diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-09-03 20:38:13 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2022-09-03 20:38:13 +0200 |
| commit | 5a6c8b52e985df8f04817b9b529504bdc6e6d8c1 (patch) | |
| tree | 99425f45c67ec29f94c5235ca70b7cedbe8d695b /interface-definitions | |
| parent | e7719b7be2f817834d988e10368a39e419c44263 (diff) | |
| parent | d9eb48a0ced1eb60bd00fe2f18559b3c780ee98a (diff) | |
| download | vyos-1x-5a6c8b52e985df8f04817b9b529504bdc6e6d8c1.tar.gz vyos-1x-5a6c8b52e985df8f04817b9b529504bdc6e6d8c1.zip | |
Merge branch 'firewall' into current
* firewall:
firewall: T4651: re-implement packet-length CLI option to use <multi/>
firewall: T3568: improve default-action help string
firewall: T3568: add XML include block for eq,gt,lt options
smoketest: firewall: add re-usable variables when running testcases
Firewall: T4651: Change proposed cli from ip-length to packet-length
Firewall: T4651: Add options to match packet size on firewall rules.
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/firewall.xml.in | 80 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/enable-default-log.xml.i | 2 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/eq.xml.i | 14 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/gt.xml.i | 14 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/lt.xml.i | 14 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/packet-length.xml.i | 38 |
6 files changed, 89 insertions, 73 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 9488ddcdc..c2d652278 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -383,47 +383,15 @@ </children> </node> #include <include/firewall/common-rule.xml.i> + #include <include/firewall/packet-length.xml.i> <node name="hop-limit"> <properties> <help>Hop Limit</help> </properties> <children> - <leafNode name="eq"> - <properties> - <help>Value to match a hop limit equal to it</help> - <valueHelp> - <format>u32:0-255</format> - <description>Hop limit equal to value</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-255"/> - </constraint> - </properties> - </leafNode> - <leafNode name="gt"> - <properties> - <help>Value to match a hop limit greater than or equal to it</help> - <valueHelp> - <format>u32:0-255</format> - <description>Hop limit greater than value</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-255"/> - </constraint> - </properties> - </leafNode> - <leafNode name="lt"> - <properties> - <help>Value to match a hop limit less than or equal to it</help> - <valueHelp> - <format>u32:0-255</format> - <description>Hop limit less than value</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-255"/> - </constraint> - </properties> - </leafNode> + #include <include/firewall/eq.xml.i> + #include <include/firewall/gt.xml.i> + #include <include/firewall/lt.xml.i> </children> </node> <node name="icmpv6"> @@ -571,6 +539,7 @@ </children> </node> #include <include/firewall/common-rule.xml.i> + #include <include/firewall/packet-length.xml.i> <node name="icmp"> <properties> <help>ICMP type and code information</help> @@ -608,42 +577,9 @@ <help>Time to live limit</help> </properties> <children> - <leafNode name="eq"> - <properties> - <help>Value to match a ttl equal to it</help> - <valueHelp> - <format>u32:0-255</format> - <description>ttl equal to value</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-255"/> - </constraint> - </properties> - </leafNode> - <leafNode name="gt"> - <properties> - <help>Value to match a ttl greater than or equal to it</help> - <valueHelp> - <format>u32:0-255</format> - <description>ttl greater than value</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-255"/> - </constraint> - </properties> - </leafNode> - <leafNode name="lt"> - <properties> - <help>Value to match a ttl less than or equal to it</help> - <valueHelp> - <format>u32:0-255</format> - <description>ttl less than value</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-255"/> - </constraint> - </properties> - </leafNode> + #include <include/firewall/eq.xml.i> + #include <include/firewall/gt.xml.i> + #include <include/firewall/lt.xml.i> </children> </node> </children> diff --git a/interface-definitions/include/firewall/enable-default-log.xml.i b/interface-definitions/include/firewall/enable-default-log.xml.i index 1e64edc6e..0efd8341b 100644 --- a/interface-definitions/include/firewall/enable-default-log.xml.i +++ b/interface-definitions/include/firewall/enable-default-log.xml.i @@ -1,7 +1,7 @@ <!-- include start from firewall/enable-default-log.xml.i --> <leafNode name="enable-default-log"> <properties> - <help>Option to log packets hitting default-action</help> + <help>Log packets hitting default-action</help> <valueless/> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/eq.xml.i b/interface-definitions/include/firewall/eq.xml.i new file mode 100644 index 000000000..e1b4f37a2 --- /dev/null +++ b/interface-definitions/include/firewall/eq.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/eq.xml.i --> +<leafNode name="eq"> + <properties> + <help>Match on equal value</help> + <valueHelp> + <format>u32:0-255</format> + <description>Equal to value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/gt.xml.i b/interface-definitions/include/firewall/gt.xml.i new file mode 100644 index 000000000..c879171ee --- /dev/null +++ b/interface-definitions/include/firewall/gt.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/gt.xml.i --> +<leafNode name="gt"> + <properties> + <help>Match on greater then value</help> + <valueHelp> + <format>u32:0-255</format> + <description>Greater then value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/lt.xml.i b/interface-definitions/include/firewall/lt.xml.i new file mode 100644 index 000000000..77894d3ce --- /dev/null +++ b/interface-definitions/include/firewall/lt.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/lt.xml.i --> +<leafNode name="lt"> + <properties> + <help>Match on less then value</help> + <valueHelp> + <format>u32:0-255</format> + <description>Less then value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/packet-length.xml.i b/interface-definitions/include/firewall/packet-length.xml.i new file mode 100644 index 000000000..043f56d16 --- /dev/null +++ b/interface-definitions/include/firewall/packet-length.xml.i @@ -0,0 +1,38 @@ +<!-- include start from firewall/packet-length.xml.i --> +<leafNode name="packet-length"> + <properties> + <help>Payload size in bytes, including header and data to match</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Packet length to match</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>Packet length range to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + <validator name="range" argument="--min=1 --max=65535"/> + </constraint> + <multi/> + </properties> +</leafNode> +<leafNode name="packet-length-exclude"> + <properties> + <help>Payload size in bytes, including header and data not to match</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Packet length not to match</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>Packet length range not to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + <validator name="range" argument="--min=1 --max=65535"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> |