diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-02-27 20:11:35 +0000 |
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-02-28 14:19:52 +0000 |
| commit | bbfe6b54b58b68768f6427496d8ac3c1ef38da93 (patch) | |
| tree | 201953efa1b8bcb4978d33342788eebb1c08a81c /interface-definitions | |
| parent | 4621cfc37a6088059d11c5adf2f33224e3435332 (diff) | |
| download | vyos-1x-bbfe6b54b58b68768f6427496d8ac3c1ef38da93.tar.gz vyos-1x-bbfe6b54b58b68768f6427496d8ac3c1ef38da93.zip | |
T5037: Firewall: Add queue action and options to firewall
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/firewall.xml.in | 2 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/action.xml.i | 8 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/nft-queue.xml.i | 34 |
3 files changed, 42 insertions, 2 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 7d7e0a38f..c9a132c4a 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -502,6 +502,7 @@ </completionHelp> </properties> </leafNode> + #include <include/firewall/nft-queue.xml.i> </children> </tagNode> </children> @@ -671,6 +672,7 @@ </properties> </leafNode> #include <include/firewall/ttl.xml.i> + #include <include/firewall/nft-queue.xml.i> </children> </tagNode> </children> diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i index 468340cbb..7c6e33839 100644 --- a/interface-definitions/include/firewall/action.xml.i +++ b/interface-definitions/include/firewall/action.xml.i @@ -3,7 +3,7 @@ <properties> <help>Rule action</help> <completionHelp> - <list>accept jump reject return drop</list> + <list>accept jump reject return drop queue</list> </completionHelp> <valueHelp> <format>accept</format> @@ -25,8 +25,12 @@ <format>drop</format> <description>Drop matching entries</description> </valueHelp> + <valueHelp> + <format>queue</format> + <description>Enqueue packet to userspace</description> + </valueHelp> <constraint> - <regex>(accept|jump|reject|return|drop)</regex> + <regex>(accept|jump|reject|return|drop|queue)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/nft-queue.xml.i b/interface-definitions/include/firewall/nft-queue.xml.i new file mode 100644 index 000000000..8799eac74 --- /dev/null +++ b/interface-definitions/include/firewall/nft-queue.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/nft-queue.xml.i --> +<leafNode name="queue"> + <properties> + <help>Queue target to use. Action queue must be defined to use this setting</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Queue target</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-65535"/> + </constraint> + </properties> +</leafNode> +<leafNode name="queue-options"> + <properties> + <help>Options used for queue target. Action queue must be defined to use this setting</help> + <completionHelp> + <list>bypass fanout</list> + </completionHelp> + <valueHelp> + <format>bypass</format> + <description>Let packets go through if userspace application cannot back off</description> + </valueHelp> + <valueHelp> + <format>fanout</format> + <description>Distribute packets between several queues</description> + </valueHelp> + <constraint> + <regex>(bypass|fanout)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file |