Merge pull request #1871 from nicolas-fort/T5055

T5055: Firewall: add packet-type matcher in firewall and route policy

3 files changed, 32 insertions, 5 deletions

diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index d27839700..624d61759 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -459,7 +459,7 @@
               </node>
               #include <include/firewall/common-rule.xml.i>
               #include <include/firewall/dscp.xml.i>
-              #include <include/firewall/packet-length.xml.i>
+              #include <include/firewall/packet-options.xml.i>
               #include <include/firewall/hop-limit.xml.i>
               #include <include/firewall/connection-mark.xml.i>
               <node name="icmpv6">
@@ -629,7 +629,7 @@
               </node>
               #include <include/firewall/common-rule.xml.i>
               #include <include/firewall/dscp.xml.i>
-              #include <include/firewall/packet-length.xml.i>
+              #include <include/firewall/packet-options.xml.i>
               #include <include/firewall/connection-mark.xml.i>
               <node name="icmp">
                 <properties>
diff --git a/interface-definitions/include/firewall/packet-length.xml.i b/interface-definitions/include/firewall/packet-options.xml.i
index fd2eb67b0..cd94e69c2 100644
--- a/interface-definitions/include/firewall/packet-length.xml.i
+++ b/interface-definitions/include/firewall/packet-options.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from firewall/packet-length.xml.i -->
+<!-- include start from firewall/packet-options.xml.i -->
 <leafNode name="packet-length">
   <properties>
     <help>Payload size in bytes, including header and data to match</help>
@@ -33,4 +33,31 @@
     <multi/>
   </properties>
 </leafNode>
+<leafNode name="packet-type">
+  <properties>
+    <help>Packet type</help>
+    <completionHelp>
+      <list>broadcast host multicast other</list>
+    </completionHelp>
+    <valueHelp>
+      <format>broadcast</format>
+      <description>Match broadcast packet type</description>
+    </valueHelp>
+    <valueHelp>
+      <format>host</format>
+      <description>Match host packet type, addressed to local host</description>
+    </valueHelp>
+    <valueHelp>
+      <format>multicast</format>
+      <description>Match multicast packet type</description>
+    </valueHelp>
+    <valueHelp>
+      <format>other</format>
+      <description>Match packet addressed to another host</description>
+    </valueHelp>
+    <constraint>
+      <regex>(broadcast|host|multicast|other)</regex>
+    </constraint>
+  </properties>
+</leafNode>
 <!-- include end -->
diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in
index d7b159839..bbd6dbf56 100644
--- a/interface-definitions/policy-route.xml.in
+++ b/interface-definitions/policy-route.xml.in
@@ -50,7 +50,7 @@
               #include <include/policy/route-common.xml.i>
               #include <include/policy/route-ipv6.xml.i>
               #include <include/firewall/dscp.xml.i>
-              #include <include/firewall/packet-length.xml.i>
+              #include <include/firewall/packet-options.xml.i>
               #include <include/firewall/hop-limit.xml.i>
               #include <include/firewall/connection-mark.xml.i>
             </children>
@@ -105,7 +105,7 @@
               #include <include/policy/route-common.xml.i>
               #include <include/policy/route-ipv4.xml.i>
               #include <include/firewall/dscp.xml.i>
-              #include <include/firewall/packet-length.xml.i>
+              #include <include/firewall/packet-options.xml.i>
               #include <include/firewall/ttl.xml.i>
               #include <include/firewall/connection-mark.xml.i>
             </children>