Merge branch 'T4651' of https://github.com/nicolas-fort/vyos-1x into firewall

* 'T4651' of https://github.com/nicolas-fort/vyos-1x: Firewall: T4651: Change proposed cli from ip-length to packet-length Firewall: T4651: Add options to match packet size on firewall rules.
author: Christian Poessinger <christian@poessinger.com> 2022-09-02 07:41:32 +0200
committer: Christian Poessinger <christian@poessinger.com> 2022-09-02 06:21:32 +0200
commit: 96302a27db8e9aaad3f2c1a81457c5e8e048dd4b (patch)
tree: 06c63cba1e38428ebd110685f9ff511ebce22282 /interface-definitions
parent: 735767f09f891c438e43565f935b927e6f1b317d (diff)
parent: 312ee15058fbb26feb6a93520417f0d5343ad15b (diff)
download: vyos-1x-96302a27db8e9aaad3f2c1a81457c5e8e048dd4b.tar.gz
vyos-1x-96302a27db8e9aaad3f2c1a81457c5e8e048dd4b.zip
2 files changed, 20 insertions, 0 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 9488ddcdc..cca3c0f7d 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -383,6 +383,7 @@
                 </children>
               </node>
               #include <include/firewall/common-rule.xml.i>
+              #include <include/firewall/packet-length.xml.i>
               <node name="hop-limit">
                 <properties>
                   <help>Hop Limit</help>
@@ -571,6 +572,7 @@
                 </children>
               </node>
               #include <include/firewall/common-rule.xml.i>
+              #include <include/firewall/packet-length.xml.i>
               <node name="icmp">
                 <properties>
                   <help>ICMP type and code information</help>
diff --git a/interface-definitions/include/firewall/packet-length.xml.i b/interface-definitions/include/firewall/packet-length.xml.i
new file mode 100644
index 000000000..866a76bbb
--- /dev/null
+++ b/interface-definitions/include/firewall/packet-length.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from firewall/packet-length.xml.i -->
+<leafNode name="packet-length">
+  <properties>
+    <help>Payload size in bytes, including header and data</help>
+    <valueHelp>
+      <format>u32:1-65535</format>
+      <description>Packet length value. Multiple values can be specified as a comma-separated list. Inverted match is also supported</description>
+    </valueHelp>
+    <valueHelp>
+      <format>&lt;start-end&gt;</format>
+      <description>Packet length range. Inverted match is also supported (e.g. 1001-1005 or !1001-1005)</description>
+    </valueHelp>
+    <constraint>
+      <validator name="packet-length"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
author	Christian Poessinger <christian@poessinger.com>	2022-09-02 07:41:32 +0200
committer	Christian Poessinger <christian@poessinger.com>	2022-09-02 06:21:32 +0200
commit	96302a27db8e9aaad3f2c1a81457c5e8e048dd4b (patch)
tree	06c63cba1e38428ebd110685f9ff511ebce22282 /interface-definitions
parent	735767f09f891c438e43565f935b927e6f1b317d (diff)
parent	312ee15058fbb26feb6a93520417f0d5343ad15b (diff)
download	vyos-1x-96302a27db8e9aaad3f2c1a81457c5e8e048dd4b.tar.gz vyos-1x-96302a27db8e9aaad3f2c1a81457c5e8e048dd4b.zip