diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-09-07 14:16:49 +0000 |
---|---|---|
committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-09-07 14:16:49 +0000 |
commit | 1eb71e8e80a30c559932690470791cdf10ac5c76 (patch) | |
tree | 8e7cae59241bf57575bff671546b591f03652ffd /interface-definitions | |
parent | bdd7f6be4afae6dd8ccefede5de809f9bb73ee1d (diff) | |
download | vyos-1x-1eb71e8e80a30c559932690470791cdf10ac5c76.tar.gz vyos-1x-1eb71e8e80a30c559932690470791cdf10ac5c76.zip |
T1024: Firewall and Policy route: add option to match dscp value, both on firewall and in policy route
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/firewall.xml.in | 2 | ||||
-rw-r--r-- | interface-definitions/include/firewall/dscp.xml.i | 38 | ||||
-rw-r--r-- | interface-definitions/policy-route.xml.in | 2 |
3 files changed, 42 insertions, 0 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 0ab9d6a66..d1497d572 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -383,6 +383,7 @@ </children> </node> #include <include/firewall/common-rule.xml.i> + #include <include/firewall/dscp.xml.i> #include <include/firewall/packet-length.xml.i> #include <include/firewall/hop-limit.xml.i> <node name="icmpv6"> @@ -530,6 +531,7 @@ </children> </node> #include <include/firewall/common-rule.xml.i> + #include <include/firewall/dscp.xml.i> #include <include/firewall/packet-length.xml.i> <node name="icmp"> <properties> diff --git a/interface-definitions/include/firewall/dscp.xml.i b/interface-definitions/include/firewall/dscp.xml.i new file mode 100644 index 000000000..642212d7e --- /dev/null +++ b/interface-definitions/include/firewall/dscp.xml.i @@ -0,0 +1,38 @@ +<!-- include start from firewall/dscp.xml.i --> +<leafNode name="dscp"> + <properties> + <help>DSCP value</help> + <valueHelp> + <format>u32:0-63</format> + <description>DSCP value to match</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>DSCP range to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-63"/> + <validator name="range" argument="--min=0 --max=63"/> + </constraint> + <multi/> + </properties> +</leafNode> +<leafNode name="dscp-exclude"> + <properties> + <help>DSCP value not to match</help> + <valueHelp> + <format>u32:0-63</format> + <description>DSCP value not to match</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>DSCP range not to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-63"/> + <validator name="range" argument="--min=0 --max=63"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in index ba1371fab..f480f3bd5 100644 --- a/interface-definitions/policy-route.xml.in +++ b/interface-definitions/policy-route.xml.in @@ -47,6 +47,7 @@ </children> </node> #include <include/policy/route-common-rule-ipv6.xml.i> + #include <include/firewall/dscp.xml.i> #include <include/firewall/packet-length.xml.i> #include <include/firewall/hop-limit.xml.i> </children> @@ -98,6 +99,7 @@ </children> </node> #include <include/policy/route-common-rule.xml.i> + #include <include/firewall/dscp.xml.i> #include <include/firewall/packet-length.xml.i> #include <include/firewall/ttl.xml.i> </children> |