From fd1b1ff19b0ff852d796e979ab3b596651686f2f Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 10 Jan 2022 22:26:39 +0100
Subject: conntrack: T3579: make the timeout tree re-usable as XML include

---
 .../conntrack/timeout-common-protocols.xml.i       | 172 +++++++++++++++++
 interface-definitions/system-conntrack.xml.in      | 207 +--------------------
 2 files changed, 179 insertions(+), 200 deletions(-)
 create mode 100644 interface-definitions/include/conntrack/timeout-common-protocols.xml.i

diff --git a/interface-definitions/include/conntrack/timeout-common-protocols.xml.i b/interface-definitions/include/conntrack/timeout-common-protocols.xml.i
new file mode 100644
index 000000000..2676d846e
--- /dev/null
+++ b/interface-definitions/include/conntrack/timeout-common-protocols.xml.i
@@ -0,0 +1,172 @@
+<!-- include start from conntrack/timeout-common-protocols.xml.i -->
+<leafNode name="icmp">
+  <properties>
+    <help>ICMP timeout in seconds</help>
+    <valueHelp>
+      <format>u32:1-21474836</format>
+      <description>ICMP timeout in seconds</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-21474836"/>
+    </constraint>
+  </properties>
+  <defaultValue>30</defaultValue>
+</leafNode>
+<leafNode name="other">
+  <properties>
+    <help>Generic connection timeout in seconds</help>
+    <valueHelp>
+      <format>u32:1-21474836</format>
+      <description>Generic connection timeout in seconds</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-21474836"/>
+    </constraint>
+  </properties>
+  <defaultValue>600</defaultValue>
+</leafNode>
+<node name="tcp">
+  <properties>
+    <help>TCP connection timeout options</help>
+  </properties>
+  <children>
+    <leafNode name="close-wait">
+      <properties>
+        <help>TCP CLOSE-WAIT timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP CLOSE-WAIT timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+      <defaultValue>60</defaultValue>
+    </leafNode>
+    <leafNode name="close">
+      <properties>
+        <help>TCP CLOSE timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP CLOSE timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+      <defaultValue>10</defaultValue>
+    </leafNode>
+    <leafNode name="established">
+      <properties>
+        <help>TCP ESTABLISHED timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP ESTABLISHED timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+      <defaultValue>432000</defaultValue>
+    </leafNode>
+    <leafNode name="fin-wait">
+      <properties>
+        <help>TCP FIN-WAIT timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP FIN-WAIT timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+      <defaultValue>120</defaultValue>
+    </leafNode>
+    <leafNode name="last-ack">
+      <properties>
+        <help>TCP LAST-ACK timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP LAST-ACK timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+      <defaultValue>30</defaultValue>
+    </leafNode>
+    <leafNode name="syn-recv">
+      <properties>
+        <help>TCP SYN-RECEIVED timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP SYN-RECEIVED timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+      <defaultValue>60</defaultValue>
+    </leafNode>
+    <leafNode name="syn-sent">
+      <properties>
+        <help>TCP SYN-SENT timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP SYN-SENT timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+      <defaultValue>120</defaultValue>
+    </leafNode>
+    <leafNode name="time-wait">
+      <properties>
+        <help>TCP TIME-WAIT timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP TIME-WAIT timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+      <defaultValue>120</defaultValue>
+    </leafNode>
+  </children>
+</node>
+<node name="udp">
+  <properties>
+    <help>UDP timeout options</help>
+  </properties>
+  <children>
+    <leafNode name="other">
+      <properties>
+        <help>UDP generic timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>UDP generic timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+      <defaultValue>30</defaultValue>
+    </leafNode>
+    <leafNode name="stream">
+      <properties>
+        <help>UDP stream timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>UDP stream timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+      <defaultValue>180</defaultValue>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in
index 88f96a078..65edab839 100644
--- a/interface-definitions/system-conntrack.xml.in
+++ b/interface-definitions/system-conntrack.xml.in
@@ -315,38 +315,14 @@
                         </properties>
                       </leafNode>
                       #include <include/ip-protocol.xml.i>
-                      <leafNode name="protocol">
+                      <node name="protocol">
                         <properties>
-                          <help>Protocol to match (protocol name, number, or "all")</help>
-                          <completionHelp>
-                            <script>${vyos_completion_dir}/list_protocols.sh</script>
-                            <list>all tcp_udp</list>
-                          </completionHelp>
-                          <valueHelp>
-                            <format>all</format>
-                            <description>All IP protocols</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>tcp_udp</format>
-                            <description>Both TCP and UDP</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>u32:0-255</format>
-                            <description>IP protocol number</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>&lt;protocol&gt;</format>
-                            <description>IP protocol name</description>
-                          </valueHelp>
-                          <valueHelp>
-                            <format>!&lt;protocol&gt;</format>
-                            <description>IP protocol name</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="ip-protocol"/>
-                          </constraint>
+                          <help>Customize protocol specific timers, one protocol configuration per rule</help>
                         </properties>
-                      </leafNode>
+                        <children>
+                          #include <include/conntrack/timeout-common-protocols.xml.i>
+                        </children>
+                      </node>
                       <node name="source">
                         <properties>
                           <help>Source parameters</help>
@@ -360,176 +336,7 @@
                   </tagNode>
                 </children>
               </node>
-              <leafNode name="icmp">
-                <properties>
-                  <help>ICMP timeout in seconds</help>
-                  <valueHelp>
-                    <format>u32:1-21474836</format>
-                    <description>ICMP timeout in seconds</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-21474836"/>
-                  </constraint>
-                </properties>
-                <defaultValue>30</defaultValue>
-              </leafNode>
-              <leafNode name="other">
-                <properties>
-                  <help>Generic connection timeout in seconds</help>
-                  <valueHelp>
-                    <format>u32:1-21474836</format>
-                    <description>Generic connection timeout in seconds</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-21474836"/>
-                  </constraint>
-                </properties>
-                <defaultValue>600</defaultValue>
-              </leafNode>
-              <node name="tcp">
-                <properties>
-                  <help>TCP connection timeout options</help>
-                </properties>
-                <children>
-                  <leafNode name="close-wait">
-                    <properties>
-                      <help>TCP CLOSE-WAIT timeout in seconds</help>
-                      <valueHelp>
-                        <format>u32:1-21474836</format>
-                        <description>TCP CLOSE-WAIT timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-21474836"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>60</defaultValue>
-                  </leafNode>
-                  <leafNode name="close">
-                    <properties>
-                      <help>TCP CLOSE timeout in seconds</help>
-                      <valueHelp>
-                        <format>u32:1-21474836</format>
-                        <description>TCP CLOSE timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-21474836"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>10</defaultValue>
-                  </leafNode>
-                  <leafNode name="established">
-                    <properties>
-                      <help>TCP ESTABLISHED timeout in seconds</help>
-                      <valueHelp>
-                        <format>u32:1-21474836</format>
-                        <description>TCP ESTABLISHED timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-21474836"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>432000</defaultValue>
-                  </leafNode>
-                  <leafNode name="fin-wait">
-                    <properties>
-                      <help>TCP FIN-WAIT timeout in seconds</help>
-                      <valueHelp>
-                        <format>u32:1-21474836</format>
-                        <description>TCP FIN-WAIT timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-21474836"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>120</defaultValue>
-                  </leafNode>
-                  <leafNode name="last-ack">
-                    <properties>
-                      <help>TCP LAST-ACK timeout in seconds</help>
-                      <valueHelp>
-                        <format>u32:1-21474836</format>
-                        <description>TCP LAST-ACK timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-21474836"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>30</defaultValue>
-                  </leafNode>
-                  <leafNode name="syn-recv">
-                    <properties>
-                      <help>TCP SYN-RECEIVED timeout in seconds</help>
-                      <valueHelp>
-                        <format>u32:1-21474836</format>
-                        <description>TCP SYN-RECEIVED timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-21474836"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>60</defaultValue>
-                  </leafNode>
-                  <leafNode name="syn-sent">
-                    <properties>
-                      <help>TCP SYN-SENT timeout in seconds</help>
-                      <valueHelp>
-                        <format>u32:1-21474836</format>
-                        <description>TCP SYN-SENT timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-21474836"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>120</defaultValue>
-                  </leafNode>
-                  <leafNode name="time-wait">
-                    <properties>
-                      <help>TCP TIME-WAIT timeout in seconds</help>
-                      <valueHelp>
-                        <format>u32:1-21474836</format>
-                        <description>TCP TIME-WAIT timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-21474836"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>120</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
-              <node name="udp">
-                <properties>
-                  <help>UDP timeout options</help>
-                </properties>
-                <children>
-                  <leafNode name="other">
-                    <properties>
-                      <help>UDP generic timeout in seconds</help>
-                      <valueHelp>
-                        <format>u32:1-21474836</format>
-                        <description>UDP generic timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-21474836"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>30</defaultValue>
-                  </leafNode>
-                  <leafNode name="stream">
-                    <properties>
-                      <help>UDP stream timeout in seconds</help>
-                      <valueHelp>
-                        <format>u32:1-21474836</format>
-                        <description>UDP stream timeout in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-21474836"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>180</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
+              #include <include/conntrack/timeout-common-protocols.xml.i>
             </children>
           </node>
         </children>
-- 
cgit v1.2.3