conntrack: T5217: Add tcp flag matching to `system conntrack ignore`

- Moves MSS node out of `tcp-flags.xml.i` and into `tcp-mss.xml.i`
- Update smoketest to verify TCP flag matching

1 files changed, 25 insertions, 0 deletions

diff --git a/interface-definitions/include/firewall/tcp-mss.xml.i b/interface-definitions/include/firewall/tcp-mss.xml.i
new file mode 100644
index 000000000..dc49b4272
--- /dev/null
+++ b/interface-definitions/include/firewall/tcp-mss.xml.i
@@ -0,0 +1,25 @@
+<!-- include start from firewall/tcp-mss.xml.i -->
+<node name="tcp">
+  <properties>
+    <help>TCP options to match</help>
+  </properties>
+  <children>
+    <leafNode name="mss">
+      <properties>
+        <help>Maximum segment size (MSS)</help>
+        <valueHelp>
+          <format>u32:1-16384</format>
+          <description>Maximum segment size</description>
+        </valueHelp>
+        <valueHelp>
+          <format>&lt;min&gt;-&lt;max&gt;</format>
+          <description>TCP MSS range (use '-' as delimiter)</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--allow-range --range 1-16384"/>
+        </constraint>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->