<?xml version="1.0"?>
<interfaceDefinition>
  <node name="system">
    <children>
      <node name="conntrack" owner="${vyos_conf_scripts_dir}/conntrack.py">
        <properties>
          <help>Connection Tracking Engine Options</help>
          <!-- Before NAT and conntrack-sync are configured -->
          <priority>218</priority>
        </properties>
        <children>
          <leafNode name="expect-table-size">
            <properties>
              <help>Size of connection tracking expect table</help>
              <valueHelp>
                <format>u32:1-50000000</format>
                <description>Number of entries allowed in connection tracking expect table</description>
              </valueHelp>
              <constraint>
                <validator name="numeric" argument="--range 1-50000000"/>
              </constraint>
            </properties>
            <defaultValue>2048</defaultValue>
          </leafNode>
          <leafNode name="hash-size">
            <properties>
              <help>Hash size for connection tracking table</help>
              <valueHelp>
                <format>u32:1-50000000</format>
                <description>Size of hash to use for connection tracking table</description>
              </valueHelp>
              <constraint>
                <validator name="numeric" argument="--range 1-50000000"/>
              </constraint>
            </properties>
            <defaultValue>32768</defaultValue>
          </leafNode>
          <node name="modules">
            <properties>
              <help>Connection tracking modules</help>
            </properties>
            <children>
              <leafNode name="ftp">
                <properties>
                  <help>FTP connection tracking</help>
                  <valueless/>
                </properties>
              </leafNode>
              <leafNode name="h323">
                <properties>
                  <help>H.323 connection tracking</help>
                  <valueless/>
                </properties>
              </leafNode>
              <leafNode name="nfs">
                <properties>
                  <help>NFS connection tracking</help>
                  <valueless/>
                </properties>
              </leafNode>
              <leafNode name="pptp">
                <properties>
                  <help>PPTP connection tracking</help>
                  <valueless/>
                </properties>
              </leafNode>
              <leafNode name="sip">
                <properties>
                  <help>SIP connection tracking</help>
                  <valueless/>
                </properties>
              </leafNode>
              <leafNode name="sqlnet">
                <properties>
                  <help>SQLnet connection tracking</help>
                  <valueless/>
                </properties>
              </leafNode>
              <leafNode name="tftp">
                <properties>
                  <help>TFTP connection tracking</help>
                  <valueless/>
                </properties>
              </leafNode>
            </children>
          </node>
          <leafNode name="table-size">
            <properties>
              <help>Size of connection tracking table</help>
              <valueHelp>
                <format>u32:1-50000000</format>
                <description>Number of entries allowed in connection tracking table</description>
              </valueHelp>
              <constraint>
                <validator name="numeric" argument="--range 1-50000000"/>
              </constraint>
            </properties>
            <defaultValue>262144</defaultValue>
          </leafNode>
          <node name="tcp">
            <properties>
              <help>TCP options</help>
            </properties>
            <children>
              <leafNode name="half-open-connections">
                <properties>
                  <help>Maximum number of TCP half-open connections</help>
                  <valueHelp>
                    <format>u32:1-2147483647</format>
                    <description>Generic connection timeout in seconds</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-2147483647"/>
                  </constraint>
                </properties>
                <defaultValue>512</defaultValue>
              </leafNode>
              <leafNode name="loose">
                <properties>
                  <help>Policy to track previously established connections</help>
                  <completionHelp>
                    <list>enable disable</list>
                  </completionHelp>
                  <valueHelp>
                    <format>enable</format>
                    <description>Allow tracking of previously established connections</description>
                  </valueHelp>
                  <valueHelp>
                    <format>disable</format>
                    <description>Do not allow tracking of previously established connections</description>
                  </valueHelp>
                  <constraint>
                    <regex>^(enable|disable)$</regex>
                  </constraint>
                </properties>
                <defaultValue>enable</defaultValue>
              </leafNode>
              <leafNode name="max-retrans">
                <properties>
                  <help>TCP maximum retransmit attempts</help>
                  <valueHelp>
                    <format>u32:1-2147483647</format>
                    <description>Generic connection timeout in seconds</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-2147483647"/>
                  </constraint>
                </properties>
                <defaultValue>3</defaultValue>
              </leafNode>
            </children>
          </node>
          <node name="timeout">
            <properties>
              <help>Connection timeout options</help>
            </properties>
            <children>
              <leafNode name="icmp">
                <properties>
                  <help>ICMP timeout in seconds</help>
                  <valueHelp>
                    <format>u32:1-21474836</format>
                    <description>ICMP timeout in seconds</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-21474836"/>
                  </constraint>
                </properties>
                <defaultValue>30</defaultValue>
              </leafNode>
              <leafNode name="other">
                <properties>
                  <help>Generic connection timeout in seconds</help>
                  <valueHelp>
                    <format>u32:1-21474836</format>
                    <description>Generic connection timeout in seconds</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-21474836"/>
                  </constraint>
                </properties>
                <defaultValue>600</defaultValue>
              </leafNode>
              <node name="tcp">
                <properties>
                  <help>TCP connection timeout options</help>
                </properties>
                <children>
                  <leafNode name="close-wait">
                    <properties>
                      <help>TCP CLOSE-WAIT timeout in seconds</help>
                      <valueHelp>
                        <format>u32:1-21474836</format>
                        <description>TCP CLOSE-WAIT timeout in seconds</description>
                      </valueHelp>
                      <constraint>
                        <validator name="numeric" argument="--range 1-21474836"/>
                      </constraint>
                    </properties>
                    <defaultValue>60</defaultValue>
                  </leafNode>
                  <leafNode name="close">
                    <properties>
                      <help>TCP CLOSE timeout in seconds</help>
                      <valueHelp>
                        <format>u32:1-21474836</format>
                        <description>TCP CLOSE timeout in seconds</description>
                      </valueHelp>
                      <constraint>
                        <validator name="numeric" argument="--range 1-21474836"/>
                      </constraint>
                    </properties>
                    <defaultValue>10</defaultValue>
                  </leafNode>
                  <leafNode name="established">
                    <properties>
                      <help>TCP ESTABLISHED timeout in seconds</help>
                      <valueHelp>
                        <format>u32:1-21474836</format>
                        <description>TCP ESTABLISHED timeout in seconds</description>
                      </valueHelp>
                      <constraint>
                        <validator name="numeric" argument="--range 1-21474836"/>
                      </constraint>
                    </properties>
                    <defaultValue>432000</defaultValue>
                  </leafNode>
                  <leafNode name="fin-wait">
                    <properties>
                      <help>TCP FIN-WAIT timeout in seconds</help>
                      <valueHelp>
                        <format>u32:1-21474836</format>
                        <description>TCP FIN-WAIT timeout in seconds</description>
                      </valueHelp>
                      <constraint>
                        <validator name="numeric" argument="--range 1-21474836"/>
                      </constraint>
                    </properties>
                    <defaultValue>120</defaultValue>
                  </leafNode>
                  <leafNode name="last-ack">
                    <properties>
                      <help>TCP LAST-ACK timeout in seconds</help>
                      <valueHelp>
                        <format>u32:1-21474836</format>
                        <description>TCP LAST-ACK timeout in seconds</description>
                      </valueHelp>
                      <constraint>
                        <validator name="numeric" argument="--range 1-21474836"/>
                      </constraint>
                    </properties>
                    <defaultValue>30</defaultValue>
                  </leafNode>
                  <leafNode name="syn-recv">
                    <properties>
                      <help>TCP SYN-RECEIVED timeout in seconds</help>
                      <valueHelp>
                        <format>u32:1-21474836</format>
                        <description>TCP SYN-RECEIVED timeout in seconds</description>
                      </valueHelp>
                      <constraint>
                        <validator name="numeric" argument="--range 1-21474836"/>
                      </constraint>
                    </properties>
                    <defaultValue>60</defaultValue>
                  </leafNode>
                  <leafNode name="syn-sent">
                    <properties>
                      <help>TCP SYN-SENT timeout in seconds</help>
                      <valueHelp>
                        <format>u32:1-21474836</format>
                        <description>TCP SYN-SENT timeout in seconds</description>
                      </valueHelp>
                      <constraint>
                        <validator name="numeric" argument="--range 1-21474836"/>
                      </constraint>
                    </properties>
                    <defaultValue>120</defaultValue>
                  </leafNode>
                  <leafNode name="time-wait">
                    <properties>
                      <help>TCP TIME-WAIT timeout in seconds</help>
                      <valueHelp>
                        <format>u32:1-21474836</format>
                        <description>TCP TIME-WAIT timeout in seconds</description>
                      </valueHelp>
                      <constraint>
                        <validator name="numeric" argument="--range 1-21474836"/>
                      </constraint>
                    </properties>
                    <defaultValue>120</defaultValue>
                  </leafNode>
                </children>
              </node>
              <node name="udp">
                <properties>
                  <help>UDP timeout options</help>
                </properties>
                <children>
                  <leafNode name="other">
                    <properties>
                      <help>UDP generic timeout in seconds</help>
                      <valueHelp>
                        <format>u32:1-21474836</format>
                        <description>UDP generic timeout in seconds</description>
                      </valueHelp>
                      <constraint>
                        <validator name="numeric" argument="--range 1-21474836"/>
                      </constraint>
                    </properties>
                    <defaultValue>30</defaultValue>
                  </leafNode>
                  <leafNode name="stream">
                    <properties>
                      <help>UDP stream timeout in seconds</help>
                      <valueHelp>
                        <format>u32:1-21474836</format>
                        <description>UDP stream timeout in seconds</description>
                      </valueHelp>
                      <constraint>
                        <validator name="numeric" argument="--range 1-21474836"/>
                      </constraint>
                    </properties>
                    <defaultValue>180</defaultValue>
                  </leafNode>
                </children>
              </node>
            </children>
          </node>
        </children>
      </node>
    </children>
  </node>
</interfaceDefinition>