diff options
Diffstat (limited to 'interface-definitions')
228 files changed, 3844 insertions, 2458 deletions
diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in deleted file mode 100644 index ef34ecbf5..000000000 --- a/interface-definitions/dns-domain-name.xml.in +++ /dev/null @@ -1,114 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="system"> - <children> - <leafNode name="name-server" owner="${vyos_conf_scripts_dir}/host_name.py"> - <properties> - <help>System Domain Name Servers (DNS)</help> - <priority>400</priority> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - <valueHelp> - <format>ipv4</format> - <description>Domain Name Server IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>Domain Name Server IPv6 address</description> - </valueHelp> - <valueHelp> - <format>txt</format> - <description>Use Domain Name Server from DHCP interface</description> - </valueHelp> - <multi/> - <constraint> - <validator name="ip-address"/> - #include <include/constraint/interface-name.xml.i> - </constraint> - </properties> - </leafNode> - <!-- script does not use XML defaults so far --> - <leafNode name="host-name" owner="${vyos_conf_scripts_dir}/host_name.py"> - <properties> - <help>System host name (default: vyos)</help> - <constraint> - #include <include/constraint/host-name.xml.i> - </constraint> - </properties> - </leafNode> - <leafNode name="domain-name" owner="${vyos_conf_scripts_dir}/host_name.py"> - <properties> - <help>System domain name</help> - <constraint> - <validator name="fqdn"/> - </constraint> - </properties> - </leafNode> - <node name="domain-search" owner="${vyos_conf_scripts_dir}/host_name.py"> - <properties> - <help>Domain Name Server (DNS) domain completion order</help> - <priority>400</priority> - </properties> - <children> - <leafNode name="domain"> - <properties> - <help>DNS domain completion order</help> - <constraint> - <regex>[-a-zA-Z0-9.]+</regex> - </constraint> - <constraintErrorMessage>Invalid domain name</constraintErrorMessage> - <multi/> - </properties> - </leafNode> - </children> - </node> - <node name="static-host-mapping" owner="${vyos_conf_scripts_dir}/host_name.py"> - <properties> - <help>Map host names to addresses</help> - <priority>400</priority> - </properties> - <children> - <tagNode name="host-name"> - <properties> - <help>Host name for static address mapping</help> - <constraint> - #include <include/constraint/host-name.xml.i> - </constraint> - <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> - </properties> - <children> - <leafNode name="alias"> - <properties> - <help>Alias for this address</help> - <constraint> - <regex>.{1,63}</regex> - </constraint> - <constraintErrorMessage>invalid alias hostname, needs to be between 1 and 63 charactes</constraintErrorMessage> - <multi /> - </properties> - </leafNode> - <leafNode name="inet"> - <properties> - <help>IP Address</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address</description> - </valueHelp> - <constraint> - <validator name="ip-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in deleted file mode 100644 index a0720f3aa..000000000 --- a/interface-definitions/dns-dynamic.xml.in +++ /dev/null @@ -1,173 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="service"> - <children> - <node name="dns"> - <properties> - <help>Domain Name System (DNS) related services</help> - </properties> - <children> - <node name="dynamic" owner="${vyos_conf_scripts_dir}/dns_dynamic.py"> - <properties> - <help>Dynamic DNS</help> - </properties> - <children> - <tagNode name="address"> - <properties> - <help>Obtain IP address to send Dynamic DNS update for</help> - <valueHelp> - <format>txt</format> - <description>Use interface to obtain the IP address</description> - </valueHelp> - <valueHelp> - <format>web</format> - <description>Use HTTP(S) web request to obtain the IP address</description> - </valueHelp> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - <list>web</list> - </completionHelp> - <constraint> - #include <include/constraint/interface-name.xml.i> - <regex>web</regex> - </constraint> - </properties> - <children> - <node name="web-options"> - <properties> - <help>Options when using HTTP(S) web request to obtain the IP address</help> - </properties> - <children> - #include <include/url.xml.i> - <leafNode name="skip"> - <properties> - <help>Pattern to skip from the HTTP(S) respose</help> - <valueHelp> - <format>txt</format> - <description>Pattern to skip from the HTTP(S) respose to extract the external IP address</description> - </valueHelp> - </properties> - </leafNode> - </children> - </node> - <tagNode name="rfc2136"> - <properties> - <help>RFC2136 nsupdate configuration</help> - <valueHelp> - <format>txt</format> - <description>RFC2136 nsupdate service name</description> - </valueHelp> - </properties> - <children> - #include <include/generic-description.xml.i> - #include <include/dns/dynamic-service-host-name-server.xml.i> - <leafNode name="key"> - <properties> - <help>File containing the TSIG secret key shared with remote DNS server</help> - <valueHelp> - <format>filename</format> - <description>File in /config/auth directory</description> - </valueHelp> - <constraint> - <validator name="file-path" argument="--strict --parent-dir /config/auth"/> - </constraint> - </properties> - </leafNode> - #include <include/dns/time-to-live.xml.i> - <leafNode name="zone"> - <properties> - <help>Forwarding zone to be updated</help> - <valueHelp> - <format>txt</format> - <description>RFC2136 Zone to be updated</description> - </valueHelp> - <constraint> - <validator name="fqdn"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - <tagNode name="service"> - <properties> - <help>Dynamic DNS configuration</help> - <valueHelp> - <format>txt</format> - <description>Dynamic DNS service name</description> - </valueHelp> - </properties> - <children> - #include <include/generic-description.xml.i> - #include <include/dns/dynamic-service-host-name-server.xml.i> - #include <include/generic-username.xml.i> - #include <include/generic-password.xml.i> - <leafNode name="protocol"> - <properties> - <help>ddclient protocol used for Dynamic DNS service</help> - <completionHelp> - <script>${vyos_completion_dir}/list_ddclient_protocols.sh</script> - </completionHelp> - <constraint> - <validator name="ddclient-protocol"/> - </constraint> - </properties> - </leafNode> - <leafNode name="zone"> - <properties> - <help>DNS zone to update (not used by all protocols)</help> - <valueHelp> - <format>txt</format> - <description>Name of DNS zone</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="ip-version"> - <properties> - <help>IP address version to use</help> - <valueHelp> - <format>_ipv4</format> - <description>Use only IPv4 address</description> - </valueHelp> - <valueHelp> - <format>_ipv6</format> - <description>Use only IPv6 address</description> - </valueHelp> - <valueHelp> - <format>both</format> - <description>Use both IPv4 and IPv6 address</description> - </valueHelp> - <completionHelp> - <list>ipv4 ipv6 both</list> - </completionHelp> - <constraint> - <regex>(ipv[46]|both)</regex> - </constraint> - <constraintErrorMessage>IP Version must be literal 'ipv4', 'ipv6' or 'both'</constraintErrorMessage> - </properties> - <defaultValue>ipv4</defaultValue> - </leafNode> - </children> - </tagNode> - </children> - </tagNode> - <leafNode name="timeout"> - <properties> - <help>Time in seconds to wait between DNS updates</help> - <valueHelp> - <format>u32:60-3600</format> - <description>Time in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 60-3600"/> - </constraint> - <constraintErrorMessage>Timeout must be between 60 and 3600 seconds</constraintErrorMessage> - </properties> - <defaultValue>300</defaultValue> - </leafNode> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 127f4b7e7..a4023058f 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -7,6 +7,46 @@ </properties> <children> #include <include/firewall/global-options.xml.i> + <tagNode name="flowtable"> + <properties> + <help>Flowtable</help> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/generic-description.xml.i> + <leafNode name="interface"> + <properties> + <help>Interfaces to use this flowtable</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="offload"> + <properties> + <help>Offloading method</help> + <completionHelp> + <list>hardware software</list> + </completionHelp> + <valueHelp> + <format>hardware</format> + <description>Hardware offload</description> + </valueHelp> + <valueHelp> + <format>software</format> + <description>Software offload</description> + </valueHelp> + <constraint> + <regex>(hardware|software)</regex> + </constraint> + </properties> + <defaultValue>software</defaultValue> + </leafNode> + </children> + </tagNode> <node name="group"> <properties> <help>Firewall group</help> @@ -284,6 +324,15 @@ </tagNode> </children> </node> + <node name="bridge"> + <properties> + <help>Bridge firewall</help> + </properties> + <children> + #include <include/firewall/bridge-hook-forward.xml.i> + #include <include/firewall/bridge-custom-name.xml.i> + </children> + </node> <node name="ipv4"> <properties> <help>IPv4 firewall</help> @@ -306,6 +355,148 @@ #include <include/firewall/ipv6-custom-name.xml.i> </children> </node> + <tagNode name="zone"> + <properties> + <help>Zone-policy</help> + <valueHelp> + <format>txt</format> + <description>Zone name</description> + </valueHelp> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/firewall/default-log.xml.i> + <leafNode name="default-action"> + <properties> + <help>Default-action for traffic coming into this zone</help> + <completionHelp> + <list>drop reject</list> + </completionHelp> + <valueHelp> + <format>drop</format> + <description>Drop silently</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Drop and notify source</description> + </valueHelp> + <constraint> + <regex>(drop|reject)</regex> + </constraint> + </properties> + <defaultValue>drop</defaultValue> + </leafNode> + <tagNode name="from"> + <properties> + <help>Zone from which to filter traffic</help> + <completionHelp> + <path>firewall zone</path> + </completionHelp> + </properties> + <children> + <node name="firewall"> + <properties> + <help>Firewall options</help> + </properties> + <children> + <leafNode name="ipv6-name"> + <properties> + <help>IPv6 firewall ruleset</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="name"> + <properties> + <help>IPv4 firewall ruleset</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + <leafNode name="interface"> + <properties> + <help>Interface associated with zone</help> + <valueHelp> + <format>txt</format> + <description>Interface associated with zone</description> + </valueHelp> + <valueHelp> + <format>vrf</format> + <description>VRF associated with zone</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <multi/> + </properties> + </leafNode> + <node name="intra-zone-filtering"> + <properties> + <help>Intra-zone filtering</help> + </properties> + <children> + <leafNode name="action"> + <properties> + <help>Action for intra-zone traffic</help> + <completionHelp> + <list>accept drop</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept traffic</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop silently</description> + </valueHelp> + <constraint> + <regex>(accept|drop)</regex> + </constraint> + </properties> + </leafNode> + <node name="firewall"> + <properties> + <help>Use the specified firewall chain</help> + </properties> + <children> + <leafNode name="ipv6-name"> + <properties> + <help>IPv6 firewall ruleset</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="name"> + <properties> + <help>IPv4 firewall ruleset</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="local-zone"> + <properties> + <help>Zone to be local-zone</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> </children> </node> </interfaceDefinition> diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in index 4f55916fa..aa23888a4 100644 --- a/interface-definitions/high-availability.xml.in +++ b/interface-definitions/high-availability.xml.in @@ -12,6 +12,12 @@ <help>Virtual Router Redundancy Protocol settings</help> </properties> <children> + <leafNode name="snmp"> + <properties> + <valueless/> + <help>Enable SNMP</help> + </properties> + </leafNode> <node name="global-parameters"> <properties> <help>VRRP global parameters</help> diff --git a/interface-definitions/include/accel-ppp/auth-protocols.xml.i b/interface-definitions/include/accel-ppp/auth-protocols.xml.i index d43266152..4ab4753bb 100644 --- a/interface-definitions/include/accel-ppp/auth-protocols.xml.i +++ b/interface-definitions/include/accel-ppp/auth-protocols.xml.i @@ -1,7 +1,7 @@ <!-- include start from accel-ppp/auth-protocols.xml.i --> <leafNode name="protocols"> <properties> - <help>Authentication protocol for remote access peer SSTP VPN</help> + <help>Authentication protocol for remote access peer</help> <completionHelp> <list>pap chap mschap mschap-v2</list> </completionHelp> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i deleted file mode 100644 index b442a15b9..000000000 --- a/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i +++ /dev/null @@ -1,30 +0,0 @@ -<!-- include start from accel-ppp/client-ip-pool-name.xml.i --> -<tagNode name="name"> - <properties> - <help>Pool name</help> - <valueHelp> - <format>txt</format> - <description>Name of IP pool</description> - </valueHelp> - <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> - </constraint> - </properties> - <children> - #include <include/accel-ppp/gateway-address.xml.i> - #include <include/accel-ppp/client-ip-pool-subnet-single.xml.i> - <leafNode name="next-pool"> - <properties> - <help>Next pool name</help> - <valueHelp> - <format>txt</format> - <description>Name of IP pool</description> - </valueHelp> - <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> - </constraint> - </properties> - </leafNode> - </children> -</tagNode> -<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool-start-stop.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool-start-stop.xml.i deleted file mode 100644 index 5f4132d13..000000000 --- a/interface-definitions/include/accel-ppp/client-ip-pool-start-stop.xml.i +++ /dev/null @@ -1,18 +0,0 @@ -<!-- include start from accel-ppp/client-ip-pool-start-stop.xml.i --> -<leafNode name="start"> - <properties> - <help>First IP address in the pool</help> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> -</leafNode> -<leafNode name="stop"> - <properties> - <help>Last IP address in the pool</help> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool-subnet-single.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool-subnet-single.xml.i deleted file mode 100644 index b93ba67d8..000000000 --- a/interface-definitions/include/accel-ppp/client-ip-pool-subnet-single.xml.i +++ /dev/null @@ -1,16 +0,0 @@ -<!-- include start from accel-ppp/client-ip-pool-subnet-single.xml.i --> -<leafNode name="subnet"> - <properties> - <help>Client IP subnet (CIDR notation)</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv4-prefix"/> - <validator name="ipv4-host"/> - </constraint> - <constraintErrorMessage>Not a valid IP address or prefix</constraintErrorMessage> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool-subnet.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool-subnet.xml.i deleted file mode 100644 index 2dc71d3f9..000000000 --- a/interface-definitions/include/accel-ppp/client-ip-pool-subnet.xml.i +++ /dev/null @@ -1,16 +0,0 @@ -<!-- include start from accel-ppp/client-ip-pool-subnet.xml.i --> -<leafNode name="subnet"> - <properties> - <help>Client IP subnet (CIDR notation)</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv4-prefix"/> - </constraint> - <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage> - <multi /> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i new file mode 100644 index 000000000..71fe69f8d --- /dev/null +++ b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i @@ -0,0 +1,46 @@ +<!-- include start from accel-ppp/client-ip-pool.xml.i --> +<tagNode name="client-ip-pool"> + <properties> + <help>Client IP pool</help> + <valueHelp> + <format>txt</format> + <description>Name of IP pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> + <children> + <leafNode name="range"> + <properties> + <help>Range of IP addresses</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range inside /24 network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv4-host"/> + <validator name="ipv4-range-mask" argument="-m 24 -r"/> + </constraint> + </properties> + </leafNode> + <leafNode name="next-pool"> + <properties> + <help>Next pool name</help> + <valueHelp> + <format>txt</format> + <description>Name of IP pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/default-pool.xml.i b/interface-definitions/include/accel-ppp/default-pool.xml.i new file mode 100644 index 000000000..a08b066b1 --- /dev/null +++ b/interface-definitions/include/accel-ppp/default-pool.xml.i @@ -0,0 +1,14 @@ +<!-- include start from accel-ppp/default-pool.xml.i --> +<leafNode name="default-pool"> + <properties> + <help>Default client IP pool name</help> + <valueHelp> + <format>txt</format> + <description>Default IP pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i b/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i new file mode 100644 index 000000000..dcc58b97a --- /dev/null +++ b/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i @@ -0,0 +1,17 @@ +<!-- include start from accel-ppp/gateway-address-multi.xml.i --> +<leafNode name="gateway-address"> + <properties> + <help>Gateway IP address</help> + <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage> + <valueHelp> + <format>ipv4net</format> + <description>Default Gateway, mask send to the client</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv4-host"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i b/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i new file mode 100644 index 000000000..f6ef41019 --- /dev/null +++ b/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i @@ -0,0 +1,15 @@ +<!-- include start from accel-ppp/max-concurrent-sessions.xml.i --> +<leafNode name="max-concurrent-sessions"> + <properties> + <help>Maximum number of concurrent session start attempts</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Maximum number of concurrent session start attempts</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-65535"/> + </constraint> + <constraintErrorMessage>Maximum concurent sessions must be in range 0-65535</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i b/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i index b4008a63b..5661bdc05 100644 --- a/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i +++ b/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i @@ -1,7 +1,7 @@ <!-- include start from accel-ppp/mtu-128-16384.xml.i --> <leafNode name="mtu"> <properties> - <help>Maximum Transmission Unit (MTU) - default 1492</help> + <help>Maximum Transmission Unit (MTU)</help> <constraint> <validator name="numeric" argument="--range 128-16384"/> </constraint> diff --git a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i index b8dbe73b2..c0367b891 100644 --- a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i +++ b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i @@ -13,12 +13,6 @@ <leafNode name="vendor"> <properties> <help>Vendor dictionary</help> - <completionHelp> - <list>alcatel cisco microsoft mikrotik</list> - </completionHelp> - <constraint> - <validator name="accel-radius-dictionary" /> - </constraint> </properties> </leafNode> <leafNode name="enable"> diff --git a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i index c218937c8..388991241 100644 --- a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i +++ b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i @@ -10,7 +10,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -26,7 +26,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i b/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i new file mode 100644 index 000000000..261d60232 --- /dev/null +++ b/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bgp/bmp-monitor-afi-policy.xml.i --> +<leafNode name="pre-policy"> + <properties> + <help>Send state before policy and filter processing</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="post-policy"> + <properties> + <help>Send state with policy and filters applied</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i index 75221a348..c8ad68700 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i @@ -1,4 +1,5 @@ <!-- include start from bgp/neighbor-afi-ipv4-ipv6-common.xml.i --> + <leafNode name="addpath-tx-all"> <properties> <help>Use addpath to advertise all paths to a neighbor</help> @@ -27,7 +28,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -43,7 +44,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -59,7 +60,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -156,12 +157,19 @@ </properties> </leafNode> #include <include/bgp/afi-nexthop-self.xml.i> -<leafNode name="remove-private-as"> +<node name="remove-private-as"> <properties> <help>Remove private AS numbers from AS path in outbound route updates</help> - <valueless/> </properties> -</leafNode> + <children> + <leafNode name="all"> + <properties> + <help>Remove private AS numbers to all AS numbers in outbound route updates</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> #include <include/bgp/afi-route-map.xml.i> #include <include/bgp/afi-route-reflector-client.xml.i> #include <include/bgp/afi-route-server-client.xml.i> @@ -177,7 +185,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/bgp/neighbor-capability.xml.i b/interface-definitions/include/bgp/neighbor-capability.xml.i index 2bbfadf1f..c5ed3c840 100644 --- a/interface-definitions/include/bgp/neighbor-capability.xml.i +++ b/interface-definitions/include/bgp/neighbor-capability.xml.i @@ -16,6 +16,12 @@ <valueless/> </properties> </leafNode> + <leafNode name="software-version"> + <properties> + <help>Advertise Software Version capability to the peer</help> + <valueless/> + </properties> + </leafNode> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-path-attribute.xml.i b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i index f4f2fcfa9..30568d8c6 100644 --- a/interface-definitions/include/bgp/neighbor-path-attribute.xml.i +++ b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i @@ -16,6 +16,18 @@ </constraint> </properties> </leafNode> + <leafNode name="treat-as-withdraw"> + <properties> + <help>Treat-as-withdraw any incoming BGP UPDATE messages that contain the specified attribute</help> + <valueHelp> + <format>u32:1-255</format> + <description>Attribute number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index 504385b53..bb35efe94 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -343,6 +343,7 @@ #include <include/route-map.xml.i> </children> </tagNode> + #include <include/bgp/afi-maximum-paths.xml.i> </children> </node> <node name="ipv4-flowspec"> @@ -805,6 +806,76 @@ <valueless/> </properties> </leafNode> + <node name="default-originate"> + <properties> + <help>Originate a default route</help> + </properties> + <children> + <leafNode name="ipv4"> + <properties> + <help>IPv4 address family</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ipv6"> + <properties> + <help>IPv6 address family</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="disable-ead-evi-rx"> + <properties> + <help>Activate PE on EAD-ES even if EAD-EVI is not received</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-ead-evi-tx"> + <properties> + <help>Do not advertise EAD-EVI for local ESs</help> + <valueless/> + </properties> + </leafNode> + <node name="ead-es-frag"> + <properties> + <help>EAD ES fragment config</help> + </properties> + <children> + <leafNode name="evi-limit"> + <properties> + <help>EVIs per-fragment</help> + <valueHelp> + <format>u32:1-1000</format> + <description>limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1000"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="ead-es-route-target"> + <properties> + <help>EAD ES Route Target</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Route Target export</help> + <valueHelp> + <format>txt</format> + <description>Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-target-multi"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <node name="flooding"> <properties> <help>Specify handling for BUM packets</help> @@ -838,6 +909,92 @@ </node> </children> </node> +<node name="bmp"> + <properties> + <help>BGP Monitoring Protocol (BMP)</help> + </properties> + <children> + <leafNode name="mirror-buffer-limit"> + <properties> + <help>Maximum memory used for buffered mirroring messages (in bytes)</help> + <valueHelp> + <format>u32:0-4294967294</format> + <description>Limit in bytes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + <tagNode name="target"> + <properties> + <help>BMP target</help> + </properties> + <children> + #include <include/address-ipv4-ipv6-single.xml.i> + #include <include/port-number.xml.i> + <leafNode name="port"> + <defaultValue>5000</defaultValue> + </leafNode> + <leafNode name="min-retry"> + <properties> + <help>Minimum connection retry interval (in milliseconds)</help> + <valueHelp> + <format>u32:100-86400000</format> + <description>Minimum connection retry interval</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 100-86400000"/> + </constraint> + </properties> + <defaultValue>1000</defaultValue> + </leafNode> + <leafNode name="max-retry"> + <properties> + <help>Maximum connection retry interval</help> + <valueHelp> + <format>u32:100-4294967295</format> + <description>Maximum connection retry interval</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 100-86400000"/> + </constraint> + </properties> + <defaultValue>2000</defaultValue> + </leafNode> + <leafNode name="mirror"> + <properties> + <help>Send BMP route mirroring messages</help> + <valueless/> + </properties> + </leafNode> + <node name="monitor"> + <properties> + <help>Send BMP route monitoring messages</help> + </properties> + <children> + <node name="ipv4-unicast"> + <properties> + <help>Address family IPv4 unicast</help> + </properties> + <children> + #include <include/bgp/bmp-monitor-afi-policy.xml.i> + </children> + </node> + <node name="ipv6-unicast"> + <properties> + <help>Address family IPv6 unicast</help> + </properties> + <children> + #include <include/bgp/bmp-monitor-afi-policy.xml.i> + </children> + </node> + </children> + </node> + </children> + </tagNode> + </children> +</node> <tagNode name="interface"> <properties> <help>Configure interface related parameters, e.g. MPLS</help> @@ -1541,8 +1698,10 @@ </properties> <children> #include <include/bgp/neighbor-afi-ipv4-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i> #include <include/bgp/neighbor-afi-ipv4-vpn.xml.i> #include <include/bgp/neighbor-afi-ipv6-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i> #include <include/bgp/neighbor-afi-ipv6-vpn.xml.i> #include <include/bgp/neighbor-afi-l2vpn-evpn.xml.i> </children> @@ -1568,6 +1727,66 @@ #include <include/port-number.xml.i> </children> </tagNode> +<node name="srv6"> + <properties> + <help>Segment-Routing SRv6 configuration</help> + </properties> + <children> + <leafNode name="locator"> + <properties> + <help>Specify SRv6 locator</help> + <valueHelp> + <format>txt</format> + <description>SRv6 locator name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="sid"> + <properties> + <help>SID value for VRF</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Between current VRF and VPN</help> + </properties> + <children> + <node name="per-vrf"> + <properties> + <help>SID per-VRF (both IPv4 and IPv6 address families)</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>For routes leaked from current VRF to VPN</help> + <completionHelp> + <list>auto</list> + </completionHelp> + <valueHelp> + <format>u32:1-1048575</format> + <description>SID allocation index</description> + </valueHelp> + <valueHelp> + <format>auto</format> + <description>Automatically assign a label</description> + </valueHelp> + <constraint> + <regex>auto</regex> + <validator name="numeric" argument="--range 1-1048575"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> +</node> <node name="timers"> <properties> <help>BGP protocol timers</help> diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i new file mode 100644 index 000000000..7aeb85260 --- /dev/null +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/alpha-numeric-hyphen-underscore-dot.xml.i --> +<regex>[-_a-zA-Z0-9.]+</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i index ba097c6b5..399f2e1da 100644 --- a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i @@ -1,3 +1,3 @@ -<!-- include start from include/constraint/alpha-numeric-hyphen-underscore.xml.i --> +<!-- include start from constraint/alpha-numeric-hyphen-underscore.xml.i --> <regex>[-_a-zA-Z0-9]+</regex> <!-- include end --> diff --git a/interface-definitions/include/constraint/dhcp-client-string-option.xml.i b/interface-definitions/include/constraint/dhcp-client-string-option.xml.i new file mode 100644 index 000000000..88257a9bb --- /dev/null +++ b/interface-definitions/include/constraint/dhcp-client-string-option.xml.i @@ -0,0 +1,4 @@ +<!-- include start from constraint/dhcp-client-string-option.xml.i --> +<regex>[-_a-zA-Z0-9\s]+</regex> +<regex>([a-fA-F0-9][a-fA-F0-9]:){2,}[a-fA-F0-9][a-fA-F0-9]</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/email.xml.i b/interface-definitions/include/constraint/email.xml.i new file mode 100644 index 000000000..b19a88d64 --- /dev/null +++ b/interface-definitions/include/constraint/email.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/email.xml.i --> +<regex>[^\s@]+@([^\s@.,]+\.)+[^\s@.,]{2,}</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/host-name.xml.i b/interface-definitions/include/constraint/host-name.xml.i index cc9740c16..5943772a2 100644 --- a/interface-definitions/include/constraint/host-name.xml.i +++ b/interface-definitions/include/constraint/host-name.xml.i @@ -1,3 +1,3 @@ -<!-- include start from constraint/host-name.xml.i -->
-<regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex>
-<!-- include end -->
+<!-- include start from constraint/host-name.xml.i --> +<regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/interface-name-with-wildcard-and-inverted.xml.i b/interface-definitions/include/constraint/interface-name-with-wildcard-and-inverted.xml.i deleted file mode 100644 index 6a39041a3..000000000 --- a/interface-definitions/include/constraint/interface-name-with-wildcard-and-inverted.xml.i +++ /dev/null @@ -1,4 +0,0 @@ -<!-- include start from constraint/interface-name-with-wildcard-and-inverted.xml.i --> -<regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> -<validator name="file-path --lookup-path /sys/class/net --directory"/> -<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/constraint/interface-name.xml.i b/interface-definitions/include/constraint/interface-name.xml.i index 1b14eabf5..3e7c4e667 100644 --- a/interface-definitions/include/constraint/interface-name.xml.i +++ b/interface-definitions/include/constraint/interface-name.xml.i @@ -1,4 +1,4 @@ <!-- include start from constraint/interface-name.xml.i --> -<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex> +<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|ipoe|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex> <validator name="file-path --lookup-path /sys/class/net --directory"/> <!-- include end --> diff --git a/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i b/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i deleted file mode 100644 index ee1af2a36..000000000 --- a/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i +++ /dev/null @@ -1,34 +0,0 @@ -<!-- include start from dns/dynamic-service-host-name-server.xml.i --> -<leafNode name="host-name"> - <properties> - <help>Hostname to register with Dynamic DNS service</help> - <constraint> - #include <include/constraint/host-name.xml.i> - </constraint> - <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> - <multi/> - </properties> -</leafNode> -<leafNode name="server"> - <properties> - <help>Remote Dynamic DNS server to send updates to</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of the remote server</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address of the remote server</description> - </valueHelp> - <valueHelp> - <format>hostname</format> - <description>Fully qualified domain name of the remote server</description> - </valueHelp> - <constraint> - <validator name="ip-address"/> - <validator name="fqdn"/> - </constraint> - <constraintErrorMessage>Remote server must be IP address or fully qualified domain name</constraintErrorMessage> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/dns/time-to-live.xml.i b/interface-definitions/include/dns/time-to-live.xml.i index 5c1a1472d..000eea108 100644 --- a/interface-definitions/include/dns/time-to-live.xml.i +++ b/interface-definitions/include/dns/time-to-live.xml.i @@ -10,6 +10,5 @@ <validator name="numeric" argument="--range 0-2147483647"/> </constraint> </properties> - <defaultValue>300</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/firewall/action-forward.xml.i b/interface-definitions/include/firewall/action-forward.xml.i new file mode 100644 index 000000000..87da72c97 --- /dev/null +++ b/interface-definitions/include/firewall/action-forward.xml.i @@ -0,0 +1,45 @@ +<!-- include start from firewall/action-forward.xml.i --> +<leafNode name="action"> + <properties> + <help>Rule action</help> + <completionHelp> + <list>accept continue jump reject return drop queue offload</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept matching entries</description> + </valueHelp> + <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> + <valueHelp> + <format>jump</format> + <description>Jump to another chain</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Reject matching entries</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop matching entries</description> + </valueHelp> + <valueHelp> + <format>queue</format> + <description>Enqueue packet to userspace</description> + </valueHelp> + <valueHelp> + <format>offload</format> + <description>Offload packet via flowtable</description> + </valueHelp> + <constraint> + <regex>(accept|continue|jump|reject|return|drop|queue|offload)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/action-l2.xml.i b/interface-definitions/include/firewall/action-l2.xml.i new file mode 100644 index 000000000..43fd211b4 --- /dev/null +++ b/interface-definitions/include/firewall/action-l2.xml.i @@ -0,0 +1,37 @@ +<!-- include start from firewall/action-l2.xml.i --> +<leafNode name="action"> + <properties> + <help>Rule action</help> + <completionHelp> + <list>accept continue jump return drop queue</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept matching entries</description> + </valueHelp> + <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> + <valueHelp> + <format>jump</format> + <description>Jump to another chain</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop matching entries</description> + </valueHelp> + <valueHelp> + <format>queue</format> + <description>Enqueue packet to userspace</description> + </valueHelp> + <constraint> + <regex>(accept|continue|jump|return|drop|queue)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i index 7c6e33839..5dd1bfaff 100644 --- a/interface-definitions/include/firewall/action.xml.i +++ b/interface-definitions/include/firewall/action.xml.i @@ -3,13 +3,17 @@ <properties> <help>Rule action</help> <completionHelp> - <list>accept jump reject return drop queue</list> + <list>accept continue jump reject return drop queue offload</list> </completionHelp> <valueHelp> <format>accept</format> <description>Accept matching entries</description> </valueHelp> <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> + <valueHelp> <format>jump</format> <description>Jump to another chain</description> </valueHelp> @@ -29,8 +33,12 @@ <format>queue</format> <description>Enqueue packet to userspace</description> </valueHelp> + <valueHelp> + <format>offload</format> + <description>Offload packet via flowtable</description> + </valueHelp> <constraint> - <regex>(accept|jump|reject|return|drop|queue)</regex> + <regex>(accept|continue|jump|reject|return|drop|queue|offload)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/bridge-custom-name.xml.i b/interface-definitions/include/firewall/bridge-custom-name.xml.i new file mode 100644 index 000000000..654493c0e --- /dev/null +++ b/interface-definitions/include/firewall/bridge-custom-name.xml.i @@ -0,0 +1,39 @@ +<!-- include start from firewall/bridge-custom-name.xml.i --> +<tagNode name="name"> + <properties> + <help>Bridge custom firewall</help> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/firewall/default-action.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <leafNode name="default-jump-target"> + <properties> + <help>Set jump target. Action jump must be defined in default-action to use this setting</help> + <completionHelp> + <path>firewall bridge name</path> + </completionHelp> + </properties> + </leafNode> + <tagNode name="rule"> + <properties> + <help>Bridge Firewall forward filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-bridge.xml.i> + </children> + </tagNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/bridge-hook-forward.xml.i b/interface-definitions/include/firewall/bridge-hook-forward.xml.i new file mode 100644 index 000000000..99f66ec77 --- /dev/null +++ b/interface-definitions/include/firewall/bridge-hook-forward.xml.i @@ -0,0 +1,35 @@ +<!-- include start from firewall/bridge-hook-forward.xml.i --> +<node name="forward"> + <properties> + <help>Bridge forward firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>Bridge firewall forward filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>Bridge Firewall forward filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-bridge.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i new file mode 100644 index 000000000..dcdd970ac --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/common-rule-bridge.xml.i --> +#include <include/firewall/action-l2.xml.i> +#include <include/firewall/nft-queue.xml.i> +<node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/mac-address.xml.i> + </children> +</node> +#include <include/generic-disable-node.xml.i> +<leafNode name="jump-target"> + <properties> + <help>Set jump target. Action jump must be defined to use this setting</help> + <completionHelp> + <path>firewall bridge name</path> + </completionHelp> + </properties> +</leafNode> +#include <include/firewall/log.xml.i> +#include <include/firewall/log-options.xml.i> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/mac-address.xml.i> + </children> +</node> +#include <include/firewall/inbound-interface.xml.i> +#include <include/firewall/outbound-interface.xml.i> +#include <include/firewall/match-vlan.xml.i> +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index 7a2eb86d4..3b5cb724d 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -3,14 +3,11 @@ #include <include/generic-description.xml.i> #include <include/firewall/dscp.xml.i> #include <include/firewall/packet-options.xml.i> +#include <include/firewall/firewall-mark.xml.i> #include <include/firewall/connection-mark.xml.i> +#include <include/firewall/conntrack-helper.xml.i> #include <include/firewall/nft-queue.xml.i> -<leafNode name="disable"> - <properties> - <help>Option to disable firewall rule</help> - <valueless/> - </properties> -</leafNode> +#include <include/generic-disable-node.xml.i> <node name="fragment"> <properties> <help>IP fragment match</help> @@ -80,45 +77,8 @@ </leafNode> </children> </node> -<leafNode name="log"> - <properties> - <help>Option to log packets matching rule</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable log</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable log</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> -</leafNode> -<leafNode name="log"> - <properties> - <help>Option to log packets matching rule</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable log</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable log</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> -</leafNode> -#include <include/firewall/rule-log-options.xml.i> +#include <include/firewall/log.xml.i> +#include <include/firewall/log-options.xml.i> <node name="connection-status"> <properties> <help>Connection status</help> @@ -219,89 +179,7 @@ </leafNode> </children> </node> -<node name="state"> - <properties> - <help>Session state</help> - </properties> - <children> - <leafNode name="established"> - <properties> - <help>Established state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="invalid"> - <properties> - <help>Invalid state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="new"> - <properties> - <help>New state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="related"> - <properties> - <help>Related state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> +#include <include/firewall/state.xml.i> #include <include/firewall/tcp-flags.xml.i> <node name="time"> <properties> diff --git a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i index a1071a09a..b253ee048 100644 --- a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i @@ -144,7 +144,7 @@ </constraint> </properties> </leafNode> -#include <include/firewall/rule-log-options.xml.i> +#include <include/firewall/log-options.xml.i> <node name="connection-status"> <properties> <help>Connection status</help> diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i deleted file mode 100644 index 7417a3c58..000000000 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ /dev/null @@ -1,386 +0,0 @@ -<!-- include start from firewall/common-rule.xml.i --> -#include <include/firewall/action.xml.i> -#include <include/generic-description.xml.i> -<node name="destination"> - <properties> - <help>Destination parameters</help> - </properties> - <children> - #include <include/firewall/mac-address.xml.i> - </children> -</node> -<leafNode name="disable"> - <properties> - <help>Option to disable firewall rule</help> - <valueless/> - </properties> -</leafNode> -<node name="fragment"> - <properties> - <help>IP fragment match</help> - </properties> - <children> - <leafNode name="match-frag"> - <properties> - <help>Second and further fragments of fragmented packets</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="match-non-frag"> - <properties> - <help>Head fragments or unfragmented packets</help> - <valueless/> - </properties> - </leafNode> - </children> -</node> -<node name="inbound-interface"> - <properties> - <help>Match inbound-interface</help> - </properties> - <children> - #include <include/firewall/match-interface.xml.i> - </children> -</node> -<node name="outbound-interface"> - <properties> - <help>Match outbound-interface</help> - </properties> - <children> - #include <include/firewall/match-interface.xml.i> - </children> -</node> -<node name="ipsec"> - <properties> - <help>Inbound IPsec packets</help> - </properties> - <children> - <leafNode name="match-ipsec"> - <properties> - <help>Inbound IPsec packets</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="match-none"> - <properties> - <help>Inbound non-IPsec packets</help> - <valueless/> - </properties> - </leafNode> - </children> -</node> -<node name="limit"> - <properties> - <help>Rate limit using a token bucket filter</help> - </properties> - <children> - <leafNode name="burst"> - <properties> - <help>Maximum number of packets to allow in excess of rate</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Maximum number of packets to allow in excess of rate</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-4294967295"/> - </constraint> - </properties> - </leafNode> - <leafNode name="rate"> - <properties> - <help>Maximum average matching rate</help> - <valueHelp> - <format>txt</format> - <description>integer/unit (Example: 5/minute)</description> - </valueHelp> - <constraint> - <regex>\d+/(second|minute|hour|day)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -<leafNode name="log"> - <properties> - <help>Option to log packets matching rule</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable log</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable log</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> -</leafNode> -#include <include/firewall/rule-log-options.xml.i> -<node name="connection-status"> - <properties> - <help>Connection status</help> - </properties> - <children> - <leafNode name="nat"> - <properties> - <help>NAT connection status</help> - <completionHelp> - <list>destination source</list> - </completionHelp> - <valueHelp> - <format>destination</format> - <description>Match connections that are subject to destination NAT</description> - </valueHelp> - <valueHelp> - <format>source</format> - <description>Match connections that are subject to source NAT</description> - </valueHelp> - <constraint> - <regex>^(destination|source)$</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -<leafNode name="protocol"> - <properties> - <help>Protocol to match (protocol name, number, or "all")</help> - <completionHelp> - <script>${vyos_completion_dir}/list_protocols.sh</script> - <list>all tcp_udp</list> - </completionHelp> - <valueHelp> - <format>all</format> - <description>All IP protocols</description> - </valueHelp> - <valueHelp> - <format>tcp_udp</format> - <description>Both TCP and UDP</description> - </valueHelp> - <valueHelp> - <format>u32:0-255</format> - <description>IP protocol number</description> - </valueHelp> - <valueHelp> - <format><protocol></format> - <description>IP protocol name</description> - </valueHelp> - <valueHelp> - <format>!<protocol></format> - <description>IP protocol name</description> - </valueHelp> - <constraint> - <validator name="ip-protocol"/> - </constraint> - </properties> -</leafNode> -<node name="recent"> - <properties> - <help>Parameters for matching recently seen sources</help> - </properties> - <children> - <leafNode name="count"> - <properties> - <help>Source addresses seen more than N times</help> - <valueHelp> - <format>u32:1-255</format> - <description>Source addresses seen more than N times</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-255"/> - </constraint> - </properties> - </leafNode> - <leafNode name="time"> - <properties> - <help>Source addresses seen in the last second/minute/hour</help> - <completionHelp> - <list>second minute hour</list> - </completionHelp> - <valueHelp> - <format>second</format> - <description>Source addresses seen COUNT times in the last second</description> - </valueHelp> - <valueHelp> - <format>minute</format> - <description>Source addresses seen COUNT times in the last minute</description> - </valueHelp> - <valueHelp> - <format>hour</format> - <description>Source addresses seen COUNT times in the last hour</description> - </valueHelp> - <constraint> - <regex>(second|minute|hour)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -<node name="source"> - <properties> - <help>Source parameters</help> - </properties> - <children> - #include <include/firewall/address.xml.i> - #include <include/firewall/source-destination-group.xml.i> - #include <include/firewall/mac-address.xml.i> - #include <include/firewall/port.xml.i> - </children> -</node> -<node name="state"> - <properties> - <help>Session state</help> - </properties> - <children> - <leafNode name="established"> - <properties> - <help>Established state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="invalid"> - <properties> - <help>Invalid state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="new"> - <properties> - <help>New state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="related"> - <properties> - <help>Related state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -#include <include/firewall/tcp-flags.xml.i> -<node name="time"> - <properties> - <help>Time to match rule</help> - </properties> - <children> - <leafNode name="startdate"> - <properties> - <help>Date to start matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter date using following notation - YYYY-MM-DD</description> - </valueHelp> - <constraint> - <regex>(\d{4}\-\d{2}\-\d{2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="starttime"> - <properties> - <help>Time of day to start matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter time using using 24 hour notation - hh:mm:ss</description> - </valueHelp> - <constraint> - <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="stopdate"> - <properties> - <help>Date to stop matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter date using following notation - YYYY-MM-DD</description> - </valueHelp> - <constraint> - <regex>(\d{4}\-\d{2}\-\d{2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="stoptime"> - <properties> - <help>Time of day to stop matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter time using using 24 hour notation - hh:mm:ss</description> - </valueHelp> - <constraint> - <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="weekdays"> - <properties> - <help>Comma separated weekdays to match rule on</help> - <valueHelp> - <format>txt</format> - <description>Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday)</description> - </valueHelp> - <valueHelp> - <format>u32:0-6</format> - <description>Day number (0 = Sunday ... 6 = Saturday)</description> - </valueHelp> - </properties> - </leafNode> - </children> -</node> -<!-- include end --> diff --git a/interface-definitions/include/firewall/conntrack-helper.xml.i b/interface-definitions/include/firewall/conntrack-helper.xml.i new file mode 100644 index 000000000..ee17f2c61 --- /dev/null +++ b/interface-definitions/include/firewall/conntrack-helper.xml.i @@ -0,0 +1,42 @@ +<!-- include start from firewall/conntrack-helper.xml.i --> +<leafNode name="conntrack-helper"> + <properties> + <help>Match related traffic from conntrack helpers</help> + <completionHelp> + <list>ftp h323 pptp nfs sip tftp sqlnet</list> + </completionHelp> + <valueHelp> + <format>ftp</format> + <description>Related traffic from FTP helper</description> + </valueHelp> + <valueHelp> + <format>h323</format> + <description>Related traffic from H.323 helper</description> + </valueHelp> + <valueHelp> + <format>pptp</format> + <description>Related traffic from PPTP helper</description> + </valueHelp> + <valueHelp> + <format>nfs</format> + <description>Related traffic from NFS helper</description> + </valueHelp> + <valueHelp> + <format>sip</format> + <description>Related traffic from SIP helper</description> + </valueHelp> + <valueHelp> + <format>tftp</format> + <description>Related traffic from TFTP helper</description> + </valueHelp> + <valueHelp> + <format>sqlnet</format> + <description>Related traffic from SQLNet helper</description> + </valueHelp> + <constraint> + <regex>(ftp|h323|pptp|nfs|sip|tftp|sqlnet)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/default-action-bridge.xml.i b/interface-definitions/include/firewall/default-action-bridge.xml.i new file mode 100644 index 000000000..577165976 --- /dev/null +++ b/interface-definitions/include/firewall/default-action-bridge.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/default-action-bridge.xml.i --> +<leafNode name="default-action"> + <properties> + <help>Default action for rule-set</help> + <completionHelp> + <list>drop jump return accept continue</list> + </completionHelp> + <valueHelp> + <format>drop</format> + <description>Drop if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>jump</format> + <description>Jump to another chain if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>accept</format> + <description>Accept if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> + <constraint> + <regex>(drop|jump|return|accept|continue)</regex> + </constraint> + </properties> + <defaultValue>drop</defaultValue> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/default-action.xml.i b/interface-definitions/include/firewall/default-action.xml.i index 80efaf335..6a49d800e 100644 --- a/interface-definitions/include/firewall/default-action.xml.i +++ b/interface-definitions/include/firewall/default-action.xml.i @@ -1,9 +1,9 @@ <!-- include start from firewall/default-action.xml.i --> <leafNode name="default-action"> <properties> - <help>Default-action for rule-set</help> + <help>Default action for rule-set</help> <completionHelp> - <list>drop jump reject return accept</list> + <list>drop jump reject return accept continue</list> </completionHelp> <valueHelp> <format>drop</format> @@ -25,8 +25,12 @@ <format>accept</format> <description>Accept if no prior rules are hit</description> </valueHelp> + <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> <constraint> - <regex>(drop|jump|reject|return|accept)</regex> + <regex>(drop|jump|reject|return|accept|continue)</regex> </constraint> </properties> <defaultValue>drop</defaultValue> diff --git a/interface-definitions/include/firewall/default-log.xml.i b/interface-definitions/include/firewall/default-log.xml.i new file mode 100644 index 000000000..dceacdb89 --- /dev/null +++ b/interface-definitions/include/firewall/default-log.xml.i @@ -0,0 +1,8 @@ +<!-- include start from firewall/default-log.xml.i --> +<leafNode name="default-log"> + <properties> + <help>Log packets hitting default-action</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/enable-default-log.xml.i b/interface-definitions/include/firewall/enable-default-log.xml.i deleted file mode 100644 index 0efd8341b..000000000 --- a/interface-definitions/include/firewall/enable-default-log.xml.i +++ /dev/null @@ -1,8 +0,0 @@ -<!-- include start from firewall/enable-default-log.xml.i --> -<leafNode name="enable-default-log"> - <properties> - <help>Log packets hitting default-action</help> - <valueless/> - </properties> -</leafNode> -<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/firewall-mark.xml.i b/interface-definitions/include/firewall/firewall-mark.xml.i new file mode 100644 index 000000000..a4cee12d8 --- /dev/null +++ b/interface-definitions/include/firewall/firewall-mark.xml.i @@ -0,0 +1,26 @@ +<!-- include start from firewall/firewall-mark.xml.i --> +<leafNode name="mark"> + <properties> + <help>Firewall mark</help> + <valueHelp> + <format>u32:0-2147483647</format> + <description>Firewall mark to match</description> + </valueHelp> + <valueHelp> + <format>!u32:0-2147483647</format> + <description>Inverted Firewall mark to match</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>Firewall mark range to match</description> + </valueHelp> + <valueHelp> + <format>!<start-end></format> + <description>Firewall mark inverted range to match</description> + </valueHelp> + <constraint> + <validator name="numeric-exclude" argument="--allow-range --range 0-2147483647"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i index e655cd6ac..415d85f05 100644 --- a/interface-definitions/include/firewall/global-options.xml.i +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -167,6 +167,43 @@ </properties> <defaultValue>disable</defaultValue> </leafNode> + <node name="state-policy"> + <properties> + <help>Global firewall state-policy</help> + </properties> + <children> + <node name="established"> + <properties> + <help>Global firewall policy for packets part of an established connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> + </children> + </node> + <node name="invalid"> + <properties> + <help>Global firewall policy for packets part of an invalid connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> + </children> + </node> + <node name="related"> + <properties> + <help>Global firewall policy for packets part of a related connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> + </children> + </node> + </children> + </node> <leafNode name="syn-cookies"> <properties> <help>Policy for using TCP SYN cookies with IPv4</help> diff --git a/interface-definitions/include/firewall/inbound-interface-no-group.xml.i b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i new file mode 100644 index 000000000..bcd4c9570 --- /dev/null +++ b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/inbound-interface-no-group.xml.i --> +<node name="inbound-interface"> + <properties> + <help>Match inbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv4-custom-name.xml.i b/interface-definitions/include/firewall/ipv4-custom-name.xml.i index 9d6ecfaf2..8199d15fe 100644 --- a/interface-definitions/include/firewall/ipv4-custom-name.xml.i +++ b/interface-definitions/include/firewall/ipv4-custom-name.xml.i @@ -8,7 +8,7 @@ </properties> <children> #include <include/firewall/default-action.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <leafNode name="default-jump-target"> <properties> @@ -33,9 +33,10 @@ <children> #include <include/firewall/common-rule-ipv4.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/offload-target.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> </children> </tagNode> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i index 08ee96419..de2c70482 100644 --- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -24,8 +25,10 @@ <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> + #include <include/firewall/action-forward.xml.i> #include <include/firewall/common-rule-ipv4.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/offload-target.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> @@ -33,4 +36,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i index 32b0ec94f..5d32657ea 100644 --- a/interface-definitions/include/firewall/ipv4-hook-input.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -32,4 +33,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i index d50d1e93b..2b537ce5e 100644 --- a/interface-definitions/include/firewall/ipv4-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -32,4 +33,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-custom-name.xml.i b/interface-definitions/include/firewall/ipv6-custom-name.xml.i index 81610babf..5748b3927 100644 --- a/interface-definitions/include/firewall/ipv6-custom-name.xml.i +++ b/interface-definitions/include/firewall/ipv6-custom-name.xml.i @@ -8,7 +8,7 @@ </properties> <children> #include <include/firewall/default-action.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <leafNode name="default-jump-target"> <properties> @@ -33,9 +33,10 @@ <children> #include <include/firewall/common-rule-ipv6.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/offload-target.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> </children> </tagNode> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i index 20ab8dbe8..b53f09f59 100644 --- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -24,8 +25,10 @@ <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> + #include <include/firewall/action-forward.xml.i> #include <include/firewall/common-rule-ipv6.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/offload-target.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> @@ -33,4 +36,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i index e34958f28..493611fb1 100644 --- a/interface-definitions/include/firewall/ipv6-hook-input.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -32,4 +33,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i index eb4ea7ac3..ffe1c72b8 100644 --- a/interface-definitions/include/firewall/ipv6-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -32,4 +33,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/rule-log-options.xml.i b/interface-definitions/include/firewall/log-options.xml.i index e8b0cdec3..e8b0cdec3 100644 --- a/interface-definitions/include/firewall/rule-log-options.xml.i +++ b/interface-definitions/include/firewall/log-options.xml.i diff --git a/interface-definitions/include/firewall/log.xml.i b/interface-definitions/include/firewall/log.xml.i index 46d20c1df..795ed77be 100644 --- a/interface-definitions/include/firewall/log.xml.i +++ b/interface-definitions/include/firewall/log.xml.i @@ -1,15 +1,7 @@ <!-- include start from firewall/log.xml.i --> -<node name="log"> +<leafNode name="log"> <properties> - <help>Option to log packets</help> + <help>Log packets hitting this rule</help> + <valueless/> </properties> - <children> - <leafNode name="enable"> - <properties> - <help>Enable logging</help> - <valueless/> - </properties> - </leafNode> - </children> -</node> -<!-- include end --> +</leafNode>
\ No newline at end of file diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i index 7810f88ab..9f720ab37 100644 --- a/interface-definitions/include/firewall/match-interface.xml.i +++ b/interface-definitions/include/firewall/match-interface.xml.i @@ -1,9 +1,10 @@ <!-- include start from firewall/match-interface.xml.i --> -<leafNode name="interface-name"> +<leafNode name="name"> <properties> <help>Match interface</help> <completionHelp> <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> </completionHelp> <valueHelp> <format>txt</format> @@ -18,11 +19,12 @@ <description>Inverted interface name to match</description> </valueHelp> <constraint> - #include <include/constraint/interface-name-with-wildcard-and-inverted.xml.i> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> </constraint> </properties> </leafNode> -<leafNode name="interface-group"> +<leafNode name="group"> <properties> <help>Match interface-group</help> <completionHelp> @@ -38,4 +40,4 @@ </valueHelp> </properties> </leafNode> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/match-vlan.xml.i b/interface-definitions/include/firewall/match-vlan.xml.i new file mode 100644 index 000000000..d0820f7d8 --- /dev/null +++ b/interface-definitions/include/firewall/match-vlan.xml.i @@ -0,0 +1,41 @@ +<!-- include start from firewall/match-vlan.xml.i --> +<node name="vlan"> + <properties> + <help>VLAN parameters</help> + </properties> + <children> + <leafNode name="id"> + <properties> + <help>VLAN id</help> + <valueHelp> + <format>u32:0-4096</format> + <description>VLAN id</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>VLAN id range to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-4095"/> + </constraint> + </properties> + </leafNode> + <leafNode name="priority"> + <properties> + <help>VLAN priority(pcp)</help> + <valueHelp> + <format>u32:0-7</format> + <description>VLAN priority</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>VLAN priority range to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-7"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/offload-target.xml.i b/interface-definitions/include/firewall/offload-target.xml.i new file mode 100644 index 000000000..b1ae39100 --- /dev/null +++ b/interface-definitions/include/firewall/offload-target.xml.i @@ -0,0 +1,10 @@ +<!-- include start from firewall/offload-target.xml.i --> +<leafNode name="offload-target"> + <properties> + <help>Set flowtable offload target. Action offload must be defined to use this setting</help> + <completionHelp> + <path>firewall flowtable</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/outbound-interface-no-group.xml.i b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i new file mode 100644 index 000000000..e3bace42d --- /dev/null +++ b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/outbound-interface-no-group.xml.i --> +<node name="outbound-interface"> + <properties> + <help>Match outbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/state.xml.i b/interface-definitions/include/firewall/state.xml.i new file mode 100644 index 000000000..47ce3c91d --- /dev/null +++ b/interface-definitions/include/firewall/state.xml.i @@ -0,0 +1,30 @@ +<!-- include start from firewall/state.xml.i --> +<leafNode name="state"> + <properties> + <help>Session state</help> + <completionHelp> + <list>established invalid new related</list> + </completionHelp> + <valueHelp> + <format>established</format> + <description>Established state</description> + </valueHelp> + <valueHelp> + <format>invalid</format> + <description>Invalid state</description> + </valueHelp> + <valueHelp> + <format>new</format> + <description>New state</description> + </valueHelp> + <valueHelp> + <format>related</format> + <description>Related state</description> + </valueHelp> + <constraint> + <regex>(established|invalid|new|related)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/interface/dhcp-options.xml.i b/interface-definitions/include/interface/dhcp-options.xml.i index 8027769ff..733512a98 100644 --- a/interface-definitions/include/interface/dhcp-options.xml.i +++ b/interface-definitions/include/interface/dhcp-options.xml.i @@ -7,6 +7,13 @@ <leafNode name="client-id"> <properties> <help>Identifier used by client to identify itself to the DHCP server</help> + <valueHelp> + <format>txt</format> + <description>DHCP option string</description> + </valueHelp> + <constraint> + #include <include/constraint/dhcp-client-string-option.xml.i> + </constraint> </properties> </leafNode> <leafNode name="host-name"> @@ -27,6 +34,25 @@ <leafNode name="vendor-class-id"> <properties> <help>Identify the vendor client type to the DHCP server</help> + <valueHelp> + <format>txt</format> + <description>DHCP option string</description> + </valueHelp> + <constraint> + #include <include/constraint/dhcp-client-string-option.xml.i> + </constraint> + </properties> + </leafNode> + <leafNode name="user-class"> + <properties> + <help>Identify to the DHCP server, user configurable option</help> + <valueHelp> + <format>txt</format> + <description>DHCP option string</description> + </valueHelp> + <constraint> + #include <include/constraint/dhcp-client-string-option.xml.i> + </constraint> </properties> </leafNode> #include <include/interface/no-default-route.xml.i> diff --git a/interface-definitions/include/interface/dhcpv6-options.xml.i b/interface-definitions/include/interface/dhcpv6-options.xml.i index 5ca1d525f..68d1b172f 100644 --- a/interface-definitions/include/interface/dhcpv6-options.xml.i +++ b/interface-definitions/include/interface/dhcpv6-options.xml.i @@ -4,18 +4,7 @@ <help>DHCPv6 client settings/options</help> </properties> <children> - <leafNode name="duid"> - <properties> - <help>DHCP unique identifier (DUID) to be sent by dhcpv6 client</help> - <valueHelp> - <format>duid</format> - <description>DHCP unique identifier (DUID)</description> - </valueHelp> - <constraint> - <validator name="ipv6-duid"/> - </constraint> - </properties> - </leafNode> + #include <include/interface/duid.xml.i> <leafNode name="parameters-only"> <properties> <help>Acquire only config parameters, no address</help> diff --git a/interface-definitions/include/interface/duid.xml.i b/interface-definitions/include/interface/duid.xml.i new file mode 100644 index 000000000..8d808696e --- /dev/null +++ b/interface-definitions/include/interface/duid.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/duid.xml.i --> +<leafNode name="duid"> + <properties> + <help>DHCP unique identifier (DUID) to be sent by client</help> + <valueHelp> + <format>duid</format> + <description>DHCP unique identifier</description> + </valueHelp> + <constraint> + <regex>([0-9A-Fa-f]{2}:){0,127}([0-9A-Fa-f]{2})</regex> + </constraint> + <constraintErrorMessage>Invalid DUID, must be in the format h[[:h]...]</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/isis/level-1-2-leaf.xml.i b/interface-definitions/include/isis/level-1-2-leaf.xml.i new file mode 100644 index 000000000..3703da1ed --- /dev/null +++ b/interface-definitions/include/isis/level-1-2-leaf.xml.i @@ -0,0 +1,13 @@ +<!-- include start from isis/level-1-2-leaf.xml.i --> +<leafNode name="level-1"> + <properties> + <help>Match on IS-IS level-1 routes</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="level-2"> + <properties> + <help>Match on IS-IS level-2 routes</help> + <valueless/> + </properties> +</leafNode>
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-local.xml.i b/interface-definitions/include/isis/lfa-local.xml.i new file mode 100644 index 000000000..c5bf6a3eb --- /dev/null +++ b/interface-definitions/include/isis/lfa-local.xml.i @@ -0,0 +1,128 @@ +<!-- include start from isis/lfa-local.xml.i --> +<node name="local"> + <properties> + <help>Local loop free alternate options</help> + </properties> + <children> + <node name="load-sharing"> + <properties> + <help>Load share prefixes across multiple backups</help> + </properties> + <children> + <node name="disable"> + <properties> + <help>Disable load sharing</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + </children> + </node> + <node name="priority-limit"> + <properties> + <help>Limit backup computation up to the prefix priority</help> + </properties> + <children> + <node name="medium"> + <properties> + <help>Compute for critical, high, and medium priority prefixes</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + <node name="high"> + <properties> + <help>Compute for critical, and high priority prefixes</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + <node name="critical"> + <properties> + <help>Compute for critical priority prefixes only</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + </children> + </node> + <node name="tiebreaker"> + <properties> + <help>Configure tiebreaker for multiple backups</help> + </properties> + <children> + <node name="downstream"> + <properties> + <help>Prefer backup path via downstream node</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="lowest-backup-metric"> + <properties> + <help>Prefer backup path with lowest total metric</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="node-protecting"> + <properties> + <help>Prefer node protecting backup path</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-protocol.xml.i b/interface-definitions/include/isis/lfa-protocol.xml.i new file mode 100644 index 000000000..cfb1a6dc1 --- /dev/null +++ b/interface-definitions/include/isis/lfa-protocol.xml.i @@ -0,0 +1,11 @@ +<!-- include start from isis/lfa-protocol.xml.i --> +<node name="lfa"> + <properties> + <help>Loop free alternate functionality</help> + </properties> + <children> + #include <include/isis/lfa-remote.xml.i> + #include <include/isis/lfa-local.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-remote.xml.i b/interface-definitions/include/isis/lfa-remote.xml.i new file mode 100644 index 000000000..8434e35bf --- /dev/null +++ b/interface-definitions/include/isis/lfa-remote.xml.i @@ -0,0 +1,28 @@ +<!-- include start from isis/lfa-remote.xml.i --> +<node name="remote"> + <properties> + <help>Remote loop free alternate options</help> + </properties> + <children> + <tagNode name="prefix-list"> + <properties> + <help>Filter PQ node router ID based on prefix list</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of IPv4/IPv6 prefix-list</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i index 4ca7061db..404f03cb5 100644 --- a/interface-definitions/include/isis/protocol-common-config.xml.i +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -1,4 +1,16 @@ <!-- include start from isis/protocol-common-config.xml.i --> +<leafNode name="advertise-high-metrics"> + <properties> + <help>Advertise high metric value on all interfaces</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="advertise-passive-only"> + <properties> + <help>Advertise prefixes of passive interfaces only</help> + <valueless/> + </properties> +</leafNode> <node name="area-password"> <properties> <help>Configure the authentication password for an area</help> @@ -153,6 +165,14 @@ </properties> </leafNode> #include <include/isis/ldp-sync-protocol.xml.i> +<node name="fast-reroute"> + <properties> + <help>IS-IS fast reroute configuration</help> + </properties> + <children> + #include <include/isis/lfa-protocol.xml.i> + </children> +</node> <leafNode name="net"> <properties> <help>A Network Entity Title for this process (ISO only)</help> diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i index 6234e6195..deb13529d 100644 --- a/interface-definitions/include/nat-rule.xml.i +++ b/interface-definitions/include/nat-rule.xml.i @@ -34,12 +34,7 @@ #include <include/firewall/nat-balance.xml.i> </children> </node> - <leafNode name="log"> - <properties> - <help>NAT rule logging</help> - <valueless/> - </properties> - </leafNode> + #include <include/firewall/log.xml.i> <leafNode name="packet-type"> <properties> <help>Packet type</help> diff --git a/interface-definitions/include/nat64/protocol.xml.i b/interface-definitions/include/nat64/protocol.xml.i new file mode 100644 index 000000000..a640873b5 --- /dev/null +++ b/interface-definitions/include/nat64/protocol.xml.i @@ -0,0 +1,27 @@ +<!-- include start from nat64/protocol.xml.i --> +<node name="protocol"> + <properties> + <help>Apply translation address to a specfic protocol</help> + </properties> + <children> + <leafNode name="tcp"> + <properties> + <help>Transmission Control Protocol</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="udp"> + <properties> + <help>User Datagram Protocol</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="icmp"> + <properties> + <help>Internet Control Message Protocol</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/pim/bsm.xml.i b/interface-definitions/include/pim/bsm.xml.i new file mode 100644 index 000000000..cc2cf14ca --- /dev/null +++ b/interface-definitions/include/pim/bsm.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/bsm.xml.i --> +<leafNode name="no-bsm"> + <properties> + <help>Do not process bootstrap messages</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="no-unicast-bsm"> + <properties> + <help>Do not process unicast bootstrap messages</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/dr-priority.xml.i b/interface-definitions/include/pim/dr-priority.xml.i new file mode 100644 index 000000000..e4b3067c2 --- /dev/null +++ b/interface-definitions/include/pim/dr-priority.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/dr-priority.xml.i --> +<leafNode name="dr-priority"> + <properties> + <help>Designated router election priority</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>DR Priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/hello.xml.i b/interface-definitions/include/pim/hello.xml.i new file mode 100644 index 000000000..0c7601be7 --- /dev/null +++ b/interface-definitions/include/pim/hello.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/hello.xml.i --> +<leafNode name="hello"> + <properties> + <help>Hello Interval</help> + <valueHelp> + <format>u32:1-180</format> + <description>Hello Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-180"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/join-prune-interval.xml.i b/interface-definitions/include/pim/join-prune-interval.xml.i new file mode 100644 index 000000000..882787d3f --- /dev/null +++ b/interface-definitions/include/pim/join-prune-interval.xml.i @@ -0,0 +1,15 @@ +<!-- include start from pim/join-prune-interval.xml.i --> +<leafNode name="join-prune-interval"> + <properties> + <help>Join prune send interval</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/keep-alive-timer.xml.i b/interface-definitions/include/pim/keep-alive-timer.xml.i new file mode 100644 index 000000000..0dd27d6e7 --- /dev/null +++ b/interface-definitions/include/pim/keep-alive-timer.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/keep-alive-timer.xml.i --> +<leafNode name="keep-alive-timer"> + <properties> + <help>Keep alive Timer</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Keep alive Timer in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/packets.xml.i b/interface-definitions/include/pim/packets.xml.i new file mode 100644 index 000000000..1dc00c971 --- /dev/null +++ b/interface-definitions/include/pim/packets.xml.i @@ -0,0 +1,15 @@ +<!-- include start from pim/packets.xml.i --> +<leafNode name="packets"> + <properties> + <help>Packets to process at once</help> + <valueHelp> + <format>u32:1-255</format> + <description>Number of packets</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>3</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/passive.xml.i b/interface-definitions/include/pim/passive.xml.i new file mode 100644 index 000000000..e4e9ca0b1 --- /dev/null +++ b/interface-definitions/include/pim/passive.xml.i @@ -0,0 +1,8 @@ +<!-- include start from pim/passive.xml.i --> +<leafNode name="passive"> + <properties> + <help>Disable sending and receiving PIM control packets on the interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/register-suppress-time.xml.i b/interface-definitions/include/pim/register-suppress-time.xml.i new file mode 100644 index 000000000..919945b52 --- /dev/null +++ b/interface-definitions/include/pim/register-suppress-time.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/register-suppress-time.xml.i --> +<leafNode name="register-suppress-time"> + <properties> + <help>Register suppress timer</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Timer in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/certificate-multi.xml.i b/interface-definitions/include/pki/certificate-multi.xml.i new file mode 100644 index 000000000..c49c5d9b2 --- /dev/null +++ b/interface-definitions/include/pki/certificate-multi.xml.i @@ -0,0 +1,15 @@ +<!-- include start from pki/certificate-multi.xml.i --> +<leafNode name="certificate"> + <properties> + <help>Certificate in PKI configuration</help> + <completionHelp> + <path>pki certificate</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of certificate in PKI configuration</description> + </valueHelp> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/dh-params.xml.i b/interface-definitions/include/pki/dh-params.xml.i new file mode 100644 index 000000000..a422df832 --- /dev/null +++ b/interface-definitions/include/pki/dh-params.xml.i @@ -0,0 +1,10 @@ +<!-- include start from pki/certificate-multi.xml.i --> +<leafNode name="dh-params"> + <properties> + <help>Diffie Hellman parameters (server only)</help> + <completionHelp> + <path>pki dh</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i b/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i new file mode 100644 index 000000000..ffe73ee32 --- /dev/null +++ b/interface-definitions/include/policy/local-route_rule_ipv4_address.xml.i @@ -0,0 +1,20 @@ +<!-- include start from policy/local-route_rule_ipv4_address.xml.i --> +<leafNode name="address"> + <properties> + <help>IPv4 address or prefix</help> + <valueHelp> + <format>ipv4</format> + <description>Address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>Prefix to match against</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i b/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i new file mode 100644 index 000000000..d8fb6c074 --- /dev/null +++ b/interface-definitions/include/policy/local-route_rule_ipv6_address.xml.i @@ -0,0 +1,20 @@ +<!-- include start from policy/local-route_rule_ipv6_address.xml.i --> +<leafNode name="address"> + <properties> + <help>IPv6 address or prefix</help> + <valueHelp> + <format>ipv6</format> + <description>Address to match against</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>Prefix to match against</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + <validator name="ipv6-prefix"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/local-route_rule_protocol.xml.i b/interface-definitions/include/policy/local-route_rule_protocol.xml.i new file mode 100644 index 000000000..57582eb37 --- /dev/null +++ b/interface-definitions/include/policy/local-route_rule_protocol.xml.i @@ -0,0 +1,21 @@ +<!-- include start from policy/local-route_rule_protocol.xml.i --> +<leafNode name="protocol"> + <properties> + <help>Protocol to match (protocol name or number)</help> + <completionHelp> + <script>${vyos_completion_dir}/list_protocols.sh</script> + </completionHelp> + <valueHelp> + <format>u32:0-255</format> + <description>IP protocol number</description> + </valueHelp> + <valueHelp> + <format><protocol></format> + <description>IP protocol name</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/prefix-list.xml.i b/interface-definitions/include/policy/prefix-list.xml.i new file mode 100644 index 000000000..5d7980ee2 --- /dev/null +++ b/interface-definitions/include/policy/prefix-list.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/prefix-list.xml.i --> +<leafNode name="prefix-list"> + <properties> + <help>Prefix-list to use</help> + <valueHelp> + <format>txt</format> + <description>Prefix-list to apply (IPv4)</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/prefix-list6.xml.i b/interface-definitions/include/policy/prefix-list6.xml.i new file mode 100644 index 000000000..101702f1f --- /dev/null +++ b/interface-definitions/include/policy/prefix-list6.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/prefix-list6.xml.i --> +<leafNode name="prefix-list6"> + <properties> + <help>Prefix-list to use</help> + <valueHelp> + <format>txt</format> + <description>Prefix-list to apply (IPv6)</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i index 216ec9bea..cbe356408 100644 --- a/interface-definitions/include/policy/route-common.xml.i +++ b/interface-definitions/include/policy/route-common.xml.i @@ -1,360 +1,256 @@ -<!-- include start from policy/route-common.xml.i -->
-#include <include/policy/route-rule-action.xml.i>
-#include <include/generic-description.xml.i>
-<leafNode name="disable">
- <properties>
- <help>Option to disable firewall rule</help>
- <valueless/>
- </properties>
-</leafNode>
-<node name="fragment">
- <properties>
- <help>IP fragment match</help>
- </properties>
- <children>
- <leafNode name="match-frag">
- <properties>
- <help>Second and further fragments of fragmented packets</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="match-non-frag">
- <properties>
- <help>Head fragments or unfragmented packets</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="ipsec">
- <properties>
- <help>Inbound IPsec packets</help>
- </properties>
- <children>
- <leafNode name="match-ipsec">
- <properties>
- <help>Inbound IPsec packets</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="match-none">
- <properties>
- <help>Inbound non-IPsec packets</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="limit">
- <properties>
- <help>Rate limit using a token bucket filter</help>
- </properties>
- <children>
- <leafNode name="burst">
- <properties>
- <help>Maximum number of packets to allow in excess of rate</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Maximum number of packets to allow in excess of rate</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="rate">
- <properties>
- <help>Maximum average matching rate</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Maximum average matching rate</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<leafNode name="log">
- <properties>
- <help>Option to log packets matching rule</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable log</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable log</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
-</leafNode>
-<leafNode name="protocol">
- <properties>
- <help>Protocol to match (protocol name, number, or "all")</help>
- <completionHelp>
- <script>cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'</script>
- </completionHelp>
- <valueHelp>
- <format>all</format>
- <description>All IP protocols</description>
- </valueHelp>
- <valueHelp>
- <format>tcp_udp</format>
- <description>Both TCP and UDP</description>
- </valueHelp>
- <valueHelp>
- <format>0-255</format>
- <description>IP protocol number</description>
- </valueHelp>
- <valueHelp>
- <format>!<protocol></format>
- <description>IP protocol number</description>
- </valueHelp>
- <constraint>
- <validator name="ip-protocol"/>
- </constraint>
- </properties>
- <defaultValue>all</defaultValue>
-</leafNode>
-<node name="recent">
- <properties>
- <help>Parameters for matching recently seen sources</help>
- </properties>
- <children>
- <leafNode name="count">
- <properties>
- <help>Source addresses seen more than N times</help>
- <valueHelp>
- <format>u32:1-255</format>
- <description>Source addresses seen more than N times</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-255"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="time">
- <properties>
- <help>Source addresses seen in the last N seconds</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Source addresses seen in the last N seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="set">
- <properties>
- <help>Packet modifications</help>
- </properties>
- <children>
- <leafNode name="connection-mark">
- <properties>
- <help>Connection marking</help>
- <valueHelp>
- <format>u32:0-2147483647</format>
- <description>Connection marking</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-2147483647"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="dscp">
- <properties>
- <help>Packet Differentiated Services Codepoint (DSCP)</help>
- <valueHelp>
- <format>u32:0-63</format>
- <description>DSCP number</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-63"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="mark">
- <properties>
- <help>Packet marking</help>
- <valueHelp>
- <format>u32:1-2147483647</format>
- <description>Packet marking</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-2147483647"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="table">
- <properties>
- <help>Routing table to forward packet with</help>
- <valueHelp>
- <format>u32:1-200</format>
- <description>Table number</description>
- </valueHelp>
- <valueHelp>
- <format>main</format>
- <description>Main table</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-200"/>
- <regex>(main)</regex>
- </constraint>
- <completionHelp>
- <list>main</list>
- <path>protocols static table</path>
- </completionHelp>
- </properties>
- </leafNode>
- <leafNode name="tcp-mss">
- <properties>
- <help>TCP Maximum Segment Size</help>
- <valueHelp>
- <format>u32:500-1460</format>
- <description>Explicitly set TCP MSS value</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 500-1460"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="state">
- <properties>
- <help>Session state</help>
- </properties>
- <children>
- <leafNode name="established">
- <properties>
- <help>Established state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="invalid">
- <properties>
- <help>Invalid state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="new">
- <properties>
- <help>New state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="related">
- <properties>
- <help>Related state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-#include <include/firewall/tcp-flags.xml.i>
-<node name="time">
- <properties>
- <help>Time to match rule</help>
- </properties>
- <children>
- <leafNode name="monthdays">
- <properties>
- <help>Monthdays to match rule on</help>
- </properties>
- </leafNode>
- <leafNode name="startdate">
- <properties>
- <help>Date to start matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="starttime">
- <properties>
- <help>Time of day to start matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="stopdate">
- <properties>
- <help>Date to stop matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="stoptime">
- <properties>
- <help>Time of day to stop matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="utc">
- <properties>
- <help>Interpret times for startdate, stopdate, starttime and stoptime to be UTC</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="weekdays">
- <properties>
- <help>Weekdays to match rule on</help>
- </properties>
- </leafNode>
- </children>
-</node>
-<!-- include end -->
+<!-- include start from policy/route-common.xml.i --> +#include <include/policy/route-rule-action.xml.i> +#include <include/generic-description.xml.i> +#include <include/firewall/firewall-mark.xml.i> +#include <include/generic-disable-node.xml.i> +<node name="fragment"> + <properties> + <help>IP fragment match</help> + </properties> + <children> + <leafNode name="match-frag"> + <properties> + <help>Second and further fragments of fragmented packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-non-frag"> + <properties> + <help>Head fragments or unfragmented packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="ipsec"> + <properties> + <help>Inbound IPsec packets</help> + </properties> + <children> + <leafNode name="match-ipsec"> + <properties> + <help>Inbound IPsec packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none"> + <properties> + <help>Inbound non-IPsec packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="limit"> + <properties> + <help>Rate limit using a token bucket filter</help> + </properties> + <children> + <leafNode name="burst"> + <properties> + <help>Maximum number of packets to allow in excess of rate</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>Maximum number of packets to allow in excess of rate</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="rate"> + <properties> + <help>Maximum average matching rate</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>Maximum average matching rate</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +#include <include/firewall/log.xml.i> +<leafNode name="protocol"> + <properties> + <help>Protocol to match (protocol name, number, or "all")</help> + <completionHelp> + <script>cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'</script> + </completionHelp> + <valueHelp> + <format>all</format> + <description>All IP protocols</description> + </valueHelp> + <valueHelp> + <format>tcp_udp</format> + <description>Both TCP and UDP</description> + </valueHelp> + <valueHelp> + <format>0-255</format> + <description>IP protocol number</description> + </valueHelp> + <valueHelp> + <format>!<protocol></format> + <description>IP protocol number</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> + <defaultValue>all</defaultValue> +</leafNode> +<node name="recent"> + <properties> + <help>Parameters for matching recently seen sources</help> + </properties> + <children> + <leafNode name="count"> + <properties> + <help>Source addresses seen more than N times</help> + <valueHelp> + <format>u32:1-255</format> + <description>Source addresses seen more than N times</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time"> + <properties> + <help>Source addresses seen in the last N seconds</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>Source addresses seen in the last N seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="set"> + <properties> + <help>Packet modifications</help> + </properties> + <children> + <leafNode name="connection-mark"> + <properties> + <help>Connection marking</help> + <valueHelp> + <format>u32:0-2147483647</format> + <description>Connection marking</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647"/> + </constraint> + </properties> + </leafNode> + <leafNode name="dscp"> + <properties> + <help>Packet Differentiated Services Codepoint (DSCP)</help> + <valueHelp> + <format>u32:0-63</format> + <description>DSCP number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-63"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mark"> + <properties> + <help>Packet marking</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Packet marking</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + </leafNode> + <leafNode name="table"> + <properties> + <help>Routing table to forward packet with</help> + <valueHelp> + <format>u32:1-200</format> + <description>Table number</description> + </valueHelp> + <valueHelp> + <format>main</format> + <description>Main table</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-200"/> + <regex>(main)</regex> + </constraint> + <completionHelp> + <list>main</list> + <path>protocols static table</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="tcp-mss"> + <properties> + <help>TCP Maximum Segment Size</help> + <valueHelp> + <format>u32:500-1460</format> + <description>Explicitly set TCP MSS value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 500-1460"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +#include <include/firewall/state.xml.i> +#include <include/firewall/tcp-flags.xml.i> +<node name="time"> + <properties> + <help>Time to match rule</help> + </properties> + <children> + <leafNode name="monthdays"> + <properties> + <help>Monthdays to match rule on</help> + </properties> + </leafNode> + <leafNode name="startdate"> + <properties> + <help>Date to start matching rule</help> + </properties> + </leafNode> + <leafNode name="starttime"> + <properties> + <help>Time of day to start matching rule</help> + </properties> + </leafNode> + <leafNode name="stopdate"> + <properties> + <help>Date to stop matching rule</help> + </properties> + </leafNode> + <leafNode name="stoptime"> + <properties> + <help>Time of day to stop matching rule</help> + </properties> + </leafNode> + <leafNode name="utc"> + <properties> + <help>Interpret times for startdate, stopdate, starttime and stoptime to be UTC</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="weekdays"> + <properties> + <help>Weekdays to match rule on</help> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/protocol-tcp-udp.xml.i b/interface-definitions/include/protocol-tcp-udp.xml.i index d7e6752ad..c186c026a 100644 --- a/interface-definitions/include/protocol-tcp-udp.xml.i +++ b/interface-definitions/include/protocol-tcp-udp.xml.i @@ -1,22 +1,22 @@ -<!-- include start from snmp/protocol.xml.i -->
-<leafNode name="protocol">
- <properties>
- <help>Protocol to be used (TCP/UDP)</help>
- <completionHelp>
- <list>udp tcp</list>
- </completionHelp>
- <valueHelp>
- <format>udp</format>
- <description>Listen protocol UDP</description>
- </valueHelp>
- <valueHelp>
- <format>tcp</format>
- <description>Listen protocol TCP</description>
- </valueHelp>
- <constraint>
- <regex>(udp|tcp)</regex>
- </constraint>
- </properties>
- <defaultValue>udp</defaultValue>
-</leafNode>
-<!-- include end -->
+<!-- include start from snmp/protocol.xml.i --> +<leafNode name="protocol"> + <properties> + <help>Protocol to be used (TCP/UDP)</help> + <completionHelp> + <list>udp tcp</list> + </completionHelp> + <valueHelp> + <format>udp</format> + <description>Listen protocol UDP</description> + </valueHelp> + <valueHelp> + <format>tcp</format> + <description>Listen protocol TCP</description> + </valueHelp> + <constraint> + <regex>(udp|tcp)</regex> + </constraint> + </properties> + <defaultValue>udp</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i index efd418bb2..e454b9025 100644 --- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i +++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i @@ -25,26 +25,26 @@ #include <include/radius-server-auth-port.xml.i> </children> </tagNode> - <leafNode name="source-address"> + #include <include/source-address-ipv4-ipv6-multi.xml.i> + <leafNode name="security-mode"> <properties> - <help>Source IP address used to initiate connection</help> + <help>Security mode for RADIUS authentication</help> <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + <list>mandatory optional</list> </completionHelp> <valueHelp> - <format>ipv4</format> - <description>IPv4 source address</description> + <format>mandatory</format> + <description>Deny access immediately if RADIUS answers with Access-Reject</description> </valueHelp> <valueHelp> - <format>ipv6</format> - <description>IPv6 source address</description> + <format>optional</format> + <description>Pass to the next authentication method if RADIUS answers with Access-Reject</description> </valueHelp> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> + <regex>(mandatory|optional)</regex> </constraint> - <multi/> </properties> + <defaultValue>optional</defaultValue> </leafNode> </children> </node> diff --git a/interface-definitions/include/rip/interface.xml.i b/interface-definitions/include/rip/interface.xml.i index 8007f0208..7c64d0708 100644 --- a/interface-definitions/include/rip/interface.xml.i +++ b/interface-definitions/include/rip/interface.xml.i @@ -19,12 +19,7 @@ <help>Split horizon parameters</help> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Disable split horizon on specified interface</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="poison-reverse"> <properties> <help>Disable split horizon on specified interface</help> diff --git a/interface-definitions/include/rip/version.xml.i b/interface-definitions/include/rip/version.xml.i index a35350aee..61458b28e 100644 --- a/interface-definitions/include/rip/version.xml.i +++ b/interface-definitions/include/rip/version.xml.i @@ -1,18 +1,18 @@ -<!-- include start from rip/version.xml.i -->
-<leafNode name="version">
- <properties>
- <help>Limit RIP protocol version</help>
- <valueHelp>
- <format>1</format>
- <description>Allow RIPv1 only</description>
- </valueHelp>
- <valueHelp>
- <format>2</format>
- <description>Allow RIPv2 only</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-2"/>
- </constraint>
- </properties>
-</leafNode>
-<!-- include end -->
+<!-- include start from rip/version.xml.i --> +<leafNode name="version"> + <properties> + <help>Limit RIP protocol version</help> + <valueHelp> + <format>1</format> + <description>Allow RIPv1 only</description> + </valueHelp> + <valueHelp> + <format>2</format> + <description>Allow RIPv2 only</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/route-map.xml.i b/interface-definitions/include/route-map.xml.i index 019868373..e49c388d6 100644 --- a/interface-definitions/include/route-map.xml.i +++ b/interface-definitions/include/route-map.xml.i @@ -10,7 +10,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i b/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i new file mode 100644 index 000000000..d56ca5be6 --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i @@ -0,0 +1,22 @@ +<!-- include start from source-address-ipv4-ipv6-multi.xml.i --> +<leafNode name="source-address"> + <properties> + <help>Source IP address used to initiate connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 source address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/source-address-ipv4-multi.xml.i b/interface-definitions/include/source-address-ipv4-multi.xml.i new file mode 100644 index 000000000..319a118f3 --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-multi.xml.i @@ -0,0 +1,18 @@ +<!-- include start from source-address-ipv4-multi.xml.i --> +<leafNode name="source-address"> + <properties> + <help>IPv4 source address used to initiate connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/url-http-https.xml.i b/interface-definitions/include/url-http-https.xml.i new file mode 100644 index 000000000..f763c2bb2 --- /dev/null +++ b/interface-definitions/include/url-http-https.xml.i @@ -0,0 +1,15 @@ +<!-- include start from url-http-https.xml.i --> +<leafNode name="url"> + <properties> + <help>Remote URL</help> + <valueHelp> + <format>url</format> + <description>Remote HTTP(S) URL</description> + </valueHelp> + <constraint> + <validator name="url" argument="--scheme http --scheme https"/> + </constraint> + <constraintErrorMessage>Invalid HTTP(S) URL format</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/url.xml.i b/interface-definitions/include/url.xml.i deleted file mode 100644 index caa6f67bd..000000000 --- a/interface-definitions/include/url.xml.i +++ /dev/null @@ -1,15 +0,0 @@ -<!-- include start from url.xml.i --> -<leafNode name="url"> - <properties> - <help>Remote URL</help> - <valueHelp> - <format>url</format> - <description>Remote URL</description> - </valueHelp> - <constraint> - <regex>^https?:\/\/?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*(\:[0-9]+)*(\/.*)?</regex> - </constraint> - <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/version/cluster-version.xml.i b/interface-definitions/include/version/cluster-version.xml.i index 621996df4..402fe36c5 100644 --- a/interface-definitions/include/version/cluster-version.xml.i +++ b/interface-definitions/include/version/cluster-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/cluster-version.xml.i --> -<syntaxVersion component='cluster' version='1'></syntaxVersion> +<syntaxVersion component='cluster' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/dns-dynamic-version.xml.i b/interface-definitions/include/version/dns-dynamic-version.xml.i index b25fc6e76..773a6ab51 100644 --- a/interface-definitions/include/version/dns-dynamic-version.xml.i +++ b/interface-definitions/include/version/dns-dynamic-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/dns-dynamic-version.xml.i --> -<syntaxVersion component='dns-dynamic' version='1'></syntaxVersion> +<syntaxVersion component='dns-dynamic' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index dd21bfaca..6702ee041 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/firewall-version.xml.i --> -<syntaxVersion component='firewall' version='11'></syntaxVersion> +<syntaxVersion component='firewall' version='14'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/https-version.xml.i b/interface-definitions/include/version/https-version.xml.i index 111076974..525314dbd 100644 --- a/interface-definitions/include/version/https-version.xml.i +++ b/interface-definitions/include/version/https-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/https-version.xml.i --> -<syntaxVersion component='https' version='4'></syntaxVersion> +<syntaxVersion component='https' version='6'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/interfaces-version.xml.i b/interface-definitions/include/version/interfaces-version.xml.i index 3d11ce888..f01fe1983 100644 --- a/interface-definitions/include/version/interfaces-version.xml.i +++ b/interface-definitions/include/version/interfaces-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/interfaces-version.xml.i --> -<syntaxVersion component='interfaces' version='30'></syntaxVersion> -<!-- include end --> +<syntaxVersion component='interfaces' version='32'></syntaxVersion> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/version/ipoe-server-version.xml.i b/interface-definitions/include/version/ipoe-server-version.xml.i index 00d2544e6..e5983ab39 100644 --- a/interface-definitions/include/version/ipoe-server-version.xml.i +++ b/interface-definitions/include/version/ipoe-server-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/ipoe-server-version.xml.i --> -<syntaxVersion component='ipoe-server' version='1'></syntaxVersion> +<syntaxVersion component='ipoe-server' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/l2tp-version.xml.i b/interface-definitions/include/version/l2tp-version.xml.i index 86114d676..f4507d93b 100644 --- a/interface-definitions/include/version/l2tp-version.xml.i +++ b/interface-definitions/include/version/l2tp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/l2tp-version.xml.i --> -<syntaxVersion component='l2tp' version='4'></syntaxVersion> +<syntaxVersion component='l2tp' version='6'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/lldp-version.xml.i b/interface-definitions/include/version/lldp-version.xml.i index 0deb73279..b41d80451 100644 --- a/interface-definitions/include/version/lldp-version.xml.i +++ b/interface-definitions/include/version/lldp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/lldp-version.xml.i --> -<syntaxVersion component='lldp' version='1'></syntaxVersion> +<syntaxVersion component='lldp' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i index 027216a07..656da6e14 100644 --- a/interface-definitions/include/version/nat-version.xml.i +++ b/interface-definitions/include/version/nat-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat-version.xml.i --> -<syntaxVersion component='nat' version='5'></syntaxVersion> +<syntaxVersion component='nat' version='7'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/nat66-version.xml.i b/interface-definitions/include/version/nat66-version.xml.i index 7b7123dcc..43a54c969 100644 --- a/interface-definitions/include/version/nat66-version.xml.i +++ b/interface-definitions/include/version/nat66-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat66-version.xml.i --> -<syntaxVersion component='nat66' version='1'></syntaxVersion> +<syntaxVersion component='nat66' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/pim-version.xml.i b/interface-definitions/include/version/pim-version.xml.i new file mode 100644 index 000000000..24cc38cdf --- /dev/null +++ b/interface-definitions/include/version/pim-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/pim-version.xml.i --> +<syntaxVersion component='pim' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/policy-version.xml.i b/interface-definitions/include/version/policy-version.xml.i index f1494eaa3..db727fea9 100644 --- a/interface-definitions/include/version/policy-version.xml.i +++ b/interface-definitions/include/version/policy-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/policy-version.xml.i --> -<syntaxVersion component='policy' version='5'></syntaxVersion> +<syntaxVersion component='policy' version='8'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/pppoe-server-version.xml.i b/interface-definitions/include/version/pppoe-server-version.xml.i index 6bdd8d75c..deed702f0 100644 --- a/interface-definitions/include/version/pppoe-server-version.xml.i +++ b/interface-definitions/include/version/pppoe-server-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/pppoe-server-version.xml.i --> -<syntaxVersion component='pppoe-server' version='6'></syntaxVersion> +<syntaxVersion component='pppoe-server' version='7'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/pptp-version.xml.i b/interface-definitions/include/version/pptp-version.xml.i index 0296c44e9..4386cedbd 100644 --- a/interface-definitions/include/version/pptp-version.xml.i +++ b/interface-definitions/include/version/pptp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/pptp-version.xml.i --> -<syntaxVersion component='pptp' version='2'></syntaxVersion> +<syntaxVersion component='pptp' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/sstp-version.xml.i b/interface-definitions/include/version/sstp-version.xml.i index 79b43a3e7..3ac54a3de 100644 --- a/interface-definitions/include/version/sstp-version.xml.i +++ b/interface-definitions/include/version/sstp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/sstp-version.xml.i --> -<syntaxVersion component='sstp' version='4'></syntaxVersion> +<syntaxVersion component='sstp' version='5'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/system-version.xml.i b/interface-definitions/include/version/system-version.xml.i index 73df8bd8e..fcb24abe2 100644 --- a/interface-definitions/include/version/system-version.xml.i +++ b/interface-definitions/include/version/system-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/system-version.xml.i --> -<syntaxVersion component='system' version='26'></syntaxVersion> +<syntaxVersion component='system' version='27'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces_bonding.xml.in index 427e04a54..62ee0bdc7 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces_bonding.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="bonding" owner="${vyos_conf_scripts_dir}/interfaces-bonding.py"> + <tagNode name="bonding" owner="${vyos_conf_scripts_dir}/interfaces_bonding.py"> <properties> <help>Bonding Interface/Link Aggregation</help> <priority>320</priority> @@ -56,6 +56,60 @@ #include <include/interface/disable.xml.i> #include <include/interface/vrf.xml.i> #include <include/interface/mirror.xml.i> + <node name="evpn"> + <properties> + <help>EVPN Multihoming</help> + </properties> + <children> + <leafNode name="es-df-pref"> + <properties> + <help>Preference value used for designated forwarder (DF) election</help> + <valueHelp> + <format>u32:1-65535</format> + <description>DF Preference value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="es-id"> + <properties> + <help>Ethernet segment identifier</help> + <valueHelp> + <format>u32:1-16777215</format> + <description>Local discriminator</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>10-byte ID - 00:11:22:33:44:55:AA:BB:CC:DD</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + <regex>([0-9A-Fa-f][0-9A-Fa-f]:){9}[0-9A-Fa-f][0-9A-Fa-f]</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="es-sys-mac"> + <properties> + <help>Ethernet segment system MAC</help> + <valueHelp> + <format>macaddr</format> + <description>MAC address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="uplink"> + <properties> + <help>Uplink to the VXLAN core</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> <leafNode name="hash-policy"> <properties> <help>Bonding transmit hash policy</help> diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces_bridge.xml.in index fcfb8686c..d4d277cfc 100644 --- a/interface-definitions/interfaces-bridge.xml.in +++ b/interface-definitions/interfaces_bridge.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="bridge" owner="${vyos_conf_scripts_dir}/interfaces-bridge.py"> + <tagNode name="bridge" owner="${vyos_conf_scripts_dir}/interfaces_bridge.py"> <properties> <help>Bridge Interface</help> <priority>310</priority> @@ -123,6 +123,9 @@ <completionHelp> <script>${vyos_completion_dir}/list_interfaces --bridgeable</script> </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> </properties> <children> <leafNode name="native-vlan"> diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces_dummy.xml.in index 00784fcdf..ef8ee78e7 100644 --- a/interface-definitions/interfaces-dummy.xml.in +++ b/interface-definitions/interfaces_dummy.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="dummy" owner="${vyos_conf_scripts_dir}/interfaces-dummy.py"> + <tagNode name="dummy" owner="${vyos_conf_scripts_dir}/interfaces_dummy.py"> <properties> <help>Dummy Interface</help> <priority>300</priority> diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces_ethernet.xml.in index 3669336fd..4e55bac7c 100644 --- a/interface-definitions/interfaces-ethernet.xml.in +++ b/interface-definitions/interfaces_ethernet.xml.in @@ -5,7 +5,7 @@ <help>Network interfaces</help> </properties> <children> - <tagNode name="ethernet" owner="${vyos_conf_scripts_dir}/interfaces-ethernet.py"> + <tagNode name="ethernet" owner="${vyos_conf_scripts_dir}/interfaces_ethernet.py"> <properties> <help>Ethernet Interface</help> <priority>318</priority> @@ -80,6 +80,12 @@ <valueless/> </properties> </leafNode> + <leafNode name="hw-tc-offload"> + <properties> + <help>Enable Hardware Flow Offload</help> + <valueless/> + </properties> + </leafNode> <leafNode name="lro"> <properties> <help>Enable Large Receive Offload</help> diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces_geneve.xml.in index 29b563a09..c94113271 100644 --- a/interface-definitions/interfaces-geneve.xml.in +++ b/interface-definitions/interfaces_geneve.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="geneve" owner="${vyos_conf_scripts_dir}/interfaces-geneve.py"> + <tagNode name="geneve" owner="${vyos_conf_scripts_dir}/interfaces_geneve.py"> <properties> <help>Generic Network Virtualization Encapsulation (GENEVE) Interface</help> <priority>460</priority> diff --git a/interface-definitions/interfaces-input.xml.in b/interface-definitions/interfaces_input.xml.in index d90cf936f..771c47e42 100644 --- a/interface-definitions/interfaces-input.xml.in +++ b/interface-definitions/interfaces_input.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="input" owner="${vyos_conf_scripts_dir}/interfaces-input.py"> + <tagNode name="input" owner="${vyos_conf_scripts_dir}/interfaces_input.py"> <properties> <help>Input Functional Block (IFB) interface name</help> <!-- before real devices that redirect --> diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces_l2tpv3.xml.in index 1f0dd3d19..5f816c956 100644 --- a/interface-definitions/interfaces-l2tpv3.xml.in +++ b/interface-definitions/interfaces_l2tpv3.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="l2tpv3" owner="${vyos_conf_scripts_dir}/interfaces-l2tpv3.py"> + <tagNode name="l2tpv3" owner="${vyos_conf_scripts_dir}/interfaces_l2tpv3.py"> <properties> <help>Layer 2 Tunnel Protocol Version 3 (L2TPv3) Interface</help> <priority>485</priority> diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces_loopback.xml.in index fe0944467..09b4a00cf 100644 --- a/interface-definitions/interfaces-loopback.xml.in +++ b/interface-definitions/interfaces_loopback.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="loopback" owner="${vyos_conf_scripts_dir}/interfaces-loopback.py"> + <tagNode name="loopback" owner="${vyos_conf_scripts_dir}/interfaces_loopback.py"> <properties> <help>Loopback Interface</help> <priority>300</priority> diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces_macsec.xml.in index 766b0bede..d825f8262 100644 --- a/interface-definitions/interfaces-macsec.xml.in +++ b/interface-definitions/interfaces_macsec.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="macsec" owner="${vyos_conf_scripts_dir}/interfaces-macsec.py"> + <tagNode name="macsec" owner="${vyos_conf_scripts_dir}/interfaces_macsec.py"> <properties> <help>MACsec Interface (802.1ae)</help> <priority>461</priority> diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in index 831659250..f7e8f8b9f 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces_openvpn.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="openvpn" owner="${vyos_conf_scripts_dir}/interfaces-openvpn.py"> + <tagNode name="openvpn" owner="${vyos_conf_scripts_dir}/interfaces_openvpn.py"> <properties> <help>OpenVPN Tunnel Interface</help> <priority>460</priority> @@ -736,14 +736,7 @@ </leafNode> #include <include/pki/certificate.xml.i> #include <include/pki/ca-certificate-multi.xml.i> - <leafNode name="dh-params"> - <properties> - <help>Diffie Hellman parameters (server only)</help> - <completionHelp> - <path>pki dh</path> - </completionHelp> - </properties> - </leafNode> + #include <include/pki/dh-params.xml.i> <leafNode name="crypt-key"> <properties> <help>Static key to use to authenticate control channel</help> diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces_pppoe.xml.in index b78f92c85..56660bc15 100644 --- a/interface-definitions/interfaces-pppoe.xml.in +++ b/interface-definitions/interfaces_pppoe.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="pppoe" owner="${vyos_conf_scripts_dir}/interfaces-pppoe.py"> + <tagNode name="pppoe" owner="${vyos_conf_scripts_dir}/interfaces_pppoe.py"> <properties> <help>Point-to-Point Protocol over Ethernet (PPPoE) Interface</help> <priority>322</priority> @@ -109,6 +109,19 @@ <leafNode name="mtu"> <defaultValue>1492</defaultValue> </leafNode> + <leafNode name="mru"> + <properties> + <help>Maximum Receive Unit (MRU) (default: MTU value)</help> + <valueHelp> + <format>u32:128-16384</format> + <description>Maximum Receive Unit in byte</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 128-16384"/> + </constraint> + <constraintErrorMessage>MRU must be between 128 and 16384</constraintErrorMessage> + </properties> + </leafNode> #include <include/interface/no-peer-dns.xml.i> <leafNode name="remote-address"> <properties> diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces_pseudo-ethernet.xml.in index 5c73825c3..031af3563 100644 --- a/interface-definitions/interfaces-pseudo-ethernet.xml.in +++ b/interface-definitions/interfaces_pseudo-ethernet.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="pseudo-ethernet" owner="${vyos_conf_scripts_dir}/interfaces-pseudo-ethernet.py"> + <tagNode name="pseudo-ethernet" owner="${vyos_conf_scripts_dir}/interfaces_pseudo-ethernet.py"> <properties> <help>Pseudo Ethernet Interface (Macvlan)</help> <priority>321</priority> diff --git a/interface-definitions/interfaces-sstpc.xml.in b/interface-definitions/interfaces_sstpc.xml.in index b569e9bde..b7c49446f 100644 --- a/interface-definitions/interfaces-sstpc.xml.in +++ b/interface-definitions/interfaces_sstpc.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="sstpc" owner="${vyos_conf_scripts_dir}/interfaces-sstpc.py"> + <tagNode name="sstpc" owner="${vyos_conf_scripts_dir}/interfaces_sstpc.py"> <properties> <help>Secure Socket Tunneling Protocol (SSTP) client Interface</help> <priority>460</priority> diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces_tunnel.xml.in index 58f95dddb..99d9b34c6 100644 --- a/interface-definitions/interfaces-tunnel.xml.in +++ b/interface-definitions/interfaces_tunnel.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="tunnel" owner="${vyos_conf_scripts_dir}/interfaces-tunnel.py"> + <tagNode name="tunnel" owner="${vyos_conf_scripts_dir}/interfaces_tunnel.py"> <properties> <help>Tunnel interface</help> <priority>380</priority> diff --git a/interface-definitions/interfaces-virtual-ethernet.xml.in b/interface-definitions/interfaces_virtual-ethernet.xml.in index 1daa764d4..fc1b319b5 100644 --- a/interface-definitions/interfaces-virtual-ethernet.xml.in +++ b/interface-definitions/interfaces_virtual-ethernet.xml.in @@ -2,14 +2,14 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="virtual-ethernet" owner="${vyos_conf_scripts_dir}/interfaces-virtual-ethernet.py"> + <tagNode name="virtual-ethernet" owner="${vyos_conf_scripts_dir}/interfaces_virtual-ethernet.py"> <properties> <help>Virtual Ethernet (veth) Interface</help> <priority>300</priority> <constraint> <regex>veth[0-9]+</regex> </constraint> - <constraintErrorMessage>Virutal Ethernet interface must be named vethN</constraintErrorMessage> + <constraintErrorMessage>Virtual Ethernet interface must be named vethN</constraintErrorMessage> <valueHelp> <format>vethN</format> <description>Virtual Ethernet interface name</description> diff --git a/interface-definitions/interfaces-vti.xml.in b/interface-definitions/interfaces_vti.xml.in index b116f7386..158d9afd0 100644 --- a/interface-definitions/interfaces-vti.xml.in +++ b/interface-definitions/interfaces_vti.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="vti" owner="${vyos_conf_scripts_dir}/interfaces-vti.py"> + <tagNode name="vti" owner="${vyos_conf_scripts_dir}/interfaces_vti.py"> <properties> <help>Virtual Tunnel Interface (XFRM)</help> <priority>381</priority> diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces_vxlan.xml.in index fb60c93d0..504c08e7e 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces_vxlan.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="vxlan" owner="${vyos_conf_scripts_dir}/interfaces-vxlan.py"> + <tagNode name="vxlan" owner="${vyos_conf_scripts_dir}/interfaces_vxlan.py"> <properties> <help>Virtual Extensible LAN (VXLAN) Interface</help> <priority>460</priority> @@ -19,12 +19,6 @@ #include <include/interface/address-ipv4-ipv6.xml.i> #include <include/generic-description.xml.i> #include <include/interface/disable.xml.i> - <leafNode name="external"> - <properties> - <help>Use external control plane</help> - <valueless/> - </properties> - </leafNode> <leafNode name="gpe"> <properties> <help>Enable Generic Protocol extension (VXLAN-GPE)</help> @@ -54,9 +48,6 @@ #include <include/interface/mac.xml.i> #include <include/interface/mtu-1200-16000.xml.i> #include <include/interface/mirror.xml.i> - <leafNode name="mtu"> - <defaultValue>1450</defaultValue> - </leafNode> <node name="parameters"> <properties> <help>VXLAN tunnel parameters</help> @@ -83,17 +74,35 @@ #include <include/interface/parameters-flowlabel.xml.i> </children> </node> + <leafNode name="external"> + <properties> + <help>Use external control plane</help> + <valueless/> + </properties> + </leafNode> <leafNode name="nolearning"> <properties> <help>Do not add unknown addresses into forwarding database</help> <valueless/> </properties> </leafNode> + <leafNode name="neighbor-suppress"> + <properties> + <help>Enable neighbor discovery (ARP and ND) suppression</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="vni-filter"> + <properties> + <help>Enable VNI filter support</help> + <valueless/> + </properties> + </leafNode> </children> </node> #include <include/port-number.xml.i> <leafNode name="port"> - <defaultValue>8472</defaultValue> + <defaultValue>4789</defaultValue> </leafNode> #include <include/source-address-ipv4-ipv6.xml.i> #include <include/source-interface.xml.i> @@ -101,6 +110,22 @@ #include <include/interface/redirect.xml.i> #include <include/interface/vrf.xml.i> #include <include/vni.xml.i> + <tagNode name="vlan-to-vni"> + <properties> + <help>Configuring VLAN-to-VNI mappings for EVPN-VXLAN</help> + <valueHelp> + <format>u32:0-4094</format> + <description>Virtual Local Area Network (VLAN) ID</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4094"/> + </constraint> + <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> + </properties> + <children> + #include <include/vni.xml.i> + </children> + </tagNode> </children> </tagNode> </children> diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in index 3c79cef28..fba1064ef 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces_wireguard.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="wireguard" owner="${vyos_conf_scripts_dir}/interfaces-wireguard.py"> + <tagNode name="wireguard" owner="${vyos_conf_scripts_dir}/interfaces_wireguard.py"> <properties> <help>WireGuard Interface</help> <priority>379</priority> @@ -44,9 +44,9 @@ <properties> <help>Base64 encoded private key</help> <constraint> - <regex>[0-9a-zA-Z\+/]{43}=</regex> + <validator name="base64"/> </constraint> - <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage> + <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <tagNode name="peer"> @@ -64,18 +64,18 @@ <properties> <help>base64 encoded public key</help> <constraint> - <regex>[0-9a-zA-Z\+/]{43}=</regex> + <validator name="base64"/> </constraint> - <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage> + <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="preshared-key"> <properties> <help>base64 encoded preshared key</help> <constraint> - <regex>[0-9a-zA-Z\+/]{43}=</regex> + <validator name="base64"/> </constraint> - <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage> + <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="allowed-ips"> diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in index 88b858c07..b5da0a556 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces_wireless.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="wireless" owner="${vyos_conf_scripts_dir}/interfaces-wireless.py"> + <tagNode name="wireless" owner="${vyos_conf_scripts_dir}/interfaces_wireless.py"> <properties> <help>Wireless (WiFi/WLAN) Network Interface</help> <priority>318</priority> diff --git a/interface-definitions/interfaces-wwan.xml.in b/interface-definitions/interfaces_wwan.xml.in index 5fa3be8db..1580c3bcb 100644 --- a/interface-definitions/interfaces-wwan.xml.in +++ b/interface-definitions/interfaces_wwan.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="wwan" owner="${vyos_conf_scripts_dir}/interfaces-wwan.py"> + <tagNode name="wwan" owner="${vyos_conf_scripts_dir}/interfaces_wwan.py"> <properties> <help>Wireless Modem (WWAN) Interface</help> <priority>350</priority> diff --git a/interface-definitions/load-balancing-haproxy.xml.in b/interface-definitions/load-balancing_reverse-proxy.xml.in index f955a2fb7..2c2742dff 100644 --- a/interface-definitions/load-balancing-haproxy.xml.in +++ b/interface-definitions/load-balancing_reverse-proxy.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="load-balancing"> <children> - <node name="reverse-proxy" owner="${vyos_conf_scripts_dir}/load-balancing-haproxy.py"> + <node name="reverse-proxy" owner="${vyos_conf_scripts_dir}/load-balancing_reverse-proxy.py"> <properties> <help>Configure reverse-proxy</help> </properties> @@ -49,7 +49,7 @@ <help>SSL Certificate, SSL Key and CA</help> </properties> <children> - #include <include/pki/certificate.xml.i> + #include <include/pki/certificate-multi.xml.i> </children> </node> </children> @@ -124,6 +124,12 @@ </constraint> </properties> </leafNode> + <leafNode name="backup"> + <properties> + <help>Use backup server if other servers are not available</help> + <valueless/> + </properties> + </leafNode> <leafNode name="check"> <properties> <help>Active health check backend server</help> diff --git a/interface-definitions/load-balancing-wan.xml.in b/interface-definitions/load-balancing_wan.xml.in index c12cab22a..e117fd1b2 100644 --- a/interface-definitions/load-balancing-wan.xml.in +++ b/interface-definitions/load-balancing_wan.xml.in @@ -6,7 +6,7 @@ <priority>900</priority> </properties> <children> - <node name="wan" owner="${vyos_conf_scripts_dir}/load-balancing-wan.py"> + <node name="wan" owner="${vyos_conf_scripts_dir}/load-balancing_wan.py"> <properties> <help>Configure Wide Area Network (WAN) load-balancing</help> </properties> diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in index a06ceefb6..0a639bd80 100644 --- a/interface-definitions/nat.xml.in +++ b/interface-definitions/nat.xml.in @@ -14,7 +14,7 @@ #include <include/nat-rule.xml.i> <tagNode name="rule"> <children> - #include <include/inbound-interface.xml.i> + #include <include/firewall/inbound-interface.xml.i> <node name="translation"> <properties> <help>Inside NAT IP (destination NAT only)</help> @@ -77,7 +77,7 @@ <constraintErrorMessage>NAT rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> - #include <include/nat-interface.xml.i> + #include <include/firewall/outbound-interface.xml.i> <node name="translation"> <properties> <help>Outside NAT IP (source NAT only)</help> diff --git a/interface-definitions/nat64.xml.in b/interface-definitions/nat64.xml.in new file mode 100644 index 000000000..dfdd295d2 --- /dev/null +++ b/interface-definitions/nat64.xml.in @@ -0,0 +1,116 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="nat64" owner="${vyos_conf_scripts_dir}/nat64.py"> + <properties> + <help>IPv6-to-IPv4 Network Address Translation (NAT64) Settings</help> + <priority>501</priority> + </properties> + <children> + <node name="source"> + <properties> + <help>IPv6 source to IPv4 destination address translation</help> + </properties> + <children> + <tagNode name="rule"> + <properties> + <help>Source NAT64 rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>NAT64 rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/generic-disable-node.xml.i> + <node name="match"> + <properties> + <help>Match</help> + </properties> + <children> + <leafNode name="mark"> + <properties> + <help>Match fwmark value</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Fwmark value to match against</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="source"> + <properties> + <help>IPv6 source prefix options</help> + </properties> + <children> + <leafNode name="prefix"> + <properties> + <help>IPv6 prefix to be translated</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="translation"> + <properties> + <help>Translated IPv4 address options</help> + </properties> + <children> + <tagNode name="pool"> + <properties> + <help>Translation IPv4 pool number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>NAT64 pool number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/generic-disable-node.xml.i> + #include <include/nat-translation-port.xml.i> + #include <include/nat64/protocol.xml.i> + <leafNode name="address"> + <properties> + <help>IPv4 address or prefix to translate to</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in index 7a8970bdf..1518de8bd 100644 --- a/interface-definitions/nat66.xml.in +++ b/interface-definitions/nat66.xml.in @@ -25,27 +25,10 @@ </properties> <children> #include <include/generic-description.xml.i> - <leafNode name="disable"> - <properties> - <help>Disable NAT66 rule</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> #include <include/nat-exclude.xml.i> - <leafNode name="log"> - <properties> - <help>NAT66 rule logging</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="outbound-interface"> - <properties> - <help>Outbound interface of NAT66 traffic</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> + #include <include/firewall/log.xml.i> + #include <include/firewall/outbound-interface-no-group.xml.i> #include <include/nat/protocol.xml.i> <node name="destination"> <properties> @@ -153,12 +136,7 @@ </properties> <children> #include <include/generic-description.xml.i> - <leafNode name="disable"> - <properties> - <help>Disable NAT66 rule</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> #include <include/nat-exclude.xml.i> <leafNode name="log"> <properties> @@ -166,15 +144,7 @@ <valueless/> </properties> </leafNode> - <leafNode name="inbound-interface"> - <properties> - <help>Inbound interface of NAT66 traffic</help> - <completionHelp> - <list>any</list> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> + #include <include/firewall/inbound-interface-no-group.xml.i> #include <include/nat/protocol.xml.i> <node name="destination"> <properties> diff --git a/interface-definitions/netns.xml.in b/interface-definitions/netns.xml.in index 5d958968f..d5026bfae 100644 --- a/interface-definitions/netns.xml.in +++ b/interface-definitions/netns.xml.in @@ -3,7 +3,7 @@ <node name="netns" owner="${vyos_conf_scripts_dir}/netns.py"> <properties> <help>Network namespace</help> - <priority>291</priority> + <priority>10</priority> </properties> <children> <tagNode name="name"> diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in index a13a357fd..0ed199539 100644 --- a/interface-definitions/pki.xml.in +++ b/interface-definitions/pki.xml.in @@ -9,11 +9,18 @@ <tagNode name="ca"> <properties> <help>Certificate Authority</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> </properties> <children> <leafNode name="certificate"> <properties> <help>CA certificate in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>CA certificate is not base64-encoded</constraintErrorMessage> </properties> </leafNode> #include <include/generic-description.xml.i> @@ -25,6 +32,10 @@ <leafNode name="key"> <properties> <help>CA private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>CA private key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="password-protected"> @@ -38,6 +49,10 @@ <leafNode name="crl"> <properties> <help>Certificate revocation list in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>CRL is not base64-encoded</constraintErrorMessage> <multi/> </properties> </leafNode> @@ -52,13 +67,74 @@ <tagNode name="certificate"> <properties> <help>Certificate</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> </properties> <children> <leafNode name="certificate"> <properties> <help>Certificate in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage> </properties> </leafNode> + <node name="acme"> + <properties> + <help>Automatic Certificate Management Environment (ACME) request</help> + </properties> + <children> + #include <include/url-http-https.xml.i> + <leafNode name="url"> + <defaultValue>https://acme-v02.api.letsencrypt.org/directory</defaultValue> + </leafNode> + <leafNode name="domain-name"> + <properties> + <help>Domain Name</help> + <constraint> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="email"> + <properties> + <help>Email address to associate with certificate</help> + <constraint> + #include <include/constraint/email.xml.i> + </constraint> + </properties> + </leafNode> + #include <include/listen-address-ipv4-single.xml.i> + <leafNode name="rsa-key-size"> + <properties> + <help>Size of the RSA key</help> + <completionHelp> + <list>2048 3072 4096</list> + </completionHelp> + <valueHelp> + <format>2048</format> + <description>RSA key length 2048 bit</description> + </valueHelp> + <valueHelp> + <format>3072</format> + <description>RSA key length 3072 bit</description> + </valueHelp> + <valueHelp> + <format>4096</format> + <description>RSA key length 4096 bit</description> + </valueHelp> + <constraint> + <regex>(2048|3072|4096)</regex> + </constraint> + </properties> + <defaultValue>2048</defaultValue> + </leafNode> + </children> + </node> #include <include/generic-description.xml.i> <node name="private"> <properties> @@ -68,6 +144,10 @@ <leafNode name="key"> <properties> <help>Certificate private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Certificate private key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="password-protected"> @@ -89,11 +169,18 @@ <tagNode name="dh"> <properties> <help>Diffie-Hellman parameters</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> </properties> <children> <leafNode name="parameters"> <properties> <help>DH parameters in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>DH parameters are not base64-encoded</constraintErrorMessage> </properties> </leafNode> </children> @@ -111,6 +198,10 @@ <leafNode name="key"> <properties> <help>Public key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Public key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> </children> @@ -123,6 +214,10 @@ <leafNode name="key"> <properties> <help>Private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="password-protected"> diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index c470cfdb3..0d82cd3f8 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -476,7 +476,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -1446,9 +1446,18 @@ <format>u32:0-4294967295</format> <description>Metric value</description> </valueHelp> + <valueHelp> + <format><+/-rtt></format> + <description>Add or subtract round trip time</description> + </valueHelp> + <valueHelp> + <format><rtt></format> + <description>Round trip time</description> + </valueHelp> <constraint> <validator name="numeric" argument="--relative --"/> <validator name="numeric" argument="--range 0-4294967295"/> + <regex>^[+|-]?rtt$</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy_local-route.xml.in index 8619e839e..7a019154a 100644 --- a/interface-definitions/policy-local-route.xml.in +++ b/interface-definitions/policy_local-route.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="policy"> <children> - <node name="local-route" owner="${vyos_conf_scripts_dir}/policy-local-route.py"> + <node name="local-route" owner="${vyos_conf_scripts_dir}/policy_local-route.py"> <properties> <help>IPv4 policy route of local traffic</help> <priority>500</priority> @@ -53,48 +53,31 @@ </constraint> </properties> </leafNode> - <leafNode name="source"> + #include <include/policy/local-route_rule_protocol.xml.i> + <node name="source"> <properties> - <help>Source address or prefix</help> - <valueHelp> - <format>ipv4</format> - <description>Address to match against</description> - </valueHelp> - <valueHelp> - <format>ipv4net</format> - <description>Prefix to match against</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ip-prefix"/> - </constraint> - <multi/> + <help>Source parameters</help> </properties> - </leafNode> - <leafNode name="destination"> + <children> + #include <include/policy/local-route_rule_ipv4_address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> + <node name="destination"> <properties> - <help>Destination address or prefix</help> - <valueHelp> - <format>ipv4</format> - <description>Address to match against</description> - </valueHelp> - <valueHelp> - <format>ipv4net</format> - <description>Prefix to match against</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ip-prefix"/> - </constraint> - <multi/> + <help>Destination parameters</help> </properties> - </leafNode> + <children> + #include <include/policy/local-route_rule_ipv4_address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> #include <include/interface/inbound-interface.xml.i> </children> </tagNode> </children> </node> - <node name="local-route6" owner="${vyos_conf_scripts_dir}/policy-local-route.py"> + <node name="local-route6" owner="${vyos_conf_scripts_dir}/policy_local-route.py"> <properties> <help>IPv6 policy route of local traffic</help> <priority>500</priority> @@ -144,42 +127,25 @@ </constraint> </properties> </leafNode> - <leafNode name="source"> + #include <include/policy/local-route_rule_protocol.xml.i> + <node name="source"> <properties> - <help>Source address or prefix</help> - <valueHelp> - <format>ipv6</format> - <description>Address to match against</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>Prefix to match against</description> - </valueHelp> - <constraint> - <validator name="ipv6-address"/> - <validator name="ipv6-prefix"/> - </constraint> - <multi/> + <help>Source parameters</help> </properties> - </leafNode> - <leafNode name="destination"> + <children> + #include <include/policy/local-route_rule_ipv6_address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> + <node name="destination"> <properties> - <help>Destination address or prefix</help> - <valueHelp> - <format>ipv6</format> - <description>Address to match against</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>Prefix to match against</description> - </valueHelp> - <constraint> - <validator name="ipv6-address"/> - <validator name="ipv6-prefix"/> - </constraint> - <multi/> + <help>Destination parameters</help> </properties> - </leafNode> + <children> + #include <include/policy/local-route_rule_ipv6_address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> #include <include/interface/inbound-interface.xml.i> </children> </tagNode> diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy_route.xml.in index d4ec75786..9cc22540b 100644 --- a/interface-definitions/policy-route.xml.in +++ b/interface-definitions/policy_route.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="policy"> <children> - <tagNode name="route6" owner="${vyos_conf_scripts_dir}/policy-route.py"> + <tagNode name="route6" owner="${vyos_conf_scripts_dir}/policy_route.py"> <properties> <help>Policy route rule set name for IPv6</help> <constraint> @@ -12,7 +12,7 @@ </properties> <children> #include <include/generic-description.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-interface-multi-wildcard.xml.i> <tagNode name="rule"> <properties> @@ -57,7 +57,7 @@ </tagNode> </children> </tagNode> - <tagNode name="route" owner="${vyos_conf_scripts_dir}/policy-route.py"> + <tagNode name="route" owner="${vyos_conf_scripts_dir}/policy_route.py"> <properties> <help>Policy route rule set name for IPv4</help> <constraint> @@ -67,7 +67,7 @@ </properties> <children> #include <include/generic-description.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-interface-multi-wildcard.xml.i> <tagNode name="rule"> <properties> diff --git a/interface-definitions/protocols-igmp.xml.in b/interface-definitions/protocols-igmp.xml.in deleted file mode 100644 index a055db71e..000000000 --- a/interface-definitions/protocols-igmp.xml.in +++ /dev/null @@ -1,95 +0,0 @@ -<?xml version="1.0"?> -<!-- Internet Group Management Protocol (IGMP) configuration --> -<interfaceDefinition> - <node name="protocols"> - <children> - <node name="igmp" owner="${vyos_conf_scripts_dir}/protocols_igmp.py"> - <properties> - <help>Internet Group Management Protocol (IGMP)</help> - </properties> - <children> - <tagNode name="interface"> - <properties> - <help>IGMP interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - <children> - <tagNode name="join"> - <properties> - <help>IGMP join multicast group</help> - <valueHelp> - <format>ipv4</format> - <description>Multicast group address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - <children> - <leafNode name="source"> - <properties> - <help>Source address</help> - <valueHelp> - <format>ipv4</format> - <description>Source address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="version"> - <properties> - <help>IGMP version</help> - <completionHelp> - <list>2 3</list> - </completionHelp> - <valueHelp> - <format>2</format> - <description>IGMP version 2</description> - </valueHelp> - <valueHelp> - <format>3</format> - <description>IGMP version 3</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 2-3"/> - </constraint> - </properties> - </leafNode> - <leafNode name="query-interval"> - <properties> - <help>IGMP host query interval</help> - <valueHelp> - <format>u32:1-1800</format> - <description>Query interval in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-1800"/> - </constraint> - </properties> - </leafNode> - <leafNode name="query-max-response-time"> - <properties> - <help>IGMP max query response time</help> - <valueHelp> - <format>u32:10-250</format> - <description>Query response value in deci-seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 10-250"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/protocols-pim.xml.in b/interface-definitions/protocols-pim.xml.in deleted file mode 100644 index e9475930c..000000000 --- a/interface-definitions/protocols-pim.xml.in +++ /dev/null @@ -1,96 +0,0 @@ -<?xml version="1.0"?> -<!-- Protocol Independent Multicast (PIM) configuration --> -<interfaceDefinition> - <node name="protocols"> - <children> - <node name="pim" owner="${vyos_conf_scripts_dir}/protocols_pim.py"> - <properties> - <help>Protocol Independent Multicast (PIM)</help> - <priority>400</priority> - </properties> - <children> - <tagNode name="interface"> - <properties> - <help>PIM interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - <children> - <leafNode name="dr-priority"> - <properties> - <help>Designated Router Election Priority</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>Value of the new DR Priority</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - </leafNode> - <leafNode name="hello"> - <properties> - <help>Hello Interval</help> - <valueHelp> - <format>u32:1-180</format> - <description>Hello Interval in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-180"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - <node name="rp"> - <properties> - <help>Rendezvous Point</help> - </properties> - <children> - <tagNode name="address"> - <properties> - <help>Rendezvous Point address</help> - <valueHelp> - <format>ipv4</format> - <description>Rendezvous Point address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - <children> - <leafNode name="group"> - <properties> - <help>Group Address range</help> - <valueHelp> - <format>ipv4net</format> - <description>Group Address range RFC 3171</description> - </valueHelp> - <constraint> - <validator name="ip-prefix"/> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="keep-alive-timer"> - <properties> - <help>Keep alive Timer</help> - <valueHelp> - <format>u32:31-60000</format> - <description>Keep alive Timer in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 31-60000"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/protocols-babel.xml.in b/interface-definitions/protocols_babel.xml.in index 49fffe230..49fffe230 100644 --- a/interface-definitions/protocols-babel.xml.in +++ b/interface-definitions/protocols_babel.xml.in diff --git a/interface-definitions/protocols-bfd.xml.in b/interface-definitions/protocols_bfd.xml.in index 9048cf5c2..9048cf5c2 100644 --- a/interface-definitions/protocols-bfd.xml.in +++ b/interface-definitions/protocols_bfd.xml.in diff --git a/interface-definitions/protocols-bgp.xml.in b/interface-definitions/protocols_bgp.xml.in index e1a822999..e1a822999 100644 --- a/interface-definitions/protocols-bgp.xml.in +++ b/interface-definitions/protocols_bgp.xml.in diff --git a/interface-definitions/protocols-eigrp.xml.in b/interface-definitions/protocols_eigrp.xml.in index 88a881a1e..88a881a1e 100644 --- a/interface-definitions/protocols-eigrp.xml.in +++ b/interface-definitions/protocols_eigrp.xml.in diff --git a/interface-definitions/protocols-failover.xml.in b/interface-definitions/protocols_failover.xml.in index c0caec68e..c0caec68e 100644 --- a/interface-definitions/protocols-failover.xml.in +++ b/interface-definitions/protocols_failover.xml.in diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/protocols_igmp-proxy.xml.in index 0eea85060..5cde484f5 100644 --- a/interface-definitions/igmp-proxy.xml.in +++ b/interface-definitions/protocols_igmp-proxy.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="protocols"> <children> - <node name="igmp-proxy" owner="${vyos_conf_scripts_dir}/igmp_proxy.py"> + <node name="igmp-proxy" owner="${vyos_conf_scripts_dir}/protocols_igmp-proxy.py"> <properties> <help>Internet Group Management Protocol (IGMP) proxy parameters</help> <priority>740</priority> diff --git a/interface-definitions/protocols-isis.xml.in b/interface-definitions/protocols_isis.xml.in index e0bc47bb9..e0bc47bb9 100644 --- a/interface-definitions/protocols-isis.xml.in +++ b/interface-definitions/protocols_isis.xml.in diff --git a/interface-definitions/protocols-mpls.xml.in b/interface-definitions/protocols_mpls.xml.in index 831601fc6..831601fc6 100644 --- a/interface-definitions/protocols-mpls.xml.in +++ b/interface-definitions/protocols_mpls.xml.in diff --git a/interface-definitions/protocols-nhrp.xml.in b/interface-definitions/protocols_nhrp.xml.in index d7663c095..d7663c095 100644 --- a/interface-definitions/protocols-nhrp.xml.in +++ b/interface-definitions/protocols_nhrp.xml.in diff --git a/interface-definitions/protocols-ospf.xml.in b/interface-definitions/protocols_ospf.xml.in index b3c063d0d..b3c063d0d 100644 --- a/interface-definitions/protocols-ospf.xml.in +++ b/interface-definitions/protocols_ospf.xml.in diff --git a/interface-definitions/protocols-ospfv3.xml.in b/interface-definitions/protocols_ospfv3.xml.in index 2b98ffa7b..2b98ffa7b 100644 --- a/interface-definitions/protocols-ospfv3.xml.in +++ b/interface-definitions/protocols_ospfv3.xml.in diff --git a/interface-definitions/protocols_pim.xml.in b/interface-definitions/protocols_pim.xml.in new file mode 100644 index 000000000..4a20c0d9b --- /dev/null +++ b/interface-definitions/protocols_pim.xml.in @@ -0,0 +1,210 @@ +<?xml version="1.0"?> +<!-- Protocol Independent Multicast (PIM) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="pim" owner="${vyos_conf_scripts_dir}/protocols_pim.py"> + <properties> + <help>Protocol Independent Multicast (PIM) and IGMP</help> + <priority>400</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>PIM interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + #include <include/bfd/bfd.xml.i> + #include <include/pim/bsm.xml.i> + #include <include/pim/dr-priority.xml.i> + #include <include/pim/hello.xml.i> + #include <include/pim/passive.xml.i> + #include <include/source-address-ipv4.xml.i> + <node name="igmp"> + <properties> + <help>Internet Group Management Protocol (IGMP) options</help> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <tagNode name="join"> + <properties> + <help>IGMP join multicast group</help> + <valueHelp> + <format>ipv4</format> + <description>Multicast group address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/source-address-ipv4-multi.xml.i> + </children> + </tagNode> + <leafNode name="query-interval"> + <properties> + <help>IGMP host query interval</help> + <valueHelp> + <format>u32:1-1800</format> + <description>Query interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1800"/> + </constraint> + </properties> + </leafNode> + <leafNode name="query-max-response-time"> + <properties> + <help>IGMP max query response time</help> + <valueHelp> + <format>u32:10-250</format> + <description>Query response value in deci-seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-250"/> + </constraint> + </properties> + </leafNode> + <leafNode name="version"> + <properties> + <help>Interface IGMP version</help> + <completionHelp> + <list>2 3</list> + </completionHelp> + <valueHelp> + <format>2</format> + <description>IGMP version 2</description> + </valueHelp> + <valueHelp> + <format>3</format> + <description>IGMP version 3</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 2-3"/> + </constraint> + </properties> + <defaultValue>3</defaultValue> + </leafNode> + </children> + </node> + </children> + </tagNode> + <node name="ecmp"> + <properties> + <help>Enable PIM ECMP</help> + </properties> + <children> + <leafNode name="rebalance"> + <properties> + <help>Enable PIM ECMP Rebalance</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="igmp"> + <properties> + <help>Internet Group Management Protocol (IGMP) options</help> + </properties> + <children> + <leafNode name="watermark-warning"> + <properties> + <help>Configure group limit for watermark warning</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Group count to generate watermark warning</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + #include <include/pim/join-prune-interval.xml.i> + #include <include/pim/keep-alive-timer.xml.i> + #include <include/pim/packets.xml.i> + #include <include/pim/register-suppress-time.xml.i> + <node name="register-accept-list"> + <properties> + <help>Only accept registers from a specific source prefix list</help> + </properties> + <children> + #include <include/policy/prefix-list.xml.i> + </children> + </node> + <node name="rp"> + <properties> + <help>Rendezvous Point</help> + </properties> + <children> + <tagNode name="address"> + <properties> + <help>Rendezvous Point address</help> + <valueHelp> + <format>ipv4</format> + <description>Rendezvous Point address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="group"> + <properties> + <help>Group Address range</help> + <valueHelp> + <format>ipv4net</format> + <description>Group Address range RFC 3171</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + #include <include/pim/keep-alive-timer.xml.i> + </children> + </node> + <leafNode name="no-v6-secondary"> + <properties> + <help>Disable IPv6 secondary address in hello packets</help> + <valueless/> + </properties> + </leafNode> + <node name="spt-switchover"> + <properties> + <help>Shortest-path tree (SPT) switchover</help> + </properties> + <children> + <node name="infinity-and-beyond"> + <properties> + <help>Never switch to SPT Tree</help> + </properties> + <children> + #include <include/policy/prefix-list.xml.i> + </children> + </node> + </children> + </node> + <node name="ssm"> + <properties> + <help>Source-Specific Multicast</help> + </properties> + <children> + #include <include/policy/prefix-list.xml.i> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols_pim6.xml.in b/interface-definitions/protocols_pim6.xml.in new file mode 100644 index 000000000..8bd3f3fee --- /dev/null +++ b/interface-definitions/protocols_pim6.xml.in @@ -0,0 +1,179 @@ +<?xml version="1.0"?> +<!-- Protocol Independent Multicast for IPv6 (PIMv6) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="pim6" owner="${vyos_conf_scripts_dir}/protocols_pim6.py"> + <properties> + <help>Protocol Independent Multicast for IPv6 (PIMv6) and MLD</help> + <priority>400</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>PIMv6 interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + #include <include/pim/bsm.xml.i> + #include <include/pim/dr-priority.xml.i> + #include <include/pim/hello.xml.i> + #include <include/pim/passive.xml.i> + <node name="mld"> + <properties> + <help>Multicast Listener Discovery (MLD)</help> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <tagNode name="join"> + <properties> + <help>MLD join multicast group</help> + <valueHelp> + <format>ipv6</format> + <description>Multicast group address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + <leafNode name="source"> + <properties> + <help>Source address</help> + <valueHelp> + <format>ipv6</format> + <description>Source address</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --ipv6</script> + </completionHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="last-member-query-count"> + <properties> + <help>Last member query count</help> + <valueHelp> + <format>u32:1-255</format> + <description>Count</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="last-member-query-interval"> + <properties> + <help>Last member query interval</help> + <valueHelp> + <format>u32:100-6553500</format> + <description>Last member query interval in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 100-6553500"/> + </constraint> + </properties> + </leafNode> + <leafNode name="interval"> + <properties> + <help>Query interval</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Query interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="max-response-time"> + <properties> + <help>Max query response time</help> + <valueHelp> + <format>u32:100-6553500</format> + <description>Query response value in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 100-6553500"/> + </constraint> + </properties> + </leafNode> + <leafNode name="version"> + <properties> + <help>MLD version</help> + <completionHelp> + <list>1 2</list> + </completionHelp> + <valueHelp> + <format>1</format> + <description>MLD version 1</description> + </valueHelp> + <valueHelp> + <format>2</format> + <description>MLD version 2</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2"/> + </constraint> + </properties> + <defaultValue>2</defaultValue> + </leafNode> + </children> + </node> + </children> + </tagNode> + #include <include/pim/join-prune-interval.xml.i> + #include <include/pim/keep-alive-timer.xml.i> + #include <include/pim/packets.xml.i> + #include <include/pim/register-suppress-time.xml.i> + <node name="rp"> + <properties> + <help>Rendezvous Point</help> + </properties> + <children> + <tagNode name="address"> + <properties> + <help>Rendezvous Point address</help> + <valueHelp> + <format>ipv6</format> + <description>Rendezvous Point address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + <leafNode name="group"> + <properties> + <help>Group Address range</help> + <valueHelp> + <format>ipv6net</format> + <description>Group Address range</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + #include <include/policy/prefix-list6.xml.i> + </children> + </tagNode> + #include <include/pim/keep-alive-timer.xml.i> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-rip.xml.in b/interface-definitions/protocols_rip.xml.in index 0edd8f2ce..0edd8f2ce 100644 --- a/interface-definitions/protocols-rip.xml.in +++ b/interface-definitions/protocols_rip.xml.in diff --git a/interface-definitions/protocols-ripng.xml.in b/interface-definitions/protocols_ripng.xml.in index 9d4d87422..9d4d87422 100644 --- a/interface-definitions/protocols-ripng.xml.in +++ b/interface-definitions/protocols_ripng.xml.in diff --git a/interface-definitions/protocols-rpki.xml.in b/interface-definitions/protocols_rpki.xml.in index e9fd04b5f..e9fd04b5f 100644 --- a/interface-definitions/protocols-rpki.xml.in +++ b/interface-definitions/protocols_rpki.xml.in diff --git a/interface-definitions/protocols_segment-routing.xml.in b/interface-definitions/protocols_segment-routing.xml.in new file mode 100644 index 000000000..c299f624e --- /dev/null +++ b/interface-definitions/protocols_segment-routing.xml.in @@ -0,0 +1,137 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="segment-routing" owner="${vyos_conf_scripts_dir}/protocols_segment-routing.py"> + <properties> + <help>Segment Routing</help> + <priority>900</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>Interface specific Segment Routing options</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <node name="srv6"> + <properties> + <help>Accept SR-enabled IPv6 packets on this interface</help> + </properties> + <children> + <leafNode name="hmac"> + <properties> + <help>Define HMAC policy for ingress SR-enabled packets on this interface</help> + <completionHelp> + <list>accept drop ignore</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept packets without HMAC, validate packets with HMAC</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop packets without HMAC, validate packets with HMAC</description> + </valueHelp> + <valueHelp> + <format>ignore</format> + <description>Ignore HMAC field.</description> + </valueHelp> + <constraint> + <regex>(accept|drop|ignore)</regex> + </constraint> + </properties> + <defaultValue>accept</defaultValue> + </leafNode> + </children> + </node> + </children> + </tagNode> + <node name="srv6"> + <properties> + <help>Segment-Routing SRv6 configuration</help> + </properties> + <children> + <tagNode name="locator"> + <properties> + <help>Segment Routing SRv6 locator</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + </properties> + <children> + <leafNode name="behavior-usid"> + <properties> + <help>Set SRv6 behavior uSID</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="prefix"> + <properties> + <help>SRv6 locator prefix</help> + <valueHelp> + <format>ipv6net</format> + <description>SRv6 locator prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="block-len"> + <properties> + <help>Configure SRv6 locator block length in bits</help> + <valueHelp> + <format>u32:16-64</format> + <description>Specify SRv6 locator block length in bits</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 16-64"/> + </constraint> + </properties> + <defaultValue>40</defaultValue> + </leafNode> + <leafNode name="func-bits"> + <properties> + <help>Configure SRv6 locator function length in bits</help> + <valueHelp> + <format>u32:0-64</format> + <description>Specify SRv6 locator function length in bits</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-64"/> + </constraint> + </properties> + <defaultValue>16</defaultValue> + </leafNode> + <leafNode name="node-len"> + <properties> + <help>Configure SRv6 locator node length in bits</help> + <valueHelp> + <format>u32:16-64</format> + <description>Configure SRv6 locator node length in bits</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 16-64"/> + </constraint> + </properties> + <defaultValue>24</defaultValue> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-static.xml.in b/interface-definitions/protocols_static.xml.in index ca4ca2d74..ca4ca2d74 100644 --- a/interface-definitions/protocols-static.xml.in +++ b/interface-definitions/protocols_static.xml.in diff --git a/interface-definitions/protocols-static-arp.xml.in b/interface-definitions/protocols_static_arp.xml.in index 4b338df63..05c69f1ed 100644 --- a/interface-definitions/protocols-static-arp.xml.in +++ b/interface-definitions/protocols_static_arp.xml.in @@ -4,7 +4,7 @@ <children> <node name="static"> <children> - <node name="arp" owner="${vyos_conf_scripts_dir}/arp.py"> + <node name="arp" owner="${vyos_conf_scripts_dir}/protocols_static_arp.py"> <properties> <help>Static ARP translation</help> </properties> diff --git a/interface-definitions/protocols-multicast.xml.in b/interface-definitions/protocols_static_multicast.xml.in index c8e28ed35..c8e28ed35 100644 --- a/interface-definitions/protocols-multicast.xml.in +++ b/interface-definitions/protocols_static_multicast.xml.in diff --git a/interface-definitions/protocols_static_neighbor-proxy.xml.in b/interface-definitions/protocols_static_neighbor-proxy.xml.in new file mode 100644 index 000000000..1c8433a39 --- /dev/null +++ b/interface-definitions/protocols_static_neighbor-proxy.xml.in @@ -0,0 +1,48 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="static"> + <children> + <node name="neighbor-proxy" owner="${vyos_conf_scripts_dir}/protocols_static_neighbor-proxy.py"> + <properties> + <help>Neighbor proxy parameters</help> + </properties> + <children> + <tagNode name="arp"> + <properties> + <help>IP address for selective ARP proxy</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 destination address allowed for proxy-arp</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/generic-interface-multi.xml.i> + </children> + </tagNode> + <tagNode name="nd"> + <properties> + <help>IPv6 address for selective NDP proxy</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 destination address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + #include <include/generic-interface-multi.xml.i> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/bcast-relay.xml.in b/interface-definitions/service_broadcast-relay.xml.in index e2993f3f3..2e4330e20 100644 --- a/interface-definitions/bcast-relay.xml.in +++ b/interface-definitions/service_broadcast-relay.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="broadcast-relay" owner="${vyos_conf_scripts_dir}/bcast_relay.py"> + <node name="broadcast-relay" owner="${vyos_conf_scripts_dir}/service_broadcast-relay.py"> <properties> <help>UDP broadcast relay service</help> <priority>990</priority> diff --git a/interface-definitions/service-config-sync.xml.in b/interface-definitions/service_config-sync.xml.in index e804e17f7..9955acfee 100644 --- a/interface-definitions/service-config-sync.xml.in +++ b/interface-definitions/service_config-sync.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="config-sync" owner="${vyos_conf_scripts_dir}/service_config_sync.py"> + <node name="config-sync" owner="${vyos_conf_scripts_dir}/service_config-sync.py"> <properties> <help>Configuration synchronization</help> </properties> diff --git a/interface-definitions/service-conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in index 50a4bf62f..46dc8adc0 100644 --- a/interface-definitions/service-conntrack-sync.xml.in +++ b/interface-definitions/service_conntrack-sync.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py"> + <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/service_conntrack-sync.py"> <properties> <help>Connection tracking synchronization</help> <!-- before VRRP / HA --> diff --git a/interface-definitions/service-console-server.xml.in b/interface-definitions/service_console-server.xml.in index fc6dbe954..fc6dbe954 100644 --- a/interface-definitions/service-console-server.xml.in +++ b/interface-definitions/service_console-server.xml.in diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/service_dhcp-relay.xml.in index 42715c9bb..9fdd9581d 100644 --- a/interface-definitions/dhcp-relay.xml.in +++ b/interface-definitions/service_dhcp-relay.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="dhcp-relay" owner="${vyos_conf_scripts_dir}/dhcp_relay.py"> + <node name="dhcp-relay" owner="${vyos_conf_scripts_dir}/service_dhcp-relay.py"> <properties> <help>Host Configuration Protocol (DHCP) relay agent</help> <priority>910</priority> diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in index 583de7ba9..a3c48afca 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/service_dhcp-server.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="dhcp-server" owner="${vyos_conf_scripts_dir}/dhcp_server.py"> + <node name="dhcp-server" owner="${vyos_conf_scripts_dir}/service_dhcp-server.py"> <properties> <help>Dynamic Host Configuration Protocol (DHCP) for DHCP server</help> <priority>911</priority> @@ -38,7 +38,7 @@ <properties> <help>Peer name used to identify connection</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid failover peer name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> @@ -88,7 +88,7 @@ <properties> <help>Name of DHCP shared network</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid shared network name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> @@ -274,7 +274,7 @@ <properties> <help>DHCP lease range</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid range name, may only be alphanumeric, dot and hyphen</constraintErrorMessage> </properties> diff --git a/interface-definitions/dhcpv6-relay.xml.in b/interface-definitions/service_dhcpv6-relay.xml.in index a80317609..40679d1c2 100644 --- a/interface-definitions/dhcpv6-relay.xml.in +++ b/interface-definitions/service_dhcpv6-relay.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="dhcpv6-relay" owner="${vyos_conf_scripts_dir}/dhcpv6_relay.py"> + <node name="dhcpv6-relay" owner="${vyos_conf_scripts_dir}/service_dhcpv6-relay.py"> <properties> <help>DHCPv6 Relay Agent parameters</help> <priority>900</priority> diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in index 9dff68a24..b838f42e0 100644 --- a/interface-definitions/dhcpv6-server.xml.in +++ b/interface-definitions/service_dhcpv6-server.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="dhcpv6-server" owner="${vyos_conf_scripts_dir}/dhcpv6_server.py"> + <node name="dhcpv6-server" owner="${vyos_conf_scripts_dir}/service_dhcpv6-server.py"> <properties> <help>DHCP for IPv6 (DHCPv6) server</help> <priority>900</priority> @@ -34,7 +34,7 @@ <properties> <help>DHCPv6 shared network name</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> @@ -176,7 +176,7 @@ <properties> <help>NIS domain name for client to use</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid NIS domain name</constraintErrorMessage> </properties> @@ -198,7 +198,7 @@ <properties> <help>NIS+ domain name for client to use</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid NIS+ domain name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> diff --git a/interface-definitions/service_dns_dynamic.xml.in b/interface-definitions/service_dns_dynamic.xml.in new file mode 100644 index 000000000..d1b0e90bb --- /dev/null +++ b/interface-definitions/service_dns_dynamic.xml.in @@ -0,0 +1,213 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dns"> + <properties> + <help>Domain Name System (DNS) related services</help> + </properties> + <children> + <node name="dynamic" owner="${vyos_conf_scripts_dir}/service_dns_dynamic.py"> + <properties> + <help>Dynamic DNS</help> + <priority>990</priority> + </properties> + <children> + <tagNode name="name"> + <properties> + <help>Dynamic DNS configuration</help> + <valueHelp> + <format>txt</format> + <description>Dynamic DNS service name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Dynamic DNS service name must be alphanumeric and can contain hyphens and underscores</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + <leafNode name="protocol"> + <properties> + <help>ddclient protocol used for Dynamic DNS service</help> + <completionHelp> + <script>${vyos_completion_dir}/list_ddclient_protocols.sh</script> + </completionHelp> + <constraint> + <validator name="ddclient-protocol"/> + </constraint> + </properties> + </leafNode> + <leafNode name="address"> + <properties> + <help>Obtain IP address to send Dynamic DNS update for</help> + <valueHelp> + <format>txt</format> + <description>Use interface to obtain the IP address</description> + </valueHelp> + <valueHelp> + <format>web</format> + <description>Use HTTP(S) web request to obtain the IP address</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <list>web</list> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + <regex>web</regex> + </constraint> + </properties> + </leafNode> + <node name="web-options"> + <properties> + <help>Options when using HTTP(S) web request to obtain the IP address</help> + </properties> + <children> + #include <include/url-http-https.xml.i> + <leafNode name="skip"> + <properties> + <help>Pattern to skip from the HTTP(S) respose</help> + <valueHelp> + <format>txt</format> + <description>Pattern to skip from the HTTP(S) respose to extract the external IP address</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="ip-version"> + <properties> + <help>IP address version to use</help> + <valueHelp> + <format>_ipv4</format> + <description>Use only IPv4 address</description> + </valueHelp> + <valueHelp> + <format>_ipv6</format> + <description>Use only IPv6 address</description> + </valueHelp> + <valueHelp> + <format>both</format> + <description>Use both IPv4 and IPv6 address</description> + </valueHelp> + <completionHelp> + <list>ipv4 ipv6 both</list> + </completionHelp> + <constraint> + <regex>(ipv[46]|both)</regex> + </constraint> + <constraintErrorMessage>IP Version must be literal 'ipv4', 'ipv6' or 'both'</constraintErrorMessage> + </properties> + <defaultValue>ipv4</defaultValue> + </leafNode> + <leafNode name="host-name"> + <properties> + <help>Hostname to register with Dynamic DNS service</help> + <constraint> + #include <include/constraint/host-name.xml.i> + <regex>(\@|\*)[-.A-Za-z0-9]*</regex> + </constraint> + <constraintErrorMessage>Host-name must be alphanumeric, can contain hyphens and can be prefixed with '@' or '*'</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="server"> + <properties> + <help>Remote Dynamic DNS server to send updates to</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of the remote server</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of the remote server</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Fully qualified domain name of the remote server</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Remote server must be IP address or fully qualified domain name</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="zone"> + <properties> + <help>DNS zone to be updated</help> + <valueHelp> + <format>txt</format> + <description>Name of DNS zone</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + #include <include/generic-username.xml.i> + #include <include/generic-password.xml.i> + <leafNode name="key"> + <properties> + <help>File containing TSIG authentication key for RFC2136 nsupdate on remote DNS server</help> + <valueHelp> + <format>filename</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-path" argument="--strict --parent-dir /config/auth"/> + </constraint> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="wait-time"> + <properties> + <help>Time in seconds to wait between update attempts</help> + <valueHelp> + <format>u32:60-86400</format> + <description>Time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 60-86400"/> + </constraint> + <constraintErrorMessage>Wait time must be between 60 and 86400 seconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="expiry-time"> + <properties> + <help>Time in seconds for the hostname to be marked expired in cache</help> + <valueHelp> + <format>u32:300-2160000</format> + <description>Time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 300-2160000"/> + </constraint> + <constraintErrorMessage>Expiry time must be between 300 and 2160000 seconds</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="interval"> + <properties> + <help>Interval in seconds to wait between Dynamic DNS updates</help> + <valueHelp> + <format>u32:60-3600</format> + <description>Time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 60-3600"/> + </constraint> + <constraintErrorMessage>Interval must be between 60 and 3600 seconds</constraintErrorMessage> + </properties> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/interface/vrf.xml.i> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/service_dns_forwarding.xml.in index 86dc47a47..0f8863438 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/service_dns_forwarding.xml.in @@ -8,7 +8,7 @@ <help>Domain Name System (DNS) related services</help> </properties> <children> - <node name="forwarding" owner="${vyos_conf_scripts_dir}/dns_forwarding.py"> + <node name="forwarding" owner="${vyos_conf_scripts_dir}/service_dns_forwarding.py"> <properties> <help>DNS forwarding</help> <priority>918</priority> @@ -158,6 +158,9 @@ </properties> </leafNode> #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> #include <include/generic-disable-node.xml.i> </children> </tagNode> @@ -195,6 +198,9 @@ </properties> </leafNode> #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> #include <include/generic-disable-node.xml.i> </children> </tagNode> @@ -227,6 +233,9 @@ </properties> </leafNode> #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> #include <include/generic-disable-node.xml.i> </children> </tagNode> @@ -274,6 +283,9 @@ </children> </tagNode> #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> #include <include/generic-disable-node.xml.i> </children> </tagNode> @@ -302,6 +314,9 @@ </properties> </leafNode> #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> #include <include/generic-disable-node.xml.i> </children> </tagNode> @@ -334,6 +349,9 @@ </properties> </leafNode> #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> #include <include/generic-disable-node.xml.i> </children> </tagNode> @@ -364,6 +382,9 @@ </properties> </leafNode> #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> #include <include/generic-disable-node.xml.i> </children> </tagNode> @@ -393,6 +414,9 @@ </properties> </leafNode> #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> #include <include/generic-disable-node.xml.i> </children> </tagNode> @@ -477,6 +501,9 @@ </children> </tagNode> #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> #include <include/generic-disable-node.xml.i> </children> </tagNode> @@ -585,6 +612,9 @@ </children> </tagNode> #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> #include <include/generic-disable-node.xml.i> </children> </tagNode> @@ -640,6 +670,19 @@ </properties> <defaultValue>3600</defaultValue> </leafNode> + <leafNode name="serve-stale-extension"> + <properties> + <help>Number of times the expired TTL of a record is extended by 30 seconds when serving stale</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Number of times to extend the TTL</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> <leafNode name="timeout"> <properties> <help>Number of milliseconds to wait for a remote authoritative server to respond</help> @@ -654,32 +697,43 @@ <defaultValue>1500</defaultValue> </leafNode> #include <include/name-server-ipv4-ipv6-port.xml.i> + #include <include/source-address-ipv4-ipv6-multi.xml.i> <leafNode name="source-address"> + <defaultValue>0.0.0.0 ::</defaultValue> + </leafNode> + <leafNode name="system"> <properties> - <help>Local addresses from which to send DNS queries</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - </completionHelp> + <help>Use system name servers</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="exclude-throttle-address"> + <properties> + <help>IP address or subnet</help> <valueHelp> <format>ipv4</format> - <description>IPv4 address from which to send traffic</description> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> </valueHelp> <valueHelp> <format>ipv6</format> - <description>IPv6 address from which to send traffic</description> + <description>IPv6 address</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address</description> </valueHelp> <multi/> <constraint> - <validator name="ip-address"/> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + <validator name="ipv6-address"/> + <validator name="ipv6-prefix"/> </constraint> </properties> - <defaultValue>0.0.0.0 ::</defaultValue> - </leafNode> - <leafNode name="system"> - <properties> - <help>Use system name servers</help> - <valueless/> - </properties> </leafNode> </children> </node> diff --git a/interface-definitions/service-event-handler.xml.in b/interface-definitions/service_event-handler.xml.in index aef6bc1bc..2cee4f595 100644 --- a/interface-definitions/service-event-handler.xml.in +++ b/interface-definitions/service_event-handler.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="event-handler" owner="${vyos_conf_scripts_dir}/service_event_handler.py"> + <node name="event-handler" owner="${vyos_conf_scripts_dir}/service_event-handler.py"> <properties> <help>Service event handler</help> </properties> diff --git a/interface-definitions/https.xml.in b/interface-definitions/service_https.xml.in index 5430193b5..b60c7ff2e 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/service_https.xml.in @@ -2,73 +2,17 @@ <interfaceDefinition> <node name="service"> <children> - <node name="https" owner="${vyos_conf_scripts_dir}/https.py"> + <node name="https" owner="${vyos_conf_scripts_dir}/service_https.py"> <properties> <help>HTTPS configuration</help> <priority>1001</priority> </properties> <children> - <tagNode name="virtual-host"> - <properties> - <help>Identifier for virtual host</help> - <constraint> - <regex>[a-zA-Z0-9-_.:]{1,255}</regex> - </constraint> - <constraintErrorMessage>illegal characters in identifier or identifier longer than 255 characters</constraintErrorMessage> - </properties> - <children> - <leafNode name="listen-address"> - <properties> - <help>Address to listen for HTTPS requests</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - </completionHelp> - <valueHelp> - <format>ipv4</format> - <description>HTTPS IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>HTTPS IPv6 address</description> - </valueHelp> - <valueHelp> - <format>'*'</format> - <description>any</description> - </valueHelp> - <constraint> - <validator name="ip-address"/> - <regex>\*</regex> - </constraint> - </properties> - </leafNode> - <leafNode name='listen-port'> - <properties> - <help>Port to listen for HTTPS requests; default 443</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Numeric IP port</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="server-name"> - <properties> - <help>Server names: exact, wildcard, or regex</help> - <multi/> - </properties> - </leafNode> - #include <include/allow-client.xml.i> - </children> - </tagNode> - <node name="api" owner="${vyos_conf_scripts_dir}/http-api.py"> + <node name="api"> <properties> <help>VyOS HTTP API configuration</help> - <priority>1002</priority> </properties> <children> - #include <include/port-number.xml.i> <node name="keys"> <properties> <help>HTTP API keys</help> @@ -101,12 +45,6 @@ <hidden/> </properties> </leafNode> - <leafNode name="socket"> - <properties> - <help>Run server on Unix domain socket</help> - <valueless/> - </properties> - </leafNode> <node name="graphql"> <properties> <help>GraphQL support</help> @@ -188,19 +126,18 @@ </node> </children> </node> - <node name="api-restrict"> + #include <include/allow-client.xml.i> + <leafNode name="enable-http-redirect"> <properties> - <help>Restrict api proxy to subset of virtual hosts</help> + <help>Enable HTTP to HTTPS redirect</help> + <valueless/> </properties> - <children> - <leafNode name="virtual-host"> - <properties> - <help>Restrict proxy to virtual host(s)</help> - <multi/> - </properties> - </leafNode> - </children> - </node> + </leafNode> + #include <include/listen-address.xml.i> + #include <include/port-number.xml.i> + <leafNode name='port'> + <defaultValue>443</defaultValue> + </leafNode> <node name="certificates"> <properties> <help>TLS certificates</help> @@ -208,26 +145,30 @@ <children> #include <include/pki/ca-certificate.xml.i> #include <include/pki/certificate.xml.i> - <node name="certbot" owner="${vyos_conf_scripts_dir}/le_cert.py"> - <properties> - <help>Request or apply a letsencrypt certificate for domain-name</help> - </properties> - <children> - <leafNode name="domain-name"> - <properties> - <help>Domain name(s) for which to obtain certificate</help> - <multi/> - </properties> - </leafNode> - <leafNode name="email"> - <properties> - <help>Email address to associate with certificate</help> - </properties> - </leafNode> - </children> - </node> + #include <include/pki/dh-params.xml.i> </children> </node> + <leafNode name="tls-version"> + <properties> + <help>Specify available TLS version(s)</help> + <completionHelp> + <list>1.2 1.3</list> + </completionHelp> + <valueHelp> + <format>1.2</format> + <description>TLSv1.2</description> + </valueHelp> + <valueHelp> + <format>1.3</format> + <description>TLSv1.3</description> + </valueHelp> + <constraint> + <regex>(1.2|1.3)</regex> + </constraint> + <multi/> + </properties> + <defaultValue>1.2 1.3</defaultValue> + </leafNode> #include <include/interface/vrf.xml.i> </children> </node> diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service_ids_ddos-protection.xml.in index 78463136b..3ef2640b3 100644 --- a/interface-definitions/service-ids-ddos-protection.xml.in +++ b/interface-definitions/service_ids_ddos-protection.xml.in @@ -7,7 +7,7 @@ <help>Intrusion Detection System</help> </properties> <children> - <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_fastnetmon.py"> + <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_ddos-protection.py"> <properties> <help>FastNetMon detection and protection parameters</help> <priority>731</priority> diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in index b6e6503d3..edfe6a34c 100644 --- a/interface-definitions/service-ipoe-server.xml.in +++ b/interface-definitions/service_ipoe-server.xml.in @@ -102,15 +102,10 @@ #include <include/accel-ppp/vlan.xml.i> </children> </tagNode> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> - <node name="client-ip-pool"> - <properties> - <help>Client IP pools and gateway setting</help> - </properties> - <children> - #include <include/accel-ppp/client-ip-pool-name.xml.i> - </children> - </node> + #include <include/accel-ppp/client-ip-pool.xml.i> + #include <include/accel-ppp/gateway-address-multi.xml.i> #include <include/accel-ppp/client-ipv6-pool.xml.i> <node name="authentication"> <properties> @@ -187,6 +182,7 @@ #include <include/accel-ppp/radius-additions.xml.i> </children> </node> + #include <include/accel-ppp/default-pool.xml.i> </children> </node> </children> diff --git a/interface-definitions/lldp.xml.in b/interface-definitions/service_lldp.xml.in index 738bb11c1..1a06e0cb3 100644 --- a/interface-definitions/lldp.xml.in +++ b/interface-definitions/service_lldp.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="lldp" owner="${vyos_conf_scripts_dir}/lldp.py"> + <node name="lldp" owner="${vyos_conf_scripts_dir}/service_lldp.py"> <properties> <help>LLDP settings</help> <priority>985</priority> @@ -175,19 +175,12 @@ <multi/> </properties> </leafNode> - <node name="snmp"> + <leafNode name="snmp"> <properties> - <help>SNMP parameters for LLDP</help> + <help>Enable SNMP queries of the LLDP database</help> + <valueless/> </properties> - <children> - <leafNode name="enable"> - <properties> - <help>Enable SNMP queries of the LLDP database</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> + </leafNode> </children> </node> </children> diff --git a/interface-definitions/service-mdns-repeater.xml.in b/interface-definitions/service_mdns_repeater.xml.in index 653dbbbe4..5d6f61d74 100644 --- a/interface-definitions/service-mdns-repeater.xml.in +++ b/interface-definitions/service_mdns_repeater.xml.in @@ -7,7 +7,7 @@ <help>Multicast DNS (mDNS) parameters</help> </properties> <children> - <node name="repeater" owner="${vyos_conf_scripts_dir}/service_mdns-repeater.py"> + <node name="repeater" owner="${vyos_conf_scripts_dir}/service_mdns_repeater.py"> <properties> <help>mDNS repeater configuration</help> <priority>990</priority> @@ -15,6 +15,31 @@ <children> #include <include/generic-disable-node.xml.i> #include <include/generic-interface-multi.xml.i> + <leafNode name="ip-version"> + <properties> + <help>IP address version to use</help> + <valueHelp> + <format>_ipv4</format> + <description>Use only IPv4 address</description> + </valueHelp> + <valueHelp> + <format>_ipv6</format> + <description>Use only IPv6 address</description> + </valueHelp> + <valueHelp> + <format>both</format> + <description>Use both IPv4 and IPv6 address</description> + </valueHelp> + <completionHelp> + <list>ipv4 ipv6 both</list> + </completionHelp> + <constraint> + <regex>(ipv[46]|both)</regex> + </constraint> + <constraintErrorMessage>IP Version must be literal 'ipv4', 'ipv6' or 'both'</constraintErrorMessage> + </properties> + <defaultValue>both</defaultValue> + </leafNode> <leafNode name="browse-domain"> <properties> <help>mDNS browsing domains in addition to the default one</help> diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in index ae0bae900..4d694114a 100644 --- a/interface-definitions/service-monitoring-telegraf.xml.in +++ b/interface-definitions/service_monitoring_telegraf.xml.in @@ -53,7 +53,7 @@ </properties> <defaultValue>main</defaultValue> </leafNode> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> #include <include/port-number.xml.i> <leafNode name="port"> <defaultValue>8086</defaultValue> @@ -145,7 +145,7 @@ <constraintErrorMessage>Table is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage> </properties> </leafNode> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> </children> </node> <leafNode name="source"> @@ -271,7 +271,7 @@ </leafNode> </children> </node> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> </children> </node> #include <include/interface/vrf.xml.i> diff --git a/interface-definitions/service-monitoring-zabbix-agent.xml.in b/interface-definitions/service_monitoring_zabbix-agent.xml.in index 40f2df642..40f2df642 100644 --- a/interface-definitions/service-monitoring-zabbix-agent.xml.in +++ b/interface-definitions/service_monitoring_zabbix-agent.xml.in diff --git a/interface-definitions/service_ndp-proxy.xml.in b/interface-definitions/service_ndp-proxy.xml.in new file mode 100644 index 000000000..9801c99ab --- /dev/null +++ b/interface-definitions/service_ndp-proxy.xml.in @@ -0,0 +1,132 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="ndp-proxy" owner="${vyos_conf_scripts_dir}/service_ndp-proxy.py"> + <properties> + <help>Neighbor Discovery Protocol (NDP) Proxy</help> + </properties> + <children> + <leafNode name="route-refresh"> + <properties> + <help>Refresh interval for IPv6 routes</help> + <valueHelp> + <format>u32:10000-120000</format> + <description>Time in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10000-120000"/> + </constraint> + <constraintErrorMessage>Route-refresh must be between 10000 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>30000</defaultValue> + </leafNode> + <tagNode name="interface"> + <properties> + <help>NDP proxy listener interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="enable-router-bit"> + <properties> + <help>Enable router bit in Neighbor Advertisement messages</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="timeout"> + <properties> + <help>Timeout for Neighbor Advertisement after Neighbor Solicitation message</help> + <valueHelp> + <format>u32:500-120000</format> + <description>Timeout in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 500-120000"/> + </constraint> + <constraintErrorMessage>Timeout must be between 500 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>500</defaultValue> + </leafNode> + <leafNode name="ttl"> + <properties> + <help>Proxy entry cache Time-To-Live</help> + <valueHelp> + <format>u32:10000-120000</format> + <description>Time in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10000-120000"/> + </constraint> + <constraintErrorMessage>TTL must be between 10000 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>30000</defaultValue> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>Prefix target addresses are matched against</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 network prefix</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="mode"> + <properties> + <help>Specify the running mode of the rule</help> + <completionHelp> + <list>static auto interface</list> + </completionHelp> + <valueHelp> + <format>static</format> + <description>Immediately answer any Neighbor Solicitation Messages</description> + </valueHelp> + <valueHelp> + <format>auto</format> + <description>Check for a matching route in /proc/net/ipv6_route</description> + </valueHelp> + <valueHelp> + <format>interface</format> + <description>Forward Neighbor Solicitation message through specified interface</description> + </valueHelp> + <constraint> + <regex>(static|auto|interface)</regex> + </constraint> + <constraintErrorMessage>Mode must be either one of: static, auto or interface</constraintErrorMessage> + </properties> + <defaultValue>static</defaultValue> + </leafNode> + <leafNode name="interface"> + <properties> + <help>Interface to forward Neighbor Solicitation message through. Required for "iface" mode</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/service_ntp.xml.in index 4e874434b..65a45d7a1 100644 --- a/interface-definitions/ntp.xml.in +++ b/interface-definitions/service_ntp.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="ntp" owner="${vyos_conf_scripts_dir}/ntp.py"> + <node name="ntp" owner="${vyos_conf_scripts_dir}/service_ntp.py"> <properties> <help>Network Time Protocol (NTP) configuration</help> <priority>900</priority> diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 022ac2885..f1b369936 100644 --- a/interface-definitions/service-pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -49,16 +49,7 @@ </node> </children> </node> - <node name="client-ip-pool"> - <properties> - <help>Pool of client IP addresses (must be within a /24)</help> - </properties> - <children> - #include <include/accel-ppp/client-ip-pool-start-stop.xml.i> - #include <include/accel-ppp/client-ip-pool-subnet.xml.i> - #include <include/accel-ppp/client-ip-pool-name.xml.i> - </children> - </node> + #include <include/accel-ppp/client-ip-pool.xml.i> #include <include/accel-ppp/client-ipv6-pool.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> <tagNode name="interface"> @@ -73,6 +64,7 @@ </children> </tagNode> #include <include/accel-ppp/gateway-address.xml.i> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> <node name="limits"> <properties> @@ -281,6 +273,7 @@ </leafNode> </children> </node> + #include <include/accel-ppp/default-pool.xml.i> </children> </node> </children> diff --git a/interface-definitions/service-router-advert.xml.in b/interface-definitions/service_router-advert.xml.in index 16c29022d..16c29022d 100644 --- a/interface-definitions/service-router-advert.xml.in +++ b/interface-definitions/service_router-advert.xml.in diff --git a/interface-definitions/salt-minion.xml.in b/interface-definitions/service_salt-minion.xml.in index c3219cff3..eaa2899f4 100644 --- a/interface-definitions/salt-minion.xml.in +++ b/interface-definitions/service_salt-minion.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="salt-minion" owner="${vyos_conf_scripts_dir}/salt-minion.py"> + <node name="salt-minion" owner="${vyos_conf_scripts_dir}/service_salt-minion.py"> <properties> <help>Salt Minion</help> <priority>500</priority> diff --git a/interface-definitions/service-sla.xml.in b/interface-definitions/service_sla.xml.in index 0c4f8a591..0c4f8a591 100644 --- a/interface-definitions/service-sla.xml.in +++ b/interface-definitions/service_sla.xml.in diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/service_snmp.xml.in index 0851b8389..e16e9daa1 100644 --- a/interface-definitions/snmp.xml.in +++ b/interface-definitions/service_snmp.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="snmp" owner="${vyos_conf_scripts_dir}/snmp.py"> + <node name="snmp" owner="${vyos_conf_scripts_dir}/service_snmp.py"> <properties> <help>Simple Network Management Protocol (SNMP)</help> <priority>900</priority> @@ -79,6 +79,101 @@ </properties> </leafNode> #include <include/generic-description.xml.i> + <node name="mib"> + <properties> + <help>Management information base (MIB)</help> + </properties> + <children> + <leafNode name="interface-max"> + <properties> + <help>Sets the maximum number of interfaces included in IF-MIB data collection</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Sets the maximum number of interfaces included in IF-MIB data collection</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="interface"> + <properties> + <help>Sets the interface name prefix to include in the IF-MIB data collection</help> + <completionHelp> + <list>br bond dum eth gnv macsec peth sstpc tun veth vti vtun vxlan wg wlan wwan</list> + </completionHelp> + <valueHelp> + <format>br</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>bond</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>dum</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>eth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>gnv</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>macsec</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>peth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>sstpc</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>tun</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>veth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vti</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vtun</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vxlan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wg</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wlan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wwan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <constraint> + <regex>(br|bond|dum|eth|gnv|macsec|peth|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <tagNode name="listen-address"> <properties> <help>IP address to listen for incoming SNMP requests</help> diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/service_ssh.xml.in index 2bcce2cf0..5c893bd35 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/service_ssh.xml.in @@ -5,7 +5,7 @@ <help>System services</help> </properties> <children> - <node name="ssh" owner="${vyos_conf_scripts_dir}/ssh.py"> + <node name="ssh" owner="${vyos_conf_scripts_dir}/service_ssh.py"> <properties> <help>Secure Shell (SSH)</help> <priority>1000</priority> diff --git a/interface-definitions/tftp-server.xml.in b/interface-definitions/service_tftp-server.xml.in index 8ca4da883..e48b5a3f0 100644 --- a/interface-definitions/tftp-server.xml.in +++ b/interface-definitions/service_tftp-server.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="tftp-server" owner="${vyos_conf_scripts_dir}/tftp_server.py"> + <node name="tftp-server" owner="${vyos_conf_scripts_dir}/service_tftp-server.py"> <properties> <help>Trivial File Transfer Protocol (TFTP) server</help> <priority>990</priority> diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service_upnp.xml.in index 20e01bfbd..20e01bfbd 100644 --- a/interface-definitions/service-upnp.xml.in +++ b/interface-definitions/service_upnp.xml.in diff --git a/interface-definitions/service-webproxy.xml.in b/interface-definitions/service_webproxy.xml.in index b24997816..637d57891 100644 --- a/interface-definitions/service-webproxy.xml.in +++ b/interface-definitions/service_webproxy.xml.in @@ -353,7 +353,7 @@ <description>Object size in KB</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1-100000"/> + <validator name="numeric" argument="--range 1-1000000"/> </constraint> </properties> </leafNode> diff --git a/interface-definitions/system-acceleration-qat.xml.in b/interface-definitions/system_acceleration.xml.in index 812484184..fb5c9d4ea 100644 --- a/interface-definitions/system-acceleration-qat.xml.in +++ b/interface-definitions/system_acceleration.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="acceleration" owner="${vyos_conf_scripts_dir}/intel_qat.py"> + <node name="acceleration" owner="${vyos_conf_scripts_dir}/system_acceleration.py"> <properties> <help>Acceleration components</help> <priority>50</priority> diff --git a/interface-definitions/system-config-mgmt.xml.in b/interface-definitions/system_config-management.xml.in index de5a8cc16..7ae347955 100644 --- a/interface-definitions/system-config-mgmt.xml.in +++ b/interface-definitions/system_config-management.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="config-management" owner="${vyos_conf_scripts_dir}/config_mgmt.py"> + <node name="config-management" owner="${vyos_conf_scripts_dir}/system_config-management.py"> <properties> <help>Configuration management settings</help> <priority>400</priority> @@ -17,11 +17,36 @@ <properties> <help>Commit archive location</help> <valueHelp> - <format>uri</format> - <description>Uniform Resource Identifier</description> + <format>http://<user>:<passwd>@<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>https://<user>:<passwd>@<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>ftp://<user>:<passwd>@<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>sftp://<user>:<passwd>@<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>scp://<user>:<passwd>@<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>tftp://<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>git+https://<user>:<passwd>@<host>/<path></format> + <description/> </valueHelp> <constraint> <validator name="url --file-transport"/> + <regex>(ssh|git|git\+(\w+)):\/\/.*</regex> </constraint> <multi/> </properties> diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system_conntrack.xml.in index 8dad048b8..ed5b7e8e0 100644 --- a/interface-definitions/system-conntrack.xml.in +++ b/interface-definitions/system_conntrack.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="conntrack" owner="${vyos_conf_scripts_dir}/conntrack.py"> + <node name="conntrack" owner="${vyos_conf_scripts_dir}/system_conntrack.py"> <properties> <help>Connection Tracking Engine Options</help> <!-- Before NAT and conntrack-sync are configured --> diff --git a/interface-definitions/system-console.xml.in b/interface-definitions/system_console.xml.in index 5acd3e90b..5acd3e90b 100644 --- a/interface-definitions/system-console.xml.in +++ b/interface-definitions/system_console.xml.in diff --git a/interface-definitions/system_domain-name.xml.in b/interface-definitions/system_domain-name.xml.in new file mode 100644 index 000000000..bfca9b8ce --- /dev/null +++ b/interface-definitions/system_domain-name.xml.in @@ -0,0 +1,15 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <leafNode name="domain-name" owner="${vyos_conf_scripts_dir}/system_host-name.py"> + <properties> + <help>System domain name</help> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system_domain-search.xml.in b/interface-definitions/system_domain-search.xml.in new file mode 100644 index 000000000..eb6c8a85c --- /dev/null +++ b/interface-definitions/system_domain-search.xml.in @@ -0,0 +1,18 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <leafNode name="domain-search" owner="${vyos_conf_scripts_dir}/system_host-name.py"> + <properties> + <help>Domain Name Server (DNS) domain completion order</help> + <priority>400</priority> + <constraint> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and period.</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/system_flow-accounting.xml.in index 40a9bb423..83a2480a3 100644 --- a/interface-definitions/flow-accounting-conf.xml.in +++ b/interface-definitions/system_flow-accounting.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="flow-accounting" owner="${vyos_conf_scripts_dir}/flow_accounting_conf.py"> + <node name="flow-accounting" owner="${vyos_conf_scripts_dir}/system_flow-accounting.py"> <properties> <help>Flow accounting settings</help> <priority>990</priority> diff --git a/interface-definitions/system-frr.xml.in b/interface-definitions/system_frr.xml.in index 9fe23ed75..76001b392 100644 --- a/interface-definitions/system-frr.xml.in +++ b/interface-definitions/system_frr.xml.in @@ -15,6 +15,20 @@ <valueless/> </properties> </leafNode> + <leafNode name="descriptors"> + <properties> + <help>Number of open file descriptors a process is allowed to use</help> + <valueHelp> + <format>u32:1024-8192</format> + <description>Number of file descriptors</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1024-8192"/> + </constraint> + <constraintErrorMessage>Port number must be in range 1024 to 8192</constraintErrorMessage> + </properties> + <defaultValue>1024</defaultValue> + </leafNode> <leafNode name="irdp"> <properties> <help>Enable ICMP Router Discovery Protocol support</help> diff --git a/interface-definitions/system_host-name.xml.in b/interface-definitions/system_host-name.xml.in new file mode 100644 index 000000000..423531a68 --- /dev/null +++ b/interface-definitions/system_host-name.xml.in @@ -0,0 +1,16 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <!-- script does not use XML defaults so far --> + <leafNode name="host-name" owner="${vyos_conf_scripts_dir}/system_host-name.py"> + <properties> + <help>System host name (default: vyos)</help> + <constraint> + #include <include/constraint/host-name.xml.i> + </constraint> + </properties> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-ip.xml.in b/interface-definitions/system_ip.xml.in index 6db4dbfc7..6e3b7d5d0 100644 --- a/interface-definitions/system-ip.xml.in +++ b/interface-definitions/system_ip.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="ip" owner="${vyos_conf_scripts_dir}/system-ip.py"> + <node name="ip" owner="${vyos_conf_scripts_dir}/system_ip.py"> <properties> <help>IPv4 Settings</help> <!-- must be before any interface, check /opt/vyatta/sbin/priority.pl --> diff --git a/interface-definitions/system-ipv6.xml.in b/interface-definitions/system_ipv6.xml.in index e17e1c01c..8957cb6a7 100644 --- a/interface-definitions/system-ipv6.xml.in +++ b/interface-definitions/system_ipv6.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="ipv6" owner="${vyos_conf_scripts_dir}/system-ipv6.py"> + <node name="ipv6" owner="${vyos_conf_scripts_dir}/system_ipv6.py"> <properties> <help>IPv6 Settings</help> <!-- must be before any interface, check /opt/vyatta/sbin/priority.pl --> diff --git a/interface-definitions/system-lcd.xml.in b/interface-definitions/system_lcd.xml.in index 0cf4de308..0cf4de308 100644 --- a/interface-definitions/system-lcd.xml.in +++ b/interface-definitions/system_lcd.xml.in diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system_login.xml.in index 71db8b1d6..672c4afc8 100644 --- a/interface-definitions/system-login.xml.in +++ b/interface-definitions/system_login.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="login" owner="${vyos_conf_scripts_dir}/system-login.py"> + <node name="login" owner="${vyos_conf_scripts_dir}/system_login.py"> <properties> <help>System User Login Configuration</help> <priority>400</priority> @@ -244,21 +244,27 @@ </leafNode> </children> </tagNode> - <leafNode name="source-address"> + <leafNode name="security-mode"> <properties> - <help>Source IP used to communicate with TACACS+ server</help> + <help>Security mode for TACACS+ authentication</help> <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> + <list>mandatory optional</list> </completionHelp> <valueHelp> - <format>ipv4</format> - <description>IPv4 source address</description> + <format>mandatory</format> + <description>Deny access immediately if TACACS+ answers with REJECT</description> + </valueHelp> + <valueHelp> + <format>optional</format> + <description>Pass to the next authentication method if TACACS+ answers with REJECT</description> </valueHelp> <constraint> - <validator name="ipv4-address"/> + <regex>(mandatory|optional)</regex> </constraint> </properties> + <defaultValue>optional</defaultValue> </leafNode> + #include <include/source-address-ipv4.xml.i> #include <include/radius-timeout.xml.i> #include <include/interface/vrf.xml.i> </children> diff --git a/interface-definitions/system-login-banner.xml.in b/interface-definitions/system_login_banner.xml.in index bdd0ad96a..211505ae4 100644 --- a/interface-definitions/system-login-banner.xml.in +++ b/interface-definitions/system_login_banner.xml.in @@ -2,13 +2,13 @@ <interfaceDefinition> <node name="system"> <children> - <node name="login" owner="${vyos_conf_scripts_dir}/system-login.py"> + <node name="login" owner="${vyos_conf_scripts_dir}/system_login.py"> <properties> <help>System User Login Configuration</help> <priority>400</priority> </properties> <children> - <node name="banner" owner="${vyos_conf_scripts_dir}/system-login-banner.py"> + <node name="banner" owner="${vyos_conf_scripts_dir}/system_login_banner.py"> <properties> <help>System login banners</help> </properties> diff --git a/interface-definitions/system-logs.xml.in b/interface-definitions/system_logs.xml.in index 1caa7abb6..b34cbdc39 100644 --- a/interface-definitions/system-logs.xml.in +++ b/interface-definitions/system_logs.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="logs" owner="${vyos_conf_scripts_dir}/system-logs.py"> + <node name="logs" owner="${vyos_conf_scripts_dir}/system_logs.py"> <properties> <help>Logging options</help> <priority>9999</priority> diff --git a/interface-definitions/system_name-server.xml.in b/interface-definitions/system_name-server.xml.in new file mode 100644 index 000000000..2f750abfa --- /dev/null +++ b/interface-definitions/system_name-server.xml.in @@ -0,0 +1,33 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <leafNode name="name-server" owner="${vyos_conf_scripts_dir}/system_host-name.py"> + <properties> + <help>System Domain Name Servers (DNS)</help> + <priority>400</priority> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server IPv6 address</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>Use Domain Name Server from DHCP interface</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ip-address"/> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system_option.xml.in index b1b5f7fae..adb45bdcc 100644 --- a/interface-definitions/system-option.xml.in +++ b/interface-definitions/system_option.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="option" owner="${vyos_conf_scripts_dir}/system-option.py"> + <node name="option" owner="${vyos_conf_scripts_dir}/system_option.py"> <properties> <help>System Options</help> <priority>9999</priority> diff --git a/interface-definitions/system-proxy.xml.in b/interface-definitions/system_proxy.xml.in index f7ab31d7e..214534dbb 100644 --- a/interface-definitions/system-proxy.xml.in +++ b/interface-definitions/system_proxy.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="proxy" owner="${vyos_conf_scripts_dir}/system-proxy.py"> + <node name="proxy" owner="${vyos_conf_scripts_dir}/system_proxy.py"> <properties> <help>Sets a proxy for system wide use</help> </properties> diff --git a/interface-definitions/system-sflow.xml.in b/interface-definitions/system_sflow.xml.in index c5152abe9..c5152abe9 100644 --- a/interface-definitions/system-sflow.xml.in +++ b/interface-definitions/system_sflow.xml.in diff --git a/interface-definitions/system_static-host-mapping.xml.in b/interface-definitions/system_static-host-mapping.xml.in new file mode 100644 index 000000000..492741f11 --- /dev/null +++ b/interface-definitions/system_static-host-mapping.xml.in @@ -0,0 +1,53 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="static-host-mapping" owner="${vyos_conf_scripts_dir}/system_host-name.py"> + <properties> + <help>Map host names to addresses</help> + <priority>400</priority> + </properties> + <children> + <tagNode name="host-name"> + <properties> + <help>Host name for static address mapping</help> + <constraint> + #include <include/constraint/host-name.xml.i> + </constraint> + <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> + </properties> + <children> + <leafNode name="alias"> + <properties> + <help>Alias for this address</help> + <constraint> + <regex>.{1,63}</regex> + </constraint> + <constraintErrorMessage>invalid alias hostname, needs to be between 1 and 63 charactes</constraintErrorMessage> + <multi /> + </properties> + </leafNode> + <leafNode name="inet"> + <properties> + <help>IP Address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-sysctl.xml.in b/interface-definitions/system_sysctl.xml.in index bf118c24b..bf118c24b 100644 --- a/interface-definitions/system-sysctl.xml.in +++ b/interface-definitions/system_sysctl.xml.in diff --git a/interface-definitions/system-syslog.xml.in b/interface-definitions/system_syslog.xml.in index cd5c514a8..3343e2c59 100644 --- a/interface-definitions/system-syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="syslog" owner="${vyos_conf_scripts_dir}/system-syslog.py"> + <node name="syslog" owner="${vyos_conf_scripts_dir}/system_syslog.py"> <properties> <help>System logging</help> <priority>400</priority> diff --git a/interface-definitions/cron.xml.in b/interface-definitions/system_task-scheduler.xml.in index 58dcf64ac..597d58813 100644 --- a/interface-definitions/cron.xml.in +++ b/interface-definitions/system_task-scheduler.xml.in @@ -7,7 +7,7 @@ <help>Task scheduler settings</help> </properties> <children> - <tagNode name="task" owner="${vyos_conf_scripts_dir}/task_scheduler.py"> + <tagNode name="task" owner="${vyos_conf_scripts_dir}/system_task-scheduler.py"> <properties> <help>Scheduled task</help> <valueHelp> diff --git a/interface-definitions/system-time-zone.xml.in b/interface-definitions/system_time-zone.xml.in index f6b291984..65cce9e95 100644 --- a/interface-definitions/system-time-zone.xml.in +++ b/interface-definitions/system_time-zone.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <leafNode name="time-zone" owner="${vyos_conf_scripts_dir}/system-timezone.py"> + <leafNode name="time-zone" owner="${vyos_conf_scripts_dir}/system_timezone.py"> <properties> <help>Local time zone (default UTC)</help> <priority>100</priority> diff --git a/interface-definitions/system-update-check.xml.in b/interface-definitions/system_update-check.xml.in index e4d7041ec..14570b039 100644 --- a/interface-definitions/system-update-check.xml.in +++ b/interface-definitions/system_update-check.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="update-check" owner="${vyos_conf_scripts_dir}/system_update_check.py"> + <node name="update-check" owner="${vyos_conf_scripts_dir}/system_update-check.py"> <properties> <help>Check available update images</help> <priority>9999</priority> @@ -14,7 +14,7 @@ <valueless/> </properties> </leafNode> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> </children> </node> </children> diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 64cfbda08..1847401b5 100644 --- a/interface-definitions/vpn-ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -772,9 +772,13 @@ <properties> <help>Client authentication mode</help> <completionHelp> - <list>eap-tls eap-mschapv2 eap-radius</list> + <list>x509 eap-tls eap-mschapv2 eap-radius</list> </completionHelp> <valueHelp> + <format>x509</format> + <description>Use IPsec x.509 certificate authentication</description> + </valueHelp> + <valueHelp> <format>eap-tls</format> <description>Use EAP-TLS authentication</description> </valueHelp> @@ -787,7 +791,7 @@ <description>Use EAP-RADIUS authentication</description> </valueHelp> <constraint> - <regex>(eap-tls|eap-mschapv2|eap-radius)</regex> + <regex>(x509|eap-tls|eap-mschapv2|eap-radius)</regex> </constraint> </properties> <defaultValue>eap-mschapv2</defaultValue> diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index ee0edc3e3..3e2d00e6b 100644 --- a/interface-definitions/vpn-l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -13,7 +13,11 @@ <help>Remote access L2TP VPN</help> </properties> <children> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> + <leafNode name="mtu"> + <defaultValue>1436</defaultValue> + </leafNode> <leafNode name="outside-address"> <properties> <help>External IP address to which VPN clients will connect</help> @@ -115,128 +119,22 @@ </children> </node> #include <include/accel-ppp/wins-server.xml.i> - <node name="client-ip-pool"> - <properties> - <help>Pool of client IP addresses (must be within a /24)</help> - </properties> - <children> - #include <include/accel-ppp/client-ip-pool-start-stop.xml.i> - #include <include/accel-ppp/client-ip-pool-subnet.xml.i> - </children> - </node> + #include <include/accel-ppp/client-ip-pool.xml.i> #include <include/accel-ppp/client-ipv6-pool.xml.i> #include <include/generic-description.xml.i> #include <include/dhcp-interface.xml.i> - <leafNode name="idle"> - <properties> - <help>PPP idle timeout</help> - <valueHelp> - <format>u32:30-86400</format> - <description>PPP idle timeout in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 30-86400"/> - </constraint> - </properties> - </leafNode> <node name="authentication"> <properties> <help>Authentication for remote access L2TP VPN</help> </properties> <children> - <leafNode name="require"> - <properties> - <help>Authentication protocol for remote access peer L2TP VPN</help> - <valueHelp> - <format>pap</format> - <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description> - </valueHelp> - <valueHelp> - <format>chap</format> - <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> - </valueHelp> - <valueHelp> - <format>mschap</format> - <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> - </valueHelp> - <valueHelp> - <format>mschap-v2</format> - <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description> - </valueHelp> - <constraint> - <regex>(pap|chap|mschap|mschap-v2)</regex> - </constraint> - <completionHelp> - <list>pap chap mschap mschap-v2</list> - </completionHelp> - <multi /> - </properties> - </leafNode> - #include <include/accel-ppp/ppp-mppe.xml.i> + #include <include/accel-ppp/auth-protocols.xml.i> #include <include/accel-ppp/auth-mode.xml.i> #include <include/accel-ppp/auth-local-users.xml.i> #include <include/radius-auth-server-ipv4.xml.i> + #include <include/accel-ppp/radius-additions.xml.i> <node name="radius"> <children> - #include <include/accel-ppp/radius-accounting-interim-interval.xml.i> - <tagNode name="server"> - <children> - #include <include/accel-ppp/radius-additions-disable-accounting.xml.i> - <leafNode name="fail-time"> - <properties> - <help>Mark server unavailable for N seconds on failure</help> - <valueHelp> - <format>u32:0-600</format> - <description>Fail time penalty</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-600"/> - </constraint> - <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="timeout"> - <properties> - <help>Timeout to wait response from server (seconds)</help> - </properties> - </leafNode> - <leafNode name="acct-timeout"> - <properties> - <help>Timeout to wait reply for Interim-Update packets</help> - </properties> - </leafNode> - <leafNode name="max-try"> - <properties> - <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help> - </properties> - </leafNode> - #include <include/radius-nas-identifier.xml.i> - #include <include/radius-nas-ip-address.xml.i> - <node name="dae-server"> - <properties> - <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - <children> - <leafNode name="ip-address"> - <properties> - <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - </leafNode> - <leafNode name="port"> - <properties> - <help>Port for Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - <defaultValue>1700</defaultValue> - </leafNode> - <leafNode name="secret"> - <properties> - <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - </leafNode> - </children> - </node> #include <include/accel-ppp/radius-additions-rate-limit.xml.i> </children> </node> @@ -247,11 +145,15 @@ <help>Advanced protocol options</help> </properties> <children> - #include <include/accel-ppp/lcp-echo-interval-failure.xml.i> + #include <include/accel-ppp/ppp-mppe.xml.i> + #include <include/accel-ppp/ppp-options-ipv4.xml.i> #include <include/accel-ppp/ppp-options-ipv6.xml.i> #include <include/accel-ppp/ppp-options-ipv6-interface-id.xml.i> + #include <include/accel-ppp/lcp-echo-interval-failure.xml.i> + #include <include/accel-ppp/lcp-echo-timeout.xml.i> </children> </node> + #include <include/accel-ppp/default-pool.xml.i> </children> </node> </children> diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in index 75c64a99a..736084f8b 100644 --- a/interface-definitions/vpn-openconnect.xml.in +++ b/interface-definitions/vpn_openconnect.xml.in @@ -260,6 +260,12 @@ </leafNode> </children> </node> + <leafNode name="http-security-headers"> + <properties> + <help>Enable HTTP security headers</help> + <valueless/> + </properties> + </leafNode> <node name="ssl"> <properties> <help>SSL Certificate, SSL Key and CA</help> diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn_pptp.xml.in index 5a8b4a78a..7bb8db798 100644 --- a/interface-definitions/vpn-pptp.xml.in +++ b/interface-definitions/vpn_pptp.xml.in @@ -13,7 +13,11 @@ <help>Remote access PPTP VPN</help> </properties> <children> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> + <leafNode name="mtu"> + <defaultValue>1436</defaultValue> + </leafNode> <leafNode name="outside-address"> <properties> <help>External IP address to which VPN clients will connect</help> @@ -22,17 +26,10 @@ </constraint> </properties> </leafNode> + #include <include/accel-ppp/gateway-address.xml.i> #include <include/name-server-ipv4.xml.i> #include <include/accel-ppp/wins-server.xml.i> - <node name="client-ip-pool"> - <properties> - <help>Pool of client IP addresses (must be within a /24)</help> - </properties> - <children> - #include <include/accel-ppp/client-ip-pool-start-stop.xml.i> - </children> - </node> - #include <include/accel-ppp/gateway-address.xml.i> + #include <include/accel-ppp/client-ip-pool.xml.i> <node name="authentication"> <properties> <help>Authentication for remote access PPTP VPN</help> @@ -41,6 +38,9 @@ <leafNode name="require"> <properties> <help>Authentication protocol for remote access peer PPTP VPN</help> + <completionHelp> + <list>pap chap mschap mschap-v2</list> + </completionHelp> <valueHelp> <format>pap</format> <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description> @@ -57,7 +57,11 @@ <format>mschap-v2</format> <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description> </valueHelp> + <constraint> + <regex>(pap|chap|mschap|mschap-v2)</regex> + </constraint> </properties> + <defaultValue>mschap-v2</defaultValue> </leafNode> <leafNode name="mppe"> <properties> @@ -81,6 +85,7 @@ <list>deny prefer require</list> </completionHelp> </properties> + <defaultValue>prefer</defaultValue> </leafNode> #include <include/accel-ppp/auth-mode.xml.i> <node name="local-users"> @@ -103,6 +108,7 @@ <properties> <help>Static client IP address</help> </properties> + <defaultValue>*</defaultValue> </leafNode> </children> </tagNode> @@ -115,8 +121,19 @@ </node> #include <include/radius-auth-server-ipv4.xml.i> #include <include/accel-ppp/radius-additions.xml.i> + <node name="radius"> + <children> + <leafNode name="timeout"> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="acct-timeout"> + <defaultValue>30</defaultValue> + </leafNode> + </children> + </node> </children> </node> + #include <include/accel-ppp/default-pool.xml.i> </children> </node> </children> diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index 9e912063f..a1b69f990 100644 --- a/interface-definitions/vpn-sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -25,22 +25,17 @@ </node> </children> </node> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/interface/mtu-68-1500.xml.i> #include <include/accel-ppp/gateway-address.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> - <node name="client-ip-pool"> - <properties> - <help>Client IP pools and gateway setting</help> - </properties> - <children> - #include <include/accel-ppp/client-ip-pool-subnet.xml.i> - </children> - </node> + #include <include/accel-ppp/client-ip-pool.xml.i> #include <include/accel-ppp/client-ipv6-pool.xml.i> #include <include/port-number.xml.i> <leafNode name="port"> <defaultValue>443</defaultValue> </leafNode> + #include <include/accel-ppp/default-pool.xml.i> <node name="ppp-options"> <properties> <help>PPP (Point-to-Point Protocol) settings</help> diff --git a/interface-definitions/vpp.xml.in b/interface-definitions/vpp.xml.in deleted file mode 100644 index 3f0758c0a..000000000 --- a/interface-definitions/vpp.xml.in +++ /dev/null @@ -1,342 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="vpp" owner="${vyos_conf_scripts_dir}/vpp.py"> - <properties> - <help>Accelerated data-plane</help> - <priority>295</priority> - </properties> - <children> - <node name="cpu"> - <properties> - <help>CPU settings</help> - </properties> - <children> - <leafNode name="corelist-workers"> - <properties> - <help>List of cores worker threads</help> - <valueHelp> - <format><id></format> - <description>CPU core id</description> - </valueHelp> - <valueHelp> - <format><idN>-<idM></format> - <description>CPU core id range (use '-' as delimiter)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--allow-range --range 0-512"/> - </constraint> - <constraintErrorMessage>not a valid CPU core value or range</constraintErrorMessage> - <multi/> - </properties> - </leafNode> - <leafNode name="main-core"> - <properties> - <help>Main core</help> - <valueHelp> - <format>u32:0-512</format> - <description>Assign main thread to specific core</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-512"/> - </constraint> - </properties> - </leafNode> - <leafNode name="skip-cores"> - <properties> - <help>Skip cores</help> - <valueHelp> - <format>u32:0-512</format> - <description>Skip cores</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-512"/> - </constraint> - </properties> - </leafNode> - <leafNode name="workers"> - <properties> - <help>Create worker threads</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Worker threads</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-512"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <tagNode name="interface"> - <properties> - <help>Interface</help> - <valueHelp> - <format>ethN</format> - <description>Interface name</description> - </valueHelp> - <constraint> - <regex>((eth|lan)[0-9]+|(eno|ens|enp|enx).+)</regex> - </constraint> - <constraintErrorMessage>Invalid interface name</constraintErrorMessage> - </properties> - <children> - <leafNode name="num-rx-desc"> - <properties> - <help>Number of receive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of receive ring descriptors</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name="num-tx-desc"> - <properties> - <help>Number of tranceive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of tranceive ring descriptors</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name="num-rx-queues"> - <properties> - <help>Number of receive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of receive queues</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name="num-tx-queues"> - <properties> - <help>Number of tranceive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of tranceive queues</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name='pci'> - <properties> - <help>PCI address allocation</help> - <valueHelp> - <format>auto</format> - <description>Auto detect PCI address</description> - </valueHelp> - <valueHelp> - <format><xxxx:xx:xx.x></format> - <description>Set Peripheral Component Interconnect (PCI) address</description> - </valueHelp> - <constraint> - <regex>(auto|[0-9a-fA-F]{4}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}\.[0-9a-fA-F])</regex> - </constraint> - </properties> - <defaultValue>auto</defaultValue> - </leafNode> - <leafNode name="rx-mode"> - <properties> - <help>Receive packet processing mode</help> - <completionHelp> - <list>polling interrupt adaptive</list> - </completionHelp> - <valueHelp> - <format>polling</format> - <description>Constantly check for new data</description> - </valueHelp> - <valueHelp> - <format>interrupt</format> - <description>Interrupt mode</description> - </valueHelp> - <valueHelp> - <format>adaptive</format> - <description>Adaptive mode</description> - </valueHelp> - <constraint> - <regex>(polling|interrupt|adaptive)</regex> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - <node name="ip"> - <properties> - <help>IP settings</help> - </properties> - <children> - <leafNode name="heap-size"> - <properties> - <help>IPv4 heap size</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Amount of memory (in Mbytes) dedicated to the destination IP lookup table</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>32</defaultValue> - </leafNode> - </children> - </node> - <node name="ip6"> - <properties> - <help>IPv6 settings</help> - </properties> - <children> - <leafNode name="heap-size"> - <properties> - <help>IPv6 heap size</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Amount of memory (in Mbytes) dedicated to the destination IP lookup table</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>32</defaultValue> - </leafNode> - <leafNode name="hash-buckets"> - <properties> - <help>IPv6 forwarding table hash buckets</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>IPv6 forwarding table hash buckets</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>65536</defaultValue> - </leafNode> - </children> - </node> - <node name="l2learn"> - <properties> - <help>Level 2 MAC address learning settings</help> - </properties> - <children> - <leafNode name="limit"> - <properties> - <help>Number of MAC addresses in the L2 FIB</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>Number of concurent entries</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>4194304</defaultValue> - </leafNode> - </children> - </node> - <node name="logging"> - <properties> - <help>Loggint settings</help> - </properties> - <children> - <leafNode name="default-log-level"> - <properties> - <help>default-log-level</help> - <completionHelp> - <list>alert crit debug disabled emerg err info notice warn</list> - </completionHelp> - <valueHelp> - <format>alert</format> - <description>Alert</description> - </valueHelp> - <valueHelp> - <format>crit</format> - <description>Critical</description> - </valueHelp> - <valueHelp> - <format>debug</format> - <description>Debug</description> - </valueHelp> - <valueHelp> - <format>disabled</format> - <description>Disabled</description> - </valueHelp> - <valueHelp> - <format>emerg</format> - <description>Emergency</description> - </valueHelp> - <valueHelp> - <format>err</format> - <description>Error</description> - </valueHelp> - <valueHelp> - <format>info</format> - <description>Informational</description> - </valueHelp> - <valueHelp> - <format>notice</format> - <description>Notice</description> - </valueHelp> - <valueHelp> - <format>warn</format> - <description>Warning</description> - </valueHelp> - <constraint> - <regex>(alert|crit|debug|disabled|emerg|err|info|notice|warn)</regex> - </constraint> - </properties> - </leafNode> - </children> - </node> - <node name="physmem"> - <properties> - <help>Memory settings</help> - </properties> - <children> - <leafNode name="max-size"> - <properties> - <help>Set memory size for protectable memory allocator (pmalloc) memory space</help> - <valueHelp> - <format><number>m</format> - <description>Megabyte</description> - </valueHelp> - <valueHelp> - <format><number>g</format> - <description>Gigabyte</description> - </valueHelp> - </properties> - </leafNode> - </children> - </node> - <node name="unix"> - <properties> - <help>Unix settings</help> - </properties> - <children> - <leafNode name="poll-sleep-usec"> - <properties> - <help>Add a fixed-sleep between main loop poll</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Number of receive queues</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-4294967295"/> - </constraint> - </properties> - <defaultValue>0</defaultValue> - </leafNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index 3783785ce..e5ec539d3 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -4,7 +4,7 @@ <properties> <help>Virtual Routing and Forwarding</help> <!-- must be before any interface, check /opt/vyatta/sbin/priority.pl --> - <priority>299</priority> + <priority>11</priority> </properties> <children> <leafNode name="bind-to-all"> diff --git a/interface-definitions/xml-component-version.xml.in b/interface-definitions/xml-component-version.xml.in index 8c9e816d1..51a28ef57 100644 --- a/interface-definitions/xml-component-version.xml.in +++ b/interface-definitions/xml-component-version.xml.in @@ -29,6 +29,7 @@ #include <include/version/ntp-version.xml.i> #include <include/version/openconnect-version.xml.i> #include <include/version/ospf-version.xml.i> + #include <include/version/pim-version.xml.i> #include <include/version/policy-version.xml.i> #include <include/version/pppoe-server-version.xml.i> #include <include/version/pptp-version.xml.i> |