summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2023-11-21 17:36:20 +0000
committerNicolas Fort <nicolasfort1988@gmail.com>2023-11-21 17:36:20 +0000
commit4e8839b6d78c7629cd2c1daee0438472c96365a4 (patch)
tree1d70d79a5f3d1c2b31f962afdb7e908af5548d27 /interface-definitions
parent916adfaf0774df0731522bf3cbd886d794735c50 (diff)
downloadvyos-1x-4e8839b6d78c7629cd2c1daee0438472c96365a4.tar.gz
vyos-1x-4e8839b6d78c7629cd2c1daee0438472c96365a4.zip
T5419: firewall: backport firewall flowtable to Sagitta.
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/firewall.xml.in40
-rw-r--r--interface-definitions/include/firewall/action-forward.xml.i45
-rw-r--r--interface-definitions/include/firewall/ipv4-hook-forward.xml.i2
-rw-r--r--interface-definitions/include/firewall/ipv6-hook-forward.xml.i2
-rw-r--r--interface-definitions/include/firewall/offload-target.xml.i10
-rw-r--r--interface-definitions/interfaces-ethernet.xml.in6
6 files changed, 105 insertions, 0 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 4704b200e..0bb14a1b3 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -7,6 +7,46 @@
</properties>
<children>
#include <include/firewall/global-options.xml.i>
+ <tagNode name="flowtable">
+ <properties>
+ <help>Flowtable</help>
+ <constraint>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/generic-description.xml.i>
+ <leafNode name="interface">
+ <properties>
+ <help>Interfaces to use this flowtable</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces</script>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="offload">
+ <properties>
+ <help>Offloading method</help>
+ <completionHelp>
+ <list>hardware software</list>
+ </completionHelp>
+ <valueHelp>
+ <format>hardware</format>
+ <description>Hardware offload</description>
+ </valueHelp>
+ <valueHelp>
+ <format>software</format>
+ <description>Software offload</description>
+ </valueHelp>
+ <constraint>
+ <regex>(hardware|software)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>software</defaultValue>
+ </leafNode>
+ </children>
+ </tagNode>
<node name="group">
<properties>
<help>Firewall group</help>
diff --git a/interface-definitions/include/firewall/action-forward.xml.i b/interface-definitions/include/firewall/action-forward.xml.i
new file mode 100644
index 000000000..87da72c97
--- /dev/null
+++ b/interface-definitions/include/firewall/action-forward.xml.i
@@ -0,0 +1,45 @@
+<!-- include start from firewall/action-forward.xml.i -->
+<leafNode name="action">
+ <properties>
+ <help>Rule action</help>
+ <completionHelp>
+ <list>accept continue jump reject return drop queue offload</list>
+ </completionHelp>
+ <valueHelp>
+ <format>accept</format>
+ <description>Accept matching entries</description>
+ </valueHelp>
+ <valueHelp>
+ <format>continue</format>
+ <description>Continue parsing next rule</description>
+ </valueHelp>
+ <valueHelp>
+ <format>jump</format>
+ <description>Jump to another chain</description>
+ </valueHelp>
+ <valueHelp>
+ <format>reject</format>
+ <description>Reject matching entries</description>
+ </valueHelp>
+ <valueHelp>
+ <format>return</format>
+ <description>Return from the current chain and continue at the next rule of the last chain</description>
+ </valueHelp>
+ <valueHelp>
+ <format>drop</format>
+ <description>Drop matching entries</description>
+ </valueHelp>
+ <valueHelp>
+ <format>queue</format>
+ <description>Enqueue packet to userspace</description>
+ </valueHelp>
+ <valueHelp>
+ <format>offload</format>
+ <description>Offload packet via flowtable</description>
+ </valueHelp>
+ <constraint>
+ <regex>(accept|continue|jump|reject|return|drop|queue|offload)</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end --> \ No newline at end of file
diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
index 9831498c9..100f1c3d9 100644
--- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
@@ -25,8 +25,10 @@
<constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage>
</properties>
<children>
+ #include <include/firewall/action-forward.xml.i>
#include <include/firewall/common-rule-ipv4.xml.i>
#include <include/firewall/inbound-interface.xml.i>
+ #include <include/firewall/offload-target.xml.i>
#include <include/firewall/outbound-interface.xml.i>
</children>
</tagNode>
diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
index 5c86871e5..fb38267eb 100644
--- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
@@ -25,8 +25,10 @@
<constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage>
</properties>
<children>
+ #include <include/firewall/action-forward.xml.i>
#include <include/firewall/common-rule-ipv6.xml.i>
#include <include/firewall/inbound-interface.xml.i>
+ #include <include/firewall/offload-target.xml.i>
#include <include/firewall/outbound-interface.xml.i>
</children>
</tagNode>
diff --git a/interface-definitions/include/firewall/offload-target.xml.i b/interface-definitions/include/firewall/offload-target.xml.i
new file mode 100644
index 000000000..b1ae39100
--- /dev/null
+++ b/interface-definitions/include/firewall/offload-target.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from firewall/offload-target.xml.i -->
+<leafNode name="offload-target">
+ <properties>
+ <help>Set flowtable offload target. Action offload must be defined to use this setting</help>
+ <completionHelp>
+ <path>firewall flowtable</path>
+ </completionHelp>
+ </properties>
+</leafNode>
+<!-- include end --> \ No newline at end of file
diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in
index 3669336fd..5aaa7095c 100644
--- a/interface-definitions/interfaces-ethernet.xml.in
+++ b/interface-definitions/interfaces-ethernet.xml.in
@@ -80,6 +80,12 @@
<valueless/>
</properties>
</leafNode>
+ <leafNode name="hw-tc-offload">
+ <properties>
+ <help>Enable Hardware Flow Offload</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="lro">
<properties>
<help>Enable Large Receive Offload</help>