summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorShirish Sandesara <shirish.sandesara@vyatta.com>2013-05-08 12:29:52 -0700
committerShirish Sandesara <shirish.sandesara@vyatta.com>2013-05-08 12:29:52 -0700
commitb74cfa6ae025b8bcefc06251569c0fa72f5cf0dd (patch)
treed7f697ffaf38be6e037054d3cc6acb17c61220c4
parent206a536280cf328501f0bc2be4536f9adc8d8c2e (diff)
downloadvyatta-cfg-quagga-b74cfa6ae025b8bcefc06251569c0fa72f5cf0dd.tar.gz
vyatta-cfg-quagga-b74cfa6ae025b8bcefc06251569c0fa72f5cf0dd.zip
moved pbr rule nodes from vplane-config-npt to this package
Diffstat
-rw-r--r--debian/vyatta-cfg-quagga-extra.install2
-rw-r--r--debian/vyatta-cfg-quagga.install2
-rw-r--r--templates/policy/node.def3
-rw-r--r--templates/policy/route/node.def5
-rw-r--r--templates/policy/route/node.tag/rule/node.def19
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/action/node.def11
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/destination/address/node.def10
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/destination/node.def1
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/destination/port/node.def9
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/icmp/code/node.def5
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/icmp/node.def1
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/icmp/type/node.def5
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/node.def1
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/protocol/node.def9
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/source/address/node.def8
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/source/node.def1
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/source/port/node.def7
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/state/node.def2
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/table/node.def5
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/tcp/flags/node.def13
-rw-r--r--templates/policy/route/node.tag/rule/node.tag/tcp/node.def2
21 files changed, 118 insertions, 3 deletions
diff --git a/debian/vyatta-cfg-quagga-extra.install b/debian/vyatta-cfg-quagga-extra.install
index 4048ccf1..a4bb9cc3 100644
--- a/debian/vyatta-cfg-quagga-extra.install
+++ b/debian/vyatta-cfg-quagga-extra.install
@@ -1,3 +1,5 @@
+opt/vyatta/share/vyatta-cfg/templates/policy
+opt/vyatta/share/vyatta-cfg/templates/protocols
opt/vyatta/share/vyatta-cfg/templates/interfaces/pseudo-ethernet
opt/vyatta/share/vyatta-cfg/templates/interfaces/bonding
opt/vyatta/share/vyatta-cfg/templates/interfaces/ethernet/node.tag/pppoe
diff --git a/debian/vyatta-cfg-quagga.install b/debian/vyatta-cfg-quagga.install
index 2ab39fc4..86427074 100644
--- a/debian/vyatta-cfg-quagga.install
+++ b/debian/vyatta-cfg-quagga.install
@@ -1,8 +1,6 @@
opt/vyatta/sbin
opt/vyatta/etc
opt/vyatta/share/perl5
-opt/vyatta/share/vyatta-cfg/templates/policy
-opt/vyatta/share/vyatta-cfg/templates/protocols
opt/vyatta/share/vyatta-cfg/templates/system/gateway-address
opt/vyatta/share/vyatta-cfg/templates/interfaces/bridge
opt/vyatta/share/vyatta-cfg/templates/interfaces/ethernet/node.tag/ip
diff --git a/templates/policy/node.def b/templates/policy/node.def
index 2dfa390f..8ea60141 100644
--- a/templates/policy/node.def
+++ b/templates/policy/node.def
@@ -1 +1,2 @@
-help: Routing policy
+help: Policy Based Routing stats
+
diff --git a/templates/policy/route/node.def b/templates/policy/route/node.def
new file mode 100644
index 00000000..d511b474
--- /dev/null
+++ b/templates/policy/route/node.def
@@ -0,0 +1,5 @@
+tag:
+type: txt
+help: pbr route-map (group made of rules) name
+
+delete: /opt/vyatta/sbin/vyatta-dp-pbr.pl --cmd=delete-group --group=$VAR(@)
diff --git a/templates/policy/route/node.tag/rule/node.def b/templates/policy/route/node.tag/rule/node.def
new file mode 100644
index 00000000..7964f3f4
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.def
@@ -0,0 +1,19 @@
+tag:
+
+type: u32
+
+help: Rule number (1-998)
+
+syntax:expression: $VAR(@) > 0 && $VAR(@) <= 998; "pbr rule number must be between 1 and 998"
+
+val_help: u32:1-998; Rule number
+
+
+end: if [ ${COMMIT_ACTION} = 'DELETE' ] ;
+ then
+ /opt/vyatta/sbin/vyatta-dp-pbr.pl --cmd=delete --group="$VAR(../@)" --rule="$VAR(@)";
+ else
+ /opt/vyatta/sbin/vyatta-dp-pbr.pl --cmd=update --group="$VAR(../@)" --rule="$VAR(@)";
+ fi
+
+
diff --git a/templates/policy/route/node.tag/rule/node.tag/action/node.def b/templates/policy/route/node.tag/rule/node.tag/action/node.def
new file mode 100644
index 00000000..17b595ac
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/action/node.def
@@ -0,0 +1,11 @@
+type: txt
+
+help: Rule action [REQUIRED]
+
+syntax:expression: $VAR(@) in "allow", "deny";
+ "action must be allow or deny"
+
+allowed: echo "deny allow"
+
+val_help: deny ; Rule action to deny
+val_help: allow ; Rule action to allow
diff --git a/templates/policy/route/node.tag/rule/node.tag/destination/address/node.def b/templates/policy/route/node.tag/rule/node.tag/destination/address/node.def
new file mode 100644
index 00000000..83d75145
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/destination/address/node.def
@@ -0,0 +1,10 @@
+type: txt
+
+help: Destination IP address, subnet, or range
+
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
diff --git a/templates/policy/route/node.tag/rule/node.tag/destination/node.def b/templates/policy/route/node.tag/rule/node.tag/destination/node.def
new file mode 100644
index 00000000..dc227b70
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/destination/node.def
@@ -0,0 +1 @@
+help: Destination parameters
diff --git a/templates/policy/route/node.tag/rule/node.tag/destination/port/node.def b/templates/policy/route/node.tag/rule/node.tag/destination/port/node.def
new file mode 100644
index 00000000..58e196bd
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/destination/port/node.def
@@ -0,0 +1,9 @@
+type: txt
+
+help: Destination port
+
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple destination ports can be specified as a comma-separated list.
+ 'telnet,http,123,1001-1005'
diff --git a/templates/policy/route/node.tag/rule/node.tag/icmp/code/node.def b/templates/policy/route/node.tag/rule/node.tag/icmp/code/node.def
new file mode 100644
index 00000000..84f77b4d
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/icmp/code/node.def
@@ -0,0 +1,5 @@
+type: u32; "ICMP code must be between 0 and 255"
+
+help: ICMP code (0-255)
+
+syntax:expression: $VAR(@) >=0 && $VAR(@) <= 255; "ICMP code must be between 0 and 255"
diff --git a/templates/policy/route/node.tag/rule/node.tag/icmp/node.def b/templates/policy/route/node.tag/rule/node.tag/icmp/node.def
new file mode 100644
index 00000000..33a8e894
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/icmp/node.def
@@ -0,0 +1 @@
+help: ICMP type and code information
diff --git a/templates/policy/route/node.tag/rule/node.tag/icmp/type/node.def b/templates/policy/route/node.tag/rule/node.tag/icmp/type/node.def
new file mode 100644
index 00000000..ce69c452
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/icmp/type/node.def
@@ -0,0 +1,5 @@
+type: u32; "ICMP type must be between 0 and 255"
+
+help: ICMP type (0-255)
+
+syntax:expression: $VAR(@) >=0 && $VAR(@) <= 255; "ICMP type must be between 0 and 255"
diff --git a/templates/policy/route/node.tag/rule/node.tag/node.def b/templates/policy/route/node.tag/rule/node.tag/node.def
new file mode 100644
index 00000000..2024d5f8
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/node.def
@@ -0,0 +1 @@
+help: pbr in rule number
diff --git a/templates/policy/route/node.tag/rule/node.tag/protocol/node.def b/templates/policy/route/node.tag/rule/node.tag/protocol/node.def
new file mode 100644
index 00000000..24735ad4
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/protocol/node.def
@@ -0,0 +1,9 @@
+type: txt
+
+help: Protocol to match (tcp, udp or icmp)
+
+
+# Provide some help for command completion. Doesn't return negated
+# values or protocol numbers
+allowed:
+ echo -n "tcp udp icmp"
diff --git a/templates/policy/route/node.tag/rule/node.tag/source/address/node.def b/templates/policy/route/node.tag/rule/node.tag/source/address/node.def
new file mode 100644
index 00000000..72d6a170
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/source/address/node.def
@@ -0,0 +1,8 @@
+type: txt
+help: Source IP address, subnet, or range
+val_help: ipv4; IP address to match
+val_help: ipv4net; Subnet to match
+val_help: ipv4range; IP range to match
+val_help: !ipv4; Match everything except the specified address
+val_help: !ipv4net; Match everything except the specified subnet
+val_help: !ipv4range; Match everything except the specified range
diff --git a/templates/policy/route/node.tag/rule/node.tag/source/node.def b/templates/policy/route/node.tag/rule/node.tag/source/node.def
new file mode 100644
index 00000000..84cdc1f3
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/source/node.def
@@ -0,0 +1 @@
+help: Source parameters
diff --git a/templates/policy/route/node.tag/rule/node.tag/source/port/node.def b/templates/policy/route/node.tag/rule/node.tag/source/port/node.def
new file mode 100644
index 00000000..e69685ab
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/source/port/node.def
@@ -0,0 +1,7 @@
+type: txt
+help: Source port
+val_help: <port name>; Named port (any name in /etc/services, e.g., http)
+val_help: u32:1-65535; Numbered port
+val_help: range; Numbered port range (e.g., 1001-1005)
+comp_help: Multiple source ports can be specified as a comma-separated list.
+ 'telnet,http,123,1001-1005'
diff --git a/templates/policy/route/node.tag/rule/node.tag/state/node.def b/templates/policy/route/node.tag/rule/node.tag/state/node.def
new file mode 100644
index 00000000..588e4763
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/state/node.def
@@ -0,0 +1,2 @@
+help: Enable state firewall rule
+
diff --git a/templates/policy/route/node.tag/rule/node.tag/table/node.def b/templates/policy/route/node.tag/rule/node.tag/table/node.def
new file mode 100644
index 00000000..2e7c4e0b
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/table/node.def
@@ -0,0 +1,5 @@
+type: u32
+help: Policy Based Routing Table id
+syntax:expression: $VAR(@) > 0 && $VAR(@) <201 ; "table id must be greater than 0 and less than or equeal to 200"
+val_help: u32:1-200;
+
diff --git a/templates/policy/route/node.tag/rule/node.tag/tcp/flags/node.def b/templates/policy/route/node.tag/rule/node.tag/tcp/flags/node.def
new file mode 100644
index 00000000..f6235173
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/tcp/flags/node.def
@@ -0,0 +1,13 @@
+type: txt
+help: TCP flags to match
+syntax:expression: pattern $VAR(@) "^((!?ALL)|((!?(SYN|ACK|FIN|RST|PSH|URG),)*(!?(SYN|ACK|FIN|RST|PSH|URG))))$" ; \
+"Invalid value for TCP flags. Allowed values : SYN ACK FIN RST URG PSH ALL
+When specifying more than one flag, flags should be comma-separated.
+For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with
+the SYN flag set, and the ACK, FIN and RST flags unset"
+
+comp_help: Allowed values for TCP flags : SYN ACK FIN RST URG PSH ALL
+When specifying more than one flag, flags should be comma-separated.
+For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with
+the SYN flag set, and the ACK, FIN and RST flags unset
+
diff --git a/templates/policy/route/node.tag/rule/node.tag/tcp/node.def b/templates/policy/route/node.tag/rule/node.tag/tcp/node.def
new file mode 100644
index 00000000..a57ef521
--- /dev/null
+++ b/templates/policy/route/node.tag/rule/node.tag/tcp/node.def
@@ -0,0 +1,2 @@
+help: TCP flags to match
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-18 22:58:05 +0000