summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/container.xml.in29
-rw-r--r--interface-definitions/include/bgp/peer-group.xml.i2
-rw-r--r--interface-definitions/interfaces_geneve.xml.in1
-rw-r--r--interface-definitions/nat_cgnat.xml.in6
-rw-r--r--interface-definitions/service_monitoring_telegraf.xml.in33
-rw-r--r--interface-definitions/service_ssh.xml.in13
-rw-r--r--interface-definitions/service_suricata.xml.in238
-rw-r--r--interface-definitions/system_option.xml.in19
-rw-r--r--interface-definitions/vpn_openconnect.xml.in2
9 files changed, 103 insertions, 240 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
index 1ad7215e5..6ea44a6d4 100644
--- a/interface-definitions/container.xml.in
+++ b/interface-definitions/container.xml.in
@@ -71,6 +71,35 @@
<multi/>
</properties>
</leafNode>
+ <node name="sysctl">
+ <properties>
+ <help>Configure namespaced kernel parameters of the container</help>
+ </properties>
+ <children>
+ <tagNode name="parameter">
+ <properties>
+ <help>Sysctl key name</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_container_sysctl_parameters.sh</script>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Sysctl key name</description>
+ </valueHelp>
+ <constraint>
+ <validator name="sysctl"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="value">
+ <properties>
+ <help>Sysctl configuration value</help>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
#include <include/generic-description.xml.i>
<tagNode name="device">
<properties>
diff --git a/interface-definitions/include/bgp/peer-group.xml.i b/interface-definitions/include/bgp/peer-group.xml.i
index 3866fc017..c80d4a394 100644
--- a/interface-definitions/include/bgp/peer-group.xml.i
+++ b/interface-definitions/include/bgp/peer-group.xml.i
@@ -3,7 +3,7 @@
<properties>
<help>Peer group for this peer</help>
<completionHelp>
- <path>protocols bgp peer-group</path>
+ <path>${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-5} peer-group</path>
</completionHelp>
<valueHelp>
<format>txt</format>
diff --git a/interface-definitions/interfaces_geneve.xml.in b/interface-definitions/interfaces_geneve.xml.in
index c94113271..990c5bd91 100644
--- a/interface-definitions/interfaces_geneve.xml.in
+++ b/interface-definitions/interfaces_geneve.xml.in
@@ -52,6 +52,7 @@
#include <include/interface/mirror.xml.i>
#include <include/interface/redirect.xml.i>
#include <include/interface/tunnel-remote.xml.i>
+ #include <include/interface/vrf.xml.i>
#include <include/vni.xml.i>
</children>
</tagNode>
diff --git a/interface-definitions/nat_cgnat.xml.in b/interface-definitions/nat_cgnat.xml.in
index fce5e655d..71f4d67b0 100644
--- a/interface-definitions/nat_cgnat.xml.in
+++ b/interface-definitions/nat_cgnat.xml.in
@@ -8,6 +8,12 @@
<priority>221</priority>
</properties>
<children>
+ <leafNode name="log-allocation">
+ <properties>
+ <help>Log IP address and port allocation</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<node name="pool">
<properties>
<help>External and internal pool parameters</help>
diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in
index 2624023ea..2ac0d940e 100644
--- a/interface-definitions/service_monitoring_telegraf.xml.in
+++ b/interface-definitions/service_monitoring_telegraf.xml.in
@@ -148,6 +148,39 @@
#include <include/url-http-https.xml.i>
</children>
</node>
+ <node name="loki">
+ <properties>
+ <help>Output plugin Loki</help>
+ </properties>
+ <children>
+ <node name="authentication">
+ <properties>
+ <help>HTTP basic authentication parameters</help>
+ </properties>
+ <children>
+ #include <include/generic-username.xml.i>
+ #include <include/generic-password.xml.i>
+ </children>
+ </node>
+ <leafNode name="metric-name-label">
+ <properties>
+ <help>Metric name label</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Label to use for the metric name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ </properties>
+ </leafNode>
+ #include <include/port-number.xml.i>
+ <leafNode name="port">
+ <defaultValue>3100</defaultValue>
+ </leafNode>
+ #include <include/url-http-https.xml.i>
+ </children>
+ </node>
<leafNode name="source">
<properties>
<help>Source parameters for monitoring</help>
diff --git a/interface-definitions/service_ssh.xml.in b/interface-definitions/service_ssh.xml.in
index d9eee1ab8..221e451d1 100644
--- a/interface-definitions/service_ssh.xml.in
+++ b/interface-definitions/service_ssh.xml.in
@@ -146,6 +146,19 @@
</constraint>
</properties>
</leafNode>
+ <leafNode name="pubkey-accepted-algorithm">
+ <properties>
+ <help>Allowed pubkey signature algorithms</help>
+ <completionHelp>
+ <!-- generated by ssh -Q PubkeyAcceptedAlgorithms | tr '\n' ' ' as this will not change dynamically -->
+ <list>ssh-ed25519 ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com ecdsa-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ecdsa-sha2-nistp256@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com webauthn-sk-ecdsa-sha2-nistp256@openssh.com ssh-dss ssh-dss-cert-v01@openssh.com ssh-rsa ssh-rsa-cert-v01@openssh.com rsa-sha2-256 rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512 rsa-sha2-512-cert-v01@openssh.com</list>
+ </completionHelp>
+ <multi/>
+ <constraint>
+ <regex>(ssh-ed25519|ssh-ed25519-cert-v01@openssh.com|sk-ssh-ed25519@openssh.com|sk-ssh-ed25519-cert-v01@openssh.com|ecdsa-sha2-nistp256|ecdsa-sha2-nistp256-cert-v01@openssh.com|ecdsa-sha2-nistp384|ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521|ecdsa-sha2-nistp521-cert-v01@openssh.com|sk-ecdsa-sha2-nistp256@openssh.com|sk-ecdsa-sha2-nistp256-cert-v01@openssh.com|webauthn-sk-ecdsa-sha2-nistp256@openssh.com|ssh-dss|ssh-dss-cert-v01@openssh.com|ssh-rsa|ssh-rsa-cert-v01@openssh.com|rsa-sha2-256|rsa-sha2-256-cert-v01@openssh.com|rsa-sha2-512|rsa-sha2-512-cert-v01@openssh.com)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
<leafNode name="key-exchange">
<properties>
<help>Allowed key exchange (KEX) algorithms</help>
diff --git a/interface-definitions/service_suricata.xml.in b/interface-definitions/service_suricata.xml.in
deleted file mode 100644
index e0159e2ba..000000000
--- a/interface-definitions/service_suricata.xml.in
+++ /dev/null
@@ -1,238 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
- <node name="service">
- <children>
- <node name="suricata" owner="${vyos_conf_scripts_dir}/service_suricata.py">
- <properties>
- <help>Network IDS, IPS and Security Monitoring</help>
- <priority>740</priority>
- </properties>
- <children>
- #include <include/generic-interface-multi.xml.i>
- <tagNode name="address-group">
- <properties>
- <help>Address group name</help>
- <constraint>
- <regex>[a-z0-9-]+</regex>
- </constraint>
- </properties>
- <children>
- <leafNode name="address">
- <properties>
- <help>IP address or subnet</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address to match</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address to match</description>
- </valueHelp>
- <valueHelp>
- <format>ipv4net</format>
- <description>IPv4 prefix to match</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6net</format>
- <description>IPv6 prefix to match</description>
- </valueHelp>
- <valueHelp>
- <format>!ipv4</format>
- <description>Exclude the specified IPv4 address from matches</description>
- </valueHelp>
- <valueHelp>
- <format>!ipv6</format>
- <description>Exclude the specified IPv6 address from matches</description>
- </valueHelp>
- <valueHelp>
- <format>!ipv4net</format>
- <description>Exclude the specified IPv6 prefix from matches</description>
- </valueHelp>
- <valueHelp>
- <format>!ipv6net</format>
- <description>Exclude the specified IPv6 prefix from matches</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- <validator name="ipv6-address"/>
- <validator name="ipv4-prefix"/>
- <validator name="ipv6-prefix"/>
- <validator name="ipv4-address-exclude"/>
- <validator name="ipv6-address-exclude"/>
- <validator name="ipv4-prefix-exclude"/>
- <validator name="ipv6-prefix-exclude"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="group">
- <properties>
- <help>Address group</help>
- <completionHelp>
- <path>service ids suricata address-group</path>
- </completionHelp>
- <valueHelp>
- <format>txt</format>
- <description>Address group to match</description>
- </valueHelp>
- <valueHelp>
- <format>!txt</format>
- <description>Exclude the specified address group from matches</description>
- </valueHelp>
- <constraint>
- <regex>!?[a-z0-9-]+</regex>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- <tagNode name="port-group">
- <properties>
- <help>Port group name</help>
- <constraint>
- <regex>[a-z0-9-]+</regex>
- </constraint>
- </properties>
- <children>
- <leafNode name="port">
- <properties>
- <help>Port number</help>
- <valueHelp>
- <format>u32:1-65535</format>
- <description>Numeric port to match</description>
- </valueHelp>
- <valueHelp>
- <format>!u32:1-65535</format>
- <description>Numeric port to exclude from matches</description>
- </valueHelp>
- <valueHelp>
- <format>start-end</format>
- <description>Numbered port range (e.g. 1001-1005) to match</description>
- </valueHelp>
- <valueHelp>
- <format>!start-end</format>
- <description>Numbered port range (e.g. !1001-1005) to exclude from matches</description>
- </valueHelp>
- <constraint>
- <validator name="port-range"/>
- <validator name="port-range-exclude"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="group">
- <properties>
- <help>Port group</help>
- <completionHelp>
- <path>service ids suricata port-group</path>
- </completionHelp>
- <valueHelp>
- <format>txt</format>
- <description>Port group to match</description>
- </valueHelp>
- <valueHelp>
- <format>!txt</format>
- <description>Exclude the specified port group from matches</description>
- </valueHelp>
- <constraint>
- <regex>!?[a-z0-9-]+</regex>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- <node name="log">
- <properties>
- <help>Suricata log outputs</help>
- </properties>
- <children>
- <node name="eve">
- <properties>
- <help>Extensible Event Format (EVE)</help>
- </properties>
- <children>
- <leafNode name="filetype">
- <properties>
- <help>EVE logging destination</help>
- <completionHelp>
- <list>regular syslog</list>
- </completionHelp>
- <valueHelp>
- <format>regular</format>
- <description>Log to filename</description>
- </valueHelp>
- <valueHelp>
- <format>syslog</format>
- <description>Log to syslog</description>
- </valueHelp>
- <constraint>
- <regex>(regular|syslog)</regex>
- </constraint>
- </properties>
- <defaultValue>regular</defaultValue>
- </leafNode>
- <leafNode name="filename">
- <properties>
- <help>Log file</help>
- <valueHelp>
- <format>filename</format>
- <description>File name in default Suricata log directory</description>
- </valueHelp>
- <valueHelp>
- <format>/path</format>
- <description>Absolute file path</description>
- </valueHelp>
- </properties>
- <defaultValue>eve.json</defaultValue>
- </leafNode>
- <leafNode name="type">
- <properties>
- <help>Log types</help>
- <completionHelp>
- <list>alert anomaly drop files http dns tls smtp dnp3 ftp rdp nfs smb tftp ikev2 dcerpc krb5 snmp rfb sip dhcp ssh mqtt http2 flow netflow</list>
- </completionHelp>
- <valueHelp>
- <format>alert</format>
- <description>Record events for rule matches</description>
- </valueHelp>
- <valueHelp>
- <format>anomaly</format>
- <description>Record unexpected conditions such as truncated packets, packets with invalid IP/UDP/TCP length values, and other events that render the packet invalid for further processing or describe unexpected behavior on an established stream</description>
- </valueHelp>
- <valueHelp>
- <format>drop</format>
- <description>Record events for dropped packets</description>
- </valueHelp>
- <valueHelp>
- <format>file</format>
- <description>Record file details (e.g., MD5) for files extracted from application protocols (e.g., HTTP)</description>
- </valueHelp>
- <valueHelp>
- <format>application (http, dns, tls, ...)</format>
- <description>Record application-level transactions</description>
- </valueHelp>
- <valueHelp>
- <format>flow</format>
- <description>Record bi-directional flows</description>
- </valueHelp>
- <valueHelp>
- <format>netflow</format>
- <description>Record uni-directional flows</description>
- </valueHelp>
- <constraint>
- <regex>(alert|anomaly|http|dns|tls|files|drop|smtp|dnp3|ftp|rdp|nfs|smb|tftp|ikev2|dcerpc|krb5|snmp|rfb|sip|dhcp|ssh|mqtt|http2|flow|netflow)</regex>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- </children>
- </node>
- </children>
- </node>
- </children>
- </node>
- </children>
- </node>
-</interfaceDefinition>
diff --git a/interface-definitions/system_option.xml.in b/interface-definitions/system_option.xml.in
index fe517d17d..e78a53552 100644
--- a/interface-definitions/system_option.xml.in
+++ b/interface-definitions/system_option.xml.in
@@ -49,6 +49,19 @@
<valueless/>
</properties>
</leafNode>
+ <node name="debug">
+ <properties>
+ <help>Dynamic debugging for kernel module</help>
+ </properties>
+ <children>
+ <leafNode name="wireguard">
+ <properties>
+ <help>Dynamic debugging for Wireguard module</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
</children>
</node>
<leafNode name="keyboard-layout">
@@ -183,6 +196,12 @@
</properties>
<defaultValue>12-hour</defaultValue>
</leafNode>
+ <leafNode name="disable-usb-autosuspend">
+ <properties>
+ <help>Disable autosuspend for all USB devices</help>
+ <valueless/>
+ </properties>
+ </leafNode>
</children>
</node>
</children>
diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
index 7849d6886..a2f040b2f 100644
--- a/interface-definitions/vpn_openconnect.xml.in
+++ b/interface-definitions/vpn_openconnect.xml.in
@@ -275,7 +275,7 @@
<help>SSL Certificate, SSL Key and CA</help>
</properties>
<children>
- #include <include/pki/ca-certificate.xml.i>
+ #include <include/pki/ca-certificate-multi.xml.i>
#include <include/pki/certificate-key.xml.i>
</children>
</node>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 08:48:22 +0000