diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-06-29 19:16:53 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2022-06-29 19:18:21 +0200 |
| commit | 6b64f2eeb192ee1133d3f90be2ae2854a0c00ddc (patch) | |
| tree | 2a7934510cce1883d1f6c221bec1657824571ff2 /interface-definitions/service-conntrack-sync.xml.in | |
| parent | fba14cd5f49802f70bcfaf93aaa25d4440e2f836 (diff) | |
| download | vyos-1x-6b64f2eeb192ee1133d3f90be2ae2854a0c00ddc.tar.gz vyos-1x-6b64f2eeb192ee1133d3f90be2ae2854a0c00ddc.zip | |
xml: streamline interface definition filenames, drop _
Some files that described the CLI used underscores to split CLI levels, some
others did not. This commit removes all underscores from the filename and only
makes use of a hyphen.
Diffstat (limited to 'interface-definitions/service-conntrack-sync.xml.in')
| -rw-r--r-- | interface-definitions/service-conntrack-sync.xml.in | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/interface-definitions/service-conntrack-sync.xml.in b/interface-definitions/service-conntrack-sync.xml.in new file mode 100644 index 000000000..6fa6fc5f9 --- /dev/null +++ b/interface-definitions/service-conntrack-sync.xml.in @@ -0,0 +1,173 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py"> + <properties> + <help>Connection tracking synchronization</help> + <!-- before VRRP / HA --> + <priority>799</priority> + </properties> + <children> + <leafNode name="accept-protocol"> + <properties> + <help>Protocols for which local conntrack entries will be synced</help> + <completionHelp> + <list>tcp udp icmp icmp6 sctp dccp</list> + </completionHelp> + <valueHelp> + <format>tcp</format> + <description>Sync Transmission Control Protocol entries</description> + </valueHelp> + <valueHelp> + <format>udp</format> + <description>Sync User Datagram Protocol entries</description> + </valueHelp> + <valueHelp> + <format>icmp</format> + <description>Sync Internet Control Message Protocol entries</description> + </valueHelp> + <valueHelp> + <format>icmp6</format> + <description>Sync IPv6 Internet Control Message Protocol entries</description> + </valueHelp> + <valueHelp> + <format>sctp</format> + <description>Sync Stream Control Transmission Protocol entries</description> + </valueHelp> + <valueHelp> + <format>dccp</format> + <description>Sync Datagram Congestion Control Protocol entries</description> + </valueHelp> + <constraint> + <regex>(tcp|udp|icmp|icmp6|sctp|dccp)</regex> + </constraint> + <constraintErrorMessage>Allowed protocols: tcp udp icmp or sctp</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="disable-external-cache"> + <properties> + <help>Directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall.</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="event-listen-queue-size"> + <properties> + <help>Queue size for local conntrack events</help> + <valueHelp> + <format>u32</format> + <description>Queue size in MB</description> + </valueHelp> + </properties> + <defaultValue>8</defaultValue> + </leafNode> + <leafNode name="expect-sync"> + <properties> + <help>Protocol for which expect entries need to be synchronized</help> + <completionHelp> + <list>all ftp sip h323 nfs sqlnet</list> + </completionHelp> + <constraint> + <regex>(all|ftp|sip|h323|nfs|sqlnet)</regex> + </constraint> + <constraintErrorMessage>Invalid protocol</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <node name="failover-mechanism"> + <properties> + <help>Failover mechanism to use for conntrack-sync</help> + </properties> + <children> + <node name="vrrp"> + <properties> + <help>VRRP as failover-mechanism to use for conntrack-sync</help> + </properties> + <children> + <leafNode name="sync-group"> + <properties> + <help>VRRP sync group</help> + <completionHelp> + <path>high-availability vrrp sync-group</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="ignore-address"> + <properties> + <help>IP addresses for which local conntrack entries will not be synced</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to ignore</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to ignore</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to ignore</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix to ignore</description> + </valueHelp> + <constraint> + <validator name="ipv4"/> + <validator name="ipv6"/> + </constraint> + <multi/> + </properties> + </leafNode> + <tagNode name="interface"> + <properties> + <help>Interface to use for syncing conntrack entries</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py --bridgeable</script> + </completionHelp> + </properties> + <children> + <leafNode name="peer"> + <properties> + <help>IP address of the peer to send the UDP conntrack info too. This disable multicast.</help> + <valueHelp> + <format>ipv4</format> + <description>IP address to listen for incoming connections</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + #include <include/port-number.xml.i> + </children> + </tagNode> + #include <include/listen-address-ipv4.xml.i> + <leafNode name="mcast-group"> + <properties> + <help>Multicast group to use for syncing conntrack entries</help> + <constraint> + <validator name="ipv4-multicast"/> + </constraint> + </properties> + <defaultValue>225.0.0.50</defaultValue> + </leafNode> + <leafNode name="sync-queue-size"> + <properties> + <help>Queue size for syncing conntrack entries</help> + <valueHelp> + <format>u32</format> + <description>Queue size in MB</description> + </valueHelp> + </properties> + <defaultValue>1</defaultValue> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> |