Merge branch 'firewall' into current

* firewall:
  firewall: T4651: re-implement packet-length CLI option to use <multi/>
  firewall: T3568: improve default-action help string
  firewall: T3568: add XML include block for eq,gt,lt options
  smoketest: firewall: add re-usable variables when running testcases
  Firewall: T4651: Change proposed cli from ip-length to packet-length
  Firewall: T4651: Add options to match packet size on firewall rules.

6 files changed, 89 insertions, 73 deletions

diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 9488ddcdc..c2d652278 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -383,47 +383,15 @@
                 </children>
               </node>
               #include <include/firewall/common-rule.xml.i>
+              #include <include/firewall/packet-length.xml.i>
               <node name="hop-limit">
                 <properties>
                   <help>Hop Limit</help>
                 </properties>
                 <children>
-                  <leafNode name="eq">
-                    <properties>
-                      <help>Value to match a hop limit equal to it</help>
-                      <valueHelp>
-                        <format>u32:0-255</format>
-                        <description>Hop limit equal to value</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 0-255"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="gt">
-                    <properties>
-                      <help>Value to match a hop limit greater than or equal to it</help>
-                      <valueHelp>
-                        <format>u32:0-255</format>
-                        <description>Hop limit greater than value</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 0-255"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="lt">
-                    <properties>
-                      <help>Value to match a hop limit less than or equal to it</help>
-                      <valueHelp>
-                        <format>u32:0-255</format>
-                        <description>Hop limit less than value</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 0-255"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
+                  #include <include/firewall/eq.xml.i>
+                  #include <include/firewall/gt.xml.i>
+                  #include <include/firewall/lt.xml.i>
                 </children>
               </node>
               <node name="icmpv6">
@@ -571,6 +539,7 @@
                 </children>
               </node>
               #include <include/firewall/common-rule.xml.i>
+              #include <include/firewall/packet-length.xml.i>
               <node name="icmp">
                 <properties>
                   <help>ICMP type and code information</help>
@@ -608,42 +577,9 @@
                   <help>Time to live limit</help>
                 </properties>
                 <children>
-                  <leafNode name="eq">
-                    <properties>
-                      <help>Value to match a ttl equal to it</help>
-                      <valueHelp>
-                        <format>u32:0-255</format>
-                        <description>ttl equal to value</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 0-255"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="gt">
-                    <properties>
-                      <help>Value to match a ttl greater than or equal to it</help>
-                      <valueHelp>
-                        <format>u32:0-255</format>
-                        <description>ttl greater than value</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 0-255"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="lt">
-                    <properties>
-                      <help>Value to match a ttl less than or equal to it</help>
-                      <valueHelp>
-                        <format>u32:0-255</format>
-                        <description>ttl less than value</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 0-255"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
+                  #include <include/firewall/eq.xml.i>
+                  #include <include/firewall/gt.xml.i>
+                  #include <include/firewall/lt.xml.i>
                 </children>
               </node>
             </children>
diff --git a/interface-definitions/include/firewall/enable-default-log.xml.i b/interface-definitions/include/firewall/enable-default-log.xml.i
index 1e64edc6e..0efd8341b 100644
--- a/interface-definitions/include/firewall/enable-default-log.xml.i
+++ b/interface-definitions/include/firewall/enable-default-log.xml.i
@@ -1,7 +1,7 @@
 <!-- include start from firewall/enable-default-log.xml.i -->
 <leafNode name="enable-default-log">
   <properties>
-    <help>Option to log packets hitting default-action</help>
+    <help>Log packets hitting default-action</help>
     <valueless/>
   </properties>
 </leafNode>
diff --git a/interface-definitions/include/firewall/eq.xml.i b/interface-definitions/include/firewall/eq.xml.i
new file mode 100644
index 000000000..e1b4f37a2
--- /dev/null
+++ b/interface-definitions/include/firewall/eq.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from firewall/eq.xml.i -->
+<leafNode name="eq">
+  <properties>
+    <help>Match on equal value</help>
+    <valueHelp>
+      <format>u32:0-255</format>
+      <description>Equal to value</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 0-255"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
\ No newline at end of file
diff --git a/interface-definitions/include/firewall/gt.xml.i b/interface-definitions/include/firewall/gt.xml.i
new file mode 100644
index 000000000..c879171ee
--- /dev/null
+++ b/interface-definitions/include/firewall/gt.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from firewall/gt.xml.i -->
+<leafNode name="gt">
+  <properties>
+    <help>Match on greater then value</help>
+    <valueHelp>
+      <format>u32:0-255</format>
+      <description>Greater then value</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 0-255"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/lt.xml.i b/interface-definitions/include/firewall/lt.xml.i
new file mode 100644
index 000000000..77894d3ce
--- /dev/null
+++ b/interface-definitions/include/firewall/lt.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from firewall/lt.xml.i -->
+<leafNode name="lt">
+  <properties>
+    <help>Match on less then value</help>
+    <valueHelp>
+      <format>u32:0-255</format>
+      <description>Less then value</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 0-255"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/packet-length.xml.i b/interface-definitions/include/firewall/packet-length.xml.i
new file mode 100644
index 000000000..043f56d16
--- /dev/null
+++ b/interface-definitions/include/firewall/packet-length.xml.i
@@ -0,0 +1,38 @@
+<!-- include start from firewall/packet-length.xml.i -->
+<leafNode name="packet-length">
+  <properties>
+    <help>Payload size in bytes, including header and data to match</help>
+    <valueHelp>
+      <format>u32:1-65535</format>
+      <description>Packet length to match</description>
+    </valueHelp>
+    <valueHelp>
+      <format>&lt;start-end&gt;</format>
+      <description>Packet length range to match</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-65535"/>
+      <validator name="range" argument="--min=1 --max=65535"/>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<leafNode name="packet-length-exclude">
+  <properties>
+    <help>Payload size in bytes, including header and data not to match</help>
+    <valueHelp>
+      <format>u32:1-65535</format>
+      <description>Packet length not to match</description>
+    </valueHelp>
+    <valueHelp>
+      <format>&lt;start-end&gt;</format>
+      <description>Packet length range not to match</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-65535"/>
+      <validator name="range" argument="--min=1 --max=65535"/>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->