From 0d4d4dd840e06c18250d73f27de61261ff141944 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 3 Dec 2019 22:01:19 +0100 Subject: T1843: run interface-definitions though GCC preprocessor A lot of XML code is duplicated (VLAN, interface address) for instance. Such XML definitions should be moved to feature.xml.i files and then just pulled in via GCC preprocessor #include definition in e.g. bond or ethernet definitions. This will give us the ability to single-source repeating node definitions as: * Interface Address * Interface Description * Interface Disable * VLAN (both vif-s and vif-c) The .in suffix of the interface-definitions is a marker that those files are input files to the GCC preprocessor. They will be rendered into proper XML files in the build directory. Some node definitions have been reworder to remove escaped double quote occurances which would have been warned about by the GCC preprocessor. --- interface-definitions/interfaces-openvpn.xml.in | 677 ++++++++++++++++++++++++ 1 file changed, 677 insertions(+) create mode 100644 interface-definitions/interfaces-openvpn.xml.in (limited to 'interface-definitions/interfaces-openvpn.xml.in') diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in new file mode 100644 index 000000000..ca97ad4ec --- /dev/null +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -0,0 +1,677 @@ + + + + + + + OpenVPN tunnel interface name + 460 + + ^vtun[0-9]+$ + + OpenVPN tunnel interface must be named vtunN + + vtunN + OpenVPN interface name + + + + + + Authentication options + + + + + OpenVPN password used for authentication + + + + + OpenVPN username used for authentication + + + + + + + Description + + + + + OpenVPN interface device-type + + tun tap + + + tun + TUN device, required for OSI layer 3 + + + tap + TAP device, required for OSI layer 2 + + + (tun|tap) + + + + + + Disable interface + + + + + + Data Encryption settings + + + + + Standard Data Encryption Algorithm + + des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm + + + des + DES algorithm + + + 3des + DES algorithm with triple encryption + + + bf128 + Blowfish algorithm with 128-bit key + + + bf256 + Blowfish algorithm with 256-bit key + + + aes128 + AES algorithm with 128-bit key CBC + + + aes128gcm + AES algorithm with 128-bit key GCM + + + aes192 + AES algorithm with 192-bit key CBC + + + aes192gcm + AES algorithm with 192-bit key GCM + + + aes256 + AES algorithm with 256-bit key CBC + + + aes256gcm + AES algorithm with 256-bit key GCM + + + (des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) + + + + + + Cipher negotiation list for use in server or client mode + + des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm + + + des + DES algorithm + + + 3des + DES algorithm with triple encryption + + + aes128 + AES algorithm with 128-bit key CBC + + + aes128gcm + AES algorithm with 128-bit key GCM + + + aes192 + AES algorithm with 192-bit key CBC + + + aes192gcm + AES algorithm with 192-bit key GCM + + + aes256 + AES algorithm with 256-bit key CBC + + + aes256gcm + AES algorithm with 256-bit key GCM + + + (des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) + + + + + + + Disable support for ncp-ciphers + + + + + + + + Hashing Algorithm + + md5 sha1 sha256 sha384 sha512 + + + md5 + MD5 algorithm + + + sha1 + SHA-1 algorithm + + + sha256 + SHA-256 algorithm + + + sha384 + SHA-384 algorithm + + + sha512 + SHA-512 algorithm + + + (md5|sha1|sha256|sha384|sha512) + + + + + + Keepalive helper options + + + + + Maximum number of keepalive packet failures [default 6] + + 0-1000 + Maximum number of keepalive packet failures + + + + + + + + + Keepalive packet interval (seconds) [default 10] + + 0-600 + Keepalive packet interval (seconds) + + + + + + + + + + + Local IP address of tunnel + + + + + + + + Subnet-mask for local IP address of tunnel + + + + + + + + + + Local IP address to accept connections (all if not set) + + ipv4 + Local IPv4 address + + + + + + + + + Local port number to accept connections + + 1-65535 + Numeric IP port + + + + + + + + + OpenVPN mode of operation + + site-to-site client server + + + site-to-site + Site-to-site mode + + + client + Client in client-server mode + + + server + Server in client-server mode + + + (site-to-site|client|server) + + + + + + Additional OpenVPN options. You must + use the syntax of openvpn.conf in this text-field. Using this + without proper knowledge may result in a crashed OpenVPN server. + Check system log to look for errors. + + + + + + Do not close and reopen interface (TUN/TAP device) on client restarts + + + + + + OpenVPN communication protocol + + udp tcp-passive tcp-active + + + udp + Site-to-site mode + + + tcp-passive + TCP and accepts connections passively + + + tcp-active + TCP and initiates connections actively + + + (udp|tcp-passive|tcp-active) + + + + + + IP address of remote end of tunnel + + ipv4 + Remote end IPv4 address + + + + + + + + + Remote host to connect to (dynamic if not set) + + ipv4 + IP address of remote host + + + txt + Hostname of remote host + + + + + + + Remote port number to connect to + + 1-65535 + Numeric IP port + + + + + + + + + OpenVPN tunnel to be used as the default route + + + + + Tunnel endpoints are on the same subnet + + + + + + + Server-mode options + + + + + Client-specific settings + + name + Client common-name in the certificate + + + + + + Option to disable client connection + + + + + + IP address of the client + + ipv4 + Client IPv4 address + + + + + + + + + Route to be pushed to the client + + ipv4net + IPv4 network and prefix length + + + + + + + + + + Subnet belonging to the client + + ipv4net + IPv4 network and prefix length belonging to the client + + + + + + + + + + + + DNS suffix to be pushed to all clients + + txt + Domain Name Server suffix + + + + + + Number of maximum client connections + + 1-4096 + Number of concurrent clients + + + + + + + + + Domain Name Server (DNS) + + ipv4 + DNS server IPv4 address + + + + + + + + + + Route to be pushed to all clients + + ipv4net + IPv4 network and prefix length + + + + + + + + + + Reject connections from clients that are not explicitly configured + + + + + Server-mode subnet (from which client IPs are allocated) + + ipv4net + IPv4 address and prefix length + + + + + + + + + Topology for clients + + point-to-point subnet + + + point-to-point + Point-to-point topology + + + subnet + Subnet topology + + + (subnet|point-to-point) + + + + + + + + File containing the secret key shared with remote end of tunnel + + file + File in /config/auth directory + + + + + + + + + Transport Layer Security (TLS) options + + + + + File containing tls static key for tls-auth + + file + File in /config/auth directory + + + + + + + + + File containing certificate for Certificate Authority (CA) + + file + File in /config/auth directory + + + + + + + + + File containing certificate for this host + + file + File in /config/auth directory + + + + + + + + + File containing certificate revocation list (CRL) for this host + + file + File in /config/auth directory + + + + + + + + + File containing Diffie Hellman parameters (server only) + + file + File in /config/auth directory + + + + + + + + + Private key for this host + + file + File in /config/auth directory + + + + + + + + + Specify the minimum required TLS version + + 1.0 1.1 1.2 + + + 1.0 + TLS v1.0 + + + 1.1 + TLS v1.1 + + + 1.2 + TLS v1.2 + + + (1.0|1.1|1.2) + + + + + + Private key for this host + + active passive + + + active + Initiate TLS negotiation actively + + + passive + Waiting for TLS connections passively + + + (active|passive) + + + + + + + + Use fast LZO compression on this TUN/TAP interface + + + + + + + + -- cgit v1.2.3 From 85349b54ab4de42f81d4c8c4dc84901d1313025f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 6 Dec 2019 17:53:27 +0100 Subject: T1843: use include files for interface description --- .../include/interface-description.xml.i | 9 +++++++++ interface-definitions/include/vif-s.xml.i | 20 ++------------------ interface-definitions/include/vif.xml.i | 10 +--------- interface-definitions/interfaces-bonding.xml.in | 10 +--------- interface-definitions/interfaces-bridge.xml.in | 10 +--------- interface-definitions/interfaces-dummy.xml.in | 10 +--------- interface-definitions/interfaces-ethernet.xml.in | 10 +--------- interface-definitions/interfaces-geneve.xml.in | 10 +--------- interface-definitions/interfaces-loopback.xml.in | 10 +--------- interface-definitions/interfaces-openvpn.xml.in | 6 +----- interface-definitions/interfaces-vxlan.xml.in | 10 +--------- interface-definitions/interfaces-wireguard.xml.in | 10 +--------- interface-definitions/interfaces-wireless.xml.in | 10 +--------- 13 files changed, 22 insertions(+), 113 deletions(-) create mode 100644 interface-definitions/include/interface-description.xml.i (limited to 'interface-definitions/interfaces-openvpn.xml.in') diff --git a/interface-definitions/include/interface-description.xml.i b/interface-definitions/include/interface-description.xml.i new file mode 100644 index 000000000..6356888da --- /dev/null +++ b/interface-definitions/include/interface-description.xml.i @@ -0,0 +1,9 @@ + + + Interface description + + ^.{1,256}$ + + Interface description too long (limit 256 characters) + + diff --git a/interface-definitions/include/vif-s.xml.i b/interface-definitions/include/vif-s.xml.i index 51a68c859..ffb9de24a 100644 --- a/interface-definitions/include/vif-s.xml.i +++ b/interface-definitions/include/vif-s.xml.i @@ -8,15 +8,7 @@ #include - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - + #include #include @@ -85,15 +77,7 @@ #include - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - + #include #include diff --git a/interface-definitions/include/vif.xml.i b/interface-definitions/include/vif.xml.i index 0cc3d3dc8..d9b5cfe34 100644 --- a/interface-definitions/include/vif.xml.i +++ b/interface-definitions/include/vif.xml.i @@ -12,15 +12,7 @@ #include - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - + #include #include diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in index b43e7c489..6a82ddd91 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces-bonding.xml.in @@ -49,15 +49,7 @@ - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - + #include #include diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in index 154f47686..8bac2f244 100644 --- a/interface-definitions/interfaces-bridge.xml.in +++ b/interface-definitions/interfaces-bridge.xml.in @@ -33,15 +33,7 @@ - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - + #include #include diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in index dfbbb8b36..db1afd803 100644 --- a/interface-definitions/interfaces-dummy.xml.in +++ b/interface-definitions/interfaces-dummy.xml.in @@ -17,15 +17,7 @@ #include - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - + #include Disable interface diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in index 37836dbc0..293c147d8 100644 --- a/interface-definitions/interfaces-ethernet.xml.in +++ b/interface-definitions/interfaces-ethernet.xml.in @@ -21,15 +21,7 @@ #include - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - + #include #include diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in index 28e3d6aa6..3fbafd2ec 100644 --- a/interface-definitions/interfaces-geneve.xml.in +++ b/interface-definitions/interfaces-geneve.xml.in @@ -17,15 +17,7 @@ #include - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - + #include Disable interface diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces-loopback.xml.in index 0f1e4097a..007a0f189 100644 --- a/interface-definitions/interfaces-loopback.xml.in +++ b/interface-definitions/interfaces-loopback.xml.in @@ -17,15 +17,7 @@ #include - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - + #include diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index ca97ad4ec..d08dba78a 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -33,11 +33,7 @@ - - - Description - - + #include OpenVPN interface device-type diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in index 070bfb87b..9434c2f5a 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -17,15 +17,7 @@ #include - - - Interface description - - ^.{1,256}$ - - Interface description too long (limit 256 characters) - - + #include Disable interface diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in index b6bc3e6e8..ef0b643bb 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -18,15 +18,7 @@ #include - - - description - - ^.{1,100}$ - - interface description is too long (limit 100 characters) - - + #include disables interface diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index b45774890..65ad14228 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -445,15 +445,7 @@ - - - Interface description - - .{1,256}$ - - Interface description too long (limit 256 characters) - - + #include #include -- cgit v1.2.3 From 9b116825b44ca1611976e0807f9bf22a38ca6812 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 6 Dec 2019 17:58:56 +0100 Subject: T1843: use include files to disable interface (admin down) --- interface-definitions/include/interface-disable.xml.i | 6 ++++++ interface-definitions/include/vif-s.xml.i | 14 ++------------ interface-definitions/include/vif.xml.i | 7 +------ interface-definitions/interfaces-bonding.xml.in | 7 +------ interface-definitions/interfaces-bridge.xml.in | 7 +------ interface-definitions/interfaces-dummy.xml.in | 7 +------ interface-definitions/interfaces-ethernet.xml.in | 7 +------ interface-definitions/interfaces-geneve.xml.in | 7 +------ interface-definitions/interfaces-openvpn.xml.in | 7 +------ interface-definitions/interfaces-vxlan.xml.in | 7 +------ interface-definitions/interfaces-wireguard.xml.in | 7 +------ interface-definitions/interfaces-wireless.xml.in | 7 +------ 12 files changed, 18 insertions(+), 72 deletions(-) create mode 100644 interface-definitions/include/interface-disable.xml.i (limited to 'interface-definitions/interfaces-openvpn.xml.in') diff --git a/interface-definitions/include/interface-disable.xml.i b/interface-definitions/include/interface-disable.xml.i new file mode 100644 index 000000000..c6c24f867 --- /dev/null +++ b/interface-definitions/include/interface-disable.xml.i @@ -0,0 +1,6 @@ + + + Set interface to Administratively down + + + diff --git a/interface-definitions/include/vif-s.xml.i b/interface-definitions/include/vif-s.xml.i index ffb9de24a..b73a5cdbc 100644 --- a/interface-definitions/include/vif-s.xml.i +++ b/interface-definitions/include/vif-s.xml.i @@ -16,12 +16,7 @@ - - - Disable this bridge interface - - - + #include Set Ethertype @@ -85,12 +80,7 @@ - - - Disable this bridge interface - - - + #include Media Access Control (MAC) address diff --git a/interface-definitions/include/vif.xml.i b/interface-definitions/include/vif.xml.i index d9b5cfe34..642ed31f3 100644 --- a/interface-definitions/include/vif.xml.i +++ b/interface-definitions/include/vif.xml.i @@ -20,12 +20,7 @@ - - - Disable this bridge interface - - - + #include VLAN egress QoS diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in index 6a82ddd91..13295f899 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces-bonding.xml.in @@ -57,12 +57,7 @@ - - - Disable this bridge interface - - - + #include Bonding transmit hash policy diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in index 8bac2f244..bb96db625 100644 --- a/interface-definitions/interfaces-bridge.xml.in +++ b/interface-definitions/interfaces-bridge.xml.in @@ -41,12 +41,7 @@ - - - Disable this bridge interface - - - + #include Forwarding delay diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in index db1afd803..445f6b2d4 100644 --- a/interface-definitions/interfaces-dummy.xml.in +++ b/interface-definitions/interfaces-dummy.xml.in @@ -18,12 +18,7 @@ #include #include - - - Disable interface - - - + #include diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in index 293c147d8..800588232 100644 --- a/interface-definitions/interfaces-ethernet.xml.in +++ b/interface-definitions/interfaces-ethernet.xml.in @@ -35,12 +35,7 @@ - - - Disable this bridge interface - - - + #include Duplex mode diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in index 3fbafd2ec..146c40152 100644 --- a/interface-definitions/interfaces-geneve.xml.in +++ b/interface-definitions/interfaces-geneve.xml.in @@ -18,12 +18,7 @@ #include #include - - - Disable interface - - - + #include IPv4 routing parameters diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index d08dba78a..638e9048b 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -53,12 +53,7 @@ - - - Disable interface - - - + #include Data Encryption settings diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in index 9434c2f5a..5be7125ce 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -18,12 +18,7 @@ #include #include - - - Disable interface - - - + #include Multicast group address for VXLAN interface diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in index ef0b643bb..6be0292a1 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -19,12 +19,7 @@ #include #include - - - disables interface - - - + #include Local port number to accept connections diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index 65ad14228..4e8c9a932 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -458,12 +458,7 @@ - - - Disable this bridge interface - - - + #include Disassociate stations based on excessive transmission failures -- cgit v1.2.3