Merge pull request #2802 from vyos/mergify/bp/sagitta/pr-2574

T5779: conntrack: Apply fixes to <set system conntrack timeout custom> (backport #2574)
author: Christian Breunig <christian@breunig.cc> 2024-01-19 18:29:07 +0100
committer: GitHub <noreply@github.com> 2024-01-19 18:29:07 +0100
commit: 9c6aed53c68b8b5d62223717b71f8e41b70b78cc (patch)
tree: 2c3566becc1e93b70df5fb2f61b4f1028a04dd8f /interface-definitions/include
parent: 4b3ef473c3acfedeb70a023a9ca46df5437fc5a2 (diff)
parent: 80068c8ce453a385981999c25e4ff5aeaa6bf030 (diff)
download: vyos-1x-9c6aed53c68b8b5d62223717b71f8e41b70b78cc.tar.gz
vyos-1x-9c6aed53c68b8b5d62223717b71f8e41b70b78cc.zip
3 files changed, 178 insertions, 1 deletions
diff --git a/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i b/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i
new file mode 100644
index 000000000..e6bff7e4d
--- /dev/null
+++ b/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i
@@ -0,0 +1,136 @@
+<!-- include start from conntrack/timeout-custom-protocols.xml.i -->
+<node name="tcp">
+  <properties>
+    <help>TCP connection timeout options</help>
+  </properties>
+  <children>
+    <leafNode name="close-wait">
+      <properties>
+        <help>TCP CLOSE-WAIT timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP CLOSE-WAIT timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+    </leafNode>
+    <leafNode name="close">
+      <properties>
+        <help>TCP CLOSE timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP CLOSE timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+    </leafNode>
+    <leafNode name="established">
+      <properties>
+        <help>TCP ESTABLISHED timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP ESTABLISHED timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+    </leafNode>
+    <leafNode name="fin-wait">
+      <properties>
+        <help>TCP FIN-WAIT timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP FIN-WAIT timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+    </leafNode>
+    <leafNode name="last-ack">
+      <properties>
+        <help>TCP LAST-ACK timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP LAST-ACK timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+    </leafNode>
+    <leafNode name="syn-recv">
+      <properties>
+        <help>TCP SYN-RECEIVED timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP SYN-RECEIVED timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+    </leafNode>
+    <leafNode name="syn-sent">
+      <properties>
+        <help>TCP SYN-SENT timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP SYN-SENT timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+    </leafNode>
+    <leafNode name="time-wait">
+      <properties>
+        <help>TCP TIME-WAIT timeout in seconds</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>TCP TIME-WAIT timeout in seconds</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<node name="udp">
+  <properties>
+    <help>UDP timeout options</help>
+  </properties>
+  <children>
+    <leafNode name="replied">
+      <properties>
+        <help>Timeout for UDP connection seen in both directions</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>Timeout for UDP connection seen in both directions</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+    </leafNode>
+    <leafNode name="unreplied">
+      <properties>
+        <help>Timeout for unreplied UDP</help>
+        <valueHelp>
+          <format>u32:1-21474836</format>
+          <description>Timeout for unreplied UDP</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-21474836"/>
+        </constraint>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i b/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i
new file mode 100644
index 000000000..8c34fb933
--- /dev/null
+++ b/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i
@@ -0,0 +1,41 @@
+<!-- include start from firewall/source-destination-group-ipv4.xml.i -->
+<node name="group">
+  <properties>
+    <help>Group</help>
+  </properties>
+  <children>
+    <leafNode name="address-group">
+      <properties>
+        <help>Group of addresses</help>
+        <completionHelp>
+          <path>firewall group address-group</path>
+        </completionHelp>
+      </properties>
+    </leafNode>
+    <leafNode name="domain-group">
+      <properties>
+        <help>Group of domains</help>
+        <completionHelp>
+          <path>firewall group domain-group</path>
+        </completionHelp>
+      </properties>
+    </leafNode>
+    <leafNode name="network-group">
+      <properties>
+        <help>Group of networks</help>
+        <completionHelp>
+          <path>firewall group network-group</path>
+        </completionHelp>
+      </properties>
+    </leafNode>
+    <leafNode name="port-group">
+      <properties>
+        <help>Group of ports</help>
+        <completionHelp>
+          <path>firewall group port-group</path>
+        </completionHelp>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/version/conntrack-version.xml.i b/interface-definitions/include/version/conntrack-version.xml.i
index 696f76362..6995ce119 100644
--- a/interface-definitions/include/version/conntrack-version.xml.i
+++ b/interface-definitions/include/version/conntrack-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/conntrack-version.xml.i -->
-<syntaxVersion component='conntrack' version='3'></syntaxVersion>
+<syntaxVersion component='conntrack' version='5'></syntaxVersion>
 <!-- include end -->
author	Christian Breunig <christian@breunig.cc>	2024-01-19 18:29:07 +0100
committer	GitHub <noreply@github.com>	2024-01-19 18:29:07 +0100
commit	9c6aed53c68b8b5d62223717b71f8e41b70b78cc (patch)
tree	2c3566becc1e93b70df5fb2f61b4f1028a04dd8f /interface-definitions/include
parent	4b3ef473c3acfedeb70a023a9ca46df5437fc5a2 (diff)
parent	80068c8ce453a385981999c25e4ff5aeaa6bf030 (diff)
download	vyos-1x-9c6aed53c68b8b5d62223717b71f8e41b70b78cc.tar.gz vyos-1x-9c6aed53c68b8b5d62223717b71f8e41b70b78cc.zip