<?xml version="1.0"?>
<!-- SNMP forwarder configuration -->
<interfaceDefinition>
  <node name="service">
    <children>
      <node name="snmp" owner="${vyos_conf_scripts_dir}/snmp.py">
        <properties>
          <help>Simple Network Management Protocol (SNMP)</help>
          <priority>900</priority>
        </properties>
        <children>
          <tagNode name="community">
            <properties>
              <help>Community name</help>
              <constraint>
                <regex>^[a-zA-Z0-9\-_]{1,100}$</regex>
              </constraint>
              <constraintErrorMessage>Community string is limited to alphanumerical characters only with a total lenght of 100</constraintErrorMessage>
            </properties>
            <children>
              <leafNode name="authorization">
                <properties>
                  <help>Authorization type (default: 'ro')</help>
                  <completionHelp>
                    <list>ro rw</list>
                  </completionHelp>
                  <valueHelp>
                    <format>ro</format>
                    <description>read only</description>
                  </valueHelp>
                  <valueHelp>
                    <format>rw</format>
                    <description>read write</description>
                  </valueHelp>
                  <constraint>
                    <regex>^(ro|rw)$</regex>
                  </constraint>
                  <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage>
                </properties>
              </leafNode>
              <leafNode name="client">
                <properties>
                  <help>IP address of SNMP client allowed to contact system</help>
                  <constraint>
                    <validator name="ipv4-address"/>
                    <validator name="ipv6-address"/>
                  </constraint>
                  <multi/>
                </properties>
              </leafNode>
              <leafNode name="network">
                <properties>
                  <help>Subnet of SNMP client(s) allowed to contact system</help>
                  <valueHelp>
                    <format>ipv4net</format>
                    <description>IP address and prefix length</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv6net</format>
                    <description>IPv6 address and prefix length</description>
                  </valueHelp>
                  <constraint>
                    <validator name="ip-prefix"/>
                  </constraint>
                  <multi/>
                </properties>
              </leafNode>
            </children>
          </tagNode>
          <leafNode name="contact">
            <properties>
              <help>Contact information</help>
              <constraint>
                <regex>^.{1,255}$</regex>
              </constraint>
              <constraintErrorMessage>Contact information is limited to 255 characters or less</constraintErrorMessage>
            </properties>
          </leafNode>
          <leafNode name="description">
            <properties>
              <help>Description information</help>
              <constraint>
                <regex>^.{1,255}$</regex>
              </constraint>
              <constraintErrorMessage>Description is limited to 255 characters or less</constraintErrorMessage>
            </properties>
          </leafNode>
          <tagNode name="listen-address">
            <properties>
              <help>IP address to listen for incoming SNMP requests</help>
              <completionHelp>
                <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
              </completionHelp>
              <valueHelp>
                <format>ipv4</format>
                <description>IPv4 address to listen for incoming SNMP requests</description>
              </valueHelp>
              <valueHelp>
                <format>ipv6</format>
                <description>IPv6 address to listen for incoming SNMP requests</description>
              </valueHelp>
              <constraint>
                <validator name="ipv4-address"/>
                <validator name="ipv6-address"/>
              </constraint>
            </properties>
            <children>
              <leafNode name="port">
                <properties>
                  <help>Port for SNMP service (default: '161')</help>
                  <valueHelp>
                    <format>u32:1-65535</format>
                    <description>Numeric IP port</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-65535"/>
                  </constraint>
                  <constraintErrorMessage>Port number must be in range 1 to 65535</constraintErrorMessage>
                </properties>
              </leafNode>
            </children>
          </tagNode>
          <leafNode name="location">
            <properties>
              <help>Location information</help>
              <constraint>
                <regex>^.{1,255}$</regex>
              </constraint>
              <constraintErrorMessage>Location is limited to 255 characters or less</constraintErrorMessage>
            </properties>
          </leafNode>
          <leafNode name="oid-enable">
            <properties>
              <help>Enable specific oids</help>
              <valueHelp>
                <format>txt</format>
                <description>Enable specific oids</description>
              </valueHelp>
              <valueHelp>
                <format>route-table</format>
                <description>Enable route table oids (ipCidrRouteTable inetCidrRouteTable)</description>
              </valueHelp>
              <completionHelp>
                <list>route-table</list>
              </completionHelp>
              <constraint>
                <regex>^(route-table)$</regex>
              </constraint>
              <constraintErrorMessage>Oid must be 'route-table'</constraintErrorMessage>
            </properties>
          </leafNode>
          <leafNode name="protocol">
            <properties>
              <help>Listen protocol for SNMP</help>
              <completionHelp>
                <list>udp tcp</list>
              </completionHelp>
              <valueHelp>
                <format>udp</format>
                <description>Listen protocol UDP (default)</description>
              </valueHelp>
              <valueHelp>
                <format>tcp</format>
                <description>Listen protocol TCP</description>
              </valueHelp>
              <constraint>
                <regex>^(udp|tcp)$</regex>
              </constraint>
            </properties>
            <defaultValue>udp</defaultValue>
          </leafNode>
          <leafNode name="smux-peer">
            <properties>
              <help>Register a subtree for SMUX-based processing</help>
              <valueHelp>
                <format>oid</format>
                <description>Object Identifier</description>
              </valueHelp>
              <multi/>
            </properties>
          </leafNode>
          <leafNode name="trap-source">
            <properties>
              <help>SNMP trap source address</help>
              <valueHelp>
                <format>ipv4</format>
                <description>IPv4 address</description>
              </valueHelp>
              <valueHelp>
                <format>ipv6</format>
                <description>IPv6 address</description>
              </valueHelp>
              <constraint>
                <validator name="ipv4-address"/>
                <validator name="ipv6-address"/>
              </constraint>
            </properties>
          </leafNode>
          <tagNode name="trap-target">
            <properties>
              <help>Address of trap target</help>
              <valueHelp>
                <format>ipv4</format>
                <description>IPv4 address</description>
              </valueHelp>
              <valueHelp>
                <format>ipv6</format>
                <description>IPv6 address</description>
              </valueHelp>
              <constraint>
                <validator name="ipv4-address"/>
                <validator name="ipv6-address"/>
              </constraint>
            </properties>
            <children>
              <leafNode name="community">
                <properties>
                  <help>Community used when sending trap information</help>
                </properties>
              </leafNode>
              <leafNode name="port">
                <properties>
                  <help>Destination port used for trap notification</help>
                  <valueHelp>
                    <format>u32:1-65535</format>
                    <description>Numeric IP port</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-65535"/>
                  </constraint>
                  <constraintErrorMessage>Port number must be in range 1 to 65535</constraintErrorMessage>
                </properties>
              </leafNode>
            </children>
          </tagNode>
          <node name="v3">
            <properties>
              <help>Simple Network Management Protocol (SNMP) v3</help>
            </properties>
            <children>
              <leafNode name="engineid">
                <properties>
                  <help>Specifies the EngineID that uniquely identify an agent (e.g. 000000000000000000000002)</help>
                  <constraint>
                    <regex>^([0-9a-f][0-9a-f]){1,18}$</regex>
                  </constraint>
                  <constraintErrorMessage>ID must contain an even number (from 2 to 36) of hex digits</constraintErrorMessage>
                </properties>
              </leafNode>
              <tagNode name="group">
                <properties>
                  <help>Specifies the group with name groupname</help>
                </properties>
                <children>
                  <leafNode name="mode">
                    <properties>
                      <help>Define group access permission (default: 'ro')</help>
                      <completionHelp>
                        <list>ro rw</list>
                      </completionHelp>
                      <valueHelp>
                        <format>ro</format>
                        <description>read only</description>
                      </valueHelp>
                      <valueHelp>
                        <format>rw</format>
                        <description>read write</description>
                      </valueHelp>
                      <constraint>
                        <regex>^(ro|rw)$</regex>
                      </constraint>
                      <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage>
                    </properties>
                  </leafNode>
                  <leafNode name="seclevel">
                    <properties>
                      <help>Security levels</help>
                      <completionHelp>
                        <list>noauth auth priv</list>
                      </completionHelp>
                      <valueHelp>
                        <format>noauth</format>
                        <description>Messages not authenticated and not encrypted (noAuthNoPriv)</description>
                      </valueHelp>
                      <valueHelp>
                        <format>auth</format>
                        <description>Messages are authenticated but not encrypted (authNoPriv)</description>
                      </valueHelp>
                      <valueHelp>
                        <format>priv</format>
                        <description>Messages are authenticated and encrypted (authPriv)</description>
                      </valueHelp>
                      <constraint>
                        <regex>^(noauth|auth|priv)$</regex>
                      </constraint>
                    </properties>
                  </leafNode>
                  <leafNode name="view">
                    <properties>
                      <help>Defines the name of view</help>
                      <completionHelp>
                        <path>service snmp v3 view</path>
                      </completionHelp>
                    </properties>
                  </leafNode>
                </children>
              </tagNode>
              <tagNode name="trap-target">
                <properties>
                  <help>Defines SNMP target for inform or traps for IP</help>
                  <valueHelp>
                    <format>ipv4</format>
                    <description>IP address of trap target</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv6</format>
                    <description>IPv6 address of trap target</description>
                  </valueHelp>
                  <constraint>
                    <validator name="ipv4-address"/>
                    <validator name="ipv6-address"/>
                  </constraint>
                </properties>
                <children>
                  <node name="auth">
                    <properties>
                      <help>Defines the privacy</help>
                    </properties>
                    <children>
                      <leafNode name="encrypted-password">
                        <properties>
                          <help>Defines the encrypted key for authentication</help>
                          <constraint>
                            <regex>^[0-9a-f]*$</regex>
                          </constraint>
                          <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage>
                        </properties>
                      </leafNode>
                      <leafNode name="plaintext-password">
                        <properties>
                          <help>Defines the clear text key for authentication</help>
                          <constraint>
                            <regex>^.{8,}$</regex>
                          </constraint>
                          <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage>
                        </properties>
                      </leafNode>
                      <leafNode name="type">
                        <properties>
                          <help>Defines the protocol used for authentication (default: 'md5')</help>
                          <completionHelp>
                            <list>md5 sha</list>
                          </completionHelp>
                          <valueHelp>
                            <format>md5</format>
                            <description>Message Digest 5</description>
                          </valueHelp>
                          <valueHelp>
                            <format>sha</format>
                            <description>Secure Hash Algorithm</description>
                          </valueHelp>
                          <constraint>
                            <regex>^(md5|sha)$</regex>
                          </constraint>
                        </properties>
                      </leafNode>
                    </children>
                  </node>
                  <leafNode name="port">
                    <properties>
                      <help>Specifies TCP/UDP port of destination SNMP traps/informs (default: '162')</help>
                      <valueHelp>
                        <format>u32:1-65535</format>
                        <description>Numeric IP port</description>
                      </valueHelp>
                      <constraint>
                        <validator name="numeric" argument="--range 1-65535"/>
                      </constraint>
                      <constraintErrorMessage>Port number must be in range 1 to 65535</constraintErrorMessage>
                    </properties>
                  </leafNode>
                  <node name="privacy">
                    <properties>
                      <help>Defines the privacy</help>
                    </properties>
                    <children>
                      <leafNode name="encrypted-password">
                        <properties>
                          <help>Defines the encrypted key for privacy protocol</help>
                          <constraint>
                            <regex>^[0-9a-f]*$</regex>
                          </constraint>
                          <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage>
                        </properties>
                      </leafNode>
                      <leafNode name="plaintext-password">
                        <properties>
                          <help>Defines the clear text key for privacy protocol</help>
                          <constraint>
                            <regex>^.{8,}$</regex>
                          </constraint>
                          <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage>
                        </properties>
                      </leafNode>
                      <leafNode name="type">
                        <properties>
                          <help>Defines the protocol for privacy (default: 'des')</help>
                          <completionHelp>
                            <list>des aes</list>
                          </completionHelp>
                          <valueHelp>
                            <format>des</format>
                            <description>Data Encryption Standard</description>
                          </valueHelp>
                          <valueHelp>
                            <format>aes</format>
                            <description>Advanced Encryption Standard</description>
                          </valueHelp>
                          <constraint>
                            <regex>^(des|aes)$</regex>
                          </constraint>
                        </properties>
                      </leafNode>
                    </children>
                  </node>
                  <leafNode name="protocol">
                    <properties>
                      <help>Defines protocol for notification between TCP and UDP</help>
                      <completionHelp>
                        <list>tcp udp</list>
                      </completionHelp>
                      <valueHelp>
                        <format>tcp</format>
                        <description>Use Transmission Control Protocol for notifications</description>
                      </valueHelp>
                      <valueHelp>
                        <format>udp</format>
                        <description>Use User Datagram Protocol for notifications</description>
                      </valueHelp>
                      <constraint>
                        <regex>^(tcp|udp)$</regex>
                      </constraint>
                    </properties>
                  </leafNode>
                  <leafNode name="type">
                    <properties>
                      <help>Specifies the type of notification between inform and trap (default: 'inform')</help>
                      <completionHelp>
                        <list>inform trap</list>
                      </completionHelp>
                      <valueHelp>
                        <format>inform</format>
                        <description>Use INFORM</description>
                      </valueHelp>
                      <valueHelp>
                        <format>trap</format>
                        <description>Use TRAP</description>
                      </valueHelp>
                      <constraint>
                        <regex>^(inform|trap)$</regex>
                      </constraint>
                    </properties>
                  </leafNode>
                  <leafNode name="user">
                    <properties>
                      <help>Defines username for authentication</help>
                      <completionHelp>
                        <path>service snmp v3 user</path>
                      </completionHelp>
                    </properties>
                  </leafNode>
                </children>
              </tagNode>
              <tagNode name="user">
                <properties>
                  <help>Specifies the user with name username</help>
                  <constraint>
                    <regex>[^\(\)\|\-]+$</regex>
                  </constraint>
                  <constraintErrorMessage>Illegal characters in name</constraintErrorMessage>
                </properties>
                <children>
                  <node name="auth">
                    <properties>
                      <help>Specifies the auth</help>
                    </properties>
                    <children>
                      <leafNode name="encrypted-password">
                        <properties>
                          <help>Defines the encrypted key for authentication</help>
                          <constraint>
                            <regex>^[0-9a-f]*$</regex>
                          </constraint>
                          <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage>
                        </properties>
                      </leafNode>
                      <leafNode name="plaintext-password">
                        <properties>
                          <help>Defines the clear text key for authentication</help>
                          <constraint>
                            <regex>^.{8,}$</regex>
                          </constraint>
                          <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage>
                        </properties>
                      </leafNode>
                      <leafNode name="type">
                        <properties>
                          <help>Defines the protocol used for authentication (default: 'md5')</help>
                          <completionHelp>
                            <list>md5 sha</list>
                          </completionHelp>
                          <valueHelp>
                            <format>md5</format>
                            <description>Message Digest 5</description>
                          </valueHelp>
                          <valueHelp>
                            <format>sha</format>
                            <description>Secure Hash Algorithm</description>
                          </valueHelp>
                          <constraint>
                            <regex>^(md5|sha)$</regex>
                          </constraint>
                        </properties>
                      </leafNode>
                    </children>
                  </node>
                  <leafNode name="group">
                    <properties>
                      <help>Specifies group for user name</help>
                      <completionHelp>
                        <path>service snmp v3 group</path>
                      </completionHelp>
                    </properties>
                  </leafNode>
                  <leafNode name="mode">
                    <properties>
                      <help>Define users access permission (default: 'ro')</help>
                      <completionHelp>
                        <list>ro rw</list>
                      </completionHelp>
                      <valueHelp>
                        <format>ro</format>
                        <description>read only</description>
                      </valueHelp>
                      <valueHelp>
                        <format>rw</format>
                        <description>read write</description>
                      </valueHelp>
                      <constraint>
                        <regex>^(ro|rw)$</regex>
                      </constraint>
                      <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage>
                    </properties>
                  </leafNode>
                  <node name="privacy">
                    <properties>
                      <help>Defines the privacy</help>
                    </properties>
                    <children>
                      <leafNode name="encrypted-password">
                        <properties>
                          <help>Defines the encrypted key for privacy protocol</help>
                          <constraint>
                            <regex>^[0-9a-f]*$</regex>
                          </constraint>
                          <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage>
                        </properties>
                      </leafNode>
                      <leafNode name="plaintext-password">
                        <properties>
                          <help>Defines the clear text key for privacy protocol</help>
                          <constraint>
                            <regex>^.{8,}$</regex>
                          </constraint>
                          <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage>
                        </properties>
                      </leafNode>
                      <leafNode name="type">
                        <properties>
                          <help>Defines the protocol for privacy (default: 'des')</help>
                          <completionHelp>
                            <list>des aes</list>
                          </completionHelp>
                          <valueHelp>
                            <format>des</format>
                            <description>Data Encryption Standard</description>
                          </valueHelp>
                          <valueHelp>
                            <format>aes</format>
                            <description>Advanced Encryption Standard</description>
                          </valueHelp>
                          <constraint>
                            <regex>^(des|aes)$</regex>
                          </constraint>
                        </properties>
                      </leafNode>
                    </children>
                  </node>
                </children>
              </tagNode>
              <tagNode name="view">
                <properties>
                  <help>Specifies the view with name viewname</help>
                  <constraint>
                    <regex>[^\(\)\|\-]+$</regex>
                  </constraint>
                  <constraintErrorMessage>Illegal characters in name</constraintErrorMessage>
                </properties>
                <children>
                  <tagNode name="oid">
                    <properties>
                      <help>Specifies the oid</help>
                      <constraint>
                        <regex>^[0-9]+(\.[0-9]+)*$</regex>
                      </constraint>
                      <constraintErrorMessage>OID must start from a number</constraintErrorMessage>
                    </properties>
                    <children>
                      <leafNode name="exclude">
                        <properties>
                          <help>Exclude is an optional argument</help>
                        </properties>
                      </leafNode>
                      <leafNode name="mask">
                        <properties>
                          <help>Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant</help>
                          <constraint>
                            <regex>^[0-9a-f]{2}([\.:][0-9a-f]{2})*$</regex>
                          </constraint>
                          <constraintErrorMessage>MASK is a list of hex octets, separated by '.' or ':'</constraintErrorMessage>
                        </properties>
                      </leafNode>
                    </children>
                  </tagNode>
                </children>
              </tagNode>
            </children>
          </node>
          <node name="script-extensions">
            <properties>
              <help>SNMP script extensions</help>
            </properties>
            <children>
              <tagNode name="extension-name">
                <properties>
                  <help>Extension name</help>
                  <constraint>
                    <regex>^[a-z0-9\.\-\_]+</regex>
                  </constraint>
                  <constraintErrorMessage>Script extension contains invalid characters</constraintErrorMessage>
                </properties>
                <children>
                  <leafNode name="script">
                    <properties>
                      <help>Script location and name</help>
                      <completionHelp>
                        <script>ls /config/user-data</script>
                      </completionHelp>
                      <constraint>
                        <regex>^[a-z0-9\.\-\_\/]+</regex>
                      </constraint>
                      <constraintErrorMessage>Script extension contains invalid characters</constraintErrorMessage>
                    </properties>
                  </leafNode>
                </children>
              </tagNode>
            </children>
          </node>
          #include <include/interface/vrf.xml.i>
        </children>
      </node>
    </children>
  </node>
</interfaceDefinition>