diff options
Diffstat (limited to 'interface-definitions')
26 files changed, 253 insertions, 68 deletions
diff --git a/interface-definitions/include/conntrack/log-common.xml.i b/interface-definitions/include/conntrack/log-common.xml.i deleted file mode 100644 index 38799f8f4..000000000 --- a/interface-definitions/include/conntrack/log-common.xml.i +++ /dev/null @@ -1,20 +0,0 @@ -<!-- include start from conntrack/log-common.xml.i --> -<leafNode name="destroy"> - <properties> - <help>Log connection deletion</help> - <valueless/> - </properties> -</leafNode> -<leafNode name="new"> - <properties> - <help>Log connection creation</help> - <valueless/> - </properties> -</leafNode> -<leafNode name="update"> - <properties> - <help>Log connection updates</help> - <valueless/> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/conntrack/log-protocols.xml.i b/interface-definitions/include/conntrack/log-protocols.xml.i new file mode 100644 index 000000000..019250760 --- /dev/null +++ b/interface-definitions/include/conntrack/log-protocols.xml.i @@ -0,0 +1,26 @@ +<!-- include start from conntrack/log-protocols.xml.i --> +<leafNode name="icmp"> + <properties> + <help>Log connection tracking events for ICMP</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="other"> + <properties> + <help>Log connection tracking events for all protocols other than TCP, UDP and ICMP</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="tcp"> + <properties> + <help>Log connection tracking events for TCP</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="udp"> + <properties> + <help>Log connection tracking events for UDP</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index 55ffa3a8b..0acb08ec9 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -7,7 +7,6 @@ #include <include/generic-disable-node.xml.i> #include <include/firewall/dscp.xml.i> #include <include/firewall/fragment.xml.i> -#include <include/firewall/match-ipsec.xml.i> #include <include/firewall/limit.xml.i> #include <include/firewall/log.xml.i> #include <include/firewall/log-options.xml.i> diff --git a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i index 960c960db..e8da1a0e1 100644 --- a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i @@ -9,7 +9,6 @@ #include <include/firewall/limit.xml.i> #include <include/firewall/log.xml.i> #include <include/firewall/log-options.xml.i> -#include <include/firewall/match-ipsec.xml.i> #include <include/firewall/protocol.xml.i> #include <include/firewall/nft-queue.xml.i> #include <include/firewall/recent.xml.i> diff --git a/interface-definitions/include/firewall/common-rule-ipv6-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv6-raw.xml.i index 958167b89..3f7c5a0a3 100644 --- a/interface-definitions/include/firewall/common-rule-ipv6-raw.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv6-raw.xml.i @@ -9,7 +9,6 @@ #include <include/firewall/limit.xml.i> #include <include/firewall/log.xml.i> #include <include/firewall/log-options.xml.i> -#include <include/firewall/match-ipsec.xml.i> #include <include/firewall/protocol.xml.i> #include <include/firewall/nft-queue.xml.i> #include <include/firewall/recent.xml.i> diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i index cefb1ffa7..491d1a9f3 100644 --- a/interface-definitions/include/firewall/ipv4-hook-input.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i @@ -27,7 +27,7 @@ <children> #include <include/firewall/common-rule-ipv4.xml.i> #include <include/firewall/inbound-interface.xml.i> - #include <include/firewall/match-ipsec.xml.i> + #include <include/firewall/match-ipsec-in.xml.i> </children> </tagNode> </children> diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i index ca47ae09b..ee9157592 100644 --- a/interface-definitions/include/firewall/ipv4-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i @@ -26,6 +26,7 @@ </properties> <children> #include <include/firewall/common-rule-ipv4.xml.i> + #include <include/firewall/match-ipsec-out.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> @@ -53,6 +54,7 @@ </properties> <children> #include <include/firewall/common-rule-ipv4-raw.xml.i> + #include <include/firewall/match-ipsec-out.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> diff --git a/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i b/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i index 17ecfe824..b431303ae 100644 --- a/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i @@ -33,6 +33,7 @@ </properties> <children> #include <include/firewall/common-rule-ipv4-raw.xml.i> + #include <include/firewall/match-ipsec-in.xml.i> #include <include/firewall/inbound-interface.xml.i> <leafNode name="jump-target"> <properties> diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i index e1f41e64c..154b10259 100644 --- a/interface-definitions/include/firewall/ipv6-hook-input.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i @@ -27,7 +27,7 @@ <children> #include <include/firewall/common-rule-ipv6.xml.i> #include <include/firewall/inbound-interface.xml.i> - #include <include/firewall/match-ipsec.xml.i> + #include <include/firewall/match-ipsec-in.xml.i> </children> </tagNode> </children> diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i index f877cfaaf..d3c4c1ead 100644 --- a/interface-definitions/include/firewall/ipv6-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i @@ -26,6 +26,7 @@ </properties> <children> #include <include/firewall/common-rule-ipv6.xml.i> + #include <include/firewall/match-ipsec-out.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> @@ -53,6 +54,7 @@ </properties> <children> #include <include/firewall/common-rule-ipv6-raw.xml.i> + #include <include/firewall/match-ipsec-out.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> diff --git a/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i b/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i index 3f384828d..21f8de6f9 100644 --- a/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i @@ -33,6 +33,7 @@ </properties> <children> #include <include/firewall/common-rule-ipv6-raw.xml.i> + #include <include/firewall/match-ipsec-in.xml.i> #include <include/firewall/inbound-interface.xml.i> <leafNode name="jump-target"> <properties> diff --git a/interface-definitions/include/firewall/match-ipsec-in.xml.i b/interface-definitions/include/firewall/match-ipsec-in.xml.i new file mode 100644 index 000000000..62ed6466b --- /dev/null +++ b/interface-definitions/include/firewall/match-ipsec-in.xml.i @@ -0,0 +1,21 @@ +<!-- include start from firewall/match-ipsec-in.xml.i --> +<node name="ipsec"> + <properties> + <help>Inbound IPsec packets</help> + </properties> + <children> + <leafNode name="match-ipsec-in"> + <properties> + <help>Inbound traffic that was IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none-in"> + <properties> + <help>Inbound traffic that was not IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/match-ipsec-out.xml.i b/interface-definitions/include/firewall/match-ipsec-out.xml.i new file mode 100644 index 000000000..880fdd4d8 --- /dev/null +++ b/interface-definitions/include/firewall/match-ipsec-out.xml.i @@ -0,0 +1,21 @@ +<!-- include start from firewall/match-ipsec-out.xml.i --> +<node name="ipsec"> + <properties> + <help>Outbound IPsec packets</help> + </properties> + <children> + <leafNode name="match-ipsec-out"> + <properties> + <help>Outbound traffic to be IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none-out"> + <properties> + <help>Outbound traffic that will not be IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/match-ipsec.xml.i b/interface-definitions/include/firewall/match-ipsec.xml.i index 82c2b324d..d8d31ef1a 100644 --- a/interface-definitions/include/firewall/match-ipsec.xml.i +++ b/interface-definitions/include/firewall/match-ipsec.xml.i @@ -1,21 +1,33 @@ <!-- include start from firewall/match-ipsec.xml.i --> <node name="ipsec"> <properties> - <help>Inbound IPsec packets</help> + <help>IPsec encapsulated packets</help> </properties> <children> - <leafNode name="match-ipsec"> + <leafNode name="match-ipsec-in"> <properties> - <help>Inbound IPsec packets</help> + <help>Inbound traffic that was IPsec encapsulated</help> <valueless/> </properties> </leafNode> - <leafNode name="match-none"> + <leafNode name="match-none-in"> <properties> - <help>Inbound non-IPsec packets</help> + <help>Inbound traffic that was not IPsec encapsulated</help> <valueless/> </properties> </leafNode> + <leafNode name="match-ipsec-out"> + <properties> + <help>Outbound traffic to be IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none-out"> + <properties> + <help>Outbound traffic that will not be IPsec encapsulated</help> + <valueless/> + </properties> + </leafNode> </children> </node> <!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/haproxy/logging.xml.i b/interface-definitions/include/haproxy/logging.xml.i new file mode 100644 index 000000000..e0af54fa4 --- /dev/null +++ b/interface-definitions/include/haproxy/logging.xml.i @@ -0,0 +1,10 @@ +<!-- include start from haproxy/logging.xml.i --> +<node name="logging"> + <properties> + <help>Logging parameters</help> + </properties> + <children> + #include <include/syslog-facility.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i index 97795601e..203be73e7 100644 --- a/interface-definitions/include/policy/route-common.xml.i +++ b/interface-definitions/include/policy/route-common.xml.i @@ -128,6 +128,24 @@ </completionHelp> </properties> </leafNode> + <leafNode name="vrf"> + <properties> + <help>VRF to forward packet with</help> + <valueHelp> + <format>txt</format> + <description>VRF instance name</description> + </valueHelp> + <valueHelp> + <format>default</format> + <description>Forward into default global VRF</description> + </valueHelp> + <completionHelp> + <list>default</list> + <path>vrf name</path> + </completionHelp> + #include <include/constraint/vrf.xml.i> + </properties> + </leafNode> <leafNode name="tcp-mss"> <properties> <help>TCP Maximum Segment Size</help> diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index 560ed9e5f..a15cf0eec 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/firewall-version.xml.i --> -<syntaxVersion component='firewall' version='16'></syntaxVersion> +<syntaxVersion component='firewall' version='17'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/openvpn-version.xml.i b/interface-definitions/include/version/openvpn-version.xml.i index e4eb13b7c..67ef21983 100644 --- a/interface-definitions/include/version/openvpn-version.xml.i +++ b/interface-definitions/include/version/openvpn-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/openvpn-version.xml.i --> -<syntaxVersion component='openvpn' version='2'></syntaxVersion> +<syntaxVersion component='openvpn' version='4'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/interfaces_geneve.xml.in b/interface-definitions/interfaces_geneve.xml.in index c94113271..990c5bd91 100644 --- a/interface-definitions/interfaces_geneve.xml.in +++ b/interface-definitions/interfaces_geneve.xml.in @@ -52,6 +52,7 @@ #include <include/interface/mirror.xml.i> #include <include/interface/redirect.xml.i> #include <include/interface/tunnel-remote.xml.i> + #include <include/interface/vrf.xml.i> #include <include/vni.xml.i> </children> </tagNode> diff --git a/interface-definitions/interfaces_openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in index 23cc83e9a..13ef3ae5b 100644 --- a/interface-definitions/interfaces_openvpn.xml.in +++ b/interface-definitions/interfaces_openvpn.xml.in @@ -87,7 +87,7 @@ </constraint> </properties> </leafNode> - <leafNode name="ncp-ciphers"> + <leafNode name="data-ciphers"> <properties> <help>Cipher negotiation list for use in server or client mode</help> <completionHelp> @@ -589,25 +589,25 @@ <properties> <help>Topology for clients</help> <completionHelp> - <list>net30 point-to-point subnet</list> + <list>subnet point-to-point net30</list> </completionHelp> <valueHelp> - <format>net30</format> - <description>net30 topology</description> + <format>subnet</format> + <description>Subnet topology (recommended)</description> </valueHelp> <valueHelp> <format>point-to-point</format> <description>Point-to-point topology</description> </valueHelp> <valueHelp> - <format>subnet</format> - <description>Subnet topology</description> + <format>net30</format> + <description>net30 topology (deprecated)</description> </valueHelp> <constraint> <regex>(subnet|point-to-point|net30)</regex> </constraint> </properties> - <defaultValue>net30</defaultValue> + <defaultValue>subnet</defaultValue> </leafNode> <node name="mfa"> <properties> diff --git a/interface-definitions/interfaces_vxlan.xml.in b/interface-definitions/interfaces_vxlan.xml.in index 504c08e7e..937acb123 100644 --- a/interface-definitions/interfaces_vxlan.xml.in +++ b/interface-definitions/interfaces_vxlan.xml.in @@ -117,15 +117,35 @@ <format>u32:0-4094</format> <description>Virtual Local Area Network (VLAN) ID</description> </valueHelp> + <valueHelp> + <format><start-end></format> + <description>VLAN IDs range (use '-' as delimiter)</description> + </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-4094"/> + <validator name="numeric" argument="--allow-range --range 0-4094"/> </constraint> - <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> + <constraintErrorMessage>Not a valid VLAN ID or range, VLAN ID must be between 0 and 4094</constraintErrorMessage> </properties> <children> - #include <include/vni.xml.i> + <leafNode name="vni"> + <properties> + <help>Virtual Network Identifier</help> + <valueHelp> + <format>u32:0-16777214</format> + <description>VXLAN virtual network identifier</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>VXLAN virtual network IDs range (use '-' as delimiter)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-16777214"/> + </constraint> + <constraintErrorMessage>Not a valid VXLAN virtual network ID or range</constraintErrorMessage> + </properties> + </leafNode> </children> - </tagNode> + </tagNode> </children> </tagNode> </children> diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in index 0a62b3255..fdcb79b19 100644 --- a/interface-definitions/interfaces_wireless.xml.in +++ b/interface-definitions/interfaces_wireless.xml.in @@ -899,15 +899,16 @@ </properties> <defaultValue>wpa+wpa2</defaultValue> </leafNode> + #include <include/generic-username.xml.i> <leafNode name="passphrase"> <properties> - <help>WPA personal shared pass phrase. If you are using special characters in the WPA passphrase then single quotes are required.</help> + <help>WPA passphrase. If you are using special characters in the WPA passphrase then single quotes are required.</help> <valueHelp> <format>txt</format> - <description>Passphrase of at least 8 but not more than 63 printable characters</description> + <description>Passphrase of at least 8 but not more than 63 printable characters for WPA-Personal and any passphrase for WPA-Enterprise</description> </valueHelp> <constraint> - <regex>.{8,63}</regex> + <regex>[[:ascii:]]{1,256}</regex> </constraint> <constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage> </properties> @@ -940,6 +941,19 @@ <constraintErrorMessage>Invalid SSID</constraintErrorMessage> </properties> </leafNode> + <leafNode name="bssid"> + <properties> + <help>Basic Service Set Identifier (BSSID) - currently station mode only</help> + <valueHelp> + <format>macaddr</format> + <description>BSSID (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + <constraintErrorMessage>Invalid BSSID</constraintErrorMessage> + </properties> + </leafNode> <leafNode name="type"> <properties> <help>Wireless device type for this interface</help> diff --git a/interface-definitions/load-balancing_reverse-proxy.xml.in b/interface-definitions/load-balancing_reverse-proxy.xml.in index 1a432be6d..18274622c 100644 --- a/interface-definitions/load-balancing_reverse-proxy.xml.in +++ b/interface-definitions/load-balancing_reverse-proxy.xml.in @@ -36,6 +36,7 @@ </leafNode> #include <include/generic-description.xml.i> #include <include/listen-address.xml.i> + #include <include/haproxy/logging.xml.i> #include <include/haproxy/mode.xml.i> #include <include/port-number.xml.i> #include <include/haproxy/rule-frontend.xml.i> @@ -91,6 +92,7 @@ <defaultValue>round-robin</defaultValue> </leafNode> #include <include/generic-description.xml.i> + #include <include/haproxy/logging.xml.i> #include <include/haproxy/mode.xml.i> #include <include/haproxy/http-response-headers.xml.i> <node name="http-check"> @@ -254,6 +256,7 @@ <help>Global perfomance parameters and limits</help> </properties> <children> + #include <include/haproxy/logging.xml.i> <leafNode name="max-connections"> <properties> <help>Maximum allowed connections</help> diff --git a/interface-definitions/service_ssh.xml.in b/interface-definitions/service_ssh.xml.in index d9eee1ab8..221e451d1 100644 --- a/interface-definitions/service_ssh.xml.in +++ b/interface-definitions/service_ssh.xml.in @@ -146,6 +146,19 @@ </constraint> </properties> </leafNode> + <leafNode name="pubkey-accepted-algorithm"> + <properties> + <help>Allowed pubkey signature algorithms</help> + <completionHelp> + <!-- generated by ssh -Q PubkeyAcceptedAlgorithms | tr '\n' ' ' as this will not change dynamically --> + <list>ssh-ed25519 ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com ecdsa-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ecdsa-sha2-nistp256@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com webauthn-sk-ecdsa-sha2-nistp256@openssh.com ssh-dss ssh-dss-cert-v01@openssh.com ssh-rsa ssh-rsa-cert-v01@openssh.com rsa-sha2-256 rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512 rsa-sha2-512-cert-v01@openssh.com</list> + </completionHelp> + <multi/> + <constraint> + <regex>(ssh-ed25519|ssh-ed25519-cert-v01@openssh.com|sk-ssh-ed25519@openssh.com|sk-ssh-ed25519-cert-v01@openssh.com|ecdsa-sha2-nistp256|ecdsa-sha2-nistp256-cert-v01@openssh.com|ecdsa-sha2-nistp384|ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521|ecdsa-sha2-nistp521-cert-v01@openssh.com|sk-ecdsa-sha2-nistp256@openssh.com|sk-ecdsa-sha2-nistp256-cert-v01@openssh.com|webauthn-sk-ecdsa-sha2-nistp256@openssh.com|ssh-dss|ssh-dss-cert-v01@openssh.com|ssh-rsa|ssh-rsa-cert-v01@openssh.com|rsa-sha2-256|rsa-sha2-256-cert-v01@openssh.com|rsa-sha2-512|rsa-sha2-512-cert-v01@openssh.com)</regex> + </constraint> + </properties> + </leafNode> <leafNode name="key-exchange"> <properties> <help>Allowed key exchange (KEX) algorithms</help> diff --git a/interface-definitions/system_conntrack.xml.in b/interface-definitions/system_conntrack.xml.in index 0dfa2ea81..cd59d1308 100644 --- a/interface-definitions/system_conntrack.xml.in +++ b/interface-definitions/system_conntrack.xml.in @@ -223,41 +223,78 @@ </node> <node name="log"> <properties> - <help>Log connection tracking events per protocol</help> + <help>Log connection tracking</help> </properties> <children> - <node name="icmp"> + <node name="event"> <properties> - <help>Log connection tracking events for ICMP</help> + <help>Event type and protocol</help> </properties> <children> - #include <include/conntrack/log-common.xml.i> + <node name="destroy"> + <properties> + <help>Log connection deletion</help> + </properties> + <children> + #include <include/conntrack/log-protocols.xml.i> + </children> + </node> + <node name="new"> + <properties> + <help>Log connection creation</help> + </properties> + <children> + #include <include/conntrack/log-protocols.xml.i> + </children> + </node> + <node name="update"> + <properties> + <help>Log connection updates</help> + </properties> + <children> + #include <include/conntrack/log-protocols.xml.i> + </children> + </node> </children> </node> - <node name="other"> + <leafNode name="timestamp"> <properties> - <help>Log connection tracking events for all protocols other than TCP, UDP and ICMP</help> + <help>Log connection tracking events include flow-based timestamp</help> + <valueless/> </properties> - <children> - #include <include/conntrack/log-common.xml.i> - </children> - </node> - <node name="tcp"> + </leafNode> + <leafNode name="queue-size"> <properties> - <help>Log connection tracking events for TCP</help> + <help>Internal message queue size</help> + <valueHelp> + <format>u32:100-999999</format> + <description>Queue size</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Queue size must be between 100 and 999999</constraintErrorMessage> </properties> - <children> - #include <include/conntrack/log-common.xml.i> - </children> - </node> - <node name="udp"> + </leafNode> + <leafNode name="log-level"> <properties> - <help>Log connection tracking events for UDP</help> + <help>Set log-level. Log must be enable.</help> + <completionHelp> + <list>info debug</list> + </completionHelp> + <valueHelp> + <format>info</format> + <description>Info log level</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug log level</description> + </valueHelp> + <constraint> + <regex>(info|debug)</regex> + </constraint> </properties> - <children> - #include <include/conntrack/log-common.xml.i> - </children> - </node> + </leafNode> </children> </node> <node name="modules"> diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 7f425d982..4a7fde75b 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -99,6 +99,12 @@ </constraint> </properties> </leafNode> + <leafNode name="disable-rekey"> + <properties> + <help>Do not locally initiate a re-key of the SA, remote peer must re-key before expiration</help> + <valueless/> + </properties> + </leafNode> <leafNode name="mode"> <properties> <help>ESP mode</help> |