summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/accel-ppp/client-ip-pool.xml.i4
-rw-r--r--interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i11
-rw-r--r--interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i17
-rw-r--r--interface-definitions/include/accel-ppp/default-pool.xml.i3
-rw-r--r--interface-definitions/include/bfd/common.xml.i12
-rw-r--r--interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i32
-rw-r--r--interface-definitions/include/bgp/afi-sid.xml.i36
-rw-r--r--interface-definitions/include/bgp/protocol-common-config.xml.i6
-rw-r--r--interface-definitions/include/constraint/email.xml.i3
-rw-r--r--interface-definitions/include/dhcp/option-v4.xml.i257
-rw-r--r--interface-definitions/include/dhcp/option-v6.xml.i110
-rw-r--r--interface-definitions/include/firewall/common-rule-inet.xml.i19
-rw-r--r--interface-definitions/include/firewall/ipv4-custom-name.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv4-hook-forward.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv4-hook-input.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv6-custom-name.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv6-hook-forward.xml.i1
-rw-r--r--interface-definitions/include/firewall/ipv6-hook-input.xml.i1
-rw-r--r--interface-definitions/include/firewall/match-ipsec.xml.i21
-rw-r--r--interface-definitions/include/haproxy/rule-backend.xml.i2
-rw-r--r--interface-definitions/include/listen-interface-multi-broadcast.xml.i18
-rw-r--r--interface-definitions/include/pki/dh-params.xml.i10
-rw-r--r--interface-definitions/include/qos/hfsc-m1.xml.i2
-rw-r--r--interface-definitions/include/qos/hfsc-m2.xml.i2
-rw-r--r--interface-definitions/include/version/bgp-version.xml.i2
-rw-r--r--interface-definitions/include/version/conntrack-version.xml.i2
-rw-r--r--interface-definitions/include/version/dhcp-server-version.xml.i2
-rw-r--r--interface-definitions/include/version/dhcpv6-server-version.xml.i2
-rw-r--r--interface-definitions/include/version/dns-dynamic-version.xml.i2
-rw-r--r--interface-definitions/include/version/https-version.xml.i2
-rw-r--r--interface-definitions/include/version/ipoe-server-version.xml.i2
-rw-r--r--interface-definitions/include/version/ipsec-version.xml.i2
-rw-r--r--interface-definitions/include/version/l2tp-version.xml.i2
-rw-r--r--interface-definitions/include/version/pppoe-server-version.xml.i2
-rw-r--r--interface-definitions/include/version/sstp-version.xml.i2
-rw-r--r--interface-definitions/interfaces_openvpn.xml.in9
-rw-r--r--interface-definitions/pki.xml.in54
-rw-r--r--interface-definitions/service_dhcp-server.xml.in255
-rw-r--r--interface-definitions/service_dhcpv6-server.xml.in152
-rw-r--r--interface-definitions/service_dns_dynamic.xml.in47
-rw-r--r--interface-definitions/service_dns_forwarding.xml.in98
-rw-r--r--interface-definitions/service_https.xml.in107
-rw-r--r--interface-definitions/service_ipoe-server.xml.in1
-rw-r--r--interface-definitions/service_ndp-proxy.xml.in1
-rw-r--r--interface-definitions/service_ntp.xml.in36
-rw-r--r--interface-definitions/service_pppoe-server.xml.in1
-rw-r--r--interface-definitions/system_config-management.xml.in10
-rw-r--r--interface-definitions/system_option.xml.in13
-rw-r--r--interface-definitions/system_sflow.xml.in1
-rw-r--r--interface-definitions/vpn_ipsec.xml.in14
-rw-r--r--interface-definitions/vpn_l2tp.xml.in1
-rw-r--r--interface-definitions/vpn_pptp.xml.in1
-rw-r--r--interface-definitions/vpn_sstp.xml.in1
53 files changed, 865 insertions, 530 deletions
diff --git a/interface-definitions/include/accel-ppp/client-ip-pool.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i
index 71fe69f8d..b30a5ee01 100644
--- a/interface-definitions/include/accel-ppp/client-ip-pool.xml.i
+++ b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i
@@ -27,11 +27,15 @@
<validator name="ipv4-host"/>
<validator name="ipv4-range-mask" argument="-m 24 -r"/>
</constraint>
+ <multi/>
</properties>
</leafNode>
<leafNode name="next-pool">
<properties>
<help>Next pool name</help>
+ <completionHelp>
+ <path>${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-4}</path>
+ </completionHelp>
<valueHelp>
<format>txt</format>
<description>Name of IP pool</description>
diff --git a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i
index 774741a5e..0c8c2e34c 100644
--- a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i
+++ b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i
@@ -1,7 +1,14 @@
<!-- include start from accel-ppp/client-ipv6-pool.xml.i -->
-<node name="client-ipv6-pool">
+<tagNode name="client-ipv6-pool">
<properties>
<help>Pool of client IPv6 addresses</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Name of IPv6 pool</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
</properties>
<children>
<tagNode name="prefix">
@@ -58,5 +65,5 @@
</children>
</tagNode>
</children>
-</node>
+</tagNode>
<!-- include end -->
diff --git a/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i b/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i
new file mode 100644
index 000000000..1093f6713
--- /dev/null
+++ b/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i
@@ -0,0 +1,17 @@
+<!-- include start from accel-ppp/default-pool.xml.i -->
+<leafNode name="default-ipv6-pool">
+ <properties>
+ <help>Default client IPv6 pool name</help>
+ <completionHelp>
+ <path>${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-3} client-ipv6-pool</path>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Default IPv6 pool</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/accel-ppp/default-pool.xml.i b/interface-definitions/include/accel-ppp/default-pool.xml.i
index a08b066b1..e06642c37 100644
--- a/interface-definitions/include/accel-ppp/default-pool.xml.i
+++ b/interface-definitions/include/accel-ppp/default-pool.xml.i
@@ -2,6 +2,9 @@
<leafNode name="default-pool">
<properties>
<help>Default client IP pool name</help>
+ <completionHelp>
+ <path>${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-3} client-ip-pool</path>
+ </completionHelp>
<valueHelp>
<format>txt</format>
<description>Default IP pool</description>
diff --git a/interface-definitions/include/bfd/common.xml.i b/interface-definitions/include/bfd/common.xml.i
index 126ab9b9a..8e6999d28 100644
--- a/interface-definitions/include/bfd/common.xml.i
+++ b/interface-definitions/include/bfd/common.xml.i
@@ -63,6 +63,18 @@
</leafNode>
</children>
</node>
+<leafNode name="minimum-ttl">
+ <properties>
+ <help>Expect packets with at least this TTL</help>
+ <valueHelp>
+ <format>u32:1-254</format>
+ <description>Minimum TTL expected</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-254"/>
+ </constraint>
+ </properties>
+</leafNode>
<leafNode name="passive">
<properties>
<help>Do not attempt to start sessions</help>
diff --git a/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i b/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i
new file mode 100644
index 000000000..d90597f37
--- /dev/null
+++ b/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i
@@ -0,0 +1,32 @@
+<!-- include start from bgp/afi-nexthop-vpn-export.xml.i -->
+<node name="nexthop">
+ <properties>
+ <help>Specify next hop to use for VRF advertised prefixes</help>
+ </properties>
+ <children>
+ <node name="vpn">
+ <properties>
+ <help>Between current address-family and vpn</help>
+ </properties>
+ <children>
+ <leafNode name="export">
+ <properties>
+ <help>For routes leaked from current address-family to vpn</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>BGP neighbor IP address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>BGP neighbor IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+</node>
+ <!-- include end -->
diff --git a/interface-definitions/include/bgp/afi-sid.xml.i b/interface-definitions/include/bgp/afi-sid.xml.i
new file mode 100644
index 000000000..38a3dcf9b
--- /dev/null
+++ b/interface-definitions/include/bgp/afi-sid.xml.i
@@ -0,0 +1,36 @@
+<!-- include start from bgp/sid.xml.i -->
+<node name="sid">
+ <properties>
+ <help>SID value for VRF</help>
+ </properties>
+ <children>
+ <node name="vpn">
+ <properties>
+ <help>Between current VRF and VPN</help>
+ </properties>
+ <children>
+ <leafNode name="export">
+ <properties>
+ <help>For routes leaked from current VRF to VPN</help>
+ <completionHelp>
+ <list>auto</list>
+ </completionHelp>
+ <valueHelp>
+ <format>u32:1-1048575</format>
+ <description>SID allocation index</description>
+ </valueHelp>
+ <valueHelp>
+ <format>auto</format>
+ <description>Automatically assign a label</description>
+ </valueHelp>
+ <constraint>
+ <regex>auto</regex>
+ <validator name="numeric" argument="--range 1-1048575"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ <!-- include end -->
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index dce61ee77..9895b025c 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -120,6 +120,7 @@
#include <include/bgp/afi-rd.xml.i>
#include <include/bgp/afi-route-map-vpn.xml.i>
#include <include/bgp/afi-route-target-vpn.xml.i>
+ #include <include/bgp/afi-nexthop-vpn-export.xml.i>
<node name="redistribute">
<properties>
<help>Redistribute routes from other protocols into BGP</help>
@@ -188,6 +189,7 @@
</leafNode>
</children>
</node>
+ #include <include/bgp/afi-sid.xml.i>
</children>
</node>
<node name="ipv4-multicast">
@@ -495,6 +497,7 @@
#include <include/bgp/afi-rd.xml.i>
#include <include/bgp/afi-route-map-vpn.xml.i>
#include <include/bgp/afi-route-target-vpn.xml.i>
+ #include <include/bgp/afi-nexthop-vpn-export.xml.i>
<node name="redistribute">
<properties>
<help>Redistribute routes from other protocols into BGP</help>
@@ -555,6 +558,7 @@
</leafNode>
</children>
</node>
+ #include <include/bgp/afi-sid.xml.i>
</children>
</node>
<node name="ipv6-multicast">
@@ -1698,8 +1702,10 @@
</properties>
<children>
#include <include/bgp/neighbor-afi-ipv4-unicast.xml.i>
+ #include <include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv4-vpn.xml.i>
#include <include/bgp/neighbor-afi-ipv6-unicast.xml.i>
+ #include <include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i>
#include <include/bgp/neighbor-afi-ipv6-vpn.xml.i>
#include <include/bgp/neighbor-afi-l2vpn-evpn.xml.i>
</children>
diff --git a/interface-definitions/include/constraint/email.xml.i b/interface-definitions/include/constraint/email.xml.i
new file mode 100644
index 000000000..b19a88d64
--- /dev/null
+++ b/interface-definitions/include/constraint/email.xml.i
@@ -0,0 +1,3 @@
+<!-- include start from constraint/email.xml.i -->
+<regex>[^\s@]+@([^\s@.,]+\.)+[^\s@.,]{2,}</regex>
+<!-- include end -->
diff --git a/interface-definitions/include/dhcp/option-v4.xml.i b/interface-definitions/include/dhcp/option-v4.xml.i
new file mode 100644
index 000000000..bd6fc6043
--- /dev/null
+++ b/interface-definitions/include/dhcp/option-v4.xml.i
@@ -0,0 +1,257 @@
+<!-- include start from dhcp/option-v4.xml.i -->
+<node name="option">
+ <properties>
+ <help>DHCP option</help>
+ </properties>
+ <children>
+ #include <include/dhcp/captive-portal.xml.i>
+ #include <include/dhcp/domain-name.xml.i>
+ #include <include/dhcp/domain-search.xml.i>
+ #include <include/dhcp/ntp-server.xml.i>
+ #include <include/name-server-ipv4.xml.i>
+ <leafNode name="bootfile-name">
+ <properties>
+ <help>Bootstrap file name</help>
+ <constraint>
+ <regex>[[:ascii:]]{1,253}</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="bootfile-server">
+ <properties>
+ <help>Server from which the initial boot file is to be loaded</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Bootfile server IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>hostname</format>
+ <description>Bootfile server FQDN</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="fqdn"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="bootfile-size">
+ <properties>
+ <help>Bootstrap file size</help>
+ <valueHelp>
+ <format>u32:1-16</format>
+ <description>Bootstrap file size in 512 byte blocks</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-16"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="client-prefix-length">
+ <properties>
+ <help>Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used.</help>
+ <valueHelp>
+ <format>u32:0-32</format>
+ <description>DHCP client prefix length must be 0 to 32</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-32"/>
+ </constraint>
+ <constraintErrorMessage>DHCP client prefix length must be 0 to 32</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="default-router">
+ <properties>
+ <help>IP address of default router</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Default router IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="ip-forwarding">
+ <properties>
+ <help>Enable IP forwarding on client</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="ipv6-only-preferred">
+ <properties>
+ <help>Disable IPv4 on IPv6 only hosts (RFC 8925)</help>
+ <valueHelp>
+ <format>u32</format>
+ <description>Seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-4294967295"/>
+ </constraint>
+ <constraintErrorMessage>Seconds must be between 0 and 4294967295 (49 days)</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="pop-server">
+ <properties>
+ <help>IP address of POP3 server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>POP3 server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="server-identifier">
+ <properties>
+ <help>Address for DHCP server identifier</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>DHCP server identifier IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="smtp-server">
+ <properties>
+ <help>IP address of SMTP server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>SMTP server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <tagNode name="static-route">
+ <properties>
+ <help>Classless static route destination subnet</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="next-hop">
+ <properties>
+ <help>IP address of router to be used to reach the destination subnet</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address of router</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode >
+ <leafNode name="tftp-server-name">
+ <properties>
+ <help>TFTP server name</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>TFTP server IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>hostname</format>
+ <description>TFTP server FQDN</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="fqdn"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="time-offset">
+ <properties>
+ <help>Client subnet offset in seconds from Coordinated Universal Time (UTC)</help>
+ <valueHelp>
+ <format>[-]N</format>
+ <description>Time offset (number, may be negative)</description>
+ </valueHelp>
+ <constraint>
+ <regex>-?[0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid time offset value</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="time-server">
+ <properties>
+ <help>IP address of time server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Time server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="time-zone">
+ <properties>
+ <help>Time zone to send to clients. Uses RFC4833 options 100 and 101</help>
+ <completionHelp>
+ <script>timedatectl list-timezones</script>
+ </completionHelp>
+ <constraint>
+ <validator name="timezone" argument="--validate"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="vendor-option">
+ <properties>
+ <help>Vendor Specific Options</help>
+ </properties>
+ <children>
+ <node name="ubiquiti">
+ <properties>
+ <help>Ubiquiti specific parameters</help>
+ </properties>
+ <children>
+ <leafNode name="unifi-controller">
+ <properties>
+ <help>Address of UniFi controller</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IP address of UniFi controller</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ <leafNode name="wins-server">
+ <properties>
+ <help>IP address for Windows Internet Name Service (WINS) server</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>WINS server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="wpad-url">
+ <properties>
+ <help>Web Proxy Autodiscovery (WPAD) URL</help>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/dhcp/option-v6.xml.i b/interface-definitions/include/dhcp/option-v6.xml.i
new file mode 100644
index 000000000..1df0c3934
--- /dev/null
+++ b/interface-definitions/include/dhcp/option-v6.xml.i
@@ -0,0 +1,110 @@
+<!-- include start from dhcp/option-v6.xml.i -->
+<node name="option">
+ <properties>
+ <help>DHCPv6 option</help>
+ </properties>
+ <children>
+ #include <include/dhcp/captive-portal.xml.i>
+ #include <include/dhcp/domain-search.xml.i>
+ #include <include/name-server-ipv6.xml.i>
+ <leafNode name="nis-domain">
+ <properties>
+ <help>NIS domain name for client to use</help>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ <constraintErrorMessage>Invalid NIS domain name</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="nis-server">
+ <properties>
+ <help>IPv6 address of a NIS Server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of NIS server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="nisplus-domain">
+ <properties>
+ <help>NIS+ domain name for client to use</help>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ <constraintErrorMessage>Invalid NIS+ domain name. May only contain letters, numbers and .-_</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="nisplus-server">
+ <properties>
+ <help>IPv6 address of a NIS+ Server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of NIS+ server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="sip-server">
+ <properties>
+ <help>IPv6 address of SIP server</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of SIP server</description>
+ </valueHelp>
+ <valueHelp>
+ <format>hostname</format>
+ <description>FQDN of SIP server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ <validator name="fqdn"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="sntp-server">
+ <properties>
+ <help>IPv6 address of an SNTP server for client to use</help>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <node name="vendor-option">
+ <properties>
+ <help>Vendor Specific Options</help>
+ </properties>
+ <children>
+ <node name="cisco">
+ <properties>
+ <help>Cisco specific parameters</help>
+ </properties>
+ <children>
+ <leafNode name="tftp-server">
+ <properties>
+ <help>TFTP server name</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>TFTP server IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i
index 6f56ecc85..85189d975 100644
--- a/interface-definitions/include/firewall/common-rule-inet.xml.i
+++ b/interface-definitions/include/firewall/common-rule-inet.xml.i
@@ -32,25 +32,6 @@
</leafNode>
</children>
</node>
-<node name="ipsec">
- <properties>
- <help>Inbound IPsec packets</help>
- </properties>
- <children>
- <leafNode name="match-ipsec">
- <properties>
- <help>Inbound IPsec packets</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="match-none">
- <properties>
- <help>Inbound non-IPsec packets</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
-</node>
<node name="limit">
<properties>
<help>Rate limit using a token bucket filter</help>
diff --git a/interface-definitions/include/firewall/ipv4-custom-name.xml.i b/interface-definitions/include/firewall/ipv4-custom-name.xml.i
index 8199d15fe..8046b2d6c 100644
--- a/interface-definitions/include/firewall/ipv4-custom-name.xml.i
+++ b/interface-definitions/include/firewall/ipv4-custom-name.xml.i
@@ -33,6 +33,7 @@
<children>
#include <include/firewall/common-rule-ipv4.xml.i>
#include <include/firewall/inbound-interface.xml.i>
+ #include <include/firewall/match-ipsec.xml.i>
#include <include/firewall/offload-target.xml.i>
#include <include/firewall/outbound-interface.xml.i>
</children>
diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
index de2c70482..b0e240a03 100644
--- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
@@ -28,6 +28,7 @@
#include <include/firewall/action-forward.xml.i>
#include <include/firewall/common-rule-ipv4.xml.i>
#include <include/firewall/inbound-interface.xml.i>
+ #include <include/firewall/match-ipsec.xml.i>
#include <include/firewall/offload-target.xml.i>
#include <include/firewall/outbound-interface.xml.i>
</children>
diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i
index 5d32657ea..cefb1ffa7 100644
--- a/interface-definitions/include/firewall/ipv4-hook-input.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i
@@ -27,6 +27,7 @@
<children>
#include <include/firewall/common-rule-ipv4.xml.i>
#include <include/firewall/inbound-interface.xml.i>
+ #include <include/firewall/match-ipsec.xml.i>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/include/firewall/ipv6-custom-name.xml.i b/interface-definitions/include/firewall/ipv6-custom-name.xml.i
index 5748b3927..fb8740c38 100644
--- a/interface-definitions/include/firewall/ipv6-custom-name.xml.i
+++ b/interface-definitions/include/firewall/ipv6-custom-name.xml.i
@@ -33,6 +33,7 @@
<children>
#include <include/firewall/common-rule-ipv6.xml.i>
#include <include/firewall/inbound-interface.xml.i>
+ #include <include/firewall/match-ipsec.xml.i>
#include <include/firewall/offload-target.xml.i>
#include <include/firewall/outbound-interface.xml.i>
</children>
diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
index b53f09f59..7efc2614e 100644
--- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
@@ -28,6 +28,7 @@
#include <include/firewall/action-forward.xml.i>
#include <include/firewall/common-rule-ipv6.xml.i>
#include <include/firewall/inbound-interface.xml.i>
+ #include <include/firewall/match-ipsec.xml.i>
#include <include/firewall/offload-target.xml.i>
#include <include/firewall/outbound-interface.xml.i>
</children>
diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i
index 493611fb1..e1f41e64c 100644
--- a/interface-definitions/include/firewall/ipv6-hook-input.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i
@@ -27,6 +27,7 @@
<children>
#include <include/firewall/common-rule-ipv6.xml.i>
#include <include/firewall/inbound-interface.xml.i>
+ #include <include/firewall/match-ipsec.xml.i>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/include/firewall/match-ipsec.xml.i b/interface-definitions/include/firewall/match-ipsec.xml.i
new file mode 100644
index 000000000..82c2b324d
--- /dev/null
+++ b/interface-definitions/include/firewall/match-ipsec.xml.i
@@ -0,0 +1,21 @@
+<!-- include start from firewall/match-ipsec.xml.i -->
+<node name="ipsec">
+ <properties>
+ <help>Inbound IPsec packets</help>
+ </properties>
+ <children>
+ <leafNode name="match-ipsec">
+ <properties>
+ <help>Inbound IPsec packets</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="match-none">
+ <properties>
+ <help>Inbound non-IPsec packets</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<!-- include end --> \ No newline at end of file
diff --git a/interface-definitions/include/haproxy/rule-backend.xml.i b/interface-definitions/include/haproxy/rule-backend.xml.i
index a6832d693..b2be4fde4 100644
--- a/interface-definitions/include/haproxy/rule-backend.xml.i
+++ b/interface-definitions/include/haproxy/rule-backend.xml.i
@@ -118,7 +118,7 @@
<description>Exactly URL</description>
</valueHelp>
<constraint>
- <regex>^\/[\w\-.\/]+$</regex>
+ <regex>^\/[\w\-.\/]*$</regex>
</constraint>
<constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
<multi/>
diff --git a/interface-definitions/include/listen-interface-multi-broadcast.xml.i b/interface-definitions/include/listen-interface-multi-broadcast.xml.i
new file mode 100644
index 000000000..b3d5a3ecc
--- /dev/null
+++ b/interface-definitions/include/listen-interface-multi-broadcast.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from listen-interface-multi-broadcast.xml.i -->
+<leafNode name="listen-interface">
+ <properties>
+ <help>Interface for DHCP Relay Agent to listen for requests</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces --broadcast</script>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Interface name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/interface-name.xml.i>
+ </constraint>
+ <multi/>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/pki/dh-params.xml.i b/interface-definitions/include/pki/dh-params.xml.i
new file mode 100644
index 000000000..a422df832
--- /dev/null
+++ b/interface-definitions/include/pki/dh-params.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from pki/certificate-multi.xml.i -->
+<leafNode name="dh-params">
+ <properties>
+ <help>Diffie Hellman parameters (server only)</help>
+ <completionHelp>
+ <path>pki dh</path>
+ </completionHelp>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/qos/hfsc-m1.xml.i b/interface-definitions/include/qos/hfsc-m1.xml.i
index 677d817ba..21b9c4f32 100644
--- a/interface-definitions/include/qos/hfsc-m1.xml.i
+++ b/interface-definitions/include/qos/hfsc-m1.xml.i
@@ -27,6 +27,6 @@
<description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description>
</valueHelp>
</properties>
- <defaultValue>100%%</defaultValue>
+ <defaultValue>0bit</defaultValue>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/qos/hfsc-m2.xml.i b/interface-definitions/include/qos/hfsc-m2.xml.i
index 7690df4b0..24e8f5d63 100644
--- a/interface-definitions/include/qos/hfsc-m2.xml.i
+++ b/interface-definitions/include/qos/hfsc-m2.xml.i
@@ -27,6 +27,6 @@
<description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description>
</valueHelp>
</properties>
- <defaultValue>100%%</defaultValue>
+ <defaultValue>100%</defaultValue>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/version/bgp-version.xml.i b/interface-definitions/include/version/bgp-version.xml.i
index 1386ea9bc..6bed7189f 100644
--- a/interface-definitions/include/version/bgp-version.xml.i
+++ b/interface-definitions/include/version/bgp-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/bgp-version.xml.i -->
-<syntaxVersion component='bgp' version='4'></syntaxVersion>
+<syntaxVersion component='bgp' version='5'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/conntrack-version.xml.i b/interface-definitions/include/version/conntrack-version.xml.i
index c0f632c70..6995ce119 100644
--- a/interface-definitions/include/version/conntrack-version.xml.i
+++ b/interface-definitions/include/version/conntrack-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/conntrack-version.xml.i -->
-<syntaxVersion component='conntrack' version='4'></syntaxVersion>
+<syntaxVersion component='conntrack' version='5'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/dhcp-server-version.xml.i b/interface-definitions/include/version/dhcp-server-version.xml.i
index cc84ea8b9..d83172e72 100644
--- a/interface-definitions/include/version/dhcp-server-version.xml.i
+++ b/interface-definitions/include/version/dhcp-server-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/dhcp-server-version.xml.i -->
-<syntaxVersion component='dhcp-server' version='8'></syntaxVersion>
+<syntaxVersion component='dhcp-server' version='9'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/dhcpv6-server-version.xml.i b/interface-definitions/include/version/dhcpv6-server-version.xml.i
index cb026a54a..bfef27b77 100644
--- a/interface-definitions/include/version/dhcpv6-server-version.xml.i
+++ b/interface-definitions/include/version/dhcpv6-server-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/dhcpv6-server-version.xml.i -->
-<syntaxVersion component='dhcpv6-server' version='3'></syntaxVersion>
+<syntaxVersion component='dhcpv6-server' version='4'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/dns-dynamic-version.xml.i b/interface-definitions/include/version/dns-dynamic-version.xml.i
index 773a6ab51..346385ccb 100644
--- a/interface-definitions/include/version/dns-dynamic-version.xml.i
+++ b/interface-definitions/include/version/dns-dynamic-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/dns-dynamic-version.xml.i -->
-<syntaxVersion component='dns-dynamic' version='3'></syntaxVersion>
+<syntaxVersion component='dns-dynamic' version='4'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/https-version.xml.i b/interface-definitions/include/version/https-version.xml.i
index fa18278f3..525314dbd 100644
--- a/interface-definitions/include/version/https-version.xml.i
+++ b/interface-definitions/include/version/https-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/https-version.xml.i -->
-<syntaxVersion component='https' version='5'></syntaxVersion>
+<syntaxVersion component='https' version='6'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/ipoe-server-version.xml.i b/interface-definitions/include/version/ipoe-server-version.xml.i
index e5983ab39..659433382 100644
--- a/interface-definitions/include/version/ipoe-server-version.xml.i
+++ b/interface-definitions/include/version/ipoe-server-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/ipoe-server-version.xml.i -->
-<syntaxVersion component='ipoe-server' version='2'></syntaxVersion>
+<syntaxVersion component='ipoe-server' version='3'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/ipsec-version.xml.i b/interface-definitions/include/version/ipsec-version.xml.i
index de7a9c088..a4d556cfc 100644
--- a/interface-definitions/include/version/ipsec-version.xml.i
+++ b/interface-definitions/include/version/ipsec-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/ipsec-version.xml.i -->
-<syntaxVersion component='ipsec' version='12'></syntaxVersion>
+<syntaxVersion component='ipsec' version='13'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/l2tp-version.xml.i b/interface-definitions/include/version/l2tp-version.xml.i
index f4507d93b..793cd5d0c 100644
--- a/interface-definitions/include/version/l2tp-version.xml.i
+++ b/interface-definitions/include/version/l2tp-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/l2tp-version.xml.i -->
-<syntaxVersion component='l2tp' version='6'></syntaxVersion>
+<syntaxVersion component='l2tp' version='7'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/pppoe-server-version.xml.i b/interface-definitions/include/version/pppoe-server-version.xml.i
index deed702f0..02f98cc16 100644
--- a/interface-definitions/include/version/pppoe-server-version.xml.i
+++ b/interface-definitions/include/version/pppoe-server-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/pppoe-server-version.xml.i -->
-<syntaxVersion component='pppoe-server' version='7'></syntaxVersion>
+<syntaxVersion component='pppoe-server' version='8'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/sstp-version.xml.i b/interface-definitions/include/version/sstp-version.xml.i
index 3ac54a3de..5e30950d8 100644
--- a/interface-definitions/include/version/sstp-version.xml.i
+++ b/interface-definitions/include/version/sstp-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/sstp-version.xml.i -->
-<syntaxVersion component='sstp' version='5'></syntaxVersion>
+<syntaxVersion component='sstp' version='6'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/interfaces_openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in
index addf3c1ab..389b5b5c9 100644
--- a/interface-definitions/interfaces_openvpn.xml.in
+++ b/interface-definitions/interfaces_openvpn.xml.in
@@ -720,14 +720,7 @@
</leafNode>
#include <include/pki/certificate.xml.i>
#include <include/pki/ca-certificate-multi.xml.i>
- <leafNode name="dh-params">
- <properties>
- <help>Diffie Hellman parameters (server only)</help>
- <completionHelp>
- <path>pki dh</path>
- </completionHelp>
- </properties>
- </leafNode>
+ #include <include/pki/dh-params.xml.i>
<leafNode name="crypt-key">
<properties>
<help>Static key to use to authenticate control channel</help>
diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in
index 097c541ac..0ed199539 100644
--- a/interface-definitions/pki.xml.in
+++ b/interface-definitions/pki.xml.in
@@ -81,6 +81,60 @@
<constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
+ <node name="acme">
+ <properties>
+ <help>Automatic Certificate Management Environment (ACME) request</help>
+ </properties>
+ <children>
+ #include <include/url-http-https.xml.i>
+ <leafNode name="url">
+ <defaultValue>https://acme-v02.api.letsencrypt.org/directory</defaultValue>
+ </leafNode>
+ <leafNode name="domain-name">
+ <properties>
+ <help>Domain Name</help>
+ <constraint>
+ <validator name="fqdn"/>
+ </constraint>
+ <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_</constraintErrorMessage>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="email">
+ <properties>
+ <help>Email address to associate with certificate</help>
+ <constraint>
+ #include <include/constraint/email.xml.i>
+ </constraint>
+ </properties>
+ </leafNode>
+ #include <include/listen-address-ipv4-single.xml.i>
+ <leafNode name="rsa-key-size">
+ <properties>
+ <help>Size of the RSA key</help>
+ <completionHelp>
+ <list>2048 3072 4096</list>
+ </completionHelp>
+ <valueHelp>
+ <format>2048</format>
+ <description>RSA key length 2048 bit</description>
+ </valueHelp>
+ <valueHelp>
+ <format>3072</format>
+ <description>RSA key length 3072 bit</description>
+ </valueHelp>
+ <valueHelp>
+ <format>4096</format>
+ <description>RSA key length 4096 bit</description>
+ </valueHelp>
+ <constraint>
+ <regex>(2048|3072|4096)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>2048</defaultValue>
+ </leafNode>
+ </children>
+ </node>
#include <include/generic-description.xml.i>
<node name="private">
<properties>
diff --git a/interface-definitions/service_dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in
index 8e13f9372..5c9d4a360 100644
--- a/interface-definitions/service_dhcp-server.xml.in
+++ b/interface-definitions/service_dhcp-server.xml.in
@@ -74,6 +74,7 @@
</properties>
</leafNode>
#include <include/listen-address-ipv4.xml.i>
+ #include <include/listen-interface-multi-broadcast.xml.i>
<tagNode name="shared-network-name">
<properties>
<help>Name of DHCP shared network</help>
@@ -89,12 +90,9 @@
<valueless/>
</properties>
</leafNode>
- #include <include/dhcp/domain-name.xml.i>
- #include <include/dhcp/domain-search.xml.i>
- #include <include/dhcp/ntp-server.xml.i>
+ #include <include/dhcp/option-v4.xml.i>
#include <include/generic-description.xml.i>
#include <include/generic-disable-node.xml.i>
- #include <include/name-server-ipv4.xml.i>
<tagNode name="subnet">
<properties>
<help>DHCP subnet for shared network</help>
@@ -108,73 +106,9 @@
<constraintErrorMessage>Invalid IPv4 subnet definition</constraintErrorMessage>
</properties>
<children>
- <leafNode name="bootfile-name">
- <properties>
- <help>Bootstrap file name</help>
- <constraint>
- <regex>[[:ascii:]]{1,253}</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="bootfile-server">
- <properties>
- <help>Server from which the initial boot file is to be loaded</help>
- <valueHelp>
- <format>ipv4</format>
- <description>Bootfile server IPv4 address</description>
- </valueHelp>
- <valueHelp>
- <format>hostname</format>
- <description>Bootfile server FQDN</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- <validator name="fqdn"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="bootfile-size">
- <properties>
- <help>Bootstrap file size</help>
- <valueHelp>
- <format>u32:1-16</format>
- <description>Bootstrap file size in 512 byte blocks</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-16"/>
- </constraint>
- </properties>
- </leafNode>
- #include <include/dhcp/captive-portal.xml.i>
- <leafNode name="client-prefix-length">
- <properties>
- <help>Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used.</help>
- <valueHelp>
- <format>u32:0-32</format>
- <description>DHCP client prefix length must be 0 to 32</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-32"/>
- </constraint>
- <constraintErrorMessage>DHCP client prefix length must be 0 to 32</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="default-router">
- <properties>
- <help>IP address of default router</help>
- <valueHelp>
- <format>ipv4</format>
- <description>Default router IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- #include <include/dhcp/domain-name.xml.i>
- #include <include/dhcp/domain-search.xml.i>
+ #include <include/dhcp/option-v4.xml.i>
#include <include/generic-description.xml.i>
- #include <include/name-server-ipv4.xml.i>
+ #include <include/generic-disable-node.xml.i>
<leafNode name="exclude">
<properties>
<help>IP address to exclude from DHCP lease range</help>
@@ -188,12 +122,6 @@
<multi/>
</properties>
</leafNode>
- <leafNode name="ip-forwarding">
- <properties>
- <help>Enable IP forwarding on client</help>
- <valueless/>
- </properties>
- </leafNode>
<leafNode name="lease">
<properties>
<help>Lease timeout in seconds</help>
@@ -208,45 +136,6 @@
</properties>
<defaultValue>86400</defaultValue>
</leafNode>
- #include <include/dhcp/ntp-server.xml.i>
- <leafNode name="pop-server">
- <properties>
- <help>IP address of POP3 server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>POP3 server IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="server-identifier">
- <properties>
- <help>Address for DHCP server identifier</help>
- <valueHelp>
- <format>ipv4</format>
- <description>DHCP server identifier IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="smtp-server">
- <properties>
- <help>IP address of SMTP server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>SMTP server IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
<tagNode name="range">
<properties>
<help>DHCP lease range</help>
@@ -256,6 +145,7 @@
<constraintErrorMessage>Invalid range name, may only be alphanumeric, dot and hyphen</constraintErrorMessage>
</properties>
<children>
+ #include <include/dhcp/option-v4.xml.i>
<leafNode name="start">
<properties>
<help>First IP address for DHCP lease range</help>
@@ -291,6 +181,8 @@
<constraintErrorMessage>Invalid static mapping hostname</constraintErrorMessage>
</properties>
<children>
+ #include <include/dhcp/option-v4.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/generic-disable-node.xml.i>
<leafNode name="ip-address">
<properties>
@@ -308,143 +200,18 @@
#include <include/interface/duid.xml.i>
</children>
</tagNode>
- <tagNode name="static-route">
- <properties>
- <help>Classless static route destination subnet</help>
- <valueHelp>
- <format>ipv4net</format>
- <description>IPv4 address and prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-prefix"/>
- </constraint>
- </properties>
- <children>
- <leafNode name="next-hop">
- <properties>
- <help>IP address of router to be used to reach the destination subnet</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address of router</description>
- </valueHelp>
- <constraint>
- <validator name="ip-address"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </tagNode >
- <leafNode name="ipv6-only-preferred">
+ <leafNode name="subnet-id">
<properties>
- <help>Disable IPv4 on IPv6 only hosts (RFC 8925)</help>
+ <help>Unique ID mapped to leases in the lease file</help>
<valueHelp>
<format>u32</format>
- <description>Seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- <constraintErrorMessage>Seconds must be between 0 and 4294967295 (49 days)</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="tftp-server-name">
- <properties>
- <help>TFTP server name</help>
- <valueHelp>
- <format>ipv4</format>
- <description>TFTP server IPv4 address</description>
- </valueHelp>
- <valueHelp>
- <format>hostname</format>
- <description>TFTP server FQDN</description>
+ <description>Unique subnet ID</description>
</valueHelp>
<constraint>
- <validator name="ipv4-address"/>
- <validator name="fqdn"/>
+ <validator name="numeric" argument="--range 1-4294967295"/>
</constraint>
</properties>
</leafNode>
- <leafNode name="time-offset">
- <properties>
- <help>Client subnet offset in seconds from Coordinated Universal Time (UTC)</help>
- <valueHelp>
- <format>[-]N</format>
- <description>Time offset (number, may be negative)</description>
- </valueHelp>
- <constraint>
- <regex>-?[0-9]+</regex>
- </constraint>
- <constraintErrorMessage>Invalid time offset value</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="time-server">
- <properties>
- <help>IP address of time server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>Time server IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="time-zone">
- <properties>
- <help>Time zone to send to clients. Uses RFC4833 options 100 and 101</help>
- <completionHelp>
- <script>timedatectl list-timezones</script>
- </completionHelp>
- <constraint>
- <validator name="timezone" argument="--validate"/>
- </constraint>
- </properties>
- </leafNode>
- <node name="vendor-option">
- <properties>
- <help>Vendor Specific Options</help>
- </properties>
- <children>
- <node name="ubiquiti">
- <properties>
- <help>Ubiquiti specific parameters</help>
- </properties>
- <children>
- <leafNode name="unifi-controller">
- <properties>
- <help>Address of UniFi controller</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IP address of UniFi controller</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
- </children>
- </node>
- <leafNode name="wins-server">
- <properties>
- <help>IP address for Windows Internet Name Service (WINS) server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>WINS server IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="wpad-url">
- <properties>
- <help>Web Proxy Autodiscovery (WPAD) URL</help>
- </properties>
- </leafNode>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/service_dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in
index 6f7f3c1da..07cbfc85d 100644
--- a/interface-definitions/service_dhcpv6-server.xml.in
+++ b/interface-definitions/service_dhcpv6-server.xml.in
@@ -9,6 +9,7 @@
</properties>
<children>
#include <include/generic-disable-node.xml.i>
+ #include <include/listen-interface-multi-broadcast.xml.i>
<node name="global-parameters">
<properties>
<help>Additional global parameters for DHCPv6 server</help>
@@ -89,11 +90,17 @@
</constraint>
</properties>
<children>
- <node name="address-range">
+ #include <include/dhcp/option-v6.xml.i>
+ <tagNode name="range">
<properties>
<help>Parameters setting ranges for assigning IPv6 addresses</help>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+ </constraint>
+ <constraintErrorMessage>Invalid range name, may only be alphanumeric, dot and hyphen</constraintErrorMessage>
</properties>
<children>
+ #include <include/dhcp/option-v6.xml.i>
<leafNode name="prefix">
<properties>
<help>IPv6 prefix defining range of addresses to assign</help>
@@ -104,10 +111,9 @@
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
- <multi/>
</properties>
</leafNode>
- <tagNode name="start">
+ <leafNode name="start">
<properties>
<help>First in range of consecutive IPv6 addresses to assign</help>
<valueHelp>
@@ -118,25 +124,21 @@
<validator name="ipv6-address"/>
</constraint>
</properties>
- <children>
- <leafNode name="stop">
- <properties>
- <help>Last in range of consecutive IPv6 addresses</help>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv6-address"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </tagNode>
+ </leafNode>
+ <leafNode name="stop">
+ <properties>
+ <help>Last in range of consecutive IPv6 addresses</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
</children>
- </node>
- #include <include/dhcp/captive-portal.xml.i>
- #include <include/dhcp/domain-search.xml.i>
+ </tagNode>
<node name="lease-time">
<properties>
<help>Parameters relating to the lease time</help>
@@ -180,51 +182,6 @@
</leafNode>
</children>
</node>
- #include <include/name-server-ipv6.xml.i>
- <leafNode name="nis-domain">
- <properties>
- <help>NIS domain name for client to use</help>
- <constraint>
- #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
- </constraint>
- <constraintErrorMessage>Invalid NIS domain name</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="nis-server">
- <properties>
- <help>IPv6 address of a NIS Server</help>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address of NIS server</description>
- </valueHelp>
- <constraint>
- <validator name="ipv6-address"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="nisplus-domain">
- <properties>
- <help>NIS+ domain name for client to use</help>
- <constraint>
- #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
- </constraint>
- <constraintErrorMessage>Invalid NIS+ domain name. May only contain letters, numbers and .-_</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="nisplus-server">
- <properties>
- <help>IPv6 address of a NIS+ Server</help>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address of NIS+ server</description>
- </valueHelp>
- <constraint>
- <validator name="ipv6-address"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
<node name="prefix-delegation">
<properties>
<help>Parameters relating to IPv6 prefix delegation</help>
@@ -272,33 +229,6 @@
</tagNode>
</children>
</node>
- <leafNode name="sip-server">
- <properties>
- <help>IPv6 address of SIP server</help>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address of SIP server</description>
- </valueHelp>
- <valueHelp>
- <format>hostname</format>
- <description>FQDN of SIP server</description>
- </valueHelp>
- <constraint>
- <validator name="ipv6-address"/>
- <validator name="fqdn"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="sntp-server">
- <properties>
- <help>IPv6 address of an SNTP server for client to use</help>
- <constraint>
- <validator name="ipv6-address"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
<tagNode name="static-mapping">
<properties>
<help>Hostname for static mapping reservation</help>
@@ -308,6 +238,7 @@
<constraintErrorMessage>Invalid static mapping hostname</constraintErrorMessage>
</properties>
<children>
+ #include <include/dhcp/option-v6.xml.i>
#include <include/generic-disable-node.xml.i>
#include <include/interface/mac.xml.i>
#include <include/interface/duid.xml.i>
@@ -337,33 +268,18 @@
</leafNode>
</children>
</tagNode>
- <node name="vendor-option">
+ <leafNode name="subnet-id">
<properties>
- <help>Vendor Specific Options</help>
+ <help>Unique ID mapped to leases in the lease file</help>
+ <valueHelp>
+ <format>u32</format>
+ <description>Unique subnet ID</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-4294967295"/>
+ </constraint>
</properties>
- <children>
- <node name="cisco">
- <properties>
- <help>Cisco specific parameters</help>
- </properties>
- <children>
- <leafNode name="tftp-server">
- <properties>
- <help>TFTP server name</help>
- <valueHelp>
- <format>ipv6</format>
- <description>TFTP server IPv6 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv6-address"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- </children>
- </node>
- </children>
- </node>
+ </leafNode>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/service_dns_dynamic.xml.in b/interface-definitions/service_dns_dynamic.xml.in
index d1b0e90bb..75e5520b7 100644
--- a/interface-definitions/service_dns_dynamic.xml.in
+++ b/interface-definitions/service_dns_dynamic.xml.in
@@ -38,42 +38,29 @@
</constraint>
</properties>
</leafNode>
- <leafNode name="address">
+ <node name="address">
<properties>
<help>Obtain IP address to send Dynamic DNS update for</help>
- <valueHelp>
- <format>txt</format>
- <description>Use interface to obtain the IP address</description>
- </valueHelp>
- <valueHelp>
- <format>web</format>
- <description>Use HTTP(S) web request to obtain the IP address</description>
- </valueHelp>
- <completionHelp>
- <script>${vyos_completion_dir}/list_interfaces</script>
- <list>web</list>
- </completionHelp>
- <constraint>
- #include <include/constraint/interface-name.xml.i>
- <regex>web</regex>
- </constraint>
- </properties>
- </leafNode>
- <node name="web-options">
- <properties>
- <help>Options when using HTTP(S) web request to obtain the IP address</help>
</properties>
<children>
- #include <include/url-http-https.xml.i>
- <leafNode name="skip">
+ #include <include/generic-interface.xml.i>
+ <node name="web">
<properties>
- <help>Pattern to skip from the HTTP(S) respose</help>
- <valueHelp>
- <format>txt</format>
- <description>Pattern to skip from the HTTP(S) respose to extract the external IP address</description>
- </valueHelp>
+ <help>HTTP(S) web request to use</help>
</properties>
- </leafNode>
+ <children>
+ #include <include/url-http-https.xml.i>
+ <leafNode name="skip">
+ <properties>
+ <help>Pattern to skip from the HTTP(S) respose</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Pattern to skip from the HTTP(S) respose to extract the external IP address</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
</children>
</node>
<leafNode name="ip-version">
diff --git a/interface-definitions/service_dns_forwarding.xml.in b/interface-definitions/service_dns_forwarding.xml.in
index 7dce9b548..a54618e82 100644
--- a/interface-definitions/service_dns_forwarding.xml.in
+++ b/interface-definitions/service_dns_forwarding.xml.in
@@ -670,6 +670,19 @@
</properties>
<defaultValue>3600</defaultValue>
</leafNode>
+ <leafNode name="serve-stale-extension">
+ <properties>
+ <help>Number of times the expired TTL of a record is extended by 30 seconds when serving stale</help>
+ <valueHelp>
+ <format>u32:0-65535</format>
+ <description>Number of times to extend the TTL</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>0</defaultValue>
+ </leafNode>
<leafNode name="timeout">
<properties>
<help>Number of milliseconds to wait for a remote authoritative server to respond</help>
@@ -694,6 +707,91 @@
<valueless/>
</properties>
</leafNode>
+ <leafNode name="exclude-throttle-address">
+ <properties>
+ <help>IP address or subnet</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address to match</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 prefix to match</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address</description>
+ </valueHelp>
+ <multi/>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv4-prefix"/>
+ <validator name="ipv6-address"/>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="options">
+ <properties>
+ <help>DNS server options</help>
+ </properties>
+ <children>
+ <leafNode name="ecs-add-for">
+ <properties>
+ <help>Client netmask for which EDNS Client Subnet will be added</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 prefix to match</description>
+ </valueHelp>
+ <valueHelp>
+ <format>!ipv4net</format>
+ <description>Match everything except the specified IPv4 prefix</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 prefix to match</description>
+ </valueHelp>
+ <valueHelp>
+ <format>!ipv6net</format>
+ <description>Match everything except the specified IPv6 prefix</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ <validator name="ipv4-prefix-exclude"/>
+ <validator name="ipv6-prefix"/>
+ <validator name="ipv6-prefix-exclude"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="ecs-ipv4-bits">
+ <properties>
+ <help>Number of bits of IPv4 address to pass for EDNS Client Subnet</help>
+ <valueHelp>
+ <format>u32:0-32</format>
+ <description>Number of bits of IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-32"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="edns-subnet-allow-list">
+ <properties>
+ <help>Netmask or domain that we should enable EDNS subnet for</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Netmask or domain</description>
+ </valueHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
</children>
</node>
</children>
diff --git a/interface-definitions/service_https.xml.in b/interface-definitions/service_https.xml.in
index 223f10962..b60c7ff2e 100644
--- a/interface-definitions/service_https.xml.in
+++ b/interface-definitions/service_https.xml.in
@@ -8,52 +8,6 @@
<priority>1001</priority>
</properties>
<children>
- <tagNode name="virtual-host">
- <properties>
- <help>Identifier for virtual host</help>
- <constraint>
- <regex>[a-zA-Z0-9-_.:]{1,255}</regex>
- </constraint>
- <constraintErrorMessage>illegal characters in identifier or identifier longer than 255 characters</constraintErrorMessage>
- </properties>
- <children>
- <leafNode name="listen-address">
- <properties>
- <help>Address to listen for HTTPS requests</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
- </completionHelp>
- <valueHelp>
- <format>ipv4</format>
- <description>HTTPS IPv4 address</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6</format>
- <description>HTTPS IPv6 address</description>
- </valueHelp>
- <valueHelp>
- <format>'*'</format>
- <description>any</description>
- </valueHelp>
- <constraint>
- <validator name="ip-address"/>
- <regex>\*</regex>
- </constraint>
- </properties>
- </leafNode>
- #include <include/port-number.xml.i>
- <leafNode name='port'>
- <defaultValue>443</defaultValue>
- </leafNode>
- <leafNode name="server-name">
- <properties>
- <help>Server names: exact, wildcard, or regex</help>
- <multi/>
- </properties>
- </leafNode>
- #include <include/allow-client.xml.i>
- </children>
- </tagNode>
<node name="api">
<properties>
<help>VyOS HTTP API configuration</help>
@@ -172,19 +126,18 @@
</node>
</children>
</node>
- <node name="api-restrict">
+ #include <include/allow-client.xml.i>
+ <leafNode name="enable-http-redirect">
<properties>
- <help>Restrict api proxy to subset of virtual hosts</help>
+ <help>Enable HTTP to HTTPS redirect</help>
+ <valueless/>
</properties>
- <children>
- <leafNode name="virtual-host">
- <properties>
- <help>Restrict proxy to virtual host(s)</help>
- <multi/>
- </properties>
- </leafNode>
- </children>
- </node>
+ </leafNode>
+ #include <include/listen-address.xml.i>
+ #include <include/port-number.xml.i>
+ <leafNode name='port'>
+ <defaultValue>443</defaultValue>
+ </leafNode>
<node name="certificates">
<properties>
<help>TLS certificates</help>
@@ -192,26 +145,30 @@
<children>
#include <include/pki/ca-certificate.xml.i>
#include <include/pki/certificate.xml.i>
- <node name="certbot" owner="${vyos_conf_scripts_dir}/service_https_certificates_certbot.py">
- <properties>
- <help>Request or apply a letsencrypt certificate for domain-name</help>
- </properties>
- <children>
- <leafNode name="domain-name">
- <properties>
- <help>Domain name(s) for which to obtain certificate</help>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="email">
- <properties>
- <help>Email address to associate with certificate</help>
- </properties>
- </leafNode>
- </children>
- </node>
+ #include <include/pki/dh-params.xml.i>
</children>
</node>
+ <leafNode name="tls-version">
+ <properties>
+ <help>Specify available TLS version(s)</help>
+ <completionHelp>
+ <list>1.2 1.3</list>
+ </completionHelp>
+ <valueHelp>
+ <format>1.2</format>
+ <description>TLSv1.2</description>
+ </valueHelp>
+ <valueHelp>
+ <format>1.3</format>
+ <description>TLSv1.3</description>
+ </valueHelp>
+ <constraint>
+ <regex>(1.2|1.3)</regex>
+ </constraint>
+ <multi/>
+ </properties>
+ <defaultValue>1.2 1.3</defaultValue>
+ </leafNode>
#include <include/interface/vrf.xml.i>
</children>
</node>
diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in
index edfe6a34c..eeec2aeef 100644
--- a/interface-definitions/service_ipoe-server.xml.in
+++ b/interface-definitions/service_ipoe-server.xml.in
@@ -183,6 +183,7 @@
</children>
</node>
#include <include/accel-ppp/default-pool.xml.i>
+ #include <include/accel-ppp/default-ipv6-pool.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/service_ndp-proxy.xml.in b/interface-definitions/service_ndp-proxy.xml.in
index 9801c99ab..aabba3f4e 100644
--- a/interface-definitions/service_ndp-proxy.xml.in
+++ b/interface-definitions/service_ndp-proxy.xml.in
@@ -5,6 +5,7 @@
<node name="ndp-proxy" owner="${vyos_conf_scripts_dir}/service_ndp-proxy.py">
<properties>
<help>Neighbor Discovery Protocol (NDP) Proxy</help>
+ <priority>600</priority>
</properties>
<children>
<leafNode name="route-refresh">
diff --git a/interface-definitions/service_ntp.xml.in b/interface-definitions/service_ntp.xml.in
index 65a45d7a1..c057b62b5 100644
--- a/interface-definitions/service_ntp.xml.in
+++ b/interface-definitions/service_ntp.xml.in
@@ -9,6 +9,38 @@
<priority>900</priority>
</properties>
<children>
+ #include <include/allow-client.xml.i>
+ #include <include/generic-interface.xml.i>
+ #include <include/listen-address.xml.i>
+ #include <include/interface/vrf.xml.i>
+ <leafNode name="leap-second">
+ <properties>
+ <help>Leap second behavior</help>
+ <completionHelp>
+ <list>ignore smear system timezone</list>
+ </completionHelp>
+ <valueHelp>
+ <format>ignore</format>
+ <description>No correction is applied to the clock for the leap second</description>
+ </valueHelp>
+ <valueHelp>
+ <format>smear</format>
+ <description>Correct served time slowly be slewing instead of stepping</description>
+ </valueHelp>
+ <valueHelp>
+ <format>system</format>
+ <description>Kernel steps the system clock forward or backward</description>
+ </valueHelp>
+ <valueHelp>
+ <format>timezone</format>
+ <description>Use UTC timezone database to determine when will the next leap second occur</description>
+ </valueHelp>
+ <constraint>
+ <regex>(ignore|smear|system|timezone)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>timezone</defaultValue>
+ </leafNode>
<tagNode name="server">
<properties>
<help>Network Time Protocol (NTP) server</help>
@@ -56,10 +88,6 @@
</leafNode>
</children>
</tagNode>
- #include <include/allow-client.xml.i>
- #include <include/generic-interface.xml.i>
- #include <include/listen-address.xml.i>
- #include <include/interface/vrf.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in
index f1b369936..6fdc2a65a 100644
--- a/interface-definitions/service_pppoe-server.xml.in
+++ b/interface-definitions/service_pppoe-server.xml.in
@@ -274,6 +274,7 @@
</children>
</node>
#include <include/accel-ppp/default-pool.xml.i>
+ #include <include/accel-ppp/default-ipv6-pool.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/system_config-management.xml.in b/interface-definitions/system_config-management.xml.in
index 7ae347955..e666633b7 100644
--- a/interface-definitions/system_config-management.xml.in
+++ b/interface-definitions/system_config-management.xml.in
@@ -51,15 +51,7 @@
<multi/>
</properties>
</leafNode>
- <leafNode name="source-address">
- <properties>
- <help>Source address or interface for archive server connections</help>
- <constraint>
- <validator name="ip-address"/>
- #include <include/constraint/interface-name.xml.i>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/source-address-ipv4-ipv6.xml.i>
</children>
</node>
<leafNode name="commit-revisions">
diff --git a/interface-definitions/system_option.xml.in b/interface-definitions/system_option.xml.in
index adb45bdcc..602d7d100 100644
--- a/interface-definitions/system_option.xml.in
+++ b/interface-definitions/system_option.xml.in
@@ -32,6 +32,19 @@
<constraintErrorMessage>Must be ignore, reboot, or poweroff</constraintErrorMessage>
</properties>
</leafNode>
+ <node name="kernel">
+ <properties>
+ <help>Kernel boot parameters</help>
+ </properties>
+ <children>
+ <leafNode name="disable-mitigations">
+ <properties>
+ <help>Disable all optional CPU mitigations</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
<leafNode name="keyboard-layout">
<properties>
<help>System keyboard layout, type ISO2</help>
diff --git a/interface-definitions/system_sflow.xml.in b/interface-definitions/system_sflow.xml.in
index c5152abe9..aaf4033d8 100644
--- a/interface-definitions/system_sflow.xml.in
+++ b/interface-definitions/system_sflow.xml.in
@@ -106,6 +106,7 @@
</leafNode>
</children>
</tagNode>
+ #include <include/interface/vrf.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 1847401b5..9d1d5d824 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -251,22 +251,22 @@
<properties>
<help>Action to take if a child SA is unexpectedly closed</help>
<completionHelp>
- <list>none hold restart</list>
+ <list>none trap start</list>
</completionHelp>
<valueHelp>
<format>none</format>
<description>Do nothing</description>
</valueHelp>
<valueHelp>
- <format>hold</format>
+ <format>trap</format>
<description>Attempt to re-negotiate when matching traffic is seen</description>
</valueHelp>
<valueHelp>
- <format>restart</format>
+ <format>start</format>
<description>Attempt to re-negotiate the connection immediately</description>
</valueHelp>
<constraint>
- <regex>(none|hold|restart)</regex>
+ <regex>(none|trap|start)</regex>
</constraint>
</properties>
<defaultValue>none</defaultValue>
@@ -280,10 +280,10 @@
<properties>
<help>Keep-alive failure action</help>
<completionHelp>
- <list>hold clear restart</list>
+ <list>trap clear restart</list>
</completionHelp>
<valueHelp>
- <format>hold</format>
+ <format>trap</format>
<description>Attempt to re-negotiate the connection when matching traffic is seen</description>
</valueHelp>
<valueHelp>
@@ -295,7 +295,7 @@
<description>Attempt to re-negotiate the connection immediately</description>
</valueHelp>
<constraint>
- <regex>(hold|clear|restart)</regex>
+ <regex>(trap|clear|restart)</regex>
</constraint>
</properties>
<defaultValue>clear</defaultValue>
diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
index 3e2d00e6b..d3fb58433 100644
--- a/interface-definitions/vpn_l2tp.xml.in
+++ b/interface-definitions/vpn_l2tp.xml.in
@@ -154,6 +154,7 @@
</children>
</node>
#include <include/accel-ppp/default-pool.xml.i>
+ #include <include/accel-ppp/default-ipv6-pool.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in
index 7bb8db798..ec622b5d0 100644
--- a/interface-definitions/vpn_pptp.xml.in
+++ b/interface-definitions/vpn_pptp.xml.in
@@ -134,6 +134,7 @@
</children>
</node>
#include <include/accel-ppp/default-pool.xml.i>
+ #include <include/accel-ppp/default-ipv6-pool.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
index a1b69f990..2727540be 100644
--- a/interface-definitions/vpn_sstp.xml.in
+++ b/interface-definitions/vpn_sstp.xml.in
@@ -36,6 +36,7 @@
<defaultValue>443</defaultValue>
</leafNode>
#include <include/accel-ppp/default-pool.xml.i>
+ #include <include/accel-ppp/default-ipv6-pool.xml.i>
<node name="ppp-options">
<properties>
<help>PPP (Point-to-Point Protocol) settings</help>