diff options
Diffstat (limited to 'interface-definitions/include')
164 files changed, 4206 insertions, 321 deletions
diff --git a/interface-definitions/include/accel-ppp/auth-mode.xml.i b/interface-definitions/include/accel-ppp/auth-mode.xml.i index c1a87cfe3..ccaed6f04 100644 --- a/interface-definitions/include/accel-ppp/auth-mode.xml.i +++ b/interface-definitions/include/accel-ppp/auth-mode.xml.i @@ -10,11 +10,15 @@ <format>radius</format> <description>Use RADIUS server for user autentication</description> </valueHelp> + <valueHelp> + <format>noauth</format> + <description>Authentication disabled</description> + </valueHelp> <constraint> - <regex>(local|radius)</regex> + <regex>(local|radius|noauth)</regex> </constraint> <completionHelp> - <list>local radius</list> + <list>local radius noauth</list> </completionHelp> </properties> <defaultValue>local</defaultValue> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i new file mode 100644 index 000000000..b442a15b9 --- /dev/null +++ b/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i @@ -0,0 +1,30 @@ +<!-- include start from accel-ppp/client-ip-pool-name.xml.i --> +<tagNode name="name"> + <properties> + <help>Pool name</help> + <valueHelp> + <format>txt</format> + <description>Name of IP pool</description> + </valueHelp> + <constraint> + <regex>[-_a-zA-Z0-9.]+</regex> + </constraint> + </properties> + <children> + #include <include/accel-ppp/gateway-address.xml.i> + #include <include/accel-ppp/client-ip-pool-subnet-single.xml.i> + <leafNode name="next-pool"> + <properties> + <help>Next pool name</help> + <valueHelp> + <format>txt</format> + <description>Name of IP pool</description> + </valueHelp> + <constraint> + <regex>[-_a-zA-Z0-9.]+</regex> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool-subnet-single.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool-subnet-single.xml.i index e5918b765..b93ba67d8 100644 --- a/interface-definitions/include/accel-ppp/client-ip-pool-subnet-single.xml.i +++ b/interface-definitions/include/accel-ppp/client-ip-pool-subnet-single.xml.i @@ -8,8 +8,9 @@ </valueHelp> <constraint> <validator name="ipv4-prefix"/> + <validator name="ipv4-host"/> </constraint> - <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage> + <constraintErrorMessage>Not a valid IP address or prefix</constraintErrorMessage> </properties> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i new file mode 100644 index 000000000..265f7f97c --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i @@ -0,0 +1,54 @@ +<!-- include start from accel-ppp/ppp-options-ipv6-interface-id.xml.i --> +<leafNode name="ipv6-intf-id"> + <properties> + <help>Fixed or random interface identifier for IPv6</help> + <completionHelp> + <list>random</list> + </completionHelp> + <valueHelp> + <format>random</format> + <description>Random interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>x:x:x:x</format> + <description>specify interface identifier for IPv6</description> + </valueHelp> + <constraint> + <regex>(random|((\d+){1,4}:){3}(\d+){1,4})</regex> + </constraint> + </properties> +</leafNode> +<leafNode name="ipv6-peer-intf-id"> + <properties> + <help>Peer interface identifier for IPv6</help> + <completionHelp> + <list>random calling-sid ipv4</list> + </completionHelp> + <valueHelp> + <format>x:x:x:x</format> + <description>Interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>random</format> + <description>Use a random interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>ipv4</format> + <description>Calculate interface identifier from IPv4 address, for example 192:168:0:1</description> + </valueHelp> + <valueHelp> + <format>calling-sid</format> + <description>Calculate interface identifier from calling-station-id</description> + </valueHelp> + <constraint> + <regex>(random|calling-sid|ipv4|((\d+){1,4}:){3}(\d+){1,4})</regex> + </constraint> + </properties> +</leafNode> +<leafNode name="ipv6-accept-peer-intf-id"> + <properties> + <help>Accept peer interface identifier</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/radius-accounting-interim-interval.xml.i b/interface-definitions/include/accel-ppp/radius-accounting-interim-interval.xml.i new file mode 100644 index 000000000..311ef969c --- /dev/null +++ b/interface-definitions/include/accel-ppp/radius-accounting-interim-interval.xml.i @@ -0,0 +1,15 @@ +<!-- include start from accel-ppp/radius-accounting-interim-interval.xml.i --> +<leafNode name="accounting-interim-interval"> + <properties> + <help>Interval in seconds to send accounting information</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Interval in seconds to send accounting information</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + <constraintErrorMessage>Interval value must be between 1 and 3600 seconds</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i index 15ff5165f..cdd0bf300 100644 --- a/interface-definitions/include/accel-ppp/radius-additions.xml.i +++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i @@ -1,6 +1,19 @@ <!-- include start from accel-ppp/radius-additions.xml.i --> <node name="radius"> <children> + <leafNode name="accounting-interim-interval"> + <properties> + <help>Interval in seconds to send accounting information</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Interval in seconds to send accounting information</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + <constraintErrorMessage>Interval value must be between 1 and 3600 seconds</constraintErrorMessage> + </properties> + </leafNode> <leafNode name="acct-interim-jitter"> <properties> <help>Maximum jitter value in seconds to be applied to accounting information interval</help> diff --git a/interface-definitions/include/accel-ppp/shaper.xml.i b/interface-definitions/include/accel-ppp/shaper.xml.i new file mode 100644 index 000000000..b4f9536d2 --- /dev/null +++ b/interface-definitions/include/accel-ppp/shaper.xml.i @@ -0,0 +1,21 @@ +<!-- include start from accel-ppp/shaper.xml.i --> +<node name="shaper"> + <properties> + <help>Traffic shaper bandwidth parameters</help> + </properties> + <children> + <leafNode name="fwmark"> + <properties> + <help>Firewall mark value for traffic that excludes from shaping</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Match firewall mark value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/address-ipv4-ipv6-single.xml.i b/interface-definitions/include/address-ipv4-ipv6-single.xml.i new file mode 100644 index 000000000..dc3d6fc1b --- /dev/null +++ b/interface-definitions/include/address-ipv4-ipv6-single.xml.i @@ -0,0 +1,18 @@ +<!-- include start from interface/address-ipv4-ipv6.xml.i --> +<leafNode name="address"> + <properties> + <help>IP address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/allow-client.xml.i b/interface-definitions/include/allow-client.xml.i new file mode 100644 index 000000000..1b06e2c17 --- /dev/null +++ b/interface-definitions/include/allow-client.xml.i @@ -0,0 +1,35 @@ +<!-- include start from allow-client.xml.i --> +<node name="allow-client"> + <properties> + <help>Restrict to allowed IP client addresses</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>Allowed IP client addresses</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="ip-cidr"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/babel/interface.xml.i b/interface-definitions/include/babel/interface.xml.i new file mode 100644 index 000000000..a122ef024 --- /dev/null +++ b/interface-definitions/include/babel/interface.xml.i @@ -0,0 +1,187 @@ +<!-- include start from babel/interface.xml.i --> +<tagNode name="interface"> + <properties> + <help>Interface name</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <leafNode name="type"> + <properties> + <help>Interface type</help> + <completionHelp> + <list>auto wired wireless</list> + </completionHelp> + <valueHelp> + <format>auto</format> + <description>Automatically detect interface type</description> + </valueHelp> + <valueHelp> + <format>wired</format> + <description>Wired interface</description> + </valueHelp> + <valueHelp> + <format>wireless</format> + <description>Wireless interface</description> + </valueHelp> + <constraint> + <regex>(auto|wired|wireless)</regex> + </constraint> + </properties> + <defaultValue>auto</defaultValue> + </leafNode> + <leafNode name="split-horizon"> + <properties> + <help>Split horizon parameters</help> + <completionHelp> + <list>default enable disable</list> + </completionHelp> + <valueHelp> + <format>default</format> + <description>Enable on wired interfaces, and disable on wireless interfaces</description> + </valueHelp> + <valueHelp> + <format>enable</format> + <description>Enable split horizon processing</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable split horizon processing</description> + </valueHelp> + <constraint> + <regex>(default|enable|disable)</regex> + </constraint> + </properties> + <defaultValue>default</defaultValue> + </leafNode> + <leafNode name="hello-interval"> + <properties> + <help>Time between scheduled hellos</help> + <valueHelp> + <format>u32:20-655340</format> + <description>Milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 20-655340"/> + </constraint> + </properties> + <defaultValue>4000</defaultValue> + </leafNode> + <leafNode name="update-interval"> + <properties> + <help>Time between scheduled updates</help> + <valueHelp> + <format>u32:20-655340</format> + <description>Milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 20-655340"/> + </constraint> + </properties> + <defaultValue>20000</defaultValue> + </leafNode> + <leafNode name="rxcost"> + <properties> + <help>Base receive cost for this interface</help> + <valueHelp> + <format>u32:1-65534</format> + <description>Base receive cost</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65534"/> + </constraint> + </properties> + </leafNode> + <leafNode name="rtt-decay"> + <properties> + <help>Decay factor for exponential moving average of RTT samples</help> + <valueHelp> + <format>u32:1-256</format> + <description>Decay factor, in units of 1/256</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-256"/> + </constraint> + </properties> + <defaultValue>42</defaultValue> + </leafNode> + <leafNode name="rtt-min"> + <properties> + <help>Minimum RTT</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + <leafNode name="rtt-max"> + <properties> + <help>Maximum RTT</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <leafNode name="max-rtt-penalty"> + <properties> + <help>Maximum additional cost due to RTT</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Milliseconds (0 to disable the use of RTT-based cost)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <defaultValue>150</defaultValue> + </leafNode> + <leafNode name="enable-timestamps"> + <properties> + <help>Enable timestamps with each Hello and IHU message in order to compute RTT values</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="channel"> + <properties> + <help>Channel number for diversity routing</help> + <completionHelp> + <list>interfering non-interfering</list> + </completionHelp> + <valueHelp> + <format>u32:1-254</format> + <description>Interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number</description> + </valueHelp> + <valueHelp> + <format>interfering</format> + <description>Interfering interfaces are assumed to interfere with all other channels except non-interfering channels</description> + </valueHelp> + <valueHelp> + <format>non-interfering</format> + <description>Non-interfering interfaces only interfere with themselves</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-254"/> + <regex>(interfering|non-interfering)</regex> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-export-import.xml.i b/interface-definitions/include/bgp/afi-export-import.xml.i index 86817cdb3..5223af0ae 100644 --- a/interface-definitions/include/bgp/afi-export-import.xml.i +++ b/interface-definitions/include/bgp/afi-export-import.xml.i @@ -32,6 +32,7 @@ </valueHelp> <completionHelp> <path>vrf name</path> + <list>default</list> </completionHelp> <multi/> </properties> diff --git a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i index 34b5ec7d7..0f760daae 100644 --- a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i +++ b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i @@ -15,7 +15,7 @@ <description>Name of IPv4 prefix-list</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -31,7 +31,7 @@ <description>Name of IPv4 prefix-list</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i index 06c661a90..268d9cbc0 100644 --- a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i +++ b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i @@ -15,7 +15,7 @@ <description>Name of IPv6 prefix-list</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> <constraintErrorMessage>Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -31,7 +31,7 @@ <description>Name of IPv6 prefix-list</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> <constraintErrorMessage>Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/bgp/afi-label.xml.i b/interface-definitions/include/bgp/afi-label.xml.i index 9535d19e8..2c5eed18b 100644 --- a/interface-definitions/include/bgp/afi-label.xml.i +++ b/interface-definitions/include/bgp/afi-label.xml.i @@ -29,6 +29,19 @@ </constraint> </properties> </leafNode> + <node name="allocation-mode"> + <properties> + <help>Label allocation mode</help> + </properties> + <children> + <leafNode name="per-nexthop"> + <properties> + <help>Allocate a label per connected next-hop in the VRF</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> </children> </node> </children> diff --git a/interface-definitions/include/bgp/afi-vpn-label.xml.i b/interface-definitions/include/bgp/afi-vpn-label.xml.i new file mode 100644 index 000000000..6c7e73d9b --- /dev/null +++ b/interface-definitions/include/bgp/afi-vpn-label.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bgp/afi-vpn-label.xml.i --> +<leafNode name="label"> + <properties> + <help>MPLS label value assigned to route</help> + <valueHelp> + <format>u32:0-1048575</format> + <description>MPLS label value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-1048575"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-local-role.xml.i b/interface-definitions/include/bgp/neighbor-local-role.xml.i new file mode 100644 index 000000000..6ddb4908f --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-local-role.xml.i @@ -0,0 +1,42 @@ +<!-- include start from bgp/neigbhor-local-role.xml.i --> +<tagNode name="local-role"> + <properties> + <help>Local role for BGP neighbor (RFC9234)</help> + <completionHelp> + <list>customer peer provider rs-client rs-server</list> + </completionHelp> + <valueHelp> + <format>customer</format> + <description>Using Transit</description> + </valueHelp> + <valueHelp> + <format>peer</format> + <description>Public/Private Peering</description> + </valueHelp> + <valueHelp> + <format>provider</format> + <description>Providing Transit</description> + </valueHelp> + <valueHelp> + <format>rs-client</format> + <description>RS Client</description> + </valueHelp> + <valueHelp> + <format>rs-server</format> + <description>Route Server</description> + </valueHelp> + <constraint> + <regex>(provider|rs-server|rs-client|customer|peer)</regex> + </constraint> + <constraintErrorMessage>BGP local-role must be one of the following: customer, peer, provider, rs-client or rs-server</constraintErrorMessage> + </properties> + <children> + <leafNode name="strict"> + <properties> + <help>Neighbor must send this exact capability, otherwise a role missmatch notification will be sent</help> + <valueless/> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-path-attribute.xml.i b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i new file mode 100644 index 000000000..f4f2fcfa9 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i @@ -0,0 +1,21 @@ +<!-- include start from bgp/neighbor-path-attribute.xml.i --> +<node name="path-attribute"> + <properties> + <help>Manipulate path attributes from incoming UPDATE messages</help> + </properties> + <children> + <leafNode name="discard"> + <properties> + <help>Drop specified attributes from incoming UPDATE messages</help> + <valueHelp> + <format>u32:1-255</format> + <description>Attribute number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-update-source.xml.i b/interface-definitions/include/bgp/neighbor-update-source.xml.i index 60c127e8f..92e817166 100644 --- a/interface-definitions/include/bgp/neighbor-update-source.xml.i +++ b/interface-definitions/include/bgp/neighbor-update-source.xml.i @@ -5,7 +5,7 @@ <help>Source IP of routing updates</help> <completionHelp> <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>ipv4</format> @@ -20,9 +20,8 @@ <description>Interface as route source</description> </valueHelp> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> - #include <include/constraint/interface-name.xml.in> + <validator name="ip-address"/> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index 366630f78..504385b53 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -165,6 +165,14 @@ #include <include/bgp/afi-redistribute-metric-route-map.xml.i> </children> </node> + <node name="babel"> + <properties> + <help>Redistribute Babel routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> <node name="static"> <properties> <help>Redistribute static routes into BGP</help> @@ -347,15 +355,7 @@ <help>Apply local policy routing to interface</help> </properties> <children> - <leafNode name="interface"> - <properties> - <help>Interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> - </completionHelp> - <multi/> - </properties> - </leafNode> + #include <include/generic-interface-multi.xml.i> </children> </node> </children> @@ -378,18 +378,7 @@ </properties> <children> #include <include/bgp/route-distinguisher.xml.i> - <leafNode name="label"> - <properties> - <help>MPLS label value assigned to route</help> - <valueHelp> - <format>u32:0-1048575</format> - <description>MPLS label value</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-1048575"/> - </constraint> - </properties> - </leafNode> + #include <include/bgp/afi-vpn-label.xml.i> </children> </tagNode> </children> @@ -542,6 +531,14 @@ #include <include/bgp/afi-redistribute-metric-route-map.xml.i> </children> </node> + <node name="babel"> + <properties> + <help>Redistribute Babel routes into BGP</help> + </properties> + <children> + #include <include/bgp/afi-redistribute-metric-route-map.xml.i> + </children> + </node> <node name="static"> <properties> <help>Redistribute static routes into BGP</help> @@ -723,7 +720,7 @@ <properties> <help>Interface</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <multi/> </properties> @@ -750,18 +747,7 @@ </properties> <children> #include <include/bgp/route-distinguisher.xml.i> - <leafNode name="label"> - <properties> - <help>MPLS label value assigned to route</help> - <valueHelp> - <format>u32:0-1048575</format> - <description>MPLS label value</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-1048575"/> - </constraint> - </properties> - </leafNode> + #include <include/bgp/afi-vpn-label.xml.i> </children> </tagNode> </children> @@ -824,12 +810,7 @@ <help>Specify handling for BUM packets</help> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Do not flood any BUM packets</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="head-end-replication"> <properties> <help>Flood BUM packets using head-end replication</help> @@ -857,6 +838,36 @@ </node> </children> </node> +<tagNode name="interface"> + <properties> + <help>Configure interface related parameters, e.g. MPLS</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <node name="mpls"> + <properties> + <help>MPLS options</help> + </properties> + <children> + <leafNode name="forwarding"> + <properties> + <help>Enable MPLS forwarding for eBGP directly connected peers</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> +</tagNode> <node name="listen"> <properties> <help>Listen for and accept BGP dynamic neighbors from range</help> @@ -924,9 +935,8 @@ <description>Interface name</description> </valueHelp> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> - #include <include/constraint/interface-name.xml.in> + <validator name="ip-address"/> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> <children> @@ -987,22 +997,12 @@ </children> </node> #include <include/bgp/neighbor-local-as.xml.i> + #include <include/bgp/neighbor-local-role.xml.i> #include <include/bgp/neighbor-override-capability.xml.i> + #include <include/bgp/neighbor-path-attribute.xml.i> #include <include/bgp/neighbor-passive.xml.i> #include <include/bgp/neighbor-password.xml.i> #include <include/bgp/peer-group.xml.i> - <leafNode name="port"> - <properties> - <help>Neighbor BGP port</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Neighbor BGP port number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> #include <include/bgp/remote-as.xml.i> #include <include/bgp/neighbor-shutdown.xml.i> <leafNode name="solo"> @@ -1011,6 +1011,12 @@ <valueless/> </properties> </leafNode> + <leafNode name="enforce-first-as"> + <properties> + <help>Ensure the first AS in the AS path matches the peer AS</help> + <valueless/> + </properties> + </leafNode> <leafNode name="strict-capability-match"> <properties> <help>Enable strict capability negotiation</help> @@ -1044,6 +1050,7 @@ </node> #include <include/bgp/neighbor-ttl-security.xml.i> #include <include/bgp/neighbor-update-source.xml.i> + #include <include/port-number.xml.i> </children> </tagNode> <node name="parameters"> @@ -1116,25 +1123,26 @@ <valueless/> </properties> </leafNode> - <node name="med"> + <leafNode name="med"> <properties> <help>MED attribute comparison parameters</help> + <completionHelp> + <list>confed missing-as-worst</list> + </completionHelp> + <valueHelp> + <format>confed</format> + <description>Compare MEDs among confederation paths</description> + </valueHelp> + <valueHelp> + <format>missing-as-worst</format> + <description>Treat missing route as a MED as the least preferred one</description> + </valueHelp> + <constraint> + <regex>(confed|missing-as-worst)</regex> + </constraint> + <multi/> </properties> - <children> - <leafNode name="confed"> - <properties> - <help>Compare MEDs among confederation paths</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="missing-as-worst"> - <properties> - <help>Treat missing route as a MED as the least preferred one</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> + </leafNode> <node name="peer-type"> <properties> <help>Peer type</help> @@ -1474,13 +1482,56 @@ </properties> </leafNode> #include <include/router-id.xml.i> + <node name="tcp-keepalive"> + <properties> + <help>TCP keepalive parameters</help> + </properties> + <children> + <leafNode name="idle"> + <properties> + <help>TCP keepalive idle time</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Idle time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="interval"> + <properties> + <help>TCP keepalive interval</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="probes"> + <properties> + <help>TCP keepalive maximum probes</help> + <valueHelp> + <format>u32:1-30</format> + <description>Maximum probes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-30"/> + </constraint> + </properties> + </leafNode> + </children> + </node> </children> </node> <tagNode name="peer-group"> <properties> <help>Name of peer-group</help> <constraint> - <regex>[-_a-zA-Z0-9]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> </properties> <children> @@ -1490,7 +1541,9 @@ </properties> <children> #include <include/bgp/neighbor-afi-ipv4-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv4-vpn.xml.i> #include <include/bgp/neighbor-afi-ipv6-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv6-vpn.xml.i> #include <include/bgp/neighbor-afi-l2vpn-evpn.xml.i> </children> </node> @@ -1503,16 +1556,18 @@ #include <include/bgp/neighbor-graceful-restart.xml.i> #include <include/bgp/neighbor-graceful-restart.xml.i> #include <include/bgp/neighbor-local-as.xml.i> + #include <include/bgp/neighbor-local-role.xml.i> #include <include/bgp/neighbor-override-capability.xml.i> + #include <include/bgp/neighbor-path-attribute.xml.i> #include <include/bgp/neighbor-passive.xml.i> #include <include/bgp/neighbor-password.xml.i> - #include <include/bgp/remote-as.xml.i> #include <include/bgp/neighbor-shutdown.xml.i> #include <include/bgp/neighbor-ttl-security.xml.i> #include <include/bgp/neighbor-update-source.xml.i> + #include <include/bgp/remote-as.xml.i> + #include <include/port-number.xml.i> </children> </tagNode> -#include <include/route-map.xml.i> <node name="timers"> <properties> <help>BGP protocol timers</help> diff --git a/interface-definitions/include/bgp/timers-holdtime.xml.i b/interface-definitions/include/bgp/timers-holdtime.xml.i index 9e86ab13d..31e97f6b8 100644 --- a/interface-definitions/include/bgp/timers-holdtime.xml.i +++ b/interface-definitions/include/bgp/timers-holdtime.xml.i @@ -1,14 +1,14 @@ <!-- include start from bgp/timers-holdtime.xml.i --> <leafNode name="holdtime"> <properties> - <help>BGP hold timer for this neighbor</help> + <help>Hold timer</help> <valueHelp> <format>u32:1-65535</format> <description>Hold timer in seconds</description> </valueHelp> <valueHelp> <format>0</format> - <description>Hold timer disabled</description> + <description>Disable hold timer</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-65535"/> diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i new file mode 100644 index 000000000..ba097c6b5 --- /dev/null +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/constraint/alpha-numeric-hyphen-underscore.xml.i --> +<regex>[-_a-zA-Z0-9]+</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/host-name.xml.i b/interface-definitions/include/constraint/host-name.xml.i new file mode 100644 index 000000000..cc9740c16 --- /dev/null +++ b/interface-definitions/include/constraint/host-name.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/host-name.xml.i -->
+<regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex>
+<!-- include end -->
diff --git a/interface-definitions/include/constraint/interface-name-with-wildcard-and-inverted.xml.i b/interface-definitions/include/constraint/interface-name-with-wildcard-and-inverted.xml.i new file mode 100644 index 000000000..6a39041a3 --- /dev/null +++ b/interface-definitions/include/constraint/interface-name-with-wildcard-and-inverted.xml.i @@ -0,0 +1,4 @@ +<!-- include start from constraint/interface-name-with-wildcard-and-inverted.xml.i --> +<regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> +<validator name="file-path --lookup-path /sys/class/net --directory"/> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i new file mode 100644 index 000000000..adff530b6 --- /dev/null +++ b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i @@ -0,0 +1,4 @@ +<!-- include start from constraint/interface-name-with-wildcard.xml.i --> +<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|lo</regex> +<validator name="file-path --lookup-path /sys/class/net --directory"/> +<!-- include end --> diff --git a/interface-definitions/include/constraint/interface-name.xml.i b/interface-definitions/include/constraint/interface-name.xml.i new file mode 100644 index 000000000..1b14eabf5 --- /dev/null +++ b/interface-definitions/include/constraint/interface-name.xml.i @@ -0,0 +1,4 @@ +<!-- include start from constraint/interface-name.xml.i --> +<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex> +<validator name="file-path --lookup-path /sys/class/net --directory"/> +<!-- include end --> diff --git a/interface-definitions/include/constraint/interface-name.xml.in b/interface-definitions/include/constraint/interface-name.xml.in deleted file mode 100644 index 2d1f7b757..000000000 --- a/interface-definitions/include/constraint/interface-name.xml.in +++ /dev/null @@ -1,4 +0,0 @@ -<!-- include start from constraint/interface-name.xml.in --> -<regex>(bond|br|dum|en|ersp|eth|gnv|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex> -<validator name="file-path --lookup-path /sys/class/net --directory"/> -<!-- include end --> diff --git a/interface-definitions/include/constraint/login-username.xml.i b/interface-definitions/include/constraint/login-username.xml.i new file mode 100644 index 000000000..09a68b796 --- /dev/null +++ b/interface-definitions/include/constraint/login-username.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/login-username.xml.i --> +<regex>[-_a-zA-Z0-9.]{1,100}</regex> +<!-- include end --> diff --git a/interface-definitions/include/dhcp-interface-multi.xml.i b/interface-definitions/include/dhcp-interface-multi.xml.i new file mode 100644 index 000000000..0db11cf79 --- /dev/null +++ b/interface-definitions/include/dhcp-interface-multi.xml.i @@ -0,0 +1,18 @@ +<!-- include start from dhcp-interface-multi.xml.i --> +<leafNode name="dhcp-interface"> + <properties> + <help>DHCP interface supplying next-hop IP address</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>DHCP interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/dhcp-interface.xml.i b/interface-definitions/include/dhcp-interface.xml.i index f5107ba2b..b5c94cb24 100644 --- a/interface-definitions/include/dhcp-interface.xml.i +++ b/interface-definitions/include/dhcp-interface.xml.i @@ -2,14 +2,14 @@ <properties> <help>DHCP interface supplying next-hop IP address</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>txt</format> <description>DHCP interface name</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i b/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i new file mode 100644 index 000000000..ee1af2a36 --- /dev/null +++ b/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i @@ -0,0 +1,34 @@ +<!-- include start from dns/dynamic-service-host-name-server.xml.i --> +<leafNode name="host-name"> + <properties> + <help>Hostname to register with Dynamic DNS service</help> + <constraint> + #include <include/constraint/host-name.xml.i> + </constraint> + <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> + <multi/> + </properties> +</leafNode> +<leafNode name="server"> + <properties> + <help>Remote Dynamic DNS server to send updates to</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of the remote server</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of the remote server</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Fully qualified domain name of the remote server</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Remote server must be IP address or fully qualified domain name</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/eigrp/protocol-common-config.xml.i b/interface-definitions/include/eigrp/protocol-common-config.xml.i index 147277102..a21d18424 100644 --- a/interface-definitions/include/eigrp/protocol-common-config.xml.i +++ b/interface-definitions/include/eigrp/protocol-common-config.xml.i @@ -59,7 +59,7 @@ <properties> <help>Suppress routing updates on an interface</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> </properties> </leafNode> @@ -87,6 +87,10 @@ <description>Routing Information Protocol (RIP)</description> </valueHelp> <valueHelp> + <format>babel</format> + <description>Babel routing protocol (Babel)</description> + </valueHelp> + <valueHelp> <format>static</format> <description>Statically configured routes</description> </valueHelp> @@ -98,12 +102,11 @@ <list>bgp connected nhrp ospf rip static vnc</list> </completionHelp> <constraint> - <regex>(bgp|connected|nhrp|ospf|rip|static|vnc)</regex> + <regex>(bgp|connected|nhrp|ospf|rip|babel|static|vnc)</regex> </constraint> <multi/> </properties> </leafNode> -#include <include/route-map.xml.i> #include <include/router-id.xml.i> <!-- FRR timers not implemented yet --> <leafNode name="variance"> diff --git a/interface-definitions/include/firewall/action-and-notrack.xml.i b/interface-definitions/include/firewall/action-and-notrack.xml.i new file mode 100644 index 000000000..5f81a1451 --- /dev/null +++ b/interface-definitions/include/firewall/action-and-notrack.xml.i @@ -0,0 +1,41 @@ +<!-- include start from firewall/action-and-notrack.xml.i --> +<leafNode name="action"> + <properties> + <help>Rule action</help> + <completionHelp> + <list>accept jump notrack reject return drop queue</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept matching entries</description> + </valueHelp> + <valueHelp> + <format>jump</format> + <description>Jump to another chain</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Reject matching entries</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop matching entries</description> + </valueHelp> + <valueHelp> + <format>queue</format> + <description>Enqueue packet to userspace</description> + </valueHelp> + <valueHelp> + <format>notrack</format> + <description>Igone connection tracking</description> + </valueHelp> + <constraint> + <regex>(accept|jump|notrack|reject|return|drop|queue)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i index 468340cbb..7c6e33839 100644 --- a/interface-definitions/include/firewall/action.xml.i +++ b/interface-definitions/include/firewall/action.xml.i @@ -3,7 +3,7 @@ <properties> <help>Rule action</help> <completionHelp> - <list>accept jump reject return drop</list> + <list>accept jump reject return drop queue</list> </completionHelp> <valueHelp> <format>accept</format> @@ -25,8 +25,12 @@ <format>drop</format> <description>Drop matching entries</description> </valueHelp> + <valueHelp> + <format>queue</format> + <description>Enqueue packet to userspace</description> + </valueHelp> <constraint> - <regex>(accept|jump|reject|return|drop)</regex> + <regex>(accept|jump|reject|return|drop|queue)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i new file mode 100644 index 000000000..7a2eb86d4 --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -0,0 +1,374 @@ +<!-- include start from firewall/common-rule-inet.xml.i --> +#include <include/firewall/action.xml.i> +#include <include/generic-description.xml.i> +#include <include/firewall/dscp.xml.i> +#include <include/firewall/packet-options.xml.i> +#include <include/firewall/connection-mark.xml.i> +#include <include/firewall/nft-queue.xml.i> +<leafNode name="disable"> + <properties> + <help>Option to disable firewall rule</help> + <valueless/> + </properties> +</leafNode> +<node name="fragment"> + <properties> + <help>IP fragment match</help> + </properties> + <children> + <leafNode name="match-frag"> + <properties> + <help>Second and further fragments of fragmented packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-non-frag"> + <properties> + <help>Head fragments or unfragmented packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="ipsec"> + <properties> + <help>Inbound IPsec packets</help> + </properties> + <children> + <leafNode name="match-ipsec"> + <properties> + <help>Inbound IPsec packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none"> + <properties> + <help>Inbound non-IPsec packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="limit"> + <properties> + <help>Rate limit using a token bucket filter</help> + </properties> + <children> + <leafNode name="burst"> + <properties> + <help>Maximum number of packets to allow in excess of rate</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>Maximum number of packets to allow in excess of rate</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="rate"> + <properties> + <help>Maximum average matching rate</help> + <valueHelp> + <format>txt</format> + <description>integer/unit (Example: 5/minute)</description> + </valueHelp> + <constraint> + <regex>\d+/(second|minute|hour|day)</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +<leafNode name="log"> + <properties> + <help>Option to log packets matching rule</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable log</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable log</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> +</leafNode> +<leafNode name="log"> + <properties> + <help>Option to log packets matching rule</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable log</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable log</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> +</leafNode> +#include <include/firewall/rule-log-options.xml.i> +<node name="connection-status"> + <properties> + <help>Connection status</help> + </properties> + <children> + <leafNode name="nat"> + <properties> + <help>NAT connection status</help> + <completionHelp> + <list>destination source</list> + </completionHelp> + <valueHelp> + <format>destination</format> + <description>Match connections that are subject to destination NAT</description> + </valueHelp> + <valueHelp> + <format>source</format> + <description>Match connections that are subject to source NAT</description> + </valueHelp> + <constraint> + <regex>(destination|source)</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +<leafNode name="protocol"> + <properties> + <help>Protocol to match (protocol name, number, or "all")</help> + <completionHelp> + <script>${vyos_completion_dir}/list_protocols.sh</script> + <list>all tcp_udp</list> + </completionHelp> + <valueHelp> + <format>all</format> + <description>All IP protocols</description> + </valueHelp> + <valueHelp> + <format>tcp_udp</format> + <description>Both TCP and UDP</description> + </valueHelp> + <valueHelp> + <format>u32:0-255</format> + <description>IP protocol number</description> + </valueHelp> + <valueHelp> + <format><protocol></format> + <description>IP protocol name</description> + </valueHelp> + <valueHelp> + <format>!<protocol></format> + <description>IP protocol name</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> +</leafNode> +<node name="recent"> + <properties> + <help>Parameters for matching recently seen sources</help> + </properties> + <children> + <leafNode name="count"> + <properties> + <help>Source addresses seen more than N times</help> + <valueHelp> + <format>u32:1-255</format> + <description>Source addresses seen more than N times</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time"> + <properties> + <help>Source addresses seen in the last second/minute/hour</help> + <completionHelp> + <list>second minute hour</list> + </completionHelp> + <valueHelp> + <format>second</format> + <description>Source addresses seen COUNT times in the last second</description> + </valueHelp> + <valueHelp> + <format>minute</format> + <description>Source addresses seen COUNT times in the last minute</description> + </valueHelp> + <valueHelp> + <format>hour</format> + <description>Source addresses seen COUNT times in the last hour</description> + </valueHelp> + <constraint> + <regex>(second|minute|hour)</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="state"> + <properties> + <help>Session state</help> + </properties> + <children> + <leafNode name="established"> + <properties> + <help>Established state</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="invalid"> + <properties> + <help>Invalid state</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="new"> + <properties> + <help>New state</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="related"> + <properties> + <help>Related state</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +#include <include/firewall/tcp-flags.xml.i> +<node name="time"> + <properties> + <help>Time to match rule</help> + </properties> + <children> + <leafNode name="startdate"> + <properties> + <help>Date to start matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter date using following notation - YYYY-MM-DD</description> + </valueHelp> + <constraint> + <regex>(\d{4}\-\d{2}\-\d{2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="starttime"> + <properties> + <help>Time of day to start matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter time using using 24 hour notation - hh:mm:ss</description> + </valueHelp> + <constraint> + <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="stopdate"> + <properties> + <help>Date to stop matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter date using following notation - YYYY-MM-DD</description> + </valueHelp> + <constraint> + <regex>(\d{4}\-\d{2}\-\d{2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="stoptime"> + <properties> + <help>Time of day to stop matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter time using using 24 hour notation - hh:mm:ss</description> + </valueHelp> + <constraint> + <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="weekdays"> + <properties> + <help>Comma separated weekdays to match rule on</help> + <valueHelp> + <format>txt</format> + <description>Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday)</description> + </valueHelp> + <valueHelp> + <format>u32:0-6</format> + <description>Day number (0 = Sunday ... 6 = Saturday)</description> + </valueHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i new file mode 100644 index 000000000..a1071a09a --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i @@ -0,0 +1,331 @@ +<!-- include start from firewall/common-rule-ipv4-raw.xml.i --> +#include <include/firewall/action-and-notrack.xml.i> +#include <include/generic-description.xml.i> +#include <include/firewall/dscp.xml.i> +#include <include/firewall/ttl.xml.i> +#include <include/firewall/nft-queue.xml.i> +<node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/address-mask.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group.xml.i> + </children> +</node> +<leafNode name="disable"> + <properties> + <help>Option to disable firewall rule</help> + <valueless/> + </properties> +</leafNode> +<node name="fragment"> + <properties> + <help>IP fragment match</help> + </properties> + <children> + <leafNode name="match-frag"> + <properties> + <help>Second and further fragments of fragmented packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-non-frag"> + <properties> + <help>Head fragments or unfragmented packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="icmp"> + <properties> + <help>ICMP type and code information</help> + </properties> + <children> + <leafNode name="code"> + <properties> + <help>ICMP code</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMP code (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>ICMP type</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMP type (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + #include <include/firewall/icmp-type-name.xml.i> + </children> +</node> +<node name="ipsec"> + <properties> + <help>Inbound IPsec packets</help> + </properties> + <children> + <leafNode name="match-ipsec"> + <properties> + <help>Inbound IPsec packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none"> + <properties> + <help>Inbound non-IPsec packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="limit"> + <properties> + <help>Rate limit using a token bucket filter</help> + </properties> + <children> + <leafNode name="burst"> + <properties> + <help>Maximum number of packets to allow in excess of rate</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>Maximum number of packets to allow in excess of rate</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="rate"> + <properties> + <help>Maximum average matching rate</help> + <valueHelp> + <format>txt</format> + <description>integer/unit (Example: 5/minute)</description> + </valueHelp> + <constraint> + <regex>\d+/(second|minute|hour|day)</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +<leafNode name="log"> + <properties> + <help>Option to log packets matching rule</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable log</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable log</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> +</leafNode> +#include <include/firewall/rule-log-options.xml.i> +<node name="connection-status"> + <properties> + <help>Connection status</help> + </properties> + <children> + <leafNode name="nat"> + <properties> + <help>NAT connection status</help> + <completionHelp> + <list>destination source</list> + </completionHelp> + <valueHelp> + <format>destination</format> + <description>Match connections that are subject to destination NAT</description> + </valueHelp> + <valueHelp> + <format>source</format> + <description>Match connections that are subject to source NAT</description> + </valueHelp> + <constraint> + <regex>(destination|source)</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +<leafNode name="protocol"> + <properties> + <help>Protocol to match (protocol name, number, or "all")</help> + <completionHelp> + <script>${vyos_completion_dir}/list_protocols.sh</script> + <list>all tcp_udp</list> + </completionHelp> + <valueHelp> + <format>all</format> + <description>All IP protocols</description> + </valueHelp> + <valueHelp> + <format>tcp_udp</format> + <description>Both TCP and UDP</description> + </valueHelp> + <valueHelp> + <format>u32:0-255</format> + <description>IP protocol number</description> + </valueHelp> + <valueHelp> + <format><protocol></format> + <description>IP protocol name</description> + </valueHelp> + <valueHelp> + <format>!<protocol></format> + <description>IP protocol name</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> +</leafNode> +<node name="recent"> + <properties> + <help>Parameters for matching recently seen sources</help> + </properties> + <children> + <leafNode name="count"> + <properties> + <help>Source addresses seen more than N times</help> + <valueHelp> + <format>u32:1-255</format> + <description>Source addresses seen more than N times</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time"> + <properties> + <help>Source addresses seen in the last second/minute/hour</help> + <completionHelp> + <list>second minute hour</list> + </completionHelp> + <valueHelp> + <format>second</format> + <description>Source addresses seen COUNT times in the last second</description> + </valueHelp> + <valueHelp> + <format>minute</format> + <description>Source addresses seen COUNT times in the last minute</description> + </valueHelp> + <valueHelp> + <format>hour</format> + <description>Source addresses seen COUNT times in the last hour</description> + </valueHelp> + <constraint> + <regex>(second|minute|hour)</regex> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/address-mask.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group.xml.i> + </children> +</node> +#include <include/firewall/tcp-flags.xml.i> +<node name="time"> + <properties> + <help>Time to match rule</help> + </properties> + <children> + <leafNode name="startdate"> + <properties> + <help>Date to start matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter date using following notation - YYYY-MM-DD</description> + </valueHelp> + <constraint> + <regex>(\d{4}\-\d{2}\-\d{2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="starttime"> + <properties> + <help>Time of day to start matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter time using using 24 hour notation - hh:mm:ss</description> + </valueHelp> + <constraint> + <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="stopdate"> + <properties> + <help>Date to stop matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter date using following notation - YYYY-MM-DD</description> + </valueHelp> + <constraint> + <regex>(\d{4}\-\d{2}\-\d{2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="stoptime"> + <properties> + <help>Time of day to stop matching rule</help> + <valueHelp> + <format>txt</format> + <description>Enter time using using 24 hour notation - hh:mm:ss</description> + </valueHelp> + <constraint> + <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="weekdays"> + <properties> + <help>Comma separated weekdays to match rule on</help> + <valueHelp> + <format>txt</format> + <description>Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday)</description> + </valueHelp> + <valueHelp> + <format>u32:0-6</format> + <description>Day number (0 = Sunday ... 6 = Saturday)</description> + </valueHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-ipv4.xml.i b/interface-definitions/include/firewall/common-rule-ipv4.xml.i new file mode 100644 index 000000000..4ed179ae7 --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-ipv4.xml.i @@ -0,0 +1,72 @@ +<!-- include start from firewall/common-rule-ipv4.xml.i --> +#include <include/firewall/common-rule-inet.xml.i> +#include <include/firewall/ttl.xml.i> +<node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/address-mask.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group.xml.i> + </children> +</node> +<node name="icmp"> + <properties> + <help>ICMP type and code information</help> + </properties> + <children> + <leafNode name="code"> + <properties> + <help>ICMP code</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMP code (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>ICMP type</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMP type (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + #include <include/firewall/icmp-type-name.xml.i> + </children> +</node> +<leafNode name="jump-target"> + <properties> + <help>Set jump target. Action jump must be defined to use this setting</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> +</leafNode> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address.xml.i> + #include <include/firewall/address-mask.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule-ipv6.xml.i b/interface-definitions/include/firewall/common-rule-ipv6.xml.i new file mode 100644 index 000000000..6219557db --- /dev/null +++ b/interface-definitions/include/firewall/common-rule-ipv6.xml.i @@ -0,0 +1,72 @@ +<!-- include start from firewall/common-rule-ipv6.xml.i --> +#include <include/firewall/common-rule-inet.xml.i> +#include <include/firewall/hop-limit.xml.i> +<node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/address-mask-ipv6.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group-ipv6.xml.i> + </children> +</node> +<node name="icmpv6"> + <properties> + <help>ICMPv6 type and code information</help> + </properties> + <children> + <leafNode name="code"> + <properties> + <help>ICMPv6 code</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMPv6 code (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>ICMPv6 type</help> + <valueHelp> + <format>u32:0-255</format> + <description>ICMPv6 type (0-255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-255"/> + </constraint> + </properties> + </leafNode> + #include <include/firewall/icmpv6-type-name.xml.i> + </children> +</node> +<leafNode name="jump-target"> + <properties> + <help>Set jump target. Action jump must be defined to use this setting</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> +</leafNode> +<node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address-ipv6.xml.i> + #include <include/firewall/address-mask-ipv6.xml.i> + #include <include/firewall/fqdn.xml.i> + #include <include/firewall/geoip.xml.i> + #include <include/firewall/mac-address.xml.i> + #include <include/firewall/port.xml.i> + #include <include/firewall/source-destination-group-ipv6.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i index 75ad427f9..7417a3c58 100644 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -1,6 +1,14 @@ <!-- include start from firewall/common-rule.xml.i --> #include <include/firewall/action.xml.i> #include <include/generic-description.xml.i> +<node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/mac-address.xml.i> + </children> +</node> <leafNode name="disable"> <properties> <help>Option to disable firewall rule</help> @@ -26,14 +34,22 @@ </leafNode> </children> </node> -<leafNode name="inbound-interface"> +<node name="inbound-interface"> <properties> <help>Match inbound-interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> - </completionHelp> </properties> -</leafNode> + <children> + #include <include/firewall/match-interface.xml.i> + </children> +</node> +<node name="outbound-interface"> + <properties> + <help>Match outbound-interface</help> + </properties> + <children> + #include <include/firewall/match-interface.xml.i> + </children> +</node> <node name="ipsec"> <properties> <help>Inbound IPsec packets</help> @@ -103,7 +119,7 @@ </constraint> </properties> </leafNode> -#include <include/firewall/rule-log-level.xml.i> +#include <include/firewall/rule-log-options.xml.i> <node name="connection-status"> <properties> <help>Connection status</help> @@ -130,14 +146,6 @@ </leafNode> </children> </node> -<leafNode name="outbound-interface"> - <properties> - <help>Match outbound-interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> - </completionHelp> - </properties> -</leafNode> <leafNode name="protocol"> <properties> <help>Protocol to match (protocol name, number, or "all")</help> diff --git a/interface-definitions/include/firewall/connection-mark.xml.i b/interface-definitions/include/firewall/connection-mark.xml.i new file mode 100644 index 000000000..69f7fe62c --- /dev/null +++ b/interface-definitions/include/firewall/connection-mark.xml.i @@ -0,0 +1,15 @@ +<!-- include start from firewall/connection-mark.xml.i --> +<leafNode name="connection-mark"> + <properties> + <help>Connection mark</help> + <valueHelp> + <format>u32:0-2147483647</format> + <description>Connection-mark to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/default-action-base-chains.xml.i b/interface-definitions/include/firewall/default-action-base-chains.xml.i new file mode 100644 index 000000000..aa62abf3d --- /dev/null +++ b/interface-definitions/include/firewall/default-action-base-chains.xml.i @@ -0,0 +1,22 @@ +<!-- include start from firewall/default-action-base-chains.xml.i --> +<leafNode name="default-action"> + <properties> + <help>Default-action for rule-set</help> + <completionHelp> + <list>drop accept</list> + </completionHelp> + <valueHelp> + <format>drop</format> + <description>Drop if no prior rules are hit</description> + </valueHelp> + <valueHelp> + <format>accept</format> + <description>Accept if no prior rules are hit</description> + </valueHelp> + <constraint> + <regex>(drop|accept)</regex> + </constraint> + </properties> + <defaultValue>accept</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/firewall-hashing-parameters.xml.i b/interface-definitions/include/firewall/firewall-hashing-parameters.xml.i new file mode 100644 index 000000000..7f34de3ba --- /dev/null +++ b/interface-definitions/include/firewall/firewall-hashing-parameters.xml.i @@ -0,0 +1,35 @@ +<!-- include start from firewall/firewall-hashing-parameters.xml.i --> +<leafNode name="hash"> + <properties> + <help>Define the parameters of the packet header to apply the hashing</help> + <completionHelp> + <list>source-address destination-address source-port destination-port random</list> + </completionHelp> + <valueHelp> + <format>source-address</format> + <description>Use source IP address for hashing</description> + </valueHelp> + <valueHelp> + <format>destination-address</format> + <description>Use destination IP address for hashing</description> + </valueHelp> + <valueHelp> + <format>source-port</format> + <description>Use source port for hashing</description> + </valueHelp> + <valueHelp> + <format>destination-port</format> + <description>Use destination port for hashing</description> + </valueHelp> + <valueHelp> + <format>random</format> + <description>Do not use information from ip header. Use random value.</description> + </valueHelp> + <constraint> + <regex>(source-address|destination-address|source-port|destination-port|random)</regex> + </constraint> + <multi/> + </properties> + <defaultValue>random</defaultValue> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/fwmark.xml.i b/interface-definitions/include/firewall/fwmark.xml.i new file mode 100644 index 000000000..4607ef58f --- /dev/null +++ b/interface-definitions/include/firewall/fwmark.xml.i @@ -0,0 +1,14 @@ +<!-- include start from firewall/fwmark.xml.i --> +<leafNode name="fwmark"> + <properties> + <help>Match fwmark value</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Match firewall mark value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i new file mode 100644 index 000000000..e655cd6ac --- /dev/null +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -0,0 +1,276 @@ +<!-- include start from firewall/global-options.xml.i --> +<node name="global-options"> + <properties> + <help>Global Options</help> + </properties> + <children> + <leafNode name="all-ping"> + <properties> + <help>Policy for handling of all IPv4 ICMP echo requests</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of all IPv4 ICMP echo requests</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of all IPv4 ICMP echo requests</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>enable</defaultValue> + </leafNode> + <leafNode name="broadcast-ping"> + <properties> + <help>Policy for handling broadcast IPv4 ICMP echo and timestamp requests</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of broadcast IPv4 ICMP echo/timestamp requests</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of broadcast IPv4 ICMP echo/timestamp requests</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="ip-src-route"> + <properties> + <help>Policy for handling IPv4 packets with source route option</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of IPv4 packets with source route option</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of IPv4 packets with source route option</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="log-martians"> + <properties> + <help>Policy for logging IPv4 packets with invalid addresses</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable logging of IPv4 packets with invalid addresses</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable logging of Ipv4 packets with invalid addresses</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>enable</defaultValue> + </leafNode> + <leafNode name="receive-redirects"> + <properties> + <help>Policy for handling received IPv4 ICMP redirect messages</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of received IPv4 ICMP redirect messages</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of received IPv4 ICMP redirect messages</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="resolver-cache"> + <properties> + <help>Retains last successful value if domain resolution fails</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="resolver-interval"> + <properties> + <help>Domain resolver update interval</help> + <valueHelp> + <format>u32:10-3600</format> + <description>Interval (seconds)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-3600"/> + </constraint> + </properties> + <defaultValue>300</defaultValue> + </leafNode> + <leafNode name="send-redirects"> + <properties> + <help>Policy for sending IPv4 ICMP redirect messages</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable sending IPv4 ICMP redirect messages</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable sending IPv4 ICMP redirect messages</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>enable</defaultValue> + </leafNode> + <leafNode name="source-validation"> + <properties> + <help>Policy for IPv4 source validation by reversed path, as specified in RFC3704</help> + <completionHelp> + <list>strict loose disable</list> + </completionHelp> + <valueHelp> + <format>strict</format> + <description>Enable IPv4 Strict Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>loose</format> + <description>Enable IPv4 Loose Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>No IPv4 source validation</description> + </valueHelp> + <constraint> + <regex>(strict|loose|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="syn-cookies"> + <properties> + <help>Policy for using TCP SYN cookies with IPv4</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable use of TCP SYN cookies with IPv4</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable use of TCP SYN cookies with IPv4</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>enable</defaultValue> + </leafNode> + <leafNode name="twa-hazards-protection"> + <properties> + <help>RFC1337 TCP TIME-WAIT assasination hazards protection</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable RFC1337 TIME-WAIT hazards protection</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable RFC1337 TIME-WAIT hazards protection</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="ipv6-receive-redirects"> + <properties> + <help>Policy for handling received ICMPv6 redirect messages</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of received ICMPv6 redirect messages</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of received ICMPv6 redirect messages</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="ipv6-source-validation"> + <properties> + <help>Policy for IPv6 source validation by reversed path, as specified in RFC3704</help> + <completionHelp> + <list>strict loose disable</list> + </completionHelp> + <valueHelp> + <format>strict</format> + <description>Enable IPv6 Strict Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>loose</format> + <description>Enable IPv6 Loose Reverse Path Forwarding as defined in RFC3704</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>No IPv6 source validation</description> + </valueHelp> + <constraint> + <regex>(strict|loose|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + <leafNode name="ipv6-src-route"> + <properties> + <help>Policy for handling IPv6 packets with routing extension header</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable processing of IPv6 packets with routing header type 2</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable processing of IPv6 packets with routing header</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + </properties> + <defaultValue>disable</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/inbound-interface.xml.i b/interface-definitions/include/firewall/inbound-interface.xml.i new file mode 100644 index 000000000..13df71de3 --- /dev/null +++ b/interface-definitions/include/firewall/inbound-interface.xml.i @@ -0,0 +1,10 @@ +<!-- include start from firewall/inbound-interface.xml.i --> +<node name="inbound-interface"> + <properties> + <help>Match inbound-interface</help> + </properties> + <children> + #include <include/firewall/match-interface.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv4-custom-name.xml.i b/interface-definitions/include/firewall/ipv4-custom-name.xml.i new file mode 100644 index 000000000..9d6ecfaf2 --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-custom-name.xml.i @@ -0,0 +1,41 @@ +<!-- include start from firewall/ipv4-custom-name.xml.i --> +<tagNode name="name"> + <properties> + <help>IPv4 custom firewall</help> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/firewall/default-action.xml.i> + #include <include/firewall/enable-default-log.xml.i> + #include <include/generic-description.xml.i> + <leafNode name="default-jump-target"> + <properties> + <help>Set jump target. Action jump must be defined in default-action to use this setting</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall custom rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv4.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> +</tagNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i new file mode 100644 index 000000000..08ee96419 --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i @@ -0,0 +1,36 @@ +<!-- include start from firewall/ipv4-hook-forward.xml.i --> +<node name="forward"> + <properties> + <help>IPv4 forward firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv4 firewall forward filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall forward filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv4.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i new file mode 100644 index 000000000..32b0ec94f --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i @@ -0,0 +1,35 @@ +<!-- include start from firewall/ipv4-hook-input.xml.i --> +<node name="input"> + <properties> + <help>IPv4 input firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv4 firewall input filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall input filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv4.xml.i> + #include <include/firewall/inbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i new file mode 100644 index 000000000..d50d1e93b --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i @@ -0,0 +1,35 @@ +<!-- include start from firewall/ipv4-hook-output.xml.i --> +<node name="output"> + <properties> + <help>IPv4 output firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv4 firewall output filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall output filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv4.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i b/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i new file mode 100644 index 000000000..c38918375 --- /dev/null +++ b/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i @@ -0,0 +1,85 @@ +<!-- include start from firewall/ipv4-hook-prerouting.xml.i --> +<node name="prerouting"> + <properties> + <help>IPv4 prerouting firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv4 firewall prerouting filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall prerouting filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv4.xml.i> + #include <include/firewall/inbound-interface.xml.i> + <leafNode name="jump-target"> + <properties> + <help>Set jump target. Action jump must be defined to use this setting</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <node name="raw"> + <properties> + <help>IPv4 firewall prerouting raw</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/generic-description.xml.i> + <leafNode name="default-jump-target"> + <properties> + <help>Set jump target. Action jump must be defined in default-action to use this setting</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + <tagNode name="rule"> + <properties> + <help>IPv4 Firewall prerouting raw rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv4-raw.xml.i> + #include <include/firewall/inbound-interface.xml.i> + <leafNode name="jump-target"> + <properties> + <help>Set jump target. Action jump must be defined to use this setting</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv6-custom-name.xml.i b/interface-definitions/include/firewall/ipv6-custom-name.xml.i new file mode 100644 index 000000000..81610babf --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-custom-name.xml.i @@ -0,0 +1,41 @@ +<!-- include start from firewall/ipv6-custom-name.xml.i --> +<tagNode name="name"> + <properties> + <help>IPv6 custom firewall</help> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/firewall/default-action.xml.i> + #include <include/firewall/enable-default-log.xml.i> + #include <include/generic-description.xml.i> + <leafNode name="default-jump-target"> + <properties> + <help>Set jump target. Action jump must be defined in default-action to use this setting</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> + </leafNode> + <tagNode name="rule"> + <properties> + <help>IPv6 Firewall custom rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv6.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> +</tagNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i new file mode 100644 index 000000000..20ab8dbe8 --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i @@ -0,0 +1,36 @@ +<!-- include start from firewall/ipv6-hook-forward.xml.i --> +<node name="forward"> + <properties> + <help>IPv6 forward firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv6 firewall forward filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv6 Firewall forward filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv6.xml.i> + #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i new file mode 100644 index 000000000..e34958f28 --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i @@ -0,0 +1,35 @@ +<!-- include start from firewall/ipv6-hook-input.xml.i --> +<node name="input"> + <properties> + <help>IPv6 input firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv6 firewall input filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv6 Firewall input filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv6.xml.i> + #include <include/firewall/inbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i new file mode 100644 index 000000000..eb4ea7ac3 --- /dev/null +++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i @@ -0,0 +1,35 @@ +<!-- include start from firewall/ipv6-hook-output.xml.i --> +<node name="output"> + <properties> + <help>IPv6 output firewall</help> + </properties> + <children> + <node name="filter"> + <properties> + <help>IPv6 firewall output filter</help> + </properties> + <children> + #include <include/firewall/default-action-base-chains.xml.i> + #include <include/generic-description.xml.i> + <tagNode name="rule"> + <properties> + <help>IPv6 Firewall output filter rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/firewall/common-rule-ipv6.xml.i> + #include <include/firewall/outbound-interface.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i new file mode 100644 index 000000000..7810f88ab --- /dev/null +++ b/interface-definitions/include/firewall/match-interface.xml.i @@ -0,0 +1,41 @@ +<!-- include start from firewall/match-interface.xml.i --> +<leafNode name="interface-name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name-with-wildcard-and-inverted.xml.i> + </constraint> + </properties> +</leafNode> +<leafNode name="interface-group"> + <properties> + <help>Match interface-group</help> + <completionHelp> + <path>firewall group interface-group</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface-group name to match</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface-group name to match</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/nat-balance.xml.i b/interface-definitions/include/firewall/nat-balance.xml.i new file mode 100644 index 000000000..01793f06b --- /dev/null +++ b/interface-definitions/include/firewall/nat-balance.xml.i @@ -0,0 +1,28 @@ +<!-- include start from firewall/nat-balance.xml.i --> +<tagNode name="backend"> + <properties> + <help>Translated IP address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="weight"> + <properties> + <help>Set probability for this output value</help> + <valueHelp> + <format>u32:1-100</format> + <description>Set probability for this output value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 1-100"/> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/nft-queue.xml.i b/interface-definitions/include/firewall/nft-queue.xml.i new file mode 100644 index 000000000..8799eac74 --- /dev/null +++ b/interface-definitions/include/firewall/nft-queue.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/nft-queue.xml.i --> +<leafNode name="queue"> + <properties> + <help>Queue target to use. Action queue must be defined to use this setting</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Queue target</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-65535"/> + </constraint> + </properties> +</leafNode> +<leafNode name="queue-options"> + <properties> + <help>Options used for queue target. Action queue must be defined to use this setting</help> + <completionHelp> + <list>bypass fanout</list> + </completionHelp> + <valueHelp> + <format>bypass</format> + <description>Let packets go through if userspace application cannot back off</description> + </valueHelp> + <valueHelp> + <format>fanout</format> + <description>Distribute packets between several queues</description> + </valueHelp> + <constraint> + <regex>(bypass|fanout)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/outbound-interface.xml.i b/interface-definitions/include/firewall/outbound-interface.xml.i new file mode 100644 index 000000000..8654dfd80 --- /dev/null +++ b/interface-definitions/include/firewall/outbound-interface.xml.i @@ -0,0 +1,10 @@ +<!-- include start from firewall/outbound-interface.xml.i --> +<node name="outbound-interface"> + <properties> + <help>Match outbound-interface</help> + </properties> + <children> + #include <include/firewall/match-interface.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/packet-length.xml.i b/interface-definitions/include/firewall/packet-options.xml.i index fd2eb67b0..cd94e69c2 100644 --- a/interface-definitions/include/firewall/packet-length.xml.i +++ b/interface-definitions/include/firewall/packet-options.xml.i @@ -1,4 +1,4 @@ -<!-- include start from firewall/packet-length.xml.i --> +<!-- include start from firewall/packet-options.xml.i --> <leafNode name="packet-length"> <properties> <help>Payload size in bytes, including header and data to match</help> @@ -33,4 +33,31 @@ <multi/> </properties> </leafNode> +<leafNode name="packet-type"> + <properties> + <help>Packet type</help> + <completionHelp> + <list>broadcast host multicast other</list> + </completionHelp> + <valueHelp> + <format>broadcast</format> + <description>Match broadcast packet type</description> + </valueHelp> + <valueHelp> + <format>host</format> + <description>Match host packet type, addressed to local host</description> + </valueHelp> + <valueHelp> + <format>multicast</format> + <description>Match multicast packet type</description> + </valueHelp> + <valueHelp> + <format>other</format> + <description>Match packet addressed to another host</description> + </valueHelp> + <constraint> + <regex>(broadcast|host|multicast|other)</regex> + </constraint> + </properties> +</leafNode> <!-- include end --> diff --git a/interface-definitions/include/firewall/rule-log-level.xml.i b/interface-definitions/include/firewall/rule-log-level.xml.i index 10c8de5e3..3ac473844 100644 --- a/interface-definitions/include/firewall/rule-log-level.xml.i +++ b/interface-definitions/include/firewall/rule-log-level.xml.i @@ -1,4 +1,4 @@ -<!-- include start from firewall/common-rule.xml.i --> +<!-- include start from firewall/rule-log-level.xml.i --> <leafNode name="log-level"> <properties> <help>Set log-level. Log must be enable.</help> diff --git a/interface-definitions/include/firewall/rule-log-options.xml.i b/interface-definitions/include/firewall/rule-log-options.xml.i new file mode 100644 index 000000000..e8b0cdec3 --- /dev/null +++ b/interface-definitions/include/firewall/rule-log-options.xml.i @@ -0,0 +1,89 @@ +<!-- include start from firewall/rule-log-options.xml.i --> +<node name="log-options"> + <properties> + <help>Log options</help> + </properties> + <children> + <leafNode name="group"> + <properties> + <help>Set log group</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Log group to send messages to</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="snapshot-length"> + <properties> + <help>Length of packet payload to include in netlink message</help> + <valueHelp> + <format>u32:0-9000</format> + <description>Length of packet payload to include in netlink message</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-9000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="queue-threshold"> + <properties> + <help>Number of packets to queue inside the kernel before sending them to userspace</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Number of packets to queue inside the kernel before sending them to userspace</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="level"> + <properties> + <help>Set log-level</help> + <completionHelp> + <list>emerg alert crit err warn notice info debug</list> + </completionHelp> + <valueHelp> + <format>emerg</format> + <description>Emerg log level</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Alert log level</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical log level</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error log level</description> + </valueHelp> + <valueHelp> + <format>warn</format> + <description>Warning log level</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Notice log level</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Info log level</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug log level</description> + </valueHelp> + <constraint> + <regex>(emerg|alert|crit|err|warn|notice|info|debug)</regex> + </constraint> + <constraintErrorMessage>level must be alert, crit, debug, emerg, err, info, notice or warn</constraintErrorMessage> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i b/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i new file mode 100644 index 000000000..8c34fb933 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-group-ipv4.xml.i @@ -0,0 +1,41 @@ +<!-- include start from firewall/source-destination-group-ipv4.xml.i --> +<node name="group"> + <properties> + <help>Group</help> + </properties> + <children> + <leafNode name="address-group"> + <properties> + <help>Group of addresses</help> + <completionHelp> + <path>firewall group address-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="domain-group"> + <properties> + <help>Group of domains</help> + <completionHelp> + <path>firewall group domain-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="network-group"> + <properties> + <help>Group of networks</help> + <completionHelp> + <path>firewall group network-group</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="port-group"> + <properties> + <help>Group of ports</help> + <completionHelp> + <path>firewall group port-group</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/generic-description.xml.i b/interface-definitions/include/generic-description.xml.i index 03fc564e6..63e5e174e 100644 --- a/interface-definitions/include/generic-description.xml.i +++ b/interface-definitions/include/generic-description.xml.i @@ -6,6 +6,10 @@ <format>txt</format> <description>Description</description> </valueHelp> + <constraint> + <regex>[[:ascii:]]{0,256}</regex> + </constraint> + <constraintErrorMessage>Description too long (limit 256 characters)</constraintErrorMessage> </properties> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/generic-interface-broadcast.xml.i b/interface-definitions/include/generic-interface-broadcast.xml.i index af35a888b..e37e75012 100644 --- a/interface-definitions/include/generic-interface-broadcast.xml.i +++ b/interface-definitions/include/generic-interface-broadcast.xml.i @@ -1,16 +1,16 @@ <!-- include start from generic-interface-broadcast.xml.i --> <leafNode name="interface"> <properties> - <help>Interface Name to use</help> + <help>Interface to use</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py --broadcast</script> + <script>${vyos_completion_dir}/list_interfaces --broadcast</script> </completionHelp> <valueHelp> <format>txt</format> <description>Interface name</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/generic-interface-multi-broadcast.xml.i b/interface-definitions/include/generic-interface-multi-broadcast.xml.i index 1ae38fb43..ed13cf2cf 100644 --- a/interface-definitions/include/generic-interface-multi-broadcast.xml.i +++ b/interface-definitions/include/generic-interface-multi-broadcast.xml.i @@ -1,16 +1,16 @@ <!-- include start from generic-interface-multi-broadcast.xml.i --> <leafNode name="interface"> <properties> - <help>Interface Name to use</help> + <help>Interface to use</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py --broadcast</script> + <script>${vyos_completion_dir}/list_interfaces --broadcast</script> </completionHelp> <valueHelp> <format>txt</format> <description>Interface name</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/generic-interface-multi-wildcard.xml.i b/interface-definitions/include/generic-interface-multi-wildcard.xml.i new file mode 100644 index 000000000..6c846a795 --- /dev/null +++ b/interface-definitions/include/generic-interface-multi-wildcard.xml.i @@ -0,0 +1,18 @@ +<!-- include start from generic-interface-multi-wildcard.xml.i --> +<leafNode name="interface"> + <properties> + <help>Interface to use</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name, wildcard (*) supported</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name-with-wildcard.xml.i> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/generic-interface-multi.xml.i b/interface-definitions/include/generic-interface-multi.xml.i index 16916ff54..cfc77af3a 100644 --- a/interface-definitions/include/generic-interface-multi.xml.i +++ b/interface-definitions/include/generic-interface-multi.xml.i @@ -3,14 +3,14 @@ <properties> <help>Interface to use</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>txt</format> <description>Interface name</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/generic-interface.xml.i b/interface-definitions/include/generic-interface.xml.i index 36ddee417..65f5bfbb8 100644 --- a/interface-definitions/include/generic-interface.xml.i +++ b/interface-definitions/include/generic-interface.xml.i @@ -3,14 +3,14 @@ <properties> <help>Interface to use</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>txt</format> <description>Interface name</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/generic-password.xml.i b/interface-definitions/include/generic-password.xml.i new file mode 100644 index 000000000..76d5f12d8 --- /dev/null +++ b/interface-definitions/include/generic-password.xml.i @@ -0,0 +1,15 @@ +<!-- include start from generic-password.xml.i --> +<leafNode name="password"> + <properties> + <help>Password used for authentication</help> + <valueHelp> + <format>txt</format> + <description>Password</description> + </valueHelp> + <constraint> + <regex>[[:ascii:]]{1,128}</regex> + </constraint> + <constraintErrorMessage>Password is limited to ASCII characters only, with a total length of 128</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/generic-username.xml.i b/interface-definitions/include/generic-username.xml.i new file mode 100644 index 000000000..678f30ddf --- /dev/null +++ b/interface-definitions/include/generic-username.xml.i @@ -0,0 +1,15 @@ +<!-- include start from generic-username.xml.i --> +<leafNode name="username"> + <properties> + <help>Username used for authentication</help> + <valueHelp> + <format>txt</format> + <description>Username</description> + </valueHelp> + <constraint> + <regex>[[:ascii:]]{1,128}</regex> + </constraint> + <constraintErrorMessage>Username is limited to ASCII characters only, with a total length of 128</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/mode.xml.i b/interface-definitions/include/haproxy/mode.xml.i new file mode 100644 index 000000000..672ea65b4 --- /dev/null +++ b/interface-definitions/include/haproxy/mode.xml.i @@ -0,0 +1,22 @@ +<!-- include start from haproxy/mode.xml.i --> +<leafNode name="mode"> + <properties> + <help>Proxy mode</help> + <completionHelp> + <list>http tcp</list> + </completionHelp> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>http</format> + <description>HTTP proxy mode</description> + </valueHelp> + <valueHelp> + <format>tcp</format> + <description>TCP proxy mode</description> + </valueHelp> + <constraint> + <regex>(http|tcp)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/rule-backend.xml.i b/interface-definitions/include/haproxy/rule-backend.xml.i new file mode 100644 index 000000000..a6832d693 --- /dev/null +++ b/interface-definitions/include/haproxy/rule-backend.xml.i @@ -0,0 +1,131 @@ +<!-- include start from haproxy/rule.xml.i --> +<tagNode name="rule"> + <properties> + <help>Proxy rule number</help> + <valueHelp> + <format>u32:1-10000</format> + <description>Number for this proxy rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10000"/> + </constraint> + <constraintErrorMessage>Proxy rule number must be between 1 and 10000</constraintErrorMessage> + </properties> + <children> + <leafNode name="domain-name"> + <properties> + <help>Domain name to match</help> + <valueHelp> + <format>txt</format> + <description>Domain address to match</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="set"> + <properties> + <help>Proxy modifications</help> + </properties> + <children> + <leafNode name="redirect-location"> + <properties> + <help>Set URL location</help> + <valueHelp> + <format>url</format> + <description>Set URL location</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="server"> + <properties> + <help>Server name</help> + <constraint> + <regex>[-_a-zA-Z0-9]+</regex> + </constraint> + <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <leafNode name="ssl"> + <properties> + <help>SSL match options</help> + <completionHelp> + <list>req-ssl-sni ssl-fc-sni</list> + </completionHelp> + <valueHelp> + <format>req-ssl-sni</format> + <description>SSL Server Name Indication (SNI) request match</description> + </valueHelp> + <valueHelp> + <format>ssl-fc-sni</format> + <description>SSL frontend connection Server Name Indication match</description> + </valueHelp> + <valueHelp> + <format>ssl-fc-sni-end</format> + <description>SSL frontend match end of connection Server Name Indication</description> + </valueHelp> + <constraint> + <regex>(req-ssl-sni|ssl-fc-sni|ssl-fc-sni-end)</regex> + </constraint> + </properties> + </leafNode> + <node name="url-path"> + <properties> + <help>URL path match</help> + </properties> + <children> + <leafNode name="begin"> + <properties> + <help>Begin URL match</help> + <valueHelp> + <format>url</format> + <description>Begin URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="end"> + <properties> + <help>End URL match</help> + <valueHelp> + <format>url</format> + <description>End URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="exact"> + <properties> + <help>Exactly URL match</help> + <valueHelp> + <format>url</format> + <description>Exactly URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/rule-frontend.xml.i b/interface-definitions/include/haproxy/rule-frontend.xml.i new file mode 100644 index 000000000..001ae2d80 --- /dev/null +++ b/interface-definitions/include/haproxy/rule-frontend.xml.i @@ -0,0 +1,131 @@ +<!-- include start from haproxy/rule.xml.i --> +<tagNode name="rule"> + <properties> + <help>Proxy rule number</help> + <valueHelp> + <format>u32:1-10000</format> + <description>Number for this proxy rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10000"/> + </constraint> + <constraintErrorMessage>Proxy rule number must be between 1 and 10000</constraintErrorMessage> + </properties> + <children> + <leafNode name="domain-name"> + <properties> + <help>Domain name to match</help> + <valueHelp> + <format>txt</format> + <description>Domain address to match</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="set"> + <properties> + <help>Proxy modifications</help> + </properties> + <children> + <leafNode name="redirect-location"> + <properties> + <help>Set URL location</help> + <valueHelp> + <format>url</format> + <description>Set URL location</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="backend"> + <properties> + <help>Backend name</help> + <constraint> + <regex>[-_a-zA-Z0-9]+</regex> + </constraint> + <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <leafNode name="ssl"> + <properties> + <help>SSL match options</help> + <completionHelp> + <list>req-ssl-sni ssl-fc-sni</list> + </completionHelp> + <valueHelp> + <format>req-ssl-sni</format> + <description>SSL Server Name Indication (SNI) request match</description> + </valueHelp> + <valueHelp> + <format>ssl-fc-sni</format> + <description>SSL frontend connection Server Name Indication match</description> + </valueHelp> + <valueHelp> + <format>ssl-fc-sni-end</format> + <description>SSL frontend match end of connection Server Name Indication</description> + </valueHelp> + <constraint> + <regex>(req-ssl-sni|ssl-fc-sni|ssl-fc-sni-end)</regex> + </constraint> + </properties> + </leafNode> + <node name="url-path"> + <properties> + <help>URL path match</help> + </properties> + <children> + <leafNode name="begin"> + <properties> + <help>Begin URL match</help> + <valueHelp> + <format>url</format> + <description>Begin URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="end"> + <properties> + <help>End URL match</help> + <valueHelp> + <format>url</format> + <description>End URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="exact"> + <properties> + <help>Exactly URL match</help> + <valueHelp> + <format>url</format> + <description>Exactly URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/timeout.xml.i b/interface-definitions/include/haproxy/timeout.xml.i new file mode 100644 index 000000000..250b35683 --- /dev/null +++ b/interface-definitions/include/haproxy/timeout.xml.i @@ -0,0 +1,45 @@ +<!-- include start from haproxy/timeout.xml.i --> +<node name="timeout"> + <properties> + <help>Tiemout options</help> + </properties> + <children> + <leafNode name="check"> + <properties> + <help>Timeout in seconds for established connections</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Check timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + </leafNode> + <leafNode name="connect"> + <properties> + <help>Set the maximum time to wait for a connection attempt to a server to succeed</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Connect timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + </leafNode> + <leafNode name="server"> + <properties> + <help>Set the maximum inactivity time on the server side</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Server timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/inbound-interface.xml.i b/interface-definitions/include/inbound-interface.xml.i index 3289bbf8f..422f9de75 100644 --- a/interface-definitions/include/inbound-interface.xml.i +++ b/interface-definitions/include/inbound-interface.xml.i @@ -4,7 +4,7 @@ <help>Inbound interface of NAT traffic</help> <completionHelp> <list>any</list> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> </properties> </leafNode> diff --git a/interface-definitions/include/interface/authentication.xml.i b/interface-definitions/include/interface/authentication.xml.i index c097ca9dd..0bd792209 100644 --- a/interface-definitions/include/interface/authentication.xml.i +++ b/interface-definitions/include/interface/authentication.xml.i @@ -4,24 +4,8 @@ <help>Authentication settings</help> </properties> <children> - <leafNode name="user"> - <properties> - <help>User name</help> - <valueHelp> - <format>txt</format> - <description>Username used for connection</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="password"> - <properties> - <help>Password</help> - <valueHelp> - <format>txt</format> - <description>Password used for connection</description> - </valueHelp> - </properties> - </leafNode> + #include <include/generic-username.xml.i> + #include <include/generic-password.xml.i> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/interface/description.xml.i b/interface-definitions/include/interface/description.xml.i deleted file mode 100644 index de01d22ca..000000000 --- a/interface-definitions/include/interface/description.xml.i +++ /dev/null @@ -1,11 +0,0 @@ -<!-- include start from interface/description.xml.i --> -<leafNode name="description"> - <properties> - <help>Interface specific description</help> - <constraint> - <regex>.{1,256}</regex> - </constraint> - <constraintErrorMessage>Description too long (limit 256 characters)</constraintErrorMessage> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/interface/dhcp-options.xml.i b/interface-definitions/include/interface/dhcp-options.xml.i index 2ed5fd403..8027769ff 100644 --- a/interface-definitions/include/interface/dhcp-options.xml.i +++ b/interface-definitions/include/interface/dhcp-options.xml.i @@ -12,6 +12,10 @@ <leafNode name="host-name"> <properties> <help>Override system host-name sent to DHCP server</help> + <constraint> + #include <include/constraint/host-name.xml.i> + </constraint> + <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> </properties> </leafNode> <leafNode name="mtu"> diff --git a/interface-definitions/include/interface/dhcpv6-options.xml.i b/interface-definitions/include/interface/dhcpv6-options.xml.i index c705af7c2..5ca1d525f 100644 --- a/interface-definitions/include/interface/dhcpv6-options.xml.i +++ b/interface-definitions/include/interface/dhcpv6-options.xml.i @@ -51,7 +51,7 @@ <properties> <help>Delegate IPv6 prefix from provider to this interface</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py --broadcast</script> + <script>${vyos_completion_dir}/list_interfaces --broadcast</script> </completionHelp> </properties> <children> @@ -95,6 +95,12 @@ <valueless/> </properties> </leafNode> + <leafNode name="no-release"> + <properties> + <help>Do not send a release message on client exit</help> + <valueless/> + </properties> + </leafNode> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/interface/eapol.xml.i b/interface-definitions/include/interface/eapol.xml.i index c4cdeae0c..a3206f2c7 100644 --- a/interface-definitions/include/interface/eapol.xml.i +++ b/interface-definitions/include/interface/eapol.xml.i @@ -4,7 +4,7 @@ <help>Extensible Authentication Protocol over Local Area Network</help> </properties> <children> - #include <include/pki/ca-certificate.xml.i> + #include <include/pki/ca-certificate-multi.xml.i> #include <include/pki/certificate-key.xml.i> </children> </node> diff --git a/interface-definitions/include/interface/inbound-interface.xml.i b/interface-definitions/include/interface/inbound-interface.xml.i index 5a8d47280..96ade331d 100644 --- a/interface-definitions/include/interface/inbound-interface.xml.i +++ b/interface-definitions/include/interface/inbound-interface.xml.i @@ -3,7 +3,7 @@ <properties> <help>Inbound Interface</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> </properties> </leafNode> diff --git a/interface-definitions/include/interface/ipv6-accept-dad.xml.i b/interface-definitions/include/interface/ipv6-accept-dad.xml.i new file mode 100644 index 000000000..7554b270a --- /dev/null +++ b/interface-definitions/include/interface/ipv6-accept-dad.xml.i @@ -0,0 +1,20 @@ +<!-- include start from interface/ipv6-accept-dad.xml.i --> +<leafNode name="accept-dad"> + <properties> + <help>Accept Duplicate Address Detection</help> + <valueHelp> + <format>0</format> + <description>Disable DAD</description> + </valueHelp> + <valueHelp> + <format>1</format> + <description>Enable DAD</description> + </valueHelp> + <valueHelp> + <format>2</format> + <description>Enable DAD - disable IPv6 if MAC-based duplicate link-local address found</description> + </valueHelp> + </properties> + <defaultValue>1</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i b/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i index babe6d20f..3b9294dd0 100644 --- a/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i +++ b/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i @@ -1,7 +1,7 @@ <!-- include start from interface/ipv6-dup-addr-detect-transmits.xml.i --> <leafNode name="dup-addr-detect-transmits"> <properties> - <help>Number of NS messages to send while performing DAD (default: 1)</help> + <help>Number of NS messages to send while performing DAD</help> <valueHelp> <format>u32:0</format> <description>Disable Duplicate Address Dectection (DAD)</description> @@ -14,5 +14,6 @@ <validator name="numeric" argument="--non-negative"/> </constraint> </properties> + <defaultValue>1</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i index f740ce0c2..edb4a74f9 100644 --- a/interface-definitions/include/interface/ipv6-options.xml.i +++ b/interface-definitions/include/interface/ipv6-options.xml.i @@ -6,8 +6,10 @@ <children> #include <include/interface/adjust-mss.xml.i> #include <include/interface/disable-forwarding.xml.i> + #include <include/interface/ipv6-accept-dad.xml.i> #include <include/interface/ipv6-address.xml.i> #include <include/interface/ipv6-dup-addr-detect-transmits.xml.i> + #include <include/interface/source-validation.xml.i> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/interface/mac-multi.xml.i b/interface-definitions/include/interface/mac-multi.xml.i new file mode 100644 index 000000000..458372e67 --- /dev/null +++ b/interface-definitions/include/interface/mac-multi.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/mac-multi.xml.i --> +<leafNode name="mac"> + <properties> + <help>Media Access Control (MAC) address</help> + <valueHelp> + <format>macaddr</format> + <description>Hardware (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/macsec-key.xml.i b/interface-definitions/include/interface/macsec-key.xml.i new file mode 100644 index 000000000..5a857a612 --- /dev/null +++ b/interface-definitions/include/interface/macsec-key.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/macsec-key.xml.i --> +<leafNode name="key"> + <properties> + <help>MACsec static key</help> + <valueHelp> + <format>txt</format> + <description>16-byte (128-bit) hex-string (32 hex-digits) for gcm-aes-128 or 32-byte (256-bit) hex-string (64 hex-digits) for gcm-aes-256</description> + </valueHelp> + <constraint> + <regex>[A-Fa-f0-9]{32}</regex> + <regex>[A-Fa-f0-9]{64}</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/mirror.xml.i b/interface-definitions/include/interface/mirror.xml.i index 2959551f0..903c62777 100644 --- a/interface-definitions/include/interface/mirror.xml.i +++ b/interface-definitions/include/interface/mirror.xml.i @@ -1,23 +1,31 @@ <!-- include start from interface/mirror.xml.i --> <node name="mirror"> <properties> - <help>Incoming/outgoing packet mirroring destination</help> + <help>Mirror ingress/egress packets</help> </properties> <children> <leafNode name="ingress"> <properties> - <help>Mirror the ingress traffic of the interface to the destination interface</help> + <help>Mirror ingress traffic to destination interface</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> + <valueHelp> + <format>txt</format> + <description>Destination interface name</description> + </valueHelp> </properties> </leafNode> <leafNode name="egress"> <properties> - <help>Mirror the egress traffic of the interface to the destination interface</help> + <help>Mirror egress traffic to destination interface</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> + <valueHelp> + <format>txt</format> + <description>Destination interface name</description> + </valueHelp> </properties> </leafNode> </children> diff --git a/interface-definitions/include/interface/netns.xml.i b/interface-definitions/include/interface/netns.xml.i index 39f9118fa..fd6da8f37 100644 --- a/interface-definitions/include/interface/netns.xml.i +++ b/interface-definitions/include/interface/netns.xml.i @@ -3,7 +3,7 @@ <properties> <help>Network namespace name</help> <valueHelp> - <format>text</format> + <format>txt</format> <description>Network namespace name</description> </valueHelp> <completionHelp> diff --git a/interface-definitions/include/interface/parameters-innerproto.xml.i b/interface-definitions/include/interface/parameters-innerproto.xml.i new file mode 100644 index 000000000..9cafebd11 --- /dev/null +++ b/interface-definitions/include/interface/parameters-innerproto.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/parameters-innerproto.xml.i --> +<leafNode name="innerproto"> + <properties> + <help>Use IPv4 as inner protocol instead of Ethernet</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/per-client-thread.xml.i b/interface-definitions/include/interface/per-client-thread.xml.i new file mode 100644 index 000000000..2fd19b5ce --- /dev/null +++ b/interface-definitions/include/interface/per-client-thread.xml.i @@ -0,0 +1,8 @@ +<!-- include start from interface/per-client-thread.xml.i --> +<leafNode name="per-client-thread"> + <properties> + <help>Process traffic from each client in a dedicated thread</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/redirect.xml.i b/interface-definitions/include/interface/redirect.xml.i index 8df8957ac..9b41cd8ff 100644 --- a/interface-definitions/include/interface/redirect.xml.i +++ b/interface-definitions/include/interface/redirect.xml.i @@ -1,16 +1,16 @@ <!-- include start from interface/redirect.xml.i --> <leafNode name="redirect"> <properties> - <help>Incoming packet redirection destination</help> + <help>Redirect incoming packet to destination</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>txt</format> - <description>Interface name</description> + <description>Destination interface name</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i index 6d50d7238..fdd62b63d 100644 --- a/interface-definitions/include/interface/vif-s.xml.i +++ b/interface-definitions/include/interface/vif-s.xml.i @@ -12,8 +12,8 @@ <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> </properties> <children> + #include <include/generic-description.xml.i> #include <include/interface/address-ipv4-ipv6-dhcp.xml.i> - #include <include/interface/description.xml.i> #include <include/interface/dhcp-options.xml.i> #include <include/interface/dhcpv6-options.xml.i> #include <include/interface/disable-link-detect.xml.i> @@ -53,8 +53,8 @@ <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> </properties> <children> + #include <include/generic-description.xml.i> #include <include/interface/address-ipv4-ipv6-dhcp.xml.i> - #include <include/interface/description.xml.i> #include <include/interface/dhcp-options.xml.i> #include <include/interface/dhcpv6-options.xml.i> #include <include/interface/disable-link-detect.xml.i> diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i index 3f8f113ea..ec3921bf6 100644 --- a/interface-definitions/include/interface/vif.xml.i +++ b/interface-definitions/include/interface/vif.xml.i @@ -12,8 +12,8 @@ <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> </properties> <children> + #include <include/generic-description.xml.i> #include <include/interface/address-ipv4-ipv6-dhcp.xml.i> - #include <include/interface/description.xml.i> #include <include/interface/dhcp-options.xml.i> #include <include/interface/dhcpv6-options.xml.i> #include <include/interface/disable-link-detect.xml.i> diff --git a/interface-definitions/include/interface/xdp.xml.i b/interface-definitions/include/interface/xdp.xml.i deleted file mode 100644 index 10223e766..000000000 --- a/interface-definitions/include/interface/xdp.xml.i +++ /dev/null @@ -1,8 +0,0 @@ -<!-- include start from interface/xdp.xml.i --> -<leafNode name="xdp"> - <properties> - <help>Enable eXpress Data Path</help> - <valueless/> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/ipsec/local-address.xml.i b/interface-definitions/include/ipsec/local-address.xml.i index 9d267f3f7..71f514950 100644 --- a/interface-definitions/include/ipsec/local-address.xml.i +++ b/interface-definitions/include/ipsec/local-address.xml.i @@ -19,8 +19,7 @@ <description>Allow any IPv4 address present on the system to be used for VPN</description> </valueHelp> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> + <validator name="ip-address"/> <regex>(any)</regex> </constraint> </properties> diff --git a/interface-definitions/include/ipsec/remote-address.xml.i b/interface-definitions/include/ipsec/remote-address.xml.i index ba96290d0..91decba3c 100644 --- a/interface-definitions/include/ipsec/remote-address.xml.i +++ b/interface-definitions/include/ipsec/remote-address.xml.i @@ -19,8 +19,7 @@ <description>Allow any IP address of the remote peer</description> </valueHelp> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> + <validator name="ip-address"/> <validator name="fqdn"/> <regex>(any)</regex> </constraint> diff --git a/interface-definitions/include/isis/ldp-sync-holddown.xml.i b/interface-definitions/include/isis/ldp-sync-holddown.xml.i new file mode 100644 index 000000000..15ac26f07 --- /dev/null +++ b/interface-definitions/include/isis/ldp-sync-holddown.xml.i @@ -0,0 +1,14 @@ +<!-- include start from isis/ldp-sync-holddown.xml.i --> +<leafNode name="holddown"> + <properties> + <help>Hold down timer for LDP-IGP cost restoration</help> + <valueHelp> + <format>u32:0-10000</format> + <description>Time to wait in seconds for LDP-IGP synchronization to occur before restoring interface cost</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-10000"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/isis/ldp-sync-interface.xml.i b/interface-definitions/include/isis/ldp-sync-interface.xml.i new file mode 100644 index 000000000..222a35256 --- /dev/null +++ b/interface-definitions/include/isis/ldp-sync-interface.xml.i @@ -0,0 +1,11 @@ +<!-- include start from isis/ldp-igp-sync.xml.i --> +<node name="ldp-sync"> + <properties> + <help>LDP-IGP synchronization configuration for interface</help> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/isis/ldp-sync-holddown.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/isis/ldp-sync-protocol.xml.i b/interface-definitions/include/isis/ldp-sync-protocol.xml.i new file mode 100644 index 000000000..b2e696a70 --- /dev/null +++ b/interface-definitions/include/isis/ldp-sync-protocol.xml.i @@ -0,0 +1,10 @@ +<!-- include start from isis/ldp-igp-sync.xml.i --> +<node name="ldp-sync"> + <properties> + <help>Protocol wide LDP-IGP synchronization configuration</help> + </properties> + <children> + #include <include/isis/ldp-sync-holddown.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i index 42bda7a80..4ca7061db 100644 --- a/interface-definitions/include/isis/protocol-common-config.xml.i +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -152,6 +152,7 @@ </constraint> </properties> </leafNode> +#include <include/isis/ldp-sync-protocol.xml.i> <leafNode name="net"> <properties> <help>A Network Entity Title for this process (ISO only)</help> @@ -172,7 +173,7 @@ </leafNode> <node name="traffic-engineering"> <properties> - <help>Show IS-IS neighbor adjacencies</help> + <help>IS-IS traffic engineering extensions</help> </properties> <children> <leafNode name="enable"> @@ -394,6 +395,14 @@ #include <include/isis/redistribute-level-1-2.xml.i> </children> </node> + <node name="babel"> + <properties> + <help>Redistribute Babel routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> <node name="static"> <properties> <help>Redistribute static routes into IS-IS</help> @@ -449,6 +458,14 @@ #include <include/isis/redistribute-level-1-2.xml.i> </children> </node> + <node name="babel"> + <properties> + <help>Redistribute Babel routes into IS-IS</help> + </properties> + <children> + #include <include/isis/redistribute-level-1-2.xml.i> + </children> + </node> <node name="static"> <properties> <help>Redistribute static routes into IS-IS</help> @@ -556,7 +573,7 @@ <properties> <help>Interface params</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> </properties> <children> @@ -615,6 +632,7 @@ </properties> </leafNode> #include <include/isis/metric.xml.i> + #include <include/isis/ldp-sync-interface.xml.i> <node name="network"> <properties> <help>Set network type</help> @@ -669,5 +687,4 @@ </leafNode> </children> </tagNode> -#include <include/route-map.xml.i> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/listen-address-ipv4-single.xml.i b/interface-definitions/include/listen-address-ipv4-single.xml.i new file mode 100644 index 000000000..81e947953 --- /dev/null +++ b/interface-definitions/include/listen-address-ipv4-single.xml.i @@ -0,0 +1,17 @@ +<!-- include start from listen-address-ipv4-single.xml.i --> +<leafNode name="listen-address"> + <properties> + <help>Local IPv4 addresses to listen on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to listen for incoming connections</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/listen-address-single.xml.i b/interface-definitions/include/listen-address-single.xml.i index 30293b338..6cc5aef0a 100644 --- a/interface-definitions/include/listen-address-single.xml.i +++ b/interface-definitions/include/listen-address-single.xml.i @@ -14,8 +14,7 @@ <description>IPv6 address to listen for incoming connections</description> </valueHelp> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> + <validator name="ip-address"/> <validator name="ipv6-link-local"/> </constraint> </properties> diff --git a/interface-definitions/include/listen-address-vrf.xml.i b/interface-definitions/include/listen-address-vrf.xml.i index 8c2bdce70..23ecc2476 100644 --- a/interface-definitions/include/listen-address-vrf.xml.i +++ b/interface-definitions/include/listen-address-vrf.xml.i @@ -14,8 +14,7 @@ <description>IPv6 address to listen for incoming connections</description> </valueHelp> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> + <validator name="ip-address"/> </constraint> </properties> <children> diff --git a/interface-definitions/include/listen-address.xml.i b/interface-definitions/include/listen-address.xml.i index 48003dbf2..2454f43ff 100644 --- a/interface-definitions/include/listen-address.xml.i +++ b/interface-definitions/include/listen-address.xml.i @@ -15,8 +15,7 @@ </valueHelp> <multi/> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> + <validator name="ip-address"/> <validator name="ipv6-link-local"/> </constraint> </properties> diff --git a/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i new file mode 100644 index 000000000..b326a6537 --- /dev/null +++ b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i @@ -0,0 +1,24 @@ +<!-- include start from name-server-ipv4-ipv6-port.xml.i --> +<tagNode name="name-server"> + <properties> + <help>Domain Name Servers (DNS) addresses to forward queries to</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + <children> + #include <include/port-number.xml.i> + <leafNode name="port"> + <defaultValue>53</defaultValue> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/name-server-ipv4-ipv6.xml.i b/interface-definitions/include/name-server-ipv4-ipv6.xml.i index 14973234b..cf483e5d9 100644 --- a/interface-definitions/include/name-server-ipv4-ipv6.xml.i +++ b/interface-definitions/include/name-server-ipv4-ipv6.xml.i @@ -11,8 +11,7 @@ <description>Domain Name Server (DNS) IPv6 address</description> </valueHelp> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> + <validator name="ip-address"/> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/nat-interface.xml.i b/interface-definitions/include/nat-interface.xml.i index 68969472f..ef1ffc1ba 100644 --- a/interface-definitions/include/nat-interface.xml.i +++ b/interface-definitions/include/nat-interface.xml.i @@ -4,7 +4,7 @@ <help>Outbound interface of NAT traffic</help> <completionHelp> <list>any</list> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> </properties> </leafNode> diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i index 8f2029388..6234e6195 100644 --- a/interface-definitions/include/nat-rule.xml.i +++ b/interface-definitions/include/nat-rule.xml.i @@ -25,12 +25,48 @@ </node> #include <include/generic-disable-node.xml.i> #include <include/nat-exclude.xml.i> + <node name="load-balance"> + <properties> + <help>Apply NAT load balance</help> + </properties> + <children> + #include <include/firewall/firewall-hashing-parameters.xml.i> + #include <include/firewall/nat-balance.xml.i> + </children> + </node> <leafNode name="log"> <properties> <help>NAT rule logging</help> <valueless/> </properties> </leafNode> + <leafNode name="packet-type"> + <properties> + <help>Packet type</help> + <completionHelp> + <list>broadcast host multicast other</list> + </completionHelp> + <valueHelp> + <format>broadcast</format> + <description>Match broadcast packet type</description> + </valueHelp> + <valueHelp> + <format>host</format> + <description>Match host packet type, addressed to local host</description> + </valueHelp> + <valueHelp> + <format>multicast</format> + <description>Match multicast packet type</description> + </valueHelp> + <valueHelp> + <format>other</format> + <description>Match packet addressed to another host</description> + </valueHelp> + <constraint> + <regex>(broadcast|host|multicast|other)</regex> + </constraint> + </properties> + </leafNode> <leafNode name="protocol"> <properties> <help>Protocol to NAT</help> diff --git a/interface-definitions/include/ospf/graceful-restart.xml.i b/interface-definitions/include/ospf/graceful-restart.xml.i new file mode 100644 index 000000000..37d9a7f13 --- /dev/null +++ b/interface-definitions/include/ospf/graceful-restart.xml.i @@ -0,0 +1,67 @@ +<!-- include start from ospf/graceful-restart.xml.i --> +<node name="graceful-restart"> + <properties> + <help>Graceful Restart</help> + </properties> + <children> + <leafNode name="grace-period"> + <properties> + <help>Maximum length of the grace period</help> + <valueHelp> + <format>u32:1-1800</format> + <description>Maximum length of the grace period in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-1800"/> + </constraint> + </properties> + <defaultValue>120</defaultValue> + </leafNode> + <node name="helper"> + <properties> + <help>OSPF graceful-restart helpers</help> + </properties> + <children> + <node name="enable"> + <properties> + <help>Enable helper support</help> + </properties> + <children> + <leafNode name="router-id"> + <properties> + <help>Advertising Router-ID</help> + <valueHelp> + <format>ipv4</format> + <description>Router-ID in IP address format</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="planned-only"> + <properties> + <help>Supported only planned restart</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="supported-grace-time"> + <properties> + <help>Supported grace timer</help> + <valueHelp> + <format>u32:10-1800</format> + <description>Grace interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-1800"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i index 06609c10e..c4778e126 100644 --- a/interface-definitions/include/ospf/protocol-common-config.xml.i +++ b/interface-definitions/include/ospf/protocol-common-config.xml.i @@ -1,4 +1,24 @@ <!-- include start from ospf/protocol-common-config.xml.i --> +<node name="aggregation"> + <properties> + <help>External route aggregation</help> + </properties> + <children> + <leafNode name="timer"> + <properties> + <help>Delay timer</help> + <valueHelp> + <format>u32:5-1800</format> + <description>Timer interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-1800"/> + </constraint> + </properties> + <defaultValue>5</defaultValue> + </leafNode> + </children> +</node> <tagNode name="access-list"> <properties> <help>Access list to filter networks in routing updates</help> @@ -306,6 +326,19 @@ </children> </tagNode> #include <include/ospf/auto-cost.xml.i> +<node name="capability"> + <properties> + <help>Enable specific OSPF features</help> + </properties> + <children> + <leafNode name="opaque"> + <properties> + <help>Opaque LSA</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> #include <include/ospf/default-information.xml.i> <leafNode name="default-metric"> <properties> @@ -319,6 +352,21 @@ </constraint> </properties> </leafNode> +#include <include/ospf/graceful-restart.xml.i> +<node name="graceful-restart"> + <children> + <node name="helper"> + <children> + <leafNode name="no-strict-lsa-checking"> + <properties> + <help>Disable strict LSA check</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> +</node> <leafNode name="maximum-paths"> <properties> <help>Maximum multiple paths (ECMP)</help> @@ -331,6 +379,7 @@ </constraint> </properties> </leafNode> +#include <include/isis/ldp-sync-protocol.xml.i> <node name="distance"> <properties> <help>Administrative distance</help> @@ -351,14 +400,14 @@ <properties> <help>Interface configuration</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>txt</format> <description>Interface name</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> <children> @@ -385,6 +434,7 @@ #include <include/ospf/authentication.xml.i> #include <include/ospf/intervals.xml.i> #include <include/ospf/interface-common.xml.i> + #include <include/isis/ldp-sync-interface.xml.i> <leafNode name="bandwidth"> <properties> <help>Interface bandwidth (Mbit/s)</help> @@ -756,6 +806,16 @@ #include <include/route-map.xml.i> </children> </node> + <node name="babel"> + <properties> + <help>Redistribute Babel routes</help> + </properties> + <children> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> <node name="static"> <properties> <help>Redistribute statically configured routes</help> @@ -804,7 +864,38 @@ </leafNode> </children> </node> -#include <include/route-map.xml.i> +<tagNode name="summary-address"> + <properties> + <help>External summary address</help> + <valueHelp> + <format>ipv4net</format> + <description>OSPF area number in dotted decimal notation</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="no-advertise"> + <properties> + <help>Don not advertise summary route</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="tag"> + <properties> + <help>Router tag</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Router tag value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> <node name="timers"> <properties> <help>Adjust routing timers</help> diff --git a/interface-definitions/include/ospfv3/protocol-common-config.xml.i b/interface-definitions/include/ospfv3/protocol-common-config.xml.i index c0aab912d..4c3ca68e1 100644 --- a/interface-definitions/include/ospfv3/protocol-common-config.xml.i +++ b/interface-definitions/include/ospfv3/protocol-common-config.xml.i @@ -107,18 +107,33 @@ </node> </children> </node> +#include <include/ospf/graceful-restart.xml.i> +<node name="graceful-restart"> + <children> + <node name="helper"> + <children> + <leafNode name="lsa-check-disable"> + <properties> + <help>Disable strict LSA check</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> +</node> <tagNode name="interface"> <properties> <help>Enable routing on an IPv6 interface</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>txt</format> <description>Interface used for routing information exchange</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> <children> @@ -238,6 +253,14 @@ #include <include/route-map.xml.i> </children> </node> + <node name="babel"> + <properties> + <help>Redistribute Babel routes</help> + </properties> + <children> + #include <include/route-map.xml.i> + </children> + </node> <node name="static"> <properties> <help>Redistribute static routes</help> @@ -248,5 +271,4 @@ </node> </children> </node> -#include <include/route-map.xml.i> <!-- include end --> diff --git a/interface-definitions/include/policy/extended-community-value-list.xml.i b/interface-definitions/include/policy/extended-community-value-list.xml.i index c79f78c67..33a279be1 100644 --- a/interface-definitions/include/policy/extended-community-value-list.xml.i +++ b/interface-definitions/include/policy/extended-community-value-list.xml.i @@ -12,4 +12,4 @@ </constraint> <constraintErrorMessage>Should be in form: ASN:NN or IPADDR:NN where ASN is autonomous system number</constraintErrorMessage> <multi/> - <!-- include end --> +<!-- include end --> diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i index 8b959c2a4..216ec9bea 100644 --- a/interface-definitions/include/policy/route-common.xml.i +++ b/interface-definitions/include/policy/route-common.xml.i @@ -159,6 +159,18 @@ <help>Packet modifications</help>
</properties>
<children>
+ <leafNode name="connection-mark">
+ <properties>
+ <help>Connection marking</help>
+ <valueHelp>
+ <format>u32:0-2147483647</format>
+ <description>Connection marking</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-2147483647"/>
+ </constraint>
+ </properties>
+ </leafNode>
<leafNode name="dscp">
<properties>
<help>Packet Differentiated Services Codepoint (DSCP)</help>
diff --git a/interface-definitions/include/policy/route-rule-action.xml.i b/interface-definitions/include/policy/route-rule-action.xml.i index 456a21400..c2698db5a 100644 --- a/interface-definitions/include/policy/route-rule-action.xml.i +++ b/interface-definitions/include/policy/route-rule-action.xml.i @@ -3,14 +3,26 @@ <properties> <help>Rule action</help> <completionHelp> - <list>drop</list> + <list>accept reject return drop</list> </completionHelp> <valueHelp> + <format>accept</format> + <description>Accept matching entries</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Reject matching entries</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> <format>drop</format> <description>Drop matching entries</description> </valueHelp> <constraint> - <regex>(drop)</regex> + <regex>(accept|reject|return|drop)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/policy/tag.xml.i b/interface-definitions/include/policy/tag.xml.i new file mode 100644 index 000000000..ec25b9391 --- /dev/null +++ b/interface-definitions/include/policy/tag.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/tag.xml.i --> +<leafNode name="tag"> + <properties> + <help>Route tag value</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Route tag</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/port-number-start-zero.xml.i b/interface-definitions/include/port-number-start-zero.xml.i new file mode 100644 index 000000000..04a144216 --- /dev/null +++ b/interface-definitions/include/port-number-start-zero.xml.i @@ -0,0 +1,15 @@ +<!-- include start from port-number-start-zero.xml.i --> +<leafNode name="port"> + <properties> + <help>Port number used by connection</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + <constraintErrorMessage>Port number must be in range 0 to 65535</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/snmp/protocol.xml.i b/interface-definitions/include/protocol-tcp-udp.xml.i index d7e6752ad..d7e6752ad 100644 --- a/interface-definitions/include/snmp/protocol.xml.i +++ b/interface-definitions/include/protocol-tcp-udp.xml.i diff --git a/interface-definitions/include/qos/bandwidth-auto.xml.i b/interface-definitions/include/qos/bandwidth-auto.xml.i new file mode 100644 index 000000000..fa16a6cb0 --- /dev/null +++ b/interface-definitions/include/qos/bandwidth-auto.xml.i @@ -0,0 +1,47 @@ +<!-- include start from qos/bandwidth-auto.xml.i --> +<leafNode name="bandwidth"> + <properties> + <help>Available bandwidth for this policy</help> + <completionHelp> + <list>auto</list> + </completionHelp> + <valueHelp> + <format>auto</format> + <description>Bandwidth matches interface speed</description> + </valueHelp> + <valueHelp> + <format><number></format> + <description>Bits per second</description> + </valueHelp> + <valueHelp> + <format><number>bit</format> + <description>Bits per second</description> + </valueHelp> + <valueHelp> + <format><number>kbit</format> + <description>Kilobits per second</description> + </valueHelp> + <valueHelp> + <format><number>mbit</format> + <description>Megabits per second</description> + </valueHelp> + <valueHelp> + <format><number>gbit</format> + <description>Gigabits per second</description> + </valueHelp> + <valueHelp> + <format><number>tbit</format> + <description>Terabits per second</description> + </valueHelp> + <valueHelp> + <format><number>%%</format> + <description>Percentage of interface link speed</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--positive"/> + <regex>(auto|\d+(bit|kbit|mbit|gbit|tbit)?|(100|\d(\d)?)%)</regex> + </constraint> + </properties> + <defaultValue>auto</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/bandwidth.xml.i b/interface-definitions/include/qos/bandwidth.xml.i index 82af22f42..0e29b6499 100644 --- a/interface-definitions/include/qos/bandwidth.xml.i +++ b/interface-definitions/include/qos/bandwidth.xml.i @@ -1,15 +1,39 @@ <!-- include start from qos/bandwidth.xml.i --> <leafNode name="bandwidth"> <properties> - <help>Traffic-limit used for this class</help> + <help>Available bandwidth for this policy</help> <valueHelp> <format><number></format> - <description>Rate in kbit (kilobit per second)</description> + <description>Bits per second</description> </valueHelp> <valueHelp> - <format><number><suffix></format> - <description>Rate with scaling suffix (mbit, mbps, ...)</description> + <format><number>bit</format> + <description>Bits per second</description> </valueHelp> + <valueHelp> + <format><number>kbit</format> + <description>Kilobits per second</description> + </valueHelp> + <valueHelp> + <format><number>mbit</format> + <description>Megabits per second</description> + </valueHelp> + <valueHelp> + <format><number>gbit</format> + <description>Gigabits per second</description> + </valueHelp> + <valueHelp> + <format><number>tbit</format> + <description>Terabits per second</description> + </valueHelp> + <valueHelp> + <format><number>%%</format> + <description>Percentage of interface link speed</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--positive"/> + <regex>(\d+(bit|kbit|mbit|gbit|tbit)?|(100|\d(\d)?)%)</regex> + </constraint> </properties> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/qos/class-match-ipv4-address.xml.i b/interface-definitions/include/qos/class-match-ipv4-address.xml.i new file mode 100644 index 000000000..8e84c988a --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv4-address.xml.i @@ -0,0 +1,19 @@ +<!-- include start from qos/class-match-ipv4-address.xml.i --> +<leafNode name="address"> + <properties> + <help>IPv4 destination address for this match</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-ipv6-address.xml.i b/interface-definitions/include/qos/class-match-ipv6-address.xml.i new file mode 100644 index 000000000..fd7388127 --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv6-address.xml.i @@ -0,0 +1,14 @@ +<!-- include start from qos/class-match-ipv6-address.xml.i --> +<leafNode name="address"> + <properties> + <help>IPv6 destination address for this match</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/match.xml.i b/interface-definitions/include/qos/class-match.xml.i index 7d89e4460..4ba12f8f7 100644 --- a/interface-definitions/include/qos/match.xml.i +++ b/interface-definitions/include/qos/class-match.xml.i @@ -1,4 +1,4 @@ -<!-- include start from qos/match.xml.i --> +<!-- include start from qos/class-match.xml.i --> <tagNode name="match"> <properties> <help>Class matching rule name</help> @@ -99,22 +99,11 @@ <help>Match on destination port or address</help> </properties> <children> - <leafNode name="address"> - <properties> - <help>IPv4 destination address for this match</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv4"/> - </constraint> - </properties> - </leafNode> + #include <include/qos/class-match-ipv4-address.xml.i> #include <include/port-number.xml.i> </children> </node> - #include <include/qos/dscp.xml.i> + #include <include/qos/match-dscp.xml.i> #include <include/qos/max-length.xml.i> #include <include/ip-protocol.xml.i> <node name="source"> @@ -122,18 +111,7 @@ <help>Match on source port or address</help> </properties> <children> - <leafNode name="address"> - <properties> - <help>IPv4 source address for this match</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv4"/> - </constraint> - </properties> - </leafNode> + #include <include/qos/class-match-ipv4-address.xml.i> #include <include/port-number.xml.i> </children> </node> @@ -150,22 +128,11 @@ <help>Match on destination port or address</help> </properties> <children> - <leafNode name="address"> - <properties> - <help>IPv6 destination address for this match</help> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv6"/> - </constraint> - </properties> - </leafNode> + #include <include/qos/class-match-ipv6-address.xml.i> #include <include/port-number.xml.i> </children> </node> - #include <include/qos/dscp.xml.i> + #include <include/qos/match-dscp.xml.i> #include <include/qos/max-length.xml.i> #include <include/ip-protocol.xml.i> <node name="source"> @@ -173,18 +140,7 @@ <help>Match on source port or address</help> </properties> <children> - <leafNode name="address"> - <properties> - <help>IPv6 source address for this match</help> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv6"/> - </constraint> - </properties> - </leafNode> + #include <include/qos/class-match-ipv6-address.xml.i> #include <include/port-number.xml.i> </children> </node> @@ -195,11 +151,11 @@ <properties> <help>Match on mark applied by firewall</help> <valueHelp> - <format>txt</format> + <format>u32</format> <description>FW mark to match</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0x0-0xffff"/> + <validator name="numeric" argument="--range 0-4294967295"/> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/qos/limiter-actions.xml.i b/interface-definitions/include/qos/class-police-exceed.xml.i index a993423aa..ee2ce16a8 100644 --- a/interface-definitions/include/qos/limiter-actions.xml.i +++ b/interface-definitions/include/qos/class-police-exceed.xml.i @@ -1,13 +1,13 @@ -<!-- include start from qos/limiter-actions.xml.i --> -<leafNode name="exceed-action"> +<!-- include start from qos/police.xml.i --> +<leafNode name="exceed"> <properties> - <help>Default action for packets exceeding the limiter (default: drop)</help> + <help>Default action for packets exceeding the limiter</help> <completionHelp> <list>continue drop ok reclassify pipe</list> </completionHelp> <valueHelp> <format>continue</format> - <description>Don't do anything, just continue with the next action in line</description> + <description>Do not do anything, just continue with the next action in line</description> </valueHelp> <valueHelp> <format>drop</format> @@ -31,15 +31,15 @@ </properties> <defaultValue>drop</defaultValue> </leafNode> -<leafNode name="notexceed-action"> +<leafNode name="not-exceed"> <properties> - <help>Default action for packets not exceeding the limiter (default: ok)</help> + <help>Default action for packets not exceeding the limiter</help> <completionHelp> <list>continue drop ok reclassify pipe</list> </completionHelp> <valueHelp> <format>continue</format> - <description>Don't do anything, just continue with the next action in line</description> + <description>Do not do anything, just continue with the next action in line</description> </valueHelp> <valueHelp> <format>drop</format> diff --git a/interface-definitions/include/qos/class-priority.xml.i b/interface-definitions/include/qos/class-priority.xml.i new file mode 100644 index 000000000..3fd848c93 --- /dev/null +++ b/interface-definitions/include/qos/class-priority.xml.i @@ -0,0 +1,15 @@ +<!-- include start from qos/class-priority.xml.i --> +<leafNode name="priority"> + <properties> + <help>Priority for rule evaluation</help> + <valueHelp> + <format>u32:0-20</format> + <description>Priority for match rule evaluation</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-20"/> + </constraint> + <constraintErrorMessage>Priority must be between 0 and 20</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/hfsc-m1.xml.i b/interface-definitions/include/qos/hfsc-m1.xml.i index 749d01f57..677d817ba 100644 --- a/interface-definitions/include/qos/hfsc-m1.xml.i +++ b/interface-definitions/include/qos/hfsc-m1.xml.i @@ -27,6 +27,6 @@ <description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description> </valueHelp> </properties> - <defaultValue>100%</defaultValue> + <defaultValue>100%%</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/qos/hfsc-m2.xml.i b/interface-definitions/include/qos/hfsc-m2.xml.i index 24e8f5d63..7690df4b0 100644 --- a/interface-definitions/include/qos/hfsc-m2.xml.i +++ b/interface-definitions/include/qos/hfsc-m2.xml.i @@ -27,6 +27,6 @@ <description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description> </valueHelp> </properties> - <defaultValue>100%</defaultValue> + <defaultValue>100%%</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/qos/dscp.xml.i b/interface-definitions/include/qos/match-dscp.xml.i index bb90850ac..2d2fd0a57 100644 --- a/interface-definitions/include/qos/dscp.xml.i +++ b/interface-definitions/include/qos/match-dscp.xml.i @@ -1,4 +1,4 @@ -<!-- include start from qos/dscp.xml.i --> +<!-- include start from qos/match-dscp.xml.i --> <leafNode name="dscp"> <properties> <help>Match on Differentiated Services Codepoint (DSCP)</help> @@ -137,7 +137,6 @@ <validator name="numeric" argument="--range 0-63"/> <regex>(default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network|AF11|AF12|AF13|AF21|AF22|AF23|AF31|AF32|AF33|AF41|AF42|AF43|CS1|CS2|CS3|CS4|CS5|CS6|CS7|EF)</regex> </constraint> - <constraintErrorMessage>Priority must be between 0 and 63</constraintErrorMessage> </properties> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/qos/max-length.xml.i b/interface-definitions/include/qos/max-length.xml.i index 4cc20f8c4..64cdd02ec 100644 --- a/interface-definitions/include/qos/max-length.xml.i +++ b/interface-definitions/include/qos/max-length.xml.i @@ -1,15 +1,15 @@ <!-- include start from qos/max-length.xml.i --> <leafNode name="max-length"> <properties> - <help>Maximum packet length (ipv4)</help> + <help>Maximum packet length</help> <valueHelp> - <format>u32:0-65535</format> + <format>u32:1-65535</format> <description>Maximum packet/payload length</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-65535"/> + <validator name="numeric" argument="--range 1-65535"/> </constraint> - <constraintErrorMessage>Maximum IPv4 total packet length is 65535</constraintErrorMessage> + <constraintErrorMessage>Maximum packet length is 65535</constraintErrorMessage> </properties> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/qos/queue-type.xml.i b/interface-definitions/include/qos/queue-type.xml.i index 634f61024..c7d4cde82 100644 --- a/interface-definitions/include/qos/queue-type.xml.i +++ b/interface-definitions/include/qos/queue-type.xml.i @@ -3,28 +3,31 @@ <properties> <help>Queue type for default traffic</help> <completionHelp> - <list>fq-codel fair-queue drop-tail random-detect</list> + <list>drop-tail fair-queue fq-codel priority random-detect</list> </completionHelp> <valueHelp> - <format>fq-codel</format> - <description>Fair Queue Codel</description> + <format>drop-tail</format> + <description>First-In-First-Out (FIFO)</description> </valueHelp> <valueHelp> <format>fair-queue</format> <description>Stochastic Fair Queue (SFQ)</description> </valueHelp> <valueHelp> - <format>drop-tail</format> - <description>First-In-First-Out (FIFO)</description> + <format>fq-codel</format> + <description>Fair Queue Codel</description> + </valueHelp> + <valueHelp> + <format>priority</format> + <description>Priority queuing</description> </valueHelp> <valueHelp> <format>random-detect</format> <description>Random Early Detection (RED)</description> </valueHelp> <constraint> - <regex>(fq-codel|fair-queue|drop-tail|random-detect)</regex> + <regex>(drop-tail|fair-queue|fq-codel|priority|random-detect)</regex> </constraint> </properties> - <defaultValue>drop-tail</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/qos/set-dscp.xml.i b/interface-definitions/include/qos/set-dscp.xml.i index 55c0ea44d..07f33783f 100644 --- a/interface-definitions/include/qos/set-dscp.xml.i +++ b/interface-definitions/include/qos/set-dscp.xml.i @@ -3,7 +3,7 @@ <properties> <help>Change the Differentiated Services (DiffServ) field in the IP header</help> <completionHelp> - <list>default reliability throughput lowdelay priority immediate flash flash-override critical internet network</list> + <list>default reliability throughput lowdelay priority immediate flash flash-override critical internet network AF11 AF12 AF13 AF21 AF22 AF23 AF31 AF32 AF33 AF41 AF42 AF43 CS1 CS2 CS3 CS4 CS5 CS6 CS7 EF</list> </completionHelp> <valueHelp> <format>u32:0-63</format> @@ -53,9 +53,89 @@ <format>network</format> <description>match DSCP (111000)</description> </valueHelp> + <valueHelp> + <format>AF11</format> + <description>High-throughput data</description> + </valueHelp> + <valueHelp> + <format>AF12</format> + <description>High-throughput data</description> + </valueHelp> + <valueHelp> + <format>AF13</format> + <description>High-throughput data</description> + </valueHelp> + <valueHelp> + <format>AF21</format> + <description>Low-latency data</description> + </valueHelp> + <valueHelp> + <format>AF22</format> + <description>Low-latency data</description> + </valueHelp> + <valueHelp> + <format>AF23</format> + <description>Low-latency data</description> + </valueHelp> + <valueHelp> + <format>AF31</format> + <description>Multimedia streaming</description> + </valueHelp> + <valueHelp> + <format>AF32</format> + <description>Multimedia streaming</description> + </valueHelp> + <valueHelp> + <format>AF33</format> + <description>Multimedia streaming</description> + </valueHelp> + <valueHelp> + <format>AF41</format> + <description>Multimedia conferencing</description> + </valueHelp> + <valueHelp> + <format>AF42</format> + <description>Multimedia conferencing</description> + </valueHelp> + <valueHelp> + <format>AF43</format> + <description>Multimedia conferencing</description> + </valueHelp> + <valueHelp> + <format>CS1</format> + <description>Low-priority data</description> + </valueHelp> + <valueHelp> + <format>CS2</format> + <description>OAM</description> + </valueHelp> + <valueHelp> + <format>CS3</format> + <description>Broadcast video</description> + </valueHelp> + <valueHelp> + <format>CS4</format> + <description>Real-time interactive</description> + </valueHelp> + <valueHelp> + <format>CS5</format> + <description>Signaling</description> + </valueHelp> + <valueHelp> + <format>CS6</format> + <description>Network control</description> + </valueHelp> + <valueHelp> + <format>CS7</format> + <description></description> + </valueHelp> + <valueHelp> + <format>EF</format> + <description>Expedited Forwarding</description> + </valueHelp> <constraint> <validator name="numeric" argument="--range 0-63"/> - <regex>(default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network)</regex> + <regex>(default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network|AF11|AF12|AF13|AF21|AF22|AF23|AF31|AF32|AF33|AF41|AF42|AF43|CS1|CS2|CS3|CS4|CS5|CS6|CS7|EF)</regex> </constraint> <constraintErrorMessage>Priority must be between 0 and 63</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/radius-acct-server-ipv4.xml.i b/interface-definitions/include/radius-acct-server-ipv4.xml.i new file mode 100644 index 000000000..9365aa8e9 --- /dev/null +++ b/interface-definitions/include/radius-acct-server-ipv4.xml.i @@ -0,0 +1,26 @@ +<!-- include start from radius-acct-server-ipv4.xml.i --> +<node name="radius"> + <properties> + <help>RADIUS accounting for users OpenConnect VPN sessions OpenConnect authentication mode radius</help> + </properties> + <children> + <tagNode name="server"> + <properties> + <help>RADIUS server configuration</help> + <valueHelp> + <format>ipv4</format> + <description>RADIUS server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + #include <include/radius-server-key.xml.i> + #include <include/radius-server-acct-port.xml.i> + </children> + </tagNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/radius-server-ipv4.xml.i b/interface-definitions/include/radius-auth-server-ipv4.xml.i index ab4c8e10e..dc6f4d878 100644 --- a/interface-definitions/include/radius-server-ipv4.xml.i +++ b/interface-definitions/include/radius-auth-server-ipv4.xml.i @@ -1,4 +1,4 @@ -<!-- include start from radius-server-ipv4.xml.i --> +<!-- include start from radius-auth-server-ipv4.xml.i --> <node name="radius"> <properties> <help>RADIUS based user authentication</help> @@ -19,7 +19,7 @@ <children> #include <include/generic-disable-node.xml.i> #include <include/radius-server-key.xml.i> - #include <include/radius-server-port.xml.i> + #include <include/radius-server-auth-port.xml.i> </children> </tagNode> </children> diff --git a/interface-definitions/include/radius-server-port.xml.i b/interface-definitions/include/radius-server-acct-port.xml.i index c6b691a0f..0b356fa18 100644 --- a/interface-definitions/include/radius-server-port.xml.i +++ b/interface-definitions/include/radius-server-acct-port.xml.i @@ -1,7 +1,7 @@ -<!-- include start from radius-server-port.xml.i --> +<!-- include start from radius-server-acct-port.xml.i --> <leafNode name="port"> <properties> - <help>Authentication port</help> + <help>Accounting port</help> <valueHelp> <format>u32:1-65535</format> <description>Numeric IP port</description> @@ -10,6 +10,6 @@ <validator name="numeric" argument="--range 1-65535"/> </constraint> </properties> - <defaultValue>1812</defaultValue> + <defaultValue>1813</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/radius-server-auth-port.xml.i b/interface-definitions/include/radius-server-auth-port.xml.i new file mode 100644 index 000000000..d9ea1d445 --- /dev/null +++ b/interface-definitions/include/radius-server-auth-port.xml.i @@ -0,0 +1,6 @@ +<!-- include start from radius-server-auth-port.xml.i --> +#include <include/port-number.xml.i> +<leafNode name="port"> + <defaultValue>1812</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i index 5b12bec62..efd418bb2 100644 --- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i +++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i @@ -16,14 +16,13 @@ <description>RADIUS server IPv6 address</description> </valueHelp> <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> + <validator name="ip-address"/> </constraint> </properties> <children> #include <include/generic-disable-node.xml.i> #include <include/radius-server-key.xml.i> - #include <include/radius-server-port.xml.i> + #include <include/radius-server-auth-port.xml.i> </children> </tagNode> <leafNode name="source-address"> diff --git a/interface-definitions/include/radius-server-key.xml.i b/interface-definitions/include/radius-server-key.xml.i index c6301646b..dd5cdb0c6 100644 --- a/interface-definitions/include/radius-server-key.xml.i +++ b/interface-definitions/include/radius-server-key.xml.i @@ -2,6 +2,14 @@ <leafNode name="key"> <properties> <help>Shared secret key</help> + <valueHelp> + <format>txt</format> + <description>Password string (key)</description> + </valueHelp> + <constraint> + <regex>[[:ascii:]]{1,128}</regex> + </constraint> + <constraintErrorMessage>Password must be less then 128 characters</constraintErrorMessage> </properties> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/rip/interface.xml.i b/interface-definitions/include/rip/interface.xml.i index e0792cdc1..8007f0208 100644 --- a/interface-definitions/include/rip/interface.xml.i +++ b/interface-definitions/include/rip/interface.xml.i @@ -3,14 +3,14 @@ <properties> <help>Interface name</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>txt</format> <description>Interface name</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> <children> diff --git a/interface-definitions/include/routing-passive-interface.xml.i b/interface-definitions/include/routing-passive-interface.xml.i index fe229aebe..8fa0d0fe7 100644 --- a/interface-definitions/include/routing-passive-interface.xml.i +++ b/interface-definitions/include/routing-passive-interface.xml.i @@ -4,7 +4,7 @@ <help>Suppress routing updates on an interface</help> <completionHelp> <list>default</list> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>txt</format> @@ -16,7 +16,7 @@ </valueHelp> <constraint> <regex>(default)</regex> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/source-interface-ethernet.xml.i b/interface-definitions/include/source-interface-ethernet.xml.i index ee04f2cd5..e06e47d6c 100644 --- a/interface-definitions/include/source-interface-ethernet.xml.i +++ b/interface-definitions/include/source-interface-ethernet.xml.i @@ -7,7 +7,7 @@ <description>Physical interface used for traffic forwarding</description> </valueHelp> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py -t ethernet</script> + <script>${vyos_completion_dir}/list_interfaces --type ethernet</script> </completionHelp> </properties> </leafNode> diff --git a/interface-definitions/include/source-interface.xml.i b/interface-definitions/include/source-interface.xml.i index 4c1fddb57..40fdc6c5e 100644 --- a/interface-definitions/include/source-interface.xml.i +++ b/interface-definitions/include/source-interface.xml.i @@ -7,10 +7,10 @@ <description>Interface name</description> </valueHelp> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/static/static-route-bfd.xml.i b/interface-definitions/include/static/static-route-bfd.xml.i new file mode 100644 index 000000000..d588b369f --- /dev/null +++ b/interface-definitions/include/static/static-route-bfd.xml.i @@ -0,0 +1,36 @@ +<!-- include start from static/static-route-bfd.xml.i --> +<node name="bfd"> + <properties> + <help>BFD monitoring</help> + </properties> + <children> + #include <include/bfd/profile.xml.i> + <node name="multi-hop"> + <properties> + <help>Use BFD multi hop session</help> + </properties> + <children> + <tagNode name="source"> + <properties> + <help>Use source for BFD session</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 source address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + <children> + #include <include/bfd/profile.xml.i> + </children> + </tagNode> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/static/static-route-interface.xml.i b/interface-definitions/include/static/static-route-interface.xml.i index cc7a92612..cb5436847 100644 --- a/interface-definitions/include/static/static-route-interface.xml.i +++ b/interface-definitions/include/static/static-route-interface.xml.i @@ -3,14 +3,14 @@ <properties> <help>Gateway interface name</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>txt</format> <description>Gateway interface name</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/static/static-route.xml.i b/interface-definitions/include/static/static-route.xml.i index aeb2044c9..29921a731 100644 --- a/interface-definitions/include/static/static-route.xml.i +++ b/interface-definitions/include/static/static-route.xml.i @@ -19,14 +19,14 @@ <properties> <help>Next-hop IPv4 router interface</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>txt</format> <description>Gateway interface name</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> <children> @@ -51,6 +51,7 @@ #include <include/static/static-route-distance.xml.i> #include <include/static/static-route-interface.xml.i> #include <include/static/static-route-vrf.xml.i> + #include <include/static/static-route-bfd.xml.i> </children> </tagNode> </children> diff --git a/interface-definitions/include/static/static-route6.xml.i b/interface-definitions/include/static/static-route6.xml.i index d5e7a25bc..a83cc230b 100644 --- a/interface-definitions/include/static/static-route6.xml.i +++ b/interface-definitions/include/static/static-route6.xml.i @@ -18,14 +18,14 @@ <properties> <help>IPv6 gateway interface name</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> + <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> <valueHelp> <format>txt</format> <description>Gateway interface name</description> </valueHelp> <constraint> - #include <include/constraint/interface-name.xml.in> + #include <include/constraint/interface-name.xml.i> </constraint> </properties> <children> @@ -50,6 +50,7 @@ #include <include/static/static-route-distance.xml.i> #include <include/static/static-route-interface.xml.i> #include <include/static/static-route-vrf.xml.i> + #include <include/static/static-route-bfd.xml.i> </children> </tagNode> </children> diff --git a/interface-definitions/include/syslog-facility.xml.i b/interface-definitions/include/syslog-facility.xml.i new file mode 100644 index 000000000..e6138a122 --- /dev/null +++ b/interface-definitions/include/syslog-facility.xml.i @@ -0,0 +1,149 @@ +<!-- include start from syslog-facility.xml.i --> +<tagNode name="facility"> + <properties> + <help>Facility for logging</help> + <completionHelp> + <list>auth authpriv cron daemon kern lpr mail mark news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> + </completionHelp> + <constraint> + <regex>(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> + <valueHelp> + <format>all</format> + <description>All facilities excluding "mark"</description> + </valueHelp> + <valueHelp> + <format>auth</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>authpriv</format> + <description>Non-system authorization</description> + </valueHelp> + <valueHelp> + <format>cron</format> + <description>Cron daemon</description> + </valueHelp> + <valueHelp> + <format>daemon</format> + <description>System daemons</description> + </valueHelp> + <valueHelp> + <format>kern</format> + <description>Kernel</description> + </valueHelp> + <valueHelp> + <format>lpr</format> + <description>Line printer spooler</description> + </valueHelp> + <valueHelp> + <format>mail</format> + <description>Mail subsystem</description> + </valueHelp> + <valueHelp> + <format>mark</format> + <description>Timestamp</description> + </valueHelp> + <valueHelp> + <format>news</format> + <description>USENET subsystem</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>user</format> + <description>Application processes</description> + </valueHelp> + <valueHelp> + <format>uucp</format> + <description>UUCP subsystem</description> + </valueHelp> + <valueHelp> + <format>local0</format> + <description>Local facility 0</description> + </valueHelp> + <valueHelp> + <format>local1</format> + <description>Local facility 1</description> + </valueHelp> + <valueHelp> + <format>local2</format> + <description>Local facility 2</description> + </valueHelp> + <valueHelp> + <format>local3</format> + <description>Local facility 3</description> + </valueHelp> + <valueHelp> + <format>local4</format> + <description>Local facility 4</description> + </valueHelp> + <valueHelp> + <format>local5</format> + <description>Local facility 5</description> + </valueHelp> + <valueHelp> + <format>local6</format> + <description>Local facility 6</description> + </valueHelp> + <valueHelp> + <format>local7</format> + <description>Local facility 7</description> + </valueHelp> + </properties> + <children> + <leafNode name="level"> + <properties> + <help>Logging level</help> + <completionHelp> + <list>emerg alert crit err warning notice info debug all</list> + </completionHelp> + <valueHelp> + <format>emerg</format> + <description>Emergency messages</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Urgent messages</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical messages</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error messages</description> + </valueHelp> + <valueHelp> + <format>warning</format> + <description>Warning messages</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Messages for further investigation</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Informational messages</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug messages</description> + </valueHelp> + <valueHelp> + <format>all</format> + <description>Log everything</description> + </valueHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug|all)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> + </properties> + <defaultValue>err</defaultValue> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/system-ip-protocol.xml.i b/interface-definitions/include/system-ip-protocol.xml.i new file mode 100644 index 000000000..c630eb3f7 --- /dev/null +++ b/interface-definitions/include/system-ip-protocol.xml.i @@ -0,0 +1,56 @@ +<!-- include start from system-ip-protocol.xml.i --> +<tagNode name="protocol"> + <properties> + <help>Filter routing info exchanged between routing protocol and zebra</help> + <completionHelp> + <list>any babel bgp connected eigrp isis kernel ospf rip static table</list> + </completionHelp> + <valueHelp> + <format>any</format> + <description>Any of the above protocols</description> + </valueHelp> + <valueHelp> + <format>babel</format> + <description>Babel routing protocol</description> + </valueHelp> + <valueHelp> + <format>bgp</format> + <description>Border Gateway Protocol</description> + </valueHelp> + <valueHelp> + <format>connected</format> + <description>Connected routes (directly attached subnet or host)</description> + </valueHelp> + <valueHelp> + <format>eigrp</format> + <description>Enhanced Interior Gateway Routing Protocol</description> + </valueHelp> + <valueHelp> + <format>isis</format> + <description>Intermediate System to Intermediate System</description> + </valueHelp> + <valueHelp> + <format>kernel</format> + <description>Kernel routes (not installed via the zebra RIB)</description> + </valueHelp> + <valueHelp> + <format>ospf</format> + <description>Open Shortest Path First (OSPFv2)</description> + </valueHelp> + <valueHelp> + <format>rip</format> + <description>Routing Information Protocol</description> + </valueHelp> + <valueHelp> + <format>static</format> + <description>Statically configured routes</description> + </valueHelp> + <constraint> + <regex>(any|babel|bgp|connected|eigrp|isis|kernel|ospf|rip|static|table)</regex> + </constraint> + </properties> + <children> + #include <include/route-map.xml.i> + </children> +</tagNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/system-ipv6-protocol.xml.i b/interface-definitions/include/system-ipv6-protocol.xml.i new file mode 100644 index 000000000..485776a71 --- /dev/null +++ b/interface-definitions/include/system-ipv6-protocol.xml.i @@ -0,0 +1,52 @@ +<!-- include start from system-ipv6-protocol.xml.i --> +<tagNode name="protocol"> + <properties> + <help>Filter routing info exchanged between routing protocol and zebra</help> + <completionHelp> + <list>any babel bgp connected isis kernel ospfv3 ripng static table</list> + </completionHelp> + <valueHelp> + <format>any</format> + <description>Any of the above protocols</description> + </valueHelp> + <valueHelp> + <format>babel</format> + <description>Babel routing protocol</description> + </valueHelp> + <valueHelp> + <format>bgp</format> + <description>Border Gateway Protocol</description> + </valueHelp> + <valueHelp> + <format>connected</format> + <description>Connected routes (directly attached subnet or host)</description> + </valueHelp> + <valueHelp> + <format>isis</format> + <description>Intermediate System to Intermediate System</description> + </valueHelp> + <valueHelp> + <format>kernel</format> + <description>Kernel routes (not installed via the zebra RIB)</description> + </valueHelp> + <valueHelp> + <format>ospfv3</format> + <description>Open Shortest Path First (OSPFv3)</description> + </valueHelp> + <valueHelp> + <format>ripng</format> + <description>Routing Information Protocol next-generation</description> + </valueHelp> + <valueHelp> + <format>static</format> + <description>Statically configured routes</description> + </valueHelp> + <constraint> + <regex>(any|babel|bgp|connected|isis|kernel|ospfv3|ripng|static|table)</regex> + </constraint> + </properties> + <children> + #include <include/route-map.xml.i> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/version/bgp-version.xml.i b/interface-definitions/include/version/bgp-version.xml.i index ced49e729..1386ea9bc 100644 --- a/interface-definitions/include/version/bgp-version.xml.i +++ b/interface-definitions/include/version/bgp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/bgp-version.xml.i --> -<syntaxVersion component='bgp' version='3'></syntaxVersion> +<syntaxVersion component='bgp' version='4'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/conntrack-version.xml.i b/interface-definitions/include/version/conntrack-version.xml.i index 696f76362..c0f632c70 100644 --- a/interface-definitions/include/version/conntrack-version.xml.i +++ b/interface-definitions/include/version/conntrack-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/conntrack-version.xml.i --> -<syntaxVersion component='conntrack' version='3'></syntaxVersion> +<syntaxVersion component='conntrack' version='4'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/container-version.xml.i b/interface-definitions/include/version/container-version.xml.i new file mode 100644 index 000000000..129469cec --- /dev/null +++ b/interface-definitions/include/version/container-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/container-version.xml.i --> +<syntaxVersion component='container' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/dns-dynamic-version.xml.i b/interface-definitions/include/version/dns-dynamic-version.xml.i new file mode 100644 index 000000000..b25fc6e76 --- /dev/null +++ b/interface-definitions/include/version/dns-dynamic-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/dns-dynamic-version.xml.i --> +<syntaxVersion component='dns-dynamic' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/dns-forwarding-version.xml.i b/interface-definitions/include/version/dns-forwarding-version.xml.i index fe817940a..86121ae5a 100644 --- a/interface-definitions/include/version/dns-forwarding-version.xml.i +++ b/interface-definitions/include/version/dns-forwarding-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/dns-forwarding-version.xml.i --> -<syntaxVersion component='dns-forwarding' version='3'></syntaxVersion> +<syntaxVersion component='dns-forwarding' version='4'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index 065925319..dd21bfaca 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/firewall-version.xml.i --> -<syntaxVersion component='firewall' version='8'></syntaxVersion> +<syntaxVersion component='firewall' version='11'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/interfaces-version.xml.i b/interface-definitions/include/version/interfaces-version.xml.i index 0a209bc3a..3d11ce888 100644 --- a/interface-definitions/include/version/interfaces-version.xml.i +++ b/interface-definitions/include/version/interfaces-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/interfaces-version.xml.i --> -<syntaxVersion component='interfaces' version='26'></syntaxVersion> +<syntaxVersion component='interfaces' version='30'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/ipsec-version.xml.i b/interface-definitions/include/version/ipsec-version.xml.i index 1c978e8e6..de7a9c088 100644 --- a/interface-definitions/include/version/ipsec-version.xml.i +++ b/interface-definitions/include/version/ipsec-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/ipsec-version.xml.i --> -<syntaxVersion component='ipsec' version='10'></syntaxVersion> +<syntaxVersion component='ipsec' version='12'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/isis-version.xml.i b/interface-definitions/include/version/isis-version.xml.i index 7bf12e81a..f50329b09 100644 --- a/interface-definitions/include/version/isis-version.xml.i +++ b/interface-definitions/include/version/isis-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/isis-version.xml.i --> -<syntaxVersion component='isis' version='2'></syntaxVersion> +<syntaxVersion component='isis' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/ntp-version.xml.i b/interface-definitions/include/version/ntp-version.xml.i index cc4ff9a1c..155c824dc 100644 --- a/interface-definitions/include/version/ntp-version.xml.i +++ b/interface-definitions/include/version/ntp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/ntp-version.xml.i --> -<syntaxVersion component='ntp' version='1'></syntaxVersion> +<syntaxVersion component='ntp' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/ospf-version.xml.i b/interface-definitions/include/version/ospf-version.xml.i index 755965daa..df108837b 100644 --- a/interface-definitions/include/version/ospf-version.xml.i +++ b/interface-definitions/include/version/ospf-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/ospf-version.xml.i --> -<syntaxVersion component='ospf' version='1'></syntaxVersion> +<syntaxVersion component='ospf' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/qos-version.xml.i b/interface-definitions/include/version/qos-version.xml.i index e4d139349..c67e61e91 100644 --- a/interface-definitions/include/version/qos-version.xml.i +++ b/interface-definitions/include/version/qos-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/qos-version.xml.i --> -<syntaxVersion component='qos' version='1'></syntaxVersion> +<syntaxVersion component='qos' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/quagga-version.xml.i b/interface-definitions/include/version/quagga-version.xml.i index f9944acce..23d884cd4 100644 --- a/interface-definitions/include/version/quagga-version.xml.i +++ b/interface-definitions/include/version/quagga-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/quagga-version.xml.i --> -<syntaxVersion component='quagga' version='10'></syntaxVersion> +<syntaxVersion component='quagga' version='11'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/rip-version.xml.i b/interface-definitions/include/version/rip-version.xml.i new file mode 100644 index 000000000..30ace486a --- /dev/null +++ b/interface-definitions/include/version/rip-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/rip-version.xml.i --> +<syntaxVersion component='rip' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/snmp-version.xml.i b/interface-definitions/include/version/snmp-version.xml.i index 0416288f0..fa58672a5 100644 --- a/interface-definitions/include/version/snmp-version.xml.i +++ b/interface-definitions/include/version/snmp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/snmp-version.xml.i --> -<syntaxVersion component='snmp' version='2'></syntaxVersion> +<syntaxVersion component='snmp' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/system-version.xml.i b/interface-definitions/include/version/system-version.xml.i index b7650c782..73df8bd8e 100644 --- a/interface-definitions/include/version/system-version.xml.i +++ b/interface-definitions/include/version/system-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/system-version.xml.i --> -<syntaxVersion component='system' version='25'></syntaxVersion> +<syntaxVersion component='system' version='26'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/vrrp-version.xml.i b/interface-definitions/include/version/vrrp-version.xml.i index 626dd6cbc..1514b19ab 100644 --- a/interface-definitions/include/version/vrrp-version.xml.i +++ b/interface-definitions/include/version/vrrp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/vrrp-version.xml.i --> -<syntaxVersion component='vrrp' version='3'></syntaxVersion> +<syntaxVersion component='vrrp' version='4'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/vrrp/garp.xml.i b/interface-definitions/include/vrrp/garp.xml.i new file mode 100644 index 000000000..b56b490df --- /dev/null +++ b/interface-definitions/include/vrrp/garp.xml.i @@ -0,0 +1,78 @@ +<!-- include start from vrrp/garp.xml.i --> +<node name="garp"> + <properties> + <help>Gratuitous ARP parameters</help> + </properties> + <children> + <leafNode name="interval"> + <properties> + <help>Interval between Gratuitous ARP</help> + <valueHelp> + <format><0.000-1000></format> + <description>Interval in seconds, resolution microseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0.000-1000 --float"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + <leafNode name="master-delay"> + <properties> + <help>Delay for second set of gratuitous ARPs after transition to master</help> + <valueHelp> + <format>u32:1-1000</format> + <description>Delay in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1000"/> + </constraint> + </properties> + <defaultValue>5</defaultValue> + </leafNode> + <leafNode name="master-refresh"> + <properties> + <help>Minimum time interval for refreshing gratuitous ARPs while beeing master</help> + <valueHelp> + <format>u32:0</format> + <description>No refresh</description> + </valueHelp> + <valueHelp> + <format>u32:1-255</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>5</defaultValue> + </leafNode> + <leafNode name="master-refresh-repeat"> + <properties> + <help>Number of gratuitous ARP messages to send at a time while beeing master</help> + <valueHelp> + <format>u32:1-255</format> + <description>Number of gratuitous ARP messages</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>1</defaultValue> + </leafNode> + <leafNode name="master-repeat"> + <properties> + <help>Number of gratuitous ARP messages to send at a time after transition to master</help> + <valueHelp> + <format>u32:1-255</format> + <description>Number of gratuitous ARP messages</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>5</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> |