diff options
234 files changed, 3845 insertions, 3516 deletions
@@ -8,8 +8,10 @@ CC := gcc LIBS := -lzmq CFLAGS := -src = $(wildcard interface-definitions/*.xml.in) -obj = $(src:.xml.in=.xml) +config_xml_src = $(wildcard interface-definitions/*.xml.in) +config_xml_obj = $(config_xml_src:.xml.in=.xml) +op_xml_src = $(wildcard op-mode-definitions/*.xml.in) +op_xml_obj = $(op_xml_src:.xml.in=.xml) %.xml: %.xml.in @echo Generating $(BUILD_DIR)/$@ from $< @@ -23,15 +25,12 @@ obj = $(src:.xml.in=.xml) # -nostdinc Do not search the standard system directories for header files # -P Inhibit generation of linemarkers in the output from the # preprocessor - @$(CC) -x c-header -E -undef -nostdinc -P -I$(CURDIR)/interface-definitions -o $(BUILD_DIR)/$@ -c $< - -$(BUILD_DIR): - install -d -m 0755 $(BUILD_DIR)/interface-definitions - install -d -m 0755 $(BUILD_DIR)/op-mode-definitions + mkdir -p $(BUILD_DIR)/$(dir $@) + @$(CC) -x c-header -E -undef -nostdinc -P -I$(CURDIR)/$(dir $<) -o $(BUILD_DIR)/$@ -c $< .PHONY: interface_definitions .ONESHELL: -interface_definitions: $(BUILD_DIR) $(obj) +interface_definitions: $(config_xml_obj) mkdir -p $(TMPL_DIR) # Build "base" templates (service, interfaces, other high-level nodes) @@ -65,10 +64,10 @@ interface_definitions: $(BUILD_DIR) $(obj) .PHONY: op_mode_definitions .ONESHELL: -op_mode_definitions: +op_mode_definitions: $(op_xml_obj) mkdir -p $(OP_TMPL_DIR) - find $(CURDIR)/op-mode-definitions/ -type f -name "*.xml" | xargs -I {} $(CURDIR)/scripts/build-command-op-templates {} $(CURDIR)/schema/op-mode-definition.rng $(OP_TMPL_DIR) || exit 1 + find $(BUILD_DIR)/op-mode-definitions/ -type f -name "*.xml" | xargs -I {} $(CURDIR)/scripts/build-command-op-templates {} $(CURDIR)/schema/op-mode-definition.rng $(OP_TMPL_DIR) || exit 1 # XXX: delete top level op mode node.def's that now live in other packages rm -f $(OP_TMPL_DIR)/add/node.def @@ -90,7 +89,7 @@ op_mode_definitions: .PHONY: component_versions .ONESHELL: -component_versions: $(BUILD_DIR) $(obj) +component_versions: interface_definitions $(CURDIR)/scripts/build-component-versions $(BUILD_DIR)/interface-definitions $(DATA_DIR) .PHONY: vyshim diff --git a/data/templates/firewall/nftables-nat.tmpl b/data/templates/firewall/nftables-nat.tmpl index 8769c2384..770a24a95 100644 --- a/data/templates/firewall/nftables-nat.tmpl +++ b/data/templates/firewall/nftables-nat.tmpl @@ -1,87 +1,87 @@ #!/usr/sbin/nft -f {% macro nat_rule(rule, config, chain) %} -{% set comment = "" %} -{% set base_log = "" %} -{% set src_addr = "ip saddr " + config.source.address if config.source is defined and config.source.address is defined and config.source.address is not none %} -{% set dst_addr = "ip daddr " + config.destination.address if config.destination is defined and config.destination.address is defined and config.destination.address is not none %} +{% set comment = '' %} +{% set base_log = '' %} +{% set src_addr = 'ip saddr ' + config.source.address.replace('!','!= ') if config.source is defined and config.source.address is defined and config.source.address is not none %} +{% set dst_addr = 'ip daddr ' + config.destination.address.replace('!','!= ') if config.destination is defined and config.destination.address is defined and config.destination.address is not none %} {# negated port groups need special treatment, move != in front of { } group #} {% if config.source is defined and config.source.port is defined and config.source.port is not none and config.source.port.startswith('!=') %} -{% set src_port = "sport != { " + config.source.port.replace('!=','') +" }" %} +{% set src_port = 'sport != { ' + config.source.port.replace('!=','') + ' }' %} {% else %} -{% set src_port = "sport { " + config.source.port +" }" if config.source is defined and config.source.port is defined and config.source.port is not none %} +{% set src_port = 'sport { ' + config.source.port + ' }' if config.source is defined and config.source.port is defined and config.source.port is not none %} {% endif %} {# negated port groups need special treatment, move != in front of { } group #} {% if config.destination is defined and config.destination.port is defined and config.destination.port is not none and config.destination.port.startswith('!=') %} -{% set dst_port = "dport != { " + config.destination.port.replace('!=','') +" }" %} +{% set dst_port = 'dport != { ' + config.destination.port.replace('!=','') + ' }' %} {% else %} -{% set dst_port = "dport { " + config.destination.port +" }" if config.destination is defined and config.destination.port is defined and config.destination.port is not none %} -{% endif %} -{% if chain == "PREROUTING" %} -{% set comment = "DST-NAT-" + rule %} -{% set base_log = "[NAT-DST-" + rule %} -{% set interface = " iifname \"" + config.inbound_interface + "\"" if config.inbound_interface is defined and config.inbound_interface != 'any' else '' %} -{% set trns_addr = "dnat to " + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} -{% elif chain == "POSTROUTING" %} -{% set comment = "SRC-NAT-" + rule %} -{% set base_log = "[NAT-SRC-" + rule %} -{% set interface = " oifname \"" + config.outbound_interface + "\"" if config.outbound_interface is defined and config.outbound_interface != 'any' else '' %} +{% set dst_port = 'dport { ' + config.destination.port + ' }' if config.destination is defined and config.destination.port is defined and config.destination.port is not none %} +{% endif %} +{% if chain == 'PREROUTING' %} +{% set comment = 'DST-NAT-' + rule %} +{% set base_log = '[NAT-DST-' + rule %} +{% set interface = ' iifname "' + config.inbound_interface + '"' if config.inbound_interface is defined and config.inbound_interface != 'any' else '' %} +{% set trns_addr = 'dnat to ' + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} +{% elif chain == 'POSTROUTING' %} +{% set comment = 'SRC-NAT-' + rule %} +{% set base_log = '[NAT-SRC-' + rule %} +{% set interface = ' oifname "' + config.outbound_interface + '"' if config.outbound_interface is defined and config.outbound_interface != 'any' else '' %} {% if config.translation is defined and config.translation.address is defined and config.translation.address == 'masquerade' %} {% set trns_addr = config.translation.address %} {% if config.translation.port is defined and config.translation.port is not none %} -{% set trns_addr = trns_addr + " to " %} +{% set trns_addr = trns_addr + ' to ' %} {% endif %} {% else %} -{% set trns_addr = "snat to " + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} +{% set trns_addr = 'snat to ' + config.translation.address if config.translation is defined and config.translation.address is defined and config.translation.address is not none %} {% endif %} {% endif %} -{% set trns_port = ":" + config.translation.port if config.translation is defined and config.translation.port is defined and config.translation.port is not none %} +{% set trns_port = ':' + config.translation.port if config.translation is defined and config.translation.port is defined and config.translation.port is not none %} {# protocol has a default value thus it is always present #} -{% if config.protocol == "tcp_udp" %} -{% set protocol = "tcp" %} -{% set comment = comment + " tcp_udp" %} +{% if config.protocol == 'tcp_udp' %} +{% set protocol = 'tcp' %} +{% set comment = comment + ' tcp_udp' %} {% else %} {% set protocol = config.protocol %} {% endif %} {% if config.log is defined %} {% if config.exclude is defined %} -{% set log = base_log + "-EXCL]" %} +{% set log = base_log + '-EXCL]' %} {% elif config.translation is defined and config.translation.address is defined and config.translation.address == 'masquerade' %} -{% set log = base_log + "-MASQ]" %} +{% set log = base_log +'-MASQ]' %} {% else %} -{% set log = base_log + "]" %} +{% set log = base_log + ']' %} {% endif %} {% endif %} {% if config.exclude is defined %} -{# rule has been marked as "exclude" thus we simply return here #} -{% set trns_addr = "return" %} -{% set trns_port = "" %} +{# rule has been marked as 'exclude' thus we simply return here #} +{% set trns_addr = 'return' %} +{% set trns_port = '' %} {% endif %} -{% set output = "add rule ip nat " + chain + interface %} -{% if protocol != "all" %} -{% set output = output + " ip protocol " + protocol %} +{% set output = 'add rule ip nat ' + chain + interface %} +{% if protocol != 'all' %} +{% set output = output + ' ip protocol ' + protocol %} {% endif %} {% if src_addr %} -{% set output = output + " " + src_addr %} +{% set output = output + ' ' + src_addr %} {% endif %} {% if src_port %} -{% set output = output + " " + protocol + " " + src_port %} +{% set output = output + ' ' + protocol + ' ' + src_port %} {% endif %} {% if dst_addr %} -{% set output = output + " " + dst_addr %} +{% set output = output + ' ' + dst_addr %} {% endif %} {% if dst_port %} -{% set output = output + " " + protocol + " " + dst_port %} +{% set output = output + ' ' + protocol + ' ' + dst_port %} {% endif %} {# Count packets #} -{% set output = output + " counter" %} +{% set output = output + ' counter' %} {# Special handling of log option, we must repeat the entire rule before the #} {# NAT translation options are added, this is essential #} {% if log %} -{% set log_output = output + " log prefix \"" + log + "\" comment \"" + comment + "\"" %} +{% set log_output = output + ' log prefix "' + log + '" comment "' + comment + '"' %} {% endif %} {% if trns_addr %} -{% set output = output + " " + trns_addr %} +{% set output = output + ' ' + trns_addr %} {% endif %} {% if trns_port %} {# Do not add a whitespace here, translation port must be directly added after IP address #} @@ -89,15 +89,15 @@ {% set output = output + trns_port %} {% endif %} {% if comment %} -{% set output = output + " comment \"" + comment + "\"" %} +{% set output = output + ' comment "' + comment + '"' %} {% endif %} {{ log_output if log_output }} {{ output }} {# Special handling if protocol is tcp_udp, we must repeat the entire rule with udp as protocol #} -{% if config.protocol == "tcp_udp" %} +{% if config.protocol == 'tcp_udp' %} {# Beware of trailing whitespace, without it the comment tcp_udp will be changed to udp_udp #} -{{ log_output | replace("tcp ", "udp ") if log_output }} -{{ output | replace("tcp ", "udp ") }} +{{ log_output | replace('tcp ', 'udp ') if log_output }} +{{ output | replace('tcp ', 'udp ') }} {% endif %} {% endmacro %} @@ -105,7 +105,7 @@ flush table nat {% if helper_functions == 'remove' %} {# NAT if going to be disabled - remove rules and targets from nftables #} -{% set base_command = "delete rule ip raw" %} +{% set base_command = 'delete rule ip raw' %} {{ base_command }} PREROUTING handle {{ pre_ct_ignore }} {{ base_command }} OUTPUT handle {{ out_ct_ignore }} {{ base_command }} PREROUTING handle {{ pre_ct_conntrack }} @@ -117,7 +117,7 @@ delete chain ip raw NAT_CONNTRACK {# NAT if enabled - add targets to nftables #} add chain ip raw NAT_CONNTRACK add rule ip raw NAT_CONNTRACK counter accept -{% set base_command = "add rule ip raw" %} +{% set base_command = 'add rule ip raw' %} {{ base_command }} PREROUTING position {{ pre_ct_ignore }} counter jump VYATTA_CT_HELPER {{ base_command }} OUTPUT position {{ out_ct_ignore }} counter jump VYATTA_CT_HELPER {{ base_command }} PREROUTING position {{ pre_ct_conntrack }} counter jump NAT_CONNTRACK diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl index 16355a1e5..af04ee1ce 100644 --- a/data/templates/frr/bgp.frr.tmpl +++ b/data/templates/frr/bgp.frr.tmpl @@ -24,7 +24,7 @@ neighbor {{ neighbor }} description {{ config.description }} {% endif %} {% if config.disable_capability_negotiation is defined %} - neighbor {{ neighbor }} disable-capability-negotiation + neighbor {{ neighbor }} dont-capability-negotiate {% endif %} {% if config.ebgp_multihop is defined and config.ebgp_multihop is not none %} neighbor {{ neighbor }} ebgp-multihop {{ config.ebgp_multihop }} @@ -152,7 +152,11 @@ router bgp {{ asn }} {% if protocol == 'table' %} redistribute table {{ address_family[af].redistribute[protocol].table }} {% else %} - redistribute {{ protocol }}{% if address_family[af].redistribute[protocol].metric is defined %} metric {{ address_family[af].redistribute[protocol].metric }}{% endif %}{% if address_family[af].redistribute[protocol].route_map is defined %} route-map {{ address_family[af].redistribute[protocol].route_map }}{% endif %} +{% set redistribution_protocol = protocol %} +{% if protocol == 'ospfv3' %} +{% set redistribution_protocol = 'ospf6' %} +{% endif %} + redistribute {{ redistribution_protocol }}{% if address_family[af].redistribute[protocol].metric is defined %} metric {{ address_family[af].redistribute[protocol].metric }}{% endif %}{% if address_family[af].redistribute[protocol].route_map is defined %} route-map {{ address_family[af].redistribute[protocol].route_map }}{% endif %} {####### we need this blank line!! #######} {% endif %} diff --git a/data/templates/frr/isis.frr.tmpl b/data/templates/frr/isis.frr.tmpl index 0477f2599..4460ab3b5 100644 --- a/data/templates/frr/isis.frr.tmpl +++ b/data/templates/frr/isis.frr.tmpl @@ -168,8 +168,8 @@ interface {{ iface }} {% if iface_config.psnp_interval is defined and iface_config.psnp_interval is not none %} isis psnp-interval {{ iface_config.psnp_interval }} {% endif %} -{% if iface_config.three_way_handshake is defined %} - isis three-way-handshake +{% if iface_config.no_three_way_handshake is defined %} + no isis three-way-handshake {% endif %} {% endfor %} {% endif %} diff --git a/data/templates/login/authorized_keys.tmpl b/data/templates/login/authorized_keys.tmpl new file mode 100644 index 000000000..639a80e1d --- /dev/null +++ b/data/templates/login/authorized_keys.tmpl @@ -0,0 +1,9 @@ +### Automatically generated by system-login.py ### + +{% if authentication is defined and authentication.public_keys is defined and authentication.public_keys is not none %} +{% for key, key_options in authentication.public_keys.items() %} +{# The whitespace after options is wisely chosen #} +{{ key_options.options + ' ' if key_options.options is defined }}{{ key_options.type }} {{ key_options.key }} {{ key }} +{% endfor %} +{% endif %} + diff --git a/data/templates/login/pam_radius_auth.conf.tmpl b/data/templates/login/pam_radius_auth.conf.tmpl new file mode 100644 index 000000000..fad8e7dcb --- /dev/null +++ b/data/templates/login/pam_radius_auth.conf.tmpl @@ -0,0 +1,36 @@ +# Automatically generated by system-login.py +# RADIUS configuration file + +{% if radius is defined and radius is not none %} +{# RADIUS IPv6 source address must be specified in [] notation #} +{% set source_address = namespace() %} +{% if radius.source_address is defined and radius.source_address is not none %} +{% for address in radius.source_address %} +{% if address | is_ipv4 %} +{% set source_address.ipv4 = address %} +{% elif address | is_ipv6 %} +{% set source_address.ipv6 = "[" + address + "]" %} +{% endif %} +{% endfor %} +{% endif %} +{% if radius.server is defined and radius.server is not none %} +# server[:port] shared_secret timeout source_ip +{# .items() returns a tuple of two elements: key and value. 1 relates to the 2nd element i.e. the value and .priority relates to the key from the internal dict #} +{% for server, options in radius.server.items() | sort(attribute='1.priority') if not options.disabled %} +{# RADIUS IPv6 servers must be specified in [] notation #} +{% if server | is_ipv4 %} +{{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is defined }} +{% else %} +[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is defined }} +{% endif %} +{% endfor %} +{% endif %} + +priv-lvl 15 +mapped_priv_user radius_priv_user + +{% if radius.vrf is defined and radius.vrf is not none %} +vrf-name {{ radius.vrf }} +{% endif %} +{% endif %} + diff --git a/data/templates/ntp/ntp.conf.tmpl b/data/templates/ntp/ntp.conf.tmpl index 3f319c89b..2b56b53c3 100644 --- a/data/templates/ntp/ntp.conf.tmpl +++ b/data/templates/ntp/ntp.conf.tmpl @@ -36,10 +36,4 @@ interface ignore wildcard {% for address in listen_address %} interface listen {{ address }} {% endfor %} -interface listen 127.0.0.1 -interface listen ::1 -{% else %} -interface ignore wildcard -interface listen 127.0.0.1 -interface listen ::1 {% endif %} diff --git a/data/templates/ntp/override.conf.tmpl b/data/templates/ntp/override.conf.tmpl index 466638e5a..e0b947686 100644 --- a/data/templates/ntp/override.conf.tmpl +++ b/data/templates/ntp/override.conf.tmpl @@ -1,4 +1,4 @@ -{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} +{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} [Unit] StartLimitIntervalSec=0 After=vyos-router.service @@ -6,6 +6,6 @@ After=vyos-router.service [Service] ExecStart= ExecStart={{vrf_command}}/usr/lib/ntp/ntp-systemd-wrapper -Restart=on-failure +Restart=always RestartSec=10 diff --git a/data/templates/snmp/override.conf.tmpl b/data/templates/snmp/override.conf.tmpl index e6302a9e1..68f5fd931 100644 --- a/data/templates/snmp/override.conf.tmpl +++ b/data/templates/snmp/override.conf.tmpl @@ -1,4 +1,4 @@ -{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} +{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} [Unit] StartLimitIntervalSec=0 After=vyos-router.service @@ -8,6 +8,6 @@ Environment= Environment="MIBSDIR=/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp" ExecStart= ExecStart={{vrf_command}}/usr/sbin/snmpd -LS0-5d -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -ipCidrRouteTable,inetCidrRouteTable -f -p /run/snmpd.pid -Restart=on-failure +Restart=always RestartSec=10 diff --git a/data/templates/ssh/override.conf.tmpl b/data/templates/ssh/override.conf.tmpl index 843aa927b..0abde6248 100644 --- a/data/templates/ssh/override.conf.tmpl +++ b/data/templates/ssh/override.conf.tmpl @@ -1,4 +1,4 @@ -{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} +{% set vrf_command = 'ip vrf exec ' + vrf + ' ' if vrf is defined else '' %} [Unit] StartLimitIntervalSec=0 After=vyos-router.service @@ -7,5 +7,6 @@ ConditionPathExists={{config_file}} [Service] ExecStart= ExecStart={{vrf_command}}/usr/sbin/sshd -f {{config_file}} -D $SSHD_OPTS +Restart=always RestartSec=10 - +RuntimeDirectoryPreserve=yes diff --git a/data/templates/ssh/sshd_config.tmpl b/data/templates/ssh/sshd_config.tmpl index 52d537aca..2f2b78a66 100644 --- a/data/templates/ssh/sshd_config.tmpl +++ b/data/templates/ssh/sshd_config.tmpl @@ -27,6 +27,8 @@ Banner /etc/issue.net Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes PermitRootLogin no +PidFile /run/sshd/sshd.pid +AddressFamily any # # User configurable section @@ -47,59 +49,59 @@ LogLevel {{ loglevel | upper }} # Specifies whether password authentication is allowed PasswordAuthentication {{ "no" if disable_password_authentication is defined else "yes" }} -{% if listen_address %} +{% if listen_address is defined and listen_address is not none %} # Specifies the local addresses sshd should listen on {% for address in listen_address %} ListenAddress {{ address }} {% endfor %} {% endif %} -{% if ciphers %} +{% if ciphers is defined and ciphers is not none %} # Specifies the ciphers allowed for protocol version 2 -{% set value = ciphers if ciphers is string else ciphers | join(',') %} +{% set value = ciphers if ciphers is string else ciphers | join(',') %} Ciphers {{ value }} {% endif %} -{% if mac %} +{% if mac is defined and mac is not none %} # Specifies the available MAC (message authentication code) algorithms -{% set value = mac if mac is string else mac | join(',') %} +{% set value = mac if mac is string else mac | join(',') %} MACs {{ value }} {% endif %} -{% if key_exchange %} +{% if key_exchange is defined and key_exchange is not none %} # Specifies the available Key Exchange algorithms -{% set value = key_exchange if key_exchange is string else key_exchange | join(',') %} +{% set value = key_exchange if key_exchange is string else key_exchange | join(',') %} KexAlgorithms {{ value }} {% endif %} -{% if access_control is defined %} -{% if access_control.allow is defined %} +{% if access_control is defined and access_control is not none %} +{% if access_control.allow is defined and access_control.allow is not none %} {% if access_control.allow.user is defined %} # If specified, login is allowed only for user names that match -{% set value = access_control.allow.user if access_control.allow.user is string else access_control.allow.user | join(' ') %} +{% set value = access_control.allow.user if access_control.allow.user is string else access_control.allow.user | join(' ') %} AllowUsers {{ value }} {% endif %} {% if access_control.allow.group is defined %} # If specified, login is allowed only for users whose primary group or supplementary group list matches -{% set value = access_control.allow.group if access_control.allow.group is string else access_control.allow.group | join(' ') %} +{% set value = access_control.allow.group if access_control.allow.group is string else access_control.allow.group | join(' ') %} AllowGroups {{ value }} {% endif %} {% endif %} -{% if access_control.deny is defined %} +{% if access_control.deny is defined and access_control.deny is not none %} {% if access_control.deny.user is defined %} # Login is disallowed for user names that match -{% set value = access_control.deny.user if access_control.deny.user is string else access_control.deny.user | join(' ') %} +{% set value = access_control.deny.user if access_control.deny.user is string else access_control.deny.user | join(' ') %} DenyUsers {{ value }} {% endif %} {% if access_control.deny.group is defined %} # Login is disallowed for users whose primary group or supplementary group list matches -{% set value = access_control.deny.group if access_control.deny.group is string else access_control.deny.group | join(' ') %} +{% set value = access_control.deny.group if access_control.deny.group is string else access_control.deny.group | join(' ') %} DenyGroups {{ value }} {% endif %} {% endif %} {% endif %} -{% if client_keepalive_interval %} +{% if client_keepalive_interval is defined and client_keepalive_interval is not none %} # Sets a timeout interval in seconds after which if no data has been received from the client, # sshd(8) will send a message through the encrypted channel to request a response from the client ClientAliveInterval {{ client_keepalive_interval }} diff --git a/data/templates/system-login/pam_radius_auth.conf.tmpl b/data/templates/system-login/pam_radius_auth.conf.tmpl deleted file mode 100644 index ec2d6df95..000000000 --- a/data/templates/system-login/pam_radius_auth.conf.tmpl +++ /dev/null @@ -1,16 +0,0 @@ -# Automatically generated by system-login.py -# RADIUS configuration file -{% if radius_server %} -# server[:port] shared_secret timeout source_ip -{% for s in radius_server|sort(attribute='priority') if not s.disabled %} -{% set addr_port = s.address + ":" + s.port %} -{{ "%-22s" | format(addr_port) }} {{ "%-25s" | format(s.key) }} {{ "%-10s" | format(s.timeout) }} {{ radius_source_address if radius_source_address }} -{% endfor %} - -priv-lvl 15 -mapped_priv_user radius_priv_user - -{% if radius_vrf %} -vrf-name {{ radius_vrf }} -{% endif %} -{% endif %} diff --git a/debian/control b/debian/control index ccdaa8492..d0ba72bcf 100644 --- a/debian/control +++ b/debian/control @@ -18,7 +18,10 @@ Build-Depends: python3-lxml, python3-netifaces, python3-nose, + python3-jinja2, + python3-psutil, python3-setuptools, + python3-sphinx, python3-xmltodict, quilt, whois diff --git a/interface-definitions/bcast-relay.xml.in b/interface-definitions/bcast-relay.xml.in index b691f79fa..1b354d885 100644 --- a/interface-definitions/bcast-relay.xml.in +++ b/interface-definitions/bcast-relay.xml.in @@ -9,12 +9,7 @@ <priority>990</priority> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Globally disable broadcast relay service</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <tagNode name="id"> <properties> <help>Unique ID for each UDP port to forward</help> @@ -27,12 +22,7 @@ </constraint> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Disable broadcast relay service instance</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="address"> <properties> <help>Set source IP of forwarded packets, otherwise original senders address is used</help> diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in index 2c1609d94..912e4eaf7 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/dhcp-server.xml.in @@ -9,12 +9,7 @@ <priority>911</priority> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Disable DHCP server</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="dynamic-dns-update"> <properties> <help>Dynamically update Domain Name System (RFC4702)</help> @@ -63,12 +58,7 @@ <help>Shared-network-name description</help> </properties> </leafNode> - <leafNode name="disable"> - <properties> - <help>Option to disable DHCP configuration for shared-network</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="shared-network-parameters"> <properties> <help>Additional shared-network parameters for DHCP server. @@ -330,12 +320,7 @@ <constraintErrorMessage>Invalid static mapping name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Option to disable static mapping</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="ip-address"> <properties> <help>Fixed IP address of static mapping</help> diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in index 37bc7e03e..fb0e79c47 100644 --- a/interface-definitions/dhcpv6-server.xml.in +++ b/interface-definitions/dhcpv6-server.xml.in @@ -9,12 +9,7 @@ <priority>900</priority> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Option to disable DHCPv6 server</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="preference"> <properties> <help>Preference of this DHCPv6 server compared with others</help> @@ -37,12 +32,7 @@ <constraintErrorMessage>Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Option to disable DHCPv6 configuration for shared-network</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <node name="common-options"> <properties> <help>Common options to distribute to all clients, including stateless clients</help> @@ -324,12 +314,7 @@ <constraintErrorMessage>Invalid static mapping name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Option to disable static mapping</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="identifier"> <properties> <help>Client identifier (DUID) for this static mapping</help> diff --git a/interface-definitions/firewall-options.xml.in b/interface-definitions/firewall-options.xml.in index defd44f06..8d9225a9a 100644 --- a/interface-definitions/firewall-options.xml.in +++ b/interface-definitions/firewall-options.xml.in @@ -16,12 +16,7 @@ </completionHelp> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Disable this rule</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="adjust-mss"> <properties> <help>Adjust MSS for IPv4 transit packets</help> diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/igmp-proxy.xml.in index b9c52794f..d0f44eada 100644 --- a/interface-definitions/igmp-proxy.xml.in +++ b/interface-definitions/igmp-proxy.xml.in @@ -9,12 +9,7 @@ <priority>740</priority> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Option to disable IGMP proxy</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="disable-quickleave"> <properties> <help>Option to disable "quickleave"</help> diff --git a/interface-definitions/include/accel-auth-local-users.xml.i b/interface-definitions/include/accel-auth-local-users.xml.i index 0d66b8135..35c7a2a06 100644 --- a/interface-definitions/include/accel-auth-local-users.xml.i +++ b/interface-definitions/include/accel-auth-local-users.xml.i @@ -9,12 +9,7 @@ <help>User name for authentication</help> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Option to disable a PPPoE Server user</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="password"> <properties> <help>Password for authentication</help> diff --git a/interface-definitions/include/accel-mtu-128-16384.xml.i b/interface-definitions/include/accel-mtu-128-16384.xml.i index 7ee483056..6bd089823 100644 --- a/interface-definitions/include/accel-mtu-128-16384.xml.i +++ b/interface-definitions/include/accel-mtu-128-16384.xml.i @@ -1,9 +1,11 @@ - <leafNode name="mtu"> - <properties> - <help>Maximum Transmission Unit (MTU) - default 1492</help> - <constraint> - <validator name="numeric" argument="--range 128-16384"/> - </constraint> - </properties> - <defaultValue>1492</defaultValue> - </leafNode> +<!-- included start from accel-mtu-128-16384.xml.i --> +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU) - default 1492</help> + <constraint> + <validator name="numeric" argument="--range 128-16384"/> + </constraint> + </properties> + <defaultValue>1492</defaultValue> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-afi-capability-orf.xml.i b/interface-definitions/include/bgp-afi-capability-orf.xml.i new file mode 100644 index 000000000..9bd265f93 --- /dev/null +++ b/interface-definitions/include/bgp-afi-capability-orf.xml.i @@ -0,0 +1,28 @@ +<!-- included start from bgp-afi-capability-orf.xml.i --> +<node name="orf"> + <properties> + <help>Advertise ORF capability to this peer</help> + </properties> + <children> + <node name="prefix-list"> + <properties> + <help>Advertise prefix-list ORF capability to this peer</help> + </properties> + <children> + <leafNode name="receive"> + <properties> + <help>Capability to receive the ORF</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="send"> + <properties> + <help>Capability to send the ORF</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<!-- included end --> diff --git a/interface-definitions/include/bgp-afi-common.xml.i b/interface-definitions/include/bgp-afi-common.xml.i new file mode 100644 index 000000000..ea4eea591 --- /dev/null +++ b/interface-definitions/include/bgp-afi-common.xml.i @@ -0,0 +1,243 @@ +<!-- included start from bgp-afi-common.xml.i --> +<node name="allowas-in"> + <properties> + <help>Accept route that contains the local-as in the as-path</help> + </properties> + <children> + <leafNode name="number"> + <properties> + <help>Number of occurrences of AS number</help> + <valueHelp> + <format>u32:1-10</format> + <description>Number of times AS is allowed in path</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<leafNode name="as-override"> + <properties> + <help>AS for routes sent to this peer to be the local AS</help> + <valueless/> + </properties> +</leafNode> +<node name="attribute-unchanged"> + <properties> + <help>BGP attributes are sent unchanged</help> + </properties> + <children> + <leafNode name="as-path"> + <properties> + <help>Send AS path unchanged</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="med"> + <properties> + <help>Send multi-exit discriminator unchanged</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="next-hop"> + <properties> + <help>Send nexthop unchanged</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="disable-send-community"> + <properties> + <help>Disable sending community attributes to this peer</help> + </properties> + <children> + <leafNode name="extended"> + <properties> + <help>Disable sending extended community attributes to this peer</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="standard"> + <properties> + <help>Disable sending standard community attributes to this peer</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="default-originate"> + <properties> + <help>Originate default route to this peer</help> + </properties> + <children> + <leafNode name="route-map"> + <properties> + <help>route-map to specify criteria of the default route</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<node name="distribute-list"> + <properties> + <help>Access-list to filter route updates to/from this peer-group</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Access-list to filter outgoing route updates to this peer-group</help> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <valueHelp> + <format>u32:1-65535</format> + <description>Access-list to filter outgoing route updates to this peer-group</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Access-list to filter incoming route updates from this peer-group</help> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <valueHelp> + <format>u32:1-65535</format> + <description>Access-list to filter incoming route updates from this peer-group</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="filter-list"> + <properties> + <help>as-path-list to filter route updates to/from this peer</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>As-path-list to filter outgoing route updates to this peer</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>As-path-list to filter incoming route updates from this peer</help> + <completionHelp> + <path>policy as-path-list</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<leafNode name="maximum-prefix"> + <properties> + <help>Maximum number of prefixes to accept from this peer</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Prefix limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> +</leafNode> +<node name="nexthop-self"> + <properties> + <help>Disable the next hop calculation for this peer</help> + </properties> + <children> + <leafNode name="force"> + <properties> + <help>Set the next hop to self for reflected routes</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<leafNode name="remove-private-as"> + <properties> + <help>Remove private AS numbers from AS path in outbound route updates</help> + <valueless/> + </properties> +</leafNode> +<node name="route-map"> + <properties> + <help>Route-map to filter route updates to/from this peer</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Route-map to filter outgoing route updates</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Route-map to filter incoming route updates</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<leafNode name="route-reflector-client"> + <properties> + <help>Peer is a route reflector client</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="route-server-client"> + <properties> + <help>Peer is a route server client</help> + <valueless/> + </properties> +</leafNode> +<node name="soft-reconfiguration"> + <properties> + <help>Soft reconfiguration for peer</help> + </properties> + <children> + <leafNode name="inbound"> + <properties> + <help>Enable inbound soft reconfiguration</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<leafNode name="unsuppress-map"> + <properties> + <help>Route-map to selectively unsuppress suppressed routes</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="weight"> + <properties> + <help>Default weight for routes from this peer</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Default weight</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-afi-ipv4-prefix-list.xml.i b/interface-definitions/include/bgp-afi-ipv4-prefix-list.xml.i new file mode 100644 index 000000000..bbbada6bd --- /dev/null +++ b/interface-definitions/include/bgp-afi-ipv4-prefix-list.xml.i @@ -0,0 +1,25 @@ +<!-- included start from bgp-afi-ipv4-prefix-list.xml.i --> +<node name="prefix-list"> + <properties> + <help>IPv4-Prefix-list to filter route updates to/from this peer</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>IPv4-Prefix-list to filter outgoing route updates to this peer</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>IPv4-Prefix-list to filter incoming route updates from this peer</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- included end --> diff --git a/interface-definitions/include/bgp-afi-ipv6-nexthop-local.xml.i b/interface-definitions/include/bgp-afi-ipv6-nexthop-local.xml.i new file mode 100644 index 000000000..4778b392f --- /dev/null +++ b/interface-definitions/include/bgp-afi-ipv6-nexthop-local.xml.i @@ -0,0 +1,15 @@ +<!-- included start from bgp-afi-ipv6-nexthop-local.xml.i --> + <node name="nexthop-local"> + <properties> + <help>Nexthop attributes</help> + </properties> + <children> + <leafNode name="unchanged"> + <properties> + <help>Leave link-local nexthop unchanged for this peer</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> +<!-- included end --> diff --git a/interface-definitions/include/bgp-afi-ipv6-prefix-list.xml.i b/interface-definitions/include/bgp-afi-ipv6-prefix-list.xml.i new file mode 100644 index 000000000..8ae7837e9 --- /dev/null +++ b/interface-definitions/include/bgp-afi-ipv6-prefix-list.xml.i @@ -0,0 +1,25 @@ +<!-- included start from bgp-afi-ipv6-prefix-list.xml.i --> +<node name="prefix-list"> + <properties> + <help>Prefix-list to filter route updates to/from this peer</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Prefix-list to filter outgoing route updates to this peer</help> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="import"> + <properties> + <help>Prefix-list to filter incoming route updates from this peer</help> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- included end --> diff --git a/interface-definitions/include/bgp-afi-peer-group.xml.i b/interface-definitions/include/bgp-afi-peer-group.xml.i new file mode 100644 index 000000000..c98a91030 --- /dev/null +++ b/interface-definitions/include/bgp-afi-peer-group.xml.i @@ -0,0 +1,7 @@ +<!-- included start from bgp-afi-peer-group.xml.i --> +<leafNode name="peer-group"> + <properties> + <help>Peer group used for this neighbor</help> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-bfd.xml.i b/interface-definitions/include/bgp-bfd.xml.i new file mode 100644 index 000000000..fe52b12f2 --- /dev/null +++ b/interface-definitions/include/bgp-bfd.xml.i @@ -0,0 +1,15 @@ +<!-- included start from bgp-bfd.xml.i --> +<node name="bfd"> + <properties> + <help>Enable Bidirectional Forwarding Detection (BFD) support</help> + </properties> + <children> + <leafNode name="check-control-plane-failure"> + <properties> + <help>Allow to write CBIT independence in BFD outgoing packets and read both C-BIT value of BFD and lookup BGP peer status</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- included end --> diff --git a/interface-definitions/include/bgp-capability-dynamic.xml.i b/interface-definitions/include/bgp-capability-dynamic.xml.i new file mode 100644 index 000000000..3cf300156 --- /dev/null +++ b/interface-definitions/include/bgp-capability-dynamic.xml.i @@ -0,0 +1,9 @@ +<!-- included start from bgp-capability-dynamic.xml.i --> +<!-- Capability dynamic in the afi ipv6 does nothing T3037 --> +<leafNode name="dynamic"> + <properties> + <help>Advertise dynamic capability to this neighbor</help> + <valueless/> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-capability.xml.i b/interface-definitions/include/bgp-capability.xml.i new file mode 100644 index 000000000..5940e46e4 --- /dev/null +++ b/interface-definitions/include/bgp-capability.xml.i @@ -0,0 +1,16 @@ +<!-- included start from bgp-capability.xml.i --> +<node name="capability"> + <properties> + <help>Advertise capabilities to this peer-group</help> + </properties> + <children> + #include <include/bgp-capability-dynamic.xml.i> + <leafNode name="extended-nexthop"> + <properties> + <help>Advertise extended-nexthop capability to this neighbor</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- included end --> diff --git a/interface-definitions/include/bgp-description.xml.i b/interface-definitions/include/bgp-description.xml.i new file mode 100644 index 000000000..e1766cb9f --- /dev/null +++ b/interface-definitions/include/bgp-description.xml.i @@ -0,0 +1,7 @@ +<!-- included start from bgp-description.xml.i --> +<leafNode name="description"> + <properties> + <help>Neighbor specific description</help> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-disable-capability-negotiation.xml.i b/interface-definitions/include/bgp-disable-capability-negotiation.xml.i new file mode 100644 index 000000000..a43c6e8b9 --- /dev/null +++ b/interface-definitions/include/bgp-disable-capability-negotiation.xml.i @@ -0,0 +1,8 @@ +<!-- included start from bgp-disable-capability-negotiation.xml.i --> +<leafNode name="disable-capability-negotiation"> + <properties> + <help>Disable capability negotiation with this neighbor</help> + <valueless/> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-disable-connected-check.xml.i b/interface-definitions/include/bgp-disable-connected-check.xml.i new file mode 100644 index 000000000..bb9098bf6 --- /dev/null +++ b/interface-definitions/include/bgp-disable-connected-check.xml.i @@ -0,0 +1,8 @@ +<!-- included start from bgp-disable-connected-check.xml.i --> +<leafNode name="disable-connected-check"> + <properties> + <help>Disable check to see if eBGP peer address is a connected route</help> + <valueless/> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-ebgp-multihop.xml.i b/interface-definitions/include/bgp-ebgp-multihop.xml.i new file mode 100644 index 000000000..6459fcf47 --- /dev/null +++ b/interface-definitions/include/bgp-ebgp-multihop.xml.i @@ -0,0 +1,14 @@ +<!-- included start from bgp-ebgp-multihop.xml.i --> +<leafNode name="ebgp-multihop"> + <properties> + <help>Allow this EBGP neighbor to not be on a directly connected network</help> + <valueHelp> + <format>u32:1-255</format> + <description>Number of hops</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-local-as.xml.i b/interface-definitions/include/bgp-local-as.xml.i new file mode 100644 index 000000000..cf55ce476 --- /dev/null +++ b/interface-definitions/include/bgp-local-as.xml.i @@ -0,0 +1,22 @@ +<!-- included start from bgp-local-as.xml.i --> +<tagNode name="local-as"> + <properties> + <help>Local AS number [REQUIRED]</help> + <valueHelp> + <format>u32:1-4294967294</format> + <description>Local AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + </constraint> + </properties> + <children> + <leafNode name="no-prepend"> + <properties> + <help>Disable prepending local-as to updates from EBGP peers</help> + <valueless/> + </properties> + </leafNode> + </children> +</tagNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-neighbor-afi-ipv4-unicast.xml.i b/interface-definitions/include/bgp-neighbor-afi-ipv4-unicast.xml.i index c5a83f045..03a859271 100644 --- a/interface-definitions/include/bgp-neighbor-afi-ipv4-unicast.xml.i +++ b/interface-definitions/include/bgp-neighbor-afi-ipv4-unicast.xml.i @@ -4,283 +4,18 @@ <help>IPv4 BGP neighbor parameters</help> </properties> <children> - <node name="allowas-in"> - <properties> - <help>Accept a IPv4-route that contains the local-AS in the as-path</help> - </properties> - <children> - <leafNode name="number"> - <properties> - <help>Number of occurrences of AS number</help> - <valueHelp> - <format>u32:1-10</format> - <description>Number of times AS is allowed in path</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-10"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <leafNode name="as-override"> - <properties> - <help>AS for routes sent to this neighbor to be the local AS</help> - <valueless/> - </properties> - </leafNode> - <node name="attribute-unchanged"> - <properties> - <help>BGP attributes are sent unchanged (IPv4)</help> - </properties> - <children> - <leafNode name="as-path"> - <properties> - <help>Send AS path unchanged (IPv4)</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="med"> - <properties> - <help>Send multi-exit discriminator unchanged (IPv4)</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="next-hop"> - <properties> - <help>Send nexthop unchanged (IPv4)</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> <node name="capability"> <properties> <help>Advertise capabilities to this neighbor (IPv4)</help> </properties> <children> - <node name="orf"> - <properties> - <help>Advertise ORF capability to this neighbor</help> - </properties> - <children> - <node name="prefix-list"> - <properties> - <help>Advertise prefix-list ORF capability to this neighbor</help> - </properties> - <children> - <leafNode name="receive"> - <properties> - <help>Capability to receive the ORF</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="send"> - <properties> - <help>Capability to send the ORF</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - </children> - </node> - </children> - </node> - <node name="default-originate"> - <properties> - <help>Send default IPv4-route to this neighbor</help> - </properties> - <children> - <leafNode name="route-map"> - <properties> - <help>IPv4-Route-map to specify criteria of the default</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <node name="distribute-list"> - <properties> - <help>Access-list to filter IPv4-route updates to/from this neighbor</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>Access-list to filter outgoing IPv4-route updates to this neighbor</help> - <completionHelp> - <path>policy access-list</path> - </completionHelp> - <valueHelp> - <format>u32:1-65535</format> - <description>Access-list to filter outgoing IPv4-route updates to this neighbor</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>Access-list to filter incoming IPv4-route updates from this neighbor</help> - <completionHelp> - <path>policy access-list</path> - </completionHelp> - <valueHelp> - <format>u32:1-65535</format> - <description>Access-list to filter incoming IPv4-route updates from this neighbor</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> + #include <include/bgp-afi-capability-orf.xml.i> + #include <include/bgp-capability-dynamic.xml.i> </children> </node> - <node name="filter-list"> - <properties> - <help>As-path-list to filter IPv4-route updates to/from this neighbor</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>As-path-list to filter outgoing IPv4-route updates to this neighbor</help> - <completionHelp> - <path>policy as-path-list</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>As-path-list to filter incoming IPv4-route updates from this neighbor</help> - <completionHelp> - <path>policy as-path-list</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="maximum-prefix"> - <properties> - <help>Maximum number of IPv4-prefixes to accept from this neighbor</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>Prefix limit</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - </leafNode> - <node name="nexthop-self"> - <properties> - <help>Nexthop for IPv4-routes sent to this neighbor to be the local router</help> - </properties> - <children> - <leafNode name="force"> - <properties> - <help>Set the next hop to self for reflected routes</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <node name="prefix-list"> - <properties> - <help>IPv4-Prefix-list to filter route updates to/from this neighbor</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>IPv4-Prefix-list to filter outgoing route updates to this neighbor</help> - <completionHelp> - <path>policy prefix-list</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>IPv4-Prefix-list to filter incoming route updates from this neighbor</help> - <completionHelp> - <path>policy prefix-list</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="remove-private-as"> - <properties> - <help>Remove private AS numbers from AS path in outbound IPv4-route updates</help> - <valueless/> - </properties> - </leafNode> - <node name="route-map"> - <properties> - <help>Route-map to filter IPv4-route updates to/from this neighbor</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>IPv4-Route-map to filter outgoing route updates to this neighbor</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>IPv4-Route-map to filter incoming route updates from this neighbor</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="route-reflector-client"> - <properties> - <help>Neighbor as a IPv4-route reflector client</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="route-server-client"> - <properties> - <help>Neighbor is IPv4-route server client</help> - <valueless/> - </properties> - </leafNode> - <node name="soft-reconfiguration"> - <properties> - <help>Soft reconfiguration for neighbor (IPv4)</help> - </properties> - <children> - <leafNode name="inbound"> - <properties> - <help>Inbound soft reconfiguration for this neighbor [REQUIRED]</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <leafNode name="unsuppress-map"> - <properties> - <help>Route-map to selectively unsuppress suppressed IPv4-routes</help> - </properties> - </leafNode> - <leafNode name="weight"> - <properties> - <help>Default weight for routes from this neighbor</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Weight for routes from this neighbor</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> + #include <include/bgp-afi-peer-group.xml.i> + #include <include/bgp-afi-ipv4-prefix-list.xml.i> + #include <include/bgp-afi-common.xml.i> </children> </node> <!-- included end --> diff --git a/interface-definitions/include/bgp-neighbor-afi-ipv6-unicast.xml.i b/interface-definitions/include/bgp-neighbor-afi-ipv6-unicast.xml.i index 61cdc6a1c..e9ba23408 100644 --- a/interface-definitions/include/bgp-neighbor-afi-ipv6-unicast.xml.i +++ b/interface-definitions/include/bgp-neighbor-afi-ipv6-unicast.xml.i @@ -4,328 +4,19 @@ <help>IPv6 BGP neighbor parameters</help> </properties> <children> - <node name="allowas-in"> - <properties> - <help>Accept a IPv6-route that contains the local-AS in the as-path</help> - </properties> - <children> - <leafNode name="number"> - <properties> - <help>Number of occurrences of AS number</help> - <valueHelp> - <format>u32:1-10</format> - <description>Number of times AS is allowed in path</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-10"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <leafNode name="as-override"> - <properties> - <help>AS for routes sent to this neighbor to be the local AS</help> - <valueless/> - </properties> - </leafNode> - <node name="attribute-unchanged"> - <properties> - <help>BGP attributes are sent unchanged</help> - </properties> - <children> - <leafNode name="as-path"> - <properties> - <help>Send AS path unchanged</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="med"> - <properties> - <help>Send multi-exit discriminator unchanged</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="next-hop"> - <properties> - <help>Send nexthop unchanged</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> <node name="capability"> <properties> <help>Advertise capabilities to this neighbor (IPv6)</help> </properties> <children> - <!-- Capability dynamic in the afi ipv6 does nothing T3037 --> - <leafNode name="dynamic"> - <properties> - <help>Advertise dynamic capability to this neighbor</help> - <valueless/> - </properties> - </leafNode> - <node name="orf"> - <properties> - <help>Advertise ORF capability to this neighbor</help> - </properties> - <children> - <node name="prefix-list"> - <properties> - <help>Advertise prefix-list ORF capability to this neighbor</help> - </properties> - <children> - <leafNode name="receive"> - <properties> - <help>Capability to receive the ORF</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="send"> - <properties> - <help>Capability to send the ORF</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - </children> - </node> - </children> - </node> - <node name="default-originate"> - <properties> - <help>Send default IPv6-route to this neighbor</help> - </properties> - <children> - <leafNode name="route-map"> - <properties> - <help>Route-map to specify criteria of the default</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <node name="disable-send-community"> - <properties> - <help>Disable sending community attributes to this neighbor</help> - </properties> - <children> - <leafNode name="extended"> - <properties> - <help>Disable sending extended community attributes to this neighbor</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="standard"> - <properties> - <help>Disable sending standard community attributes to this neighbor</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <node name="distribute-list"> - <properties> - <help>Access-list to filter route updates to/from this neighbor</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>Access-list to filter outgoing route updates to this neighbor</help> - <completionHelp> - <path>policy access-list6</path> - </completionHelp> - <valueHelp> - <format>u32:1-65535</format> - <description>Access-list to filter outgoing route updates to this neighbor</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>Access-list to filter incoming route updates from this neighbor</help> - <completionHelp> - <path>policy access-list6</path> - </completionHelp> - <valueHelp> - <format>u32:1-65535</format> - <description>Access-list to filter incoming route updates from this neighbor</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> + #include <include/bgp-afi-capability-orf.xml.i> + #include <include/bgp-capability-dynamic.xml.i> </children> </node> - <node name="filter-list"> - <properties> - <help>As-path-list to filter route updates to/from this neighbor</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>As-path-list to filter outgoing route updates to this neighbor</help> - <completionHelp> - <path>policy as-path-list</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>As-path-list to filter incoming route updates from this neighbor</help> - <completionHelp> - <path>policy as-path-list</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="maximum-prefix"> - <properties> - <help>Maximum number of prefixes to accept from this neighbor</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>Prefix limit</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - </leafNode> - <node name="nexthop-local"> - <properties> - <help>Nexthop attributes</help> - </properties> - <children> - <leafNode name="unchanged"> - <properties> - <help>Leave link-local nexthop unchanged for this peer</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <node name="nexthop-self"> - <properties> - <help>Nexthop for IPv6-routes sent to this neighbor to be the local router</help> - </properties> - <children> - <leafNode name="force"> - <properties> - <help>Set the next hop to self for reflected routes</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <leafNode name="peer-group"> - <properties> - <help>IPv6 peer group for this peer</help> - </properties> - </leafNode> - <node name="prefix-list"> - <properties> - <help>Prefix-list to filter route updates to/from this neighbor</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>Prefix-list to filter outgoing route updates to this neighbor</help> - <completionHelp> - <path>policy prefix-list6</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>Prefix-list to filter incoming route updates from this neighbor</help> - <completionHelp> - <path>policy prefix-list6</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="remove-private-as"> - <properties> - <help>Remove private AS numbers from AS path in outbound route updates</help> - <valueless/> - </properties> - </leafNode> - <node name="route-map"> - <properties> - <help>Route-map to filter route updates to/from this neighbor</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>Route-map to filter outgoing route updates to this neighbor</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>Route-map to filter incoming route updates from this neighbor</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="route-reflector-client"> - <properties> - <help>Neighbor as a IPv6-route reflector client</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="route-server-client"> - <properties> - <help>Neighbor is IPv6-route server client</help> - <valueless/> - </properties> - </leafNode> - <node name="soft-reconfiguration"> - <properties> - <help>Soft reconfiguration for neighbor (IPv6)</help> - </properties> - <children> - <leafNode name="inbound"> - <properties> - <help>Inbound soft reconfiguration for this neighbor [REQUIRED]</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <leafNode name="unsuppress-map"> - <properties> - <help>Route-map to selectively unsuppress suppressed IPv6-routes</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="weight"> - <properties> - <help>Default weight for routes from this neighbor</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Weight for routes from this neighbor</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> + #include <include/bgp-afi-peer-group.xml.i> + #include <include/bgp-afi-ipv6-nexthop-local.xml.i> + #include <include/bgp-afi-ipv6-prefix-list.xml.i> + #include <include/bgp-afi-common.xml.i> </children> </node> <!-- included end --> diff --git a/interface-definitions/include/bgp-override-capability.xml.i b/interface-definitions/include/bgp-override-capability.xml.i new file mode 100644 index 000000000..88c277c8b --- /dev/null +++ b/interface-definitions/include/bgp-override-capability.xml.i @@ -0,0 +1,8 @@ +<!-- included start from bgp-override-capability.xml.i --> +<leafNode name="override-capability"> + <properties> + <help>Ignore capability negotiation with specified neighbor</help> + <valueless/> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-passive.xml.i b/interface-definitions/include/bgp-passive.xml.i new file mode 100644 index 000000000..ada961866 --- /dev/null +++ b/interface-definitions/include/bgp-passive.xml.i @@ -0,0 +1,8 @@ +<!-- included start from bgp-passive.xml.i --> +<leafNode name="passive"> + <properties> + <help>Do not initiate a session with this neighbor</help> + <valueless/> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-password.xml.i b/interface-definitions/include/bgp-password.xml.i new file mode 100644 index 000000000..5b68a2d71 --- /dev/null +++ b/interface-definitions/include/bgp-password.xml.i @@ -0,0 +1,7 @@ +<!-- included start from bgp-password.xml.i --> +<leafNode name="password"> + <properties> + <help>BGP MD5 password</help> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-peer-group-afi-ipv4-unicast.xml.i b/interface-definitions/include/bgp-peer-group-afi-ipv4-unicast.xml.i deleted file mode 100644 index e34d9f774..000000000 --- a/interface-definitions/include/bgp-peer-group-afi-ipv4-unicast.xml.i +++ /dev/null @@ -1,303 +0,0 @@ -<!-- included start from bgp-peer-group-afi-ipv4-unicast.xml.i --> -<node name="ipv4-unicast"> - <properties> - <help>IPv4 BGP peer group parameters</help> - </properties> - <children> - <node name="allowas-in"> - <properties> - <help>Accept a route that contains the local-AS in the as-path</help> - </properties> - <children> - <leafNode name="number"> - <properties> - <help>Number of occurrences of AS number</help> - <valueHelp> - <format>u32:1-10</format> - <description>Number of times AS is allowed in path</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-10"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <node name="attribute-unchanged"> - <properties> - <help>BGP attributes are sent unchanged</help> - </properties> - <children> - <leafNode name="as-path"> - <properties> - <help>Send AS path unchanged</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="med"> - <properties> - <help>Send multi-exit discriminator unchanged</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="next-hop"> - <properties> - <help>Send nexthop unchanged</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <node name="capability"> - <properties> - <help>Advertise capabilities to this peer-group</help> - </properties> - <children> - <leafNode name="dynamic"> - <properties> - <help>Advertise dynamic capability to this peer-group</help> - <valueless/> - </properties> - </leafNode> - <node name="orf"> - <properties> - <help>Advertise ORF capability to this peer-group</help> - </properties> - <children> - <node name="prefix-list"> - <properties> - <help>Advertise prefix-list ORF capability to this peer-group</help> - </properties> - <children> - <leafNode name="receive"> - <properties> - <help>Capability to receive the ORF</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="send"> - <properties> - <help>Capability to send the ORF</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - </children> - </node> - </children> - </node> - <node name="default-originate"> - <properties> - <help>Send default route to this peer-group</help> - </properties> - <children> - <leafNode name="route-map"> - <properties> - <help>Route-map to specify criteria of the default</help> - </properties> - </leafNode> - </children> - </node> - <node name="disable-send-community"> - <properties> - <help>Disable sending community attributes to this peer-group</help> - </properties> - <children> - <leafNode name="extended"> - <properties> - <help>Disable sending extended community attributes to this peer-group</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="standard"> - <properties> - <help>Disable sending standard community attributes to this peer-group</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <node name="distribute-list"> - <properties> - <help>Access-list to filter route updates to/from this peer-group</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>Access-list to filter outgoing route updates to this peer-group</help> - <completionHelp> - <path>policy access-list</path> - </completionHelp> - <valueHelp> - <format>u32:1-65535</format> - <description>Access-list to filter outgoing route updates to this peer-group</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>Access-list to filter incoming route updates from this peer-group</help> - <completionHelp> - <path>policy access-list</path> - </completionHelp> - <valueHelp> - <format>u32:1-65535</format> - <description>Access-list to filter incoming route updates from this peer-group</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <node name="filter-list"> - <properties> - <help>As-path-list to filter route updates to/from this peer-group</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>As-path-list to filter outgoing route updates to this peer-group</help> - <completionHelp> - <path>policy as-path-list</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>As-path-list to filter incoming route updates from this peer-group</help> - <completionHelp> - <path>policy as-path-list</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="maximum-prefix"> - <properties> - <help>Maximum number of prefixes to accept from this peer-group</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>Prefix limit</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - </leafNode> - <node name="nexthop-self"> - <properties> - <help>Nexthop for routes sent to this peer-group to be the local router</help> - </properties> - <children> - <leafNode name="force"> - <properties> - <help>Set the next hop to self for reflected routes</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <node name="prefix-list"> - <properties> - <help>Prefix-list to filter route updates to/from this peer-group</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>Prefix-list to filter outgoing route updates to this peer-group</help> - <completionHelp> - <path>policy prefix-list</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>Prefix-list to filter incoming route updates from this peer-group</help> - <completionHelp> - <path>policy prefix-list</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="remove-private-as"> - <properties> - <help>Remove private AS numbers from AS path in outbound route updates</help> - <valueless/> - </properties> - </leafNode> - <node name="route-map"> - <properties> - <help>Route-map to filter route updates to/from this peer-group</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>Route-map to filter outgoing route updates to this peer-group</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>Route-map to filter incoming route updates from this peer-group</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="route-reflector-client"> - <properties> - <help>Peer-group as a route reflector client</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="route-server-client"> - <properties> - <help>Peer-group as route server client</help> - <valueless/> - </properties> - </leafNode> - <node name="soft-reconfiguration"> - <properties> - <help>Soft reconfiguration for peer-group</help> - </properties> - <children> - <leafNode name="inbound"> - <properties> - <help>Inbound soft reconfiguration for this peer-group [REQUIRED]</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <leafNode name="unsuppress-map"> - <properties> - <help>Route-map to selectively unsuppress suppressed routes</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="weight"> - <properties> - <help>Default weight for routes from this peer-group</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Weight for routes from this peer-group</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - </children> -</node> -<!-- included end --> diff --git a/interface-definitions/include/bgp-peer-group-afi-ipv6-unicast.xml.i b/interface-definitions/include/bgp-peer-group-afi-ipv6-unicast.xml.i deleted file mode 100644 index 400193b7b..000000000 --- a/interface-definitions/include/bgp-peer-group-afi-ipv6-unicast.xml.i +++ /dev/null @@ -1,319 +0,0 @@ -<!-- included start from bgp-peer-group-afi-ipv6-unicast.xml.i --> -<node name="ipv6-unicast"> - <properties> - <help>IPv6 BGP neighbor parameters</help> - </properties> - <children> - <node name="allowas-in"> - <properties> - <help>Accept a IPv6-route that contains the local-AS in the as-path</help> - </properties> - <children> - <leafNode name="number"> - <properties> - <help>Number of occurrences of AS number</help> - <valueHelp> - <format>u32:1-10</format> - <description>Number of times AS is allowed in path</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-10"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <node name="attribute-unchanged"> - <properties> - <help>BGP attributes are sent unchanged</help> - </properties> - <children> - <leafNode name="as-path"> - <properties> - <help>Send AS path unchanged</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="med"> - <properties> - <help>Send multi-exit discriminator unchanged</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="next-hop"> - <properties> - <help>Send nexthop unchanged</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <node name="capability"> - <properties> - <help>Advertise capabilities to this peer-group</help> - </properties> - <children> - <leafNode name="dynamic"> - <properties> - <help>Advertise dynamic capability to this peer-group</help> - <valueless/> - </properties> - </leafNode> - <node name="orf"> - <properties> - <help>Advertise ORF capability to this peer-group</help> - </properties> - <children> - <node name="prefix-list"> - <properties> - <help>Advertise prefix-list ORF capability to this peer-group</help> - </properties> - <children> - <leafNode name="receive"> - <properties> - <help>Capability to receive the ORF</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="send"> - <properties> - <help>Capability to send the ORF</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - </children> - </node> - </children> - </node> - <node name="default-originate"> - <properties> - <help>Send default route to this peer-group</help> - </properties> - <children> - <leafNode name="route-map"> - <properties> - <help>Route-map to specify criteria of the default</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <node name="disable-send-community"> - <properties> - <help>Disable sending community attributes to this peer-group</help> - </properties> - <children> - <leafNode name="extended"> - <properties> - <help>Disable sending extended community attributes to this peer-group</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="standard"> - <properties> - <help>Disable sending standard community attributes to this peer-group</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <node name="distribute-list"> - <properties> - <help>Access-list to filter route updates to/from this peer-group</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>Access-list to filter outgoing route updates to this peer-group</help> - <completionHelp> - <path>policy access-list6</path> - </completionHelp> - <valueHelp> - <format>u32:1-65535</format> - <description>Access-list to filter outgoing route updates to this peer-group</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>Access-list to filter incoming route updates from this peer-group</help> - <completionHelp> - <path>policy access-list6</path> - </completionHelp> - <valueHelp> - <format>u32:1-65535</format> - <description>Access-list to filter incoming route updates from this peer-group</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <node name="filter-list"> - <properties> - <help>As-path-list to filter route updates to/from this peer-group</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>As-path-list to filter outgoing route updates to this peer-group</help> - <completionHelp> - <path>policy as-path-list</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>As-path-list to filter incoming route updates from this peer-group</help> - <completionHelp> - <path>policy as-path-list</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="maximum-prefix"> - <properties> - <help>Maximum number of prefixes to accept from this peer-group</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>Prefix limit</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - </leafNode> - <node name="nexthop-local"> - <properties> - <help>Nexthop attributes</help> - </properties> - <children> - <leafNode name="unchanged"> - <properties> - <help>Leave link-local nexthop unchanged for this peer</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <node name="nexthop-self"> - <properties> - <help>Nexthop for routes sent to this peer-group to be the local router</help> - </properties> - <children> - <leafNode name="force"> - <properties> - <help>Set the next hop to self for reflected routes</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <node name="prefix-list"> - <properties> - <help>Prefix-list to filter route updates to/from this peer-group</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>Prefix-list to filter outgoing route updates to this peer-group</help> - <completionHelp> - <path>policy prefix-list6</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>Prefix-list to filter incoming route updates from this peer-group</help> - <completionHelp> - <path>policy prefix-list6</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="remove-private-as"> - <properties> - <help>Remove private AS numbers from AS path in outbound route updates</help> - <valueless/> - </properties> - </leafNode> - <node name="route-map"> - <properties> - <help>Route-map to filter route updates to/from this peer-group</help> - </properties> - <children> - <leafNode name="export"> - <properties> - <help>Route-map to filter outgoing route updates to this peer-group</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="import"> - <properties> - <help>Route-map to filter incoming route updates from this peer-group</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="route-reflector-client"> - <properties> - <help>Peer-group as a route reflector client</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="route-server-client"> - <properties> - <help>Peer-group as route server client</help> - <valueless/> - </properties> - </leafNode> - <node name="soft-reconfiguration"> - <properties> - <help>Soft reconfiguration for peer-group</help> - </properties> - <children> - <leafNode name="inbound"> - <properties> - <help>Inbound soft reconfiguration for this peer-group [REQUIRED]</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <leafNode name="unsuppress-map"> - <properties> - <help>Route-map to selectively unsuppress suppressed routes</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="weight"> - <properties> - <help>Default weight for routes from this peer-group</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Weight for routes from this peer-group</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - </children> -</node> -<!-- included end --> diff --git a/interface-definitions/include/bgp-peer-group.xml.i b/interface-definitions/include/bgp-peer-group.xml.i new file mode 100644 index 000000000..24585c1ce --- /dev/null +++ b/interface-definitions/include/bgp-peer-group.xml.i @@ -0,0 +1,7 @@ +<!-- included start from bgp-peer-group.xml.i --> +<leafNode name="peer-group"> + <properties> + <help>Peer group for this peer</help> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-remote-as.xml.i b/interface-definitions/include/bgp-remote-as.xml.i new file mode 100644 index 000000000..de3f4d2ad --- /dev/null +++ b/interface-definitions/include/bgp-remote-as.xml.i @@ -0,0 +1,27 @@ +<!-- included start from bgp-remote-as.xml.i --> +<leafNode name="remote-as"> + <properties> + <help>Neighbor BGP AS number [REQUIRED]</help> + <completionHelp> + <list>external internal</list> + </completionHelp> + <valueHelp> + <format>u32:1-4294967294</format> + <description>Neighbor AS number</description> + </valueHelp> + <valueHelp> + <format>external</format> + <description>Any AS different from the local AS</description> + </valueHelp> + <valueHelp> + <format>internal</format> + <description>Neighbor AS number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967294"/> + <regex>^(external|internal)$</regex> + </constraint> + <constraintErrorMessage>Invalid AS number</constraintErrorMessage> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-route-map.xml.i b/interface-definitions/include/bgp-route-map.xml.i new file mode 100644 index 000000000..18b092354 --- /dev/null +++ b/interface-definitions/include/bgp-route-map.xml.i @@ -0,0 +1,10 @@ +<!-- included start from bgp-route-map.xml.i --> +<leafNode name="route-map"> + <properties> + <help>Route-map to modify route attributes</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-shutdown.xml.i b/interface-definitions/include/bgp-shutdown.xml.i new file mode 100644 index 000000000..330120bba --- /dev/null +++ b/interface-definitions/include/bgp-shutdown.xml.i @@ -0,0 +1,8 @@ +<!-- included start from bgp-shutdown.xml.i --> +<leafNode name="shutdown"> + <properties> + <help>Administratively shut down peer-group</help> + <valueless/> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-timers-holdtime.xml.i b/interface-definitions/include/bgp-timers-holdtime.xml.i new file mode 100644 index 000000000..09924574b --- /dev/null +++ b/interface-definitions/include/bgp-timers-holdtime.xml.i @@ -0,0 +1,18 @@ +<!-- included start from bgp-timers-holdtime.xml.i --> +<leafNode name="holdtime"> + <properties> + <help>BGP hold timer for this neighbor</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Hold timer in seconds</description> + </valueHelp> + <valueHelp> + <format>0</format> + <description>Hold timer disabled</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-timers-keepalive.xml.i b/interface-definitions/include/bgp-timers-keepalive.xml.i new file mode 100644 index 000000000..7d294c9d6 --- /dev/null +++ b/interface-definitions/include/bgp-timers-keepalive.xml.i @@ -0,0 +1,14 @@ +<!-- included start from bgp-timers-keepalive.xml.i --> +<leafNode name="keepalive"> + <properties> + <help>BGP keepalive interval for this neighbor</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Keepalive interval in seconds (default 60)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/bgp-ttl-security.xml.i b/interface-definitions/include/bgp-ttl-security.xml.i new file mode 100644 index 000000000..3f4d1786d --- /dev/null +++ b/interface-definitions/include/bgp-ttl-security.xml.i @@ -0,0 +1,21 @@ +<!-- included start from bgp-ttl-security.xml.i --> +<node name="ttl-security"> + <properties> + <help>Ttl security mechanism</help> + </properties> + <children> + <leafNode name="hops"> + <properties> + <help>Number of the maximum number of hops to the BGP peer</help> + <valueHelp> + <format>u32:1-254</format> + <description>Number of hops</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-254"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- included end --> diff --git a/interface-definitions/include/bgp-update-source.xml.i b/interface-definitions/include/bgp-update-source.xml.i new file mode 100644 index 000000000..c1db2e2c1 --- /dev/null +++ b/interface-definitions/include/bgp-update-source.xml.i @@ -0,0 +1,28 @@ +<!-- included start from bgp-update-source.xml.i --> +<leafNode name="update-source"> + <!-- Need to check format interfaces --> + <properties> + <help>Source IP of routing updates</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of route source</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of route source</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>Interface as route source</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + <regex>^(br|bond|dum|en|eth|gnv|peth|tun|vti|vxlan|wg|wlan)[0-9]+|lo$</regex> + </constraint> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/generic-disable-node.xml.i b/interface-definitions/include/generic-disable-node.xml.i new file mode 100644 index 000000000..520383afb --- /dev/null +++ b/interface-definitions/include/generic-disable-node.xml.i @@ -0,0 +1,8 @@ +<!-- included start from generic-disable-node.xml.i --> +<leafNode name="disable"> + <properties> + <help>Temporary disable</help> + <valueless/> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/interface-eapol.xml.i b/interface-definitions/include/interface-eapol.xml.i index 94476f0f1..8b33b4acf 100644 --- a/interface-definitions/include/interface-eapol.xml.i +++ b/interface-definitions/include/interface-eapol.xml.i @@ -1,12 +1,12 @@ -<!-- included start from interface-eapol.xml.i -->
-<node name="eapol">
- <properties>
- <help>Extensible Authentication Protocol over Local Area Network</help>
- </properties>
- <children>
- #include <include/certificate.xml.i>
- #include <include/certificate-ca.xml.i>
- #include <include/certificate-key.xml.i>
- </children>
-</node>
-<!-- included end -->
+<!-- included start from interface-eapol.xml.i --> +<node name="eapol"> + <properties> + <help>Extensible Authentication Protocol over Local Area Network</help> + </properties> + <children> + #include <include/certificate.xml.i> + #include <include/certificate-ca.xml.i> + #include <include/certificate-key.xml.i> + </children> +</node> +<!-- included end --> diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i index e034ef4dd..7ef90f07e 100644 --- a/interface-definitions/include/nat-rule.xml.i +++ b/interface-definitions/include/nat-rule.xml.i @@ -26,12 +26,7 @@ #include <include/nat-port.xml.i> </children> </node> - <leafNode name="disable"> - <properties> - <help>Disable NAT rule</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="exclude"> <properties> <help>Exclude packets matching this rule from NAT</help> diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i new file mode 100644 index 000000000..e4919d86a --- /dev/null +++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i @@ -0,0 +1,32 @@ +<!-- included start from radius-server-ipv4-ipv6.xml.i --> +<node name="radius"> + <properties> + <help>RADIUS based user authentication</help> + </properties> + <children> + <tagNode name="server"> + <properties> + <help>RADIUS server configuration</help> + <valueHelp> + <format>ipv4</format> + <description>RADIUS server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>RADIUS server IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/radius-server-key.xml.in> + #include <include/radius-server-port.xml.in> + </children> + </tagNode> + #include <include/source-address-ipv4-ipv6.xml.i> + </children> +</node> +<!-- included end --> diff --git a/interface-definitions/include/radius-server-ipv4.xml.i b/interface-definitions/include/radius-server-ipv4.xml.i new file mode 100644 index 000000000..9c73c4c49 --- /dev/null +++ b/interface-definitions/include/radius-server-ipv4.xml.i @@ -0,0 +1,27 @@ +<!-- included start from radius-server-ipv4.xml.i --> +<node name="radius"> + <properties> + <help>RADIUS based user authentication</help> + </properties> + <children> + #include <include/source-address-ipv4.xml.i> + <tagNode name="server"> + <properties> + <help>RADIUS server configuration</help> + <valueHelp> + <format>ipv4</format> + <description>RADIUS server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/radius-server-key.xml.in> + #include <include/radius-server-port.xml.in> + </children> + </tagNode> + </children> +</node> +<!-- included end --> diff --git a/interface-definitions/include/radius-server-key.xml.in b/interface-definitions/include/radius-server-key.xml.in new file mode 100644 index 000000000..32a01b402 --- /dev/null +++ b/interface-definitions/include/radius-server-key.xml.in @@ -0,0 +1,7 @@ +<!-- included start from radius-server-key.xml.i --> +<leafNode name="key"> + <properties> + <help>Shared secret key</help> + </properties> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/radius-server-port.xml.in b/interface-definitions/include/radius-server-port.xml.in new file mode 100644 index 000000000..71b6bddb7 --- /dev/null +++ b/interface-definitions/include/radius-server-port.xml.in @@ -0,0 +1,15 @@ +<!-- included start from radius-server-port.xml.i --> +<leafNode name="port"> + <properties> + <help>Authentication port</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Numeric IP port (default: 1812)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>1812</defaultValue> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/radius-server.xml.i b/interface-definitions/include/radius-server.xml.i deleted file mode 100644 index c1dadd2a2..000000000 --- a/interface-definitions/include/radius-server.xml.i +++ /dev/null @@ -1,48 +0,0 @@ -<!-- included start from radius-server.xml.i --> -<node name="radius"> - <properties> - <help>RADIUS based user authentication</help> - </properties> - <children> - #include <include/source-address-ipv4.xml.i> - <tagNode name="server"> - <properties> - <help>RADIUS server configuration</help> - <valueHelp> - <format>ipv4</format> - <description>RADIUS server IPv4 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - <children> - <leafNode name="disable"> - <properties> - <help>Temporary disable this server</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="key"> - <properties> - <help>Shared secret key</help> - </properties> - </leafNode> - <leafNode name="port"> - <properties> - <help>Authentication port</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Numeric IP port (default: 1812)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - <defaultValue>1812</defaultValue> - </leafNode> - </children> - </tagNode> - </children> -</node> -<!-- included end --> diff --git a/interface-definitions/include/source-address-ipv4-ipv6.xml.i b/interface-definitions/include/source-address-ipv4-ipv6.xml.i index 004e04f7b..4da4698c2 100644 --- a/interface-definitions/include/source-address-ipv4-ipv6.xml.i +++ b/interface-definitions/include/source-address-ipv4-ipv6.xml.i @@ -17,6 +17,7 @@ <validator name="ipv4-address"/> <validator name="ipv6-address"/> </constraint> + <multi/> </properties> </leafNode> <!-- included end --> diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index 34040bf72..527f7fd54 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -418,12 +418,7 @@ </valueHelp> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Option to disable client connection</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="ip"> <properties> <help>IP address of the client</help> @@ -482,12 +477,7 @@ <help>Pool of client IPv4 addresses</help> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Disable client IP pool</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="start"> <properties> <help>First IP address in the pool</help> @@ -546,12 +536,7 @@ </constraint> </properties> </leafNode> - <leafNode name="disable"> - <properties> - <help>Disable client IPv6 pool</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> </children> </node> <leafNode name="domain-name"> diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in index 92c9f510c..acf5082d6 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -55,12 +55,7 @@ <constraintErrorMessage>peer alias too long (limit 100 characters)</constraintErrorMessage> </properties> <children> - <leafNode name="disable"> - <properties> - <help>disables peer</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="pubkey"> <properties> <help>base64 encoded public key</help> diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index 86f529278..f39e5618f 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -722,7 +722,7 @@ <constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage> </properties> </leafNode> - #include <include/radius-server.xml.i> + #include <include/radius-server-ipv4.xml.i> <node name="radius"> <children> <tagNode name="server"> diff --git a/interface-definitions/lldp.xml.in b/interface-definitions/lldp.xml.in index 950b267ef..9fdffcea1 100644 --- a/interface-definitions/lldp.xml.in +++ b/interface-definitions/lldp.xml.in @@ -25,12 +25,7 @@ </completionHelp> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Disable lldp on this interface</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <node name="location"> <properties> <help>LLDP-MED location data [REQUIRED]</help> diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in index 00aaddb17..d6bed5b27 100644 --- a/interface-definitions/nat.xml.in +++ b/interface-definitions/nat.xml.in @@ -79,12 +79,7 @@ <help>Rule description</help> </properties> </leafNode> - <leafNode name="disable"> - <properties> - <help>Disable NAT rule</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> #include <include/nat-interface.xml.i> <node name="source"> <properties> diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/ntp.xml.in index b939d9dc6..d244b56bb 100644 --- a/interface-definitions/ntp.xml.in +++ b/interface-definitions/ntp.xml.in @@ -5,8 +5,8 @@ <children> <node name="ntp" owner="${vyos_conf_scripts_dir}/ntp.py"> <properties> - <priority>400</priority> <help>Network Time Protocol (NTP) configuration</help> + <priority>900</priority> </properties> <children> <tagNode name="server"> diff --git a/interface-definitions/protocols-bgp.xml.in b/interface-definitions/protocols-bgp.xml.in index 27cbc919a..f152021fb 100644 --- a/interface-definitions/protocols-bgp.xml.in +++ b/interface-definitions/protocols-bgp.xml.in @@ -59,14 +59,7 @@ <valueless/> </properties> </leafNode> - <leafNode name="route-map"> - <properties> - <help>Route-map to modify route attributes</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> + #include <include/bgp-route-map.xml.i> </children> </tagNode> <node name="redistribute"> @@ -167,14 +160,7 @@ </constraint> </properties> </leafNode> - <leafNode name="route-map"> - <properties> - <help>Route-map to modify route attributes</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> + #include <include/bgp-route-map.xml.i> </children> </tagNode> <node name="redistribute"> @@ -198,17 +184,17 @@ #include <include/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> - <node name="ospf"> + <node name="ospfv3"> <properties> - <help>Redistribute OSPF routes into BGP</help> + <help>Redistribute OSPFv3 routes into BGP</help> </properties> <children> #include <include/bgp-afi-redistribute-metric-route-map.xml.i> </children> </node> - <node name="rip"> + <node name="ripng"> <properties> - <help>Redistribute RIP routes into BGP</help> + <help>Redistribute RIPng routes into BGP</help> </properties> <children> #include <include/bgp-afi-redistribute-metric-route-map.xml.i> @@ -282,7 +268,7 @@ <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> - <regex>(br|bond|dum|en|eth|gnv|lo|peth|tun|vti|vxlan|wg|wlan)[0-9]+</regex> + <regex>^(br|bond|dum|en|eth|gnv|peth|tun|vti|vxlan|wg|wlan)[0-9]+|lo$</regex> </constraint> </properties> <children> @@ -307,55 +293,11 @@ </constraint> </properties> </leafNode> - <node name="bfd"> - <properties> - <help>Enable Bidirectional Forwarding Detection (BFD) support</help> - </properties> - <children> - <leafNode name="check-control-plane-failure"> - <properties> - <help>Allow to write CBIT independence in BFD outgoing packets and read both C-BIT value of BFD and lookup BGP peer status</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <node name="capability"> - <properties> - <help>Advertise capabilities to this neighbor</help> - </properties> - <children> - <leafNode name="dynamic"> - <properties> - <help>Advertise dynamic capability to this neighbor</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="extended-nexthop"> - <properties> - <help>Advertise extended-nexthop capability to this neighbor</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <leafNode name="description"> - <properties> - <help>Description for this neighbor</help> - </properties> - </leafNode> - <leafNode name="disable-capability-negotiation"> - <properties> - <help>Disable capability negotiation with this neighbor</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="disable-connected-check"> - <properties> - <help>Disable check to see if eBGP peer address is a connected route</help> - <valueless/> - </properties> - </leafNode> + #include <include/bgp-bfd.xml.i> + #include <include/bgp-capability.xml.i> + #include <include/bgp-description.xml.i> + #include <include/bgp-disable-capability-negotiation.xml.i> + #include <include/bgp-disable-connected-check.xml.i> <node name="disable-send-community"> <properties> <help>Disable sending community attributes to this neighbor (IPv4)</help> @@ -375,134 +317,30 @@ </leafNode> </children> </node> - <leafNode name="ebgp-multihop"> - <properties> - <help>Allow this EBGP neighbor to not be on a directly connected network</help> - <valueHelp> - <format>u32:1-255</format> - <description>Number of hops</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-255"/> - </constraint> - </properties> - </leafNode> + #include <include/bgp-ebgp-multihop.xml.i> <node name="interface"> <properties> <help>Interface parameters</help> </properties> <children> - <leafNode name="peer-group"> - <properties> - <help>Peer group for this peer</help> - </properties> - </leafNode> - <leafNode name="remote-as"> - <properties> - <help>Neighbor BGP AS number [REQUIRED]</help> - <completionHelp> - <list>external internal</list> - </completionHelp> - <valueHelp> - <format>u32:1-4294967294</format> - <description>Neighbor AS number</description> - </valueHelp> - <valueHelp> - <format>external</format> - <description>Any AS different from the local AS</description> - </valueHelp> - <valueHelp> - <format>internal</format> - <description>Neighbor AS number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967294"/> - <regex>(external|internal)</regex> - </constraint> - <constraintErrorMessage>Invalid ASN value</constraintErrorMessage> - </properties> - </leafNode> + #include <include/bgp-peer-group.xml.i> + #include <include/bgp-remote-as.xml.i> <node name="v6only"> <properties> <help>Enable BGP with v6 link-local only</help> </properties> <children> - <leafNode name="peer-group"> - <properties> - <help>Peer group for this peer</help> - </properties> - </leafNode> - <leafNode name="remote-as"> - <properties> - <help>Neighbor BGP AS number [REQUIRED]</help> - <completionHelp> - <list>external internal</list> - </completionHelp> - <valueHelp> - <format>u32:1-4294967294</format> - <description>Neighbor AS number</description> - </valueHelp> - <valueHelp> - <format>external</format> - <description>Any AS different from the local AS</description> - </valueHelp> - <valueHelp> - <format>internal</format> - <description>Neighbor AS number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967294"/> - <regex>(external|internal)</regex> - </constraint> - <constraintErrorMessage>Invalid ASN value</constraintErrorMessage> - </properties> - </leafNode> + #include <include/bgp-peer-group.xml.i> + #include <include/bgp-remote-as.xml.i> </children> </node> </children> </node> - <tagNode name="local-as"> - <properties> - <help>Local AS number</help> - <valueHelp> - <format>u32:1-4294967294</format> - <description>Local AS number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967294"/> - </constraint> - </properties> - <children> - <leafNode name="no-prepend"> - <properties> - <help>Disable prepending local-as to updates from EBGP peers</help> - <valueless/> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="override-capability"> - <properties> - <help>Ignore capability negotiation with specified neighbor</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="passive"> - <properties> - <help>Do not initiate a session with this neighbor</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="password"> - <properties> - <help>BGP MD5 password</help> - </properties> - </leafNode> - <leafNode name="peer-group"> - <properties> - <help>IPv4 peer group for this peer</help> - </properties> - </leafNode> + #include <include/bgp-local-as.xml.i> + #include <include/bgp-override-capability.xml.i> + #include <include/bgp-passive.xml.i> + #include <include/bgp-password.xml.i> + #include <include/bgp-peer-group.xml.i> <leafNode name="port"> <properties> <help>Neighbor BGP port</help> @@ -515,37 +353,8 @@ </constraint> </properties> </leafNode> - <leafNode name="remote-as"> - <properties> - <help>Neighbor BGP AS number [REQUIRED]</help> - <completionHelp> - <list>external internal</list> - </completionHelp> - <valueHelp> - <format>u32:1-4294967294</format> - <description>Neighbor AS number</description> - </valueHelp> - <valueHelp> - <format>external</format> - <description>Any AS different from the local AS</description> - </valueHelp> - <valueHelp> - <format>internal</format> - <description>Neighbor AS number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967294"/> - <regex>(external|internal)</regex> - </constraint> - <constraintErrorMessage>Invalid ASN value</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="shutdown"> - <properties> - <help>Administratively shut down neighbor</help> - <valueless/> - </properties> - </leafNode> + #include <include/bgp-remote-as.xml.i> + #include <include/bgp-shutdown.xml.i> <leafNode name="strict-capability-match"> <properties> <help>Enable strict capability negotiation</help> @@ -573,78 +382,12 @@ </constraint> </properties> </leafNode> - <leafNode name="holdtime"> - <properties> - <help>BGP hold timer for this neighbor</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Hold timer in seconds</description> - </valueHelp> - <valueHelp> - <format>0</format> - <description>Hold timer disabled</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="keepalive"> - <properties> - <help>BGP keepalive interval for this neighbor</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Keepalive interval in seconds (default 60)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> + #include <include/bgp-timers-holdtime.xml.i> + #include <include/bgp-timers-keepalive.xml.i> </children> </node> - <node name="ttl-security"> - <properties> - <help>Ttl security mechanism for this BGP peer</help> - </properties> - <children> - <leafNode name="hops"> - <properties> - <help>Number of the maximum number of hops to the BGP peer</help> - <valueHelp> - <format>u32:1-254</format> - <description>Number of hops</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-254"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <leafNode name="update-source"> - <!-- Need to check format interfaces --> - <properties> - <help>Source IP of routing updates</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of route source</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address of route source</description> - </valueHelp> - <valueHelp> - <format>txt</format> - <description>Interface as route source</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> - <regex>(br|bond|dum|en|eth|gnv|lo|peth|tun|vti|vxlan|wg|wlan)[0-9]+</regex> - </constraint> - </properties> - </leafNode> + #include <include/bgp-ttl-security.xml.i> + #include <include/bgp-update-source.xml.i> </children> </tagNode> <node name="parameters"> @@ -987,218 +730,34 @@ <help>BGP peer-group address-family parameters</help> </properties> <children> - #include <include/bgp-peer-group-afi-ipv4-unicast.xml.i> - #include <include/bgp-peer-group-afi-ipv6-unicast.xml.i> - </children> - </node> - <leafNode name="bfd"> - <properties> - <help>Enable Bidirectional Forwarding Detection (BFD) support</help> - <valueless/> - </properties> - </leafNode> - <node name="capability"> - <properties> - <help>Advertise capabilities to this peer-group</help> - </properties> - <children> - <leafNode name="dynamic"> - <properties> - <help>Advertise dynamic capability to this peer-group</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="extended-nexthop"> - <properties> - <help>Advertise extended-nexthop capability to this neighbor</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <leafNode name="description"> - <properties> - <help>Description for this peer-group</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="disable-capability-negotiation"> - <properties> - <help>Disable capability negotiation with this peer-group</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="disable-connected-check"> - <properties> - <help>Disable check to see if eBGP peer address is a connected route</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="ebgp-multihop"> - <properties> - <help>Allow this EBGP peer-group to not be on a directly connected network</help> - <valueHelp> - <format>u32:1-255</format> - <description>Number of hops</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-255"/> - </constraint> - </properties> - </leafNode> - <tagNode name="local-as"> - <properties> - <help>Local AS number [REQUIRED]</help> - <valueHelp> - <format>u32:1-4294967294</format> - <description>Local AS number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967294"/> - </constraint> - </properties> - <children> - <leafNode name="no-prepend"> - <properties> - <help>Disable prepending local-as to updates from EBGP peers</help> - <valueless/> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="override-capability"> - <properties> - <help>Ignore capability negotiation with specified peer-group</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="passive"> - <properties> - <help>Do not intiate a session with this peer-group</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="password"> - <properties> - <help>BGP MD5 password</help> - </properties> - </leafNode> - <leafNode name="remote-as"> - <properties> - <help>Neighbor BGP AS number [REQUIRED]</help> - <completionHelp> - <list>external internal</list> - </completionHelp> - <valueHelp> - <format>u32:1-4294967294</format> - <description>Neighbor AS number</description> - </valueHelp> - <valueHelp> - <format>external</format> - <description>Any AS different from the local AS</description> - </valueHelp> - <valueHelp> - <format>internal</format> - <description>Neighbor AS number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967294"/> - <regex>(external|internal)</regex> - </constraint> - <constraintErrorMessage>Invalid ASN value</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="shutdown"> - <properties> - <help>Administratively shut down peer-group</help> - <valueless/> - </properties> - </leafNode> - <node name="ttl-security"> - <properties> - <help>Ttl security mechanism</help> - </properties> - <children> - <leafNode name="hops"> - <properties> - <help>Number of the maximum number of hops to the BGP peer</help> - <valueHelp> - <format>u32:1-254</format> - <description>Number of hops</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-254"/> - </constraint> - </properties> - </leafNode> + #include <include/bgp-neighbor-afi-ipv4-unicast.xml.i> + #include <include/bgp-neighbor-afi-ipv6-unicast.xml.i> </children> </node> - <leafNode name="update-source"> - <!-- Need to check format interfaces --> - <properties> - <help>Source IP of routing updates</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of route source</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address of route source</description> - </valueHelp> - <valueHelp> - <format>txt</format> - <description>Interface as route source</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> - <regex>(br|bond|dum|en|eth|gnv|lo|peth|tun|vti|vxlan|wg|wlan)[0-9]+</regex> - </constraint> - </properties> - </leafNode> + #include <include/bgp-bfd.xml.i> + #include <include/bgp-capability.xml.i> + #include <include/bgp-description.xml.i> + #include <include/bgp-disable-capability-negotiation.xml.i> + #include <include/bgp-disable-connected-check.xml.i> + #include <include/bgp-ebgp-multihop.xml.i> + #include <include/bgp-local-as.xml.i> + #include <include/bgp-override-capability.xml.i> + #include <include/bgp-passive.xml.i> + #include <include/bgp-password.xml.i> + #include <include/bgp-remote-as.xml.i> + #include <include/bgp-shutdown.xml.i> + #include <include/bgp-ttl-security.xml.i> + #include <include/bgp-update-source.xml.i> </children> </tagNode> - <leafNode name="route-map"> - <properties> - <help>Filter routes installed in local route map</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - </properties> - </leafNode> + #include <include/bgp-route-map.xml.i> <node name="timers"> <properties> <help>BGP protocol timers</help> </properties> <children> - <leafNode name="holdtime"> - <properties> - <help>BGP holdtime interval</help> - <valueHelp> - <format>u32:4-65535</format> - <description>Hold-time in seconds (default 180)</description> - </valueHelp> - <valueHelp> - <format>0</format> - <description>Do not hold routes</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="keepalive"> - <properties> - <help>Keepalive interval</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Keep-alive time in seconds (default 60)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> + #include <include/bgp-timers-holdtime.xml.i> + #include <include/bgp-timers-keepalive.xml.i> </children> </node> </children> diff --git a/interface-definitions/protocols-isis.xml.in b/interface-definitions/protocols-isis.xml.in index 2340079a6..8c5691ecf 100644 --- a/interface-definitions/protocols-isis.xml.in +++ b/interface-definitions/protocols-isis.xml.in @@ -758,9 +758,9 @@ </constraint> </properties> </leafNode> - <leafNode name="three-way-handshake"> + <leafNode name="no-three-way-handshake"> <properties> - <help>Enable/Disable three-way handshake</help> + <help>Disable three-way handshake</help> <valueless/> </properties> </leafNode> diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in index ee09d01d6..07241fcc2 100644 --- a/interface-definitions/service_ipoe-server.xml.in +++ b/interface-definitions/service_ipoe-server.xml.in @@ -197,7 +197,7 @@ </tagNode> </children> </tagNode> - #include <include/radius-server.xml.i> + #include <include/radius-server-ipv4.xml.i> #include <include/accel-radius-additions.xml.i> </children> </node> diff --git a/interface-definitions/service_mdns-repeater.xml.in b/interface-definitions/service_mdns-repeater.xml.in index e21b1b27c..33ef9a434 100644 --- a/interface-definitions/service_mdns-repeater.xml.in +++ b/interface-definitions/service_mdns-repeater.xml.in @@ -13,12 +13,7 @@ <priority>990</priority> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Disable mDNS repeater service</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="interface"> <properties> <help>Interface to repeat mDNS advertisements [REQUIRED]</help> diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 6d11f41a0..5c0a66527 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -26,7 +26,7 @@ #include <include/accel-auth-local-users.xml.i> #include <include/accel-auth-mode.xml.i> #include <include/accel-auth-protocols.xml.i> - #include <include/radius-server.xml.i> + #include <include/radius-server-ipv4.xml.i> #include <include/accel-radius-additions.xml.i> <node name="radius"> <children> diff --git a/interface-definitions/service_webproxy.xml.in b/interface-definitions/service_webproxy.xml.in index 4cd8138ec..7cb0f7ece 100644 --- a/interface-definitions/service_webproxy.xml.in +++ b/interface-definitions/service_webproxy.xml.in @@ -394,12 +394,7 @@ <help>URL filtering settings</help> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Disable URL filtering</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <node name="squidguard"> <properties> <help>URL filtering via squidGuard redirector</help> diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in index 0a0a29f4d..3a993ec9c 100644 --- a/interface-definitions/snmp.xml.in +++ b/interface-definitions/snmp.xml.in @@ -6,7 +6,7 @@ <node name="snmp" owner="${vyos_conf_scripts_dir}/snmp.py"> <properties> <help>Simple Network Management Protocol (SNMP)</help> - <priority>980</priority> + <priority>900</priority> </properties> <children> <tagNode name="community"> diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in index d94e29427..a2ce3c1c9 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/ssh.xml.in @@ -6,7 +6,7 @@ <node name="ssh" owner="${vyos_conf_scripts_dir}/ssh.py"> <properties> <help>Secure Shell (SSH)</help> - <priority>500</priority> + <priority>1000</priority> </properties> <children> <node name="access-control"> diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in index 812a50c8a..919974eeb 100644 --- a/interface-definitions/system-login.xml.in +++ b/interface-definitions/system-login.xml.in @@ -34,6 +34,7 @@ </constraint> <constraintErrorMessage>Invalid encrypted password for $VAR(../../@).</constraintErrorMessage> </properties> + <defaultValue>!</defaultValue> </leafNode> <leafNode name="plaintext-password"> <properties> @@ -44,7 +45,7 @@ <properties> <help>Remote access public keys</help> <valueHelp> - <format>>identifier<</format> + <format>txt</format> <description>Key identifier used by ssh-keygen (usually of form user@host)</description> </valueHelp> </properties> @@ -61,7 +62,7 @@ </leafNode> <leafNode name="type"> <properties> - <help></help> + <help>Public key type</help> <completionHelp> <list>ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519</list> </completionHelp> @@ -86,14 +87,14 @@ <description/> </valueHelp> <constraint> - <regex>(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519)</regex> + <regex>^(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519)$</regex> </constraint> </properties> </leafNode> </children> </tagNode> </children> - </node> + </node> <leafNode name="full-name"> <properties> <help>Full name of the user (use quotes for names with spaces)</help> @@ -110,7 +111,7 @@ </leafNode> </children> </tagNode> - #include <include/radius-server.xml.i> + #include <include/radius-server-ipv4-ipv6.xml.i> <node name="radius"> <children> <tagNode name="server"> @@ -119,7 +120,7 @@ <properties> <help>Session timeout</help> <valueHelp> - <format>1-30</format> + <format>u32:1-30</format> <description>Session timeout in seconds (default: 2)</description> </valueHelp> <constraint> @@ -127,18 +128,20 @@ </constraint> <constraintErrorMessage>Timeout must be between 1 and 30 seconds</constraintErrorMessage> </properties> + <defaultValue>2</defaultValue> </leafNode> <leafNode name="priority"> <properties> <help>Server priority</help> <valueHelp> - <format>1-255</format> + <format>u32:1-255</format> <description>Server priority (default: 255)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-255"/> </constraint> </properties> + <defaultValue>255</defaultValue> </leafNode> </children> </tagNode> diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index daf98a833..426d7e71c 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -1045,12 +1045,7 @@ </constraint> </properties> </leafNode> - <leafNode name="disable"> - <properties> - <help>Option to disable vpn tunnel</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="esp-group"> <properties> <help>ESP group name</help> diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index 42da75a64..998a8c371 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -212,7 +212,7 @@ #include <include/accel-ppp-mppe.xml.i> #include <include/accel-auth-mode.xml.i> #include <include/accel-auth-local-users.xml.i> - #include <include/radius-server.xml.i> + #include <include/radius-server-ipv4.xml.i> <node name="radius"> <children> <tagNode name="server"> diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in index ccf537e04..054e027fc 100644 --- a/interface-definitions/vpn_openconnect.xml.in +++ b/interface-definitions/vpn_openconnect.xml.in @@ -42,12 +42,7 @@ <help>User name for authentication</help> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Option to disable a SSL VPN Server user</help> - <valueless /> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="password"> <properties> <help>Password for authentication</help> @@ -57,7 +52,7 @@ </tagNode> </children> </node> - #include <include/radius-server.xml.i> + #include <include/radius-server-ipv4.xml.i> <node name="radius"> <children> <leafNode name="timeout"> diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in index b17138e33..72eda8752 100644 --- a/interface-definitions/vpn_pptp.xml.in +++ b/interface-definitions/vpn_pptp.xml.in @@ -104,11 +104,7 @@ <help>User name for authentication</help> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Option to disable a PPTP Server user</help> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="password"> <properties> <help>Password for authentication</help> @@ -123,7 +119,7 @@ </tagNode> </children> </node> - #include <include/radius-server.xml.i> + #include <include/radius-server-ipv4.xml.i> #include <include/accel-radius-additions.xml.i> </children> </node> diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index 134858608..ebcb77db2 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -16,7 +16,7 @@ #include <include/accel-auth-local-users.xml.i> #include <include/accel-auth-mode.xml.i> #include <include/accel-auth-protocols.xml.i> - #include <include/radius-server.xml.i> + #include <include/radius-server-ipv4.xml.i> #include <include/accel-radius-additions.xml.i> <node name="radius"> <children> diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index 159f4ea3e..06923971d 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -4,7 +4,7 @@ <properties> <help>Virtual Routing and Forwarding</help> <!-- must be before any interface creation --> - <priority>60</priority> + <priority>10</priority> </properties> <children> <leafNode name="bind-to-all"> diff --git a/interface-definitions/vrrp.xml.in b/interface-definitions/vrrp.xml.in index c6a32930f..caa9f4a33 100644 --- a/interface-definitions/vrrp.xml.in +++ b/interface-definitions/vrrp.xml.in @@ -73,12 +73,7 @@ <help>Group description</help> </properties> </leafNode> - <leafNode name="disable"> - <properties> - <valueless/> - <help>Disable VRRP group</help> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <node name="health-check"> <properties> <help>Health check script</help> diff --git a/op-mode-definitions/add-system-image.xml b/op-mode-definitions/add-system-image.xml.in index 3dc1c67ab..67d8aa3b4 100644 --- a/op-mode-definitions/add-system-image.xml +++ b/op-mode-definitions/add-system-image.xml.in @@ -11,7 +11,7 @@ <properties> <help>Add a new image to the system</help> <completionHelp> - <list>/path/to/vyos-image.iso http://example.com/vyos-image.iso</list> + <list>/path/to/vyos-image.iso "http://example.com/vyos-image.iso"</list> </completionHelp> </properties> <command>sudo ${vyatta_sbindir}/install-image --url "${4}"</command> diff --git a/op-mode-definitions/clear-ip.xml b/op-mode-definitions/clear-ip.xml.in index 3c75ed11b..3c75ed11b 100644 --- a/op-mode-definitions/clear-ip.xml +++ b/op-mode-definitions/clear-ip.xml.in diff --git a/op-mode-definitions/clear-ipv6.xml b/op-mode-definitions/clear-ipv6.xml.in index c062102fc..c062102fc 100644 --- a/op-mode-definitions/clear-ipv6.xml +++ b/op-mode-definitions/clear-ipv6.xml.in diff --git a/op-mode-definitions/configure.xml b/op-mode-definitions/configure.xml.in index 3dd5a0f45..3dd5a0f45 100644 --- a/op-mode-definitions/configure.xml +++ b/op-mode-definitions/configure.xml.in diff --git a/op-mode-definitions/connect.xml b/op-mode-definitions/connect.xml.in index 1ec62949a..1ec62949a 100644 --- a/op-mode-definitions/connect.xml +++ b/op-mode-definitions/connect.xml.in diff --git a/op-mode-definitions/date.xml b/op-mode-definitions/date.xml.in index 15a69dbd9..15a69dbd9 100644 --- a/op-mode-definitions/date.xml +++ b/op-mode-definitions/date.xml.in diff --git a/op-mode-definitions/dhcp.xml b/op-mode-definitions/dhcp.xml.in index 48752cfd5..48752cfd5 100644 --- a/op-mode-definitions/dhcp.xml +++ b/op-mode-definitions/dhcp.xml.in diff --git a/op-mode-definitions/disconnect.xml b/op-mode-definitions/disconnect.xml.in index bf2c37b89..bf2c37b89 100644 --- a/op-mode-definitions/disconnect.xml +++ b/op-mode-definitions/disconnect.xml.in diff --git a/op-mode-definitions/disks.xml b/op-mode-definitions/disks.xml.in index fb39c4f3c..fb39c4f3c 100644 --- a/op-mode-definitions/disks.xml +++ b/op-mode-definitions/disks.xml.in diff --git a/op-mode-definitions/dns-dynamic.xml b/op-mode-definitions/dns-dynamic.xml.in index 9c37874fb..9c37874fb 100644 --- a/op-mode-definitions/dns-dynamic.xml +++ b/op-mode-definitions/dns-dynamic.xml.in diff --git a/op-mode-definitions/dns-forwarding.xml b/op-mode-definitions/dns-forwarding.xml.in index 23de97704..23de97704 100644 --- a/op-mode-definitions/dns-forwarding.xml +++ b/op-mode-definitions/dns-forwarding.xml.in diff --git a/op-mode-definitions/flow-accounting-op.xml b/op-mode-definitions/flow-accounting-op.xml.in index 912805d59..912805d59 100644 --- a/op-mode-definitions/flow-accounting-op.xml +++ b/op-mode-definitions/flow-accounting-op.xml.in diff --git a/op-mode-definitions/force-arp.xml b/op-mode-definitions/force-arp.xml.in index f9f7c7643..f9f7c7643 100644 --- a/op-mode-definitions/force-arp.xml +++ b/op-mode-definitions/force-arp.xml.in diff --git a/op-mode-definitions/force-ipv6-nd.xml b/op-mode-definitions/force-ipv6-nd.xml.in index 49de097f6..49de097f6 100644 --- a/op-mode-definitions/force-ipv6-nd.xml +++ b/op-mode-definitions/force-ipv6-nd.xml.in diff --git a/op-mode-definitions/force-ipv6-rd.xml b/op-mode-definitions/force-ipv6-rd.xml.in index 8c901af25..8c901af25 100644 --- a/op-mode-definitions/force-ipv6-rd.xml +++ b/op-mode-definitions/force-ipv6-rd.xml.in diff --git a/op-mode-definitions/force-mtu-host.xml b/op-mode-definitions/force-mtu-host.xml.in index b92179f11..b92179f11 100644 --- a/op-mode-definitions/force-mtu-host.xml +++ b/op-mode-definitions/force-mtu-host.xml.in diff --git a/op-mode-definitions/generate-macsec-key.xml b/op-mode-definitions/generate-macsec-key.xml.in index 40d2b9061..40d2b9061 100644 --- a/op-mode-definitions/generate-macsec-key.xml +++ b/op-mode-definitions/generate-macsec-key.xml.in diff --git a/op-mode-definitions/generate-ssh-server-key.xml b/op-mode-definitions/generate-ssh-server-key.xml.in index a6ebf1b78..a6ebf1b78 100644 --- a/op-mode-definitions/generate-ssh-server-key.xml +++ b/op-mode-definitions/generate-ssh-server-key.xml.in diff --git a/op-mode-definitions/igmp-proxy.xml b/op-mode-definitions/igmp-proxy.xml.in index 8533138d7..8533138d7 100644 --- a/op-mode-definitions/igmp-proxy.xml +++ b/op-mode-definitions/igmp-proxy.xml.in diff --git a/op-mode-definitions/include/monitor-background.xml.i b/op-mode-definitions/include/monitor-background.xml.i new file mode 100644 index 000000000..9931127e3 --- /dev/null +++ b/op-mode-definitions/include/monitor-background.xml.i @@ -0,0 +1,21 @@ +<!-- included start from monitor-background.xml.i --> +<node name="background"> + <properties> + <help>Monitor in background</help> + </properties> + <children> + <node name="start"> + <properties> + <help>Start background monitoring</help> + </properties> + <command>${vyatta_bindir}/vyatta-monitor-background ${3^^} ${3}</command> + </node> + <node name="stop"> + <properties> + <help>Stop background monitoring</help> + </properties> + <command>${vyatta_bindir}/vyatta-monitor-background-stop ${3^^}</command> + </node> + </children> +</node> +<!-- included end --> diff --git a/op-mode-definitions/include/monitor-no-ospf-packet-detail.xml.i b/op-mode-definitions/include/monitor-no-ospf-packet-detail.xml.i new file mode 100644 index 000000000..8dbb5acea --- /dev/null +++ b/op-mode-definitions/include/monitor-no-ospf-packet-detail.xml.i @@ -0,0 +1,36 @@ +<!-- included start from monitor-ospf-packet-detail.xml.i --> +<node name="detail"> + <properties> + <help>Disable detailed OSPF packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:3}"</command> +</node> +<node name="recv"> + <properties> + <help>Disable OSPF recv packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:3}"</command> + <children> + <node name="detail"> + <properties> + <help>Disable detailed OSPF recv packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:3}"</command> + </node> + </children> +</node> +<node name="send"> + <properties> + <help>Disable OSPF send packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:3}"</command> + <children> + <node name="detail"> + <properties> + <help>Disable detailed OSPF send packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:3}"</command> + </node> + </children> +</node> +<!-- included end --> diff --git a/op-mode-definitions/include/monitor-ospf-packet-detail.xml.i b/op-mode-definitions/include/monitor-ospf-packet-detail.xml.i new file mode 100644 index 000000000..a4bd33673 --- /dev/null +++ b/op-mode-definitions/include/monitor-ospf-packet-detail.xml.i @@ -0,0 +1,36 @@ +<!-- included start from monitor-ospf-packet-detail.xml.i --> +<node name="detail"> + <properties> + <help>Enable detailed OSPF packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:3}"</command> +</node> +<node name="recv"> + <properties> + <help>Enable OSPF recv packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:3}"</command> + <children> + <node name="detail"> + <properties> + <help>Enable detailed OSPF recv packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:3}"</command> + </node> + </children> +</node> +<node name="send"> + <properties> + <help>Enable OSPF send packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:3}"</command> + <children> + <node name="detail"> + <properties> + <help>Enable detailed OSPF send packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:3}"</command> + </node> + </children> +</node> +<!-- included end --> diff --git a/op-mode-definitions/include/ospfv3-adv-router-id-node-tag.xml.i b/op-mode-definitions/include/ospfv3-adv-router-id-node-tag.xml.i new file mode 100644 index 000000000..312ce2a4f --- /dev/null +++ b/op-mode-definitions/include/ospfv3-adv-router-id-node-tag.xml.i @@ -0,0 +1,17 @@ +<!-- included start from ospfv3-adv-router-id-node-tag.xml.i --> +<node name="node.tag"> + <properties> + <help>Search by Advertising Router ID</help> + <completionHelp> + <list><x.x.x.x></list> + </completionHelp> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + </children> +</node> +<!-- included end --> diff --git a/op-mode-definitions/include/ospfv3-adv-router.xml.i b/op-mode-definitions/include/ospfv3-adv-router.xml.i new file mode 100644 index 000000000..d17538d4d --- /dev/null +++ b/op-mode-definitions/include/ospfv3-adv-router.xml.i @@ -0,0 +1,16 @@ +<!-- included start from ospfv3-adv-router.xml.i --> +<tagNode name="adv-router"> + <properties> + <help>Search by Advertising Router ID</help> + <completionHelp> + <list><x.x.x.x></list> + </completionHelp> + </properties> + <children> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + </children> +</tagNode> +<!-- included end --> diff --git a/op-mode-definitions/include/ospfv3-detail.xml.i b/op-mode-definitions/include/ospfv3-detail.xml.i new file mode 100644 index 000000000..76096fbc8 --- /dev/null +++ b/op-mode-definitions/include/ospfv3-detail.xml.i @@ -0,0 +1,9 @@ +<!-- included start from ospfv3-detail.xml.i --> +<node name="detail"> + <properties> + <help>Show detailed information</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> +</node> +<!-- included end --> diff --git a/op-mode-definitions/include/ospfv3-dump.xml.i b/op-mode-definitions/include/ospfv3-dump.xml.i new file mode 100644 index 000000000..4271aec53 --- /dev/null +++ b/op-mode-definitions/include/ospfv3-dump.xml.i @@ -0,0 +1,9 @@ +<!-- included start from ospfv3-dump.xml.i --> +<node name="dump"> + <properties> + <help>Show dump of LSAs</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> +</node> +<!-- included end --> diff --git a/op-mode-definitions/include/ospfv3-internal.xml.i b/op-mode-definitions/include/ospfv3-internal.xml.i new file mode 100644 index 000000000..8b45e86c1 --- /dev/null +++ b/op-mode-definitions/include/ospfv3-internal.xml.i @@ -0,0 +1,9 @@ +<!-- included start from ospfv3-internal.xml.i --> +<node name="internal"> + <properties> + <help>Show internal LSA information</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> +</node> +<!-- included end --> diff --git a/op-mode-definitions/include/ospfv3-linkstate-id-node-tag.xml.i b/op-mode-definitions/include/ospfv3-linkstate-id-node-tag.xml.i new file mode 100644 index 000000000..24b549d28 --- /dev/null +++ b/op-mode-definitions/include/ospfv3-linkstate-id-node-tag.xml.i @@ -0,0 +1,18 @@ +<!-- included start from ospfv3-linkstate-id-node-tag.xml.i --> +<node name="node.tag"> + <properties> + <help>Search by Link state ID</help> + <completionHelp> + <list><x.x.x.x></list> + </completionHelp> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-self-originated.xml.i> + </children> +</node> +<!-- included end --> diff --git a/op-mode-definitions/include/ospfv3-linkstate-id.xml.i b/op-mode-definitions/include/ospfv3-linkstate-id.xml.i new file mode 100644 index 000000000..eab5916f1 --- /dev/null +++ b/op-mode-definitions/include/ospfv3-linkstate-id.xml.i @@ -0,0 +1,15 @@ +<!-- included start from ospfv3-linkstate-id.xml.i --> +<tagNode name="linkstate-id"> + <properties> + <help>Search by Link state ID</help> + <completionHelp> + <list><x.x.x.x></list> + </completionHelp> + </properties> + <children> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + </children> +</tagNode> +<!-- included end --> diff --git a/op-mode-definitions/include/ospfv3-self-originated.xml.i b/op-mode-definitions/include/ospfv3-self-originated.xml.i new file mode 100644 index 000000000..180bca6f6 --- /dev/null +++ b/op-mode-definitions/include/ospfv3-self-originated.xml.i @@ -0,0 +1,14 @@ +<!-- included start from ospfv3-self-originated.xml.i --> +<node name="self-originated"> + <properties> + <help>Show Self-originated LSAs</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + </children> +</node> +<!-- included end --> diff --git a/op-mode-definitions/ipoe-server.xml b/op-mode-definitions/ipoe-server.xml.in index c20d3aa2a..c20d3aa2a 100644 --- a/op-mode-definitions/ipoe-server.xml +++ b/op-mode-definitions/ipoe-server.xml.in diff --git a/op-mode-definitions/ipv4-route.xml b/op-mode-definitions/ipv4-route.xml.in index 1bda3ac11..1bda3ac11 100644 --- a/op-mode-definitions/ipv4-route.xml +++ b/op-mode-definitions/ipv4-route.xml.in diff --git a/op-mode-definitions/ipv6-route.xml b/op-mode-definitions/ipv6-route.xml.in index fbf6489ba..fbf6489ba 100644 --- a/op-mode-definitions/ipv6-route.xml +++ b/op-mode-definitions/ipv6-route.xml.in diff --git a/op-mode-definitions/l2tp-server.xml b/op-mode-definitions/l2tp-server.xml.in index 3e96b9365..3e96b9365 100644 --- a/op-mode-definitions/l2tp-server.xml +++ b/op-mode-definitions/l2tp-server.xml.in diff --git a/op-mode-definitions/lldp.xml b/op-mode-definitions/lldp.xml.in index 297ccf1f4..297ccf1f4 100644 --- a/op-mode-definitions/lldp.xml +++ b/op-mode-definitions/lldp.xml.in diff --git a/op-mode-definitions/monitor-bandwidth-test.xml b/op-mode-definitions/monitor-bandwidth-test.xml.in index 5b36b1da5..5b36b1da5 100644 --- a/op-mode-definitions/monitor-bandwidth-test.xml +++ b/op-mode-definitions/monitor-bandwidth-test.xml.in diff --git a/op-mode-definitions/monitor-bandwidth.xml b/op-mode-definitions/monitor-bandwidth.xml.in index 9af0a9e70..9af0a9e70 100644 --- a/op-mode-definitions/monitor-bandwidth.xml +++ b/op-mode-definitions/monitor-bandwidth.xml.in diff --git a/op-mode-definitions/monitor-log.xml b/op-mode-definitions/monitor-log.xml.in index 99efe5306..99efe5306 100644 --- a/op-mode-definitions/monitor-log.xml +++ b/op-mode-definitions/monitor-log.xml.in diff --git a/op-mode-definitions/monitor-ndp.xml b/op-mode-definitions/monitor-ndp.xml.in index 1ac6ce39b..1ac6ce39b 100644 --- a/op-mode-definitions/monitor-ndp.xml +++ b/op-mode-definitions/monitor-ndp.xml.in diff --git a/op-mode-definitions/monitor-protocol.xml.in b/op-mode-definitions/monitor-protocol.xml.in new file mode 100644 index 000000000..6a6bd50f3 --- /dev/null +++ b/op-mode-definitions/monitor-protocol.xml.in @@ -0,0 +1,1542 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="monitor"> + <children> + <node name="protocol"> + <properties> + <help>Monitor routing protocols</help> + </properties> + <children> + <node name="bgp"> + <properties> + <help>Monitor the Border Gateway Protocol (BGP)</help> + </properties> + <children> + #include <include/monitor-background.xml.i> + <node name="disable"> + <properties> + <help>Disable Border Gateway Protocol (BGP) debugging</help> + </properties> + <children> + <node name="all"> + <properties> + <help>Disable all BGP debugging</help> + </properties> + <command>vtysh -c "no debug bgp"</command> + </node> + <node name="allow-martians"> + <properties> + <help>Disable BGP martians next hops debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="as4"> + <properties> + <help>Disable BGP allow AS4 actions debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="bestpath"> + <properties> + <help>Disable BGP allow best path debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <tagNode name="bestpath"> + <properties> + <help>Disable BGP bestpath IPv4 IPv6</help> + <completionHelp> + <list><x.x.x.x/x> <h:h:h:h:h:h:h:h/h></list> + </completionHelp> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </tagNode> + <node name="flowspec"> + <properties> + <help>Disable BGP allow flowspec debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="keepalives"> + <properties> + <help>Disable BGP keepalives debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="labelpool"> + <properties> + <help>Disable BGP label pool debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="neighbor-events"> + <properties> + <help>Disable BGP Neighbor events debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="nht"> + <properties> + <help>Disable BGP next hop tracking debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="pbr"> + <properties> + <help>Disable BGP policy based routing debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="rib"> + <properties> + <help>Disable BGP rib debugging</help> + </properties> + <command>vtysh -c "no debug bgp zebra"</command> + </node> + <node name="update-groups"> + <properties> + <help>Disable BGP update groups debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="updates"> + <properties> + <help>Disable BGP updates debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="vnc"> + <properties> + <help>Disable BGP VNC debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + <children> + <node name="import-bi-attach"> + <properties> + <help>Disable BGP vnc import BI attachment debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="import-del-remote"> + <properties> + <help>Disable BGP vnc import/delete remote routes debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="rfapi-query"> + <properties> + <help>Disable BGP vnc rfapi query debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + <node name="verbose"> + <properties> + <help>Disable BGP vnc verbose logging debugging</help> + </properties> + <command>vtysh -c "no debug bgp ${@:5}"</command> + </node> + </children> + </node> + </children> + </node> + <node name="enable"> + <properties> + <help>Enable Border Gateway Protocol (BGP) debugging</help> + </properties> + <children> + <node name="allow-martians"> + <properties> + <help>Enable BGP martians next hops debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="as4"> + <properties> + <help>Enable BGP allow AS4 actions debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="bestpath"> + <properties> + <help>Enable BGP allow best path debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <tagNode name="bestpath"> + <properties> + <help>Debug bestpath IPv4 IPv6</help> + <completionHelp> + <list><x.x.x.x/x> <h:h:h:h:h:h:h:h/h></list> + </completionHelp> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </tagNode> + <node name="flowspec"> + <properties> + <help>Enable BGP allow flowspec debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="keepalives"> + <properties> + <help>Enable BGP keepalives debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="labelpool"> + <properties> + <help>Enable BGP label pool debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="neighbor-events"> + <properties> + <help>Enable BGP Neighbor events debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="nht"> + <properties> + <help>Enable BGP next hop tracking debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="pbr"> + <properties> + <help>Enable BGP policy based routing debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="rib"> + <properties> + <help>Enable BGP rib debugging</help> + </properties> + <command>vtysh -c "debug bgp zebra"</command> + </node> + <node name="update-groups"> + <properties> + <help>Enable BGP update groups debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="updates"> + <properties> + <help>Enable BGP updates debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="vnc"> + <properties> + <help>Enable BGP VNC debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + <children> + <node name="import-bi-attach"> + <properties> + <help>Enable BGP vnc import BI attachment debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="import-del-remote"> + <properties> + <help>Enable BGP vnc import/delete remote routes debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="rfapi-query"> + <properties> + <help>Enable BGP vnc rfapi query debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + <node name="verbose"> + <properties> + <help>Enable BGP vnc verbose logging debugging</help> + </properties> + <command>vtysh -c "debug bgp ${@:5}"</command> + </node> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="ospf"> + <properties> + <help>Monitor the Open Shortest Path First (OSPF) protocol</help> + </properties> + <children> + #include <include/monitor-background.xml.i> + + + <node name="disable"> + <children> + <node name="event"> + <properties> + <help>Disable OSPF debugging</help> + </properties> + <command>vtysh -c "no debug ospf"</command> + </node> + <node name="event"> + <properties> + <help>Disable OSPF event debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + <node name="ism"> + <properties> + <help>Disable OSPF ism debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + <children> + <node name="events"> + <properties> + <help>Disable OSPF ism events debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + <node name="status"> + <properties> + <help>Disable OSPF ism status debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + <node name="timers"> + <properties> + <help>Disable OSPF ism timers debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + </children> + </node> + <node name="lsa"> + <properties> + <help>Disable OSPF lsa debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + <children> + <node name="flooding"> + <properties> + <help>Disable OSPF lsa flooding debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + <node name="generate"> + <properties> + <help>Disable OSPF lsa generate debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + <node name="install"> + <properties> + <help>Disable OSPF lsa install debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + <node name="refresh"> + <properties> + <help>Disable OSPF lsa refresh debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + </children> + </node> + <node name="nsm"> + <properties> + <help>Disable OSPF nsm debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + <children> + <node name="events"> + <properties> + <help>Disable OSPF nsm events debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + <node name="status"> + <properties> + <help>Disable OSPF nsm status debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + <node name="timers"> + <properties> + <help>Disable OSPF nsm timers debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + </children> + </node> + <node name="nssa"> + <properties> + <help>Disable OSPF nssa debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + </node> + <node name="packet"> + <properties> + <help>Disable OSPF packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + <children> + <node name="all"> + <properties> + <help>Disable OSPF all packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + <children> + #include <include/monitor-no-ospf-packet-detail.xml.i> + </children> + </node> + <node name="dd"> + <properties> + <help>Disable OSPF dd packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + <children> + #include <include/monitor-no-ospf-packet-detail.xml.i> + </children> + </node> + <node name="hello"> + <properties> + <help>Disable OSPF hello packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + <children> + #include <include/monitor-no-ospf-packet-detail.xml.i> + </children> + </node> + <node name="ls-ack"> + <properties> + <help>Disable OSPF ls-ack packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + <children> + #include <include/monitor-no-ospf-packet-detail.xml.i> + </children> + </node> + <node name="ls-request"> + <properties> + <help>Disable OSPF ls-request packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + <children> + #include <include/monitor-no-ospf-packet-detail.xml.i> + </children> + </node> + <node name="ls-update"> + <properties> + <help>Disable OSPF ls-update packet debugging</help> + </properties> + <command>vtysh -c "no debug ospf ${@:5}"</command> + <children> + #include <include/monitor-no-ospf-packet-detail.xml.i> + </children> + </node> + </children> + </node> + <node name="rib"> + <properties> + <help>Disable OSPF rib debugging</help> + </properties> + <command>vtysh -c "no debug ospf zebra"</command> + <children> + <node name="interface"> + <properties> + <help>Disable OSPF rib interface debugging</help> + </properties> + <command>vtysh -c "no debug ospf zebra interface"</command> + </node> + <node name="redistribute"> + <properties> + <help>Disable OSPF rib redistribute debugging</help> + </properties> + <command>vtysh -c "no debug ospf zebra redistribute"</command> + </node> + </children> + </node> + </children> + </node> + <node name="enable"> + <children> + <node name="event"> + <properties> + <help>Enable OSPF event debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + <node name="ism"> + <properties> + <help>Enable OSPF ism debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + <children> + <node name="events"> + <properties> + <help>Enable OSPF ism events debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + <node name="status"> + <properties> + <help>Enable OSPF ism status debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + <node name="timers"> + <properties> + <help>Enable OSPF ism timers debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + </children> + </node> + <node name="lsa"> + <properties> + <help>Enable OSPF lsa debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + <children> + <node name="flooding"> + <properties> + <help>Enable OSPF lsa flooding debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + <node name="generate"> + <properties> + <help>Enable OSPF lsa generate debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + <node name="install"> + <properties> + <help>Enable OSPF lsa install debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + <node name="refresh"> + <properties> + <help>Enable OSPF lsa refresh debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + </children> + </node> + <node name="nsm"> + <properties> + <help>Enable OSPF nsm debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + <children> + <node name="events"> + <properties> + <help>Enable OSPF nsm events debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + <node name="status"> + <properties> + <help>Enable OSPF nsm status debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + <node name="timers"> + <properties> + <help>Enable OSPF nsm timers debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + </children> + </node> + <node name="nssa"> + <properties> + <help>Enable OSPF nssa debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + </node> + <node name="packet"> + <properties> + <help>Enable OSPF packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + <children> + <node name="all"> + <properties> + <help>Enable OSPF all packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + <children> + #include <include/monitor-ospf-packet-detail.xml.i> + </children> + </node> + <node name="dd"> + <properties> + <help>Enable OSPF dd packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + <children> + #include <include/monitor-ospf-packet-detail.xml.i> + </children> + </node> + <node name="hello"> + <properties> + <help>Enable OSPF hello packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + <children> + #include <include/monitor-ospf-packet-detail.xml.i> + </children> + </node> + <node name="ls-ack"> + <properties> + <help>Enable OSPF ls-ack packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + <children> + #include <include/monitor-ospf-packet-detail.xml.i> + </children> + </node> + <node name="ls-request"> + <properties> + <help>Enable OSPF ls-request packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + <children> + #include <include/monitor-ospf-packet-detail.xml.i> + </children> + </node> + <node name="ls-update"> + <properties> + <help>Enable OSPF ls-update packet debugging</help> + </properties> + <command>vtysh -c "debug ospf ${@:5}"</command> + <children> + #include <include/monitor-ospf-packet-detail.xml.i> + </children> + </node> + </children> + </node> + <node name="rib"> + <properties> + <help>Enable OSPF rib debugging</help> + </properties> + <command>vtysh -c "debug ospf zebra"</command> + <children> + <node name="interface"> + <properties> + <help>Enable OSPF rib interface debugging</help> + </properties> + <command>vtysh -c "debug ospf zebra interface"</command> + </node> + <node name="redistribute"> + <properties> + <help>Enable OSPF rib redistribute debugging</help> + </properties> + <command>vtysh -c "debug ospf zebra redistribute"</command> + </node> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="ospfv3"> + <properties> + <help>Monitor the IPv6 Open Shortest Path First (OSPFv3) protocol</help> + </properties> + <children> + <node name="background"> + <properties> + <help>Monitor in background</help> + </properties> + <children> + <node name="start"> + <properties> + <help>Start background monitoring</help> + </properties> + <command>${vyatta_bindir}/vyatta-monitor-background OSPFv3 ospf6</command> + </node> + <node name="stop"> + <properties> + <help>Stop background monitoring</help> + </properties> + <command>${vyatta_bindir}/vyatta-monitor-background-stop OSPFv3</command> + </node> + </children> + </node> + <node name="disable"> + <properties> + <help>Disable IPv6 Open Shortest Path First (OSPFv3) protocol debugging</help> + </properties> + <children> + <node name="abr"> + <properties> + <help>Disable all OSPFv3 debugging</help> + </properties> + <command>vtysh -c "no debug ospf6"</command> + </node> + <node name="abr"> + <properties> + <help>Disable OSPFv3 ABR debugging</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="asbr"> + <properties> + <help>Disable OSPFv3 ASBR debugging</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="border-routers"> + <properties> + <help>Disable OSPFv3 border router debugging</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + <children> + <node name="area-id"> + <properties> + <help>Disable debug border routers in specific Area</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="router-id"> + <properties> + <help>Disable debug specific border router</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="flooding"> + <properties> + <help>Disable OSPFv3 flooding debugging</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="interface"> + <properties> + <help>Disable OSPFv3 Interface debugging</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="lsa"> + <properties> + <help>Disable OSPFv3 Link State Advertisments debugging</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + <children> + <node name="as-external"> + <properties> + <help>Display As-External LSAs</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="inter-prefix"> + <properties> + <help>Display Inter-Area-Prefix LSAs</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="inter-router"> + <properties> + <help>Display Inter-Router LSAs</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="intra-prefix"> + <properties> + <help>Display Intra-Area-Prefix LSAs</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="link"> + <properties> + <help>Display Link LSAs</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="network"> + <properties> + <help>Display Network LSAs</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="router"> + <properties> + <help>Display Router LSAs</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="unknown"> + <properties> + <help>Display LSAs of unknown origin</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="message"> + <properties> + <help>Disable OSPFv3 message debugging</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + <children> + <node name="all"> + <properties> + <help>Debug All message</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="dbdesc"> + <properties> + <help>Debug Database Description message</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="hello"> + <properties> + <help>Debug Hello message</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="lsack"> + <properties> + <help>Debug Link State Acknowledgement message</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="lsreq"> + <properties> + <help>Debug Link State Request message</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="lsupdate"> + <properties> + <help>Debug Link State Update message</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="unknown"> + <properties> + <help>Debug Unknown message</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="neighbor"> + <properties> + <help>Disable OSPFv3 Neighbor debugging</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + <children> + <node name="event"> + <properties> + <help>Debug OSPFv3 Neighbor Event</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="state"> + <properties> + <help>Debug OSPFv3 Neighbor State Change</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="rib"> + <properties> + <help>Disable OSPFv3 connection to RIB debugging</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + <children> + <node name="recv"> + <properties> + <help>Debug receiving zebra</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="send"> + <properties> + <help>Debug sending zebra</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="route"> + <properties> + <help>Disable OSPFv3 route table calculation debugging</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + <children> + <node name="inter-area"> + <properties> + <help>Debug inter-area route calculation</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="intra-area"> + <properties> + <help>Debug intra-area route calculation</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="memory"> + <properties> + <help>Debug route memory use</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="table"> + <properties> + <help>Debug route table calculation</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="spf"> + <properties> + <help>Disable OSPFv3 SPF calculation debugging</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + <children> + <node name="database"> + <properties> + <help>Log number of LSAs at SPF Calculation time</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="process"> + <properties> + <help>Debug Detailed SPF Process</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + <node name="time"> + <properties> + <help>Measure time taken by SPF Calculation</help> + </properties> + <command>vtysh -c "no debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + </children> + </node> + <node name="enable"> + <properties> + <help>Enable IPv6 Open Shortest Path First (OSPFv3) protocol debugging</help> + </properties> + <children> + <node name="abr"> + <properties> + <help>Enable OSPFv3 ABR debugging</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="asbr"> + <properties> + <help>Enable OSPFv3 ASBR debugging</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="border-routers"> + <properties> + <help>Enable OSPFv3 border router debugging</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + <children> + <node name="area-id"> + <properties> + <help>Debug border routers in specific Area</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="router-id"> + <properties> + <help>Debug specific border router</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="flooding"> + <properties> + <help>Enable OSPFv3 flooding debugging</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="interface"> + <properties> + <help>Enable OSPFv3 Interface debugging</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="lsa"> + <properties> + <help>Enable OSPFv3 Link State Advertisments debugging</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + <children> + <node name="as-external"> + <properties> + <help>Display As-External LSAs</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="inter-prefix"> + <properties> + <help>Display Inter-Area-Prefix LSAs</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="inter-router"> + <properties> + <help>Display Inter-Router LSAs</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="intra-prefix"> + <properties> + <help>Display Intra-Area-Prefix LSAs</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="link"> + <properties> + <help>Display Link LSAs</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="network"> + <properties> + <help>Display Network LSAs</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="router"> + <properties> + <help>Display Router LSAs</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="unknown"> + <properties> + <help>Display LSAs of unknown origin</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="message"> + <properties> + <help>Enable OSPFv3 message debugging</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + <children> + <node name="all"> + <properties> + <help>Debug All message</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="dbdesc"> + <properties> + <help>Debug Database Description message</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="hello"> + <properties> + <help>Debug Hello message</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="lsack"> + <properties> + <help>Debug Link State Acknowledgement message</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="lsreq"> + <properties> + <help>Debug Link State Request message</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="lsupdate"> + <properties> + <help>Debug Link State Update message</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="unknown"> + <properties> + <help>Debug Unknown message</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="neighbor"> + <properties> + <help>Enable OSPFv3 Neighbor debugging</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + <children> + <node name="event"> + <properties> + <help>Debug OSPFv3 Neighbor Event</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="state"> + <properties> + <help>Debug OSPFv3 Neighbor State Change</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="rib"> + <properties> + <help>Enable OSPFv3 connection to RIB debugging</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + <children> + <node name="recv"> + <properties> + <help>Debug receiving zebra</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="send"> + <properties> + <help>Debug sending zebra</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="route"> + <properties> + <help>Enable OSPFv3 route table calculation debugging</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + <children> + <node name="inter-area"> + <properties> + <help>Debug inter-area route calculation</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="intra-area"> + <properties> + <help>Debug intra-area route calculation</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="memory"> + <properties> + <help>Debug route memory use</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="table"> + <properties> + <help>Debug route table calculation</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + <node name="spf"> + <properties> + <help>Enable OSPFv3 SPF calculation debugging</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + <children> + <node name="database"> + <properties> + <help>Log number of LSAs at SPF Calculation time</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="process"> + <properties> + <help>Debug Detailed SPF Process</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + <node name="time"> + <properties> + <help>Measure time taken by SPF Calculation</help> + </properties> + <command>vtysh -c "debug ospf6 ${@:5}"</command> + </node> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="rib"> + <properties> + <help>Monitor the Routing Information Base (RIB)</help> + </properties> + <children> + <node name="background"> + <properties> + <help>Monitor in background</help> + </properties> + <children> + <node name="start"> + <properties> + <help>Start background monitoring</help> + </properties> + <command>${vyatta_bindir}/vyatta-monitor-background RIB zebra</command> + </node> + <node name="stop"> + <properties> + <help>Stop background monitoring</help> + </properties> + <command>${vyatta_bindir}/vyatta-monitor-background-stop RIB</command> + </node> + </children> + </node> + <node name="disable"> + <properties> + <help>Disable Route Information Base (RIB) debugging</help> + </properties> + <children> + <node name="events"> + <properties> + <help>Disable RIB events debugging</help> + </properties> + <command>vtysh -c "no debug zebra ${@:5}"</command> + </node> + <node name="kernel"> + <properties> + <help>Disable RIB kernel debugging</help> + </properties> + <command>vtysh -c "no debug zebra ${@:5}"</command> + </node> + <node name="packet"> + <properties> + <help>Disable RIB packet debugging</help> + </properties> + <command>vtysh -c "no debug zebra ${@:5}"</command> + <children> + <node name="detail"> + <properties> + <help>Disable detailed debugging</help> + </properties> + <command>vtysh -c "no debug zebra ${@:5}"</command> + </node> + <node name="recv"> + <properties> + <help>Disable receive packet debugging</help> + </properties> + <command>vtysh -c "no debug zebra ${@:5}"</command> + </node> + <node name="send"> + <properties> + <help>Disable send packet debugging</help> + </properties> + <command>vtysh -c "no debug zebra ${@:5}"</command> + </node> + </children> + </node> + <node name="nexthop"> + <properties> + <help>Disable RIB nexthop debugging</help> + </properties> + <command>vtysh -c "no debug zebra ${@:5}"</command> + </node> + <node name="mpls"> + <properties> + <help>Disable RIP MPLS LSP debugging</help> + </properties> + <command>vtysh -c "no debug zebra ${@:5}"</command> + </node> + <node name="rib"> + <properties> + <help>Disable RIB debugging</help> + </properties> + <command>vtysh -c "no debug zebra ${@:5}"</command> + <children> + <node name="detailed"> + <properties> + <help>Disable detailed debugging</help> + </properties> + <command>vtysh -c "no debug zebra ${@:5}"</command> + </node> + </children> + </node> + </children> + </node> + <node name="enable"> + <properties> + <help>Enable Route Information Base (RIB) debugging</help> + </properties> + <children> + <node name="events"> + <properties> + <help>Enable RIB events debugging</help> + </properties> + <command>vtysh -c "debug zebra ${@:5}"</command> + </node> + <node name="kernel"> + <properties> + <help>Enable RIB kernel debugging</help> + </properties> + <command>vtysh -c "debug zebra ${@:5}"</command> + </node> + <node name="packet"> + <properties> + <help>Enable RIB packet debugging</help> + </properties> + <command>vtysh -c "debug zebra ${@:5}"</command> + <children> + <node name="detail"> + <properties> + <help>Enable detailed debugging</help> + </properties> + <command>vtysh -c "debug zebra ${@:5}"</command> + </node> + <node name="recv"> + <properties> + <help>Enable receive packet debugging</help> + </properties> + <command>vtysh -c "debug zebra ${@:5}"</command> + </node> + <node name="send"> + <properties> + <help>Enable send packet debugging</help> + </properties> + <command>vtysh -c "debug zebra ${@:5}"</command> + </node> + </children> + </node> + <node name="nexthop"> + <properties> + <help>Enable RIB nexthop debugging</help> + </properties> + <command>vtysh -c "debug zebra ${@:5}"</command> + </node> + <node name="mpls"> + <properties> + <help>Enable RIP MPLS LSP debugging</help> + </properties> + <command>vtysh -c "debug zebra ${@:5}"</command> + </node> + <node name="rib"> + <properties> + <help>Enable RIB debugging</help> + </properties> + <command>vtysh -c "debug zebra ${@:5}"</command> + <children> + <node name="detailed"> + <properties> + <help>Enable detailed debugging</help> + </properties> + <command>vtysh -c "debug zebra ${@:5}"</command> + </node> + </children> + </node> + </children> + </node> + </children> + </node> + <node name="rip"> + <properties> + <help>Monitor the Routing Information Protocol (RIP)</help> + </properties> + <children> + #include <include/monitor-background.xml.i> + <node name="disable"> + <properties> + <help>Disable Routing Information Protocol (RIP) debugging</help> + </properties> + <children> + <node name="all"> + <properties> + <help>Disable RIP debugging</help> + </properties> + <command>vtysh -c "no debug rip"</command> + </node> + <node name="events"> + <properties> + <help>Disable RIP events debugging</help> + </properties> + <command>vtysh -c "no debug rip ${@:5}"</command> + </node> + <node name="packet"> + <properties> + <help>Disable RIP packet debugging</help> + </properties> + <command>vtysh -c "no debug rip ${@:5}"</command> + <children> + <node name="recv"> + <properties> + <help>Disable receive packet debugging</help> + </properties> + <command>vtysh -c "no debug rip ${@:5}"</command> + </node> + <node name="send"> + <properties> + <help>Disable send packet debugging</help> + </properties> + <command>vtysh -c "no debug rip ${@:5}"</command> + </node> + </children> + </node> + <node name="rib"> + <properties> + <help>Disable RIB debugging</help> + </properties> + <command>vtysh -c "no debug rip zebra"</command> + </node> + </children> + </node> + <node name="enable"> + <properties> + <help>Enable Routing Information Protocol (RIP) debugging</help> + </properties> + <children> + <node name="events"> + <properties> + <help>Enable RIP events debugging</help> + </properties> + <command>vtysh -c "debug rip ${@:5}"</command> + </node> + <node name="packet"> + <properties> + <help>Enable RIP packet debugging</help> + </properties> + <command>vtysh -c "debug rip ${@:5}"</command> + <children> + <node name="recv"> + <properties> + <help>Enable receive packet debugging</help> + </properties> + <command>vtysh -c "debug rip ${@:5}"</command> + </node> + <node name="send"> + <properties> + <help>Enable send packet debugging</help> + </properties> + <command>vtysh -c "debug rip ${@:5}"</command> + </node> + </children> + </node> + <node name="rib"> + <properties> + <help>Enable RIB debugging</help> + </properties> + <command>vtysh -c "debug rip zebra"</command> + </node> + </children> + </node> + </children> + </node> + <node name="ripng"> + <properties> + <help>Monitor the Routing Information Protocol Next Generation (RIPng) protocol</help> + </properties> + <children> + #include <include/monitor-background.xml.i> + <node name="disable"> + <properties> + <help>Disable Routing Information Protocol Next Generation (RIPNG) debugging</help> + </properties> + <children> + <node name="all"> + <properties> + <help>Disable RIPNG debugging</help> + </properties> + <command>vtysh -c "no debug ripng"</command> + </node> + <node name="events"> + <properties> + <help>Disable RIPNG events debugging</help> + </properties> + <command>vtysh -c "no debug ripng ${@:5}"</command> + </node> + <node name="packet"> + <properties> + <help>Disable RIPNG packet debugging</help> + </properties> + <command>vtysh -c "no debug ripng ${@:5}"</command> + <children> + <node name="recv"> + <properties> + <help>Disable receive packet debugging</help> + </properties> + <command>vtysh -c "no debug ripng ${@:5}"</command> + </node> + <node name="send"> + <properties> + <help>Disable send packet debugging</help> + </properties> + <command>vtysh -c "no debug ripng ${@:5}"</command> + </node> + </children> + </node> + <node name="rib"> + <properties> + <help>Disable RIB debugging</help> + </properties> + <command>vtysh -c "no debug ripng zebra"</command> + </node> + </children> + </node> + <node name="enable"> + <properties> + <help>Enable Routing Information Protocol Next Generation (RIPNG) debugging</help> + </properties> + <children> + <node name="events"> + <properties> + <help>Enable RIPNG events debugging</help> + </properties> + <command>vtysh -c "debug ripng ${@:5}"</command> + </node> + <node name="packet"> + <properties> + <help>Enable RIPNG packet debugging</help> + </properties> + <command>vtysh -c "debug ripng ${@:5}"</command> + <children> + <node name="recv"> + <properties> + <help>Enable receive packet debugging</help> + </properties> + <command>vtysh -c "debug ripng ${@:5}"</command> + </node> + <node name="send"> + <properties> + <help>Enable send packet debugging</help> + </properties> + <command>vtysh -c "debug ripng ${@:5}"</command> + </node> + </children> + </node> + <node name="rib"> + <properties> + <help>Enable RIB debugging</help> + </properties> + <command>vtysh -c "debug ripng zebra"</command> + </node> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/nat.xml b/op-mode-definitions/nat.xml.in index f6c0fa748..4b09816f9 100644 --- a/op-mode-definitions/nat.xml +++ b/op-mode-definitions/nat.xml.in @@ -16,7 +16,7 @@ <properties> <help>Show configured source NAT rules</help> </properties> - <command>echo To be migrated to Python - https://phabricator.vyos.net/T2459</command> + <command>echo To be migrated to Python - Phabricator T2459</command> </node> <node name="statistics"> <properties> @@ -58,7 +58,7 @@ <properties> <help>Show configured destination NAT rules</help> </properties> - <command>echo To be migrated to Python - https://phabricator.vyos.net/T2459</command> + <command>echo To be migrated to Python - Phabricator T2459</command> </node> <node name="statistics"> <properties> diff --git a/op-mode-definitions/openconnect.xml b/op-mode-definitions/openconnect.xml.in index 9b82b114e..9b82b114e 100644 --- a/op-mode-definitions/openconnect.xml +++ b/op-mode-definitions/openconnect.xml.in diff --git a/op-mode-definitions/openvpn.xml b/op-mode-definitions/openvpn.xml.in index b9cb06dca..e9420904a 100644 --- a/op-mode-definitions/openvpn.xml +++ b/op-mode-definitions/openvpn.xml.in @@ -19,7 +19,6 @@ key_path=$4 full_path= - # Prepend /config/auth if the path is not absolute if echo $key_path | egrep -ve '^/.*' > /dev/null; then full_path=/config/auth/$key_path else diff --git a/op-mode-definitions/ping.xml b/op-mode-definitions/ping.xml.in index 4c25a59ab..4c25a59ab 100644 --- a/op-mode-definitions/ping.xml +++ b/op-mode-definitions/ping.xml.in diff --git a/op-mode-definitions/poweroff.xml b/op-mode-definitions/poweroff.xml.in index b4163bcb9..b4163bcb9 100644 --- a/op-mode-definitions/poweroff.xml +++ b/op-mode-definitions/poweroff.xml.in diff --git a/op-mode-definitions/pppoe-server.xml b/op-mode-definitions/pppoe-server.xml.in index 5ac9d9497..5ac9d9497 100644 --- a/op-mode-definitions/pppoe-server.xml +++ b/op-mode-definitions/pppoe-server.xml.in diff --git a/op-mode-definitions/pptp-server.xml b/op-mode-definitions/pptp-server.xml.in index 59be68611..59be68611 100644 --- a/op-mode-definitions/pptp-server.xml +++ b/op-mode-definitions/pptp-server.xml.in diff --git a/op-mode-definitions/reboot.xml b/op-mode-definitions/reboot.xml.in index 2c8daec5d..2c8daec5d 100644 --- a/op-mode-definitions/reboot.xml +++ b/op-mode-definitions/reboot.xml.in diff --git a/op-mode-definitions/reset-conntrack.xml b/op-mode-definitions/reset-conntrack.xml.in index 827ba4af4..827ba4af4 100644 --- a/op-mode-definitions/reset-conntrack.xml +++ b/op-mode-definitions/reset-conntrack.xml.in diff --git a/op-mode-definitions/reset-ip-bgp.xml b/op-mode-definitions/reset-ip-bgp.xml.in index 931a2a9bc..931a2a9bc 100644 --- a/op-mode-definitions/reset-ip-bgp.xml +++ b/op-mode-definitions/reset-ip-bgp.xml.in diff --git a/op-mode-definitions/reset-ip-igmp.xml b/op-mode-definitions/reset-ip-igmp.xml.in index 143553d33..143553d33 100644 --- a/op-mode-definitions/reset-ip-igmp.xml +++ b/op-mode-definitions/reset-ip-igmp.xml.in diff --git a/op-mode-definitions/reset-ip-multicast.xml b/op-mode-definitions/reset-ip-multicast.xml.in index d610add16..d610add16 100644 --- a/op-mode-definitions/reset-ip-multicast.xml +++ b/op-mode-definitions/reset-ip-multicast.xml.in diff --git a/op-mode-definitions/reset-ipv6-bgp.xml b/op-mode-definitions/reset-ipv6-bgp.xml.in index 3c4275331..3c4275331 100644 --- a/op-mode-definitions/reset-ipv6-bgp.xml +++ b/op-mode-definitions/reset-ipv6-bgp.xml.in diff --git a/op-mode-definitions/reset-mpls.xml b/op-mode-definitions/reset-mpls.xml.in index 4e5d37d5b..4e5d37d5b 100644 --- a/op-mode-definitions/reset-mpls.xml +++ b/op-mode-definitions/reset-mpls.xml.in diff --git a/op-mode-definitions/reset-vpn.xml b/op-mode-definitions/reset-vpn.xml.in index ae553c272..71dbb4ed9 100644 --- a/op-mode-definitions/reset-vpn.xml +++ b/op-mode-definitions/reset-vpn.xml.in @@ -17,31 +17,31 @@ <children> <node name="all"> <properties> - <help>Terminate all user's current remote access VPN session(s)</help> + <help>Terminate all users current remote access VPN session(s)</help> </properties> <children> <node name="protocol"> <properties> - <help>Terminate specified user's current remote access VPN session(s) with specified protocol</help> + <help>Terminate specified users current remote access VPN session(s) with specified protocol</help> </properties> <children> <leafNode name="l2tp"> <properties> - <help>Terminate all user's current remote access VPN session(s) with L2TP protocol</help> + <help>Terminate all users current remote access VPN session(s) with L2TP protocol</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="l2tp"</command> + <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="l2tp"</command> </leafNode> <leafNode name="pptp"> <properties> - <help>Terminate all user's current remote access VPN session(s) with PPTP protocol</help> + <help>Terminate all users current remote access VPN session(s) with PPTP protocol</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="pptp"</command> + <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="pptp"</command> </leafNode> <leafNode name="sstp"> <properties> - <help>Terminate all user's current remote access VPN session(s) with SSTP protocol</help> + <help>Terminate all users current remote access VPN session(s) with SSTP protocol</help> </properties> - <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="sstp"</command> + <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="sstp"</command> </leafNode> </children> </node> @@ -56,29 +56,29 @@ </tagNode> <tagNode name="user"> <properties> - <help>Terminate specified user's current remote access VPN session(s)</help> + <help>Terminate specified users current remote access VPN session(s)</help> </properties> <children> <node name="protocol"> <properties> - <help>Terminate specified user's current remote access VPN session(s) with specified protocol</help> + <help>Terminate specified users current remote access VPN session(s) with specified protocol</help> </properties> <children> <leafNode name="l2tp"> <properties> - <help>Terminate all user's current remote access VPN session(s) with L2TP protocol</help> + <help>Terminate all users current remote access VPN session(s) with L2TP protocol</help> </properties> <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5" --protocol="l2tp"</command> </leafNode> <leafNode name="pptp"> <properties> - <help>Terminate all user's current remote access VPN session(s) with PPTP protocol</help> + <help>Terminate all users current remote access VPN session(s) with PPTP protocol</help> </properties> <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5" --protocol="pptp"</command> </leafNode> <leafNode name="sstp"> <properties> - <help>Terminate all user's current remote access VPN session(s) with SSTP protocol</help> + <help>Terminate all users current remote access VPN session(s) with SSTP protocol</help> </properties> <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5" --protocol="sstp"</command> </leafNode> diff --git a/op-mode-definitions/restart-frr.xml b/op-mode-definitions/restart-frr.xml.in index 96ad1a650..96ad1a650 100644 --- a/op-mode-definitions/restart-frr.xml +++ b/op-mode-definitions/restart-frr.xml.in diff --git a/op-mode-definitions/restart.xml b/op-mode-definitions/restart.xml.in index c74ec9013..c74ec9013 100644 --- a/op-mode-definitions/restart.xml +++ b/op-mode-definitions/restart.xml.in diff --git a/op-mode-definitions/show-acceleration.xml b/op-mode-definitions/show-acceleration.xml.in index d0dcea2d6..d0dcea2d6 100644 --- a/op-mode-definitions/show-acceleration.xml +++ b/op-mode-definitions/show-acceleration.xml.in diff --git a/op-mode-definitions/show-bridge.xml b/op-mode-definitions/show-bridge.xml.in index 8c1f7c398..8c1f7c398 100644 --- a/op-mode-definitions/show-bridge.xml +++ b/op-mode-definitions/show-bridge.xml.in diff --git a/op-mode-definitions/show-configuration.xml b/op-mode-definitions/show-configuration.xml.in index 318942ab0..318942ab0 100644 --- a/op-mode-definitions/show-configuration.xml +++ b/op-mode-definitions/show-configuration.xml.in diff --git a/op-mode-definitions/show-console-server.xml b/op-mode-definitions/show-console-server.xml.in index 77a7f3376..77a7f3376 100644 --- a/op-mode-definitions/show-console-server.xml +++ b/op-mode-definitions/show-console-server.xml.in diff --git a/op-mode-definitions/show-environment.xml b/op-mode-definitions/show-environment.xml.in index 95b658785..95b658785 100644 --- a/op-mode-definitions/show-environment.xml +++ b/op-mode-definitions/show-environment.xml.in diff --git a/op-mode-definitions/show-hardware.xml b/op-mode-definitions/show-hardware.xml.in index c3ff3a60f..0df2e4404 100644 --- a/op-mode-definitions/show-hardware.xml +++ b/op-mode-definitions/show-hardware.xml.in @@ -21,7 +21,7 @@ </node> <node name="summary"> <properties> - <help>Show CPU's on system</help> + <help>Show system CPUs</help> </properties> <command>${vyos_op_scripts_dir}/cpu_summary.py</command> </node> diff --git a/op-mode-definitions/show-history.xml b/op-mode-definitions/show-history.xml.in index 7fb286264..7fb286264 100644 --- a/op-mode-definitions/show-history.xml +++ b/op-mode-definitions/show-history.xml.in diff --git a/op-mode-definitions/show-host.xml b/op-mode-definitions/show-host.xml.in index eee1288a1..eee1288a1 100644 --- a/op-mode-definitions/show-host.xml +++ b/op-mode-definitions/show-host.xml.in diff --git a/op-mode-definitions/show-interfaces-bonding.xml b/op-mode-definitions/show-interfaces-bonding.xml.in index f6d9b3508..f6d9b3508 100644 --- a/op-mode-definitions/show-interfaces-bonding.xml +++ b/op-mode-definitions/show-interfaces-bonding.xml.in diff --git a/op-mode-definitions/show-interfaces-bridge.xml b/op-mode-definitions/show-interfaces-bridge.xml.in index cc4b248b6..cc4b248b6 100644 --- a/op-mode-definitions/show-interfaces-bridge.xml +++ b/op-mode-definitions/show-interfaces-bridge.xml.in diff --git a/op-mode-definitions/show-interfaces-dummy.xml b/op-mode-definitions/show-interfaces-dummy.xml.in index 7c24c6921..7c24c6921 100644 --- a/op-mode-definitions/show-interfaces-dummy.xml +++ b/op-mode-definitions/show-interfaces-dummy.xml.in diff --git a/op-mode-definitions/show-interfaces-ethernet.xml b/op-mode-definitions/show-interfaces-ethernet.xml.in index fc79f44bf..fc79f44bf 100644 --- a/op-mode-definitions/show-interfaces-ethernet.xml +++ b/op-mode-definitions/show-interfaces-ethernet.xml.in diff --git a/op-mode-definitions/show-interfaces-input.xml b/op-mode-definitions/show-interfaces-input.xml.in index 15e8203e5..15e8203e5 100644 --- a/op-mode-definitions/show-interfaces-input.xml +++ b/op-mode-definitions/show-interfaces-input.xml.in diff --git a/op-mode-definitions/show-interfaces-l2tpv3.xml b/op-mode-definitions/show-interfaces-l2tpv3.xml.in index 60fee34a1..60fee34a1 100644 --- a/op-mode-definitions/show-interfaces-l2tpv3.xml +++ b/op-mode-definitions/show-interfaces-l2tpv3.xml.in diff --git a/op-mode-definitions/show-interfaces-loopback.xml b/op-mode-definitions/show-interfaces-loopback.xml.in index b30b57909..b30b57909 100644 --- a/op-mode-definitions/show-interfaces-loopback.xml +++ b/op-mode-definitions/show-interfaces-loopback.xml.in diff --git a/op-mode-definitions/show-interfaces-macsec.xml b/op-mode-definitions/show-interfaces-macsec.xml.in index 6aeab66af..6aeab66af 100644 --- a/op-mode-definitions/show-interfaces-macsec.xml +++ b/op-mode-definitions/show-interfaces-macsec.xml.in diff --git a/op-mode-definitions/show-interfaces-pppoe.xml b/op-mode-definitions/show-interfaces-pppoe.xml.in index 393ca912f..393ca912f 100644 --- a/op-mode-definitions/show-interfaces-pppoe.xml +++ b/op-mode-definitions/show-interfaces-pppoe.xml.in diff --git a/op-mode-definitions/show-interfaces-pseudo-ethernet.xml b/op-mode-definitions/show-interfaces-pseudo-ethernet.xml.in index 195944745..195944745 100644 --- a/op-mode-definitions/show-interfaces-pseudo-ethernet.xml +++ b/op-mode-definitions/show-interfaces-pseudo-ethernet.xml.in diff --git a/op-mode-definitions/show-interfaces-tunnel.xml b/op-mode-definitions/show-interfaces-tunnel.xml.in index 416de0299..416de0299 100644 --- a/op-mode-definitions/show-interfaces-tunnel.xml +++ b/op-mode-definitions/show-interfaces-tunnel.xml.in diff --git a/op-mode-definitions/show-interfaces-vti.xml b/op-mode-definitions/show-interfaces-vti.xml.in index f51be2d19..f51be2d19 100644 --- a/op-mode-definitions/show-interfaces-vti.xml +++ b/op-mode-definitions/show-interfaces-vti.xml.in diff --git a/op-mode-definitions/show-interfaces-vxlan.xml b/op-mode-definitions/show-interfaces-vxlan.xml.in index 4e3cb93cd..4e3cb93cd 100644 --- a/op-mode-definitions/show-interfaces-vxlan.xml +++ b/op-mode-definitions/show-interfaces-vxlan.xml.in diff --git a/op-mode-definitions/show-interfaces-wirelessmodem.xml b/op-mode-definitions/show-interfaces-wirelessmodem.xml.in index c0ab9c66f..c0ab9c66f 100644 --- a/op-mode-definitions/show-interfaces-wirelessmodem.xml +++ b/op-mode-definitions/show-interfaces-wirelessmodem.xml.in diff --git a/op-mode-definitions/show-interfaces.xml b/op-mode-definitions/show-interfaces.xml.in index 39b0f0a2c..39b0f0a2c 100644 --- a/op-mode-definitions/show-interfaces.xml +++ b/op-mode-definitions/show-interfaces.xml.in diff --git a/op-mode-definitions/show-ip-access-paths-prefix-community-lists.xml b/op-mode-definitions/show-ip-access-paths-prefix-community-lists.xml.in index a5ec65c94..a5ec65c94 100644 --- a/op-mode-definitions/show-ip-access-paths-prefix-community-lists.xml +++ b/op-mode-definitions/show-ip-access-paths-prefix-community-lists.xml.in diff --git a/op-mode-definitions/show-ip-bgp.xml b/op-mode-definitions/show-ip-bgp.xml.in index 5eb2ae56e..a92a78266 100644 --- a/op-mode-definitions/show-ip-bgp.xml +++ b/op-mode-definitions/show-ip-bgp.xml.in @@ -32,7 +32,7 @@ <properties> <help>Display routes matching the specified communities</help> <completionHelp> - <list><AA:NN> local-AS no-advertise no-export</list> + <list><AA:NN> local-AS no-advertise no-export</list> </completionHelp> </properties> <command>/usr/bin/vtysh -c "show ip bgp community $5"</command> @@ -97,11 +97,11 @@ </properties> <command>/usr/bin/vtysh -c "show ip bgp ipv4 unicast community"</command> </node> - <tagNode name="community"> + <tagNode name="community"> <properties> <help>Display routes matching the specified communities</help> <completionHelp> - <list><AA:NN> local-AS no-advertise no-export</list> + <list><AA:NN> local-AS no-advertise no-export</list> </completionHelp> </properties> <command>/usr/bin/vtysh -c "show ip bgp ipv4 unicast community $7"</command> @@ -160,7 +160,7 @@ <command>/usr/bin/vtysh -c "show ip bgp ipv4 unicast neighbor $7 routes"</command> </leafNode> </children> - </tagNode> + </tagNode> <leafNode name="paths"> <properties> <help>Show BGP path information</help> @@ -190,7 +190,7 @@ <help>Show summary of BGP information</help> </properties> <command>/usr/bin/vtysh -c "show ip bgp summary"</command> - </leafNode> + </leafNode> </children> </node> <tagNode name="unicast"> @@ -227,7 +227,7 @@ <help>Show BGP memory usage</help> </properties> <command>/usr/bin/vtysh -c "show ip bgp memory"</command> - </leafNode> + </leafNode> <tagNode name="neighbors"> <properties> <help>Show detailed BGP IPv4 unicast neighbor information</help> @@ -287,7 +287,7 @@ <command>/usr/bin/vtysh -c "show ip bgp neighbor $5 routes"</command> </leafNode> </children> - </tagNode> + </tagNode> <leafNode name="paths"> <properties> <help>Show BGP path information</help> diff --git a/op-mode-definitions/show-ip-igmp.xml b/op-mode-definitions/show-ip-igmp.xml.in index b8f2f9107..b8f2f9107 100644 --- a/op-mode-definitions/show-ip-igmp.xml +++ b/op-mode-definitions/show-ip-igmp.xml.in diff --git a/op-mode-definitions/show-ip-multicast.xml b/op-mode-definitions/show-ip-multicast.xml.in index 5331d2e35..5331d2e35 100644 --- a/op-mode-definitions/show-ip-multicast.xml +++ b/op-mode-definitions/show-ip-multicast.xml.in diff --git a/op-mode-definitions/show-ip-ospf.xml b/op-mode-definitions/show-ip-ospf.xml.in index 99441d185..50628d18e 100644 --- a/op-mode-definitions/show-ip-ospf.xml +++ b/op-mode-definitions/show-ip-ospf.xml.in @@ -54,7 +54,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>/usr/bin/vtysh -c "show ip ospf database asbr-summary"</command> + <command>/usr/bin/vtysh -c "show ip ospf database asbr-summary $6"</command> <children> <node name="adv-router"> <properties> @@ -75,7 +75,7 @@ <help>Show summary of self-originate IPv4 OSPF ASBR database</help> </properties> <command>show ip ospf database asbr-summary $6 self-originate</command> - </leafNode> + </leafNode> </children> </tagNode> <node name="external"> @@ -107,7 +107,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>/usr/bin/vtysh -c "show ip ospf database external"</command> + <command>/usr/bin/vtysh -c "show ip ospf database external $6"</command> <children> <node name="adv-router"> <properties> @@ -128,7 +128,7 @@ <help>Show self-originate IPv4 OSPF external database</help> </properties> <command>show ip ospf database external $6 self-originate</command> - </leafNode> + </leafNode> </children> </tagNode> <leafNode name="max-age"> @@ -166,7 +166,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>/usr/bin/vtysh -c "show ip ospf database network"</command> + <command>/usr/bin/vtysh -c "show ip ospf database network $6"</command> <children> <node name="adv-router"> <properties> @@ -187,7 +187,7 @@ <help>Show self-originate IPv4 OSPF network database</help> </properties> <command>show ip ospf database network $6 self-originate</command> - </leafNode> + </leafNode> </children> </tagNode> <node name="nssa-external"> @@ -219,7 +219,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>/usr/bin/vtysh -c "show ip ospf database nssa-external"</command> + <command>/usr/bin/vtysh -c "show ip ospf database nssa-external $6"</command> <children> <node name="adv-router"> <properties> @@ -240,7 +240,7 @@ <help>Show self-originate IPv4 OSPF NSSA external database</help> </properties> <command>show ip ospf database nssa-external $6 self-originate</command> - </leafNode> + </leafNode> </children> </tagNode> <node name="opaque-area"> @@ -272,7 +272,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>/usr/bin/vtysh -c "show ip ospf database opaque-area"</command> + <command>/usr/bin/vtysh -c "show ip ospf database opaque-area $6"</command> <children> <node name="adv-router"> <properties> @@ -293,7 +293,7 @@ <help>Show self-originate IPv4 OSPF opaque-area database</help> </properties> <command>show ip ospf database opaque-area $6 self-originate</command> - </leafNode> + </leafNode> </children> </tagNode> <node name="opaque-as"> @@ -325,7 +325,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>/usr/bin/vtysh -c "show ip ospf database opaque-as"</command> + <command>/usr/bin/vtysh -c "show ip ospf database opaque-as $6"</command> <children> <node name="adv-router"> <properties> @@ -346,7 +346,7 @@ <help>Show self-originate IPv4 OSPF opaque-as database</help> </properties> <command>show ip ospf database opaque-as $6 self-originate</command> - </leafNode> + </leafNode> </children> </tagNode> <node name="opaque-link"> @@ -378,7 +378,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>/usr/bin/vtysh -c "show ip ospf database opaque-link"</command> + <command>/usr/bin/vtysh -c "show ip ospf database opaque-link $6"</command> <children> <node name="adv-router"> <properties> @@ -399,7 +399,7 @@ <help>Show self-originate IPv4 OSPF opaque-link database</help> </properties> <command>show ip ospf database opaque-link $6 self-originate</command> - </leafNode> + </leafNode> </children> </tagNode> <node name="router"> @@ -431,7 +431,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>/usr/bin/vtysh -c "show ip ospf database router"</command> + <command>/usr/bin/vtysh -c "show ip ospf database router $6"</command> <children> <node name="adv-router"> <properties> @@ -452,7 +452,7 @@ <help>Show self-originate IPv4 OSPF router database</help> </properties> <command>show ip ospf database router $6 self-originate</command> - </leafNode> + </leafNode> </children> </tagNode> <leafNode name="self-originate"> @@ -490,7 +490,7 @@ <list><x.x.x.x></list> </completionHelp> </properties> - <command>/usr/bin/vtysh -c "show ip ospf database summary"</command> + <command>/usr/bin/vtysh -c "show ip ospf database summary $6"</command> <children> <node name="adv-router"> <properties> @@ -511,7 +511,7 @@ <help>Show self-originate IPv4 OSPF summary database</help> </properties> <command>show ip ospf database summary $6 self-originate</command> - </leafNode> + </leafNode> </children> </tagNode> </children> diff --git a/op-mode-definitions/show-ip-pim.xml b/op-mode-definitions/show-ip-pim.xml.in index 3f4edc779..3f4edc779 100644 --- a/op-mode-definitions/show-ip-pim.xml +++ b/op-mode-definitions/show-ip-pim.xml.in diff --git a/op-mode-definitions/show-ip-ports.xml b/op-mode-definitions/show-ip-ports.xml.in index a74b68ffc..a74b68ffc 100644 --- a/op-mode-definitions/show-ip-ports.xml +++ b/op-mode-definitions/show-ip-ports.xml.in diff --git a/op-mode-definitions/show-ip-rip.xml b/op-mode-definitions/show-ip-rip.xml.in index b61ab10a7..b61ab10a7 100644 --- a/op-mode-definitions/show-ip-rip.xml +++ b/op-mode-definitions/show-ip-rip.xml.in diff --git a/op-mode-definitions/show-ip-route.xml b/op-mode-definitions/show-ip-route.xml.in index a98048785..a98048785 100644 --- a/op-mode-definitions/show-ip-route.xml +++ b/op-mode-definitions/show-ip-route.xml.in diff --git a/op-mode-definitions/show-ipv6-bgp.xml b/op-mode-definitions/show-ipv6-bgp.xml.in index aad61b97a..aad61b97a 100644 --- a/op-mode-definitions/show-ipv6-bgp.xml +++ b/op-mode-definitions/show-ipv6-bgp.xml.in diff --git a/op-mode-definitions/show-ipv6-ospfv3.xml b/op-mode-definitions/show-ipv6-ospfv3.xml deleted file mode 100644 index 36bb5b40e..000000000 --- a/op-mode-definitions/show-ipv6-ospfv3.xml +++ /dev/null @@ -1,777 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="show"> - <children> - <node name="ipv6"> - <properties> - <help>Show IPv6 routing information</help> - </properties> - <children> - <node name="ospfv3"> - <properties> - <help>Show IPv6 Open Shortest Path First (OSPF)</help> - </properties> - <command>vtysh -c "show ipv6 ospf6"</command> - <children> - <node name="area"> - <properties> - <help>Show Shortest Path First tree information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 spf tree"</command> - </node> - <tagNode name="area"> - <properties> - <help>Area ID (as an IPv4 notation)</help> - <completionHelp> - <path>protocols ospfv3 area</path> - </completionHelp> - </properties> - <command>vtysh -c "show ipv6 ospf6 area $4 spf tree"</command> - <children> - <tagNode name="router"> - <properties> - <help> Simulate view point (Router ID)</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <command>vtysh -c "show ipv6 ospf6 simulate spf-tree $7 $4 $5"</command> - </tagNode> - </children> - </tagNode> - <node name="border-routers"> - <properties> - <help>Show OSPFv3 border-router (ABR and ASBR) information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 border-routers"</command> - <children> - <node name="detail"> - <properties> - <help>Show OSPFv3 detailed border-router information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 border-routers detail"</command> - </node> - </children> - </node> - <tagNode name="border-routers"> - <properties> - <help>Border router ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <command>vtysh -c "show ipv6 ospf6 border-routers $5"</command> - </tagNode> - <node name="database"> - <properties> - <help>Show OSPFv3 Link state database information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database"</command> - <children> - <tagNode name="adv-router"> - <properties> - <help>Search by Advertising Router ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <children> - <tagNode name="linkstate-id"> - <properties> - <help>Search by Link state ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database adv-router $6 linkstate-id $8 detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database adv-router $6 linkstate-id $8 dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database adv-router $6 linkstate-id $8 internal"</command> - </node> - </children> - </tagNode> - </children> - </tagNode> - <node name="any"> - <properties> - <help>Search by Any Link state Type</help> - </properties> - <children> - <tagNode name="any"> - <properties> - <help>Search by Link state ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database * * $7 detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database * * $7 dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database * * $7 internal"</command> - </node> - </children> - </tagNode> - </children> - </node> - <tagNode name="any"> - <properties> - <help>Search by Link state ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <command>vtysh -c "show ipv6 ospf6 database * $6"</command> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database * $6 detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database * $6 dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database * $6 internal"</command> - </node> - <node name="node.tag"> - <properties> - <help>Search by Advertising Router ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <command>vtysh -c "show ipv6 ospf6 database * $6 $7"</command> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database * $6 $7 detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database * $6 $7 dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database * $6 $7 internal"</command> - </node> - </children> - </node> - </children> - </tagNode> - - - - - - <node name="as-external"> - <properties> - <help>Show AS-External LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external"</command> - <children> - <tagNode name="adv-router"> - <properties> - <help>Search by Advertising Router ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <children> - <tagNode name="linkstate-id"> - <properties> - <help>Search by Link state ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <children> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external adv-router $7 linkstate-id $9 dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external adv-router $7 linkstate-id $9 internal"</command> - </node> - </children> - </tagNode> - </children> - </tagNode> - <tagNode name="any"> - <properties> - <help>Search by Advertising Router ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external * $7"</command> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external * $7 detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external * $7 dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external * $7 internal"</command> - </node> - </children> - </tagNode> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external internal"</command> - </node> - <tagNode name="linkstate-id"> - <properties> - <help>Search by Link state ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external linkstate-id $7 detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external linkstate-id $7 dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external linkstate-id $7 internal"</command> - </node> - </children> - </tagNode> - <node name="self-originated"> - <properties> - <help>Show Self-originated LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external self-originated"</command> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external self-originated detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external self-originated dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external self-originated internal"</command> - </node> - <tagNode name="linkstate-id"> - <properties> - <help>Search by Link state ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external self-originated linkstate-id $8 detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external self-originated linkstate-id $8 dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external self-originated linkstate-id $8 internal"</command> - </node> - </children> - </tagNode> - </children> - </node> - </children> - </node> - <tagNode name="as-external"> - <properties> - <help>Search by Advertising Router IDs</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external $6 detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external $6 dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external $6 internal"</command> - </node> - <node name="self-originated"> - <properties> - <help>Show Self-originated LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external $6 self-originated"</command> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external $6 self-originated detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external $6 self-originated dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database as-external $6 self-originated internal"</command> - </node> - </children> - </node> - <node name="node.tag"> - <properties> - <help>Search by Advertising Router ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <children> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>echo vtysh -c "show ipv6 ospf6 database as-external $6 $7 dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>echo vtysh -c "show ipv6 ospf6 database as-external $6 $7 internal"</command> - </node> - </children> - </node> - </children> - </tagNode> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database dump"</command> - </node> - <tagNode name="linkstate-id"> - <properties> - <help>Search by Link state ID</help> - <completionHelp> - <list><x.x.x.x></list> - </completionHelp> - </properties> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database linkstate-id $6 detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database linkstate-id $6 dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database linkstate-id $6 internal"</command> - </node> - </children> - </tagNode> - <node name="self-originated"> - <properties> - <help>Show Self-originated LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database self-originated"</command> - <children> - <node name="detail"> - <properties> - <help>Show details of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database self-originated detail"</command> - </node> - <node name="dump"> - <properties> - <help>Show dump of LSAs</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database self-originated dump"</command> - </node> - <node name="internal"> - <properties> - <help>Show LSAs internal information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 database self-originated internal"</command> - </node> - </children> - </node> - </children> - </node> - <node name="interface"> - <properties> - <help>Show OSPFv3 interface information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface"</command> - <children> - <node name="prefix"> - <properties> - <help>Show connected prefixes to advertise</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface prefix"</command> - <children> - <node name="detail"> - <properties> - <help>More detailed interface prefix information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface prefix detail"</command> - </node> - </children> - </node> - <tagNode name="prefix"> - <properties> - <help>Show interface prefix route specific information</help> - <completionHelp> - <list><h:h:h:h:h:h:h:h> <h:h:h:h:h:h:h:h/x></list> - </completionHelp> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface prefix $6"</command> - <children> - <node name="detail"> - <properties> - <help>More detailed information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface prefix $6 detail"</command> - </node> - <node name="match"> - <properties> - <help>Matched interface prefix information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface prefix $6 match"</command> - </node> - </children> - </tagNode> - </children> - </node> - <tagNode name="interface"> - <properties> - <help>Specific insterface to examine</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> - </completionHelp> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface $5"</command> - <children> - <node name="prefix"> - <properties> - <help>Show connected prefixes to advertise</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface $5 prefix"</command> - <children> - <node name="detail"> - <properties> - <help>More detailed interface prefix information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface $5 prefix detail"</command> - </node> - </children> - </node> - <tagNode name="prefix"> - <properties> - <help>Show interface prefix route specific information</help> - <completionHelp> - <list><h:h:h:h:h:h:h:h> <h:h:h:h:h:h:h:h/x></list> - </completionHelp> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface $5 prefix $7"</command> - <children> - <node name="detail"> - <properties> - <help>More detailed information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface $5 prefix $7 detail"</command> - </node> - <node name="match"> - <properties> - <help>Matched interface prefix information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 interface $5 prefix $7 match"</command> - </node> - </children> - </tagNode> - </children> - </tagNode> - <node name="linkstate"> - <properties> - <help>Show OSPFv3 linkstate routing information</help> - </properties> - <children> - <node name="detail"> - <properties> - <help>Show detailed linkstate information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 linkstate detail"</command> - </node> - <node name="network"> - <properties> - <help>Show linkstate Network information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 linkstate network"</command> - </node> - <node name="router"> - <properties> - <help>Show linkstate Router information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 linkstate router"</command> - </node> - </children> - </node> - <node name="neighbor"> - <properties> - <help>Show OSPFv3 neighbor information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 neighbor"</command> - <children> - <node name="detail"> - <properties> - <help>Show detailed neighbor information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 neighbor detail"</command> - </node> - <node name="drchoice"> - <properties> - <help>Show neighbor DR choice information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 neighbor drchoice"</command> - </node> - </children> - </node> - <node name="redistribute"> - <properties> - <help>Show OSPFv3 redistribute external information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 redistribute"</command> - </node> - <node name="route"> - <properties> - <help>Show OSPFv3 routing table information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route"</command> - <children> - <node name="external-1"> - <properties> - <help>Show Type-1 External route information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route external-1"</command> - <children> - <node name="detail"> - <properties> - <help>Show detailed Type-1 External route information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route external-1 detail"</command> - </node> - </children> - </node> - <node name="external-2"> - <properties> - <help>Show Type-2 External route information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route external-2"</command> - <children> - <node name="detail"> - <properties> - <help>Show detailed Type-2 External route information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route external-2 detail"</command> - </node> - </children> - </node> - <node name="inter-area"> - <properties> - <help>Show Inter-Area route information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route inter-area"</command> - <children> - <node name="detail"> - <properties> - <help>Show detailed Inter-Area route information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route inter-area detail"</command> - </node> - </children> - </node> - <node name="intra-area"> - <properties> - <help>Show Intra-Area route information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route intra-area"</command> - <children> - <node name="detail"> - <properties> - <help>Show detailed Intra-Area route information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route intra-area detail"</command> - </node> - </children> - </node> - <node name="detail"> - <properties> - <help>Show detailed route information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route detail"</command> - </node> - <node name="summary"> - <properties> - <help>Show route table summary</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route summary"</command> - </node> - </children> - </node> - <tagNode name="route"> - <properties> - <help>Show specified route/prefix information</help> - <completionHelp> - <list><h:h:h:h:h:h:h:h> <h:h:h:h:h:h:h:h/x></list> - </completionHelp> - </properties> - <command>vtysh -c "show ipv6 ospf6 route $5"</command> - <children> - <node name="longer"> - <properties> - <help>Show routes longer than specified prefix</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route $5 longer"</command> - </node> - <node name="match"> - <properties> - <help>Show routes matching specified prefix</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route $5 match"</command> - <children> - <node name="detail"> - <properties> - <help>Detailed information</help> - </properties> - <command>vtysh -c "show ipv6 ospf6 route $5 match detail"</command> - </node> - </children> - </node> - </children> - </tagNode> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/op-mode-definitions/show-ipv6-ospfv3.xml.in b/op-mode-definitions/show-ipv6-ospfv3.xml.in new file mode 100644 index 000000000..9227fdae1 --- /dev/null +++ b/op-mode-definitions/show-ipv6-ospfv3.xml.in @@ -0,0 +1,502 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="show"> + <children> + <node name="ipv6"> + <properties> + <help>Show IPv6 routing information</help> + </properties> + <children> + <node name="ospfv3"> + <properties> + <help>Show IPv6 Open Shortest Path First (OSPF)</help> + </properties> + <command>vtysh -c "show ipv6 ospf6"</command> + <children> + <node name="area"> + <properties> + <help>Show Shortest Path First tree information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 spf tree"</command> + </node> + <tagNode name="area"> + <properties> + <help>Area ID (as an IPv4 notation)</help> + <completionHelp> + <path>protocols ospfv3 area</path> + </completionHelp> + </properties> + <command>vtysh -c "show ipv6 ospf6 area $4 spf tree"</command> + <children> + <tagNode name="router"> + <properties> + <help> Simulate view point (Router ID)</help> + <completionHelp> + <list><x.x.x.x></list> + </completionHelp> + </properties> + <command>vtysh -c "show ipv6 ospf6 simulate spf-tree $7 $4 $5"</command> + </tagNode> + </children> + </tagNode> + <node name="border-routers"> + <properties> + <help>Show OSPFv3 border-router (ABR and ASBR) information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 border-routers"</command> + <children> + #include <include/ospfv3-detail.xml.i> + </children> + </node> + <tagNode name="border-routers"> + <properties> + <help>Border router ID</help> + <completionHelp> + <list><x.x.x.x></list> + </completionHelp> + </properties> + <command>vtysh -c "show ipv6 ospf6 border-routers $5"</command> + </tagNode> + <node name="database"> + <properties> + <help>Show OSPFv3 Link state database information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 database"</command> + <children> + <tagNode name="adv-router"> + <properties> + <help>Search by Advertising Router ID</help> + <completionHelp> + <list><x.x.x.x></list> + </completionHelp> + </properties> + <children> + #include <include/ospfv3-linkstate-id.xml.i> + </children> + </tagNode> + <node name="any"> + <properties> + <help>Search by Any Link state Type</help> + </properties> + <children> + <tagNode name="any"> + <properties> + <help>Search by Link state ID</help> + <completionHelp> + <list><x.x.x.x></list> + </completionHelp> + </properties> + <children> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + </children> + </tagNode> + </children> + </node> + <tagNode name="any"> + <properties> + <help>Search by Link state ID</help> + <completionHelp> + <list><x.x.x.x></list> + </completionHelp> + </properties> + <command>vtysh -c "show ipv6 ospf6 database * $6"</command> + <children> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-adv-router-id-node-tag.xml.i> + </children> + </tagNode> + <node name="as-external"> + <properties> + <help>Show AS-External LSAs</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 database as-external"</command> + <children> + #include <include/ospfv3-adv-router.xml.i> + <tagNode name="any"> + <properties> + <help>Search by Advertising Router ID</help> + <completionHelp> + <list><x.x.x.x></list> + </completionHelp> + </properties> + <command>vtysh -c "show ipv6 ospf6 database as-external * $7"</command> + <children> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + </children> + </tagNode> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + #include <include/ospfv3-self-originated.xml.i> + </children> + </node> + <tagNode name="as-external"> + <properties> + <help>Search by Advertising Router IDs</help> + <completionHelp> + <list><x.x.x.x></list> + </completionHelp> + </properties> + <children> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-self-originated.xml.i> + #include <include/ospfv3-adv-router-id-node-tag.xml.i> + </children> + </tagNode> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + #include <include/ospfv3-self-originated.xml.i> + <node name="group-membership"> + <properties> + <help>Show Group-Membership LSAs</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-adv-router.xml.i> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + #include <include/ospfv3-linkstate-id-node-tag.xml.i> + #include <include/ospfv3-self-originated.xml.i> + </children> + </node> + <node name="inter-prefix"> + <properties> + <help>Show Inter-Area-Prefix LSAs</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-adv-router.xml.i> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + #include <include/ospfv3-linkstate-id-node-tag.xml.i> + #include <include/ospfv3-self-originated.xml.i> + </children> + </node> + <node name="inter-router"> + <properties> + <help>Show Inter-Area-Router LSAs</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-adv-router.xml.i> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + #include <include/ospfv3-linkstate-id-node-tag.xml.i> + #include <include/ospfv3-self-originated.xml.i> + </children> + </node> + <node name="intra-prefix"> + <properties> + <help>Show Intra-Area-Prefix LSAs</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-adv-router.xml.i> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + #include <include/ospfv3-linkstate-id-node-tag.xml.i> + #include <include/ospfv3-self-originated.xml.i> + </children> + </node> + <node name="link"> + <properties> + <help>Show Link LSAs</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-adv-router.xml.i> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + #include <include/ospfv3-linkstate-id-node-tag.xml.i> + #include <include/ospfv3-self-originated.xml.i> + </children> + </node> + <node name="network"> + <properties> + <help>Show Network LSAs</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-adv-router.xml.i> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + #include <include/ospfv3-linkstate-id-node-tag.xml.i> + #include <include/ospfv3-self-originated.xml.i> + </children> + </node> + <node name="node.tag"> + <properties> + <help>Show LSAs</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-adv-router.xml.i> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + #include <include/ospfv3-linkstate-id-node-tag.xml.i> + #include <include/ospfv3-self-originated.xml.i> + </children> + </node> + <node name="router"> + <properties> + <help>Show router LSAs</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-adv-router.xml.i> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + #include <include/ospfv3-linkstate-id-node-tag.xml.i> + #include <include/ospfv3-self-originated.xml.i> + </children> + </node> + <node name="type-7"> + <properties> + <help>Show Type-7 LSAs</help> + </properties> + <!-- FRR uses ospf6 where we use ospfv3, thus alter the command --> + <command>vtysh -c "show ipv6 ospf6 ${@:4}"</command> + <children> + #include <include/ospfv3-adv-router.xml.i> + #include <include/ospfv3-detail.xml.i> + #include <include/ospfv3-dump.xml.i> + #include <include/ospfv3-internal.xml.i> + #include <include/ospfv3-linkstate-id.xml.i> + #include <include/ospfv3-linkstate-id-node-tag.xml.i> + #include <include/ospfv3-self-originated.xml.i> + </children> + </node> + </children> + </node> + <node name="interface"> + <properties> + <help>Show OSPFv3 interface information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 interface"</command> + <children> + <node name="prefix"> + <properties> + <help>Show connected prefixes to advertise</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 interface prefix"</command> + <children> + #include <include/ospfv3-detail.xml.i> + </children> + </node> + <tagNode name="prefix"> + <properties> + <help>Show interface prefix route specific information</help> + <completionHelp> + <list><h:h:h:h:h:h:h:h> <h:h:h:h:h:h:h:h/x></list> + </completionHelp> + </properties> + <command>vtysh -c "show ipv6 ospf6 interface prefix $6"</command> + <children> + #include <include/ospfv3-detail.xml.i> + <node name="match"> + <properties> + <help>Matched interface prefix information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 interface prefix $6 match"</command> + </node> + </children> + </tagNode> + </children> + </node> + <tagNode name="interface"> + <properties> + <help>Specific insterface to examine</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <command>vtysh -c "show ipv6 ospf6 interface $5"</command> + <children> + <node name="prefix"> + <properties> + <help>Show connected prefixes to advertise</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 interface $5 prefix"</command> + <children> + #include <include/ospfv3-detail.xml.i> + </children> + </node> + <tagNode name="prefix"> + <properties> + <help>Show interface prefix route specific information</help> + <completionHelp> + <list><h:h:h:h:h:h:h:h> <h:h:h:h:h:h:h:h/x></list> + </completionHelp> + </properties> + <command>vtysh -c "show ipv6 ospf6 interface $5 prefix $7"</command> + <children> + #include <include/ospfv3-detail.xml.i> + <node name="match"> + <properties> + <help>Matched interface prefix information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 interface $5 prefix $7 match"</command> + </node> + </children> + </tagNode> + </children> + </tagNode> + <node name="linkstate"> + <properties> + <help>Show OSPFv3 linkstate routing information</help> + </properties> + <children> + #include <include/ospfv3-detail.xml.i> + <node name="network"> + <properties> + <help>Show linkstate Network information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 linkstate network"</command> + </node> + <node name="router"> + <properties> + <help>Show linkstate Router information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 linkstate router"</command> + </node> + </children> + </node> + <node name="neighbor"> + <properties> + <help>Show OSPFv3 neighbor information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 neighbor"</command> + <children> + #include <include/ospfv3-detail.xml.i> + <node name="drchoice"> + <properties> + <help>Show neighbor DR choice information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 neighbor drchoice"</command> + </node> + </children> + </node> + <node name="redistribute"> + <properties> + <help>Show OSPFv3 redistribute external information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 redistribute"</command> + </node> + <node name="route"> + <properties> + <help>Show OSPFv3 routing table information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 route"</command> + <children> + <node name="external-1"> + <properties> + <help>Show Type-1 External route information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 route external-1"</command> + <children> + #include <include/ospfv3-detail.xml.i> + </children> + </node> + <node name="external-2"> + <properties> + <help>Show Type-2 External route information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 route external-2"</command> + <children> + #include <include/ospfv3-detail.xml.i> + </children> + </node> + <node name="inter-area"> + <properties> + <help>Show Inter-Area route information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 route inter-area"</command> + <children> + #include <include/ospfv3-detail.xml.i> + </children> + </node> + <node name="intra-area"> + <properties> + <help>Show Intra-Area route information</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 route intra-area"</command> + <children> + #include <include/ospfv3-detail.xml.i> + </children> + </node> + #include <include/ospfv3-detail.xml.i> + <node name="summary"> + <properties> + <help>Show route table summary</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 route summary"</command> + </node> + </children> + </node> + <tagNode name="route"> + <properties> + <help>Show specified route/prefix information</help> + <completionHelp> + <list><h:h:h:h:h:h:h:h> <h:h:h:h:h:h:h:h/x></list> + </completionHelp> + </properties> + <command>vtysh -c "show ipv6 ospf6 route $5"</command> + <children> + <node name="longer"> + <properties> + <help>Show routes longer than specified prefix</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 route $5 longer"</command> + </node> + <node name="match"> + <properties> + <help>Show routes matching specified prefix</help> + </properties> + <command>vtysh -c "show ipv6 ospf6 route $5 match"</command> + <children> + #include <include/ospfv3-detail.xml.i> + </children> + </node> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/show-ipv6-prefix-list.xml b/op-mode-definitions/show-ipv6-prefix-list.xml.in index e003ad110..e003ad110 100644 --- a/op-mode-definitions/show-ipv6-prefix-list.xml +++ b/op-mode-definitions/show-ipv6-prefix-list.xml.in diff --git a/op-mode-definitions/show-ipv6-route.xml b/op-mode-definitions/show-ipv6-route.xml.in index fafd615ea..9ac8687ab 100644 --- a/op-mode-definitions/show-ipv6-route.xml +++ b/op-mode-definitions/show-ipv6-route.xml.in @@ -7,23 +7,6 @@ <help>Show IPv6 routing information</help> </properties> <children> - <tagNode name="route"> - <properties> - <help>Show IPv6 routes of given address or prefix</help> - <completionHelp> - <list><h:h:h:h:h:h:h:h> <h:h:h:h:h:h:h:h/x></list> - </completionHelp> - </properties> - <children> - <node name="longer-prefixes"> - <properties> - <help>Show longer prefixes of routes for given address or prefix</help> - </properties> - <command>vtysh -c "show ipv6 route $4 longer-prefixes"</command> - </node> - </children> - <command>vtysh -c "show ipv6 route $4"</command> - </tagNode> <node name="route"> <properties> <help>Show IPv6 routes</help> @@ -110,6 +93,23 @@ </tagNode> </children> </node> + <tagNode name="route"> + <properties> + <help>Show IPv6 routes of given address or prefix</help> + <completionHelp> + <list><h:h:h:h:h:h:h:h> <h:h:h:h:h:h:h:h/x></list> + </completionHelp> + </properties> + <children> + <node name="longer-prefixes"> + <properties> + <help>Show longer prefixes of routes for given address or prefix</help> + </properties> + <command>vtysh -c "show ipv6 route $4 longer-prefixes"</command> + </node> + </children> + <command>vtysh -c "show ipv6 route $4"</command> + </tagNode> </children> </node> </children> diff --git a/op-mode-definitions/show-ipv6.xml b/op-mode-definitions/show-ipv6.xml.in index a59c8df0c..a59c8df0c 100644 --- a/op-mode-definitions/show-ipv6.xml +++ b/op-mode-definitions/show-ipv6.xml.in diff --git a/op-mode-definitions/show-isis.xml b/op-mode-definitions/show-isis.xml.in index 4e308730f..4e308730f 100644 --- a/op-mode-definitions/show-isis.xml +++ b/op-mode-definitions/show-isis.xml.in diff --git a/op-mode-definitions/show-license.xml b/op-mode-definitions/show-license.xml.in index 2ce11567d..2ce11567d 100644 --- a/op-mode-definitions/show-license.xml +++ b/op-mode-definitions/show-license.xml.in diff --git a/op-mode-definitions/show-log.xml b/op-mode-definitions/show-log.xml.in index b00e4cfec..58216bfd1 100644 --- a/op-mode-definitions/show-log.xml +++ b/op-mode-definitions/show-log.xml.in @@ -12,7 +12,7 @@ <properties> <help>Show contents of all master log files</help> </properties> - <command>eval $(lesspipe); less $_vyatta_less_options --prompt=".log?m, file %i of %m., page %dt of %D" -- `printf "%s\n" /var/log/messages* | sort -nr`</command> + <command>sudo bash -c 'eval $(lesspipe); less $_vyatta_less_options --prompt=".logm, file %i of %m., page %dt of %D" -- `printf "%s\n" /var/log/messages* | sort -nr`'</command> </leafNode> <leafNode name="authorization"> <properties> diff --git a/op-mode-definitions/show-login.xml b/op-mode-definitions/show-login.xml.in index 6d8c782c4..6d8c782c4 100644 --- a/op-mode-definitions/show-login.xml +++ b/op-mode-definitions/show-login.xml.in diff --git a/op-mode-definitions/show-monitoring.xml b/op-mode-definitions/show-monitoring.xml.in index 2651b3438..2651b3438 100644 --- a/op-mode-definitions/show-monitoring.xml +++ b/op-mode-definitions/show-monitoring.xml.in diff --git a/op-mode-definitions/show-mpls.xml b/op-mode-definitions/show-mpls.xml.in index 833ac98eb..833ac98eb 100644 --- a/op-mode-definitions/show-mpls.xml +++ b/op-mode-definitions/show-mpls.xml.in diff --git a/op-mode-definitions/show-ntp.xml b/op-mode-definitions/show-ntp.xml.in index b7f0acdf8..b7f0acdf8 100644 --- a/op-mode-definitions/show-ntp.xml +++ b/op-mode-definitions/show-ntp.xml.in diff --git a/op-mode-definitions/show-poweroff.xml b/op-mode-definitions/show-poweroff.xml.in index 1fd2afcc3..1fd2afcc3 100644 --- a/op-mode-definitions/show-poweroff.xml +++ b/op-mode-definitions/show-poweroff.xml.in diff --git a/op-mode-definitions/show-protocols-bfd.xml b/op-mode-definitions/show-protocols-bfd.xml.in index 3d9b67c67..3d9b67c67 100644 --- a/op-mode-definitions/show-protocols-bfd.xml +++ b/op-mode-definitions/show-protocols-bfd.xml.in diff --git a/op-mode-definitions/show-protocols-static.xml b/op-mode-definitions/show-protocols-static.xml.in index aaf875072..aaf875072 100644 --- a/op-mode-definitions/show-protocols-static.xml +++ b/op-mode-definitions/show-protocols-static.xml.in diff --git a/op-mode-definitions/show-raid.xml b/op-mode-definitions/show-raid.xml.in index 8bf394552..8bf394552 100644 --- a/op-mode-definitions/show-raid.xml +++ b/op-mode-definitions/show-raid.xml.in diff --git a/op-mode-definitions/show-reboot.xml b/op-mode-definitions/show-reboot.xml.in index c85966bcb..c85966bcb 100644 --- a/op-mode-definitions/show-reboot.xml +++ b/op-mode-definitions/show-reboot.xml.in diff --git a/op-mode-definitions/show-route-map.xml b/op-mode-definitions/show-route-map.xml.in index 0e376757b..0e376757b 100644 --- a/op-mode-definitions/show-route-map.xml +++ b/op-mode-definitions/show-route-map.xml.in diff --git a/op-mode-definitions/show-rpki.xml b/op-mode-definitions/show-rpki.xml.in index d68c3b862..d68c3b862 100644 --- a/op-mode-definitions/show-rpki.xml +++ b/op-mode-definitions/show-rpki.xml.in diff --git a/op-mode-definitions/show-system.xml b/op-mode-definitions/show-system.xml.in index 0623e3b62..0623e3b62 100644 --- a/op-mode-definitions/show-system.xml +++ b/op-mode-definitions/show-system.xml.in diff --git a/op-mode-definitions/show-table.xml b/op-mode-definitions/show-table.xml.in index b093a5de7..b093a5de7 100644 --- a/op-mode-definitions/show-table.xml +++ b/op-mode-definitions/show-table.xml.in diff --git a/op-mode-definitions/show-users.xml b/op-mode-definitions/show-users.xml.in index a026e47e7..a026e47e7 100644 --- a/op-mode-definitions/show-users.xml +++ b/op-mode-definitions/show-users.xml.in diff --git a/op-mode-definitions/show-version.xml b/op-mode-definitions/show-version.xml.in index 2202d27b3..2202d27b3 100644 --- a/op-mode-definitions/show-version.xml +++ b/op-mode-definitions/show-version.xml.in diff --git a/op-mode-definitions/show-vpn.xml b/op-mode-definitions/show-vpn.xml.in index 0e7fc38e9..3fbc74ad1 100644 --- a/op-mode-definitions/show-vpn.xml +++ b/op-mode-definitions/show-vpn.xml.in @@ -11,7 +11,7 @@ <properties> <help>Show active VPN server sessions</help> </properties> - <command>${vyos_op_scripts_dir}/show_vpn_ra.py</command> + <command>${vyos_op_scripts_dir}/show_vpn_ra.py</command> </leafNode> </children> </node> diff --git a/op-mode-definitions/show-vrf.xml b/op-mode-definitions/show-vrf.xml.in index 438e7c334..438e7c334 100644 --- a/op-mode-definitions/show-vrf.xml +++ b/op-mode-definitions/show-vrf.xml.in diff --git a/op-mode-definitions/snmp.xml b/op-mode-definitions/snmp.xml.in index a0a47da40..a0a47da40 100644 --- a/op-mode-definitions/snmp.xml +++ b/op-mode-definitions/snmp.xml.in diff --git a/op-mode-definitions/sstp-server.xml b/op-mode-definitions/sstp-server.xml.in index 03dfc4262..03dfc4262 100644 --- a/op-mode-definitions/sstp-server.xml +++ b/op-mode-definitions/sstp-server.xml.in diff --git a/op-mode-definitions/telnet.xml b/op-mode-definitions/telnet.xml.in index c5bb6d283..c5bb6d283 100644 --- a/op-mode-definitions/telnet.xml +++ b/op-mode-definitions/telnet.xml.in diff --git a/op-mode-definitions/terminal.xml b/op-mode-definitions/terminal.xml.in index 9c4e629cb..9c4e629cb 100644 --- a/op-mode-definitions/terminal.xml +++ b/op-mode-definitions/terminal.xml.in diff --git a/op-mode-definitions/traceroute.xml b/op-mode-definitions/traceroute.xml.in index 1b619ed43..1b619ed43 100644 --- a/op-mode-definitions/traceroute.xml +++ b/op-mode-definitions/traceroute.xml.in diff --git a/op-mode-definitions/traffic-dump.xml b/op-mode-definitions/traffic-dump.xml.in index 6d86f7423..6d86f7423 100644 --- a/op-mode-definitions/traffic-dump.xml +++ b/op-mode-definitions/traffic-dump.xml.in diff --git a/op-mode-definitions/vrrp.xml b/op-mode-definitions/vrrp.xml.in index 856fb440d..856fb440d 100644 --- a/op-mode-definitions/vrrp.xml +++ b/op-mode-definitions/vrrp.xml.in diff --git a/op-mode-definitions/wake-on-lan.xml b/op-mode-definitions/wake-on-lan.xml.in index 1a9b88596..1a9b88596 100644 --- a/op-mode-definitions/wake-on-lan.xml +++ b/op-mode-definitions/wake-on-lan.xml.in diff --git a/op-mode-definitions/webproxy.xml b/op-mode-definitions/webproxy.xml.in index f8ec8fb0a..f8ec8fb0a 100644 --- a/op-mode-definitions/webproxy.xml +++ b/op-mode-definitions/webproxy.xml.in diff --git a/op-mode-definitions/wireguard.xml b/op-mode-definitions/wireguard.xml.in index a7bfa36a3..69ba8043d 100644 --- a/op-mode-definitions/wireguard.xml +++ b/op-mode-definitions/wireguard.xml.in @@ -135,4 +135,3 @@ </children> </node> </interfaceDefinition> - diff --git a/op-mode-definitions/wireless.xml b/op-mode-definitions/wireless.xml.in index a3a9d1f55..a3a9d1f55 100644 --- a/op-mode-definitions/wireless.xml +++ b/op-mode-definitions/wireless.xml.in diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index b4447306e..bcaec55be 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -136,15 +136,14 @@ def verify_bridge_delete(config): 'Interface "{ifname}" cannot be deleted as it is a ' 'member of bridge "{is_bridge_member}"!'.format(**config)) -def verify_interface_exists(config): +def verify_interface_exists(ifname): """ Common helper function used by interface implementations to perform recurring validation if an interface actually exists. """ from netifaces import interfaces - if not config['ifname'] in interfaces(): - raise ConfigError('Interface "{ifname}" does not exist!' - .format(**config)) + if ifname not in interfaces(): + raise ConfigError(f'Interface "{ifname}" does not exist!') def verify_source_interface(config): """ diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 4c05ac613..1561d340e 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -79,6 +79,14 @@ class Interface(Control): 'shellcmd': 'ip -json link show dev {ifname}', 'format': lambda j: 'up' if 'UP' in jmespath.search('[*].flags | [0]', json.loads(j)) else 'down', }, + 'alias': { + 'shellcmd': 'ip -json -detail link list dev {ifname}', + 'format': lambda j: jmespath.search('[*].ifalias | [0]', json.loads(j)) or '', + }, + 'mac': { + 'shellcmd': 'ip -json -detail link list dev {ifname}', + 'format': lambda j: jmespath.search('[*].address | [0]', json.loads(j)), + }, 'min_mtu': { 'shellcmd': 'ip -json -detail link list dev {ifname}', 'format': lambda j: jmespath.search('[*].min_mtu | [0]', json.loads(j)), @@ -87,6 +95,14 @@ class Interface(Control): 'shellcmd': 'ip -json -detail link list dev {ifname}', 'format': lambda j: jmespath.search('[*].max_mtu | [0]', json.loads(j)), }, + 'mtu': { + 'shellcmd': 'ip -json -detail link list dev {ifname}', + 'format': lambda j: jmespath.search('[*].mtu | [0]', json.loads(j)), + }, + 'oper_state': { + 'shellcmd': 'ip -json -detail link list dev {ifname}', + 'format': lambda j: jmespath.search('[*].operstate | [0]', json.loads(j)), + }, } _command_set = { @@ -94,40 +110,25 @@ class Interface(Control): 'validate': lambda v: assert_list(v, ['up', 'down']), 'shellcmd': 'ip link set dev {ifname} {value}', }, + 'alias': { + 'convert': lambda name: name if name else '', + 'shellcmd': 'ip link set dev {ifname} alias "{value}"', + }, 'mac': { 'validate': assert_mac, 'shellcmd': 'ip link set dev {ifname} address {value}', }, + 'mtu': { + 'validate': assert_mtu, + 'shellcmd': 'ip link set dev {ifname} mtu {value}', + }, 'vrf': { 'convert': lambda v: f'master {v}' if v else 'nomaster', 'shellcmd': 'ip link set dev {ifname} {value}', }, } - _sysfs_get = { - 'alias': { - 'location': '/sys/class/net/{ifname}/ifalias', - }, - 'mac': { - 'location': '/sys/class/net/{ifname}/address', - }, - 'mtu': { - 'location': '/sys/class/net/{ifname}/mtu', - }, - 'oper_state':{ - 'location': '/sys/class/net/{ifname}/operstate', - }, - } - _sysfs_set = { - 'alias': { - 'convert': lambda name: name if name else '\0', - 'location': '/sys/class/net/{ifname}/ifalias', - }, - 'mtu': { - 'validate': assert_mtu, - 'location': '/sys/class/net/{ifname}/mtu', - }, 'arp_cache_tmo': { 'convert': lambda tmo: (int(tmo) * 1000), 'location': '/proc/sys/net/ipv4/neigh/{ifname}/base_reachable_time_ms', diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py index 00dc36420..1af4f8e72 100644 --- a/python/vyos/ifconfig/tunnel.py +++ b/python/vyos/ifconfig/tunnel.py @@ -63,21 +63,21 @@ class _Tunnel(Interface): }, }} + _create_cmd = 'ip tunnel add {ifname} mode {type}' + def __init__(self, ifname, **config): self.config = deepcopy(config) if config else {} super().__init__(ifname, **config) def _create(self): - create = 'ip tunnel add {ifname} mode {type}' - # add " option-name option-name-value ..." for all options set options = " ".join(["{} {}".format(k, self.config[k]) for k in self.options if k in self.config and self.config[k]]) - self._cmd('{} {}'.format(create.format(**self.config), options)) + self._cmd('{} {}'.format(self._create_cmd.format(**self.config), options)) self.set_admin_state('down') def change_options(self): - change = 'ip tunnel cha {ifname} mode {type}' + change = 'ip tunnel change {ifname} mode {type}' # add " option-name option-name-value ..." for all options set options = " ".join(["{} {}".format(k, self.config[k]) @@ -164,6 +164,11 @@ class GRETapIf(_Tunnel): default = {'type': 'gretap'} options = ['local', 'remote', 'ttl',] + _create_cmd = 'ip link add name {ifname} type {type}' + + def change_options(self): + pass + class IP6GREIf(_Tunnel): """ IP6Gre: IPv6 Support for Generic Routing Encapsulation (GRE) diff --git a/python/vyos/util.py b/python/vyos/util.py index 494c8155e..699f05892 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -311,7 +311,7 @@ def chmod_755(path): def makedir(path, user=None, group=None): if os.path.exists(path): return - os.mkdir(path) + os.makedirs(path, mode=0o755) chown(path, user, group) diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py index 8ee5395d0..36b085c7f 100644 --- a/smoketest/scripts/cli/base_interfaces_test.py +++ b/smoketest/scripts/cli/base_interfaces_test.py @@ -1,4 +1,4 @@ -# Copyright (C) 2019-2020 VyOS maintainers and contributors +# Copyright (C) 2019-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -12,7 +12,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import re import os import unittest import json @@ -51,17 +50,6 @@ def is_mirrored_to(interface, mirror_if, qdisc): ret_val = True return ret_val - -dhcp6c_config_file = '/run/dhcp6c/dhcp6c.{}.conf' -def get_dhcp6c_config_value(interface, key): - tmp = read_file(dhcp6c_config_file.format(interface)) - tmp = re.findall(r'\n?{}\s+(.*)'.format(key), tmp) - - out = [] - for item in tmp: - out.append(item.replace(';','')) - return out - class BasicInterfaceTest: class BaseTest(unittest.TestCase): _test_ip = False @@ -69,6 +57,7 @@ class BasicInterfaceTest: _test_vlan = False _test_qinq = False _test_ipv6 = False + _test_ipv6_pd = False _test_mirror = False _base_path = [] @@ -106,7 +95,7 @@ class BasicInterfaceTest: def test_span_mirror(self): if not self._mirror_interfaces: - return None + self.skipTest('not enabled') # Check the two-way mirror rules of ingress and egress for mirror in self._mirror_interfaces: @@ -175,7 +164,7 @@ class BasicInterfaceTest: def test_ipv6_link_local_address(self): # Common function for IPv6 link-local address assignemnts if not self._test_ipv6: - return None + self.skipTest('not enabled') for interface in self._interfaces: base = self._base_path + [interface] @@ -202,7 +191,7 @@ class BasicInterfaceTest: def test_interface_mtu(self): if not self._test_mtu: - return None + self.skipTest('not enabled') for intf in self._interfaces: base = self._base_path + [intf] @@ -222,7 +211,7 @@ class BasicInterfaceTest: # Testcase if MTU can be changed to 1200 on non IPv6 # enabled interfaces if not self._test_mtu: - return None + self.skipTest('not enabled') old_mtu = self._mtu self._mtu = '1200' @@ -247,7 +236,7 @@ class BasicInterfaceTest: def test_8021q_vlan_interfaces(self): if not self._test_vlan: - return None + self.skipTest('not enabled') for interface in self._interfaces: base = self._base_path + [interface] @@ -274,7 +263,7 @@ class BasicInterfaceTest: def test_8021ad_qinq_vlan_interfaces(self): if not self._test_qinq: - return None + self.skipTest('not enabled') for interface in self._interfaces: base = self._base_path + [interface] @@ -305,7 +294,7 @@ class BasicInterfaceTest: def test_interface_ip_options(self): if not self._test_ip: - return None + self.skipTest('not enabled') for interface in self._interfaces: arp_tmo = '300' @@ -356,7 +345,7 @@ class BasicInterfaceTest: def test_interface_ipv6_options(self): if not self._test_ipv6: - return None + self.skipTest('not enabled') for interface in self._interfaces: dad_transmits = '10' @@ -378,39 +367,119 @@ class BasicInterfaceTest: self.assertEqual(dad_transmits, tmp) - def test_ipv6_dhcpv6_prefix_delegation(self): - if not self._test_ipv6: - return None + def test_dhcpv6pd_auto_sla_id(self): + if not self._test_ipv6_pd: + self.skipTest('not enabled') + + prefix_len = '56' + sla_len = str(64 - int(prefix_len)) + + delegatees = ['dum2340', 'dum2341', 'dum2342', 'dum2343', 'dum2344'] + + for interface in self._interfaces: + path = self._base_path + [interface] + for option in self._options.get(interface, []): + self.session.set(path + option.split()) + + address = '1' + # prefix delegation stuff + pd_base = path + ['dhcpv6-options', 'pd', '0'] + self.session.set(pd_base + ['length', prefix_len]) + + for delegatee in delegatees: + section = Section.section(delegatee) + self.session.set(['interfaces', section, delegatee]) + self.session.set(pd_base + ['interface', delegatee, 'address', address]) + # increment interface address + address = str(int(address) + 1) + + self.session.commit() + + for interface in self._interfaces: + dhcpc6_config = read_file(f'/run/dhcp6c/dhcp6c.{interface}.conf') + + # verify DHCPv6 prefix delegation + self.assertIn(f'prefix ::/{prefix_len} infinity;', dhcpc6_config) + + address = '1' + sla_id = '0' + for delegatee in delegatees: + self.assertIn(f'prefix-interface {delegatee}' + r' {', dhcpc6_config) + self.assertIn(f'ifid {address};', dhcpc6_config) + self.assertIn(f'sla-id {sla_id};', dhcpc6_config) + self.assertIn(f'sla-len {sla_len};', dhcpc6_config) + + # increment sla-id + sla_id = str(int(sla_id) + 1) + # increment interface address + address = str(int(address) + 1) + + # Check for running process + self.assertTrue(process_named_running('dhcp6c')) + + for delegatee in delegatees: + # we can already cleanup the test delegatee interface here + # as until commit() is called, nothing happens + section = Section.section(delegatee) + self.session.delete(['interfaces', section, delegatee]) + + def test_dhcpv6pd_manual_sla_id(self): + if not self._test_ipv6_pd: + self.skipTest('not enabled') + + prefix_len = '56' + sla_len = str(64 - int(prefix_len)) + + delegatees = ['dum3340', 'dum3341', 'dum3342', 'dum3343', 'dum3344'] - address = '1' - sla_id = '0' - sla_len = '8' for interface in self._interfaces: path = self._base_path + [interface] for option in self._options.get(interface, []): self.session.set(path + option.split()) # prefix delegation stuff + address = '1' + sla_id = '1' pd_base = path + ['dhcpv6-options', 'pd', '0'] - self.session.set(pd_base + ['length', '56']) - self.session.set(pd_base + ['interface', interface, 'address', address]) - self.session.set(pd_base + ['interface', interface, 'sla-id', sla_id]) + self.session.set(pd_base + ['length', prefix_len]) + + for delegatee in delegatees: + section = Section.section(delegatee) + self.session.set(['interfaces', section, delegatee]) + self.session.set(pd_base + ['interface', delegatee, 'address', address]) + self.session.set(pd_base + ['interface', delegatee, 'sla-id', sla_id]) + + # increment interface address + address = str(int(address) + 1) + sla_id = str(int(sla_id) + 1) self.session.commit() + # Verify dhcpc6 client configuration for interface in self._interfaces: + address = '1' + sla_id = '1' + dhcpc6_config = read_file(f'/run/dhcp6c/dhcp6c.{interface}.conf') + # verify DHCPv6 prefix delegation - # will return: ['delegation', '::/56 infinity;'] - tmp = get_dhcp6c_config_value(interface, 'prefix')[1].split()[0] # mind the whitespace - self.assertEqual(tmp, '::/56') - tmp = get_dhcp6c_config_value(interface, 'prefix-interface')[0].split()[0] - self.assertEqual(tmp, interface) - tmp = get_dhcp6c_config_value(interface, 'ifid')[0] - self.assertEqual(tmp, address) - tmp = get_dhcp6c_config_value(interface, 'sla-id')[0] - self.assertEqual(tmp, sla_id) - tmp = get_dhcp6c_config_value(interface, 'sla-len')[0] - self.assertEqual(tmp, sla_len) + self.assertIn(f'prefix ::/{prefix_len} infinity;', dhcpc6_config) + + for delegatee in delegatees: + self.assertIn(f'prefix-interface {delegatee}' + r' {', dhcpc6_config) + self.assertIn(f'ifid {address};', dhcpc6_config) + self.assertIn(f'sla-id {sla_id};', dhcpc6_config) + self.assertIn(f'sla-len {sla_len};', dhcpc6_config) + + # increment sla-id + sla_id = str(int(sla_id) + 1) + # increment interface address + address = str(int(address) + 1) # Check for running process self.assertTrue(process_named_running('dhcp6c')) + + for delegatee in delegatees: + # we can already cleanup the test delegatee interface here + # as until commit() is called, nothing happens + section = Section.section(delegatee) + self.session.delete(['interfaces', section, delegatee]) diff --git a/smoketest/scripts/cli/test_interfaces_bonding.py b/smoketest/scripts/cli/test_interfaces_bonding.py index a35682b7c..f42ec3e9b 100755 --- a/smoketest/scripts/cli/test_interfaces_bonding.py +++ b/smoketest/scripts/cli/test_interfaces_bonding.py @@ -26,10 +26,12 @@ from vyos.util import read_file class BondingInterfaceTest(BasicInterfaceTest.BaseTest): def setUp(self): + self._test_ip = True + self._test_ipv6 = True + self._test_ipv6_pd = True self._test_mtu = True self._test_vlan = True self._test_qinq = True - self._test_ipv6 = True self._base_path = ['interfaces', 'bonding'] self._interfaces = ['bond0'] self._mirror_interfaces = ['dum21354'] diff --git a/smoketest/scripts/cli/test_interfaces_bridge.py b/smoketest/scripts/cli/test_interfaces_bridge.py index 7444701c1..03d8f6e9c 100755 --- a/smoketest/scripts/cli/test_interfaces_bridge.py +++ b/smoketest/scripts/cli/test_interfaces_bridge.py @@ -28,7 +28,9 @@ from vyos.util import read_file class BridgeInterfaceTest(BasicInterfaceTest.BaseTest): def setUp(self): + self._test_ip = True self._test_ipv6 = True + self._test_ipv6_pd = True self._test_vlan = True self._test_qinq = True self._base_path = ['interfaces', 'bridge'] diff --git a/smoketest/scripts/cli/test_interfaces_dummy.py b/smoketest/scripts/cli/test_interfaces_dummy.py index c482a6f0b..60465a1d5 100755 --- a/smoketest/scripts/cli/test_interfaces_dummy.py +++ b/smoketest/scripts/cli/test_interfaces_dummy.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -20,9 +20,9 @@ from base_interfaces_test import BasicInterfaceTest class DummyInterfaceTest(BasicInterfaceTest.BaseTest): def setUp(self): - self._base_path = ['interfaces', 'dummy'] - self._interfaces = ['dum0', 'dum1', 'dum2'] - super().setUp() + self._base_path = ['interfaces', 'dummy'] + self._interfaces = ['dum435', 'dum8677', 'dum0931', 'dum089'] + super().setUp() if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_interfaces_ethernet.py b/smoketest/scripts/cli/test_interfaces_ethernet.py index 3c4796283..42c1f15df 100755 --- a/smoketest/scripts/cli/test_interfaces_ethernet.py +++ b/smoketest/scripts/cli/test_interfaces_ethernet.py @@ -19,6 +19,7 @@ import re import unittest from base_interfaces_test import BasicInterfaceTest +from vyos.configsession import ConfigSessionError from vyos.ifconfig import Section from vyos.util import cmd from vyos.util import process_named_running @@ -36,10 +37,11 @@ def get_wpa_supplicant_value(interface, key): class EthernetInterfaceTest(BasicInterfaceTest.BaseTest): def setUp(self): self._test_ip = True + self._test_ipv6 = True + self._test_ipv6_pd = True self._test_mtu = True self._test_vlan = True self._test_qinq = True - self._test_ipv6 = True self._base_path = ['interfaces', 'ethernet'] self._mirror_interfaces = ['dum21354'] @@ -123,6 +125,28 @@ class EthernetInterfaceTest(BasicInterfaceTest.BaseTest): self.assertEqual(f'{cpus:x}', f'{rps_cpus:x}') + def test_non_existing_interface(self): + unknonw_interface = self._base_path + ['eth667'] + self.session.set(unknonw_interface) + + # check validate() - interface does not exist + with self.assertRaises(ConfigSessionError): + self.session.commit() + + # we need to remove this wrong interface from the configuration + # manually, else tearDown() will have problem in commit() + self.session.delete(unknonw_interface) + + def test_speed_duplex_verify(self): + for interface in self._interfaces: + self.session.set(self._base_path + [interface, 'speed', '1000']) + + # check validate() - if either speed or duplex is not auto, the + # other one must be manually configured, too + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.set(self._base_path + [interface, 'speed', 'auto']) + self.session.commit() def test_eapol_support(self): for interface in self._interfaces: diff --git a/smoketest/scripts/cli/test_interfaces_geneve.py b/smoketest/scripts/cli/test_interfaces_geneve.py index 98f55210f..12cded400 100755 --- a/smoketest/scripts/cli/test_interfaces_geneve.py +++ b/smoketest/scripts/cli/test_interfaces_geneve.py @@ -21,6 +21,8 @@ from base_interfaces_test import BasicInterfaceTest class GeneveInterfaceTest(BasicInterfaceTest.BaseTest): def setUp(self): + self._test_ip = True + self._test_ipv6 = True self._base_path = ['interfaces', 'geneve'] self._options = { 'gnv0': ['vni 10', 'remote 127.0.1.1'], diff --git a/smoketest/scripts/cli/test_interfaces_l2tpv3.py b/smoketest/scripts/cli/test_interfaces_l2tpv3.py index c756bfdd5..81af6d7f4 100755 --- a/smoketest/scripts/cli/test_interfaces_l2tpv3.py +++ b/smoketest/scripts/cli/test_interfaces_l2tpv3.py @@ -22,6 +22,8 @@ from vyos.util import cmd class GeneveInterfaceTest(BasicInterfaceTest.BaseTest): def setUp(self): + self._test_ip = True + self._test_ipv6 = True self._base_path = ['interfaces', 'l2tpv3'] self._options = { 'l2tpeth10': ['local-ip 127.0.0.1', 'remote-ip 127.10.10.10', diff --git a/smoketest/scripts/cli/test_interfaces_macsec.py b/smoketest/scripts/cli/test_interfaces_macsec.py index d9635951f..89743e5fd 100755 --- a/smoketest/scripts/cli/test_interfaces_macsec.py +++ b/smoketest/scripts/cli/test_interfaces_macsec.py @@ -33,6 +33,8 @@ def get_config_value(interface, key): class MACsecInterfaceTest(BasicInterfaceTest.BaseTest): def setUp(self): super().setUp() + self._test_ip = True + self._test_ipv6 = True self._base_path = ['interfaces', 'macsec'] self._options = { 'macsec0': ['source-interface eth0', 'security cipher gcm-aes-128'] } diff --git a/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py b/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py index 85e5e70bd..10bd7ca34 100755 --- a/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py +++ b/smoketest/scripts/cli/test_interfaces_pseudo_ethernet.py @@ -22,6 +22,7 @@ class PEthInterfaceTest(BasicInterfaceTest.BaseTest): def setUp(self): self._test_ip = True self._test_ipv6 = True + self._test_ipv6_pd = True self._test_mtu = True self._test_vlan = True self._test_qinq = True diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py index ca68cb8ba..f67b813af 100755 --- a/smoketest/scripts/cli/test_interfaces_tunnel.py +++ b/smoketest/scripts/cli/test_interfaces_tunnel.py @@ -62,6 +62,8 @@ def tunnel_conf(interface): class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): def setUp(self): + self._test_ip = True + self._test_ipv6 = True self._test_mtu = True self._base_path = ['interfaces', 'tunnel'] self.local_v4 = '192.0.2.1' @@ -82,85 +84,14 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): self.session.delete(['interfaces', 'dummy', source_if]) super().tearDown() - def test_ipip(self): - interface = 'tun100' - encapsulation = 'ipip' - local_if_addr = '10.10.10.1/24' - self.session.set(self._base_path + [interface, 'address', local_if_addr]) - - # Must provide an "encapsulation" for tunnel tun10 - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'encapsulation', encapsulation]) - - # Must configure either local-ip or dhcp-interface for tunnel ipip tun100 - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'local-ip', self.local_v4]) - - # missing required option remote for ipip - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4]) - - # Configure Tunnel Source interface - self.session.set(self._base_path + [interface, 'source-interface', source_if]) - - self.session.commit() - - conf = tunnel_conf(interface) - self.assertEqual(interface, conf['ifname']) - self.assertEqual(encapsulation, conf['link_type']) - self.assertEqual(mtu, conf['mtu']) - self.assertEqual(source_if, conf['link']) - - self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local']) - self.assertEqual(remote_ip4, conf['linkinfo']['info_data']['remote']) - - def test_ipip6(self): - interface = 'tun110' - encapsulation = 'ipip6' - local_if_addr = '10.10.10.1/24' - - self.session.set(self._base_path + [interface, 'address', local_if_addr]) - - # Must provide an "encapsulation" for tunnel tun10 - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'encapsulation', encapsulation]) - - # Must configure either local-ip or dhcp-interface for tunnel ipip tun100 - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'local-ip', self.local_v6]) - - # missing required option remote for ipip - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6]) - - # Configure Tunnel Source interface - self.session.set(self._base_path + [interface, 'source-interface', source_if]) - - self.session.commit() - - conf = tunnel_conf(interface) - self.assertEqual(interface, conf['ifname']) - self.assertEqual('tunnel6', conf['link_type']) - self.assertEqual(mtu, conf['mtu']) - self.assertEqual(source_if, conf['link']) - - self.assertEqual(self.local_v6, conf['linkinfo']['info_data']['local']) - self.assertEqual(remote_ip6, conf['linkinfo']['info_data']['remote']) - - def test_tunnel_verify_ipv4_local_remote_addr(self): + def test_ipv4_encapsulations(self): # When running tests ensure that for certain encapsulation types the # local and remote IP address is actually an IPv4 address interface = f'tun1000' local_if_addr = f'10.10.200.1/24' - for encapsulation in ['ipip', 'sit', 'gre']: + for encapsulation in ['ipip', 'sit', 'gre', 'gre-bridge']: self.session.set(self._base_path + [interface, 'address', local_if_addr]) self.session.set(self._base_path + [interface, 'encapsulation', encapsulation]) self.session.set(self._base_path + [interface, 'local-ip', self.local_v6]) @@ -176,14 +107,35 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): self.session.commit() self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4]) + self.session.set(self._base_path + [interface, 'source-interface', source_if]) + + # Source interface can not be used with sit and gre-bridge + if encapsulation in ['sit', 'gre-bridge']: + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.delete(self._base_path + [interface, 'source-interface']) + # Check if commit is ok self.session.commit() + conf = tunnel_conf(interface) + self.assertEqual(interface, conf['ifname']) + self.assertEqual(mtu, conf['mtu']) + + if encapsulation not in ['sit', 'gre-bridge']: + self.assertEqual(source_if, conf['link']) + self.assertEqual(encapsulation, conf['link_type']) + elif encapsulation in ['gre-bridge']: + self.assertEqual('ether', conf['link_type']) + + self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local']) + self.assertEqual(remote_ip4, conf['linkinfo']['info_data']['remote']) + # cleanup this instance self.session.delete(self._base_path + [interface]) self.session.commit() - def test_tunnel_verify_ipv6_local_remote_addr(self): + def test_ipv6_encapsulations(self): # When running tests ensure that for certain encapsulation types the # local and remote IP address is actually an IPv6 address @@ -205,9 +157,28 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): self.session.commit() self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6]) + # Configure Tunnel Source interface + self.session.set(self._base_path + [interface, 'source-interface', source_if]) + # Check if commit is ok self.session.commit() + conf = tunnel_conf(interface) + self.assertEqual(interface, conf['ifname']) + self.assertEqual(mtu, conf['mtu']) + self.assertEqual(source_if, conf['link']) + + # remap encapsulation protocol(s) + if encapsulation in ['ipip6', 'ip6ip6']: + encapsulation = 'tunnel6' + elif encapsulation in ['ip6gre']: + encapsulation = 'gre6' + + self.assertEqual(encapsulation, conf['link_type']) + + self.assertEqual(self.local_v6, conf['linkinfo']['info_data']['local']) + self.assertEqual(remote_ip6, conf['linkinfo']['info_data']['remote']) + # cleanup this instance self.session.delete(self._base_path + [interface]) self.session.commit() @@ -232,148 +203,5 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): # Check if commit is ok self.session.commit() - def test_tunnel_ip6ip6(self): - interface = 'tun120' - encapsulation = 'ip6ip6' - local_if_addr = '2001:db8:f00::1/24' - - self.session.set(self._base_path + [interface, 'address', local_if_addr]) - - # Must provide an "encapsulation" for tunnel tun10 - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'encapsulation', encapsulation]) - - # Must configure either local-ip or dhcp-interface for tunnel ipip tun100 - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'local-ip', self.local_v6]) - - # missing required option remote for ipip - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6]) - - # Configure Tunnel Source interface - self.session.set(self._base_path + [interface, 'source-interface', source_if]) - - self.session.commit() - - conf = tunnel_conf(interface) - self.assertEqual(interface, conf['ifname']) - self.assertEqual('tunnel6', conf['link_type']) - self.assertEqual(mtu, conf['mtu']) - self.assertEqual(source_if, conf['link']) - - self.assertEqual(self.local_v6, conf['linkinfo']['info_data']['local']) - self.assertEqual(remote_ip6, conf['linkinfo']['info_data']['remote']) - - def test_tunnel_gre_ipv4(self): - interface = 'tun200' - encapsulation = 'gre' - local_if_addr = '172.16.1.1/24' - - self.session.set(self._base_path + [interface, 'address', local_if_addr]) - - # Must provide an "encapsulation" for tunnel tun10 - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'encapsulation', encapsulation]) - - # Must configure either local-ip or dhcp-interface - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'local-ip', self.local_v4]) - - # No assertion is raised for GRE remote-ip when missing - self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4]) - - # Configure Tunnel Source interface - self.session.set(self._base_path + [interface, 'source-interface', source_if]) - - self.session.commit() - - conf = tunnel_conf(interface) - self.assertEqual(interface, conf['ifname']) - self.assertEqual(encapsulation, conf['link_type']) - self.assertEqual(mtu, conf['mtu']) - self.assertEqual(source_if, conf['link']) - - self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local']) - self.assertEqual(remote_ip4, conf['linkinfo']['info_data']['remote']) - - - def test_gre_ipv6(self): - interface = 'tun210' - encapsulation = 'ip6gre' - local_if_addr = '2001:db8:f01::1/24' - - self.session.set(self._base_path + [interface, 'address', local_if_addr]) - - # Must provide an "encapsulation" for tunnel tun10 - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'encapsulation', encapsulation]) - - # Must configure either local-ip or dhcp-interface - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'local-ip', self.local_v6]) - - # No assertion is raised for GRE remote-ip when missing - self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6]) - - # Configure Tunnel Source interface - self.session.set(self._base_path + [interface, 'source-interface', source_if]) - - self.session.commit() - - conf = tunnel_conf(interface) - self.assertEqual(interface, conf['ifname']) - self.assertEqual(encapsulation, conf['link_type']) - self.assertEqual(mtu, conf['mtu']) - self.assertEqual(source_if, conf['link']) - - self.assertEqual(self.local_v6, conf['linkinfo']['info_data']['local']) - self.assertEqual(remote_ip6, conf['linkinfo']['info_data']['remote']) - - - def test_tunnel_sit(self): - interface = 'tun300' - encapsulation = 'sit' - local_if_addr = '172.16.2.1/24' - - self.session.set(self._base_path + [interface, 'address', local_if_addr]) - - # Must provide an "encapsulation" for tunnel tun10 - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'encapsulation', encapsulation]) - - # Must configure either local-ip or dhcp-interface - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.set(self._base_path + [interface, 'local-ip', self.local_v4]) - - # No assertion is raised for GRE remote-ip when missing - self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4]) - - # Source interface can not be used with sit - self.session.set(self._base_path + [interface, 'source-interface', source_if]) - with self.assertRaises(ConfigSessionError): - self.session.commit() - self.session.delete(self._base_path + [interface, 'source-interface']) - - self.session.commit() - - conf = tunnel_conf(interface) - self.assertEqual(interface, conf['ifname']) - self.assertEqual(encapsulation, conf['link_type']) - self.assertEqual(mtu, conf['mtu']) - - self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local']) - self.assertEqual(remote_ip4, conf['linkinfo']['info_data']['remote']) - - if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_interfaces_vxlan.py b/smoketest/scripts/cli/test_interfaces_vxlan.py index a9b0fc5a1..a726aa610 100755 --- a/smoketest/scripts/cli/test_interfaces_vxlan.py +++ b/smoketest/scripts/cli/test_interfaces_vxlan.py @@ -21,6 +21,8 @@ from base_interfaces_test import BasicInterfaceTest class VXLANInterfaceTest(BasicInterfaceTest.BaseTest): def setUp(self): + self._test_ip = True + self._test_ipv6 = True self._test_mtu = True self._base_path = ['interfaces', 'vxlan'] self._options = { diff --git a/smoketest/scripts/cli/test_interfaces_wireless.py b/smoketest/scripts/cli/test_interfaces_wireless.py index ffaa7d523..51d97f032 100755 --- a/smoketest/scripts/cli/test_interfaces_wireless.py +++ b/smoketest/scripts/cli/test_interfaces_wireless.py @@ -33,6 +33,7 @@ def get_config_value(interface, key): class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): def setUp(self): + self._test_ip = True self._base_path = ['interfaces', 'wireless'] self._options = { 'wlan0': ['physical-device phy0', 'ssid VyOS-WIFI-0', diff --git a/smoketest/scripts/cli/test_interfaces_wirelessmodem.py b/smoketest/scripts/cli/test_interfaces_wirelessmodem.py index 45cd069f4..696a6946b 100755 --- a/smoketest/scripts/cli/test_interfaces_wirelessmodem.py +++ b/smoketest/scripts/cli/test_interfaces_wirelessmodem.py @@ -40,7 +40,7 @@ class WWANInterfaceTest(unittest.TestCase): self.session.commit() del self.session - def test_wlm_1(self): + def test_wwan(self): for interface in self._interfaces: self.session.set(base_path + [interface, 'no-peer-dns']) self.session.set(base_path + [interface, 'connect-on-demand']) diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py index 7ca82f86f..b5702d691 100755 --- a/smoketest/scripts/cli/test_nat.py +++ b/smoketest/scripts/cli/test_nat.py @@ -138,7 +138,6 @@ class TestNAT(unittest.TestCase): else: self.assertEqual(iface, inbound_iface_200) - def test_snat_required_translation_address(self): # T2813: Ensure translation address is specified rule = '5' @@ -156,5 +155,28 @@ class TestNAT(unittest.TestCase): self.session.set(src_path + ['rule', rule, 'translation', 'address', 'masquerade']) self.session.commit() + def test_dnat_negated_addresses(self): + # T3186: negated addresses are not accepted by nftables + rule = '1000' + self.session.set(dst_path + ['rule', rule, 'destination', 'address', '!192.0.2.1']) + self.session.set(dst_path + ['rule', rule, 'destination', 'port', '53']) + self.session.set(dst_path + ['rule', rule, 'inbound-interface', 'eth0']) + self.session.set(dst_path + ['rule', rule, 'protocol', 'tcp_udp']) + self.session.set(dst_path + ['rule', rule, 'source', 'address', '!192.0.2.1']) + self.session.set(dst_path + ['rule', rule, 'translation', 'address', '192.0.2.1']) + self.session.set(dst_path + ['rule', rule, 'translation', 'port', '53']) + self.session.commit() + + def test_nat_no_rules(self): + # T3206: deleting all rules but keep the direction 'destination' or + # 'source' resulteds in KeyError: 'rule'. + # + # Test that both 'nat destination' and 'nat source' nodes can exist + # without any rule + self.session.set(src_path) + self.session.set(dst_path) + self.session.commit() + + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py index 0bb907c3a..eede042de 100755 --- a/smoketest/scripts/cli/test_service_ssh.py +++ b/smoketest/scripts/cli/test_service_ssh.py @@ -25,7 +25,7 @@ from vyos.util import process_named_running from vyos.util import read_file PROCESS_NAME = 'sshd' -SSHD_CONF = '/run/ssh/sshd_config' +SSHD_CONF = '/run/sshd/sshd_config' base_path = ['service', 'ssh'] vrf = 'ssh-test' @@ -44,11 +44,6 @@ class TestServiceSSH(unittest.TestCase): def tearDown(self): # delete testing SSH config self.session.delete(base_path) - # restore "plain" SSH access - self.session.set(base_path) - # delete VRF - self.session.delete(['vrf', 'name', vrf]) - self.session.commit() del self.session @@ -109,7 +104,7 @@ class TestServiceSSH(unittest.TestCase): def test_ssh_multiple_listen_addresses(self): # Check if SSH service can be configured and runs with multiple # listen ports and listen-addresses - ports = ['22', '2222'] + ports = ['22', '2222', '2223', '2224'] for port in ports: self.session.set(base_path + ['port', port]) @@ -143,7 +138,7 @@ class TestServiceSSH(unittest.TestCase): with self.assertRaises(ConfigSessionError): self.session.commit() - self.session.set(['vrf', 'name', vrf, 'table', '1001']) + self.session.set(['vrf', 'name', vrf, 'table', '1338']) # commit changes self.session.commit() @@ -159,5 +154,8 @@ class TestServiceSSH(unittest.TestCase): tmp = cmd(f'ip vrf pids {vrf}') self.assertIn(PROCESS_NAME, tmp) + # delete VRF + self.session.delete(['vrf', 'name', vrf]) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_system_login.py b/smoketest/scripts/cli/test_system_login.py index 6188cf38b..bb6f57fc2 100755 --- a/smoketest/scripts/cli/test_system_login.py +++ b/smoketest/scripts/cli/test_system_login.py @@ -24,8 +24,10 @@ from platform import release as kernel_version from subprocess import Popen, PIPE from vyos.configsession import ConfigSession +from vyos.configsession import ConfigSessionError from vyos.util import cmd from vyos.util import read_file +from vyos.template import inc_ip base_path = ['system', 'login'] users = ['vyos1', 'vyos2'] @@ -42,7 +44,7 @@ class TestSystemLogin(unittest.TestCase): self.session.commit() del self.session - def test_local_user(self): + def test_system_login_user(self): # Check if user can be created and we can SSH to localhost self.session.set(['service', 'ssh', 'port', '22']) @@ -82,7 +84,7 @@ class TestSystemLogin(unittest.TestCase): for option in options: self.assertIn(f'{option}=y', kernel_config) - def test_radius_config(self): + def test_system_login_radius_ipv4(self): # Verify generated RADIUS configuration files radius_key = 'VyOSsecretVyOS' @@ -95,6 +97,12 @@ class TestSystemLogin(unittest.TestCase): self.session.set(base_path + ['radius', 'server', radius_server, 'port', radius_port]) self.session.set(base_path + ['radius', 'server', radius_server, 'timeout', radius_timeout]) self.session.set(base_path + ['radius', 'source-address', radius_source]) + self.session.set(base_path + ['radius', 'source-address', inc_ip(radius_source, 1)]) + + # check validate() - Only one IPv4 source-address supported + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.delete(base_path + ['radius', 'source-address', inc_ip(radius_source, 1)]) self.session.commit() @@ -130,5 +138,59 @@ class TestSystemLogin(unittest.TestCase): tmp = re.findall(r'group:\s+mapname\s+files', nsswitch_conf) self.assertTrue(tmp) + def test_system_login_radius_ipv6(self): + # Verify generated RADIUS configuration files + + radius_key = 'VyOS-VyOS' + radius_server = '2001:db8::1' + radius_source = '::1' + radius_port = '4000' + radius_timeout = '4' + + self.session.set(base_path + ['radius', 'server', radius_server, 'key', radius_key]) + self.session.set(base_path + ['radius', 'server', radius_server, 'port', radius_port]) + self.session.set(base_path + ['radius', 'server', radius_server, 'timeout', radius_timeout]) + self.session.set(base_path + ['radius', 'source-address', radius_source]) + self.session.set(base_path + ['radius', 'source-address', inc_ip(radius_source, 1)]) + + # check validate() - Only one IPv4 source-address supported + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.delete(base_path + ['radius', 'source-address', inc_ip(radius_source, 1)]) + + self.session.commit() + + # this file must be read with higher permissions + pam_radius_auth_conf = cmd('sudo cat /etc/pam_radius_auth.conf') + tmp = re.findall(r'\n?\[{}\]:{}\s+{}\s+{}\s+\[{}\]'.format(radius_server, + radius_port, radius_key, radius_timeout, + radius_source), pam_radius_auth_conf) + self.assertTrue(tmp) + + # required, static options + self.assertIn('priv-lvl 15', pam_radius_auth_conf) + self.assertIn('mapped_priv_user radius_priv_user', pam_radius_auth_conf) + + # PAM + pam_common_account = read_file('/etc/pam.d/common-account') + self.assertIn('pam_radius_auth.so', pam_common_account) + + pam_common_auth = read_file('/etc/pam.d/common-auth') + self.assertIn('pam_radius_auth.so', pam_common_auth) + + pam_common_session = read_file('/etc/pam.d/common-session') + self.assertIn('pam_radius_auth.so', pam_common_session) + + pam_common_session_noninteractive = read_file('/etc/pam.d/common-session-noninteractive') + self.assertIn('pam_radius_auth.so', pam_common_session_noninteractive) + + # NSS + nsswitch_conf = read_file('/etc/nsswitch.conf') + tmp = re.findall(r'passwd:\s+mapuid\s+files\s+mapname', nsswitch_conf) + self.assertTrue(tmp) + + tmp = re.findall(r'group:\s+mapname\s+files', nsswitch_conf) + self.assertTrue(tmp) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_system_ntp.py b/smoketest/scripts/cli/test_system_ntp.py index 7d1bc144f..986c8dfb2 100755 --- a/smoketest/scripts/cli/test_system_ntp.py +++ b/smoketest/scripts/cli/test_system_ntp.py @@ -76,7 +76,11 @@ class TestSystemNTP(unittest.TestCase): self.assertTrue(process_named_running(PROCESS_NAME)) def test_ntp_clients(self): - # Test the allowed-networks statement + """ Test the allowed-networks statement """ + listen_address = ['127.0.0.1', '::1'] + for listen in listen_address: + self.session.set(base_path + ['listen-address', listen]) + networks = ['192.0.2.0/24', '2001:db8:1000::/64'] for network in networks: self.session.set(base_path + ['allow-clients', 'address', network]) @@ -102,7 +106,9 @@ class TestSystemNTP(unittest.TestCase): # Check listen address tmp = get_config_value('interface') - test = ['ignore wildcard', 'listen 127.0.0.1', 'listen ::1'] + test = ['ignore wildcard'] + for listen in listen_address: + test.append(f'listen {listen}') self.assertEqual(tmp, test) # Check for running process diff --git a/sphinx/source/.gitignore b/sphinx/source/.gitignore new file mode 100644 index 000000000..30d85567b --- /dev/null +++ b/sphinx/source/.gitignore @@ -0,0 +1 @@ +*.rst diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index bc102826f..e7f0cd6a5 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -23,13 +23,13 @@ from vyos.config import Config from vyos.configdict import get_interface_dict from vyos.configverify import verify_address from vyos.configverify import verify_dhcpv6 +from vyos.configverify import verify_eapol from vyos.configverify import verify_interface_exists +from vyos.configverify import verify_mirror from vyos.configverify import verify_mtu from vyos.configverify import verify_mtu_ipv6 from vyos.configverify import verify_vlan_config from vyos.configverify import verify_vrf -from vyos.configverify import verify_eapol -from vyos.configverify import verify_mirror from vyos.ifconfig import EthernetIf from vyos.template import render from vyos.util import call @@ -59,15 +59,13 @@ def verify(ethernet): if 'deleted' in ethernet: return None - verify_interface_exists(ethernet) - - if ethernet.get('speed', None) == 'auto': - if ethernet.get('duplex', None) != 'auto': - raise ConfigError('If speed is hardcoded, duplex must be hardcoded, too') + ifname = ethernet['ifname'] + verify_interface_exists(ifname) - if ethernet.get('duplex', None) == 'auto': - if ethernet.get('speed', None) != 'auto': - raise ConfigError('If duplex is hardcoded, speed must be hardcoded, too') + # No need to check speed and duplex keys as both have default values. + if ((ethernet['speed'] == 'auto' and ethernet['duplex'] != 'auto') or + (ethernet['speed'] != 'auto' and ethernet['duplex'] == 'auto')): + raise ConfigError('Speed/Duplex missmatch. Must be both auto or manually configured') verify_mtu(ethernet) verify_mtu_ipv6(ethernet) @@ -77,7 +75,6 @@ def verify(ethernet): verify_eapol(ethernet) verify_mirror(ethernet) - ifname = ethernet['ifname'] # verify offloading capabilities if 'offload' in ethernet and 'rps' in ethernet['offload']: if not os.path.exists(f'/sys/class/net/{ifname}/queues/rx-0/rps_cpus'): diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index 1a7e9a96d..ffeb57784 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2020 VyOS maintainers and contributors +# Copyright (C) 2018-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -24,10 +24,11 @@ from vyos.configdict import dict_merge from vyos.configdict import get_interface_dict from vyos.configdict import node_changed from vyos.configdict import leaf_node_changed -from vyos.configverify import verify_vrf from vyos.configverify import verify_address from vyos.configverify import verify_bridge_delete +from vyos.configverify import verify_interface_exists from vyos.configverify import verify_mtu_ipv6 +from vyos.configverify import verify_vrf from vyos.ifconfig import Interface from vyos.ifconfig import GREIf from vyos.ifconfig import GRETapIf @@ -122,6 +123,9 @@ def verify(tunnel): if 'local_ip' in tunnel and is_ipv6(tunnel['local_ip']): raise ConfigError('Can not use local IPv6 address is for mGRE tunnels') + if 'source_interface' in tunnel: + verify_interface_exists(tunnel['source_interface']) + def generate(tunnel): return None diff --git a/src/conf_mode/nat.py b/src/conf_mode/nat.py index 1ccec3d2e..2d98cb11b 100755 --- a/src/conf_mode/nat.py +++ b/src/conf_mode/nat.py @@ -88,7 +88,7 @@ def get_config(config=None): for direction in ['source', 'destination']: if direction in nat: default_values = defaults(base + [direction, 'rule']) - for rule in nat[direction]['rule']: + for rule in dict_search(f'{direction}.rule', nat) or []: nat[direction]['rule'][rule] = dict_merge(default_values, nat[direction]['rule'][rule]) diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index d0dfb55ec..a511b10ff 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -17,10 +17,11 @@ from sys import exit from vyos.config import Config -from vyos.util import call -from vyos.util import dict_search +from vyos.configdict import dict_merge from vyos.template import render from vyos.template import render_to_string +from vyos.util import call +from vyos.util import dict_search from vyos import ConfigError from vyos import frr from vyos import airbag @@ -33,14 +34,18 @@ def get_config(): base = ['protocols', 'nbgp'] bgp = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) - # XXX: any reason we can not move this into the FRR template? - # we shall not call vtysh directly, especially not in get_config() if not conf.exists(base): - bgp = {} - call('vtysh -c \"conf t\" -c \"no ip protocol bgp\" ') - - if not conf.exists(base + ['route-map']): - call('vtysh -c \"conf t\" -c \"no ip protocol bgp\" ') + return bgp + + # We also need some additional information from the config, + # prefix-lists and route-maps for instance. + base = ['policy'] + tmp = conf.get_config_dict(base, key_mangling=('-', '_')) + # As we only support one ASN (later checked in begin of verify()) we add the + # new information only to the first AS number + asn = next(iter(bgp)) + # Merge policy dict into bgp dict + bgp[asn] = dict_merge(tmp, bgp[asn]) return bgp @@ -53,9 +58,6 @@ def verify(bgp): raise ConfigError('Only one BGP AS number can be defined!') for asn, asn_config in bgp.items(): - import pprint - pprint.pprint(asn_config) - # Common verification for both peer-group and neighbor statements for neighbor in ['neighbor', 'peer_group']: # bail out early if there is no neighbor or peer-group statement @@ -78,10 +80,41 @@ def verify(bgp): # remote-as must be either set explicitly for the neighbor # or for the entire peer-group if 'remote_as' not in peer_config: - peer_group = peer_config['peer_group'] - if 'remote_as' not in asn_config['peer_group'][peer_group]: + if 'peer_group' not in peer_config or 'remote_as' not in asn_config['peer_group'][peer_config['peer_group']]: raise ConfigError('Remote AS must be set for neighbor or peer-group!') + for afi in ['ipv4_unicast', 'ipv6_unicast']: + # Bail out early if address family is not configured + if 'address_family' not in peer_config or afi not in peer_config['address_family']: + continue + + afi_config = peer_config['address_family'][afi] + # Validate if configured Prefix list exists + if 'prefix_list' in afi_config: + for tmp in ['import', 'export']: + if tmp not in afi_config['prefix_list']: + # bail out early + continue + # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our + # compares will run on '_' as also '_' is a valid name for a prefix-list + prefix_list = afi_config['prefix_list'][tmp].replace('-', '_') + if afi == 'ipv4_unicast': + if dict_search(f'policy.prefix_list.{prefix_list}', asn_config) == None: + raise ConfigError(f'prefix-list "{prefix_list}" used for "{tmp}" does not exist!') + elif afi == 'ipv6_unicast': + if dict_search(f'policy.prefix_list6.{prefix_list}', asn_config) == None: + raise ConfigError(f'prefix-list6 "{prefix_list}" used for "{tmp}" does not exist!') + + if 'route_map' in afi_config: + for tmp in ['import', 'export']: + if tmp in afi_config['route_map']: + # get_config_dict() mangles all '-' characters to '_' this is legitim, thus all our + # compares will run on '_' as also '_' is a valid name for a route-map + route_map = afi_config['route_map'][tmp].replace('-', '_') + if dict_search(f'policy.route_map.{route_map}', asn_config) == None: + raise ConfigError(f'route-map "{route_map}" used for "{tmp}" does not exist!') + + return None def generate(bgp): diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index 8f99053d2..8eeb0a7c1 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -28,7 +28,7 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -config_file = r'/run/ssh/sshd_config' +config_file = r'/run/sshd/sshd_config' systemd_override = r'/etc/systemd/system/ssh.service.d/override.conf' def get_config(config=None): @@ -68,6 +68,8 @@ def generate(ssh): render(config_file, 'ssh/sshd_config.tmpl', ssh) render(systemd_override, 'ssh/override.conf.tmpl', ssh) + # Reload systemd manager configuration + call('systemctl daemon-reload') return None @@ -75,13 +77,9 @@ def apply(ssh): if not ssh: # SSH access is removed in the commit call('systemctl stop ssh.service') + return None - # Reload systemd manager configuration - call('systemctl daemon-reload') - - if ssh: - call('systemctl restart ssh.service') - + call('systemctl restart ssh.service') return None if __name__ == '__main__': diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 39bad717d..99af5c757 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -16,33 +16,30 @@ import os -from crypt import crypt, METHOD_SHA512 -from netifaces import interfaces +from crypt import crypt +from crypt import METHOD_SHA512 from psutil import users -from pwd import getpwall, getpwnam +from pwd import getpwall +from pwd import getpwnam from spwd import getspnam from sys import exit from vyos.config import Config +from vyos.configdict import dict_merge +from vyos.configverify import verify_vrf from vyos.template import render -from vyos.util import cmd, call, DEVNULL, chmod_600, chmod_755 +from vyos.template import is_ipv4 +from vyos.util import cmd +from vyos.util import call +from vyos.util import DEVNULL +from vyos.util import dict_search +from vyos.xml import defaults from vyos import ConfigError - from vyos import airbag airbag.enable() radius_config_file = "/etc/pam_radius_auth.conf" -default_config_data = { - 'deleted': False, - 'add_users': [], - 'del_users': [], - 'radius_server': [], - 'radius_source_address': '', - 'radius_vrf': '' -} - - def get_local_users(): """Return list of dynamically allocated users (see Debian Policy Manual)""" local_users = [] @@ -57,211 +54,131 @@ def get_local_users(): def get_config(config=None): - login = default_config_data if config: conf = config else: conf = Config() - base_level = ['system', 'login'] - - # We do not need to check if the nodes exist or not and bail out early - # ... this would interrupt the following logic on determine which users - # should be deleted and which users should stay. - # - # All fine so far! - - # Read in all local users and store to list - for username in conf.list_nodes(base_level + ['user']): - user = { - 'name': username, - 'password_plaintext': '', - 'password_encrypted': '!', - 'public_keys': [], - 'full_name': '', - 'home_dir': '/home/' + username, - } - conf.set_level(base_level + ['user', username]) - - # Plaintext password - if conf.exists(['authentication', 'plaintext-password']): - user['password_plaintext'] = conf.return_value( - ['authentication', 'plaintext-password']) - - # Encrypted password - if conf.exists(['authentication', 'encrypted-password']): - user['password_encrypted'] = conf.return_value( - ['authentication', 'encrypted-password']) - - # User real name - if conf.exists(['full-name']): - user['full_name'] = conf.return_value(['full-name']) - - # User home-directory - if conf.exists(['home-directory']): - user['home_dir'] = conf.return_value(['home-directory']) - - # Read in public keys - for id in conf.list_nodes(['authentication', 'public-keys']): - key = { - 'name': id, - 'key': '', - 'options': '', - 'type': '' - } - conf.set_level(base_level + ['user', username, 'authentication', - 'public-keys', id]) - - # Public Key portion - if conf.exists(['key']): - key['key'] = conf.return_value(['key']) - - # Options for individual public key - if conf.exists(['options']): - key['options'] = conf.return_value(['options']) - - # Type of public key - if conf.exists(['type']): - key['type'] = conf.return_value(['type']) - - # Append individual public key to list of user keys - user['public_keys'].append(key) - - login['add_users'].append(user) - - # - # RADIUS configuration - # - conf.set_level(base_level + ['radius']) - - if conf.exists(['source-address']): - login['radius_source_address'] = conf.return_value(['source-address']) - - # retrieve VRF instance - if conf.exists(['vrf']): - login['radius_vrf'] = conf.return_value(['vrf']) - - # Read in all RADIUS servers and store to list - for server in conf.list_nodes(['server']): - server_cfg = { - 'address': server, - 'disabled': False, - 'key': '', - 'port': '1812', - 'timeout': '2', - 'priority': 255 - } - conf.set_level(base_level + ['radius', 'server', server]) - - # Check if RADIUS server was temporary disabled - if conf.exists(['disable']): - server_cfg['disabled'] = True - - # RADIUS shared secret - if conf.exists(['key']): - server_cfg['key'] = conf.return_value(['key']) - - # RADIUS authentication port - if conf.exists(['port']): - server_cfg['port'] = conf.return_value(['port']) - - # RADIUS session timeout - if conf.exists(['timeout']): - server_cfg['timeout'] = conf.return_value(['timeout']) - - # Check if RADIUS server has priority - if conf.exists(['priority']): - server_cfg['priority'] = int(conf.return_value(['priority'])) - - # Append individual RADIUS server configuration to global server list - login['radius_server'].append(server_cfg) + base = ['system', 'login'] + login = conf.get_config_dict(base, key_mangling=('-', '_'), + get_first_key=True) # users no longer existing in the running configuration need to be deleted local_users = get_local_users() - cli_users = [tmp['name'] for tmp in login['add_users']] - # create a list of all users, cli and users - all_users = list(set(local_users+cli_users)) + cli_users = [] + if 'user' in login: + cli_users = list(login['user']) + + # XXX: T2665: we can not safely rely on the defaults() when there are + # tagNodes in place, it is better to blend in the defaults manually. + default_values = defaults(base + ['user']) + for user in login['user']: + login['user'][user] = dict_merge(default_values, login['user'][user]) + + # XXX: T2665: we can not safely rely on the defaults() when there are + # tagNodes in place, it is better to blend in the defaults manually. + default_values = defaults(base + ['radius', 'server']) + for server in dict_search('radius.server', login) or []: + login['radius']['server'][server] = dict_merge(default_values, + login['radius']['server'][server]) + + # XXX: for a yet unknown reason when we only have one source-address + # get_config_dict() will show a string over a string + if 'radius' in login and 'source_address' in login['radius']: + if isinstance(login['radius']['source_address'], str): + login['radius']['source_address'] = [login['radius']['source_address']] - # Remove any normal users that dos not exist in the current configuration. - # This can happen if user is added but configuration was not saved and - # system is rebooted. - login['del_users'] = [tmp for tmp in all_users if tmp not in cli_users] + # create a list of all users, cli and users + all_users = list(set(local_users + cli_users)) + # We will remove any normal users that dos not exist in the current + # configuration. This can happen if user is added but configuration was not + # saved and system is rebooted. + rm_users = [tmp for tmp in all_users if tmp not in cli_users] + if rm_users: login.update({'rm_users' : rm_users}) return login - def verify(login): - cur_user = os.environ['SUDO_USER'] - if cur_user in login['del_users']: - raise ConfigError( - 'Attempting to delete current user: {}'.format(cur_user)) - - for user in login['add_users']: - for key in user['public_keys']: - if not key['type']: - raise ConfigError( - 'SSH public key type missing for "{name}"!'.format(**key)) - - if not key['key']: - raise ConfigError( - 'SSH public key for id "{name}" missing!'.format(**key)) + if 'rm_users' in login: + cur_user = os.environ['SUDO_USER'] + if cur_user in login['rm_users']: + raise ConfigError(f'Attempting to delete current user: {cur_user}') + + if 'user' in login: + for user, user_config in login['user'].items(): + for pubkey, pubkey_options in (dict_search('authentication.public_keys', user_config) or {}).items(): + if 'type' not in pubkey_options: + raise ConfigError(f'Missing type for public-key "{pubkey}"!') + if 'key' not in pubkey_options: + raise ConfigError(f'Missing key for public-key "{pubkey}"!') # At lease one RADIUS server must not be disabled - if len(login['radius_server']) > 0: + if 'radius' in login: + if 'server' not in login['radius']: + raise ConfigError('No RADIUS server defined!') + fail = True - for server in login['radius_server']: - if not server['disabled']: + for server, server_config in dict_search('radius.server', login).items(): + if 'key' not in server_config: + raise ConfigError(f'RADIUS server "{server}" requires key!') + + if 'disabled' not in server_config: fail = False + continue if fail: - raise ConfigError('At least one RADIUS server must be active.') + raise ConfigError('All RADIUS servers are disabled') + + verify_vrf(login['radius']) - vrf_name = login['radius_vrf'] - if vrf_name and vrf_name not in interfaces(): - raise ConfigError(f'VRF "{vrf_name}" does not exist') + if 'source_address' in login['radius']: + ipv4_count = 0 + ipv6_count = 0 + for address in login['radius']['source_address']: + if is_ipv4(address): ipv4_count += 1 + else: ipv6_count += 1 + + if ipv4_count > 1: + raise ConfigError('Only one IPv4 source-address can be set!') + if ipv6_count > 1: + raise ConfigError('Only one IPv6 source-address can be set!') return None def generate(login): # calculate users encrypted password - for user in login['add_users']: - if user['password_plaintext']: - user['password_encrypted'] = crypt( - user['password_plaintext'], METHOD_SHA512) - user['password_plaintext'] = '' - - # remove old plaintext password and set new encrypted password - env = os.environ.copy() - env['vyos_libexec_dir'] = '/usr/libexec/vyos' - - call("/opt/vyatta/sbin/my_delete system login user '{name}' " - "authentication plaintext-password" - .format(**user), env=env) - - call("/opt/vyatta/sbin/my_set system login user '{name}' " - "authentication encrypted-password '{password_encrypted}'" - .format(**user), env=env) - - else: - try: - if getspnam(user['name']).sp_pwdp == user['password_encrypted']: - # If the current encrypted bassword matches the encrypted password - # from the config - do not update it. This will remove the encrypted - # value from the system logs. - # - # The encrypted password will be set only once during the first boot - # after an image upgrade. - user['password_encrypted'] = '' - except: - pass - - if len(login['radius_server']) > 0: - render(radius_config_file, 'system-login/pam_radius_auth.conf.tmpl', - login) - - uid = getpwnam('root').pw_uid - gid = getpwnam('root').pw_gid - os.chown(radius_config_file, uid, gid) - chmod_600(radius_config_file) + if 'user' in login: + for user, user_config in login['user'].items(): + tmp = dict_search('authentication.plaintext_password', user_config) + if tmp: + encrypted_password = crypt(tmp, METHOD_SHA512) + login['user'][user]['authentication']['encrypted_password'] = encrypted_password + del login['user'][user]['authentication']['plaintext_password'] + + # remove old plaintext password and set new encrypted password + env = os.environ.copy() + env['vyos_libexec_dir'] = '/usr/libexec/vyos' + + call(f"/opt/vyatta/sbin/my_delete system login user '{user}' " \ + f"authentication plaintext-password", env=env) + + call(f"/opt/vyatta/sbin/my_set system login user '{user}' " \ + f"authentication encrypted-password '{encrypted_password}'", env=env) + else: + try: + if getspnam(user).sp_pwdp == dict_search('authentication.encrypted_password', user_config): + # If the current encrypted bassword matches the encrypted password + # from the config - do not update it. This will remove the encrypted + # value from the system logs. + # + # The encrypted password will be set only once during the first boot + # after an image upgrade. + del login['user'][user]['authentication']['encrypted_password'] + except: + pass + + if 'radius' in login: + render(radius_config_file, 'login/pam_radius_auth.conf.tmpl', login, + permission=0o600, user='root', group='root') else: if os.path.isfile(radius_config_file): os.unlink(radius_config_file) @@ -270,95 +187,71 @@ def generate(login): def apply(login): - for user in login['add_users']: - # make new user using vyatta shell and make home directory (-m), - # default group of 100 (users) - command = "useradd -m -N" - # check if user already exists: - if user['name'] in get_local_users(): - # update existing account - command = "usermod" - - # all accounts use /bin/vbash - command += " -s /bin/vbash" - # we need to use '' quotes when passing formatted data to the shell - # else it will not work as some data parts are lost in translation - if user['password_encrypted']: - command += " -p '{}'".format(user['password_encrypted']) - - if user['full_name']: - command += " -c '{}'".format(user['full_name']) - - if user['home_dir']: - command += " -d '{}'".format(user['home_dir']) - - command += " -G frrvty,vyattacfg,sudo,adm,dip,disk" - command += " {}".format(user['name']) - - try: - cmd(command) - - uid = getpwnam(user['name']).pw_uid - gid = getpwnam(user['name']).pw_gid - - # we should not rely on the value stored in user['home_dir'], as a - # crazy user will choose username root or any other system user - # which will fail. Should we deny using root at all? - home_dir = getpwnam(user['name']).pw_dir - - # install ssh keys - ssh_key_dir = home_dir + '/.ssh' - if not os.path.isdir(ssh_key_dir): - os.mkdir(ssh_key_dir) - os.chown(ssh_key_dir, uid, gid) - chmod_755(ssh_key_dir) - - ssh_key_file = ssh_key_dir + '/authorized_keys' - with open(ssh_key_file, 'w') as f: - f.write("# Automatically generated by VyOS\n") - f.write("# Do not edit, all changes will be lost\n") - - for id in user['public_keys']: - line = '' - if id['options']: - line = '{} '.format(id['options']) - - line += '{} {} {}\n'.format(id['type'], - id['key'], id['name']) - f.write(line) - - os.chown(ssh_key_file, uid, gid) - chmod_600(ssh_key_file) - - except Exception as e: - print(e) - raise ConfigError('Adding user "{name}" raised exception' - .format(**user)) - - for user in login['del_users']: - try: - # Logout user if he is logged in - if user in list(set([tmp[0] for tmp in users()])): - print('{} is logged in, forcing logout'.format(user)) - call('pkill -HUP -u {}'.format(user)) - - # Remove user account but leave home directory to be safe - call(f'userdel -r {user}', stderr=DEVNULL) - - except Exception as e: - raise ConfigError(f'Deleting user "{user}" raised exception: {e}') + if 'user' in login: + for user, user_config in login['user'].items(): + # make new user using vyatta shell and make home directory (-m), + # default group of 100 (users) + command = 'useradd -m -N' + # check if user already exists: + if user in get_local_users(): + # update existing account + command = 'usermod' + + # all accounts use /bin/vbash + command += ' -s /bin/vbash' + # we need to use '' quotes when passing formatted data to the shell + # else it will not work as some data parts are lost in translation + tmp = dict_search('authentication.encrypted_password', user_config) + if tmp: command += f" -p '{tmp}'" + + tmp = dict_search('full_name', user_config) + if tmp: command += f" -c '{tmp}'" + + tmp = dict_search('home_directory', user_config) + if tmp: command += f" -d '{tmp}'" + else: command += f" -d '/home/{user}'" + + command += f' -G frrvty,vyattacfg,sudo,adm,dip,disk {user}' + try: + cmd(command) + + # we should not rely on the value stored in + # user_config['home_directory'], as a crazy user will choose + # username root or any other system user which will fail. + # + # XXX: Should we deny using root at all? + home_dir = getpwnam(user).pw_dir + render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.tmpl', + user_config, permission=0o600, user=user, group='users') + + except Exception as e: + raise ConfigError(f'Adding user "{user}" raised exception: "{e}"') + + if 'rm_users' in login: + for user in login['rm_users']: + try: + # Logout user if he is still logged in + if user in list(set([tmp[0] for tmp in users()])): + print(f'{user} is logged in, forcing logout!') + call(f'pkill -HUP -u {user}') + + # Remove user account but leave home directory to be safe + call(f'userdel -r {user}', stderr=DEVNULL) + + except Exception as e: + raise ConfigError(f'Deleting user "{user}" raised exception: {e}') # # RADIUS configuration # - if len(login['radius_server']) > 0: - try: - env = os.environ.copy() - env['DEBIAN_FRONTEND'] = 'noninteractive' + env = os.environ.copy() + env['DEBIAN_FRONTEND'] = 'noninteractive' + try: + if 'radius' in login: # Enable RADIUS in PAM - cmd("pam-auth-update --package --enable radius", env=env) - - # Make NSS system aware of RADIUS, too + cmd('pam-auth-update --package --enable radius', env=env) + # Make NSS system aware of RADIUS + # This fancy snipped was copied from old Vyatta code command = "sed -i -e \'/\smapname/b\' \ -e \'/^passwd:/s/\s\s*/&mapuid /\' \ -e \'/^passwd:.*#/s/#.*/mapname &/\' \ @@ -366,31 +259,20 @@ def apply(login): -e \'/^group:.*#/s/#.*/ mapname &/\' \ -e \'/^group:[^#]*$/s/: */&mapname /\' \ /etc/nsswitch.conf" - - cmd(command) - - except Exception as e: - raise ConfigError('RADIUS configuration failed: {}'.format(e)) - - else: - try: - env = os.environ.copy() - env['DEBIAN_FRONTEND'] = 'noninteractive' - + else: # Disable RADIUS in PAM - cmd("pam-auth-update --package --remove radius", env=env) - + cmd('pam-auth-update --package --remove radius', env=env) + # Drop RADIUS from NSS NSS system + # This fancy snipped was copied from old Vyatta code command = "sed -i -e \'/^passwd:.*mapuid[ \t]/s/mapuid[ \t]//\' \ -e \'/^passwd:.*[ \t]mapname/s/[ \t]mapname//\' \ -e \'/^group:.*[ \t]mapname/s/[ \t]mapname//\' \ -e \'s/[ \t]*$//\' \ /etc/nsswitch.conf" - cmd(command) - - except Exception as e: - raise ConfigError( - 'Removing RADIUS configuration failed.\n{}'.format(e)) + cmd(command) + except Exception as e: + raise ConfigError(f'RADIUS configuration failed: {e}') return None |