to/from this peer-group</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Prefix-list to filter outgoing route updates to this peer-group</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Prefix-list to filter incoming route updates from this peer-group</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="remove-private-as"> + <properties> + <help>Remove private AS numbers from AS path in outbound route updates</help> + <valueless/> + </properties> + </leafNode> + <node name="route-map"> + <properties> + <help>Route-map to filter route updates to/from this peer-group</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Route-map to filter outgoing route updates to this peer-group</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Route-map to filter incoming route updates from this peer-group</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="route-reflector-client"> + <properties> + <help>Peer-group as a route reflector client</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="route-server-client"> + <properties> + <help>Peer-group as route server client</help> + <valueless/> + </properties> + </leafNode> + <node name="soft-reconfiguration"> + <properties> + <help>Soft reconfiguration for peer-group</help> + </properties> + <children> + <leafNode name="inbound"> + <properties> + <help>Inbound soft reconfiguration for this peer-group [REQUIRED]</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="unsuppress-map"> + <properties> + <help>Route-map to selectively unsuppress suppressed routes</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="weight"> + <properties> + <help>Default weight for routes from this peer-group</help> + <valueHelp> + <format><1-65535></format> + <description>Weight for routes from this peer-group</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> +</node> diff --git a/interface-definitions/include/bgp-peer-group-afi-ipv6-unicast.xml.i b/interface-definitions/include/bgp-peer-group-afi-ipv6-unicast.xml.i new file mode 100644 index 000000000..a381e02f0 --- /dev/null +++ b/interface-definitions/include/bgp-peer-group-afi-ipv6-unicast.xml.i @@ -0,0 +1,317 @@ +<node name="ipv6-unicast"> + <properties> + <help>IPv6 BGP neighbor parameters</help> + </properties> + <children> + <node name="allowas-in"> + <properties> + <help>Accept a IPv6-route that contains the local-AS in the as-path</help> + </properties> + <children> + <leafNode name="number"> + <properties> + <help>Number of occurrences of AS number</help> + <valueHelp> + <format><1-10></format> + <description>Number of times AS is allowed in path</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="attribute-unchanged"> + <properties> + <help>BGP attributes are sent unchanged</help> + </properties> + <children> + <leafNode name="as-path"> + <properties> + <help>Send AS path unchanged</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="med"> + <properties> + <help>Send multi-exit discriminator unchanged</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="next-hop"> + <properties> + <help>Send nexthop unchanged</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="capability"> + <properties> + <help>Advertise capabilities to this peer-group</help> + </properties> + <children> + <leafNode name="dynamic"> + <properties> + <help>Advertise dynamic capability to this peer-group</help> + <valueless/> + </properties> + </leafNode> + <node name="orf"> + <properties> + <help>Advertise ORF capability to this peer-group</help> + </properties> + <children> + <node name="prefix-list"> + <properties> + <help>Advertise prefix-list ORF capability to this peer-group</help> + </properties> + <children> + <leafNode name="receive"> + <properties> + <help>Capability to receive the ORF</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="send"> + <properties> + <help>Capability to send the ORF</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="default-originate"> + <properties> + <help>Send default route to this peer-group</help> + </properties> + <children> + <leafNode name="route-map"> + <properties> + <help>Route-map to specify criteria of the default</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <node name="disable-send-community"> + <properties> + <help>Disable sending community attributes to this peer-group</help> + </properties> + <children> + <leafNode name="extended"> + <properties> + <help>Disable sending extended community attributes to this peer-group</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="standard"> + <properties> + <help>Disable sending standard community attributes to this peer-group</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="distribute-list"> + <properties> + <help>Access-list to filter route updates to/from this peer-group</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Access-list to filter outgoing route updates to this peer-group</help> + <completionHelp> + <path>policy access-list6</path> + </completionHelp> + <valueHelp> + <format><1-65535></format> + <description>Access-list to filter outgoing route updates to this peer-group</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Access-list to filter incoming route updates from this peer-group</help> + <completionHelp> + <path>policy access-list6</path> + </completionHelp> + <valueHelp> + <format><1-65535></format> + <description>Access-list to filter incoming route updates from this peer-group</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="filter-list"> + <properties> + <help>As-path-list to filter route updates to/from this peer-group</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>As-path-list to filter outgoing route updates to this peer-group</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>As-path-list to filter incoming route updates from this peer-group</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="maximum-prefix"> + <properties> + <help>Maximum number of prefixes to accept from this peer-group</help> + <valueHelp> + <format><1-4294967295></format> + <description>Prefix limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <node name="nexthop-local"> + <properties> + <help>Nexthop attributes</help> + </properties> + <children> + <leafNode name="unchanged"> + <properties> + <help>Leave link-local nexthop unchanged for this peer</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="nexthop-self"> + <properties> + <help>Nexthop for routes sent to this peer-group to be the local router</help> + </properties> + <children> + <leafNode name="force"> + <properties> + <help>Set the next hop to self for reflected routes</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="prefix-list"> + <properties> + <help>Prefix-list to filter route updates to/from this peer-group</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Prefix-list to filter outgoing route updates to this peer-group</help> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Prefix-list to filter incoming route updates from this peer-group</help> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="remove-private-as"> + <properties> + <help>Remove private AS numbers from AS path in outbound route updates</help> + <valueless/> + </properties> + </leafNode> + <node name="route-map"> + <properties> + <help>Route-map to filter route updates to/from this peer-group</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Route-map to filter outgoing route updates to this peer-group</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Route-map to filter incoming route updates from this peer-group</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="route-reflector-client"> + <properties> + <help>Peer-group as a route reflector client</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="route-server-client"> + <properties> + <help>Peer-group as route server client</help> + <valueless/> + </properties> + </leafNode> + <node name="soft-reconfiguration"> + <properties> + <help>Soft reconfiguration for peer-group</help> + </properties> + <children> + <leafNode name="inbound"> + <properties> + <help>Inbound soft reconfiguration for this peer-group [REQUIRED]</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="unsuppress-map"> + <properties> + <help>Route-map to selectively unsuppress suppressed routes</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="weight"> + <properties> + <help>Default weight for routes from this peer-group</help> + <valueHelp> + <format><1-65535></format> + <description>Weight for routes from this peer-group</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> +</node> diff --git a/interface-definitions/include/dhcp-options.xml.i b/interface-definitions/include/dhcp-options.xml.i new file mode 100644 index 000000000..9989291fc --- /dev/null +++ b/interface-definitions/include/dhcp-options.xml.i @@ -0,0 +1,22 @@ +<node name="dhcp-options"> + <properties> + <help>DHCP client settings/options</help> + </properties> + <children> + <leafNode name="client-id"> + <properties> + <help>DHCP client identifier</help> + </properties> + </leafNode> + <leafNode name="host-name"> + <properties> + <help>DHCP client host name (overrides system host name)</help> + </properties> + </leafNode> + <leafNode name="vendor-class-id"> + <properties> + <help>DHCP client vendor type</help> + </properties> + </leafNode> + </children> +</node> diff --git a/interface-definitions/include/dhcpv6-options.xml.i b/interface-definitions/include/dhcpv6-options.xml.i new file mode 100644 index 000000000..b0a806806 --- /dev/null +++ b/interface-definitions/include/dhcpv6-options.xml.i @@ -0,0 +1,86 @@ +<node name="dhcpv6-options"> + <properties> + <help>DHCPv6 client settings/options</help> + </properties> + <children> + <leafNode name="parameters-only"> + <properties> + <help>Acquire only config parameters, no address</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="pd"> + <properties> + <help>DHCPv6 prefix delegation interface statement</help> + <valueHelp> + <format>instance number</format> + <description>Prefix delegation instance (>= 0)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--non-negative"/> + </constraint> + </properties> + <children> + <leafNode name="length"> + <properties> + <help>Request IPv6 prefix length from peer</help> + <valueHelp> + <format>32-64</format> + <description>Length of delegated prefix</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 32-64"/> + </constraint> + </properties> + <defaultValue>64</defaultValue> + </leafNode> + <tagNode name="interface"> + <properties> + <help>Delegate IPv6 prefix from provider to this interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py --broadcast</script> + </completionHelp> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>Local interface address assigned to interface</help> + <valueHelp> + <format>>0</format> + <description>Used to form IPv6 interface address (default: EUI-64)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--non-negative"/> + </constraint> + </properties> + </leafNode> + <leafNode name="sla-id"> + <properties> + <help>Interface site-Level aggregator (SLA)</help> + <valueHelp> + <format>0-128</format> + <description>Decimal integer which fits in the length of SLA IDs</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-128"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + <leafNode name="rapid-commit"> + <properties> + <help>Wait for immediate reply instead of advertisements</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="temporary"> + <properties> + <help>IPv6 temporary address</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> diff --git a/interface-definitions/include/interface-arp-cache-timeout.xml.i b/interface-definitions/include/interface-arp-cache-timeout.xml.i new file mode 100644 index 000000000..e65321158 --- /dev/null +++ b/interface-definitions/include/interface-arp-cache-timeout.xml.i @@ -0,0 +1,14 @@ +<leafNode name="arp-cache-timeout"> + <properties> + <help>ARP cache entry timeout in seconds</help> + <valueHelp> + <format>1-86400</format> + <description>ARP cache entry timout in seconds (default 30)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-86400"/> + </constraint> + <constraintErrorMessage>ARP cache entry timeout must be between 1 and 86400 seconds</constraintErrorMessage> + </properties> + <defaultValue>30</defaultValue> +</leafNode> diff --git a/interface-definitions/include/interface-description.xml.i b/interface-definitions/include/interface-description.xml.i new file mode 100644 index 000000000..961533e26 --- /dev/null +++ b/interface-definitions/include/interface-description.xml.i @@ -0,0 +1,9 @@ +<leafNode name="description"> + <properties> + <help>Interface specific description</help> + <constraint> + <regex>.{1,256}$</regex> + </constraint> + <constraintErrorMessage>Description too long (limit 256 characters)</constraintErrorMessage> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-disable-arp-filter.xml.i b/interface-definitions/include/interface-disable-arp-filter.xml.i new file mode 100644 index 000000000..ec3f51b2d --- /dev/null +++ b/interface-definitions/include/interface-disable-arp-filter.xml.i @@ -0,0 +1,6 @@ +<leafNode name="disable-arp-filter"> + <properties> + <help>Disable ARP filter on this interface</help> + <valueless/> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-disable-link-detect.xml.i b/interface-definitions/include/interface-disable-link-detect.xml.i new file mode 100644 index 000000000..619cd03b0 --- /dev/null +++ b/interface-definitions/include/interface-disable-link-detect.xml.i @@ -0,0 +1,6 @@ +<leafNode name="disable-link-detect"> + <properties> + <help>Ignore link state changes</help> + <valueless/> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-disable.xml.i b/interface-definitions/include/interface-disable.xml.i new file mode 100644 index 000000000..7bd3df5da --- /dev/null +++ b/interface-definitions/include/interface-disable.xml.i @@ -0,0 +1,6 @@ +<leafNode name="disable"> + <properties> + <help>Administratively disable interface</help> + <valueless/> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-enable-arp-accept.xml.i b/interface-definitions/include/interface-enable-arp-accept.xml.i new file mode 100644 index 000000000..69f26b322 --- /dev/null +++ b/interface-definitions/include/interface-enable-arp-accept.xml.i @@ -0,0 +1,6 @@ +<leafNode name="enable-arp-accept"> + <properties> + <help>Enable ARP accept on this interface</help> + <valueless/> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-enable-arp-announce.xml.i b/interface-definitions/include/interface-enable-arp-announce.xml.i new file mode 100644 index 000000000..8d51874c1 --- /dev/null +++ b/interface-definitions/include/interface-enable-arp-announce.xml.i @@ -0,0 +1,6 @@ +<leafNode name="enable-arp-announce"> + <properties> + <help>Enable ARP announce on this interface</help> + <valueless/> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-enable-arp-ignore.xml.i b/interface-definitions/include/interface-enable-arp-ignore.xml.i new file mode 100644 index 000000000..9adc0f17e --- /dev/null +++ b/interface-definitions/include/interface-enable-arp-ignore.xml.i @@ -0,0 +1,6 @@ +<leafNode name="enable-arp-ignore"> + <properties> + <help>Enable ARP ignore on this interface</help> + <valueless/> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-enable-proxy-arp.xml.i b/interface-definitions/include/interface-enable-proxy-arp.xml.i new file mode 100644 index 000000000..14ab08875 --- /dev/null +++ b/interface-definitions/include/interface-enable-proxy-arp.xml.i @@ -0,0 +1,6 @@ +<leafNode name="enable-proxy-arp"> + <properties> + <help>Enable proxy-arp on this interface</help> + <valueless/> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-hw-id.xml.i b/interface-definitions/include/interface-hw-id.xml.i new file mode 100644 index 000000000..318ddd1c4 --- /dev/null +++ b/interface-definitions/include/interface-hw-id.xml.i @@ -0,0 +1,12 @@ +<leafNode name="hw-id"> + <properties> + <help>Associate Ethernet Interface with given Media Access Control (MAC) address</help> + <valueHelp> + <format>h:h:h:h:h:h</format> + <description>Hardware Media Access Control (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-ipv4.xml.i b/interface-definitions/include/interface-ipv4.xml.i new file mode 100644 index 000000000..15932a9d3 --- /dev/null +++ b/interface-definitions/include/interface-ipv4.xml.i @@ -0,0 +1,11 @@ +<node name="ip"> + <properties> + <help>IPv4 routing parameters</help> + </properties> + <children> + #include <include/interface-disable-arp-filter.xml.i> + #include <include/interface-enable-arp-accept.xml.i> + #include <include/interface-enable-arp-announce.xml.i> + #include <include/interface-enable-arp-ignore.xml.i> + </children> +</node> diff --git a/interface-definitions/include/interface-ipv6.xml.i b/interface-definitions/include/interface-ipv6.xml.i new file mode 100644 index 000000000..23362f75a --- /dev/null +++ b/interface-definitions/include/interface-ipv6.xml.i @@ -0,0 +1,10 @@ +<node name="ipv6"> + <properties> + <help>IPv6 routing parameters</help> + </properties> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> +</node> diff --git a/interface-definitions/include/interface-mac.xml.i b/interface-definitions/include/interface-mac.xml.i new file mode 100644 index 000000000..7b2456236 --- /dev/null +++ b/interface-definitions/include/interface-mac.xml.i @@ -0,0 +1,12 @@ +<leafNode name="mac"> + <properties> + <help>Media Access Control (MAC) address</help> + <valueHelp> + <format>h:h:h:h:h:h</format> + <description>Hardware (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-mtu-1200-9000.xml.i b/interface-definitions/include/interface-mtu-1200-9000.xml.i new file mode 100644 index 000000000..de48db65e --- /dev/null +++ b/interface-definitions/include/interface-mtu-1200-9000.xml.i @@ -0,0 +1,14 @@ +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>1200-9000</format> + <description>Maximum Transmission Unit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1200-9000"/> + </constraint> + <constraintErrorMessage>MTU must be between 1200 and 9000</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> diff --git a/interface-definitions/include/interface-mtu-1450-9000.xml.i b/interface-definitions/include/interface-mtu-1450-9000.xml.i new file mode 100644 index 000000000..d15987394 --- /dev/null +++ b/interface-definitions/include/interface-mtu-1450-9000.xml.i @@ -0,0 +1,14 @@ +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>1450-9000</format> + <description>Maximum Transmission Unit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1450-9000"/> + </constraint> + <constraintErrorMessage>MTU must be between 1450 and 9000</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> diff --git a/interface-definitions/include/interface-mtu-64-8024.xml.i b/interface-definitions/include/interface-mtu-64-8024.xml.i new file mode 100644 index 000000000..e60867e35 --- /dev/null +++ b/interface-definitions/include/interface-mtu-64-8024.xml.i @@ -0,0 +1,14 @@ +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>64-8024</format> + <description>Maximum Transmission Unit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 64-8024"/> + </constraint> + <constraintErrorMessage>MTU must be between 64 and 8024</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> diff --git a/interface-definitions/include/interface-mtu-68-1500.xml.i b/interface-definitions/include/interface-mtu-68-1500.xml.i new file mode 100644 index 000000000..d47efd2c9 --- /dev/null +++ b/interface-definitions/include/interface-mtu-68-1500.xml.i @@ -0,0 +1,14 @@ +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>68-1500</format> + <description>Maximum Transmission Unit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 68-1500"/> + </constraint> + <constraintErrorMessage>MTU must be between 68 and 1500</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> diff --git a/interface-definitions/include/interface-mtu-68-9000.xml.i b/interface-definitions/include/interface-mtu-68-9000.xml.i new file mode 100644 index 000000000..8fae2043c --- /dev/null +++ b/interface-definitions/include/interface-mtu-68-9000.xml.i @@ -0,0 +1,14 @@ +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>68-9000</format> + <description>Maximum Transmission Unit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 68-9000"/> + </constraint> + <constraintErrorMessage>MTU must be between 68 and 9000</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> diff --git a/interface-definitions/include/interface-proxy-arp-pvlan.xml.i b/interface-definitions/include/interface-proxy-arp-pvlan.xml.i new file mode 100644 index 000000000..7e72b3800 --- /dev/null +++ b/interface-definitions/include/interface-proxy-arp-pvlan.xml.i @@ -0,0 +1,6 @@ +<leafNode name="proxy-arp-pvlan"> + <properties> + <help>Enable private VLAN proxy ARP on this interface</help> + <valueless/> + </properties> +</leafNode> diff --git a/interface-definitions/include/interface-vrf.xml.i b/interface-definitions/include/interface-vrf.xml.i new file mode 100644 index 000000000..355e7f0f3 --- /dev/null +++ b/interface-definitions/include/interface-vrf.xml.i @@ -0,0 +1,12 @@ +<leafNode name="vrf"> + <properties> + <help>VRF instance name</help> + <valueHelp> + <format>text</format> + <description>VRF instance name</description> + </valueHelp> + <completionHelp> + <path>vrf name</path> + </completionHelp> + </properties> +</leafNode> diff --git a/interface-definitions/include/ipv6-address.xml.i b/interface-definitions/include/ipv6-address.xml.i new file mode 100644 index 000000000..34f54e4c1 --- /dev/null +++ b/interface-definitions/include/ipv6-address.xml.i @@ -0,0 +1,29 @@ +<node name="address"> + <children> + <leafNode name="autoconf"> + <properties> + <help>Enable acquisition of IPv6 address using stateless autoconfig (SLAAC)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="eui64"> + <properties> + <help>Prefix for IPv6 address with MAC-based EUI-64</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 network and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="no-default-link-local"> + <properties> + <help>Remove the default link-local address from the interface</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> diff --git a/interface-definitions/include/ipv6-disable-forwarding.xml.i b/interface-definitions/include/ipv6-disable-forwarding.xml.i new file mode 100644 index 000000000..3f90c7e34 --- /dev/null +++ b/interface-definitions/include/ipv6-disable-forwarding.xml.i @@ -0,0 +1,6 @@ +<leafNode name="disable-forwarding"> + <properties> + <help>Disable IPv6 forwarding on this interface</help> + <valueless/> + </properties> +</leafNode> diff --git a/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i b/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i new file mode 100644 index 000000000..728187560 --- /dev/null +++ b/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i @@ -0,0 +1,16 @@ +<leafNode name="dup-addr-detect-transmits"> + <properties> + <help>Number of NS messages to send while performing DAD (default: 1)</help> + <valueHelp> + <format>1-n</format> + <description>Number of NS messages to send while performing DAD</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Disable Duplicate Address Dectection (DAD)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--non-negative"/> + </constraint> + </properties> +</leafNode> diff --git a/interface-definitions/include/isis-redistribute-ipv4.xml.i b/interface-definitions/include/isis-redistribute-ipv4.xml.i new file mode 100644 index 000000000..f90900da1 --- /dev/null +++ b/interface-definitions/include/isis-redistribute-ipv4.xml.i @@ -0,0 +1,82 @@ +<node name="level-1"> + <properties> + <help>Redistribute into level-1</help> + </properties> + <children> + <leafNode name="metric"> + <properties> + <help>Metric for redistributed routes</help> + <valueHelp> + <format><0-16777215></format> + <description>ISIS default metric</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777215"/> + </constraint> + </properties> + </leafNode> + <tagNode name="route-map"> + <properties> + <help>Route map reference</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + <children> + <leafNode name="metric"> + <properties> + <help>Metric for redistributed routes</help> + <valueHelp> + <format><0-16777215></format> + <description>ISIS default metric</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777215"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> +</node> +<node name="level-2"> + <properties> + <help>Redistribute into level-2</help> + </properties> + <children> + <leafNode name="metric"> + <properties> + <help>Metric for redistributed routes</help> + <valueHelp> + <format><0-16777215></format> + <description>ISIS default metric</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777215"/> + </constraint> + </properties> + </leafNode> + <tagNode name="route-map"> + <properties> + <help>Route map reference</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + <children> + <leafNode name="metric"> + <properties> + <help>Metric for redistributed routes</help> + <valueHelp> + <format><0-16777215></format> + <description>ISIS default metric</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777215"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> +</node> diff --git a/interface-definitions/include/nat-address.xml.i b/interface-definitions/include/nat-address.xml.i new file mode 100644 index 000000000..933dae07b --- /dev/null +++ b/interface-definitions/include/nat-address.xml.i @@ -0,0 +1,37 @@ +<leafNode name="address"> + <properties> + <help>IP address, subnet, or range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range to match</description> + </valueHelp> + <valueHelp> + <format>!ipv4</format> + <description>Match everything except the specified address</description> + </valueHelp> + <valueHelp> + <format>!ipv4net</format> + <description>Match everything except the specified prefix</description> + </valueHelp> + <valueHelp> + <format>!ipv4range</format> + <description>Match everything except the specified range</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + <validator name="ipv4-range"/> + <validator name="ipv4-address-exclude"/> + <validator name="ipv4-prefix-exclude"/> + <validator name="ipv4-range-exclude"/> + </constraint> + </properties> +</leafNode> diff --git a/interface-definitions/include/nat-interface.xml.i b/interface-definitions/include/nat-interface.xml.i new file mode 100644 index 000000000..c49483297 --- /dev/null +++ b/interface-definitions/include/nat-interface.xml.i @@ -0,0 +1,9 @@ +<leafNode name="outbound-interface"> + <properties> + <help>Outbound interface of NAT traffic</help> + <completionHelp> + <list>any</list> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> +</leafNode> diff --git a/interface-definitions/include/nat-port.xml.i b/interface-definitions/include/nat-port.xml.i new file mode 100644 index 000000000..24803ae05 --- /dev/null +++ b/interface-definitions/include/nat-port.xml.i @@ -0,0 +1,17 @@ +<leafNode name="port"> + <properties> + <help>Port number</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <valueHelp> + <format>start-end</format> + <description>Numbered port range (e.g., 1001-1005)</description> + </valueHelp> + <valueHelp> + <format> </format> + <description>\n\nMultiple destination ports can be specified as a comma-separated list.\nThe whole list can also be negated using '!'.\nFor example: '!22,telnet,http,123,1001-1005'</description> + </valueHelp> + </properties> +</leafNode> diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i new file mode 100644 index 000000000..a2d058479 --- /dev/null +++ b/interface-definitions/include/nat-rule.xml.i @@ -0,0 +1,303 @@ +<tagNode name="rule"> + <properties> + <help>Rule number for NAT</help> + <valueHelp> + <format>1-999999</format> + <description>Number for this NAT rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>NAT rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + <leafNode name="description"> + <properties> + <help>Rule description</help> + </properties> + </leafNode> + <node name="destination"> + <properties> + <help>NAT destination parameters</help> + </properties> + <children> + #include <include/nat-address.xml.i> + #include <include/nat-port.xml.i> + </children> + </node> + <leafNode name="disable"> + <properties> + <help>Disable NAT rule</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="exclude"> + <properties> + <help>Exclude packets matching this rule from NAT</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="log"> + <properties> + <help>NAT rule logging</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="protocol"> + <properties> + <help>Protocol to NAT</help> + <completionHelp> + <list>all ip hopopt icmp igmp ggp ipencap st tcp egp igp pup udp tcp_udp hmp xns-idp rdp iso-tp4 dccp xtp ddp idpr-cmtp ipv6 ipv6-route ipv6-frag idrp rsvp gre esp ah skip ipv6-icmp ipv6-nonxt ipv6-opts rspf vmtp eigrp ospf ax.25 ipip etherip encap 99 pim ipcomp vrrp l2tp isis sctp fc mobility-header udplite mpls-in-ip manet hip shim6 wesp rohc</list> + </completionHelp> + <valueHelp> + <format>all</format> + <description>All IP protocols</description> + </valueHelp> + <valueHelp> + <format>ip</format> + <description>Internet Protocol, pseudo protocol number</description> + </valueHelp> + <valueHelp> + <format>hopopt</format> + <description>IPv6 Hop-by-Hop Option [RFC1883]</description> + </valueHelp> + <valueHelp> + <format>icmp</format> + <description>internet control message protocol</description> + </valueHelp> + <valueHelp> + <format>igmp</format> + <description>Internet Group Management</description> + </valueHelp> + <valueHelp> + <format>ggp</format> + <description>gateway-gateway protocol</description> + </valueHelp> + <valueHelp> + <format>ipencap</format> + <description>IP encapsulated in IP (officially IP)</description> + </valueHelp> + <valueHelp> + <format>st</format> + <description>ST datagram mode</description> + </valueHelp> + <valueHelp> + <format>tcp</format> + <description>transmission control protocol</description> + </valueHelp> + <valueHelp> + <format>egp</format> + <description>exterior gateway protocol</description> + </valueHelp> + <valueHelp> + <format>igp</format> + <description>any private interior gateway (Cisco)</description> + </valueHelp> + <valueHelp> + <format>pup</format> + <description>PARC universal packet protocol</description> + </valueHelp> + <valueHelp> + <format>udp</format> + <description>user datagram protocol</description> + </valueHelp> + <valueHelp> + <format>tcp_udp</format> + <description>Both TCP and UDP</description> + </valueHelp> + <valueHelp> + <format>hmp</format> + <description>host monitoring protocol</description> + </valueHelp> + <valueHelp> + <format>xns-idp</format> + <description>Xerox NS IDP</description> + </valueHelp> + <valueHelp> + <format>rdp</format> + <description>"reliable datagram" protocol</description> + </valueHelp> + <valueHelp> + <format>iso-tp4</format> + <description>ISO Transport Protocol class 4 [RFC905]</description> + </valueHelp> + <valueHelp> + <format>dccp</format> + <description>Datagram Congestion Control Prot. [RFC4340]</description> + </valueHelp> + <valueHelp> + <format>xtp</format> + <description>Xpress Transfer Protocol</description> + </valueHelp> + <valueHelp> + <format>ddp</format> + <description>Datagram Delivery Protocol</description> + </valueHelp> + <valueHelp> + <format>idpr-cmtp</format> + <description>IDPR Control Message Transport</description> + </valueHelp> + <valueHelp> + <format>Ipv6</format> + <description>Internet Protocol, version 6</description> + </valueHelp> + <valueHelp> + <format>ipv6-route</format> + <description>Routing Header for IPv6</description> + </valueHelp> + <valueHelp> + <format>ipv6-frag</format> + <description>Fragment Header for IPv6</description> + </valueHelp> + <valueHelp> + <format>idrp</format> + <description>Inter-Domain Routing Protocol</description> + </valueHelp> + <valueHelp> + <format>rsvp</format> + <description>Reservation Protocol</description> + </valueHelp> + <valueHelp> + <format>gre</format> + <description>General Routing Encapsulation</description> + </valueHelp> + <valueHelp> + <format>esp</format> + <description>Encap Security Payload [RFC2406]</description> + </valueHelp> + <valueHelp> + <format>ah</format> + <description>Authentication Header [RFC2402]</description> + </valueHelp> + <valueHelp> + <format>skip</format> + <description>SKIP</description> + </valueHelp> + <valueHelp> + <format>ipv6-icmp</format> + <description>ICMP for IPv6</description> + </valueHelp> + <valueHelp> + <format>ipv6-nonxt</format> + <description>No Next Header for IPv6</description> + </valueHelp> + <valueHelp> + <format>ipv6-opts</format> + <description>Destination Options for IPv6</description> + </valueHelp> + <valueHelp> + <format>rspf</format> + <description>Radio Shortest Path First (officially CPHB)</description> + </valueHelp> + <valueHelp> + <format>vmtp</format> + <description>Versatile Message Transport</description> + </valueHelp> + <valueHelp> + <format>eigrp</format> + <description>Enhanced Interior Routing Protocol (Cisco)</description> + </valueHelp> + <valueHelp> + <format>ospf</format> + <description>Open Shortest Path First IGP</description> + </valueHelp> + <valueHelp> + <format>ax.25</format> + <description>AX.25 frames</description> + </valueHelp> + <valueHelp> + <format>ipip</format> + <description>IP-within-IP Encapsulation Protocol</description> + </valueHelp> + <valueHelp> + <format>etherip</format> + <description>Ethernet-within-IP Encapsulation [RFC3378]</description> + </valueHelp> + <valueHelp> + <format>encap</format> + <description>Yet Another IP encapsulation [RFC1241]</description> + </valueHelp> + <valueHelp> + <format>99</format> + <description>Any private encryption scheme</description> + </valueHelp> + <valueHelp> + <format>pim</format> + <description>Protocol Independent Multicast</description> + </valueHelp> + <valueHelp> + <format>ipcomp</format> + <description>IP Payload Compression Protocol</description> + </valueHelp> + <valueHelp> + <format>vrrp</format> + <description>Virtual Router Redundancy Protocol [RFC5798]</description> + </valueHelp> + <valueHelp> + <format>l2tp</format> + <description>Layer Two Tunneling Protocol [RFC2661]</description> + </valueHelp> + <valueHelp> + <format>isis</format> + <description>IS-IS over IPv4</description> + </valueHelp> + <valueHelp> + <format>sctp</format> + <description>Stream Control Transmission Protocol</description> + </valueHelp> + <valueHelp> + <format>fc</format> + <description>Fibre Channel</description> + </valueHelp> + <valueHelp> + <format>mobility-header</format> + <description>Mobility Support for IPv6 [RFC3775]</description> + </valueHelp> + <valueHelp> + <format>udplite</format> + <description>UDP-Lite [RFC3828]</description> + </valueHelp> + <valueHelp> + <format>mpls-in-ip</format> + <description>MPLS-in-IP [RFC4023]</description> + </valueHelp> + <valueHelp> + <format>manet</format> + <description>MANET Protocols [RFC5498]</description> + </valueHelp> + <valueHelp> + <format>hip</format> + <description>Host Identity Protocol</description> + </valueHelp> + <valueHelp> + <format>shim6</format> + <description>Shim6 Protocol</description> + </valueHelp> + <valueHelp> + <format>wesp</format> + <description>Wrapped Encapsulating Security Payload</description> + </valueHelp> + <valueHelp> + <format>rohc</format> + <description>Robust Header Compression</description> + </valueHelp> + <valueHelp> + <format>0-255</format> + <description>IP protocol number</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> + </leafNode> + <node name="source"> + <properties> + <help>NAT source parameters</help> + </properties> + <children> + #include <include/nat-address.xml.i> + #include <include/nat-port.xml.i> + </children> + </node> + </children> +</tagNode> diff --git a/interface-definitions/include/nat-translation-port.xml.i b/interface-definitions/include/nat-translation-port.xml.i new file mode 100644 index 000000000..93de471e3 --- /dev/null +++ b/interface-definitions/include/nat-translation-port.xml.i @@ -0,0 +1,13 @@ +<leafNode name="port"> + <properties> + <help>Port number</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <valueHelp> + <format><start>-<end></format> + <description>Numbered port range (e.g., 1001-1005)</description> + </valueHelp> + </properties> +</leafNode> diff --git a/interface-definitions/include/port-number.xml.i b/interface-definitions/include/port-number.xml.i new file mode 100644 index 000000000..29d2f55fd --- /dev/null +++ b/interface-definitions/include/port-number.xml.i @@ -0,0 +1,12 @@ +<leafNode name="port"> + <properties> + <help>Port number used to establish connection</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> diff --git a/interface-definitions/include/radius-server.xml.i b/interface-definitions/include/radius-server.xml.i new file mode 100644 index 000000000..047728233 --- /dev/null +++ b/interface-definitions/include/radius-server.xml.i @@ -0,0 +1,56 @@ +<node name="radius"> + <properties> + <help>RADIUS based user authentication</help> + </properties> + <children> + <leafNode name="source-address"> + <properties> + <help>RADIUS client source address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source-address of RADIUS queries</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <tagNode name="server"> + <properties> + <help>RADIUS server configuration</help> + <valueHelp> + <format>ipv4</format> + <description>RADIUS server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Temporary disable this server</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="key"> + <properties> + <help>Shared secret key</help> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Authentication port</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port (default: 1812)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> +</node> diff --git a/interface-definitions/include/rip-redistribute.xml.i b/interface-definitions/include/rip-redistribute.xml.i new file mode 100644 index 000000000..d94dfa5a8 --- /dev/null +++ b/interface-definitions/include/rip-redistribute.xml.i @@ -0,0 +1,24 @@ +<leafNode name="metric"> + <properties> + <help>Metric for redistributed routes</help> + <valueHelp> + <format><1-16></format> + <description>Redistribute route metric</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16"/> + </constraint> + </properties> +</leafNode> +<leafNode name="route-map"> + <properties> + <help>Route map reference</help> + <valueHelp> + <format><text></format> + <description>Route map reference</description> + </valueHelp> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> +</leafNode> diff --git a/interface-definitions/include/source-address-ipv4-ipv6.xml.i b/interface-definitions/include/source-address-ipv4-ipv6.xml.i new file mode 100644 index 000000000..6d2d77c95 --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-ipv6.xml.i @@ -0,0 +1,17 @@ +<leafNode name="source-address"> + <properties> + <help>IPv4/IPv6 source address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source-address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 source-address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> +</leafNode> diff --git a/interface-definitions/include/source-interface-ethernet.xml.i b/interface-definitions/include/source-interface-ethernet.xml.i new file mode 100644 index 000000000..ad90bc4ac --- /dev/null +++ b/interface-definitions/include/source-interface-ethernet.xml.i @@ -0,0 +1,12 @@ +<leafNode name="source-interface"> + <properties> + <help>Physical interface the traffic will go through</help> + <valueHelp> + <format>interface</format> + <description>Physical interface used for traffic forwarding</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py -t ethernet</script> + </completionHelp> + </properties> +</leafNode> diff --git a/interface-definitions/include/source-interface.xml.i b/interface-definitions/include/source-interface.xml.i new file mode 100644 index 000000000..ae579c2a6 --- /dev/null +++ b/interface-definitions/include/source-interface.xml.i @@ -0,0 +1,12 @@ +<leafNode name="source-interface"> + <properties> + <help>Physical interface used for connection</help> + <valueHelp> + <format>interface</format> + <description>Physical interface used for connection</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> +</leafNode> diff --git a/interface-definitions/include/vif-s.xml.i b/interface-definitions/include/vif-s.xml.i new file mode 100644 index 000000000..a6d7c81ce --- /dev/null +++ b/interface-definitions/include/vif-s.xml.i @@ -0,0 +1,67 @@ +<tagNode name="vif-s"> + <properties> + <help>QinQ TAG-S Virtual Local Area Network (VLAN) ID</help> + <constraint> + <validator name="numeric" argument="--range 0-4094"/> + </constraint> + <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> + </properties> + <children> + #include <include/address-ipv4-ipv6-dhcp.xml.i> + #include <include/interface-description.xml.i> + #include <include/dhcp-options.xml.i> + #include <include/dhcpv6-options.xml.i> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-disable.xml.i> + <leafNode name="ethertype"> + <properties> + <help>Set Ethertype</help> + <completionHelp> + <list>0x88A8 0x8100</list> + </completionHelp> + <valueHelp> + <format>0x88A8</format> + <description>802.1ad</description> + </valueHelp> + <valueHelp> + <format>0x8100</format> + <description>802.1q</description> + </valueHelp> + <constraint> + <regex>(0x88A8|0x8100)</regex> + </constraint> + <constraintErrorMessage>Ethertype must be 0x88A8 or 0x8100</constraintErrorMessage> + </properties> + </leafNode> + <node name="ip"> + <children> + #include <include/interface-disable-arp-filter.xml.i> + #include <include/interface-enable-arp-accept.xml.i> + #include <include/interface-enable-arp-announce.xml.i> + #include <include/interface-enable-arp-ignore.xml.i> + </children> + </node> + #include <include/interface-mac.xml.i> + #include <include/interface-mtu-68-9000.xml.i> + <tagNode name="vif-c"> + <properties> + <help>QinQ TAG-C Virtual Local Area Network (VLAN) ID</help> + <constraint> + <validator name="numeric" argument="--range 0-4094"/> + </constraint> + <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> + </properties> + <children> + #include <include/address-ipv4-ipv6-dhcp.xml.i> + #include <include/interface-description.xml.i> + #include <include/dhcp-options.xml.i> + #include <include/dhcpv6-options.xml.i> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-mac.xml.i> + #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-vrf.xml.i> + </children> + </tagNode> + </children> +</tagNode> diff --git a/interface-definitions/include/vif.xml.i b/interface-definitions/include/vif.xml.i new file mode 100644 index 000000000..5a4e52122 --- /dev/null +++ b/interface-definitions/include/vif.xml.i @@ -0,0 +1,65 @@ +<tagNode name="vif"> + <properties> + <help>Virtual Local Area Network (VLAN) ID</help> + <valueHelp> + <format>0-4094</format> + <description>Virtual Local Area Network (VLAN) ID</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4094"/> + </constraint> + <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> + </properties> + <children> + #include <include/address-ipv4-ipv6-dhcp.xml.i> + #include <include/interface-description.xml.i> + #include <include/dhcp-options.xml.i> + #include <include/dhcpv6-options.xml.i> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + <leafNode name="egress-qos"> + <properties> + <help>VLAN egress QoS</help> + <completionHelp> + <script>echo Format for qos mapping, e.g.: '0:1 1:6 7:6'</script> + </completionHelp> + <constraint> + <regex>[:0-7 ]+$</regex> + </constraint> + <constraintErrorMessage>QoS mapping should be in the format of '0:7 2:3' with numbers 0-9</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="ingress-qos"> + <properties> + <help>VLAN ingress QoS</help> + <completionHelp> + <script>echo Format for qos mapping '0:1 1:6 7:6'</script> + </completionHelp> + <constraint> + <regex>[:0-7 ]+$</regex> + </constraint> + <constraintErrorMessage>QoS mapping should be in the format of '0:7 2:3' with numbers 0-9</constraintErrorMessage> + </properties> + </leafNode> + <node name="ip"> + <children> + #include <include/interface-arp-cache-timeout.xml.i> + #include <include/interface-disable-arp-filter.xml.i> + #include <include/interface-enable-arp-accept.xml.i> + #include <include/interface-enable-arp-announce.xml.i> + #include <include/interface-enable-arp-ignore.xml.i> + #include <include/interface-enable-proxy-arp.xml.i> + </children> + </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + #include <include/interface-mac.xml.i> + #include <include/interface-mtu-68-9000.xml.i> + </children> +</tagNode> diff --git a/interface-definitions/intel_qat.xml.in b/interface-definitions/intel_qat.xml.in new file mode 100644 index 000000000..812484184 --- /dev/null +++ b/interface-definitions/intel_qat.xml.in @@ -0,0 +1,21 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="acceleration" owner="${vyos_conf_scripts_dir}/intel_qat.py"> + <properties> + <help>Acceleration components</help> + <priority>50</priority> + </properties> + <children> + <leafNode name="qat"> + <properties> + <help>Enable Intel QAT (Quick Assist Technology) for cryptographic acceleration</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in new file mode 100644 index 000000000..7d658f6a0 --- /dev/null +++ b/interface-definitions/interfaces-bonding.xml.in @@ -0,0 +1,174 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="bonding" owner="${vyos_conf_scripts_dir}/interfaces-bonding.py"> + <properties> + <help>Bonding Interface/Link Aggregation</help> + <priority>320</priority> + <constraint> + <regex>^bond[0-9]+$</regex> + </constraint> + <constraintErrorMessage>Bonding interface must be named bondN</constraintErrorMessage> + <valueHelp> + <format>bondN</format> + <description>Bonding interface name</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6-dhcp.xml.i> + <node name="arp-monitor"> + <properties> + <help>ARP link monitoring parameters</help> + </properties> + <children> + <leafNode name="interval"> + <properties> + <help>ARP link monitoring interval</help> + <valueHelp> + <format>0-4294967295</format> + <description>Specifies the ARP link monitoring frequency in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="target"> + <properties> + <help>IP address used for ARP monitoring</help> + <valueHelp> + <format>ipv4</format> + <description>Specify IPv4 address of ARP requests when interval is enabled</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + #include <include/interface-description.xml.i> + #include <include/dhcp-options.xml.i> + #include <include/dhcpv6-options.xml.i> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + <leafNode name="hash-policy"> + <properties> + <help>Bonding transmit hash policy</help> + <completionHelp> + <list>layer2 layer2+3 layer3+4</list> + </completionHelp> + <valueHelp> + <format>layer2</format> + <description>use MAC addresses to generate the hash (802.3ad, default)</description> + </valueHelp> + <valueHelp> + <format>layer2+3</format> + <description>combine MAC address and IP address to make hash</description> + </valueHelp> + <valueHelp> + <format>layer3+4</format> + <description>combine IP address and port to make hash</description> + </valueHelp> + <constraint> + <regex>(layer2\+3|layer3\+4|layer2)</regex> + </constraint> + <constraintErrorMessage>hash-policy must be layer2 layer2+3 or layer3+4</constraintErrorMessage> + </properties> + <defaultValue>layer2</defaultValue> + </leafNode> + <node name="ip"> + <children> + #include <include/interface-arp-cache-timeout.xml.i> + #include <include/interface-disable-arp-filter.xml.i> + #include <include/interface-enable-arp-accept.xml.i> + #include <include/interface-enable-arp-announce.xml.i> + #include <include/interface-enable-arp-ignore.xml.i> + #include <include/interface-enable-proxy-arp.xml.i> + #include <include/interface-proxy-arp-pvlan.xml.i> + </children> + </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + #include <include/interface-mac.xml.i> + <leafNode name="mode"> + <properties> + <help>Bonding mode</help> + <completionHelp> + <list>802.3ad active-backup broadcast round-robin transmit-load-balance adaptive-load-balance xor-hash</list> + </completionHelp> + <valueHelp> + <format>802.3ad</format> + <description>IEEE 802.3ad Dynamic link aggregation (Default)</description> + </valueHelp> + <valueHelp> + <format>active-backup</format> + <description>Fault tolerant: only one slave in the bond is active</description> + </valueHelp> + <valueHelp> + <format>broadcast</format> + <description>Fault tolerant: transmits everything on all slave interfaces</description> + </valueHelp> + <valueHelp> + <format>round-robin</format> + <description>Load balance: transmit packets in sequential order</description> + </valueHelp> + <valueHelp> + <format>transmit-load-balance</format> + <description>Load balance: adapts based on transmit load and speed</description> + </valueHelp> + <valueHelp> + <format>adaptive-load-balance</format> + <description>Load balance: adapts based on transmit and receive plus ARP</description> + </valueHelp> + <valueHelp> + <format>xor-hash</format> + <description>Distribute based on MAC address</description> + </valueHelp> + <constraint> + <regex>(802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash)</regex> + </constraint> + <constraintErrorMessage>mode must be 802.3ad, active-backup, broadcast, round-robin, transmit-load-balance, adaptive-load-balance, or xor</constraintErrorMessage> + </properties> + <defaultValue>802.3ad</defaultValue> + </leafNode> + <node name="member"> + <properties> + <help>Bridge member interfaces</help> + </properties> + <children> + <leafNode name="interface"> + <properties> + <help>Member interface name</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py --bondable</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + </children> + </node> + #include <include/interface-mtu-68-9000.xml.i> + <leafNode name="primary"> + <properties> + <help>Primary device interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py --bondable</script> + </completionHelp> + </properties> + </leafNode> + #include <include/vif-s.xml.i> + #include <include/vif.xml.i> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in new file mode 100644 index 000000000..92356d696 --- /dev/null +++ b/interface-definitions/interfaces-bridge.xml.in @@ -0,0 +1,184 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="bridge" owner="${vyos_conf_scripts_dir}/interfaces-bridge.py"> + <properties> + <help>Bridge Interface</help> + <priority>489</priority> + <constraint> + <regex>^br[0-9]+$</regex> + </constraint> + <constraintErrorMessage>Bridge interface must be named brN</constraintErrorMessage> + <valueHelp> + <format>brN</format> + <description>Bridge interface name</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6-dhcp.xml.i> + <leafNode name="aging"> + <properties> + <help>MAC address aging interval</help> + <valueHelp> + <format>0</format> + <description>Disable MAC address learning (always flood)</description> + </valueHelp> + <valueHelp> + <format>10-1000000</format> + <description>MAC address aging time in seconds (default: 300)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-0 --range 10-1000000"/> + </constraint> + </properties> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/interface-description.xml.i> + #include <include/dhcp-options.xml.i> + #include <include/dhcpv6-options.xml.i> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + <leafNode name="forwarding-delay"> + <properties> + <help>Forwarding delay</help> + <valueHelp> + <format>0-200</format> + <description>Spanning Tree Protocol forwarding delay in seconds (default 15)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-200"/> + </constraint> + <constraintErrorMessage>Forwarding delay must be between 0 and 200 seconds</constraintErrorMessage> + </properties> + <defaultValue>14</defaultValue> + </leafNode> + <leafNode name="hello-time"> + <properties> + <help>Hello packet advertisment interval</help> + <valueHelp> + <format>1-10</format> + <description>Spanning Tree Protocol hello advertisement interval in seconds (default 2)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10"/> + </constraint> + <constraintErrorMessage>Bridge Hello interval must be between 1 and 10 seconds</constraintErrorMessage> + </properties> + <defaultValue>2</defaultValue> + </leafNode> + <node name="igmp"> + <properties> + <help>Internet Group Management Protocol (IGMP) settings</help> + </properties> + <children> + <leafNode name="querier"> + <properties> + <help>Enable IGMP querier</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="ip"> + <children> + #include <include/interface-arp-cache-timeout.xml.i> + #include <include/interface-enable-arp-accept.xml.i> + #include <include/interface-enable-arp-announce.xml.i> + #include <include/interface-enable-arp-ignore.xml.i> + #include <include/interface-disable-arp-filter.xml.i> + </children> + </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + #include <include/interface-mac.xml.i> + <leafNode name="max-age"> + <properties> + <help>Interval at which neighbor bridges are removed</help> + <valueHelp> + <format>1-40</format> + <description>Bridge maximum aging time in seconds (default 20)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-40"/> + </constraint> + <constraintErrorMessage>Bridge max aging value must be between 1 and 40 seconds</constraintErrorMessage> + </properties> + <defaultValue>20</defaultValue> + </leafNode> + <node name="member"> + <properties> + <help>Bridge member interfaces</help> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>Member interface name</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py --bridgeable</script> + </completionHelp> + </properties> + <children> + <leafNode name="cost"> + <properties> + <help>Bridge port cost</help> + <valueHelp> + <format>1-65535</format> + <description>Path cost value for Spanning Tree Protocol</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + <constraintErrorMessage>Path cost value must be between 1 and 65535</constraintErrorMessage> + </properties> + <defaultValue>100</defaultValue> + </leafNode> + <leafNode name="priority"> + <properties> + <help>Bridge port priority</help> + <valueHelp> + <format>0-63</format> + <description>Bridge port priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-63"/> + </constraint> + <constraintErrorMessage>Port priority value must be between 0 and 63</constraintErrorMessage> + </properties> + <defaultValue>32</defaultValue> + </leafNode> + </children> + </tagNode> + </children> + </node> + <leafNode name="priority"> + <properties> + <help>Priority for this bridge</help> + <valueHelp> + <format>0-65535</format> + <description>Bridge priority (default 32768)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + <constraintErrorMessage>Bridge priority must be between 0 and 65535 (multiples of 4096)</constraintErrorMessage> + </properties> + <defaultValue>32768</defaultValue> + </leafNode> + <leafNode name="stp"> + <properties> + <help>Enable spanning tree protocol</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in new file mode 100644 index 000000000..135adfc10 --- /dev/null +++ b/interface-definitions/interfaces-dummy.xml.in @@ -0,0 +1,27 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="dummy" owner="${vyos_conf_scripts_dir}/interfaces-dummy.py"> + <properties> + <help>Dummy Interface</help> + <priority>300</priority> + <constraint> + <regex>^dum[0-9]+$</regex> + </constraint> + <constraintErrorMessage>Dummy interface must be named dumN</constraintErrorMessage> + <valueHelp> + <format>dumN</format> + <description>Dummy interface name</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6.xml.i> + #include <include/interface-description.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in new file mode 100644 index 000000000..e8f3f09f1 --- /dev/null +++ b/interface-definitions/interfaces-ethernet.xml.in @@ -0,0 +1,277 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="ethernet" owner="${vyos_conf_scripts_dir}/interfaces-ethernet.py"> + <properties> + <help>Ethernet Interface</help> + <priority>318</priority> + <constraint> + <regex>^((eth|lan)[0-9]+|(eno|ens|enp|enx).+)$</regex> + </constraint> + <constraintErrorMessage>Invalid Ethernet interface name</constraintErrorMessage> + <valueHelp> + <format>ethN</format> + <description>Ethernet interface name</description> + </valueHelp> + <valueHelp> + <format>en[ospx]N</format> + <description>Ethernet interface name</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6-dhcp.xml.i> + #include <include/interface-description.xml.i> + #include <include/dhcp-options.xml.i> + #include <include/dhcpv6-options.xml.i> + <leafNode name="disable-flow-control"> + <properties> + <help>Disable Ethernet flow control (pause frames)</help> + <valueless/> + </properties> + </leafNode> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + <leafNode name="duplex"> + <properties> + <help>Duplex mode</help> + <completionHelp> + <list>auto half full</list> + </completionHelp> + <valueHelp> + <format>auto</format> + <description>Auto negotiation (default)</description> + </valueHelp> + <valueHelp> + <format>half</format> + <description>Half duplex</description> + </valueHelp> + <valueHelp> + <format>full</format> + <description>Full duplex</description> + </valueHelp> + <constraint> + <regex>(auto|half|full)</regex> + </constraint> + <constraintErrorMessage>duplex must be auto, half or full</constraintErrorMessage> + </properties> + <defaultValue>auto</defaultValue> + </leafNode> + #include <include/interface-hw-id.xml.i> + <node name="ip"> + <children> + #include <include/interface-arp-cache-timeout.xml.i> + #include <include/interface-disable-arp-filter.xml.i> + #include <include/interface-enable-arp-accept.xml.i> + #include <include/interface-enable-arp-announce.xml.i> + #include <include/interface-enable-arp-ignore.xml.i> + #include <include/interface-enable-proxy-arp.xml.i> + #include <include/interface-proxy-arp-pvlan.xml.i> + </children> + </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + #include <include/interface-mac.xml.i> + #include <include/interface-mtu-68-9000.xml.i> + <node name="offload-options"> + <properties> + <help>Configurable offload options</help> + </properties> + <children> + <leafNode name="generic-receive"> + <properties> + <help>Configure GRO (generic receive offload)</help> + <completionHelp> + <list>on off</list> + </completionHelp> + <valueHelp> + <format>on</format> + <description>Enable GRO (generic receive offload)</description> + </valueHelp> + <valueHelp> + <format>off</format> + <description>Disable GRO (generic receive offload)</description> + </valueHelp> + <constraint> + <regex>(on|off)</regex> + </constraint> + <constraintErrorMessage>Must be either 'on' or 'off'</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="generic-segmentation"> + <properties> + <help>Configure GSO (generic segmentation offload)</help> + <completionHelp> + <list>on off</list> + </completionHelp> + <valueHelp> + <format>on</format> + <description>Enable GSO (generic segmentation offload)</description> + </valueHelp> + <valueHelp> + <format>off</format> + <description>Disable GSO (generic segmentation offload)</description> + </valueHelp> + <constraint> + <regex>(on|off)</regex> + </constraint> + <constraintErrorMessage>Must be either 'on' or 'off'</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="scatter-gather"> + <properties> + <help>Configure scatter-gather option</help> + <completionHelp> + <list>on off</list> + </completionHelp> + <valueHelp> + <format>on</format> + <description>Enable scatter-gather</description> + </valueHelp> + <valueHelp> + <format>off</format> + <description>Disable scatter-gather</description> + </valueHelp> + <constraint> + <regex>(on|off)</regex> + </constraint> + <constraintErrorMessage>Must be either 'on' or 'off'</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="tcp-segmentation"> + <properties> + <help>Configure TSO (TCP segmentation offloading)</help> + <completionHelp> + <list>on off</list> + </completionHelp> + <valueHelp> + <format>on</format> + <description>Enable TSO (TCP segmentation offloading)</description> + </valueHelp> + <valueHelp> + <format>off</format> + <description>Disable TSO (TCP segmentation offloading)</description> + </valueHelp> + <constraint> + <regex>(on|off)</regex> + </constraint> + <constraintErrorMessage>Must be either 'on' or 'off'</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="udp-fragmentation"> + <properties> + <help>Configure UDP fragmentation offloading</help> + <completionHelp> + <list>on off</list> + </completionHelp> + <valueHelp> + <format>on</format> + <description>Enable UDP fragmentation offloading</description> + </valueHelp> + <valueHelp> + <format>off</format> + <description>Disable UDP fragmentation offloading</description> + </valueHelp> + <constraint> + <regex>(on|off)</regex> + </constraint> + <constraintErrorMessage>Must be either 'on' or 'off'</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <leafNode name="smp-affinity"> + <properties> + <help>CPU interrupt affinity mask</help> + <completionHelp> + <list>auto 10 100 1000 2500 5000 10000</list> + </completionHelp> + <valueHelp> + <format>auto</format> + <description>Auto negotiation (default)</description> + </valueHelp> + <valueHelp> + <format>hex</format> + <description>Bitmask representing CPUs that this NIC will interrupt</description> + </valueHelp> + <valueHelp> + <format>hex,hex</format> + <description>Bitmasks representing CPUs for interrupt and receive processing</description> + </valueHelp> + <constraint> + <regex>(auto)</regex> + <regex>[0-9a-f]+(|,[0-9a-f]+)$</regex> + </constraint> + <constraintErrorMessage>IRQ affinity mask must be hex value or auto</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="speed"> + <properties> + <help>Link speed</help> + <completionHelp> + <list>auto 10 100 1000 2500 5000 10000 25000 40000 50000 100000</list> + </completionHelp> + <valueHelp> + <format>auto</format> + <description>Auto negotiation (default)</description> + </valueHelp> + <valueHelp> + <format>10</format> + <description>10 Mbit/sec</description> + </valueHelp> + <valueHelp> + <format>100</format> + <description>100 Mbit/sec</description> + </valueHelp> + <valueHelp> + <format>1000</format> + <description>1 Gbit/sec</description> + </valueHelp> + <valueHelp> + <format>2500</format> + <description>2.5 Gbit/sec</description> + </valueHelp> + <valueHelp> + <format>5000</format> + <description>5 Gbit/sec</description> + </valueHelp> + <valueHelp> + <format>10000</format> + <description>10 Gbit/sec</description> + </valueHelp> + <valueHelp> + <format>25000</format> + <description>25 Gbit/sec</description> + </valueHelp> + <valueHelp> + <format>40000</format> + <description>40 Gbit/sec</description> + </valueHelp> + <valueHelp> + <format>50000</format> + <description>50 Gbit/sec</description> + </valueHelp> + <valueHelp> + <format>100000</format> + <description>100 Gbit/sec</description> + </valueHelp> + <constraint> + <regex>(auto|10|100|1000|2500|5000|10000|25000|40000|50000|100000)</regex> + </constraint> + <constraintErrorMessage>Speed must be auto, 10, 100, 1000, 2500, 5000, 10000, 25000, 40000, 50000 or 100000</constraintErrorMessage> + </properties> + <defaultValue>auto</defaultValue> + </leafNode> + #include <include/vif-s.xml.i> + #include <include/vif.xml.i> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in new file mode 100644 index 000000000..31a3ebb7a --- /dev/null +++ b/interface-definitions/interfaces-geneve.xml.in @@ -0,0 +1,60 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="geneve" owner="${vyos_conf_scripts_dir}/interfaces-geneve.py"> + <properties> + <help>Generic Network Virtualization Encapsulation (GENEVE) Interface</help> + <priority>460</priority> + <constraint> + <regex>^gnv[0-9]+$</regex> + </constraint> + <constraintErrorMessage>GENEVE interface must be named gnvN</constraintErrorMessage> + <valueHelp> + <format>gnvN</format> + <description>GENEVE interface name</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6.xml.i> + #include <include/interface-description.xml.i> + #include <include/interface-disable.xml.i> + <node name="ip"> + <properties> + <help>IPv4 routing parameters</help> + </properties> + <children> + #include <include/interface-arp-cache-timeout.xml.i> + #include <include/interface-enable-proxy-arp.xml.i> + </children> + </node> + #include <include/interface-mtu-1450-9000.xml.i> + <leafNode name="remote"> + <properties> + <help>Remote address of GENEVE tunnel</help> + <valueHelp> + <format>ipv4</format> + <description>Remote address of GENEVE tunnel</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="vni"> + <properties> + <help>Virtual Network Identifier</help> + <valueHelp> + <format>0-16777214</format> + <description>GENEVE virtual network identifier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777214"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in new file mode 100644 index 000000000..3a878ad76 --- /dev/null +++ b/interface-definitions/interfaces-l2tpv3.xml.in @@ -0,0 +1,161 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="l2tpv3" owner="${vyos_conf_scripts_dir}/interfaces-l2tpv3.py"> + <properties> + <help>Layer 2 Tunnel Protocol Version 3 (L2TPv3) Interface</help> + <priority>485</priority> + <constraint> + <regex>^l2tpeth[0-9]+$</regex> + </constraint> + <constraintErrorMessage>L2TPv3 interface must be named l2tpethN</constraintErrorMessage> + <valueHelp> + <format>l2tpethN</format> + <description>L2TPv3 interface name</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6.xml.i> + #include <include/interface-description.xml.i> + <leafNode name="destination-port"> + <properties> + <help>UDP destination port for L2TPv3 tunnel (default: 5000)</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>5000</defaultValue> + </leafNode> + #include <include/interface-disable.xml.i> + <leafNode name="encapsulation"> + <properties> + <help>Encapsulation type (default: UDP)</help> + <completionHelp> + <list>udp ip</list> + </completionHelp> + <valueHelp> + <format>udp</format> + <description>UDP encapsulation</description> + </valueHelp> + <valueHelp> + <format>ip</format> + <description>IP encapsulation</description> + </valueHelp> + <constraint> + <regex>(udp|ip)</regex> + </constraint> + <constraintErrorMessage>Encapsulation must be UDP or IP</constraintErrorMessage> + </properties> + <defaultValue>udp</defaultValue> + </leafNode> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + <leafNode name="local-ip"> + <properties> + <help>Local IP address for L2TPv3 tunnel</help> + <valueHelp> + <format>ipv4</format> + <description>Local IPv4 address of tunnel</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Local IPv6 address of tunnel</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + #include <include/interface-mtu-68-9000.xml.i> + <leafNode name="peer-session-id"> + <properties> + <help>Peer session identifier</help> + <valueHelp> + <format>1-429496729</format> + <description>L2TPv3 peer session identifier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-429496729"/> + </constraint> + </properties> + </leafNode> + <leafNode name="peer-tunnel-id"> + <properties> + <help>Peer tunnel identifier</help> + <valueHelp> + <format>1-429496729</format> + <description>L2TPv3 peer tunnel identifier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-429496729"/> + </constraint> + </properties> + </leafNode> + <leafNode name="remote-ip"> + <properties> + <help>Remote IP address for L2TPv3 tunnel</help> + <valueHelp> + <format>ipv4</format> + <description>Remote IPv4 address of tunnel</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Remote IPv6 address of tunnel</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="session-id"> + <properties> + <help>Session identifier</help> + <valueHelp> + <format>1-429496729</format> + <description>L2TPv3 session identifier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-429496729"/> + </constraint> + </properties> + </leafNode> + <leafNode name="source-port"> + <properties> + <help>UDP source port for L2TPv3 tunnel (default: 5000)</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>5000</defaultValue> + </leafNode> + <leafNode name="tunnel-id"> + <properties> + <help>Local tunnel identifier</help> + <valueHelp> + <format>1-429496729</format> + <description>L2TPv3 local tunnel identifier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-429496729"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces-loopback.xml.in new file mode 100644 index 000000000..97d5bab90 --- /dev/null +++ b/interface-definitions/interfaces-loopback.xml.in @@ -0,0 +1,25 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="loopback" owner="${vyos_conf_scripts_dir}/interfaces-loopback.py"> + <properties> + <help>Loopback Interface</help> + <priority>300</priority> + <constraint> + <regex>^lo$</regex> + </constraint> + <constraintErrorMessage>Loopback interface must be named lo</constraintErrorMessage> + <valueHelp> + <format>lo</format> + <description>Loopback interface</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6.xml.i> + #include <include/interface-description.xml.i> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in new file mode 100644 index 000000000..dfef387d2 --- /dev/null +++ b/interface-definitions/interfaces-macsec.xml.in @@ -0,0 +1,116 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="macsec" owner="${vyos_conf_scripts_dir}/interfaces-macsec.py"> + <properties> + <help>MACsec Interface (802.1ae)</help> + <priority>319</priority> + <constraint> + <regex>^macsec[0-9]+$</regex> + </constraint> + <constraintErrorMessage>MACsec interface must be named macsecN</constraintErrorMessage> + <valueHelp> + <format>macsecN</format> + <description>MACsec interface name</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6.xml.i> + <node name="security"> + <properties> + <help>Security/Encryption Settings</help> + </properties> + <children> + <leafNode name="cipher"> + <properties> + <help>Cipher suite used</help> + <completionHelp> + <list>gcm-aes-128</list> + </completionHelp> + <valueHelp> + <format>gcm-aes-128</format> + <description>Galois/Counter Mode of AES cipher with 128-bit key (default)</description> + </valueHelp> + <constraint> + <regex>(gcm-aes-128)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="encrypt"> + <properties> + <help>Enable optional MACsec encryption</help> + <valueless/> + </properties> + </leafNode> + <node name="mka"> + <properties> + <help>MACsec Key Agreement protocol (MKA)</help> + </properties> + <children> + <leafNode name="cak"> + <properties> + <help>Secure Connectivity Association Key</help> + <valueHelp> + <format>key</format> + <description>16-byte (128-bit) hex-string (32 hex-digits)</description> + </valueHelp> + <constraint> + <regex>^[A-Fa-f0-9]{32}$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="ckn"> + <properties> + <help>Secure Connectivity Association Key Name</help> + <valueHelp> + <format>key</format> + <description>32-byte (256-bit) hex-string (64 hex-digits)</description> + </valueHelp> + <constraint> + <regex>^[A-Fa-f0-9]{64}$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="priority"> + <properties> + <help>Priority of MACsec Key Agreement protocol (MKA) actor (default: 255)</help> + <valueHelp> + <format>0-255</format> + <description>MACsec Key Agreement protocol (MKA) priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255" /> + </constraint> + </properties> + <defaultValue>255</defaultValue> + </leafNode> + </children> + </node> + <leafNode name="replay-window"> + <properties> + <help>IEEE 802.1X/MACsec replay protection window</help> + <valueHelp> + <format>0</format> + <description>No replay window, strict check</description> + </valueHelp> + <valueHelp> + <format>1-4294967295</format> + <description>Number of packets that could be misordered</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295" /> + </constraint> + </properties> + </leafNode> + </children> + </node> + #include <include/interface-description.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + #include <include/source-interface-ethernet.xml.i> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in new file mode 100644 index 000000000..905c76507 --- /dev/null +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -0,0 +1,808 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="openvpn" owner="${vyos_conf_scripts_dir}/interfaces-openvpn.py"> + <properties> + <help>OpenVPN Tunnel Interface</help> + <priority>460</priority> + <constraint> + <regex>^vtun[0-9]+$</regex> + </constraint> + <constraintErrorMessage>OpenVPN tunnel interface must be named vtunN</constraintErrorMessage> + <valueHelp> + <format>vtunN</format> + <description>OpenVPN interface name</description> + </valueHelp> + </properties> + <children> + <node name="authentication"> + <properties> + <help>Authentication options</help> + </properties> + <children> + <leafNode name="password"> + <properties> + <help>OpenVPN password used for authentication</help> + </properties> + </leafNode> + <leafNode name="username"> + <properties> + <help>OpenVPN username used for authentication</help> + </properties> + </leafNode> + </children> + </node> + #include <include/interface-description.xml.i> + <leafNode name="device-type"> + <properties> + <help>OpenVPN interface device-type</help> + <completionHelp> + <list>tun tap</list> + </completionHelp> + <valueHelp> + <format>tun</format> + <description>TUN device, required for OSI layer 3</description> + </valueHelp> + <valueHelp> + <format>tap</format> + <description>TAP device, required for OSI layer 2</description> + </valueHelp> + <constraint> + <regex>(tun|tap)</regex> + </constraint> + </properties> + </leafNode> + #include <include/interface-disable.xml.i> + <node name="encryption"> + <properties> + <help>Data Encryption settings</help> + </properties> + <children> + <leafNode name="cipher"> + <properties> + <help>Standard Data Encryption Algorithm</help> + <completionHelp> + <list>des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> + </completionHelp> + <valueHelp> + <format>des</format> + <description>DES algorithm</description> + </valueHelp> + <valueHelp> + <format>3des</format> + <description>DES algorithm with triple encryption</description> + </valueHelp> + <valueHelp> + <format>bf128</format> + <description>Blowfish algorithm with 128-bit key</description> + </valueHelp> + <valueHelp> + <format>bf256</format> + <description>Blowfish algorithm with 256-bit key</description> + </valueHelp> + <valueHelp> + <format>aes128</format> + <description>AES algorithm with 128-bit key CBC</description> + </valueHelp> + <valueHelp> + <format>aes128gcm</format> + <description>AES algorithm with 128-bit key GCM</description> + </valueHelp> + <valueHelp> + <format>aes192</format> + <description>AES algorithm with 192-bit key CBC</description> + </valueHelp> + <valueHelp> + <format>aes192gcm</format> + <description>AES algorithm with 192-bit key GCM</description> + </valueHelp> + <valueHelp> + <format>aes256</format> + <description>AES algorithm with 256-bit key CBC</description> + </valueHelp> + <valueHelp> + <format>aes256gcm</format> + <description>AES algorithm with 256-bit key GCM</description> + </valueHelp> + <constraint> + <regex>(des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="ncp-ciphers"> + <properties> + <help>Cipher negotiation list for use in server or client mode</help> + <completionHelp> + <list>des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> + </completionHelp> + <valueHelp> + <format>des</format> + <description>DES algorithm</description> + </valueHelp> + <valueHelp> + <format>3des</format> + <description>DES algorithm with triple encryption</description> + </valueHelp> + <valueHelp> + <format>aes128</format> + <description>AES algorithm with 128-bit key CBC</description> + </valueHelp> + <valueHelp> + <format>aes128gcm</format> + <description>AES algorithm with 128-bit key GCM</description> + </valueHelp> + <valueHelp> + <format>aes192</format> + <description>AES algorithm with 192-bit key CBC</description> + </valueHelp> + <valueHelp> + <format>aes192gcm</format> + <description>AES algorithm with 192-bit key GCM</description> + </valueHelp> + <valueHelp> + <format>aes256</format> + <description>AES algorithm with 256-bit key CBC</description> + </valueHelp> + <valueHelp> + <format>aes256gcm</format> + <description>AES algorithm with 256-bit key GCM</description> + </valueHelp> + <constraint> + <regex>(des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="disable-ncp"> + <properties> + <help>Disable support for ncp-ciphers</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + <leafNode name="hash"> + <properties> + <help>Hashing Algorithm</help> + <completionHelp> + <list>md5 sha1 sha256 sha384 sha512</list> + </completionHelp> + <valueHelp> + <format>md5</format> + <description>MD5 algorithm</description> + </valueHelp> + <valueHelp> + <format>sha1</format> + <description>SHA-1 algorithm</description> + </valueHelp> + <valueHelp> + <format>sha256</format> + <description>SHA-256 algorithm</description> + </valueHelp> + <valueHelp> + <format>sha384</format> + <description>SHA-384 algorithm</description> + </valueHelp> + <valueHelp> + <format>sha512</format> + <description>SHA-512 algorithm</description> + </valueHelp> + <constraint> + <regex>(md5|sha1|sha256|sha384|sha512)</regex> + </constraint> + </properties> + </leafNode> + <node name="keep-alive"> + <properties> + <help>Keepalive helper options</help> + </properties> + <children> + <leafNode name="failure-count"> + <properties> + <help>Maximum number of keepalive packet failures [default 6]</help> + <valueHelp> + <format>0-1000</format> + <description>Maximum number of keepalive packet failures</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-1000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="interval"> + <properties> + <help>Keepalive packet interval (seconds) [default 10]</help> + <valueHelp> + <format>0-600</format> + <description>Keepalive packet interval (seconds)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <tagNode name="local-address"> + <properties> + <help>Local IP address of tunnel (IPv4 or IPv6)</help> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + <children> + <leafNode name="subnet-mask"> + <properties> + <help>Subnet-mask for local IP address of tunnel (IPv4 only)</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="local-host"> + <properties> + <help>Local IP address to accept connections (all if not set)</help> + <valueHelp> + <format>ipv4</format> + <description>Local IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Local IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="local-port"> + <properties> + <help>Local port number to accept connections</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mode"> + <properties> + <help>OpenVPN mode of operation</help> + <completionHelp> + <list>site-to-site client server</list> + </completionHelp> + <valueHelp> + <format>site-to-site</format> + <description>Site-to-site mode</description> + </valueHelp> + <valueHelp> + <format>client</format> + <description>Client in client-server mode</description> + </valueHelp> + <valueHelp> + <format>server</format> + <description>Server in client-server mode</description> + </valueHelp> + <constraint> + <regex>(site-to-site|client|server)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="openvpn-option"> + <properties> + <help>Additional OpenVPN options. You must + use the syntax of openvpn.conf in this text-field. Using this + without proper knowledge may result in a crashed OpenVPN server. + Check system log to look for errors.</help> + <multi/> + </properties> + </leafNode> + <leafNode name="persistent-tunnel"> + <properties> + <help>Do not close and reopen interface (TUN/TAP device) on client restarts</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="protocol"> + <properties> + <help>OpenVPN communication protocol</help> + <completionHelp> + <list>udp tcp-passive tcp-active</list> + </completionHelp> + <valueHelp> + <format>udp</format> + <description>UDP</description> + </valueHelp> + <valueHelp> + <format>tcp-passive</format> + <description>TCP and accepts connections passively</description> + </valueHelp> + <valueHelp> + <format>tcp-active</format> + <description>TCP and initiates connections actively</description> + </valueHelp> + <constraint> + <regex>(udp|tcp-passive|tcp-active)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="remote-address"> + <properties> + <help>IP address of remote end of tunnel</help> + <valueHelp> + <format>ipv4</format> + <description>Remote end IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Remote end IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="remote-host"> + <properties> + <help>Remote host to connect to (dynamic if not set)</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of remote host</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of remote host</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>Hostname of remote host</description> + </valueHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="remote-port"> + <properties> + <help>Remote port number to connect to</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <node name="replace-default-route"> + <properties> + <help>OpenVPN tunnel to be used as the default route</help> + </properties> + <children> + <leafNode name="local"> + <properties> + <help>Tunnel endpoints are on the same subnet</help> + </properties> + </leafNode> + </children> + </node> + <node name="server"> + <properties> + <help>Server-mode options</help> + </properties> + <children> + <tagNode name="client"> + <properties> + <help>Client-specific settings</help> + <valueHelp> + <format>name</format> + <description>Client common-name in the certificate</description> + </valueHelp> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable client connection</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ip"> + <properties> + <help>IP address of the client</help> + <valueHelp> + <format>ipv4</format> + <description>Client IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Client IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="push-route"> + <properties> + <help>Route to be pushed to the client</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 network and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 network and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="subnet"> + <properties> + <help>Subnet belonging to the client (iroute)</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 network and prefix length belonging to the client</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 network and prefix length belonging to the client</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <node name="client-ip-pool"> + <properties> + <help>Pool of client IPv4 addresses</help> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Disable client IP pool</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="start"> + <properties> + <help>First IP address in the pool</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Last IP address in the pool</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="subnet-mask"> + <properties> + <help>Subnet mask pushed to dynamic clients. + If not set the server subnet mask will be used. + Only used with topology subnet or device type tap. + Not used with bridged interfaces.</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <valueHelp> + <format>ipv4</format> + <description>IPv4 subnet mask</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + <node name="client-ipv6-pool"> + <properties> + <help>Pool of client IPv6 addresses</help> + </properties> + <children> + <leafNode name="base"> + <properties> + <help>Client IPv6 pool base address with optional prefix length</help> + <valueHelp> + <format>ipv6net</format> + <description>Client IPv6 pool base address with optional prefix length (defaults: base = server subnet + 0x1000, prefix length = server prefix length)</description> + </valueHelp> + <constraint> + <validator name="ipv6"/> + </constraint> + </properties> + </leafNode> + <leafNode name="disable"> + <properties> + <help>Disable client IPv6 pool</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="domain-name"> + <properties> + <help>DNS suffix to be pushed to all clients</help> + <valueHelp> + <format>txt</format> + <description>Domain Name Server suffix</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="max-connections"> + <properties> + <help>Number of maximum client connections</help> + <valueHelp> + <format>1-4096</format> + <description>Number of concurrent clients</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4096"/> + </constraint> + </properties> + </leafNode> + <leafNode name="name-server"> + <properties> + <help>Domain Name Server (DNS)</help> + <valueHelp> + <format>ipv4</format> + <description>DNS server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>DNS server IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="push-route"> + <properties> + <help>Route to be pushed to all clients</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 network and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 network and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="reject-unconfigured-clients"> + <properties> + <help>Reject connections from clients that are not explicitly configured</help> + </properties> + </leafNode> + <leafNode name="subnet"> + <properties> + <help>Server-mode subnet (from which client IPs are allocated)</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 network and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 network and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="topology"> + <properties> + <help>Topology for clients</help> + <completionHelp> + <list>net30 point-to-point subnet</list> + </completionHelp> + <valueHelp> + <format>net30</format> + <description>net30 topology (default)</description> + </valueHelp> + <valueHelp> + <format>point-to-point</format> + <description>Point-to-point topology</description> + </valueHelp> + <valueHelp> + <format>subnet</format> + <description>Subnet topology</description> + </valueHelp> + <constraint> + <regex>(subnet|point-to-point|net30)</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="shared-secret-key-file"> + <properties> + <help>File containing the secret key shared with remote end of tunnel</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + <node name="tls"> + <properties> + <help>Transport Layer Security (TLS) options</help> + </properties> + <children> + <leafNode name="auth-file"> + <properties> + <help>File containing tls static key for tls-auth</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ca-cert-file"> + <properties> + <help>File containing certificate for Certificate Authority (CA)</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + <leafNode name="cert-file"> + <properties> + <help>File containing certificate for this host</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + <leafNode name="crl-file"> + <properties> + <help>File containing certificate revocation list (CRL) for this host</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + <leafNode name="dh-file"> + <properties> + <help>File containing Diffie Hellman parameters (server only)</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + <leafNode name="key-file"> + <properties> + <help>Private key for this host</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + <leafNode name="crypt-file"> + <properties> + <help>File containing encryption key to authenticate control channel</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + <leafNode name="tls-version-min"> + <properties> + <help>Specify the minimum required TLS version</help> + <completionHelp> + <list>1.0 1.1 1.2</list> + </completionHelp> + <valueHelp> + <format>1.0</format> + <description>TLS v1.0</description> + </valueHelp> + <valueHelp> + <format>1.1</format> + <description>TLS v1.1</description> + </valueHelp> + <valueHelp> + <format>1.2</format> + <description>TLS v1.2</description> + </valueHelp> + <constraint> + <regex>(1.0|1.1|1.2)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="role"> + <properties> + <help>Private key for this host</help> + <completionHelp> + <list>active passive</list> + </completionHelp> + <valueHelp> + <format>active</format> + <description>Initiate TLS negotiation actively</description> + </valueHelp> + <valueHelp> + <format>passive</format> + <description>Waiting for TLS connections passively</description> + </valueHelp> + <constraint> + <regex>(active|passive)</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="use-lzo-compression"> + <properties> + <help>Use fast LZO compression on this TUN/TAP interface</help> + <valueless/> + </properties> + </leafNode> + #include <include/interface-vrf.xml.i> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in new file mode 100644 index 000000000..8a6c61312 --- /dev/null +++ b/interface-definitions/interfaces-pppoe.xml.in @@ -0,0 +1,164 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="pppoe" owner="${vyos_conf_scripts_dir}/interfaces-pppoe.py"> + <properties> + <help>Point-to-Point Protocol over Ethernet (PPPoE)</help> + <priority>321</priority> + <constraint> + <regex>^pppoe[0-9]+$</regex> + </constraint> + <constraintErrorMessage>PPPoE interface must be named pppoeN</constraintErrorMessage> + <valueHelp> + <format>pppoeN</format> + <description>PPPoE dialer interface name</description> + </valueHelp> + </properties> + <children> + <leafNode name="access-concentrator"> + <properties> + <help>Access concentrator name (only connect to this concentrator)</help> + <constraint> + <regex>[a-zA-Z0-9]+$</regex> + </constraint> + <constraintErrorMessage>Access concentrator name must be composed of uppper and lower case letters or numbers only</constraintErrorMessage> + </properties> + </leafNode> + <node name="authentication"> + <properties> + <help>Authentication settings</help> + </properties> + <children> + <leafNode name="user"> + <properties> + <help>User name</help> + </properties> + </leafNode> + <leafNode name="password"> + <properties> + <help>Password</help> + </properties> + </leafNode> + </children> + </node> + <leafNode name="connect-on-demand"> + <properties> + <help>Automatic establishment of PPPOE connection when traffic is sent</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="default-route"> + <properties> + <help>Default route insertion behaviour (default: auto)</help> + <completionHelp> + <list>auto none force</list> + </completionHelp> + <constraint> + <regex>(auto|none|force)</regex> + </constraint> + <constraintErrorMessage>PPPoE default-route option must be 'auto', 'none', or 'force'</constraintErrorMessage> + <valueHelp> + <format>auto</format> + <description>Automatically install a default route</description> + </valueHelp> + <valueHelp> + <format>none</format> + <description>Do not install a default route</description> + </valueHelp> + <valueHelp> + <format>force</format> + <description>Replace existing default route</description> + </valueHelp> + </properties> + <defaultValue>auto</defaultValue> + </leafNode> + #include <include/dhcpv6-options.xml.i> + #include <include/interface-description.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + <leafNode name="idle-timeout"> + <properties> + <help>Delay before disconnecting idle session (in seconds)</help> + <valueHelp> + <format>n</format> + <description>Idle timeout in seconds</description> + </valueHelp> + </properties> + </leafNode> + <node name="ipv6"> + <children> + <node name="address"> + <properties> + <help>IPv6 address configuration modes</help> + </properties> + <children> + <leafNode name="autoconf"> + <properties> + <help>Enable Stateless Address Autoconfiguration (SLAAC)</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="enable"> + <properties> + <help>Activate IPv6 support on this connection</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="source-interface"> + <properties> + <help>Physical Interface used for this PPPoE session</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py --broadcast</script> + </completionHelp> + </properties> + </leafNode> + <leafNode name="local-address"> + <properties> + <help>IPv4 address of local end of the PPPoE link</help> + <valueHelp> + <format>ipv4</format> + <description>Address of local end of the PPPoE link</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + #include <include/interface-mtu-68-1500.xml.i> + <leafNode name="no-peer-dns"> + <properties> + <help>Do not use DNS servers provided by the peer</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="remote-address"> + <properties> + <help>IPv4 address of remote end of the PPPoE link</help> + <valueHelp> + <format>ipv4</format> + <description>Address of remote end of the PPPoE link</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="service-name"> + <properties> + <help>Service name, only connect to access concentrators advertising this</help> + <constraint> + <regex>[a-zA-Z0-9]+$</regex> + </constraint> + <constraintErrorMessage>Service name must be composed of uppper and lower case letters or numbers only</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in new file mode 100644 index 000000000..4382db598 --- /dev/null +++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in @@ -0,0 +1,82 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="pseudo-ethernet" owner="${vyos_conf_scripts_dir}/interfaces-pseudo-ethernet.py"> + <properties> + <help>Pseudo Ethernet</help> + <priority>321</priority> + <constraint> + <regex>^peth[0-9]+$</regex> + </constraint> + <constraintErrorMessage>Pseudo Ethernet interface must be named pethN</constraintErrorMessage> + <valueHelp> + <format>pethN</format> + <description>Pseudo Ethernet interface name</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6-dhcp.xml.i> + #include <include/interface-description.xml.i> + #include <include/dhcp-options.xml.i> + #include <include/dhcpv6-options.xml.i> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + <node name="ip"> + <children> + #include <include/interface-arp-cache-timeout.xml.i> + #include <include/interface-disable-arp-filter.xml.i> + #include <include/interface-enable-arp-accept.xml.i> + #include <include/interface-enable-arp-announce.xml.i> + #include <include/interface-enable-arp-ignore.xml.i> + #include <include/interface-enable-proxy-arp.xml.i> + #include <include/interface-proxy-arp-pvlan.xml.i> + </children> + </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + #include <include/source-interface-ethernet.xml.i> + #include <include/interface-mac.xml.i> + <leafNode name="mode"> + <properties> + <help>Receive mode (default: private)</help> + <completionHelp> + <list>private vepa bridge passthru</list> + </completionHelp> + <valueHelp> + <format>private</format> + <description>No communication with other pseudo-devices</description> + </valueHelp> + <valueHelp> + <format>vepa</format> + <description>Virtual Ethernet Port Aggregator reflective relay</description> + </valueHelp> + <valueHelp> + <format>bridge</format> + <description>Simple bridge between pseudo-devices</description> + </valueHelp> + <valueHelp> + <format>passthru</format> + <description>Promicious mode passthrough of underlying device</description> + </valueHelp> + <constraint> + <regex>(private|vepa|bridge|passthru)</regex> + </constraint> + <constraintErrorMessage>mode must be private, vepa, bridge or passthru</constraintErrorMessage> + </properties> + <defaultValue>private</defaultValue> + </leafNode> + #include <include/interface-mtu-68-9000.xml.i> + #include <include/vif-s.xml.i> + #include <include/vif.xml.i> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in new file mode 100644 index 000000000..64520ce99 --- /dev/null +++ b/interface-definitions/interfaces-tunnel.xml.in @@ -0,0 +1,283 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="tunnel" owner="${vyos_conf_scripts_dir}/interfaces-tunnel.py"> + <properties> + <help>Tunnel interface</help> + <priority>380</priority> + <constraint> + <regex>^tun[0-9]+$</regex> + </constraint> + <constraintErrorMessage>tunnel interface must be named tunN</constraintErrorMessage> + <valueHelp> + <format>tunN</format> + <description>Tunnel interface name</description> + </valueHelp> + </properties> + <children> + #include <include/interface-description.xml.i> + #include <include/address-ipv4-ipv6.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-vrf.xml.i> + #include <include/interface-mtu-64-8024.xml.i> + #include <include/interface-ipv4.xml.i> + #include <include/interface-ipv6.xml.i> + <leafNode name="local-ip"> + <properties> + <help>Local IP address for this tunnel</help> + <valueHelp> + <format>ipv4</format> + <description>Local IPv4 address for this tunnel</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Local IPv6 address for this tunnel [NOTICE: unavailable for mGRE tunnels]</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_local.py</script> + </completionHelp> + <constraint> + <!-- does it need fixing/changing to be more restrictive ? --> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="remote-ip"> + <properties> + <help>Remote IP address for this tunnel</help> + <valueHelp> + <format>ipv4</format> + <description>Remote IPv4 address for this tunnel</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Remote IPv6 address for this tunnel</description> + </valueHelp> + <constraint> + <!-- does it need fixing/changing to be more restrictive ? --> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="source-interface"> + <properties> + <help>Physical Interface used for underlaying traffic</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + </leafNode> + <leafNode name="6rd-prefix"> + <properties> + <help>6rd network prefix</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="6rd-relay-prefix"> + <properties> + <help>6rd relay prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix of interface for 6rd</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="dhcp-interface"> + <properties> + <help>dhcp interface</help> + <valueHelp> + <format>interface</format> + <description>DHCP interface that supplies the local IP address for this tunnel</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <constraint> + <regex>(en|eth|br|bond|gnv|vxlan|wg|tun)[0-9]+</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="encapsulation"> + <properties> + <help>Encapsulation of this tunnel interface</help> + <completionHelp> + <list>gre gre-bridge ipip sit ipip6 ip6ip6 ip6gre</list> + </completionHelp> + <valueHelp> + <format>gre-bridge</format> + <description>Generic Routing Encapsulation bridge interface</description> + </valueHelp> + <valueHelp> + <format>ipip</format> + <description>IP in IP encapsulation</description> + </valueHelp> + <valueHelp> + <format>sit</format> + <description>Simple Internet Transition encapsulation</description> + </valueHelp> + <valueHelp> + <format>ipip6</format> + <description>IP in IP6 encapsulation</description> + </valueHelp> + <valueHelp> + <format>ip6ip6</format> + <description>IP6 in IP6 encapsulation</description> + </valueHelp> + <valueHelp> + <format>ip6gre</format> + <description>GRE over IPv6 network</description> + </valueHelp> + <constraint> + <regex>(gre|gre-bridge|ipip|sit|ipip6|ip6ip6|ip6gre)</regex> + </constraint> + <constraintErrorMessage>Must be one of 'gre' 'gre-bridge' 'ipip' 'sit' 'ipip6' 'ip6ip6' 'ip6gre'</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="multicast"> + <properties> + <help>Multicast operation over tunnel</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable Multicast</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable Multicast (default)</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + <constraintErrorMessage>Must be 'disable' or 'enable'</constraintErrorMessage> + </properties> + </leafNode> + <node name="parameters"> + <properties> + <help>Tunnel parameters</help> + </properties> + <children> + <node name="ip"> + <properties> + <help>IPv4 specific tunnel parameters</help> + </properties> + <children> + <leafNode name="ttl"> + <properties> + <help>Time to live field</help> + <valueHelp> + <format>0-255</format> + <description>Time to live (default 255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>TTL must be between 0 and 255</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="tos"> + <properties> + <help>Type of Service (TOS)</help> + <valueHelp> + <format>0-99</format> + <description>Type of Service (TOS)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-99"/> + </constraint> + <constraintErrorMessage>TOS must be between 0 and 99</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="key"> + <properties> + <help>Tunnel key</help> + <valueHelp> + <format>0-4294967295</format> + <description>Tunnel key</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + <constraintErrorMessage>key must be between 0-4294967295</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <node name="ipv6"> + <properties> + <help>IPv6 specific tunnel parameters</help> + </properties> + <children> + <leafNode name="encaplimit"> + <properties> + <help>Encaplimit field</help> + <valueHelp> + <format>0-255</format> + <description>Encaplimit (default 4)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>key must be between 0-255</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="flowlabel"> + <properties> + <help>Flowlabel</help> + <valueHelp> + <format>0x0-0x0FFFFF</format> + <description>Tunnel key, 'inherit' or hex value</description> + </valueHelp> + <constraint> + <regex>(0x){0,1}(0?[0-9A-Fa-f]{1,5})</regex> + </constraint> + <constraintErrorMessage>Must be 'inherit' or a number</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="hoplimit"> + <properties> + <help>Hoplimit</help> + <valueHelp> + <format>0-255</format> + <description>Hoplimit (default 64)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>hoplimit must be between 0-255</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="tclass"> + <properties> + <help>Traffic class (Tclass)</help> + <valueHelp> + <format>0x0-0x0FFFFF</format> + <description>Traffic class, 'inherit' or hex value</description> + </valueHelp> + <constraint> + <regex>(0x){0,1}(0?[0-9A-Fa-f]{1,2})</regex> + </constraint> + <constraintErrorMessage>Must be 'inherit' or a number</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in new file mode 100644 index 000000000..8529f6885 --- /dev/null +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -0,0 +1,114 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="vxlan" owner="${vyos_conf_scripts_dir}/interfaces-vxlan.py"> + <properties> + <help>Virtual Extensible LAN (VXLAN) Interface</help> + <priority>460</priority> + <constraint> + <regex>^vxlan[0-9]+$</regex> + </constraint> + <constraintErrorMessage>VXLAN interface must be named vxlanN</constraintErrorMessage> + <valueHelp> + <format>vxlanN</format> + <description>VXLAN interface name</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6.xml.i> + #include <include/interface-description.xml.i> + #include <include/interface-disable.xml.i> + <leafNode name="group"> + <properties> + <help>Multicast group address for VXLAN interface</help> + <valueHelp> + <format>ipv4</format> + <description>Multicast IPv4 group address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Multicast IPv6 group address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + <node name="ip"> + <children> + #include <include/interface-arp-cache-timeout.xml.i> + #include <include/interface-disable-arp-filter.xml.i> + #include <include/interface-enable-arp-accept.xml.i> + #include <include/interface-enable-arp-announce.xml.i> + #include <include/interface-enable-arp-ignore.xml.i> + #include <include/interface-enable-proxy-arp.xml.i> + </children> + </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + <leafNode name="source-address"> + <properties> + <help>VXLAN source address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source-address of VXLAN tunnel</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + #include <include/source-interface.xml.i> + #include <include/interface-mtu-1200-9000.xml.i> + <leafNode name="remote"> + <properties> + <help>Remote address of VXLAN tunnel</help> + <valueHelp> + <format>ipv4</format> + <description>Remote IPv4 address of VXLAN tunnel</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Remote IPv6 address of VXLAN tunnel</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Destination port of VXLAN tunnel (default: 8472)</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>8472</defaultValue> + </leafNode> + <leafNode name="vni"> + <properties> + <help>Virtual Network Identifier</help> + <valueHelp> + <format>0-16777214</format> + <description>VXLAN virtual network identifier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777214"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in new file mode 100644 index 000000000..981bce826 --- /dev/null +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -0,0 +1,124 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="wireguard" owner="${vyos_conf_scripts_dir}/interfaces-wireguard.py"> + <properties> + <help>WireGuard Interface</help> + <priority>459</priority> + <constraint> + <regex>^wg[0-9]+$</regex> + </constraint> + <constraintErrorMessage>WireGuard interface must be named wgN</constraintErrorMessage> + <valueHelp> + <format>wgN</format> + <description>WireGuard interface name</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6.xml.i> + #include <include/interface-description.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + #include <include/port-number.xml.i> + #include <include/interface-mtu-68-9000.xml.i> + <leafNode name="fwmark"> + <properties> + <help>A 32-bit fwmark value set on all outgoing packets</help> + <valueHelp> + <format>number</format> + <description>value which marks the packet for QoS/shaper</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + <leafNode name="private-key"> + <properties> + <help>Private key to use on that interface</help> + <completionHelp> + <script>${vyos_op_scripts_dir}/wireguard.py --listkdir</script> + </completionHelp> + </properties> + <defaultValue>default</defaultValue> + </leafNode> + <tagNode name="peer"> + <properties> + <help>peer alias</help> + <constraint> + <regex>[^ ]{1,100}$</regex> + </constraint> + <constraintErrorMessage>peer alias too long (limit 100 characters)</constraintErrorMessage> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>disables peer</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="pubkey"> + <properties> + <help>base64 encoded public key</help> + <constraint> + <regex>[0-9a-zA-Z\+/]{43}=$</regex> + </constraint> + <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="preshared-key"> + <properties> + <help>base64 encoded preshared key</help> + <constraint> + <regex>[0-9a-zA-Z\+/]{43}=$</regex> + </constraint> + <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="allowed-ips"> + <properties> + <help>IP addresses allowed to traverse the peer</help> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="address"> + <properties> + <help>IP address of tunnel remote end</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to listen for incoming connections</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to listen for incoming connections</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + #include <include/port-number.xml.i> + <leafNode name="persistent-keepalive"> + <properties> + <help>Interval to send keepalive messages</help> + <valueHelp> + <format>1-65535</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in new file mode 100644 index 000000000..6f0ec9e71 --- /dev/null +++ b/interface-definitions/interfaces-wireless.xml.in @@ -0,0 +1,800 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="wireless" owner="${vyos_conf_scripts_dir}/interfaces-wireless.py"> + <properties> + <help>Wireless (WiFi/WLAN) Network Interface</help> + <priority>400</priority> + <constraint> + <regex>^wlan[0-9]+$</regex> + </constraint> + <constraintErrorMessage>Wireless interface must be named wlanN</constraintErrorMessage> + <valueHelp> + <format>wlanN</format> + <description>Wireless (WiFi/WLAN) interface name</description> + </valueHelp> + </properties> + <children> + #include <include/address-ipv4-ipv6-dhcp.xml.i> + <node name="capabilities"> + <properties> + <help>HT and VHT capabilities for your card</help> + </properties> + <children> + <node name="ht"> + <properties> + <help>HT (High Throughput) settings</help> + </properties> + <children> + <leafNode name="40mhz-incapable"> + <properties> + <help>40MHz intolerance, use 20MHz only!</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="auto-powersave"> + <properties> + <help>Enable WMM-PS unscheduled automatic power aave delivery [U-APSD]</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="channel-set-width"> + <properties> + <help>Supported channel set width</help> + <completionHelp> + <list>ht20 ht40+ ht40-</list> + </completionHelp> + <valueHelp> + <format>ht20</format> + <description>Supported channel set width both 20 MHz only</description> + </valueHelp> + <valueHelp> + <format>ht40+</format> + <description>Supported channel set width both 20 MHz and 40 MHz with secondary channel above primary channel</description> + </valueHelp> + <valueHelp> + <format>ht40-</format> + <description>Supported channel set width both 20 MHz and 40 MHz with secondary channel below primary channel</description> + </valueHelp> + <constraint> + <regex>(ht20|ht40\+|ht40-)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="delayed-block-ack"> + <properties> + <help>Enable HT-delayed block ack</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="dsss-cck-40"> + <properties> + <help>Enable DSSS_CCK-40</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="greenfield"> + <properties> + <help>Enable HT-greenfield</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ldpc"> + <properties> + <help>Enable LDPC coding capability</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="lsig-protection"> + <properties> + <help>Enable L-SIG TXOP protection capability</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="max-amsdu"> + <properties> + <help>Set maximum A-MSDU length</help> + <completionHelp> + <list>3839 7935</list> + </completionHelp> + <valueHelp> + <format>3839</format> + <description>Set maximum A-MSDU length to 3839 octets</description> + </valueHelp> + <valueHelp> + <format>7935</format> + <description>Set maximum A-MSDU length to 7935 octets</description> + </valueHelp> + <constraint> + <regex>(3839|7935)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="short-gi"> + <properties> + <help>Short GI capabilities</help> + <completionHelp> + <list>20 40</list> + </completionHelp> + <valueHelp> + <format>20</format> + <description>Short GI for 20 MHz</description> + </valueHelp> + <valueHelp> + <format>40</format> + <description>Short GI for 40 MHz</description> + </valueHelp> + <constraint> + <regex>(20|40)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="smps"> + <properties> + <help>Spatial Multiplexing Power Save (SMPS) settings</help> + <completionHelp> + <list>static dynamic</list> + </completionHelp> + <valueHelp> + <format>static</format> + <description>STATIC Spatial Multiplexing (SM) Power Save</description> + </valueHelp> + <valueHelp> + <format>dynamic</format> + <description>DYNAMIC Spatial Multiplexing (SM) Power Save</description> + </valueHelp> + <constraint> + <regex>(static|dynamic)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="stbc"> + <properties> + <help>Support for sending and receiving PPDU using STBC (Space Time Block Coding)</help> + </properties> + <children> + <leafNode name="rx"> + <properties> + <help>Enable receiving PPDU using STBC (Space Time Block Coding)</help> + <valueHelp> + <format>[1-3]+</format> + <description>Number of spacial streams that can use RX STBC</description> + </valueHelp> + <constraint> + <regex>[1-3]+</regex> + </constraint> + <constraintErrorMessage>Invalid capability item</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="tx"> + <properties> + <help>Enable sending PPDU using STBC (Space Time Block Coding)</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="require-ht"> + <properties> + <help>Require stations to support HT PHY (reject association if they do not)</help> + <completionHelp> + <script>echo If you reject non-HT, you also disable 802.11g</script> + </completionHelp> + <valueless/> + </properties> + </leafNode> + <leafNode name="require-vht"> + <properties> + <help>Require stations to support VHT PHY (reject association if they do not)</help> + <completionHelp> + <script>echo If you reject non-VHT, you also disable 802.11n</script> + </completionHelp> + <valueless/> + </properties> + </leafNode> + <node name="vht"> + <properties> + <help>VHT (Very High Throughput) settings</help> + </properties> + <children> + <leafNode name="antenna-count"> + <properties> + <help>Number of antennas on this card</help> + <valueHelp> + <format>1-8</format> + <description>Number of antennas for this card</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-8"/> + </constraint> + </properties> + </leafNode> + <leafNode name="antenna-pattern-fixed"> + <properties> + <help>Set if antenna pattern does not change during the lifetime of an association</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="beamform"> + <properties> + <help>Beamforming capabilities</help> + <completionHelp> + <list>single-user-beamformer single-user-beamformee multi-user-beamformer multi-user-beamformee</list> + </completionHelp> + <valueHelp> + <format>single-user-beamformer</format> + <description>Support for operation as single user beamformer</description> + </valueHelp> + <valueHelp> + <format>single-user-beamformee</format> + <description>Support for operation as single user beamformee</description> + </valueHelp> + <valueHelp> + <format>multi-user-beamformer</format> + <description>Support for operation as multi user beamformer</description> + </valueHelp> + <valueHelp> + <format>multi-user-beamformee</format> + <description>Support for operation as multi user beamformee</description> + </valueHelp> + <constraint> + <regex>(single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="center-channel-freq"> + <properties> + <help>VHT operating channel center frequency</help> + </properties> + <children> + <leafNode name="freq-1"> + <properties> + <help>VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)</help> + <valueHelp> + <format><34-173></format> + <description>5Ghz (802.11 a/h/j/n/ac) center channel index (use 42 for primary 80MHz channel 36)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 34-173"/> + </constraint> + <constraintErrorMessage>Channel center value must be between 34 and 173</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="freq-2"> + <properties> + <help>VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)</help> + <valueHelp> + <format>34-173</format> + <description>5Ghz (802.11 a/h/j/n/ac) center channel index (use 58 for primary 80MHz channel 52)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 34-173"/> + </constraint> + <constraintErrorMessage>Channel center value must be between 34 and 173</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <leafNode name="channel-set-width"> + <properties> + <help>VHT operating Channel width</help> + <completionHelp> + <list>0 1 2 3</list> + </completionHelp> + <valueHelp> + <format>0</format> + <description>20 or 40 MHz channel width (default)</description> + </valueHelp> + <valueHelp> + <format>1</format> + <description>80 MHz channel width</description> + </valueHelp> + <valueHelp> + <format>2</format> + <description>160 MHz channel width</description> + </valueHelp> + <valueHelp> + <format>3</format> + <description>80+80 MHz channel width</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-3"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ldpc"> + <properties> + <help>Enable LDPC (Low Density Parity Check) coding capability</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="link-adaptation"> + <properties> + <help>VHT link adaptation capabilities</help> + <completionHelp> + <list>unsolicited both</list> + </completionHelp> + <valueHelp> + <format>unsolicited</format> + <description>Station provides only unsolicited VHT MFB</description> + </valueHelp> + <valueHelp> + <format>both</format> + <description>Station can provide VHT MFB in response to VHT MRQ and unsolicited VHT MFB</description> + </valueHelp> + <constraint> + <regex>(unsolicited|both)</regex> + </constraint> + <constraintErrorMessage>Invalid capability item</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="max-mpdu-exp"> + <properties> + <help>Set the maximum length of A-MPDU pre-EOF padding that the station can receive</help> + <valueHelp> + <format><0-7></format> + <description>Maximum length of A-MPDU pre-EOF padding = 2 pow(13 + x) -1 octets</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-7"/> + </constraint> + </properties> + </leafNode> + <leafNode name="max-mpdu"> + <properties> + <help>Increase Maximum MPDU length to 7991 or 11454 octets (otherwise: 3895 octets)</help> + <completionHelp> + <list>7991 11454</list> + </completionHelp> + <valueHelp> + <format>7991</format> + <description>ncrease Maximum MPDU length to 7991 octets</description> + </valueHelp> + <valueHelp> + <format>11454</format> + <description>ncrease Maximum MPDU length to 11454 octets</description> + </valueHelp> + <constraint> + <regex>(7991|11454)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="short-gi"> + <properties> + <help>Short GI capabilities</help> + <completionHelp> + <list>80 160</list> + </completionHelp> + <valueHelp> + <format>80</format> + <description>Short GI for 80 MHz</description> + </valueHelp> + <valueHelp> + <format>160</format> + <description>Short GI for 160 MHz</description> + </valueHelp> + <constraint> + <regex>(80|160)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="stbc"> + <properties> + <help>Support for sending and receiving PPDU using STBC (Space Time Block Coding)</help> + </properties> + <children> + <leafNode name="rx"> + <properties> + <help>Enable receiving PPDU using STBC (Space Time Block Coding)</help> + <valueHelp> + <format>[1-4]+</format> + <description>Number of spacial streams that can use RX STBC</description> + </valueHelp> + <constraint> + <regex>[1-4]+</regex> + </constraint> + <constraintErrorMessage>Invalid capability item</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="tx"> + <properties> + <help>Enable sending PPDU using STBC (Space Time Block Coding)</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="tx-powersave"> + <properties> + <help>Enable VHT TXOP Power Save Mode</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="vht-cf"> + <properties> + <help>Station supports receiving VHT variant HT Control field</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="channel"> + <properties> + <help>Wireless radio channel (use 0 for ACS auto channel selection)</help> + <valueHelp> + <format><1-14></format> + <description>2.4Ghz (802.11 b/g/n) Channel</description> + </valueHelp> + <valueHelp> + <format><0,34-173></format> + <description>5Ghz (802.11 a/h/j/n/ac) Channel</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-0 --range 1-14 --range 34-173"/> + </constraint> + </properties> + </leafNode> + #include <include/interface-description.xml.i> + #include <include/dhcp-options.xml.i> + #include <include/dhcpv6-options.xml.i> + <leafNode name="disable-broadcast-ssid"> + <properties> + <help>Disable broadcast of SSID from access-point</help> + <valueless/> + </properties> + </leafNode> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + <leafNode name="expunge-failing-stations"> + <properties> + <help>Disassociate stations based on excessive transmission failures</help> + <valueless/> + </properties> + </leafNode> + <node name="ip"> + <children> + #include <include/interface-arp-cache-timeout.xml.i> + #include <include/interface-disable-arp-filter.xml.i> + #include <include/interface-enable-arp-accept.xml.i> + #include <include/interface-enable-arp-announce.xml.i> + #include <include/interface-enable-arp-ignore.xml.i> + #include <include/interface-enable-proxy-arp.xml.i> + #include <include/interface-proxy-arp-pvlan.xml.i> + </children> + </node> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + #include <include/interface-hw-id.xml.i> + <leafNode name="isolate-stations"> + <properties> + <help>Isolate stations on the AP so they cannot see each other</help> + <valueless/> + </properties> + </leafNode> + #include <include/interface-mac.xml.i> + <leafNode name="max-stations"> + <properties> + <help>Maximum number of wireless radio stations. Excess stations will be rejected upon authentication request.</help> + <valueHelp> + <format><1-2007></format> + <description>Number of allowed stations</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2007"/> + </constraint> + <constraintErrorMessage>Number of stations must be between 1 and 2007</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="mgmt-frame-protection"> + <properties> + <help>Management Frame Protection (MFP) according to IEEE 802.11w</help> + <completionHelp> + <list>disabled optional required</list> + </completionHelp> + <valueHelp> + <format>disabled</format> + <description>no MFP (hostapd default)</description> + </valueHelp> + <valueHelp> + <format>optional</format> + <description>MFP optional</description> + </valueHelp> + <valueHelp> + <format>required</format> + <description>MFP enforced</description> + </valueHelp> + <constraint> + <regex>(disabled|optional|required)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="mode"> + <properties> + <help>Wireless radio mode</help> + <completionHelp> + <list>a b g n ac</list> + </completionHelp> + <valueHelp> + <format>a</format> + <description>802.11a - 54 Mbits/sec</description> + </valueHelp> + <valueHelp> + <format>b</format> + <description>802.11b - 11 Mbits/sec</description> + </valueHelp> + <valueHelp> + <format>g</format> + <description>802.11g - 54 Mbits/sec (default)</description> + </valueHelp> + <valueHelp> + <format>n</format> + <description>802.11n - 600 Mbits/sec</description> + </valueHelp> + <valueHelp> + <format>ac</format> + <description>802.11ac - 1300 Mbits/sec</description> + </valueHelp> + <constraint> + <regex>^(a|b|g|n|ac)$</regex> + </constraint> + </properties> + <defaultValue>g</defaultValue> + </leafNode> + <leafNode name="physical-device"> + <properties> + <help>Wireless physical device</help> + <completionHelp> + <script>${vyos_completion_dir}/list_wireless_phys.sh</script> + </completionHelp> + <constraint> + <validator name="wireless-phy"/> + </constraint> + </properties> + </leafNode> + <leafNode name="reduce-transmit-power"> + <properties> + <help>Transmission power reduction in dBm</help> + <valueHelp> + <format><0-255></format> + <description>TX power reduction in dBm</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>dBm value must be between 0 and 255</constraintErrorMessage> + </properties> + </leafNode> + <node name="security"> + <properties> + <help>Wireless security settings</help> + </properties> + <children> + <node name="wep"> + <properties> + <help>Wired Equivalent Privacy (WEP) parameters</help> + </properties> + <children> + <leafNode name="key"> + <properties> + <help>WEP encryption key</help> + <valueHelp> + <format><hexdigits></format> + <description>Wired Equivalent Privacy key</description> + </valueHelp> + <constraint> + <regex>([a-fA-F0-9]{10}|[a-fA-F0-9]{26}|[a-fA-F0-9]{32})</regex> + </constraint> + <constraintErrorMessage>Invalid WEP key</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> + <node name="wpa"> + <properties> + <help>Wifi Protected Access (WPA) parameters</help> + </properties> + <children> + <leafNode name="cipher"> + <properties> + <help>Cipher suite for WPA unicast packets</help> + <completionHelp> + <list>GCMP-256 GCMP CCMP-256 CCMP TKIP</list> + </completionHelp> + <valueHelp> + <format>GCMP-256</format> + <description>AES in Galois/counter mode with 256-bit key</description> + </valueHelp> + <valueHelp> + <format>GCMP</format> + <description>AES in Galois/counter mode with 128-bit key</description> + </valueHelp> + <valueHelp> + <format>CCMP-256</format> + <description>AES in Counter mode with CBC-MAC with 256-bit key</description> + </valueHelp> + <valueHelp> + <format>CCMP</format> + <description>AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] (supported on all WPA2 APs)</description> + </valueHelp> + <valueHelp> + <format>TKIP</format> + <description>Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]</description> + </valueHelp> + <constraint> + <regex>^(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)$</regex> + </constraint> + <constraintErrorMessage>Invalid cipher selection</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="group-cipher"> + <properties> + <help>Cipher suite for WPA multicast and broadcast packets</help> + <completionHelp> + <list>GCMP-256 GCMP CCMP-256 CCMP TKIP</list> + </completionHelp> + <valueHelp> + <format>GCMP-256</format> + <description>AES in Galois/counter mode with 256-bit key</description> + </valueHelp> + <valueHelp> + <format>GCMP</format> + <description>AES in Galois/counter mode with 128-bit key</description> + </valueHelp> + <valueHelp> + <format>CCMP-256</format> + <description>AES in Counter mode with CBC-MAC with 256-bit key</description> + </valueHelp> + <valueHelp> + <format>CCMP</format> + <description>AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] (supported on all WPA2 APs)</description> + </valueHelp> + <valueHelp> + <format>TKIP</format> + <description>Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]</description> + </valueHelp> + <constraint> + <regex>^(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)$</regex> + </constraint> + <constraintErrorMessage>Invalid group cipher selection</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="mode"> + <properties> + <help>WPA mode</help> + <completionHelp> + <list>wpa wpa2 both</list> + </completionHelp> + <valueHelp> + <format>wpa</format> + <description>WPA (IEEE 802.11i/D3.0)</description> + </valueHelp> + <valueHelp> + <format>wpa2</format> + <description>WPA2 (full IEEE 802.11i/RSN)</description> + </valueHelp> + <valueHelp> + <format>both</format> + <description>Allow both WPA and WPA2</description> + </valueHelp> + <constraint> + <regex>^(wpa|wpa2|both)$</regex> + </constraint> + <constraintErrorMessage>Unknown WPA mode</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="passphrase"> + <properties> + <help>WPA personal shared pass phrase. If you are + using special characters in the WPA passphrase then single + quotes are required.</help> + <valueHelp> + <format><text></format> + <description>Passphrase of at least 8 but not more than 63 printable characters</description> + </valueHelp> + <constraint> + <regex>.{8,63}$</regex> + </constraint> + <constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage> + </properties> + </leafNode> + #include <include/radius-server.xml.i> + <node name="radius"> + <children> + <tagNode name="server"> + <children> + <leafNode name="accounting"> + <properties> + <help>Enable RADIUS server to receive accounting info</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> + <leafNode name="ssid"> + <properties> + <help>Wireless access-point service set identifier (SSID)</help> + <constraint> + <regex>.{1,32}$</regex> + </constraint> + <constraintErrorMessage>Invalid SSID</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>Wireless device type for this interface</help> + <completionHelp> + <list>access-point station monitor</list> + </completionHelp> + <valueHelp> + <format>access-point</format> + <description>Access-point forwards packets between other nodes</description> + </valueHelp> + <valueHelp> + <format>station</format> + <description>Connects to another access point</description> + </valueHelp> + <valueHelp> + <format>monitor</format> + <description>Passively monitor all packets on the frequency/channel</description> + </valueHelp> + <constraint> + <regex>^(access-point|station|monitor)$</regex> + </constraint> + <constraintErrorMessage>Type must be access-point, station or monitor</constraintErrorMessage> + </properties> + <defaultValue>monitor</defaultValue> + </leafNode> + #include <include/vif.xml.i> + #include <include/vif-s.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="system"> + <children> + <leafNode name="wifi-regulatory-domain" owner="${vyos_conf_scripts_dir}/system-wifi-regdom.py"> + <properties> + <help>Wireless regulatory domain (mandatory)</help> + <priority>305</priority> + <completionHelp> + <list>US EU JP DE UK CN</list> + </completionHelp> + <valueHelp> + <format><code%gt;</format> + <description>Country code (ISO/IEC 3166-1)</description> + </valueHelp> + <constraint> + <regex>[A-Z][A-Z]$</regex> + </constraint> + <constraintErrorMessage>invalid country code</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/interfaces-wirelessmodem.xml.in b/interface-definitions/interfaces-wirelessmodem.xml.in new file mode 100644 index 000000000..d375b808d --- /dev/null +++ b/interface-definitions/interfaces-wirelessmodem.xml.in @@ -0,0 +1,93 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="interfaces"> + <children> + <tagNode name="wirelessmodem" owner="${vyos_conf_scripts_dir}/interfaces-wirelessmodem.py"> + <properties> + <help>Wireless Modem (WWAN) Interface</help> + <priority>350</priority> + <constraint> + <regex>^wlm[0-9]+$</regex> + </constraint> + <constraintErrorMessage>Wireless Modem interface must be named wlmN</constraintErrorMessage> + <valueHelp> + <format>wlmN</format> + <description>Wireless modem interface name</description> + </valueHelp> + </properties> + <children> + <leafNode name="apn"> + <properties> + <help>Access Point Name (APN)</help> + </properties> + </leafNode> + <node name="backup"> + <properties> + <help>Insert backup default route</help> + </properties> + <children> + <leafNode name="distance"> + <properties> + <help>Distance backup default route</help> + <valueHelp> + <format>1-255</format> + <description>Distance of the backup route (default: 10)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + <constraintErrorMessage>Must be between (1-255)</constraintErrorMessage> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + </children> + </node> + #include <include/interface-description.xml.i> + #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> + <leafNode name="device"> + <properties> + <help>Serial device </help> + <completionHelp> + <script>ls -1 /dev | grep ttyS</script> + <script>if [ -d /dev/serial/by-bus ]; then ls -1 /dev/serial/by-bus; fi</script> + </completionHelp> + <valueHelp> + <format>ttySXX</format> + <description>TTY device name, regular serial port</description> + </valueHelp> + <valueHelp> + <format>usbNbXpY</format> + <description>TTY device name, USB based</description> + </valueHelp> + <constraint> + <regex>^(ttyS[0-9]+|usb[0-9]+b.*)$</regex> + </constraint> + </properties> + </leafNode> + #include <include/interface-disable-link-detect.xml.i> + #include <include/interface-mtu-68-9000.xml.i> + <node name="ipv6"> + <children> + #include <include/ipv6-address.xml.i> + #include <include/ipv6-disable-forwarding.xml.i> + #include <include/ipv6-dup-addr-detect-transmits.xml.i> + </children> + </node> + <leafNode name="no-peer-dns"> + <properties> + <help>Do not use peer supplied DNS server information</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ondemand"> + <properties> + <help>Only dial when traffic is available</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/ipsec-settings.xml.in b/interface-definitions/ipsec-settings.xml.in new file mode 100644 index 000000000..bc54baa27 --- /dev/null +++ b/interface-definitions/ipsec-settings.xml.in @@ -0,0 +1,24 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="vpn"> + <children> + <node name="ipsec"> + <children> + <node name="options" owner="${vyos_conf_scripts_dir}/ipsec-settings.py"> + <properties> + <help>Global IPsec settings</help> + </properties> + <children> + <leafNode name="disable-route-autoinstall"> + <properties> + <valueless/> + <help>Do not automatically install routes to remote networks</help> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/lldp.xml.in b/interface-definitions/lldp.xml.in new file mode 100644 index 000000000..8f6629d81 --- /dev/null +++ b/interface-definitions/lldp.xml.in @@ -0,0 +1,191 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="lldp" owner="${vyos_conf_scripts_dir}/lldp.py"> + <properties> + <help>LLDP settings</help> + <priority>985</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>Location data for interface</help> + <valueHelp> + <format>all</format> + <description>Location data all interfaces</description> + </valueHelp> + <valueHelp> + <format><intf></format> + <description>Location data for a specific interface</description> + </valueHelp> + <completionHelp> + <script>${vyatta_sbindir}/vyatta-interfaces.pl --show all</script> + <list>all</list> + </completionHelp> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Disable lldp on this interface</help> + <valueless/> + </properties> + </leafNode> + <node name="location"> + <properties> + <help>LLDP-MED location data [REQUIRED]</help> + </properties> + <children> + <node name="coordinate-based"> + <properties> + <help>Coordinate based location</help> + </properties> + <children> + <leafNode name="altitude"> + <properties> + <help>Altitude in meters</help> + <valueHelp> + <format>[+-]<meters></format> + <description>Altitude in meters</description> + </valueHelp> + <constraintErrorMessage>Altitude should be a positive or negative number</constraintErrorMessage> + <constraint> + <validator name="numeric"/> + </constraint> + </properties> + </leafNode> + <leafNode name="datum"> + <properties> + <help>Coordinate datum type</help> + <valueHelp> + <format>WGS84</format> + <description>WGS84 (default)</description> + </valueHelp> + <valueHelp> + <format>NAD83</format> + <description>NAD83</description> + </valueHelp> + <valueHelp> + <format>MLLW</format> + <description>NAD83/MLLW</description> + </valueHelp> + <completionHelp> + <list>WGS84 NAD83 MLLW</list> + </completionHelp> + <constraintErrorMessage>Datum should be WGS84, NAD83, or MLLW</constraintErrorMessage> + <constraint> + <regex>^(WGS84|NAD83|MLLW)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="latitude"> + <properties> + <help>Latitude [REQUIRED]</help> + <valueHelp> + <format><latitude></format> + <description>Latitude (example "37.524449N")</description> + </valueHelp> + <constraintErrorMessage>Latitude should be a number followed by S or N</constraintErrorMessage> + <constraint> + <regex>(\d+)(\.\d+)?[nNsS]$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="longitude"> + <properties> + <help>Longitude [REQUIRED]</help> + <valueHelp> + <format><longitude></format> + <description>Longitude (example "122.267255W")</description> + </valueHelp> + <constraintErrorMessage>Longiture should be a number followed by E or W</constraintErrorMessage> + <constraint> + <regex>(\d+)(\.\d+)?[eEwW]$</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="elin"> + <properties> + <help>ECS ELIN (Emergency location identifier number)</help> + <valueHelp> + <format>0-9999999999</format> + <description>Emergency Call Service ELIN number (between 10-25 numbers)</description> + </valueHelp> + <constraint> + <regex>[0-9]{10,25}$</regex> + </constraint> + <constraintErrorMessage>ELIN number must be between 10-25 numbers</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + <node name="legacy-protocols"> + <properties> + <help>Legacy (vendor specific) protocols</help> + </properties> + <children> + <leafNode name="cdp"> + <properties> + <help>Listen for CDP for Cisco routers/switches</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="edp"> + <properties> + <help>Listen for EDP for Extreme routers/switches</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="fdp"> + <properties> + <help>Listen for FDP for Foundry routers/switches</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="sonmp"> + <properties> + <help>Listen for SONMP for Nortel routers/switches</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="management-address"> + <properties> + <help>Management IP Address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 Management Address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 Management Address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="snmp"> + <properties> + <help>SNMP parameters for LLDP</help> + </properties> + <children> + <leafNode name="enable"> + <properties> + <help>Enable SNMP queries of the LLDP database</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in new file mode 100644 index 000000000..8a14f4d25 --- /dev/null +++ b/interface-definitions/nat.xml.in @@ -0,0 +1,180 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="nat" owner="${vyos_conf_scripts_dir}/nat.py"> + <properties> + <help>Network Address Translation (NAT) parameters</help> + <priority>220</priority> + </properties> + <children> + <node name="destination"> + <properties> + <help>Destination NAT settings</help> + </properties> + <children> + #include <include/nat-rule.xml.i> + <tagNode name="rule"> + <children> + <leafNode name="inbound-interface"> + <properties> + <help>Inbound interface of NAT traffic</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + </leafNode> + <node name="translation"> + <properties> + <help>Inside NAT IP (destination NAT only)</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IP address, subnet, or range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range to match</description> + </valueHelp> + <!-- TODO: add general iptables constraint script --> + </properties> + </leafNode> + #include <include/nat-translation-port.xml.i> + </children> + </node> + </children> + </tagNode> + </children> + </node> + <node name="nptv6"> + <properties> + <help>IPv6-to-IPv6 Network Prefix Translation Settings</help> + </properties> + <children> + <tagNode name="rule"> + <properties> + <help>NPTv6 rule number</help> + <valueHelp> + <format>1-999999</format> + <description>Number for this rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>NAT rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + <leafNode name="description"> + <properties> + <help>Rule description</help> + </properties> + </leafNode> + <leafNode name="disable"> + <properties> + <help>Disable NAT rule</help> + <valueless/> + </properties> + </leafNode> + #include <include/nat-interface.xml.i> + <node name="source"> + <properties> + <help>IPv6 source prefix options</help> + </properties> + <children> + <leafNode name="prefix"> + <properties> + <help>IPv6 prefix to be translated</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="translation"> + <properties> + <help>Translated IPv6 prefix options</help> + </properties> + <children> + <leafNode name="prefix"> + <properties> + <help>IPv6 prefix to translate to</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> + <node name="source"> + <properties> + <help>Source NAT settings</help> + </properties> + <children> + #include <include/nat-rule.xml.i> + <tagNode name="rule"> + <children> + #include <include/nat-interface.xml.i> + <node name="translation"> + <properties> + <help>Outside NAT IP (source NAT only)</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IP address, subnet, or range</help> + <completionHelp> + <list>masquerade</list> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range to match</description> + </valueHelp> + <valueHelp> + <format>masquerade</format> + <description>NAT to the primary address of outbound-interface</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv4-address"/> + <validator name="ipv4-range"/> + <regex>(masquerade)</regex> + </constraint> + </properties> + </leafNode> + #include <include/nat-translation-port.xml.i> + </children> + </node> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/ntp.xml.in new file mode 100644 index 000000000..485487a42 --- /dev/null +++ b/interface-definitions/ntp.xml.in @@ -0,0 +1,84 @@ +<?xml version="1.0"?> +<!-- NTP configuration --> +<interfaceDefinition> + <node name="system"> + <children> + <node name="ntp" owner="${vyos_conf_scripts_dir}/ntp.py"> + <properties> + <help>Network Time Protocol (NTP) configuration</help> + <priority>400</priority> + </properties> + <children> + <tagNode name="server"> + <properties> + <help>Network Time Protocol (NTP) server</help> + </properties> + <children> + <leafNode name="noselect"> + <properties> + <help>Marks the server as unused</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="preempt"> + <properties> + <help>Specifies the association as preemptable rather than the default persistent</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="prefer"> + <properties> + <help>Marks the server as preferred</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + <node name="allow-clients"> + <properties> + <help>Network Time Protocol (NTP) server options</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IP address</help> + <valueHelp> + <format>ipv4net</format> + <description>IP address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ip-prefix"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="listen-address"> + <properties> + <help>Addresses to listen for NTP queries</help> + <valueHelp> + <format>ipv4</format> + <description>Network Time Protocol (NTP) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Network Time Protocol (NTP) IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + #include <include/interface-vrf.xml.i> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-bfd.xml.in b/interface-definitions/protocols-bfd.xml.in new file mode 100644 index 000000000..8900e7955 --- /dev/null +++ b/interface-definitions/protocols-bfd.xml.in @@ -0,0 +1,140 @@ +<?xml version="1.0"?> +<!-- Bidirectional Forwarding Detection (BFD) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="bfd" owner="${vyos_conf_scripts_dir}/protocols_bfd.py"> + <properties> + <help>Bidirectional Forwarding Detection (BFD)</help> + <priority>820</priority> + </properties> + <children> + <tagNode name="peer"> + <properties> + <help>Configures a new BFD peer to listen and talk to</help> + <valueHelp> + <format>ipv4</format> + <description>BFD peer IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>BFD peer IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + <node name="source"> + <properties> + <help>Bind listener to specified interface/address, mandatory for IPv6</help> + </properties> + <children> + <leafNode name="interface"> + <properties> + <help>Local interface to bind our peer listener to</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + </leafNode> + <leafNode name="address"> + <properties> + <help>Local address to bind our peer listener to</help> + <valueHelp> + <format>ipv4</format> + <description>Local IPv4 address used to connect to the peer</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Local IPv6 address used to connect to the peer</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="interval"> + <properties> + <help>Configure timer intervals</help> + </properties> + <children> + <leafNode name="receive"> + <properties> + <help>Minimum interval of receiving control packets</help> + <valueHelp> + <format>10-60000</format> + <description>Interval in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-60000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="transmit"> + <properties> + <help>Minimum interval of transmitting control packets</help> + <valueHelp> + <format>10-60000</format> + <description>Interval in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-60000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="multiplier"> + <properties> + <help>Multiplier to determine packet loss</help> + <valueHelp> + <format>2-255</format> + <description>Remote transmission interval will be multiplied by this value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 2-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="echo-interval"> + <properties> + <help>Echo receive transmission interval</help> + <valueHelp> + <format>10-60000</format> + <description>The minimal echo receive transmission interval that this system is capable of handling</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-60000"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="shutdown"> + <properties> + <help>Disable this peer</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="multihop"> + <properties> + <help>Allow this BFD peer to not be directly connected</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="echo-mode"> + <properties> + <help>Enables the echo transmission mode</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-bgp.xml.in b/interface-definitions/protocols-bgp.xml.in new file mode 100644 index 000000000..3a4600753 --- /dev/null +++ b/interface-definitions/protocols-bgp.xml.in @@ -0,0 +1,1205 @@ +<?xml version="1.0"?> +<!-- Border Gateway Protocol (BGP) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <tagNode name="nbgp" owner="${vyos_conf_scripts_dir}/protocols_bgp.py"> + <properties> + <help>Border Gateway Protocol (BGP) parameters</help> + <valueHelp> + <format><1-4294967294></format> + <description>AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + </constraint> + <priority>820</priority> + </properties> + <children> + <node name="address-family"> + <properties> + <help>BGP address-family parameters</help> + </properties> + <children> + <node name="ipv4-unicast"> + <properties> + <help>IPv4 BGP settings</help> + </properties> + <children> + <tagNode name="aggregate-address"> + <properties> + <help>BGP aggregate network</help> + <valueHelp> + <format>ipv4net</format> + <description>BGP aggregate network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp-afi-aggregate-address.xml.i> + </children> + </tagNode> + <tagNode name="network"> + <properties> + <help>BGP network</help> + <valueHelp> + <format>ipv4net</format> + <description>BGP network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="backdoor"> + <properties> + <help>Network as a backdoor route</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="route-map"> + <properties> + <help>Route-map to modify route attributes</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + </children> + </tagNode> + <node name="redistribute"> + <properties> + <help>Redistribute routes from other protocols into BGP</help> + </properties> + <children> + <node name="connected"> + <properties> + <help>Redistribute connected routes into BGP</help> + </properties> + <children> + #include <include/bgp-afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="kernel"> + <properties> + <help>Redistribute kernel routes into BGP</help> + </properties> + <children> + #include <include/bgp-afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="ospf"> + <properties> + <help>Redistribute OSPF routes into BGP</help> + </properties> + <children> + #include <include/bgp-afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="rip"> + <properties> + <help>Redistribute RIP routes into BGP</help> + </properties> + <children> + #include <include/bgp-afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="static"> + <properties> + <help>Redistribute static routes into BGP</help> + </properties> + <children> + #include <include/bgp-afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <leafNode name="table"> + <properties> + <help>Redistribute non-main Kernel Routing Table</help> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <node name="ipv6-unicast"> + <properties> + <help>IPv6 BGP settings</help> + </properties> + <children> + <tagNode name="aggregate-address"> + <properties> + <help>BGP aggregate network</help> + <valueHelp> + <format>ipv6net</format> + <description>Aggregate network</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + #include <include/bgp-afi-aggregate-address.xml.i> + </children> + </tagNode> + <tagNode name="network"> + <properties> + <help>BGP network</help> + <valueHelp> + <format>ipv6net</format> + <description>Aggregate network</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="path-limit"> + <properties> + <help>AS-path hopcount limit</help> + <valueHelp> + <format><0-255></format> + <description>AS path hop count limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="route-map"> + <properties> + <help>Route-map to modify route attributes</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + </children> + </tagNode> + <node name="redistribute"> + <properties> + <help>Redistribute routes from other protocols into BGP</help> + </properties> + <children> + <node name="connected"> + <properties> + <help>Redistribute connected routes into BGP</help> + </properties> + <children> + #include <include/bgp-afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="kernel"> + <properties> + <help>Redistribute kernel routes into BGP</help> + </properties> + <children> + #include <include/bgp-afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="ospf"> + <properties> + <help>Redistribute OSPF routes into BGP</help> + </properties> + <children> + #include <include/bgp-afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="rip"> + <properties> + <help>Redistribute RIP routes into BGP</help> + </properties> + <children> + #include <include/bgp-afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <node name="static"> + <properties> + <help>Redistribute static routes into BGP</help> + </properties> + <children> + #include <include/bgp-afi-redistribute-metric-route-map.xml.i> + </children> + </node> + <leafNode name="table"> + <properties> + <help>Redistribute non-main Kernel Routing Table</help> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="maximum-paths"> + <properties> + <help>BGP multipaths</help> + </properties> + <children> + <leafNode name="ebgp"> + <properties> + <help>Maximum ebgp multipaths</help> + <valueHelp> + <format><1-255></format> + <description>EBGP multipaths</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ibgp"> + <properties> + <help>Maximum ibgp multipaths</help> + <valueHelp> + <format><1-255></format> + <description>EBGP multipaths</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <tagNode name="neighbor"> + <properties> + <help>BGP neighbor</help> + <valueHelp> + <format>ipv4</format> + <description>BGP neighbor IP address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>BGP neighbor IPv6 address</description> + </valueHelp> + <valueHelp> + <format><interface></format> + <description>Interface name</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + <regex>(en|eth|br|bond|gnv|vxlan|wg|tun)[0-9]+</regex> + </constraint> + </properties> + <children> + <node name="address-family"> + <properties> + <help>Parameters relating to IPv4 or IPv6 routes</help> + </properties> + <children> + #include <include/bgp-neighbor-afi-ipv4-unicast.xml.i> + #include <include/bgp-neighbor-afi-ipv6-unicast.xml.i> + </children> + </node> + <leafNode name="advertisement-interval"> + <properties> + <help>Minimum interval for sending routing updates</help> + <valueHelp> + <format><0-600></format> + <description>Advertisement interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600"/> + </constraint> + </properties> + </leafNode> + <node name="bfd"> + <properties> + <help>Enable Bidirectional Forwarding Detection (BFD) support</help> + </properties> + <children> + <leafNode name="check-control-plane-failure"> + <properties> + <help>Allow to write CBIT independence in BFD outgoing packets and read both C-BIT value of BFD and lookup BGP peer status</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="capability"> + <properties> + <help>Advertise capabilities to this neighbor</help> + </properties> + <children> + <leafNode name="dynamic"> + <properties> + <help>Advertise dynamic capability to this neighbor</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="extended-nexthop"> + <properties> + <help>Advertise extended-nexthop capability to this neighbor</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="description"> + <properties> + <help>Description for this neighbor</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-capability-negotiation"> + <properties> + <help>Disable capability negotiation with this neighbor</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-connected-check"> + <properties> + <help>Disable check to see if eBGP peer address is a connected route</help> + <valueless/> + </properties> + </leafNode> + <node name="disable-send-community"> + <properties> + <help>Disable sending community attributes to this neighbor (IPv4)</help> + </properties> + <children> + <leafNode name="extended"> + <properties> + <help>Disable sending extended community attributes to this neighbor (IPv4)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="standard"> + <properties> + <help>Disable sending standard community attributes to this neighbor (IPv4)</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="ebgp-multihop"> + <properties> + <help>Allow this EBGP neighbor to not be on a directly connected network</help> + <valueHelp> + <format><1-255></format> + <description>Number of hops</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <node name="interface"> + <properties> + <help>Interface parameters</help> + </properties> + <children> + <leafNode name="peer-group"> + <properties> + <help>Peer group for this peer</help> + </properties> + </leafNode> + <leafNode name="remote-as"> + <properties> + <help>Neighbor BGP AS number [REQUIRED]</help> + <completionHelp> + <list>external internal</list> + </completionHelp> + <valueHelp> + <format><1-4294967294></format> + <description>Neighbor AS number</description> + </valueHelp> + <valueHelp> + <format>external</format> + <description>Any AS different from the local AS</description> + </valueHelp> + <valueHelp> + <format>internal</format> + <description>Neighbor AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + <regex>(external|internal)</regex> + </constraint> + <constraintErrorMessage>Invalid ASN value</constraintErrorMessage> + </properties> + </leafNode> + <node name="v6only"> + <properties> + <help>Enable BGP with v6 link-local only</help> + </properties> + <children> + <leafNode name="peer-group"> + <properties> + <help>Peer group for this peer</help> + </properties> + </leafNode> + <leafNode name="remote-as"> + <properties> + <help>Neighbor BGP AS number [REQUIRED]</help> + <completionHelp> + <list>external internal</list> + </completionHelp> + <valueHelp> + <format><1-4294967294></format> + <description>Neighbor AS number</description> + </valueHelp> + <valueHelp> + <format>external</format> + <description>Any AS different from the local AS</description> + </valueHelp> + <valueHelp> + <format>internal</format> + <description>Neighbor AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + <regex>(external|internal)</regex> + </constraint> + <constraintErrorMessage>Invalid ASN value</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <tagNode name="local-as"> + <properties> + <help>Local AS number</help> + <valueHelp> + <format><1-4294967294></format> + <description>Local AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + </constraint> + </properties> + <children> + <leafNode name="no-prepend"> + <properties> + <help>Disable prepending local-as to updates from EBGP peers</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="override-capability"> + <properties> + <help>Ignore capability negotiation with specified neighbor</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="passive"> + <properties> + <help>Do not initiate a session with this neighbor</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="password"> + <properties> + <help>BGP MD5 password</help> + </properties> + </leafNode> + <leafNode name="peer-group"> + <properties> + <help>IPv4 peer group for this peer</help> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Neighbor BGP port</help> + <valueHelp> + <format><1-65535></format> + <description>Neighbor BGP port number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="remote-as"> + <properties> + <help>Neighbor BGP AS number [REQUIRED]</help> + <completionHelp> + <list>external internal</list> + </completionHelp> + <valueHelp> + <format><1-4294967294></format> + <description>Neighbor AS number</description> + </valueHelp> + <valueHelp> + <format>external</format> + <description>Any AS different from the local AS</description> + </valueHelp> + <valueHelp> + <format>internal</format> + <description>Neighbor AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + <regex>(external|internal)</regex> + </constraint> + <constraintErrorMessage>Invalid ASN value</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="shutdown"> + <properties> + <help>Administratively shut down neighbor</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="strict-capability-match"> + <properties> + <help>Enable strict capability negotiation</help> + <valueless/> + </properties> + </leafNode> + <node name="timers"> + <properties> + <help>Neighbor timers</help> + </properties> + <children> + <leafNode name="connect"> + <properties> + <help>BGP connect timer for this neighbor</help> + <valueHelp> + <format><1-65535></format> + <description>Connect timer in seconds</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Disable connect timer</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="holdtime"> + <properties> + <help>BGP hold timer for this neighbor</help> + <valueHelp> + <format><1-65535></format> + <description>Hold timer in seconds</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Hold timer disabled</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="keepalive"> + <properties> + <help>BGP keepalive interval for this neighbor</help> + <valueHelp> + <format><1-65535></format> + <description>Keepalive interval in seconds (default 60)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="ttl-security"> + <properties> + <help>Ttl security mechanism for this BGP peer</help> + </properties> + <children> + <leafNode name="hops"> + <properties> + <help>Number of the maximum number of hops to the BGP peer</help> + <valueHelp> + <format><1-254></format> + <description>Number of hops</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-254"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="update-source"> + <!-- Need to check format interfaces --> + <properties> + <help>Source IP of routing updates</help> + <valueHelp> + <format>ipv4</format> + <description>IP address of route source</description> + </valueHelp> + <valueHelp> + <format><interface></format> + <description>Interface as route source</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <regex>(en|eth|br|bond|gnv|vxlan|wg|tun)[0-9]+</regex> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <node name="parameters"> + <properties> + <help>BGP parameters</help> + </properties> + <children> + <leafNode name="always-compare-med"> + <properties> + <help>Always compare MEDs from different neighbors</help> + <valueless/> + </properties> + </leafNode> + <node name="bestpath"> + <properties> + <help>Default bestpath selection mechanism</help> + </properties> + <children> + <node name="as-path"> + <properties> + <help>AS-path attribute comparison parameters</help> + </properties> + <children> + <leafNode name="confed"> + <properties> + <help>Compare AS-path lengths including confederation sets and sequences</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ignore"> + <properties> + <help>Ignore AS-path length in selecting a route</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="multipath-relax"> + <properties> + <help>Allow load sharing across routes that have different AS paths (but same length)</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="compare-routerid"> + <properties> + <help>Compare the router-id for identical EBGP paths</help> + <valueless/> + </properties> + </leafNode> + <node name="med"> + <properties> + <help>MED attribute comparison parameters</help> + </properties> + <children> + <leafNode name="confed"> + <properties> + <help>Compare MEDs among confederation paths</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="missing-as-worst"> + <properties> + <help>Treat missing route as a MED as the least preferred one</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="cluster-id"> + <properties> + <help>Route-reflector cluster-id</help> + <valueHelp> + <format>ipv4</format> + <description>Route-reflector cluster-id</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <node name="confederation"> + <properties> + <help>AS confederation parameters</help> + </properties> + <children> + <leafNode name="identifier"> + <properties> + <help>Confederation AS identifier [REQUIRED]</help> + <valueHelp> + <format><1-4294967294></format> + <description>Confederation AS id</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + </constraint> + </properties> + </leafNode> + <leafNode name="peers"> + <properties> + <help>Peer ASs in the BGP confederation</help> + <valueHelp> + <format><1-4294967294></format> + <description>Peer AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="dampening"> + <properties> + <help>Enable route-flap dampening</help> + </properties> + <children> + <leafNode name="half-life"> + <properties> + <help>Half-life time for dampening [REQUIRED]</help> + <valueHelp> + <format><1-45></format> + <description>Half-life penalty in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-45"/> + </constraint> + </properties> + </leafNode> + <leafNode name="max-suppress-time"> + <properties> + <help>Maximum duration to suppress a stable route [REQUIRED]</help> + <valueHelp> + <format><1-255></format> + <description>Maximum suppress duration in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="re-use"> + <properties> + <help>Time to start reusing a route [REQUIRED]</help> + <valueHelp> + <format><1-20000></format> + <description>Re-use time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-20000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="start-suppress-time"> + <properties> + <help>When to start suppressing a route [REQUIRED]</help> + <valueHelp> + <format><1-20000></format> + <description>Start-suppress-time</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-20000"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="default"> + <properties> + <help>BGP defaults</help> + </properties> + <children> + <leafNode name="local-pref"> + <properties> + <help>Default local preference</help> + <valueHelp> + <format><0-4294967295></format> + <description>Local preference</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="no-ipv4-unicast"> + <properties> + <help>Deactivate IPv4 unicast for a peer by default</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="deterministic-med"> + <properties> + <help>Compare MEDs between different peers in the same AS</help> + <valueless/> + </properties> + </leafNode> + <node name="distance"> + <properties> + <help>Administratives distances for BGP routes</help> + </properties> + <children> + <node name="global"> + <properties> + <help>Global administratives distances for BGP routes</help> + </properties> + <children> + <leafNode name="external"> + <properties> + <help>Administrative distance for external BGP routes</help> + <valueHelp> + <format><1-255></format> + <description>Administrative distance for external BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="internal"> + <properties> + <help>Administrative distance for internal BGP routes</help> + <valueHelp> + <format><1-255></format> + <description>Administrative distance for internal BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="local"> + <properties> + <help>Administrative distance for local BGP routes</help> + <valueHelp> + <format><1-255></format> + <description>Administrative distance for internal BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <tagNode name="prefix"> + <properties> + <help>Administrative distance for a specific BGP prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>Administrative distance for a specific BGP prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="distance"> + <properties> + <help>Administrative distance for prefix</help> + <valueHelp> + <format><1-255></format> + <description>Administrative distance for external BGP routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <leafNode name="enforce-first-as"> + <properties> + <help>Require first AS in the path to match peer AS number</help> + <valueless/> + </properties> + </leafNode> + <node name="graceful-restart"> + <properties> + <help>Graceful restart capability parameters</help> + </properties> + <children> + <leafNode name="stalepath-time"> + <properties> + <help>Maximum time to hold onto restarting neighbors stale paths</help> + <valueHelp> + <format><1-3600></format> + <description>Hold time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="log-neighbor-changes"> + <properties> + <help>Log neighbor up/down changes and reset reason</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="network-import-check"> + <properties> + <help>Enable IGP route check for network statements</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-client-to-client-reflection"> + <properties> + <help>Disable client to client route reflection</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-fast-external-failover"> + <properties> + <help>Disable immediate session reset on peer link down event</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="router-id"> + <properties> + <help>BGP router id</help> + <valueHelp> + <format>ipv4</format> + <description>BGP router id</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <tagNode name="peer-group"> + <properties> + <help>BGP peer-group</help> + </properties> + <children> + <node name="address-family"> + <properties> + <help>BGP peer-group address-family parameters</help> + </properties> + <children> + #include <include/bgp-peer-group-afi-ipv4-unicast.xml.i> + #include <include/bgp-peer-group-afi-ipv6-unicast.xml.i> + </children> + </node> + <leafNode name="bfd"> + <properties> + <help>Enable Bidirectional Forwarding Detection (BFD) support</help> + <valueless/> + </properties> + </leafNode> + <node name="capability"> + <properties> + <help>Advertise capabilities to this peer-group</help> + </properties> + <children> + <leafNode name="dynamic"> + <properties> + <help>Advertise dynamic capability to this peer-group</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="extended-nexthop"> + <properties> + <help>Advertise extended-nexthop capability to this neighbor</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="description"> + <properties> + <help>Description for this peer-group</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-capability-negotiation"> + <properties> + <help>Disable capability negotiation with this peer-group</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-connected-check"> + <properties> + <help>Disable check to see if eBGP peer address is a connected route</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ebgp-multihop"> + <properties> + <help>Allow this EBGP peer-group to not be on a directly connected network</help> + <valueHelp> + <format><1-255></format> + <description>Number of hops</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <tagNode name="local-as"> + <properties> + <help>Local AS number [REQUIRED]</help> + <valueHelp> + <format><1-4294967294></format> + <description>Local AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + </constraint> + </properties> + <children> + <leafNode name="no-prepend"> + <properties> + <help>Disable prepending local-as to updates from EBGP peers</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="override-capability"> + <properties> + <help>Ignore capability negotiation with specified peer-group</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="passive"> + <properties> + <help>Do not intiate a session with this peer-group</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="password"> + <properties> + <help>BGP MD5 password</help> + </properties> + </leafNode> + <leafNode name="remote-as"> + <properties> + <help>Neighbor BGP AS number [REQUIRED]</help> + <completionHelp> + <list>external internal</list> + </completionHelp> + <valueHelp> + <format><1-4294967294></format> + <description>Neighbor AS number</description> + </valueHelp> + <valueHelp> + <format>external</format> + <description>Any AS different from the local AS</description> + </valueHelp> + <valueHelp> + <format>internal</format> + <description>Neighbor AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + <regex>(external|internal)</regex> + </constraint> + <constraintErrorMessage>Invalid ASN value</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="shutdown"> + <properties> + <help>Administratively shut down peer-group</help> + <valueless/> + </properties> + </leafNode> + <node name="ttl-security"> + <properties> + <help>Ttl security mechanism</help> + </properties> + <children> + <leafNode name="hops"> + <properties> + <help>Number of the maximum number of hops to the BGP peer</help> + <valueHelp> + <format><1-254></format> + <description>Number of hops</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-254"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="update-source"> + <!-- Need to check format interfaces --> + <properties> + <help>Source IP of routing updates</help> + <valueHelp> + <format>ipv4</format> + <description>IP address of route source</description> + </valueHelp> + <valueHelp> + <format><interface></format> + <description>Interface as route source</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <regex>(en|eth|br|bond|gnv|vxlan|wg|tun)[0-9]+</regex> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="route-map"> + <properties> + <help>Filter routes installed in local route map</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + <node name="timers"> + <properties> + <help>BGP protocol timers</help> + </properties> + <children> + <leafNode name="holdtime"> + <properties> + <help>BGP holdtime interval</help> + <valueHelp> + <format><4-65535></format> + <description>Hold-time in seconds (default 180)</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Do not hold routes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="keepalive"> + <properties> + <help>Keepalive interval</help> + <valueHelp> + <format><1-65535></format> + <description>Keep-alive time in seconds (default 60)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-igmp.xml.in b/interface-definitions/protocols-igmp.xml.in new file mode 100644 index 000000000..a9b11e1a3 --- /dev/null +++ b/interface-definitions/protocols-igmp.xml.in @@ -0,0 +1,88 @@ +<?xml version="1.0"?> +<!-- Internet Group Management Protocol (IGMP) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="igmp" owner="${vyos_conf_scripts_dir}/protocols_igmp.py"> + <properties> + <help>Internet Group Management Protocol (IGMP)</help> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>IGMP interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <tagNode name="join"> + <properties> + <help>IGMP join multicast group</help> + <valueHelp> + <format>ipv4</format> + <description>Multicast group address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="source"> + <properties> + <help>Source address</help> + <valueHelp> + <format>ipv4</format> + <description>Source address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="version"> + <properties> + <help>IGMP version</help> + <valueHelp> + <format>2-3</format> + <description>IGMP version</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 2-3"/> + </constraint> + </properties> + </leafNode> + <leafNode name="query-interval"> + <properties> + <help>IGMP host query interval</help> + <valueHelp> + <format>1-1800</format> + <description>Query interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1800"/> + </constraint> + </properties> + </leafNode> + <leafNode name="query-max-response-time"> + <properties> + <help>IGMP max query response time</help> + <valueHelp> + <format>10-250</format> + <description>Query response value in deci-seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-250"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-isis.xml.in b/interface-definitions/protocols-isis.xml.in new file mode 100644 index 000000000..988231108 --- /dev/null +++ b/interface-definitions/protocols-isis.xml.in @@ -0,0 +1,552 @@ +<?xml version="1.0"?> +<!-- Protocol IS-IS configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <tagNode name="isis" owner="${vyos_conf_scripts_dir}/protocols_isis.py"> + <properties> + <help>Intermediate System to Intermediate System (ISIS)</help> + <valueHelp> + <format>text(TAG)</format> + <description>ISO Routing area tag</description> + </valueHelp> + </properties> + <children> + <node name="area-password"> + <properties> + <help>Configure the authentication password for an area</help> + </properties> + <children> + <leafNode name="plaintext-password"> + <properties> + <help>Plain-text authentication type</help> + <valueHelp> + <format><text></format> + <description>Level-wide password</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="md5"> + <properties> + <help>MD5 authentication type</help> + <valueHelp> + <format><md5></format> + <description>Level-wide password</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + <node name="default-information"> + <properties> + <help>Control distribution of default information</help> + </properties> + <children> + <node name="originate"> + <properties> + <help>Distribute a default route</help> + </properties> + <children> + <node name="ipv4"> + <properties> + <help>Distribute default route for IPv4</help> + </properties> + <children> + <leafNode name="level-1"> + <properties> + <help>Distribute default route into level-1</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="level-2"> + <properties> + <help>Distribute default route into level-2</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="ipv6"> + <properties> + <help>Distribute default route for IPv6</help> + </properties> + <children> + <leafNode name="level-1"> + <properties> + <help>Distribute default route into level-1</help> + <completionHelp> + <list>always</list> + </completionHelp> + <valueHelp> + <format>always</format> + <description>Always advertise default route</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="level-2"> + <properties> + <help>Distribute default route into level-2</help> + <completionHelp> + <list>always</list> + </completionHelp> + <valueHelp> + <format>always</format> + <description>Always advertise default route</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="domain-password"> + <properties> + <help>Set the authentication password for a routing domain</help> + </properties> + <children> + <leafNode name="plaintext-password"> + <properties> + <help>Plain-text authentication type</help> + <valueHelp> + <format><text></format> + <description>Level-wide password</description> + </valueHelp> + </properties> + </leafNode> + <!-- <leafNode name="md5"> + <properties> + <help>MD5 authentication type</help> + <valueHelp> + <format><md5></format> + <description>Level-wide password</description> + </valueHelp> + </properties> + </leafNode> --> + </children> + </node> + <leafNode name="dynamic-hostname"> + <properties> + <help>Dynamic hostname for IS-IS</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="level"> + <properties> + <help>IS-IS level number</help> + <completionHelp> + <list>level-1 level-1-2 level-2</list> + </completionHelp> + <valueHelp> + <format>level-1</format> + <description>Act as a station router</description> + </valueHelp> + <valueHelp> + <format>level-1-2</format> + <description>Act as both a station and an area router</description> + </valueHelp> + <valueHelp> + <format>level-2</format> + <description>Act as an area router</description> + </valueHelp> + <constraint> + <regex>(level-1|level-1-2|level-2)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="lsp-gen-interval"> + <properties> + <help>Minimum interval between regenerating same LSP</help> + <valueHelp> + <format><1-120></format> + <description>Minimum interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-120"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lsp-mtu"> + <properties> + <help>Configure the maximum size of generated LSPs</help> + <valueHelp> + <format><128-4352></format> + <description>Maximum size of generated LSPs</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 128-4352"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lsp-refresh-interval"> + <properties> + <help>LSP refresh interval</help> + <valueHelp> + <format><1-65235></format> + <description>LSP refresh interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65235"/> + </constraint> + </properties> + </leafNode> + <leafNode name="max-lsp-lifetime"> + <properties> + <help>Maximum LSP lifetime</help> + <valueHelp> + <format><350-65535></format> + <description>LSP lifetime in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="metric-style"> + <properties> + <help>Use old-style (ISO 10589) or new-style packet formats</help> + <completionHelp> + <list>narrow transition wide</list> + </completionHelp> + <valueHelp> + <format>narrow</format> + <description>Use old style of TLVs with narrow metric</description> + </valueHelp> + <valueHelp> + <format>transition</format> + <description>Send and accept both styles of TLVs during transition</description> + </valueHelp> + <valueHelp> + <format>wide</format> + <description>Use new style of TLVs to carry wider metric</description> + </valueHelp> + <constraint> + <regex>(narrow|transition|wide)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="net"> + <properties> + <help>A Network Entity Title for this process (ISO only)</help> + <valueHelp> + <format>XX.XXXX. ... .XXX.XX</format> + <description>Network entity title (NET)</description> + </valueHelp> + <constraint> + <regex>[a-fA-F0-9]{2}(\.[a-fA-F0-9]{4}){3,9}\.[a-fA-F0-9]{2}</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="purge-originator"> + <properties> + <help>Use the RFC 6232 purge-originator</help> + <valueless/> + </properties> + </leafNode> + <node name="redistribute"> + <properties> + <help>Redistribute information from another routing protocol</help> + </properties> + <children> + <node name="ipv4"> + <properties> + <help>Redistribute IPv4 routes</help> + </properties> + <children> + <node name="bgp"> + <properties> + <help>Border Gateway Protocol (BGP)</help> + </properties> + <children> + #include <include/isis-redistribute-ipv4.xml.i> + </children> + </node> + <node name="connected"> + <properties> + <help>Redistribute connected routes into ISIS</help> + </properties> + <children> + #include <include/isis-redistribute-ipv4.xml.i> + </children> + </node> + <node name="kernel"> + <properties> + <help>Redistribute kernel routes into ISIS</help> + </properties> + <children> + #include <include/isis-redistribute-ipv4.xml.i> + </children> + </node> + <node name="ospf"> + <properties> + <help>Redistribute OSPF routes into ISIS</help> + </properties> + <children> + #include <include/isis-redistribute-ipv4.xml.i> + </children> + </node> + <node name="rip"> + <properties> + <help>Redistribute RIP routes into ISIS</help> + </properties> + <children> + #include <include/isis-redistribute-ipv4.xml.i> + </children> + </node> + <node name="static"> + <properties> + <help>Redistribute static routes into ISIS</help> + </properties> + <children> + #include <include/isis-redistribute-ipv4.xml.i> + </children> + </node> + </children> + </node> + </children> + </node> + <leafNode name="set-attached-bit"> + <properties> + <help>Set attached bit to identify as L1/L2 router for inter-area traffic</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="set-overload-bit"> + <properties> + <help>Set overload bit to avoid any transit traffic</help> + <valueless/> + </properties> + </leafNode> + <node name="spf-delay-ietf"> + <properties> + <help>IETF SPF delay algorithm</help> + </properties> + <children> + <leafNode name="init-delay"> + <properties> + <help>Delay used while in QUIET state</help> + <valueHelp> + <format><0-60000></format> + <description>Delay used while in QUIET state (in ms)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="short-delay"> + <properties> + <help>Delay used while in SHORT_WAIT state</help> + <valueHelp> + <format><0-60000></format> + <description>Delay used while in SHORT_WAIT state (in ms)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="long-delay"> + <properties> + <help>Delay used while in LONG_WAIT</help> + <valueHelp> + <format><0-60000></format> + <description>Delay used while in LONG_WAIT state (in ms)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="holddown"> + <properties> + <help>Time with no received IGP events before considering IGP stable</help> + <valueHelp> + <format><0-60000></format> + <description>Time with no received IGP events before considering IGP stable (in ms)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time-to-learn"> + <properties> + <help>Maximum duration needed to learn all the events related to a single failure</help> + <valueHelp> + <format><0-60000></format> + <description>Maximum duration needed to learn all the events related to a single failure (in ms)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60000"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="spf-interval"> + <properties> + <help>Minimum interval between SPF calculations</help> + <valueHelp> + <format><1-120></format> + <description>Minimum interval between consecutive SPFs in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-120"/> + </constraint> + </properties> + </leafNode> + <tagNode name="interface"> + <!-- (config-if)# ip router isis WORD (same as name of IS-IS process) + if any section of "interface" pesent --> + <properties> + <help>Interface params</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="bfd"> + <properties> + <help>Enable BFD support</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="circuit-type"> + <properties> + <help>Configure circuit type for interface</help> + <completionHelp> + <list>level-1 level-1-2 level-2-only</list> + </completionHelp> + <valueHelp> + <format>level-1</format> + <description>Level-1 only adjacencies are formed</description> + </valueHelp> + <valueHelp> + <format>level-1-2</format> + <description>Level-1-2 adjacencies are formed</description> + </valueHelp> + <valueHelp> + <format>level-2-only</format> + <description>Level-2 only adjacencies are formed</description> + </valueHelp> + <constraint> + <regex>(level-1|level-1-2|level-2-only)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="hello-padding"> + <properties> + <help>Add padding to IS-IS hello packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="hello-interval"> + <properties> + <help>Set Hello interval</help> + <valueHelp> + <format><1-600></format> + <description>Set Hello interval</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-600"/> + </constraint> + </properties> + </leafNode> + <leafNode name="hello-multiplier"> + <properties> + <help>Set Hello interval</help> + <valueHelp> + <format><2-100></format> + <description>Set multiplier for Hello holding time</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 2-100"/> + </constraint> + </properties> + </leafNode> + <leafNode name="metric"> + <properties> + <help>Set default metric for circuit</help> + <valueHelp> + <format><0-16777215></format> + <description>Default metric value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-16777215"/> + </constraint> + </properties> + </leafNode> + <node name="network"> + <properties> + <help>Set network type</help> + </properties> + <children> + <leafNode name="point-to-point"> + <properties> + <help>point-to-point network type</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="passive"> + <properties> + <help>Configure the passive mode for interface</help> + <valueless/> + </properties> + </leafNode> + <node name="password"> + <properties> + <help>Configure the authentication password for a circuit</help> + </properties> + <children> + <leafNode name="plaintext-password"> + <properties> + <help>Plain-text authentication type</help> + <valueHelp> + <format><text></format> + <description>Circuit password</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="priority"> + <properties> + <help>Set priority for Designated Router election</help> + <valueHelp> + <format><0-127></format> + <description>Priority value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-127"/> + </constraint> + </properties> + </leafNode> + <leafNode name="psnp-interval"> + <properties> + <help>Set PSNP interval in seconds</help> + <valueHelp> + <format><0-127></format> + <description>Priority value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-127"/> + </constraint> + </properties> + </leafNode> + <leafNode name="three-way-handshake"> + <properties> + <help>Enable/Disable three-way handshake</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-mpls.xml.in b/interface-definitions/protocols-mpls.xml.in new file mode 100644 index 000000000..3e9edbf72 --- /dev/null +++ b/interface-definitions/protocols-mpls.xml.in @@ -0,0 +1,122 @@ +<?xml version="1.0"?> +<!-- Multiprotocol Label Switching (MPLS) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="mpls" owner="${vyos_conf_scripts_dir}/protocols_mpls.py"> + <properties> + <help>Multiprotocol Label Switching (MPLS)</help> + <priority>299</priority> + </properties> + <children> + <node name="ldp"> + <properties> + <help>LDP options</help> + </properties> + <children> + <leafNode name="router-id"> + <properties> + <help>x.x.x.x Label Switch Router (LSR) id</help> + <valueHelp> + <format>ipv4</format> + <description>LSR ipv4 id</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <tagNode name="neighbor"> + <properties> + <help>LDP Id of neighbor</help> + <valueHelp> + <format>ipv4</format> + <description>neighbor IPv4 id</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="password"> + <properties> + <help>Peer password</help> + </properties> + </leafNode> + </children> + </tagNode> + <node name="discovery"> + <properties> + <help>Discovery parameters</help> + <valueHelp> + <format>ipv4</format> + <description>Discovery parameters</description> + </valueHelp> + </properties> + <children> + <leafNode name="hello-holdtime"> + <properties> + <help>Hello holdtime</help> + <valueHelp> + <format>1-65535</format> + <description>Time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="hello-interval"> + <properties> + <help>Hello interval</help> + <valueHelp> + <format>1-65535</format> + <description>Time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="transport-ipv4-address"> + <properties> + <help>Transport ipv4 address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 bind as transport</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="transport-ipv6-address"> + <properties> + <help>Transport ipv6 address</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 bind as transport</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="interface"> + <properties> + <help>Listen interface for LDP</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-multicast.xml.in b/interface-definitions/protocols-multicast.xml.in new file mode 100644 index 000000000..a06f2b287 --- /dev/null +++ b/interface-definitions/protocols-multicast.xml.in @@ -0,0 +1,95 @@ +<?xml version="1.0"?> +<!-- Multicast static routing configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="static"> + <children> + <node name="multicast" owner="${vyos_conf_scripts_dir}/protocols_static_multicast.py"> + <properties> + <help>Multicast static route</help> + </properties> + <children> + <tagNode name="route"> + <properties> + <help>Configure static unicast route into MRIB for multicast RPF lookup</help> + <valueHelp> + <format>ipv4net</format> + <description>Network</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + </properties> + <children> + <tagNode name="next-hop"> + <properties> + <help>Nexthop IPv4 address</help> + <valueHelp> + <format>ipv4</format> + <description>Nexthop IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="distance"> + <properties> + <help>Distance value for this route</help> + <valueHelp> + <format>1-255</format> + <description>Distance for this route</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + <tagNode name="interface-route"> + <properties> + <help>Multicast interface based route</help> + <valueHelp> + <format>ipv4net</format> + <description>Network</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + </properties> + <children> + <tagNode name="next-hop-interface"> + <properties> + <help>Next-hop interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="distance"> + <properties> + <help>Distance value for this route</help> + <valueHelp> + <format>1-255</format> + <description>Distance for this route</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-pim.xml.in b/interface-definitions/protocols-pim.xml.in new file mode 100644 index 000000000..6152045a7 --- /dev/null +++ b/interface-definitions/protocols-pim.xml.in @@ -0,0 +1,96 @@ +<?xml version="1.0"?> +<!-- Protocol Independent Multicast (PIM) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="pim" owner="${vyos_conf_scripts_dir}/protocols_pim.py"> + <properties> + <help>Protocol Independent Multicast (PIM)</help> + <priority>400</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>PIM interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="dr-priority"> + <properties> + <help>Designated Router Election Priority</help> + <valueHelp> + <format>1-4294967295</format> + <description>Value of the new DR Priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="hello"> + <properties> + <help>Hello Interval</help> + <valueHelp> + <format>1-180</format> + <description>Hello Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-180"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <node name="rp"> + <properties> + <help>Rendezvous Point</help> + </properties> + <children> + <tagNode name="address"> + <properties> + <help>Rendezvous Point address</help> + <valueHelp> + <format>ipv4</format> + <description>Rendezvous Point address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="group"> + <properties> + <help>Group Address range</help> + <valueHelp> + <format>ipv4net</format> + <description>Group Address range RFC 3171</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="keep-alive-timer"> + <properties> + <help>Keep alive Timer</help> + <valueHelp> + <format>31-60000</format> + <description>Keep alive Timer in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 31-60000"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-rip.xml.in b/interface-definitions/protocols-rip.xml.in new file mode 100644 index 000000000..107f0e0d5 --- /dev/null +++ b/interface-definitions/protocols-rip.xml.in @@ -0,0 +1,406 @@ +<!-- Routing Information Protocol (RIP) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="rip" owner="${vyos_conf_scripts_dir}/protocols_rip.py"> + <properties> + <help>Routing Information Protocol (RIP) parameters</help> + </properties> + <children> + <leafNode name="default-distance"> + <properties> + <help>Administrative distance</help> + <valueHelp> + <format><1-255></format> + <description>Administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <node name="default-information"> + <properties> + <help>Control distribution of default route</help> + </properties> + <children> + <leafNode name="originate"> + <properties> + <help>Distribute a default route</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="default-metric"> + <properties> + <help>Metric of redistributed routes</help> + <valueHelp> + <format><1-16></format> + <description>Redistributed routes metric</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16"/> + </constraint> + </properties> + </leafNode> + <node name="distribute-list"> + <properties> + <help>Filter networks in routing updates</help> + </properties> + <children> + <node name="access-list"> + <properties> + <help>Access-list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Access list to apply to input packets</help> + <valueHelp> + <format><0-4294967295></format> + <description>Access list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Access list to apply to output packets</help> + <valueHelp> + <format><0-4294967295></format> + <description>Access list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <tagNode name="interface"> + <properties> + <help>Apply filtering to an interface</help> + <valueHelp> + <format><text></format> + <description>Apply filtering to an interface</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <node name="access-list"> + <properties> + <help>Access list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Access list to apply to input packets</help> + <valueHelp> + <format><0-4294967295></format> + <description>Access list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Access list to apply to output packets</help> + <valueHelp> + <format><0-4294967295></format> + <description>Access list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="prefix-list"> + <properties> + <help>Prefix-list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Prefix-list to apply to input packets</help> + <valueHelp> + <format><text></format> + <description>Prefix-list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Prefix-list to apply to output packets</help> + <valueHelp> + <format><text></format> + <description>Prefix-list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + <node name="prefix-list"> + <properties> + <help>Prefix-list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Prefix-list to apply to input packets</help> + <valueHelp> + <format><text></format> + <description>Prefix-list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Prefix-list to apply to output packets</help> + <valueHelp> + <format><text></format> + <description>Prefix-list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="interface"> + <properties> + <help>Interface name</help> + <valueHelp> + <format><text></format> + <description>Apply filtering to an interface</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="neighbor"> + <properties> + <help>Neighbor router</help> + <valueHelp> + <format>ipv4</format> + <description>Neighbor router</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="network"> + <properties> + <help>RIP network</help> + <valueHelp> + <format>ipv4net</format> + <description>RIP network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <tagNode name="network-distance"> + <properties> + <help>Source network</help> + <valueHelp> + <format>ipv4net</format> + <description>Source network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="access-list"> + <properties> + <help>Access list</help> + <valueHelp> + <format><text></format> + <description>Access list</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="distance"> + <properties> + <help>Administrative distance for network</help> + <valueHelp> + <format><1-255></format> + <description>Administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="passive-interface"> + <properties> + <help>Passive interface</help> + <valueHelp> + <format><text></format> + <description>Suppress routing updates on interface</description> + </valueHelp> + <valueHelp> + <format>default</format> + <description>Suppress routing updates on all interfaces by default</description> + </valueHelp> + <completionHelp> + <list>default</list> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <node name="redistribute"> + <properties> + <help>Redistribute information from another routing protocol</help> + </properties> + <children> + <node name="bgp"> + <properties> + <help>Redistribute BGP routes</help> + </properties> + <children> + #include <include/rip-redistribute.xml.i> + </children> + </node> + <node name="connected"> + <properties> + <help>Redistribute connected routes</help> + </properties> + <children> + #include <include/rip-redistribute.xml.i> + </children> + </node> + <node name="kernel"> + <properties> + <help>Redistribute kernel routes</help> + </properties> + <children> + #include <include/rip-redistribute.xml.i> + </children> + </node> + <node name="ospf"> + <properties> + <help>Redistribute OSPF routes</help> + </properties> + <children> + #include <include/rip-redistribute.xml.i> + </children> + </node> + <node name="static"> + <properties> + <help>Redistribute static routes</help> + </properties> + <children> + #include <include/rip-redistribute.xml.i> + </children> + </node> + </children> + </node> + <leafNode name="route"> + <properties> + <help>RIP static route</help> + <valueHelp> + <format>ipv4net</format> + <description>RIP static route</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="timers"> + <properties> + <help>RIP timer values</help> + </properties> + <children> + <leafNode name="garbage-collection"> + <properties> + <help>Garbage collection timer</help> + <valueHelp> + <format><5-2147483647></format> + <description>Garbage colletion time (default 120)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-2147483647"/> + </constraint> + </properties> + </leafNode> + <leafNode name="timeout"> + <properties> + <help>Routing information timeout timer</help> + <valueHelp> + <format><5-2147483647></format> + <description>Routing information timeout timer (default 180)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-2147483647"/> + </constraint> + </properties> + </leafNode> + <leafNode name="update"> + <properties> + <help>Routing table update timer</help> + <valueHelp> + <format><5-2147483647></format> + <description>Routing table update timer in seconds (default 30)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-2147483647"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/salt-minion.xml.in b/interface-definitions/salt-minion.xml.in new file mode 100644 index 000000000..97f882a6a --- /dev/null +++ b/interface-definitions/salt-minion.xml.in @@ -0,0 +1,67 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="salt-minion" owner="${vyos_conf_scripts_dir}/salt-minion.py"> + <properties> + <help>Salt Minion</help> + <priority>500</priority> + </properties> + <children> + <leafNode name="hash"> + <properties> + <help>Hash used when discovering file on master server (default: sha256)</help> + <completionHelp> + <list>md5 sha1 sha224 sha256 sha384 sha512</list> + </completionHelp> + <constraint> + <regex>(md5|sha1|sha224|sha256|sha384|sha512)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="master"> + <properties> + <help>The hostname or IP address of the master.</help> + <valueHelp> + <format>ipv4</format> + <description>Remote syslog server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Remote syslog server FQDN</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid FQDN or IP address</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="id"> + <properties> + <help>Explicitly declare ID for this minion to use (default: hostname)</help> + </properties> + </leafNode> + <leafNode name="interval"> + <properties> + <help>Interval in minutes between updates (default: 60)</help> + <valueHelp> + <format><1-1440></format> + <description>Update interval in minutes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1440"/> + </constraint> + </properties> + </leafNode> + <leafNode name="master-key"> + <properties> + <help>URL with signature of master for auth reply verification</help> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service-ids-ddos-protection.xml.in new file mode 100644 index 000000000..93d4cc682 --- /dev/null +++ b/interface-definitions/service-ids-ddos-protection.xml.in @@ -0,0 +1,118 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="ids"> + <properties> + <help>Intrusion Detection System</help> + </properties> + <children> + <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_fastnetmon.py"> + <properties> + <help>FastNetMon detection and protection parameters</help> + <priority>731</priority> + </properties> + <children> + <leafNode name="alert-script"> + <properties> + <help>Path to fastnetmon alert script</help> + </properties> + </leafNode> + <leafNode name="direction"> + <properties> + <help>Direction for processing traffic</help> + <completionHelp> + <list>in out</list> + </completionHelp> + <constraint> + <regex>(in|out)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="listen-interface"> + <properties> + <help>Listen interface for mirroring traffic</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <node name="mode"> + <properties> + <help>Traffic capture modes</help> + </properties> + <children> + <!-- Future modes "mirror" "netflow" "combine (both)" --> + <leafNode name="mirror"> + <properties> + <help>Listen mirrored traffic mode</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="network"> + <properties> + <help>Define monitoring networks</help> + <valueHelp> + <format>ipv4net</format> + <description>Processed network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="threshold"> + <properties> + <help>Attack limits thresholds</help> + </properties> + <children> + <leafNode name="fps"> + <properties> + <help>Flows per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Flows per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mbps"> + <properties> + <help>Megabits per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Megabits per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + <leafNode name="pps"> + <properties> + <help>Packets per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Packets per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in new file mode 100644 index 000000000..59a9fe237 --- /dev/null +++ b/interface-definitions/service_console-server.xml.in @@ -0,0 +1,93 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="console-server" owner="${vyos_conf_scripts_dir}/service_console-server.py"> + <properties> + <help>Serial Console Server</help> + <priority>990</priority> + </properties> + <children> + <tagNode name="device"> + <properties> + <help>System serial interface name (ttyS or ttyUSB)</help> + <completionHelp> + <script>ls -1 /dev | grep ttyS</script> + <script>ls -1 /dev/serial/by-bus</script> + </completionHelp> + <valueHelp> + <format>ttySxxx</format> + <description>Regular serial interface</description> + </valueHelp> + <valueHelp> + <format>usbxbxpx</format> + <description>USB based serial interface</description> + </valueHelp> + <constraint> + <regex>^(ttyS\d+|usb\d+b.*p.*)$</regex> + </constraint> + </properties> + <children> + #include <include/interface-description.xml.i> + <leafNode name="speed"> + <properties> + <help>Serial port baud rate</help> + <completionHelp> + <list>300 1200 2400 4800 9600 19200 38400 57600 115200</list> + </completionHelp> + <constraint> + <regex>(300|1200|2400|4800|9600|19200|38400|57600|115200)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="data-bits"> + <properties> + <help>Serial port data bits (default: 8)</help> + <completionHelp> + <list>7 8</list> + </completionHelp> + <constraint> + <regex>(7|8)</regex> + </constraint> + </properties> + <defaultValue>8</defaultValue> + </leafNode> + <leafNode name="stop-bits"> + <properties> + <help>Serial port stop bits (default: 1)</help> + <completionHelp> + <list>1 2</list> + </completionHelp> + <constraint> + <regex>(1|2)</regex> + </constraint> + </properties> + <defaultValue>1</defaultValue> + </leafNode> + <leafNode name="parity"> + <properties> + <help>Parity setting (default: none)</help> + <completionHelp> + <list>even odd none</list> + </completionHelp> + <constraint> + <regex>(even|odd|none)</regex> + </constraint> + </properties> + <defaultValue>none</defaultValue> + </leafNode> + <node name="ssh"> + <properties> + <help>SSH remote access to this console</help> + </properties> + <children> + #include <include/port-number.xml.i> + </children> + </node> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in new file mode 100644 index 000000000..9ee5d5156 --- /dev/null +++ b/interface-definitions/service_ipoe-server.xml.in @@ -0,0 +1,208 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="ipoe-server" owner="${vyos_conf_scripts_dir}/service_ipoe-server.py"> + <properties> + <help>Internet Protocol over Ethernet (IPoE) Server</help> + <priority>900</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>Network interface to server IPoE</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="network-mode"> + <properties> + <help>Network Layer IPoE serves on</help> + <completionHelp> + <list>L2 L3</list> + </completionHelp> + <constraint> + <regex>(L2|L3)</regex> + </constraint> + <valueHelp> + <format>L2</format> + <description>client share the same subnet</description> + </valueHelp> + <valueHelp> + <format>L3</format> + <description>clients are behind this router</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="network"> + <properties> + <help>Enables clients to share the same network or each client has its own vlan</help> + <completionHelp> + <list>shared vlan</list> + </completionHelp> + <constraint> + <regex>(shared|vlan)</regex> + </constraint> + <valueHelp> + <format>shared</format> + <description>Multiple clients share the same network</description> + </valueHelp> + <valueHelp> + <format>vlan</format> + <description>One VLAN per client</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="client-subnet"> + <properties> + <help>Client address pool</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + </leafNode> + <node name="external-dhcp"> + <properties> + <help>DHCP requests will be forwarded</help> + </properties> + <children> + <leafNode name="dhcp-relay"> + <properties> + <help>DHCP Server the request will be redirected to.</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of the DHCP Server</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="giaddr"> + <properties> + <help>address of the relay agent (Relay Agent IP Address)</help> + </properties> + </leafNode> + </children> + </node> + <leafNode name="vlan-id"> + <properties> + <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help> + <constraint> + <validator name="numeric" argument="--range 1-4096"/> + </constraint> + <constraintErrorMessage>VLAN ID needs to be between 1 and 4096</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="vlan-range"> + <properties> + <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help> + <constraint> + <regex>(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})-(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + #include <include/accel-name-server.xml.in> + #include <include/accel-client-ipv6-pool.xml.in> + <node name="authentication"> + <properties> + <help>Client authentication methods</help> + </properties> + <children> + <leafNode name="mode"> + <properties> + <help>Authetication mode</help> + <completionHelp> + <list>local radius noauth</list> + </completionHelp> + <constraint> + <regex>(local|radius|noauth)</regex> + </constraint> + <valueHelp> + <format>local</format> + <description>Authentication based on local definition</description> + </valueHelp> + <valueHelp> + <format>radius</format> + <description>Authentication based on a RADIUS server</description> + </valueHelp> + <valueHelp> + <format>noauth</format> + <description>Authentication disabled</description> + </valueHelp> + </properties> + </leafNode> + <tagNode name="interface"> + <properties> + <help>Network interface the client mac will appear on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <tagNode name="mac-address"> + <properties> + <help>Client mac address allowed to receive an IP address</help> + <valueHelp> + <format>h:h:h:h:h:h</format> + <description>Hardware (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> + <children> + <node name="rate-limit"> + <properties> + <help>Upload/Download speed limits</help> + </properties> + <children> + <leafNode name="upload"> + <properties> + <help>Upload bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="download"> + <properties> + <help>Download bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="vlan-id"> + <properties> + <help>VLAN-ID of the client network</help> + <constraint> + <validator name="numeric" argument="--range 1-4096"/> + </constraint> + <constraintErrorMessage>VLAN ID needs to be between 1 and 4096</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + #include <include/radius-server.xml.i> + #include <include/accel-radius-additions.xml.in> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/service_mdns-repeater.xml.in b/interface-definitions/service_mdns-repeater.xml.in new file mode 100644 index 000000000..e21b1b27c --- /dev/null +++ b/interface-definitions/service_mdns-repeater.xml.in @@ -0,0 +1,37 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="mdns"> + <properties> + <help>Multicast DNS (mDNS) parameters</help> + </properties> + <children> + <node name="repeater" owner="${vyos_conf_scripts_dir}/service_mdns-repeater.py"> + <properties> + <help>mDNS repeater configuration</help> + <priority>990</priority> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Disable mDNS repeater service</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="interface"> + <properties> + <help>Interface to repeat mDNS advertisements [REQUIRED]</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in new file mode 100644 index 000000000..605f47b37 --- /dev/null +++ b/interface-definitions/service_pppoe-server.xml.in @@ -0,0 +1,491 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="pppoe-server" owner="${vyos_conf_scripts_dir}/service_pppoe-server.py"> + <properties> + <help>Point to Point over Ethernet (PPPoE) Server</help> + <priority>900</priority> + </properties> + <children> + <node name="snmp"> + <properties> + <help>Enable SNMP</help> + </properties> + <children> + <leafNode name="master-agent"> + <properties> + <help>enable SNMP master agent mode</help> + <valueless /> + </properties> + </leafNode> + </children> + </node> + <leafNode name="access-concentrator"> + <properties> + <help>Access concentrator name</help> + <constraint> + <regex>[a-zA-Z0-9]{1,100}</regex> + </constraint> + <constraintErrorMessage>access-concentrator name limited to alphanumerical characters only (max. 100)</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="session-control"> + <properties> + <help>control sessions count</help> + <constraint> + <regex>(deny|disable)</regex> + </constraint> + <constraintErrorMessage>Invalid value</constraintErrorMessage> + <valueHelp> + <format>disable</format> + <description>Disables session control</description> + </valueHelp> + <valueHelp> + <format>deny</format> + <description>Deny second session authorization</description> + </valueHelp> + <completionHelp> + <list>deny disable</list> + </completionHelp> + </properties> + </leafNode> + <node name="authentication"> + <properties> + <help>Authentication for remote access PPPoE Server</help> + </properties> + <children> + <node name="local-users"> + <properties> + <help>Local user authentication for PPPoE server</help> + </properties> + <children> + <tagNode name="username"> + <properties> + <help>User name for authentication</help> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable a PPPoE Server user</help> + </properties> + </leafNode> + <leafNode name="password"> + <properties> + <help>Password for authentication</help> + </properties> + </leafNode> + <leafNode name="static-ip"> + <properties> + <help>Static client IP address</help> + </properties> + </leafNode> + <node name="rate-limit"> + <properties> + <help>Upload/Download speed limits</help> + </properties> + <children> + <leafNode name="upload"> + <properties> + <help>Upload bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="download"> + <properties> + <help>Download bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> + #include <include/accel-auth-mode.xml.i> + #include <include/radius-server.xml.i> + #include <include/accel-radius-additions.xml.in> + <node name="radius"> + <children> + <node name="rate-limit"> + <properties> + <help>Upload/Download speed limits</help> + </properties> + <children> + <leafNode name="attribute"> + <properties> + <help>Specifies which radius attribute contains rate information. (default is Filter-Id)</help> + </properties> + </leafNode> + <leafNode name="vendor"> + <properties> + <help>Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius)</help> + </properties> + </leafNode> + <leafNode name="enable"> + <properties> + <help>Enables Bandwidth shaping via RADIUS</help> + <valueless /> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="protocols"> + <properties> + <help>Authentication protocol</help> + <valueHelp> + <format>pap</format> + <description>Allow PAP authentication [Password Authentication Protocol]</description> + </valueHelp> + <valueHelp> + <format>chap</format> + <description>Allow CHAP authentication [Challenge Handshake Authentication Protocol]</description> + </valueHelp> + <valueHelp> + <format>mschap</format> + <description>Allow MS-CHAP authentication [Microsoft Challenge Handshake Authentication Protocol, Version 1]</description> + </valueHelp> + <valueHelp> + <format>mschap-v2</format> + <description>Allow MS-CHAPv2 authentication [Microsoft Challenge Handshake Authentication Protocol, Version 2]</description> + </valueHelp> + <constraint> + <regex>(pap|chap|mschap|mschap-v2)</regex> + </constraint> + <completionHelp> + <list>pap chap mschap mschap-v2</list> + </completionHelp> + <multi /> + </properties> + </leafNode> + </children> + </node> + <node name="client-ip-pool"> + <properties> + <help>Pool of client IP addresses (must be within a /24)</help> + </properties> + <children> + <leafNode name="start"> + <properties> + <help>First IP address in the pool</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Last IP address in the pool</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="subnet"> + <properties> + <help>Client IP subnet (CIDR notation)</help> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage> + <multi /> + </properties> + </leafNode> + </children> + </node> + #include <include/accel-client-ipv6-pool.xml.in> + #include <include/accel-name-server.xml.in> + <tagNode name="interface"> + <properties> + <help>interface(s) to listen on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="vlan-id"> + <properties> + <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help> + <constraint> + <validator name="numeric" argument="--range 1-4096"/> + </constraint> + <constraintErrorMessage>VLAN ID needs to be between 1 and 4096</constraintErrorMessage> + <multi /> + </properties> + </leafNode> + <leafNode name="vlan-range"> + <properties> + <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help> + <constraint> + <regex>(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})-(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})</regex> + </constraint> + <multi /> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="local-ip"> + <properties> + <help>local gateway address</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU) - default 1492</help> + <constraint> + <validator name="numeric" argument="--range 128-16384"/> + </constraint> + </properties> + </leafNode> + <node name="limits"> + <properties> + <help>Limits the connection rate from a single source</help> + </properties> + <children> + <leafNode name="connection-limit"> + <properties> + <help>Acceptable rate of connections (e.g. 1/min, 60/sec)</help> + <constraint> + <regex>[0-9]+\/(min|sec)$</regex> + </constraint> + <constraintErrorMessage>illegal value</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="burst"> + <properties> + <help>Burst count</help> + </properties> + </leafNode> + <leafNode name="timeout"> + <properties> + <help>Timeout in seconds</help> + </properties> + </leafNode> + </children> + </node> + <leafNode name="service-name"> + <properties> + <help>Service name</help> + <constraint> + <regex>[a-zA-Z0-9\-]{1,100}</regex> + </constraint> + <constraintErrorMessage>servicename can contain aplhanumerical characters and dashes only (max. 100)</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + #include <include/accel-wins-server.xml.i> + <node name="ppp-options"> + <properties> + <help>Advanced protocol options</help> + </properties> + <children> + <leafNode name="min-mtu"> + <properties> + <help>Minimum acceptable MTU (68-65535)</help> + <constraint> + <validator name="numeric" argument="--range 68-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mru"> + <properties> + <help>Preferred MRU (68-65535)</help> + <constraint> + <validator name="numeric" argument="--range 68-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ccp"> + <properties> + <help>CCP negotiation (default disabled)</help> + <valueless /> + </properties> + </leafNode> + <leafNode name="mppe"> + <properties> + <help>Specifies MPPE negotiation preference. (default prefer mppe)</help> + <completionHelp> + <list>deny prefer require</list> + </completionHelp> + <valueHelp> + <format>deny</format> + <description>Deny MPPE</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>Ask client for MPPE - do not fail on reject</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>Ask client for MPPE - drop connection on reject</description> + </valueHelp> + <constraint> + <regex>^(deny|prefer|require)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="lcp-echo-interval"> + <properties> + <help>LCP echo-requests/sec</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lcp-echo-failure"> + <properties> + <help>Maximum number of Echo-Requests may be sent without valid reply</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lcp-echo-timeout"> + <properties> + <help>Timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used.</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ipv4"> + <properties> + <help>IPv4 (IPCP) negotiation algorithm</help> + <constraint> + <regex>(deny|allow|prefer|require)</regex> + </constraint> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>deny</format> + <description>Do not negotiate IPv4</description> + </valueHelp> + <valueHelp> + <format>allow</format> + <description>Negotiate IPv4 only if client requests</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>Ask client for IPv4 negotiation, do not fail if it rejects</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>Require IPv4 negotiation</description> + </valueHelp> + <completionHelp> + <list>deny allow prefer require</list> + </completionHelp> + </properties> + </leafNode> + <leafNode name="ipv6"> + <properties> + <help>IPv6 (IPCP6) negotiation algorithm</help> + <constraint> + <regex>(deny|allow|prefer|require)</regex> + </constraint> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>deny</format> + <description>Do not negotiate IPv6</description> + </valueHelp> + <valueHelp> + <format>allow</format> + <description>Negotiate IPv6 only if client requests</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>Ask client for IPv6 negotiation, do not fail if it rejects</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>Require IPv6 negotiation</description> + </valueHelp> + <completionHelp> + <list>deny allow prefer require</list> + </completionHelp> + </properties> + </leafNode> + <leafNode name="ipv6-intf-id"> + <properties> + <help>Fixed or random interface identifier for IPv6</help> + <valueHelp> + <format>random</format> + <description>Random interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>x:x:x:x</format> + <description>specify interface identifier for IPv6</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="ipv6-peer-intf-id"> + <properties> + <help>Peer interface identifier for IPv6</help> + <valueHelp> + <format>x:x:x:x</format> + <description>Interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>random</format> + <description>Use a random interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>ipv4</format> + <description>Calculate interface identifier from IPv4 address, for example 192:168:0:1</description> + </valueHelp> + <valueHelp> + <format>calling-sid</format> + <description>Calculate interface identifier from calling-station-id</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="ipv6-accept-peer-intf-id"> + <properties> + <help>Accept peer interface identifier</help> + <valueless /> + </properties> + </leafNode> + </children> + </node> + <tagNode name="pado-delay"> + <properties> + <help>PADO delays</help> + <valueHelp> + <format>1-999999</format> + <description>Number in ms</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Invalid PADO delay</constraintErrorMessage> + </properties> + <children> + <leafNode name="sessions"> + <properties> + <help>Number of sessions</help> + <valueHelp> + <format>1-999999</format> + <description>Number of sessions</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Invalid number of delayed sessions</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in new file mode 100644 index 000000000..5a472fc9a --- /dev/null +++ b/interface-definitions/service_router-advert.xml.in @@ -0,0 +1,273 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="router-advert" owner="${vyos_conf_scripts_dir}/service_router-advert.py"> + <properties> + <help>IPv6 Router Advertisements (RAs) service</help> + <priority>900</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>Interface to send DDNS updates for [REQUIRED]</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="hop-limit"> + <properties> + <help>Set Hop Count field of the IP header for outgoing packets (default: 64)</help> + <valueHelp> + <format>1-255</format> + <description>Value should represent current diameter of the Internet</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Unspecified (by this router)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + <constraintErrorMessage>Hop count must be between 0 and 255</constraintErrorMessage> + </properties> + <defaultValue>64</defaultValue> + </leafNode> + <leafNode name="default-lifetime"> + <properties> + <help>Lifetime associated with the default router in units of seconds</help> + <valueHelp> + <format>4-9000</format> + <description>Router Lifetime in seconds</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Not a default router</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-0 --range 4-9000"/> + </constraint> + <constraintErrorMessage>Default router livetime bust be 0 or between 4 and 9000</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="default-preference"> + <properties> + <help>Preference associated with the default router,</help> + <completionHelp> + <list>low medium high</list> + </completionHelp> + <valueHelp> + <format>low</format> + <description>Default router has low preference</description> + </valueHelp> + <valueHelp> + <format>medium</format> + <description>Default router has medium preference (default)</description> + </valueHelp> + <valueHelp> + <format>high</format> + <description>Default router has high preference</description> + </valueHelp> + <constraint> + <regex>^(low|medium|high)$</regex> + </constraint> + <constraintErrorMessage>Default preference must be low, medium or high</constraintErrorMessage> + </properties> + <defaultValue>medium</defaultValue> + </leafNode> + <leafNode name="dnssl"> + <properties> + <help>DNS search list</help> + <multi/> + </properties> + </leafNode> + <leafNode name="link-mtu"> + <properties> + <help>Link MTU value placed in RAs, exluded in RAs if unset</help> + <valueHelp> + <format>1280-9000</format> + <description>Link MTU value in RAs</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1280-9000"/> + </constraint> + <constraintErrorMessage>Link MTU must be between 1280 and 9000</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="managed-flag"> + <properties> + <help>Hosts use the administered (stateful) protocol for address autoconfiguration in addition to any addresses autoconfigured using SLAAC</help> + <valueless/> + </properties> + </leafNode> + <node name="interval"> + <properties> + <help>Set interval between unsolicited multicast RAs</help> + </properties> + <children> + <leafNode name="max"> + <properties> + <help>Maximum interval between unsolicited multicast RAs (default: 600)</help> + <valueHelp> + <format>4-1800</format> + <description>Maximum interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 4-1800"/> + </constraint> + <constraintErrorMessage>Maximum interval must be between 4 and 1800 seconds</constraintErrorMessage> + </properties> + <defaultValue>600</defaultValue> + </leafNode> + <leafNode name="min"> + <properties> + <help>Minimum interval between unsolicited multicast RAs</help> + <valueHelp> + <format>3-1350</format> + <description>Minimum interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 3-1350"/> + </constraint> + <constraintErrorMessage>Minimum interval must be between 3 and 1350 seconds</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <leafNode name="name-server"> + <properties> + <help>IPv6 address of recursive DNS server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of DNS name server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="other-config-flag"> + <properties> + <help>Hosts use the administered (stateful) protocol for autoconfiguration of other (non-address) information</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>IPv6 prefix to be advertised in Router Advertisements (RAs)</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix to be advertized</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="no-autonomous-flag"> + <properties> + <help>Prefix can not be used for stateless address auto-configuration</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-on-link-flag"> + <properties> + <help>Prefix can not be used for on-link determination</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="preferred-lifetime"> + <properties> + <help>Time in seconds that the prefix will remain preferred (default 4 hours)</help> + <completionHelp> + <list>infinity</list> + </completionHelp> + <valueHelp> + <format>0-4294967295</format> + <description>Time in seconds that the prefix will remain preferred</description> + </valueHelp> + <valueHelp> + <format>infinity</format> + <description>Prefix will remain preferred forever</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + <regex>^(infinity)$</regex> + </constraint> + </properties> + <defaultValue>14400</defaultValue> + </leafNode> + <leafNode name="valid-lifetime"> + <properties> + <help>Time in seconds that the prefix will remain valid (default: 30 days)</help> + <completionHelp> + <list>infinity</list> + </completionHelp> + <valueHelp> + <format>1-4294967295</format> + <description>Time in seconds that the prefix will remain valid</description> + </valueHelp> + <valueHelp> + <format>infinity</format> + <description>Prefix will remain preferred forever</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + <regex>(infinity)</regex> + </constraint> + </properties> + <defaultValue>2592000</defaultValue> + </leafNode> + </children> + </tagNode> + <leafNode name="reachable-time"> + <properties> + <help>Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation</help> + <valueHelp> + <format>1-3600000</format> + <description>Reachable Time value in RAs (in milliseconds)</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Reachable Time unspecified by this router</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-0 --range 1-3600000"/> + </constraint> + <constraintErrorMessage>Reachable time must be 0 or between 1 and 3600000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + <leafNode name="retrans-timer"> + <properties> + <help>Time in milliseconds between retransmitted Neighbor Solicitation messages</help> + <valueHelp> + <format>1-4294967295</format> + <description>Minimum interval in milliseconds</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Time, in milliseconds, between retransmitted Neighbor Solicitation messages</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-0 --range 1-4294967295"/> + </constraint> + <constraintErrorMessage>Retransmit interval must be 0 or between 1 and 4294967295 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + <leafNode name="no-send-advert"> + <properties> + <help>Do not send router adverts</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in new file mode 100644 index 000000000..2fe8ce583 --- /dev/null +++ b/interface-definitions/snmp.xml.in @@ -0,0 +1,631 @@ +<?xml version="1.0"?> +<!-- SNMP forwarder configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="snmp" owner="${vyos_conf_scripts_dir}/snmp.py"> + <properties> + <help>Simple Network Management Protocol (SNMP)</help> + <priority>980</priority> + </properties> + <children> + <tagNode name="community"> + <properties> + <help>Community name</help> + <constraint> + <regex>^[a-zA-Z0-9\-_]{1,100}$</regex> + </constraint> + <constraintErrorMessage>Community string is limited to alphanumerical characters only with a total lenght of 100</constraintErrorMessage> + </properties> + <children> + <leafNode name="authorization"> + <properties> + <help>Authorization type (default: 'ro')</help> + <completionHelp> + <list>ro rw</list> + </completionHelp> + <valueHelp> + <format>ro</format> + <description>read only</description> + </valueHelp> + <valueHelp> + <format>rw</format> + <description>read write</description> + </valueHelp> + <constraint> + <regex>^(ro|rw)$</regex> + </constraint> + <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="client"> + <properties> + <help>IP address of SNMP client allowed to contact system</help> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="network"> + <properties> + <help>Subnet of SNMP client(s) allowed to contact system</help> + <valueHelp> + <format>ipv4net</format> + <description>IP address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="contact"> + <properties> + <help>Contact information</help> + <constraint> + <regex>^.{1,255}$</regex> + </constraint> + <constraintErrorMessage>Contact information is limited to 255 characters or less</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="description"> + <properties> + <help>Description information</help> + <constraint> + <regex>^.{1,255}$</regex> + </constraint> + <constraintErrorMessage>Description is limited to 255 characters or less</constraintErrorMessage> + </properties> + </leafNode> + <tagNode name="listen-address"> + <properties> + <help>IP address to listen for incoming SNMP requests</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to listen for incoming SNMP requests</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to listen for incoming SNMP requests</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + <leafNode name="port"> + <properties> + <help>Port for SNMP service (default: '161')</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + <constraintErrorMessage>Port number must be in range 1 to 65535</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="location"> + <properties> + <help>Location information</help> + <constraint> + <regex>^.{1,255}$</regex> + </constraint> + <constraintErrorMessage>Location is limited to 255 characters or less</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="smux-peer"> + <properties> + <help>Register a subtree for SMUX-based processing</help> + <valueHelp> + <format>oid</format> + <description>Object Identifier</description> + </valueHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="trap-source"> + <properties> + <help>SNMP trap source address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <tagNode name="trap-target"> + <properties> + <help>Address of trap target</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + <leafNode name="community"> + <properties> + <help>Community used when sending trap information</help> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Destination port used for trap notification</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + <constraintErrorMessage>Port number must be in range 1 to 65535</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + <node name="v3"> + <properties> + <help>Simple Network Management Protocol (SNMP) v3</help> + </properties> + <children> + <leafNode name="engineid"> + <properties> + <help>Specifies the EngineID that uniquely identify an agent (e.g. 000000000000000000000002)</help> + <constraint> + <regex>^([0-9a-f][0-9a-f]){1,18}$</regex> + </constraint> + <constraintErrorMessage>ID must contain an even number (from 2 to 36) of hex digits</constraintErrorMessage> + </properties> + </leafNode> + <tagNode name="group"> + <properties> + <help>Specifies the group with name groupname</help> + </properties> + <children> + <leafNode name="mode"> + <properties> + <help>Define group access permission (default: 'ro')</help> + <completionHelp> + <list>ro rw</list> + </completionHelp> + <valueHelp> + <format>ro</format> + <description>read only</description> + </valueHelp> + <valueHelp> + <format>rw</format> + <description>read write</description> + </valueHelp> + <constraint> + <regex>^(ro|rw)$</regex> + </constraint> + <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="seclevel"> + <properties> + <help>Security levels</help> + <completionHelp> + <list>noauth auth priv</list> + </completionHelp> + <valueHelp> + <format>noauth</format> + <description>Messages not authenticated and not encrypted (noAuthNoPriv)</description> + </valueHelp> + <valueHelp> + <format>auth</format> + <description>Messages are authenticated but not encrypted (authNoPriv)</description> + </valueHelp> + <valueHelp> + <format>priv</format> + <description>Messages are authenticated and encrypted (authPriv)</description> + </valueHelp> + <constraint> + <regex>^(noauth|auth|priv)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="view"> + <properties> + <help>Defines the name of view</help> + <completionHelp> + <path>service snmp v3 view</path> + </completionHelp> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="trap-target"> + <properties> + <help>Defines SNMP target for inform or traps for IP</help> + <valueHelp> + <format>ipv4</format> + <description>IP address of trap target</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of trap target</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + <node name="auth"> + <properties> + <help>Defines the privacy</help> + </properties> + <children> + <leafNode name="encrypted-password"> + <properties> + <help>Defines the encrypted key for authentication</help> + <constraint> + <regex>^[0-9a-f]*$</regex> + </constraint> + <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="plaintext-password"> + <properties> + <help>Defines the clear text key for authentication</help> + <constraint> + <regex>^.{8,}$</regex> + </constraint> + <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>Defines the protocol used for authentication (default: 'md5')</help> + <completionHelp> + <list>md5 sha</list> + </completionHelp> + <valueHelp> + <format>md5</format> + <description>Message Digest 5</description> + </valueHelp> + <valueHelp> + <format>sha</format> + <description>Secure Hash Algorithm</description> + </valueHelp> + <constraint> + <regex>^(md5|sha)$</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="port"> + <properties> + <help>Specifies TCP/UDP port of destination SNMP traps/informs (default: '162')</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + <constraintErrorMessage>Port number must be in range 1 to 65535</constraintErrorMessage> + </properties> + </leafNode> + <node name="privacy"> + <properties> + <help>Defines the privacy</help> + </properties> + <children> + <leafNode name="encrypted-password"> + <properties> + <help>Defines the encrypted key for privacy protocol</help> + <constraint> + <regex>^[0-9a-f]*$</regex> + </constraint> + <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="plaintext-password"> + <properties> + <help>Defines the clear text key for privacy protocol</help> + <constraint> + <regex>^.{8,}$</regex> + </constraint> + <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>Defines the protocol for privacy (default: 'des')</help> + <completionHelp> + <list>des aes</list> + </completionHelp> + <valueHelp> + <format>des</format> + <description>Data Encryption Standard</description> + </valueHelp> + <valueHelp> + <format>aes</format> + <description>Advanced Encryption Standard</description> + </valueHelp> + <constraint> + <regex>^(des|aes)$</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="protocol"> + <properties> + <help>Defines protocol for notification between TCP and UDP</help> + <completionHelp> + <list>tcp udp</list> + </completionHelp> + <valueHelp> + <format>tcp</format> + <description>Use Transmission Control Protocol for notifications</description> + </valueHelp> + <valueHelp> + <format>udp</format> + <description>Use User Datagram Protocol for notifications</description> + </valueHelp> + <constraint> + <regex>^(tcp|udp)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>Specifies the type of notification between inform and trap (default: 'inform')</help> + <completionHelp> + <list>inform trap</list> + </completionHelp> + <valueHelp> + <format>inform</format> + <description>Use INFORM</description> + </valueHelp> + <valueHelp> + <format>trap</format> + <description>Use TRAP</description> + </valueHelp> + <constraint> + <regex>^(inform|trap)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="user"> + <properties> + <help>Defines username for authentication</help> + <completionHelp> + <path>service snmp v3 user</path> + </completionHelp> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="user"> + <properties> + <help>Specifies the user with name username</help> + <constraint> + <regex>[^\(\)\|\-]+$</regex> + </constraint> + <constraintErrorMessage>Illegal characters in name</constraintErrorMessage> + </properties> + <children> + <node name="auth"> + <properties> + <help>Specifies the auth</help> + </properties> + <children> + <leafNode name="encrypted-password"> + <properties> + <help>Defines the encrypted key for authentication</help> + <constraint> + <regex>^[0-9a-f]*$</regex> + </constraint> + <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="plaintext-password"> + <properties> + <help>Defines the clear text key for authentication</help> + <constraint> + <regex>^.{8,}$</regex> + </constraint> + <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>Defines the protocol used for authentication (default: 'md5')</help> + <completionHelp> + <list>md5 sha</list> + </completionHelp> + <valueHelp> + <format>md5</format> + <description>Message Digest 5</description> + </valueHelp> + <valueHelp> + <format>sha</format> + <description>Secure Hash Algorithm</description> + </valueHelp> + <constraint> + <regex>^(md5|sha)$</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="group"> + <properties> + <help>Specifies group for user name</help> + <completionHelp> + <path>service snmp v3 group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="mode"> + <properties> + <help>Define users access permission (default: 'ro')</help> + <completionHelp> + <list>ro rw</list> + </completionHelp> + <valueHelp> + <format>ro</format> + <description>read only</description> + </valueHelp> + <valueHelp> + <format>rw</format> + <description>read write</description> + </valueHelp> + <constraint> + <regex>^(ro|rw)$</regex> + </constraint> + <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> + </properties> + </leafNode> + <node name="privacy"> + <properties> + <help>Defines the privacy</help> + </properties> + <children> + <leafNode name="encrypted-password"> + <properties> + <help>Defines the encrypted key for privacy protocol</help> + <constraint> + <regex>^[0-9a-f]*$</regex> + </constraint> + <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="plaintext-password"> + <properties> + <help>Defines the clear text key for privacy protocol</help> + <constraint> + <regex>^.{8,}$</regex> + </constraint> + <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>Defines the protocol for privacy (default: 'des')</help> + <completionHelp> + <list>des aes</list> + </completionHelp> + <valueHelp> + <format>des</format> + <description>Data Encryption Standard</description> + </valueHelp> + <valueHelp> + <format>aes</format> + <description>Advanced Encryption Standard</description> + </valueHelp> + <constraint> + <regex>^(des|aes)$</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + <tagNode name="view"> + <properties> + <help>Specifies the view with name viewname</help> + <constraint> + <regex>[^\(\)\|\-]+$</regex> + </constraint> + <constraintErrorMessage>Illegal characters in name</constraintErrorMessage> + </properties> + <children> + <tagNode name="oid"> + <properties> + <help>Specifies the oid</help> + <constraint> + <regex>^[0-9]+(\.[0-9]+)*$</regex> + </constraint> + <constraintErrorMessage>OID must start from a number</constraintErrorMessage> + </properties> + <children> + <leafNode name="exclude"> + <properties> + <help>Exclude is an optional argument</help> + </properties> + </leafNode> + <leafNode name="mask"> + <properties> + <help>Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant</help> + <constraint> + <regex>^[0-9a-f]{2}([\.:][0-9a-f]{2})*$</regex> + </constraint> + <constraintErrorMessage>MASK is a list of hex octets, separated by '.' or ':'</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> + <node name="script-extensions"> + <properties> + <help>SNMP script extensions</help> + </properties> + <children> + <tagNode name="extension-name"> + <properties> + <help>Extension name</help> + <constraint> + <regex>^[a-z0-9\.\-\_]+</regex> + </constraint> + <constraintErrorMessage>Script extension contains invalid characters</constraintErrorMessage> + </properties> + <children> + <leafNode name="script"> + <properties> + <help>Script location and name</help> + <completionHelp> + <script>ls /config/user-data</script> + </completionHelp> + <constraint> + <regex>^[a-z0-9\.\-\_\/]+</regex> + </constraint> + <constraintErrorMessage>Script extension contains invalid characters</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + #include <include/interface-vrf.xml.i> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in new file mode 100644 index 000000000..d253c2f34 --- /dev/null +++ b/interface-definitions/ssh.xml.in @@ -0,0 +1,207 @@ +<?xml version="1.0"?> +<!--SSH configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="ssh" owner="${vyos_conf_scripts_dir}/ssh.py"> + <properties> + <help>Secure Shell (SSH)</help> + <priority>500</priority> + </properties> + <children> + <node name="access-control"> + <properties> + <help>SSH user/group access controls. Directives are processed + in the following order: deny-users, allow-users, deny-groups and + allow-groups.</help> + </properties> + <children> + <node name="allow"> + <properties> + <help>Allow user/group SSH access</help> + </properties> + <children> + <leafNode name="group"> + <properties> + <help>Allow members of a group to login</help> + <constraint> + <regex>[a-z_][a-z0-9_-]{1,31}[$]?</regex> + </constraint> + <constraintErrorMessage>illegal characters or more than 32 characters</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="user"> + <properties> + <help>Allow specific users to login</help> + <constraint> + <regex>[a-z_][a-z0-9_-]{1,31}[$]?</regex> + </constraint> + <constraintErrorMessage>illegal characters or more than 32 characters</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> + <node name="deny"> + <properties> + <help>Deny user/group SSH access</help> + </properties> + <children> + <leafNode name="group"> + <properties> + <help>Disallow members of a group to login</help> + <constraint> + <regex>[a-z_][a-z0-9_-]{1,31}[$]?</regex> + </constraint> + <constraintErrorMessage>illegal characters or more than 32 characters</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="user"> + <properties> + <help>Disallow specific users to login</help> + <constraint> + <regex>[a-z_][a-z0-9_-]{1,31}[$]?</regex> + </constraint> + <constraintErrorMessage>illegal characters or more than 32 characters</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="ciphers"> + <properties> + <help>Allowed ciphers</help> + <completionHelp> + <!-- generated by ssh -Q cipher | tr '\n' ' ' as this will not change dynamically --> + <list>3des-cbc aes128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com chacha20-poly1305@openssh.com</list> + </completionHelp> + <constraint> + <regex>^(3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|rijndael-cbc@lysator.liu.se|aes128-ctr|aes192-ctr|aes256-ctr|aes128-gcm@openssh.com|aes256-gcm@openssh.com|chacha20-poly1305@openssh.com)$</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="disable-host-validation"> + <properties> + <help>Disable IP Address to Hostname lookup</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-password-authentication"> + <properties> + <help>Disable password-based authentication</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="key-exchange"> + <properties> + <help>Allowed key exchange (KEX) algorithms</help> + <completionHelp> + <!-- generated by ssh -Q kex | tr '\n' ' ' as this will not change dynamically --> + <list>diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256 curve25519-sha256@libssh.org</list> + </completionHelp> + <multi/> + <constraint> + <regex>^(diffie-hellman-group1-sha1|diffie-hellman-group14-sha1|diffie-hellman-group14-sha256|diffie-hellman-group16-sha512|diffie-hellman-group18-sha512|diffie-hellman-group-exchange-sha1|diffie-hellman-group-exchange-sha256|ecdh-sha2-nistp256|ecdh-sha2-nistp384|ecdh-sha2-nistp521|curve25519-sha256|curve25519-sha256@libssh.org)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="listen-address"> + <properties> + <help>Local addresses SSH service should listen on</help> + <valueHelp> + <format>ipv4</format> + <description>IP address to listen for incoming connections</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to listen for incoming connections</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="loglevel"> + <properties> + <help>Log level</help> + <completionHelp> + <list>quiet fatal error info verbose</list> + </completionHelp> + <valueHelp> + <format>quiet</format> + <description>stay silent</description> + </valueHelp> + <valueHelp> + <format>fatal</format> + <description>log fatals only</description> + </valueHelp> + <valueHelp> + <format>error</format> + <description>log errors and fatals only</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>default log level</description> + </valueHelp> + <valueHelp> + <format>verbose</format> + <description>enable logging of failed login attempts</description> + </valueHelp> + <constraint> + <regex>^(quiet|fatal|error|info|verbose)$</regex> + </constraint> + </properties> + <defaultValue>INFO</defaultValue> + </leafNode> + <leafNode name="mac"> + <properties> + <help>Allowed message authentication code (MAC) algorithms</help> + <completionHelp> + <!-- generated by ssh -Q mac | tr '\n' ' ' as this will not change dynamically --> + <list>hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 umac-64@openssh.com umac-128@openssh.com hmac-sha1-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-md5-etm@openssh.com hmac-md5-96-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com</list> + </completionHelp> + <constraint> + <regex>^(hmac-sha1|hmac-sha1-96|hmac-sha2-256|hmac-sha2-512|hmac-md5|hmac-md5-96|umac-64@openssh.com|umac-128@openssh.com|hmac-sha1-etm@openssh.com|hmac-sha1-96-etm@openssh.com|hmac-sha2-256-etm@openssh.com|hmac-sha2-512-etm@openssh.com|hmac-md5-etm@openssh.com|hmac-md5-96-etm@openssh.com|umac-64-etm@openssh.com|umac-128-etm@openssh.com)$</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Port for SSH service</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <multi/> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>22</defaultValue> + </leafNode> + <leafNode name="client-keepalive-interval"> + <properties> + <help>Enable transmission of keepalives from server to client</help> + <valueHelp> + <format>1-65535</format> + <description>Time interval in seconds for keepalive message</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + #include <include/interface-vrf.xml.i> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-console.xml.in b/interface-definitions/system-console.xml.in new file mode 100644 index 000000000..71e63d0cb --- /dev/null +++ b/interface-definitions/system-console.xml.in @@ -0,0 +1,90 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="console" owner="${vyos_conf_scripts_dir}/system_console.py"> + <properties> + <help>Serial console configuration</help> + <priority>100</priority> + </properties> + <children> + <tagNode name="device"> + <properties> + <help>Serial console device name</help> + <completionHelp> + <script>ls -1 /dev | grep -e ttyS -e hvc</script> + <script>if [ -d /dev/serial/by-bus ]; then ls -1 /dev/serial/by-bus; fi</script> + </completionHelp> + <valueHelp> + <format>ttySN</format> + <description>TTY device name, regular serial port</description> + </valueHelp> + <valueHelp> + <format>usbNbXpY</format> + <description>TTY device name, USB based</description> + </valueHelp> + <valueHelp> + <format>hvcN</format> + <description>Xen console</description> + </valueHelp> + <constraint> + <regex>^(ttyS[0-9]+|hvc[0-9]+|usb[0-9]+b.*)$</regex> + </constraint> + </properties> + <children> + <leafNode name="speed"> + <properties> + <help>Console baud rate</help> + <completionHelp> + <list>1200 2400 4800 9600 19200 38400 57600 115200</list> + </completionHelp> + <valueHelp> + <format>1200</format> + <description>1200 bps</description> + </valueHelp> + <valueHelp> + <format>2400</format> + <description>2400 bps</description> + </valueHelp> + <valueHelp> + <format>4800</format> + <description>4800 bps</description> + </valueHelp> + <valueHelp> + <format>9600</format> + <description>9600 bps</description> + </valueHelp> + <valueHelp> + <format>19200</format> + <description>19200 bps</description> + </valueHelp> + <valueHelp> + <format>38400</format> + <description>38400 bps</description> + </valueHelp> + <valueHelp> + <format>57600</format> + <description>57600 bps</description> + </valueHelp> + <valueHelp> + <format>115200</format> + <description>115200 bps</description> + </valueHelp> + <constraint> + <regex>(1200|2400|4800|9600|19200|38400|57600|115200)</regex> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="powersave"> + <properties> + <help>Enable screen blank powersaving on VGA console</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-ip.xml.in b/interface-definitions/system-ip.xml.in new file mode 100644 index 000000000..14b3b8a07 --- /dev/null +++ b/interface-definitions/system-ip.xml.in @@ -0,0 +1,58 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="ip" owner="${vyos_conf_scripts_dir}/system-ip.py"> + <properties> + <help>IPv4 Settings</help> + <priority>400</priority> + </properties> + <children> + <node name="arp"> + <properties> + <help>Parameters for ARP cache</help> + </properties> + <children> + <leafNode name="table-size"> + <properties> + <help>Maximum number of entries to keep in the ARP cache</help> + <completionHelp> + <list>1024 2048 4096 8192 16384 32768</list> + </completionHelp> + <constraint> + <regex>(1024|2048|4096|8192|16384|32768)</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="disable-forwarding"> + <properties> + <help>Disable IPv4 forwarding on all interfaces</help> + <valueless/> + </properties> + </leafNode> + <node name="multipath"> + <properties> + <help>IPv4 multipath settings</help> + </properties> + <children> + <leafNode name="ignore-unreachable-nexthops"> + <properties> + <help>Ignore next hops that are not in the ARP table</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="layer4-hashing"> + <properties> + <help>Use layer 4 information for ECMP hashing</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-ipv6.xml.in b/interface-definitions/system-ipv6.xml.in new file mode 100644 index 000000000..47fbeb4e1 --- /dev/null +++ b/interface-definitions/system-ipv6.xml.in @@ -0,0 +1,64 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="ipv6" owner="${vyos_conf_scripts_dir}/system-ipv6.py"> + <properties> + <help>IPv6 Settings</help> + <priority>290</priority> + </properties> + <children> + <leafNode name="disable-forwarding"> + <properties> + <help>Disable IPv6 forwarding on all interfaces</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable"> + <properties> + <help>Disable assignment of IPv6 addresses on all interfaces</help> + <valueless/> + </properties> + </leafNode> + <node name="multipath"> + <properties> + <help>IPv4 multipath settings</help> + </properties> + <children> + <leafNode name="layer4-hashing"> + <properties> + <help>Use layer 4 information for ECMP hashing</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="neighbor"> + <properties> + <help>Parameters for Neighbor cache</help> + </properties> + <children> + <leafNode name="table-size"> + <properties> + <help>Maximum number of entries to keep in the Neighbor cache</help> + <completionHelp> + <list>1024 2048 4096 8192 16384 32768</list> + </completionHelp> + <constraint> + <regex>(1024|2048|4096|8192|16384|32768)</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="strict-dad"> + <properties> + <help>Disable IPv6 operation on interface when DAD fails on LL addr</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-lcd.xml.in b/interface-definitions/system-lcd.xml.in new file mode 100644 index 000000000..36116ae1b --- /dev/null +++ b/interface-definitions/system-lcd.xml.in @@ -0,0 +1,66 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="lcd" owner="${vyos_conf_scripts_dir}/system_lcd.py"> + <properties> + <help>System LCD display</help> + <priority>100</priority> + </properties> + <children> + <leafNode name="model"> + <properties> + <help>Model of the display attached to this system [REQUIRED]</help> + <completionHelp> + <list>cfa-533 cfa-631 cfa-633 cfa-635 sdec</list> + </completionHelp> + <valueHelp> + <format>cfa-533</format> + <description>Crystalfontz CFA-533</description> + </valueHelp> + <valueHelp> + <format>cfa-631</format> + <description>Crystalfontz CFA-631</description> + </valueHelp> + <valueHelp> + <format>cfa-633</format> + <description>Crystalfontz CFA-633</description> + </valueHelp> + <valueHelp> + <format>cfa-635</format> + <description>Crystalfontz CFA-635</description> + </valueHelp> + <valueHelp> + <format>sdec</format> + <description>Lanner, Watchguard, Nexcom NSA, Sophos UTM appliances</description> + </valueHelp> + <constraint> + <regex>^(cfa-533|cfa-631|cfa-633|cfa-635|sdec)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="device"> + <properties> + <help>Physical device used by LCD display</help> + <completionHelp> + <script>ls -1 /dev | grep ttyS</script> + <script>if [ -d /dev/serial/by-bus ]; then ls -1 /dev/serial/by-bus; fi</script> + </completionHelp> + <valueHelp> + <format>ttySXX</format> + <description>TTY device name, regular serial port</description> + </valueHelp> + <valueHelp> + <format>usbNbXpY</format> + <description>TTY device name, USB based</description> + </valueHelp> + <constraint> + <regex>^(ttyS[0-9]+|usb[0-9]+b.*)$</regex> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-login-banner.xml.in b/interface-definitions/system-login-banner.xml.in new file mode 100644 index 000000000..c4bb14bd6 --- /dev/null +++ b/interface-definitions/system-login-banner.xml.in @@ -0,0 +1,32 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="login" owner="${vyos_conf_scripts_dir}/system-login.py"> + <properties> + <help>System User Login Configuration</help> + <priority>400</priority> + </properties> + <children> + <node name="banner" owner="${vyos_conf_scripts_dir}/system-login-banner.py"> + <properties> + <help>System login banners</help> + </properties> + <children> + <leafNode name="post-login"> + <properties> + <help>System loging banner post-login</help> + </properties> + </leafNode> + <leafNode name="pre-login"> + <properties> + <help>System loging banner pre-login</help> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in new file mode 100644 index 000000000..812a50c8a --- /dev/null +++ b/interface-definitions/system-login.xml.in @@ -0,0 +1,152 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="login" owner="${vyos_conf_scripts_dir}/system-login.py"> + <properties> + <help>System User Login Configuration</help> + <priority>400</priority> + </properties> + <children> + <tagNode name="user"> + <properties> + <help>Local user account information</help> + <constraint> + <regex>[a-zA-Z0-9\-_\.]{1,100}</regex> + </constraint> + <constraintErrorMessage>Username contains illegal characters or\nexceeds 100 character limitation.</constraintErrorMessage> + </properties> + <children> + <node name="authentication"> + <properties> + <help>Password authentication</help> + </properties> + <children> + <leafNode name="encrypted-password"> + <properties> + <help>Encrypted password</help> + <constraint> + <regex>(\*|\!)</regex> + <regex>[a-zA-Z0-9\.\/]{13}$</regex> + <regex>\$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22}</regex> + <regex>\$5\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex> + <regex>\$6\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex> + </constraint> + <constraintErrorMessage>Invalid encrypted password for $VAR(../../@).</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="plaintext-password"> + <properties> + <help>Plaintext password used for encryption</help> + </properties> + </leafNode> + <tagNode name="public-keys"> + <properties> + <help>Remote access public keys</help> + <valueHelp> + <format>>identifier<</format> + <description>Key identifier used by ssh-keygen (usually of form user@host)</description> + </valueHelp> + </properties> + <children> + <leafNode name="key"> + <properties> + <help>Public key value (base64-encoded)</help> + </properties> + </leafNode> + <leafNode name="options"> + <properties> + <help>Optional public key options</help> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help></help> + <completionHelp> + <list>ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519</list> + </completionHelp> + <valueHelp> + <format>ssh-dss</format> + <description/> + </valueHelp> + <valueHelp> + <format>ssh-rsa</format> + <description/> + </valueHelp> + <valueHelp> + <format>ecdsa-sha2-nistp256</format> + <description/> + </valueHelp> + <valueHelp> + <format>ecdsa-sha2-nistp384</format> + <description/> + </valueHelp> + <valueHelp> + <format>ssh-ed25519</format> + <description/> + </valueHelp> + <constraint> + <regex>(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519)</regex> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <leafNode name="full-name"> + <properties> + <help>Full name of the user (use quotes for names with spaces)</help> + <constraint> + <regex>[^:]*$</regex> + </constraint> + <constraintErrorMessage>Cannot use ':' in full name</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="home-directory"> + <properties> + <help>Home directory</help> + </properties> + </leafNode> + </children> + </tagNode> + #include <include/radius-server.xml.i> + <node name="radius"> + <children> + <tagNode name="server"> + <children> + <leafNode name="timeout"> + <properties> + <help>Session timeout</help> + <valueHelp> + <format>1-30</format> + <description>Session timeout in seconds (default: 2)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-30"/> + </constraint> + <constraintErrorMessage>Timeout must be between 1 and 30 seconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="priority"> + <properties> + <help>Server priority</help> + <valueHelp> + <format>1-255</format> + <description>Server priority (default: 255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + #include <include/interface-vrf.xml.i> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-options.xml.in b/interface-definitions/system-options.xml.in new file mode 100644 index 000000000..a5fec10db --- /dev/null +++ b/interface-definitions/system-options.xml.in @@ -0,0 +1,68 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="options" owner="${vyos_conf_scripts_dir}/system-options.py"> + <properties> + <help>System Options</help> + <priority>9999</priority> + </properties> + <children> + <leafNode name="beep-if-fully-booted"> + <properties> + <help>plays sound via system speaker when you can login</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ctrl-alt-del-action"> + <properties> + <help>Ctrl-Alt-Delete action</help> + <completionHelp> + <list>ignore reboot poweroff</list> + </completionHelp> + <valueHelp> + <format>ignore</format> + <description>Ignore Ctrl-Alt-Delete</description> + </valueHelp> + <valueHelp> + <format>reboot</format> + <description>Reboot VyOS</description> + </valueHelp> + <valueHelp> + <format>poweroff</format> + <description>Poweroff VyOS</description> + </valueHelp> + <constraint> + <regex>^(ignore|reboot|poweroff)$</regex> + </constraint> + <constraintErrorMessage>Must be ignore, reboot, or poweroff</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="reboot-on-panic"> + <properties> + <help>Reboot system on kernel panic</help> + <valueless/> + </properties> + </leafNode> + <node name="http-client"> + <properties> + <help>Global options used for HTTP client</help> + </properties> + <children> + #include <include/source-interface.xml.i> + #include <include/source-address-ipv4-ipv6.xml.i> + </children> + </node> + <node name="ssh-client"> + <properties> + <help>Global options used for SSH client</help> + </properties> + <children> + #include <include/source-address-ipv4-ipv6.xml.i> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-proxy.xml.in b/interface-definitions/system-proxy.xml.in new file mode 100644 index 000000000..540fa97e3 --- /dev/null +++ b/interface-definitions/system-proxy.xml.in @@ -0,0 +1,43 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="proxy" owner="${vyos_conf_scripts_dir}/system-proxy.py"> + <properties> + <help>Sets a proxy for system wide use</help> + </properties> + <children> + <leafNode name="url"> + <properties> + <help>Proxy URL</help> + <constraint> + <regex>http:\/\/[a-z0-9\.]+$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Proxy port</help> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="username"> + <properties> + <help>Proxy username</help> + <constraint> + <regex>[a-z0-9-_\.]{1,100}$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="password"> + <properties> + <help>Proxy password</help> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-syslog.xml.in b/interface-definitions/system-syslog.xml.in new file mode 100644 index 000000000..194cdb851 --- /dev/null +++ b/interface-definitions/system-syslog.xml.in @@ -0,0 +1,949 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="syslog" owner="${vyos_conf_scripts_dir}/system-syslog.py"> + <properties> + <help>System logging</help> + <priority>400</priority> + </properties> + <children> + <tagNode name="user"> + <properties> + <help>Logging to specific terminal of given user</help> + <constraint> + <regex>[a-z_][a-z0-9_-]{1,31}[$]?</regex> + </constraint> + <constraintErrorMessage>illegal characters in user</constraintErrorMessage> + <valueHelp> + <format>username</format> + <description>user login name</description> + </valueHelp> + </properties> + <children> + <tagNode name="facility"> + <properties> + <help>Facility for logging</help> + <completionHelp> + <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> + </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> + <valueHelp> + <format>all</format> + <description>All facilities excluding "mark"</description> + </valueHelp> + <valueHelp> + <format>auth</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>authpriv</format> + <description>Non-system authorization</description> + </valueHelp> + <valueHelp> + <format>cron</format> + <description>Cron daemon</description> + </valueHelp> + <valueHelp> + <format>daemon</format> + <description>System daemons</description> + </valueHelp> + <valueHelp> + <format>kern</format> + <description>Kernel</description> + </valueHelp> + <valueHelp> + <format>lpr</format> + <description>Line printer spooler</description> + </valueHelp> + <valueHelp> + <format>mail</format> + <description>Mail subsystem</description> + </valueHelp> + <valueHelp> + <format>mark</format> + <description>Timestamp</description> + </valueHelp> + <valueHelp> + <format>news</format> + <description>USENET subsystem</description> + </valueHelp> + <valueHelp> + <format>protocols</format> + <description>depricated will be set to local7</description> + </valueHelp> + <valueHelp> + <format>security</format> + <description>depricated will be set to auth</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>user</format> + <description>Application processes</description> + </valueHelp> + <valueHelp> + <format>uucp</format> + <description>UUCP subsystem</description> + </valueHelp> + <valueHelp> + <format>local0</format> + <description>Local facility 0</description> + </valueHelp> + <valueHelp> + <format>local1</format> + <description>Local facility 1</description> + </valueHelp> + <valueHelp> + <format>local2</format> + <description>Local facility 2</description> + </valueHelp> + <valueHelp> + <format>local3</format> + <description>Local facility 3</description> + </valueHelp> + <valueHelp> + <format>local4</format> + <description>Local facility 4</description> + </valueHelp> + <valueHelp> + <format>local5</format> + <description>Local facility 5</description> + </valueHelp> + <valueHelp> + <format>local6</format> + <description>Local facility 6</description> + </valueHelp> + <valueHelp> + <format>local7</format> + <description>Local facility 7</description> + </valueHelp> + </properties> + <children> + <leafNode name="level"> + <properties> + <help>Logging level</help> + <completionHelp> + <list>emerg alert crit err warning notice info debug all</list> + </completionHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> + <valueHelp> + <format>emerg</format> + <description>Emergency messages</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Urgent messages</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical messages</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error messages</description> + </valueHelp> + <valueHelp> + <format>warning</format> + <description>Warning messages</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Messages for further investigation</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Informational messages</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug messages</description> + </valueHelp> + <valueHelp> + <format>all</format> + <description>Log everything</description> + </valueHelp> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + <tagNode name="host"> + <properties> + <help>Logging to a remote host</help> + <constraint> + <validator name="ip-address"/> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid host (FQDN or IP address)</constraintErrorMessage> + <valueHelp> + <format>ipv4</format> + <description>Remote syslog server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Remote syslog server FQDN</description> + </valueHelp> + </properties> + <children> + <leafNode name="port"> + <properties> + <help>Destination port</help> + <valueHelp> + <format>1-65535</format> + <description>Destination port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + <constraintErrorMessage>Invalid destination port value</constraintErrorMessage> + </properties> + </leafNode> + <tagNode name="facility"> + <properties> + <help>Facility for logging</help> + <completionHelp> + <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> + </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> + <valueHelp> + <format>all</format> + <description>All facilities excluding "mark"</description> + </valueHelp> + <valueHelp> + <format>auth</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>authpriv</format> + <description>Non-system authorization</description> + </valueHelp> + <valueHelp> + <format>cron</format> + <description>Cron daemon</description> + </valueHelp> + <valueHelp> + <format>daemon</format> + <description>System daemons</description> + </valueHelp> + <valueHelp> + <format>kern</format> + <description>Kernel</description> + </valueHelp> + <valueHelp> + <format>lpr</format> + <description>Line printer spooler</description> + </valueHelp> + <valueHelp> + <format>mail</format> + <description>Mail subsystem</description> + </valueHelp> + <valueHelp> + <format>mark</format> + <description>Timestamp</description> + </valueHelp> + <valueHelp> + <format>news</format> + <description>USENET subsystem</description> + </valueHelp> + <valueHelp> + <format>protocols</format> + <description>depricated will be set to local7</description> + </valueHelp> + <valueHelp> + <format>security</format> + <description>depricated will be set to auth</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>user</format> + <description>Application processes</description> + </valueHelp> + <valueHelp> + <format>uucp</format> + <description>UUCP subsystem</description> + </valueHelp> + <valueHelp> + <format>local0</format> + <description>Local facility 0</description> + </valueHelp> + <valueHelp> + <format>local1</format> + <description>Local facility 1</description> + </valueHelp> + <valueHelp> + <format>local2</format> + <description>Local facility 2</description> + </valueHelp> + <valueHelp> + <format>local3</format> + <description>Local facility 3</description> + </valueHelp> + <valueHelp> + <format>local4</format> + <description>Local facility 4</description> + </valueHelp> + <valueHelp> + <format>local5</format> + <description>Local facility 5</description> + </valueHelp> + <valueHelp> + <format>local6</format> + <description>Local facility 6</description> + </valueHelp> + <valueHelp> + <format>local7</format> + <description>Local facility 7</description> + </valueHelp> + </properties> + <children> + <leafNode name="protocol"> + <properties> + <help>syslog communication protocol</help> + <valueHelp> + <format>udp</format> + <description>send log messages to remote syslog server over udp</description> + </valueHelp> + <valueHelp> + <format>tcp</format> + <description>send log messages to remote syslog server over tcp</description> + </valueHelp> + <completionHelp> + <list>udp tcp</list> + </completionHelp> + <constraint> + <regex>(udp|tcp)</regex> + </constraint> + <constraintErrorMessage>invalid protocol name</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="level"> + <properties> + <help>Logging level</help> + <completionHelp> + <list>emerg alert crit err warning notice info debug all</list> + </completionHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> + <valueHelp> + <format>emerg</format> + <description>Emergency messages</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Urgent messages</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical messages</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error messages</description> + </valueHelp> + <valueHelp> + <format>warning</format> + <description>Warning messages</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Messages for further investigation</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Informational messages</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug messages</description> + </valueHelp> + <valueHelp> + <format>all</format> + <description>Log everything</description> + </valueHelp> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + <node name="global"> + <properties> + <help>Logging to system standard location</help> + </properties> + <children> + <node name="archive"> + <properties> + <help>Log file size and rotation characteristics</help> + </properties> + <children> + <leafNode name="file"> + <properties> + <help>Number of saved files (default is 5)</help> + <constraint> + <regex>[0-9]+</regex> + </constraint> + <constraintErrorMessage>illegal characters in number of files</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="size"> + <properties> + <help>Size of log files (in kbytes, default is 256)</help> + <constraint> + <regex>[0-9]+</regex> + </constraint> + <constraintErrorMessage>illegal characters in size</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <tagNode name="facility"> + <properties> + <help>Facility for logging</help> + <completionHelp> + <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> + </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> + <valueHelp> + <format>all</format> + <description>All facilities excluding "mark"</description> + </valueHelp> + <valueHelp> + <format>auth</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>authpriv</format> + <description>Non-system authorization</description> + </valueHelp> + <valueHelp> + <format>cron</format> + <description>Cron daemon</description> + </valueHelp> + <valueHelp> + <format>daemon</format> + <description>System daemons</description> + </valueHelp> + <valueHelp> + <format>kern</format> + <description>Kernel</description> + </valueHelp> + <valueHelp> + <format>lpr</format> + <description>Line printer spooler</description> + </valueHelp> + <valueHelp> + <format>mail</format> + <description>Mail subsystem</description> + </valueHelp> + <valueHelp> + <format>mark</format> + <description>Timestamp</description> + </valueHelp> + <valueHelp> + <format>news</format> + <description>USENET subsystem</description> + </valueHelp> + <valueHelp> + <format>protocols</format> + <description>depricated will be set to local7</description> + </valueHelp> + <valueHelp> + <format>security</format> + <description>depricated will be set to auth</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>user</format> + <description>Application processes</description> + </valueHelp> + <valueHelp> + <format>uucp</format> + <description>UUCP subsystem</description> + </valueHelp> + <valueHelp> + <format>local0</format> + <description>Local facility 0</description> + </valueHelp> + <valueHelp> + <format>local1</format> + <description>Local facility 1</description> + </valueHelp> + <valueHelp> + <format>local2</format> + <description>Local facility 2</description> + </valueHelp> + <valueHelp> + <format>local3</format> + <description>Local facility 3</description> + </valueHelp> + <valueHelp> + <format>local4</format> + <description>Local facility 4</description> + </valueHelp> + <valueHelp> + <format>local5</format> + <description>Local facility 5</description> + </valueHelp> + <valueHelp> + <format>local6</format> + <description>Local facility 6</description> + </valueHelp> + <valueHelp> + <format>local7</format> + <description>Local facility 7</description> + </valueHelp> + </properties> + <children> + <leafNode name="level"> + <properties> + <help>Logging level</help> + <completionHelp> + <list>emerg alert crit err warning notice info debug all</list> + </completionHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> + <valueHelp> + <format>emerg</format> + <description>Emergency messages</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Urgent messages</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical messages</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error messages</description> + </valueHelp> + <valueHelp> + <format>warning</format> + <description>Warning messages</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Messages for further investigation</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Informational messages</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug messages</description> + </valueHelp> + <valueHelp> + <format>all</format> + <description>Log everything</description> + </valueHelp> + </properties> + </leafNode> + </children> + </tagNode> + <node name="marker"> + <properties> + <help>mark messages sent to syslog</help> + </properties> + <children> + <leafNode name="interval"> + <properties> + <help>time interval how often a mark message is being sent in seconds (default: 1200)</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name ="preserve-fqdn"> + <properties> + <help>uses FQDN for logging</help> + <valueless /> + </properties> + </leafNode> + </children> + </node> + <tagNode name="file"> + <properties> + <help>Logging to a file</help> + <constraint> + <regex>[a-zA-Z0-9\-_.]{1,255}</regex> + </constraint> + <constraintErrorMessage>illegal characters in filename or filename longer than 255 characters</constraintErrorMessage> + </properties> + <children> + <node name="archive"> + <properties> + <help>Log file size and rotation characteristics</help> + </properties> + <children> + <leafNode name="file"> + <properties> + <help>Number of saved files (default is 5)</help> + <constraint> + <regex>[0-9]+</regex> + </constraint> + <constraintErrorMessage>illegal characters in number of files</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="size"> + <properties> + <help>Size of log files (in kbytes, default is 256)</help> + <constraint> + <regex>[0-9]+</regex> + </constraint> + <constraintErrorMessage>illegal characters in size</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <tagNode name="facility"> + <properties> + <help>Facility for logging</help> + <completionHelp> + <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> + </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> + <valueHelp> + <format>all</format> + <description>All facilities excluding "mark"</description> + </valueHelp> + <valueHelp> + <format>auth</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>authpriv</format> + <description>Non-system authorization</description> + </valueHelp> + <valueHelp> + <format>cron</format> + <description>Cron daemon</description> + </valueHelp> + <valueHelp> + <format>daemon</format> + <description>System daemons</description> + </valueHelp> + <valueHelp> + <format>kern</format> + <description>Kernel</description> + </valueHelp> + <valueHelp> + <format>lpr</format> + <description>Line printer spooler</description> + </valueHelp> + <valueHelp> + <format>mail</format> + <description>Mail subsystem</description> + </valueHelp> + <valueHelp> + <format>mark</format> + <description>Timestamp</description> + </valueHelp> + <valueHelp> + <format>news</format> + <description>USENET subsystem</description> + </valueHelp> + <valueHelp> + <format>protocols</format> + <description>depricated will be set to local7</description> + </valueHelp> + <valueHelp> + <format>security</format> + <description>depricated will be set to auth</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>user</format> + <description>Application processes</description> + </valueHelp> + <valueHelp> + <format>uucp</format> + <description>UUCP subsystem</description> + </valueHelp> + <valueHelp> + <format>local0</format> + <description>Local facility 0</description> + </valueHelp> + <valueHelp> + <format>local1</format> + <description>Local facility 1</description> + </valueHelp> + <valueHelp> + <format>local2</format> + <description>Local facility 2</description> + </valueHelp> + <valueHelp> + <format>local3</format> + <description>Local facility 3</description> + </valueHelp> + <valueHelp> + <format>local4</format> + <description>Local facility 4</description> + </valueHelp> + <valueHelp> + <format>local5</format> + <description>Local facility 5</description> + </valueHelp> + <valueHelp> + <format>local6</format> + <description>Local facility 6</description> + </valueHelp> + <valueHelp> + <format>local7</format> + <description>Local facility 7</description> + </valueHelp> + </properties> + <children> + <leafNode name="level"> + <properties> + <help>Logging level</help> + <completionHelp> + <list>emerg alert crit err warning notice info debug all</list> + </completionHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> + <valueHelp> + <format>emerg</format> + <description>Emergency messages</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Urgent messages</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical messages</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error messages</description> + </valueHelp> + <valueHelp> + <format>warning</format> + <description>Warning messages</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Messages for further investigation</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Informational messages</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug messages</description> + </valueHelp> + <valueHelp> + <format>all</format> + <description>Log everything</description> + </valueHelp> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + <node name="console"> + <properties> + <help>logging to serial console</help> + </properties> + <children> + <tagNode name="facility"> + <properties> + <help>Facility for logging</help> + <completionHelp> + <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> + </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> + <valueHelp> + <format>all</format> + <description>All facilities excluding "mark"</description> + </valueHelp> + <valueHelp> + <format>auth</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>authpriv</format> + <description>Non-system authorization</description> + </valueHelp> + <valueHelp> + <format>cron</format> + <description>Cron daemon</description> + </valueHelp> + <valueHelp> + <format>daemon</format> + <description>System daemons</description> + </valueHelp> + <valueHelp> + <format>kern</format> + <description>Kernel</description> + </valueHelp> + <valueHelp> + <format>lpr</format> + <description>Line printer spooler</description> + </valueHelp> + <valueHelp> + <format>mail</format> + <description>Mail subsystem</description> + </valueHelp> + <valueHelp> + <format>mark</format> + <description>Timestamp</description> + </valueHelp> + <valueHelp> + <format>news</format> + <description>USENET subsystem</description> + </valueHelp> + <valueHelp> + <format>protocols</format> + <description>depricated will be set to local7</description> + </valueHelp> + <valueHelp> + <format>security</format> + <description>depricated will be set to auth</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>user</format> + <description>Application processes</description> + </valueHelp> + <valueHelp> + <format>uucp</format> + <description>UUCP subsystem</description> + </valueHelp> + <valueHelp> + <format>local0</format> + <description>Local facility 0</description> + </valueHelp> + <valueHelp> + <format>local1</format> + <description>Local facility 1</description> + </valueHelp> + <valueHelp> + <format>local2</format> + <description>Local facility 2</description> + </valueHelp> + <valueHelp> + <format>local3</format> + <description>Local facility 3</description> + </valueHelp> + <valueHelp> + <format>local4</format> + <description>Local facility 4</description> + </valueHelp> + <valueHelp> + <format>local5</format> + <description>Local facility 5</description> + </valueHelp> + <valueHelp> + <format>local6</format> + <description>Local facility 6</description> + </valueHelp> + <valueHelp> + <format>local7</format> + <description>Local facility 7</description> + </valueHelp> + </properties> + <children> + <leafNode name="level"> + <properties> + <help>Logging level</help> + <completionHelp> + <list>emerg alert crit err warning notice info debug all</list> + </completionHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> + <valueHelp> + <format>emerg</format> + <description>Emergency messages</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Urgent messages</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical messages</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error messages</description> + </valueHelp> + <valueHelp> + <format>warning</format> + <description>Warning messages</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Messages for further investigation</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Informational messages</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug messages</description> + </valueHelp> + <valueHelp> + <format>all</format> + <description>Log everything</description> + </valueHelp> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-time-zone.xml.in b/interface-definitions/system-time-zone.xml.in new file mode 100644 index 000000000..ff815c9d3 --- /dev/null +++ b/interface-definitions/system-time-zone.xml.in @@ -0,0 +1,19 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <leafNode name="time-zone" owner="${vyos_conf_scripts_dir}/system-timezone.py"> + <properties> + <help>Local time zone (default UTC)</help> + <priority>100</priority> + <completionHelp> + <script>find /usr/share/zoneinfo/posix -type f -or -type l | sed -e s:/usr/share/zoneinfo/posix/:: | sort</script> + </completionHelp> + <constraint> + <validator name="timezone" argument="--validate"/> + </constraint> + </properties> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/tftp-server.xml.in b/interface-definitions/tftp-server.xml.in new file mode 100644 index 000000000..2874b034c --- /dev/null +++ b/interface-definitions/tftp-server.xml.in @@ -0,0 +1,57 @@ +<?xml version="1.0"?> +<!-- TFTP configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="tftp-server" owner="${vyos_conf_scripts_dir}/tftp_server.py"> + <properties> + <help>Trivial File Transfer Protocol (TFTP) server</help> + <priority>990</priority> + </properties> + <children> + <leafNode name="directory"> + <properties> + <help>Folder containing files served by TFTP [REQUIRED]</help> + </properties> + </leafNode> + <leafNode name="allow-upload"> + <properties> + <help>Allow TFTP file uploads</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Port for TFTP service</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port (default: 69)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="listen-address"> + <properties> + <help>Addresses for TFTP server to listen [REQUIRED]</help> + <valueHelp> + <format>ipv4</format> + <description>TFTP IPv4 listen address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>TFTP IPv6 listen address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/vpn_anyconnect.xml.in b/interface-definitions/vpn_anyconnect.xml.in new file mode 100644 index 000000000..e74326986 --- /dev/null +++ b/interface-definitions/vpn_anyconnect.xml.in @@ -0,0 +1,258 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="vpn"> + <children> + <node name="anyconnect" owner="${vyos_conf_scripts_dir}/vpn_anyconnect.py"> + <properties> + <help>SSL VPN AnyConnect</help> + <priority>901</priority> + </properties> + <children> + <node name="authentication"> + <properties> + <help>Authentication for remote access SSL VPN Server</help> + </properties> + <children> + <leafNode name="mode"> + <properties> + <help>Authentication mode used by this server</help> + <valueHelp> + <format>local</format> + <description>Use local username/password configuration</description> + </valueHelp> + <valueHelp> + <format>radius</format> + <description>Use RADIUS server for user autentication</description> + </valueHelp> + <constraint> + <regex>(local|radius)</regex> + </constraint> + <completionHelp> + <list>local radius</list> + </completionHelp> + </properties> + </leafNode> + <node name="local-users"> + <properties> + <help>Local user authentication for SSL VPN server</help> + </properties> + <children> + <tagNode name="username"> + <properties> + <help>User name for authentication</help> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable a SSL VPN Server user</help> + <valueless /> + </properties> + </leafNode> + <leafNode name="password"> + <properties> + <help>Password for authentication</help> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + #include <include/radius-server.xml.i> + <node name="radius"> + <children> + <leafNode name="timeout"> + <properties> + <help>Session timeout</help> + <valueHelp> + <format>1-30</format> + <description>Session timeout in seconds (default: 2)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-30"/> + </constraint> + <constraintErrorMessage>Timeout must be between 1 and 30 seconds</constraintErrorMessage> + </properties> + <defaultValue>2</defaultValue> + </leafNode> + </children> + </node> + </children> + </node> + <node name="listen-ports"> + <properties> + <help>SSL Certificate, SSL Key and CA (/config/auth)</help> + </properties> + <children> + <leafNode name="tcp"> + <properties> + <help>tcp port number to accept connections (default: 443)</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port (default: 443)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>443</defaultValue> + </leafNode> + <leafNode name="udp"> + <properties> + <help>udp port number to accept connections (default: 443)</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port (default: 443)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>443</defaultValue> + </leafNode> + </children> + </node> + <node name="ssl"> + <properties> + <help>SSL Certificate, SSL Key and CA (/config/auth)</help> + </properties> + <children> + <leafNode name="ca-cert-file"> + <properties> + <help>Certificate Authority certificate</help> + <completionHelp> + <script>ls /config/auth</script> + </completionHelp> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config"/> + </constraint> + </properties> + </leafNode> + <leafNode name="cert-file"> + <properties> + <help>Server Certificate</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config"/> + </constraint> + </properties> + </leafNode> + <leafNode name="key-file"> + <properties> + <help>Privat Key of the Server Certificate</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="network-settings"> + <properties> + <help>Network settings</help> + </properties> + <children> + <leafNode name="push-route"> + <properties> + <help>Route to be pushed to the client</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 network and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 network and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="client-ip-settings"> + <properties> + <help>Client IP pools settings</help> + </properties> + <children> + <leafNode name="subnet"> + <properties> + <help>Client IP subnet (CIDR notation)</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <node name="client-ipv6-pool"> + <properties> + <help>Pool of client IPv6 addresses</help> + </properties> + <children> + <leafNode name="prefix"> + <properties> + <help>Pool of addresses used to assign to clients</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mask"> + <properties> + <help>Prefix length used for individual client</help> + <valueHelp> + <format><48-128></format> + <description>Client prefix length (default: 64)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 48-128"/> + </constraint> + </properties> + <defaultValue>64</defaultValue> + </leafNode> + </children> + </node> + <leafNode name="name-server"> + <properties> + <help>Domain Name Server (DNS) propagated to client</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> +</node> +</interfaceDefinition> diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in new file mode 100644 index 000000000..702ef8b5a --- /dev/null +++ b/interface-definitions/vpn_l2tp.xml.in @@ -0,0 +1,457 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="vpn"> + <children> + <node name="l2tp" owner="${vyos_conf_scripts_dir}/vpn_l2tp.py"> + <properties> + <help>L2TP Virtual Private Network (VPN)</help> + </properties> + <children> + <node name="remote-access"> + <properties> + <help>Remote access L2TP VPN</help> + </properties> + <children> + <leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <constraint> + <validator name="numeric" argument="--range 128-16384"/> + </constraint> + </properties> + </leafNode> + <leafNode name="outside-address"> + <properties> + <help>External IP address to which VPN clients will connect</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="gateway-address"> + <properties> + <help>Gatway address uses as client tunnel termination point</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + #include <include/accel-name-server.xml.in> + <node name="lns"> + <properties> + <help>L2TP Network Server (LNS)</help> + </properties> + <children> + <leafNode name="shared-secret"> + <properties> + <help>Tunnel password used to authenticate the client (LAC)</help> + </properties> + </leafNode> + </children> + </node> + <leafNode name="ccp-disable"> + <properties> + <help>Disable Compression Control Protocol (CCP)</help> + <valueless /> + </properties> + </leafNode> + <node name="ipsec-settings"> + <properties> + <help>Internet Protocol Security (IPsec) for remote access L2TP VPN</help> + </properties> + <children> + <node name="authentication"> + <properties> + <help>IPsec authentication settings</help> + </properties> + <children> + <leafNode name="mode"> + <properties> + <help>Authentication mode for IPsec</help> + <valueHelp> + <format>pre-shared-secret</format> + <description>Use pre-shared secret for IPsec authentication</description> + </valueHelp> + <valueHelp> + <format>x509</format> + <description>Use X.509 certificate for IPsec authentication</description> + </valueHelp> + <constraint> + <regex>(pre-shared-secret|x509)</regex> + </constraint> + <completionHelp> + <list>pre-shared-secret x509</list> + </completionHelp> + </properties> + </leafNode> + <leafNode name="pre-shared-secret"> + <properties> + <help>Pre-shared secret for IPsec</help> + </properties> + </leafNode> + <node name="x509"> + <properties> + <help>X.509 certificate</help> + </properties> + <children> + <leafNode name="ca-cert-file"> + <properties> + <help>File containing the X.509 certificate for the Certificate Authority (CA)</help> + <valueHelp> + <format><text></format> + <description>File in /config/auth</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="crl-file"> + <properties> + <help>File containing the X.509 Certificate Revocation List (CRL)</help> + <valueHelp> + <format><text></format> + <description>File in /config/auth</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="server-cert-file"> + <properties> + <help>File containing the X.509 certificate for the remote access VPN server (this host)</help> + <valueHelp> + <format><text></format> + <description>File in /config/auth</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="server-key-file"> + <properties> + <help>File containing the private key for the X.509 certificate for the remote access VPN server (this host)</help> + <valueHelp> + <format><text></format> + <description>File in /config/auth</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="server-key-password"> + <properties> + <help>Password that protects the private key</help> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="ike-lifetime"> + <properties> + <help>IKE lifetime</help> + <valueHelp> + <format><30-86400></format> + <description>IKE lifetime in seconds (default 3600)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 30-86400"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lifetime"> + <properties> + <help>ESP lifetime</help> + <valueHelp> + <format><30-86400></format> + <description>IKE lifetime in seconds (default 3600)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 30-86400"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + #include <include/accel-wins-server.xml.i> + <node name="client-ip-pool"> + <properties> + <help>Pool of client IP addresses (must be within a /24)</help> + </properties> + <children> + <leafNode name="start"> + <properties> + <help>First IP address in the pool (will be used as gateway address)</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Last IP address in the pool</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="subnet"> + <properties> + <help>Client IP subnet (CIDR notation)</help> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 subnet address</description> + </valueHelp> + <multi /> + </properties> + </leafNode> + </children> + </node> + #include <include/accel-client-ipv6-pool.xml.in> + <leafNode name="description"> + <properties> + <help>Description for L2TP remote-access settings</help> + </properties> + </leafNode> + <leafNode name="dhcp-interface"> + <properties> + <help>DHCP interface to listen on</help> + </properties> + </leafNode> + <leafNode name="idle"> + <properties> + <help>PPP idle timeout</help> + <valueHelp> + <format><30-86400></format> + <description>PPP idle timeout in seconds (default 1800)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 30-86400"/> + </constraint> + </properties> + </leafNode> + <node name="authentication"> + <properties> + <help>Authentication for remote access L2TP VPN</help> + </properties> + <children> + <leafNode name="require"> + <properties> + <help>Authentication protocol for remote access peer L2TP VPN</help> + <valueHelp> + <format>pap</format> + <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description> + </valueHelp> + <valueHelp> + <format>chap</format> + <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> + </valueHelp> + <valueHelp> + <format>mschap</format> + <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> + </valueHelp> + <valueHelp> + <format>mschap-v2</format> + <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description> + </valueHelp> + <constraint> + <regex>(pap|chap|mschap|mschap-v2)</regex> + </constraint> + <completionHelp> + <list>pap chap mschap mschap-v2</list> + </completionHelp> + <multi /> + </properties> + </leafNode> + <leafNode name="mppe"> + <properties> + <help>Specifies mppe negotioation preference. (default require mppe 128-bit stateless</help> + <valueHelp> + <format>deny</format> + <description>deny mppe</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>Ask client for mppe, if it rejects do not fail</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>ask client for mppe, if it rejects drop connection</description> + </valueHelp> + <constraint> + <regex>(deny|prefer|require)</regex> + </constraint> + <completionHelp> + <list>deny prefer require</list> + </completionHelp> + </properties> + </leafNode> + #include <include/accel-auth-mode.xml.i> + <node name="local-users"> + <properties> + <help>Local user authentication for remote access L2TP VPN</help> + </properties> + <children> + <tagNode name="username"> + <properties> + <help>User name for authentication</help> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable a L2TP Server user</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="password"> + <properties> + <help>Password for authentication</help> + </properties> + </leafNode> + <leafNode name="static-ip"> + <properties> + <help>Static client IP address</help> + </properties> + </leafNode> + <node name="rate-limit"> + <properties> + <help>Upload/Download speed limits</help> + </properties> + <children> + <leafNode name="upload"> + <properties> + <help>Upload bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="download"> + <properties> + <help>Download bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> + #include <include/radius-server.xml.i> + <node name="radius"> + <children> + <tagNode name="server"> + <children> + <leafNode name="fail-time"> + <properties> + <help>Mark server unavailable for <n> seconds on failure</help> + <valueHelp> + <format>0-600</format> + <description>Fail time penalty</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600"/> + </constraint> + <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="timeout"> + <properties> + <help>Timeout to wait response from server (seconds)</help> + </properties> + </leafNode> + <leafNode name="acct-timeout"> + <properties> + <help>Timeout to wait reply for Interim-Update packets. (default 3 seconds)</help> + </properties> + </leafNode> + <leafNode name="max-try"> + <properties> + <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help> + </properties> + </leafNode> + <leafNode name="nas-identifier"> + <properties> + <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help> + </properties> + </leafNode> + <node name="dae-server"> + <properties> + <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help> + </properties> + <children> + <leafNode name="ip-address"> + <properties> + <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Port for Dynamic Authorization Extension server (DM/CoA)</help> + </properties> + </leafNode> + <leafNode name="secret"> + <properties> + <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help> + </properties> + </leafNode> + </children> + </node> + <node name="rate-limit"> + <properties> + <help>Upload/Download speed limits</help> + </properties> + <children> + <leafNode name="attribute"> + <properties> + <help>Specifies which radius attribute contains rate information. (default is Filter-Id)</help> + </properties> + </leafNode> + <leafNode name="vendor"> + <properties> + <help>Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius)</help> + </properties> + </leafNode> + <leafNode name="enable"> + <properties> + <help>Enables Bandwidth shaping via RADIUS</help> + <valueless /> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="ppp-options"> + <properties> + <help>Advanced protocol options</help> + </properties> + <children> + <leafNode name="lcp-echo-interval"> + <properties> + <help>LCP echo-requests/sec</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lcp-echo-failure"> + <properties> + <help>Maximum number of Echo-Requests may be sent without valid reply</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in new file mode 100644 index 000000000..032455b4d --- /dev/null +++ b/interface-definitions/vpn_pptp.xml.in @@ -0,0 +1,165 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="vpn"> + <children> + <node name="pptp" owner="${vyos_conf_scripts_dir}/vpn_pptp.py"> + <properties> + <help>Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN)</help> + </properties> + <children> + <node name="remote-access"> + <properties> + <help>Remote access PPTP VPN</help> + </properties> + <children> + <leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <constraint> + <validator name="numeric" argument="--range 128-16384"/> + </constraint> + </properties> + </leafNode> + <leafNode name="outside-address"> + <properties> + <help>External IP address to which VPN clients will connect</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="name-server"> + <properties> + <help>Domain Name Server (DNS) propagated to client</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + #include <include/accel-wins-server.xml.i> + <node name="client-ip-pool"> + <properties> + <help>Pool of client IP addresses (must be within a /24)</help> + </properties> + <children> + <leafNode name="start"> + <properties> + <help>First IP address in the pool (will be used as gateway address)</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Last IP address in the pool</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="gateway-address"> + <properties> + <help>Gatway address uses as client tunnel termination point</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <node name="authentication"> + <properties> + <help>Authentication for remote access PPTP VPN</help> + </properties> + <children> + <leafNode name="require"> + <properties> + <help>Authentication protocol for remote access peer PPTP VPN</help> + <valueHelp> + <format>pap</format> + <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description> + </valueHelp> + <valueHelp> + <format>chap</format> + <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> + </valueHelp> + <valueHelp> + <format>mschap</format> + <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> + </valueHelp> + <valueHelp> + <format>mschap-v2</format> + <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="mppe"> + <properties> + <help>Specifies mppe negotioation preference. (default require mppe 128-bit stateless</help> + <valueHelp> + <format>deny</format> + <description>deny mppe</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>ask client for mppe, if it rejects do not fail</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>ask client for mppe, if it rejects drop connection</description> + </valueHelp> + <constraint> + <regex>(deny|prefer|require)</regex> + </constraint> + <completionHelp> + <list>deny prefer require</list> + </completionHelp> + </properties> + </leafNode> + #include <include/accel-auth-mode.xml.i> + <node name="local-users"> + <properties> + <help>Local user authentication for remote access PPTP VPN</help> + </properties> + <children> + <tagNode name="username"> + <properties> + <help>User name for authentication</help> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable a PPTP Server user</help> + </properties> + </leafNode> + <leafNode name="password"> + <properties> + <help>Password for authentication</help> + </properties> + </leafNode> + <leafNode name="static-ip"> + <properties> + <help>Static client IP address</help> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + #include <include/radius-server.xml.i> + #include <include/accel-radius-additions.xml.in> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in new file mode 100644 index 000000000..f0c93b882 --- /dev/null +++ b/interface-definitions/vpn_sstp.xml.in @@ -0,0 +1,273 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="vpn"> + <children> + <node name="sstp" owner="${vyos_conf_scripts_dir}/vpn_sstp.py"> + <properties> + <help>Secure Socket Tunneling Protocol (SSTP) server</help> + <priority>901</priority> + </properties> + <children> + <node name="authentication"> + <properties> + <help>Authentication for remote access SSTP Server</help> + </properties> + <children> + <node name="local-users"> + <properties> + <help>Local user authentication for SSTP server</help> + </properties> + <children> + <tagNode name="username"> + <properties> + <help>User name for authentication</help> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable a SSTP Server user</help> + <valueless /> + </properties> + </leafNode> + <leafNode name="password"> + <properties> + <help>Password for authentication</help> + </properties> + </leafNode> + <leafNode name="static-ip"> + <properties> + <help>Static client IP address</help> + </properties> + </leafNode> + <node name="rate-limit"> + <properties> + <help>Upload/Download speed limits</help> + </properties> + <children> + <leafNode name="upload"> + <properties> + <help>Upload bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="download"> + <properties> + <help>Download bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> + #include <include/accel-auth-mode.xml.i> + <leafNode name="protocols"> + <properties> + <help>Authentication protocol for remote access peer SSTP VPN</help> + <completionHelp> + <list>pap chap mschap mschap-v2</list> + </completionHelp> + <valueHelp> + <format>pap</format> + <description>Authentication via PAP (Password Authentication Protocol)</description> + </valueHelp> + <valueHelp> + <format>chap</format> + <description>Authentication via CHAP (Challenge Handshake Authentication Protocol)</description> + </valueHelp> + <valueHelp> + <format>mschap</format> + <description>Authentication via MS-CHAP (Microsoft Challenge Handshake Authentication Protocol)</description> + </valueHelp> + <valueHelp> + <format>mschap-v2</format> + <description>Authentication via MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol, version 2)</description> + </valueHelp> + <constraint> + <regex>(pap|chap|mschap|mschap-v2)</regex> + </constraint> + <multi /> + </properties> + </leafNode> + #include <include/radius-server.xml.i> + #include <include/accel-radius-additions.xml.in> + <node name="radius"> + <children> + <node name="rate-limit"> + <properties> + <help>Upload/Download speed limits</help> + </properties> + <children> + <leafNode name="attribute"> + <properties> + <help>Specifies RADIUS attribute containing rate information (default 'Filter-Id')</help> + </properties> + </leafNode> + <leafNode name="vendor"> + <properties> + <help>Specifies vendor dictionary (needs to be in /usr/share/accel-ppp/radius)</help> + </properties> + </leafNode> + <leafNode name="enable"> + <properties> + <help>Enable RADIUS bandwidth shaping</help> + <valueless /> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="ssl"> + <properties> + <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help> + </properties> + <children> + <leafNode name="ca-cert-file"> + <properties> + <help>Certificate Authority certificate</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + <leafNode name="cert-file"> + <properties> + <help>Server Certificate</help> + <completionHelp> + <script>ls /config</script> + </completionHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + <leafNode name="key-file"> + <properties> + <help>Privat Key of the Server Certificate</help> + <valueHelp> + <format>file</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-exists" argument="--directory /config/auth"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="network-settings"> + <properties> + <help>Network settings</help> + </properties> + <children> + <node name="client-ip-settings"> + <properties> + <help>Client IP pools and gateway setting</help> + </properties> + <children> + <leafNode name="subnet"> + <properties> + <help>Client IP subnet (CIDR notation)</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage> + <multi /> + </properties> + </leafNode> + <leafNode name="gateway-address"> + <properties> + <help>Gateway IP address</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage> + <valueHelp> + <format>ipv4</format> + <description>Default Gateway send to the client</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + #include <include/accel-client-ipv6-pool.xml.in> + #include <include/accel-name-server.xml.in> + #include <include/interface-mtu-68-1500.xml.i> + </children> + </node> + <node name="ppp-settings"> + <properties> + <help>PPP (Point-to-Point Protocol) settings</help> + </properties> + <children> + <leafNode name="mppe"> + <properties> + <help>Specifies mppe negotiation preferences</help> + <completionHelp> + <list>require prefer deny</list> + </completionHelp> + <constraint> + <regex>(^require|prefer|deny)</regex> + </constraint> + <valueHelp> + <format>require</format> + <description>send mppe request, if client rejects, drop the connection</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>send mppe request, if client rejects continue</description> + </valueHelp> + <valueHelp> + <format>deny</format> + <description>drop all mppe</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="lcp-echo-interval"> + <properties> + <help>LCP echo-requests/sec</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lcp-echo-failure"> + <properties> + <help>Maximum number of Echo-Requests may be sent without valid reply</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lcp-echo-timeout"> + <properties> + <help>Timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used.</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> +</node> +</interfaceDefinition> diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in new file mode 100644 index 000000000..159f4ea3e --- /dev/null +++ b/interface-definitions/vrf.xml.in @@ -0,0 +1,47 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="vrf" owner="${vyos_conf_scripts_dir}/vrf.py"> + <properties> + <help>Virtual Routing and Forwarding</help> + <!-- must be before any interface creation --> + <priority>60</priority> + </properties> + <children> + <leafNode name="bind-to-all"> + <properties> + <help>Enable binding services to all VRFs</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="name"> + <properties> + <help>VRF instance name</help> + <constraint> + <validator name="vrf-name"/> + </constraint> + <constraintErrorMessage>VRF instance name must be 15 characters or less and can not\nbe named as regular network interfaces.\n</constraintErrorMessage> + <valueHelp> + <format>name</format> + <description>Instance name</description> + </valueHelp> + </properties> + <children> + <leafNode name="table"> + <properties> + <help>Routing table associated with this instance</help> + <valueHelp> + <format>100-2147483647</format> + <description>Routing table ID</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 100-2147483647"/> + </constraint> + <constraintErrorMessage>VRF routing table must be in range from 100 to 2147483647</constraintErrorMessage> + </properties> + </leafNode> + #include <include/interface-description.xml.i> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/vrrp.xml.in b/interface-definitions/vrrp.xml.in new file mode 100644 index 000000000..120c7d218 --- /dev/null +++ b/interface-definitions/vrrp.xml.in @@ -0,0 +1,302 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="high-availability"> + <properties> + <help>High availability settings</help> + </properties> + <children> + <node name="vrrp" owner="${vyos_conf_scripts_dir}/vrrp.py"> + <properties> + <priority>800</priority> <!-- after all interfaces and conntrack-sync --> + <help>Virtual Router Redundancy Protocol settings</help> + </properties> + <children> + <tagNode name="group"> + <properties> + <help>VRRP group</help> + </properties> + <children> + <leafNode name="interface"> + <properties> + <help>Network interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py --broadcast</script> + </completionHelp> + </properties> + </leafNode> + <leafNode name="advertise-interval"> + <properties> + <help>Advertise interval</help> + <valueHelp> + <format>1-255</format> + <description>Advertise interval in seconds (default: 1)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <node name="authentication"> + <properties> + <help>VRRP authentication</help> + </properties> + <children> + <leafNode name="password"> + <properties> + <help>VRRP password</help> + <valueHelp> + <format>text</format> + <description>Password string (up to 8 characters)</description> + </valueHelp> + <constraint> + <regex>.{1,8}</regex> + </constraint> + <constraintErrorMessage>Password must not be longer than 8 characters</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>Authentication type</help> + <completionHelp> + <list>plaintext-password ah</list> + </completionHelp> + <constraint> + <regex>(plaintext-password|ah)</regex> + </constraint> + <constraintErrorMessage>Authentication type must be plaintext-password or ah</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <leafNode name="description"> + <properties> + <help>Group description</help> + </properties> + </leafNode> + <leafNode name="disable"> + <properties> + <valueless/> + <help>Disable VRRP group</help> + </properties> + </leafNode> + <node name="health-check"> + <properties> + <help>Health check script</help> + </properties> + <children> + <leafNode name="failure-count"> + <properties> + <help>Health check failure count required for transition to fault (default: 3)</help> + <constraint> + <validator name="numeric" argument="--positive" /> + </constraint> + </properties> + </leafNode> + <leafNode name="interval"> + <properties> + <help>Health check execution interval in seconds (default: 60)</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + <leafNode name="script"> + <properties> + <help>Health check script file</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="hello-source-address"> + <properties> + <help>VRRP hello source address (IPv4 or IPv6)</help> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + <valueHelp> + <format><IPv4|IPv6></format> + <description>IPv4 or IPv6 hello source address</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="peer-address"> + <properties> + <help>Unicast VRRP peer address (IPv4 or IPv6)</help> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + <valueHelp> + <format><IPv4|IPv6></format> + <description>IPv4 or IPv6 unicast peer address</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="no-preempt"> + <properties> + <valueless/> + <help>Disable master preemption</help> + </properties> + </leafNode> + <leafNode name="preempt-delay"> + <properties> + <help>Preempt delay (in seconds)</help> + <constraint> + <validator name="numeric" argument="--range 0-1000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="priority"> + <properties> + <help>Router priority</help> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + <valueHelp> + <format>1-255</format> + <description>Router priority (default: 100)</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="rfc3768-compatibility"> + <properties> + <valueless/> + <help>Use VRRP virtual MAC address as per RFC3768</help> + </properties> + </leafNode> + <node name="transition-script"> + <properties> + <help>VRRP transition scripts</help> + </properties> + <children> + <leafNode name="master"> + <properties> + <help>Script to run on VRRP state transition to master</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="backup"> + <properties> + <help>Script to run on VRRP state transition to backup</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="fault"> + <properties> + <help>Script to run on VRRP state transition to fault</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Script to run on VRRP state transition to stop</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="virtual-address"> + <properties> + <multi/> + <help>Virtual address (IPv4 or IPv6, but they must not be mixed in one group)</help> + <constraint> + <validator name="ipv4-host"/> + <validator name="ipv6-host"/> + </constraint> + <constraintErrorMessage>Virtual address must be a valid IPv4 or IPv6 address with prefix length (e.g. 192.0.2.3/24 or 2001:db8:ff::10/64)</constraintErrorMessage> + <valueHelp> + <format><IPv4|IPv6></format> + <description>IPv4 or IPv6 virtual address</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="vrid"> + <properties> + <help>Virtual router identifier</help> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + <valueHelp> + <format>1-255</format> + <description>Virtual router identifier</description> + </valueHelp> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="sync-group"> + <properties> + <help>VRRP sync group</help> + </properties> + <children> + <leafNode name="member"> + <properties> + <multi/> + <help>Sync group member</help> + <valueHelp> + <format>text</format> + <description>VRRP group name</description> + </valueHelp> + <completionHelp> + <path>high-availability vrrp group</path> + </completionHelp> + </properties> + </leafNode> + <node name="transition-script"> + <properties> + <help>VRRP transition scripts</help> + </properties> + <children> + <leafNode name="master"> + <properties> + <help>Script to run on VRRP state transition to master</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="backup"> + <properties> + <help>Script to run on VRRP state transition to backup</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="fault"> + <properties> + <help>Script to run on VRRP state transition to fault</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Script to run on VRRP state transition to stop</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> |