diff options
Diffstat (limited to 'interface-definitions')
58 files changed, 837 insertions, 745 deletions
diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in index 723223f1c..32c5af9b6 100644 --- a/interface-definitions/dns-dynamic.xml.in +++ b/interface-definitions/dns-dynamic.xml.in @@ -38,7 +38,7 @@ <help>Options when using HTTP(S) web request to obtain the IP address</help> </properties> <children> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> <leafNode name="skip"> <properties> <help>Pattern to skip from the HTTP(S) respose</help> @@ -134,9 +134,9 @@ </tagNode> </children> </tagNode> - <leafNode name="timeout"> + <leafNode name="interval"> <properties> - <help>Time in seconds to wait between DNS updates</help> + <help>Interval in seconds to wait between Dynamic DNS updates</help> <valueHelp> <format>u32:60-3600</format> <description>Time in seconds</description> @@ -144,7 +144,7 @@ <constraint> <validator name="numeric" argument="--range 60-3600"/> </constraint> - <constraintErrorMessage>Timeout must be between 60 and 3600 seconds</constraintErrorMessage> + <constraintErrorMessage>Interval must be between 60 and 3600 seconds</constraintErrorMessage> </properties> <defaultValue>300</defaultValue> </leafNode> diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index c4295317a..5ca02acef 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -684,25 +684,8 @@ <defaultValue>1500</defaultValue> </leafNode> #include <include/name-server-ipv4-ipv6-port.xml.i> + #include <include/source-address-ipv4-ipv6-multi.xml.i> <leafNode name="source-address"> - <properties> - <help>Local addresses from which to send DNS queries</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - </completionHelp> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address from which to send traffic</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address from which to send traffic</description> - </valueHelp> - <multi/> - <constraint> - <validator name="ip-address"/> - </constraint> - </properties> <defaultValue>0.0.0.0 ::</defaultValue> </leafNode> <leafNode name="system"> diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 81e6b89ea..0bb14a1b3 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -355,6 +355,148 @@ #include <include/firewall/ipv6-custom-name.xml.i> </children> </node> + <tagNode name="zone"> + <properties> + <help>Zone-policy</help> + <valueHelp> + <format>txt</format> + <description>Zone name</description> + </valueHelp> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/firewall/enable-default-log.xml.i> + <leafNode name="default-action"> + <properties> + <help>Default-action for traffic coming into this zone</help> + <completionHelp> + <list>drop reject</list> + </completionHelp> + <valueHelp> + <format>drop</format> + <description>Drop silently</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Drop and notify source</description> + </valueHelp> + <constraint> + <regex>(drop|reject)</regex> + </constraint> + </properties> + <defaultValue>drop</defaultValue> + </leafNode> + <tagNode name="from"> + <properties> + <help>Zone from which to filter traffic</help> + <completionHelp> + <path>zone-policy zone</path> + </completionHelp> + </properties> + <children> + <node name="firewall"> + <properties> + <help>Firewall options</help> + </properties> + <children> + <leafNode name="ipv6-name"> + <properties> + <help>IPv6 firewall ruleset</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="name"> + <properties> + <help>IPv4 firewall ruleset</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + <leafNode name="interface"> + <properties> + <help>Interface associated with zone</help> + <valueHelp> + <format>txt</format> + <description>Interface associated with zone</description> + </valueHelp> + <valueHelp> + <format>vrf</format> + <description>VRF associated with zone</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <multi/> + </properties> + </leafNode> + <node name="intra-zone-filtering"> + <properties> + <help>Intra-zone filtering</help> + </properties> + <children> + <leafNode name="action"> + <properties> + <help>Action for intra-zone traffic</help> + <completionHelp> + <list>accept drop</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept traffic</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop silently</description> + </valueHelp> + <constraint> + <regex>(accept|drop)</regex> + </constraint> + </properties> + </leafNode> + <node name="firewall"> + <properties> + <help>Use the specified firewall chain</help> + </properties> + <children> + <leafNode name="ipv6-name"> + <properties> + <help>IPv6 firewall ruleset</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="name"> + <properties> + <help>IPv4 firewall ruleset</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="local-zone"> + <properties> + <help>Zone to be local-zone</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> </children> </node> </interfaceDefinition> diff --git a/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i b/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i new file mode 100644 index 000000000..f6ef41019 --- /dev/null +++ b/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i @@ -0,0 +1,15 @@ +<!-- include start from accel-ppp/max-concurrent-sessions.xml.i --> +<leafNode name="max-concurrent-sessions"> + <properties> + <help>Maximum number of concurrent session start attempts</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Maximum number of concurrent session start attempts</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-65535"/> + </constraint> + <constraintErrorMessage>Maximum concurent sessions must be in range 0-65535</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i index b8dbe73b2..c0367b891 100644 --- a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i +++ b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i @@ -13,12 +13,6 @@ <leafNode name="vendor"> <properties> <help>Vendor dictionary</help> - <completionHelp> - <list>alcatel cisco microsoft mikrotik</list> - </completionHelp> - <constraint> - <validator name="accel-radius-dictionary" /> - </constraint> </properties> </leafNode> <leafNode name="enable"> diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index 504385b53..4e43298bc 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -343,6 +343,7 @@ #include <include/route-map.xml.i> </children> </tagNode> + #include <include/bgp/afi-maximum-paths.xml.i> </children> </node> <node name="ipv4-flowspec"> @@ -805,6 +806,76 @@ <valueless/> </properties> </leafNode> + <node name="default-originate"> + <properties> + <help>Originate a default route</help> + </properties> + <children> + <leafNode name="ipv4"> + <properties> + <help>IPv4 address family</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ipv6"> + <properties> + <help>IPv6 address family</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="disable-ead-evi-rx"> + <properties> + <help>Activate PE on EAD-ES even if EAD-EVI is not received</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-ead-evi-tx"> + <properties> + <help>Do not advertise EAD-EVI for local ESs</help> + <valueless/> + </properties> + </leafNode> + <node name="ead-es-frag"> + <properties> + <help>EAD ES fragment config</help> + </properties> + <children> + <leafNode name="evi-limit"> + <properties> + <help>EVIs per-fragment</help> + <valueHelp> + <format>u32:1-1000</format> + <description>limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1000"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="ead-es-route-target"> + <properties> + <help>EAD ES Route Target</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Route Target export</help> + <valueHelp> + <format>txt</format> + <description>Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-target-multi"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <node name="flooding"> <properties> <help>Specify handling for BUM packets</help> diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i index 381e04b1e..a27cae43b 100644 --- a/interface-definitions/include/firewall/common-rule-bridge.xml.i +++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i @@ -23,25 +23,7 @@ </completionHelp> </properties> </leafNode> -<leafNode name="log"> - <properties> - <help>Option to log packets matching rule</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable log</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable log</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> -</leafNode> +#include <include/firewall/log.xml.i> #include <include/firewall/rule-log-options.xml.i> <node name="source"> <properties> diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index a55a1a551..aabefcb27 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -82,44 +82,7 @@ </leafNode> </children> </node> -<leafNode name="log"> - <properties> - <help>Option to log packets matching rule</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable log</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable log</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> -</leafNode> -<leafNode name="log"> - <properties> - <help>Option to log packets matching rule</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable log</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable log</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> -</leafNode> +#include <include/firewall/log.xml.i> #include <include/firewall/rule-log-options.xml.i> <node name="connection-status"> <properties> @@ -222,89 +185,7 @@ </children> </node> #include <include/firewall/synproxy.xml.i> -<node name="state"> - <properties> - <help>Session state</help> - </properties> - <children> - <leafNode name="established"> - <properties> - <help>Established state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="invalid"> - <properties> - <help>Invalid state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="new"> - <properties> - <help>New state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="related"> - <properties> - <help>Related state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> +#include <include/firewall/state.xml.i> #include <include/firewall/tcp-flags.xml.i> #include <include/firewall/tcp-mss.xml.i> <node name="time"> diff --git a/interface-definitions/include/firewall/inbound-interface-no-group.xml.i b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i new file mode 100644 index 000000000..bcd4c9570 --- /dev/null +++ b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/inbound-interface-no-group.xml.i --> +<node name="inbound-interface"> + <properties> + <help>Match inbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i index 70c0adb77..100f1c3d9 100644 --- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/enable-default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i index 32b0ec94f..22546640b 100644 --- a/interface-definitions/include/firewall/ipv4-hook-input.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/enable-default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i index d50d1e93b..80c30cdeb 100644 --- a/interface-definitions/include/firewall/ipv4-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/enable-default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i index d83827161..fb38267eb 100644 --- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/enable-default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i index e34958f28..49d4493cc 100644 --- a/interface-definitions/include/firewall/ipv6-hook-input.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/enable-default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i index eb4ea7ac3..452b9027f 100644 --- a/interface-definitions/include/firewall/ipv6-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/enable-default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> diff --git a/interface-definitions/include/firewall/log.xml.i b/interface-definitions/include/firewall/log.xml.i index 46d20c1df..21b883e6a 100644 --- a/interface-definitions/include/firewall/log.xml.i +++ b/interface-definitions/include/firewall/log.xml.i @@ -1,15 +1,8 @@ <!-- include start from firewall/log.xml.i --> -<node name="log"> +<leafNode name="log"> <properties> - <help>Option to log packets</help> + <help>Enable log</help> + <valueless/> </properties> - <children> - <leafNode name="enable"> - <properties> - <help>Enable logging</help> - <valueless/> - </properties> - </leafNode> - </children> -</node> +</leafNode> <!-- include end --> diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i index 1cd9f8c4a..5da6f51fb 100644 --- a/interface-definitions/include/firewall/match-interface.xml.i +++ b/interface-definitions/include/firewall/match-interface.xml.i @@ -1,5 +1,5 @@ <!-- include start from firewall/match-interface.xml.i --> -<leafNode name="interface-name"> +<leafNode name="name"> <properties> <help>Match interface</help> <completionHelp> @@ -24,7 +24,7 @@ </constraint> </properties> </leafNode> -<leafNode name="interface-group"> +<leafNode name="group"> <properties> <help>Match interface-group</help> <completionHelp> diff --git a/interface-definitions/include/firewall/outbound-interface-no-group.xml.i b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i new file mode 100644 index 000000000..e3bace42d --- /dev/null +++ b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/outbound-interface-no-group.xml.i --> +<node name="outbound-interface"> + <properties> + <help>Match outbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/state.xml.i b/interface-definitions/include/firewall/state.xml.i new file mode 100644 index 000000000..dee9722e5 --- /dev/null +++ b/interface-definitions/include/firewall/state.xml.i @@ -0,0 +1,30 @@ +<!-- include start from firewall/state.xml.i --> +<leafNode name="state"> + <properties> + <help>Session state</help> + <completionHelp> + <list>established invalid new related</list> + </completionHelp> + <valueHelp> + <format>established</format> + <description>Established state</description> + </valueHelp> + <valueHelp> + <format>invalid</format> + <description>Invalid state</description> + </valueHelp> + <valueHelp> + <format>new</format> + <description>New state</description> + </valueHelp> + <valueHelp> + <format>related</format> + <description>Related state</description> + </valueHelp> + <constraint> + <regex>(established|invalid|new|related)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/isis/level-1-2-leaf.xml.i b/interface-definitions/include/isis/level-1-2-leaf.xml.i new file mode 100644 index 000000000..3703da1ed --- /dev/null +++ b/interface-definitions/include/isis/level-1-2-leaf.xml.i @@ -0,0 +1,13 @@ +<!-- include start from isis/level-1-2-leaf.xml.i --> +<leafNode name="level-1"> + <properties> + <help>Match on IS-IS level-1 routes</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="level-2"> + <properties> + <help>Match on IS-IS level-2 routes</help> + <valueless/> + </properties> +</leafNode>
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-local.xml.i b/interface-definitions/include/isis/lfa-local.xml.i new file mode 100644 index 000000000..c5bf6a3eb --- /dev/null +++ b/interface-definitions/include/isis/lfa-local.xml.i @@ -0,0 +1,128 @@ +<!-- include start from isis/lfa-local.xml.i --> +<node name="local"> + <properties> + <help>Local loop free alternate options</help> + </properties> + <children> + <node name="load-sharing"> + <properties> + <help>Load share prefixes across multiple backups</help> + </properties> + <children> + <node name="disable"> + <properties> + <help>Disable load sharing</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + </children> + </node> + <node name="priority-limit"> + <properties> + <help>Limit backup computation up to the prefix priority</help> + </properties> + <children> + <node name="medium"> + <properties> + <help>Compute for critical, high, and medium priority prefixes</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + <node name="high"> + <properties> + <help>Compute for critical, and high priority prefixes</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + <node name="critical"> + <properties> + <help>Compute for critical priority prefixes only</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + </children> + </node> + <node name="tiebreaker"> + <properties> + <help>Configure tiebreaker for multiple backups</help> + </properties> + <children> + <node name="downstream"> + <properties> + <help>Prefer backup path via downstream node</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="lowest-backup-metric"> + <properties> + <help>Prefer backup path with lowest total metric</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="node-protecting"> + <properties> + <help>Prefer node protecting backup path</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-protocol.xml.i b/interface-definitions/include/isis/lfa-protocol.xml.i new file mode 100644 index 000000000..cfb1a6dc1 --- /dev/null +++ b/interface-definitions/include/isis/lfa-protocol.xml.i @@ -0,0 +1,11 @@ +<!-- include start from isis/lfa-protocol.xml.i --> +<node name="lfa"> + <properties> + <help>Loop free alternate functionality</help> + </properties> + <children> + #include <include/isis/lfa-remote.xml.i> + #include <include/isis/lfa-local.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-remote.xml.i b/interface-definitions/include/isis/lfa-remote.xml.i new file mode 100644 index 000000000..8434e35bf --- /dev/null +++ b/interface-definitions/include/isis/lfa-remote.xml.i @@ -0,0 +1,28 @@ +<!-- include start from isis/lfa-remote.xml.i --> +<node name="remote"> + <properties> + <help>Remote loop free alternate options</help> + </properties> + <children> + <tagNode name="prefix-list"> + <properties> + <help>Filter PQ node router ID based on prefix list</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of IPv4/IPv6 prefix-list</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i index 648f2b319..404f03cb5 100644 --- a/interface-definitions/include/isis/protocol-common-config.xml.i +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -165,6 +165,14 @@ </properties> </leafNode> #include <include/isis/ldp-sync-protocol.xml.i> +<node name="fast-reroute"> + <properties> + <help>IS-IS fast reroute configuration</help> + </properties> + <children> + #include <include/isis/lfa-protocol.xml.i> + </children> +</node> <leafNode name="net"> <properties> <help>A Network Entity Title for this process (ISO only)</help> diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i index 6234e6195..deb13529d 100644 --- a/interface-definitions/include/nat-rule.xml.i +++ b/interface-definitions/include/nat-rule.xml.i @@ -34,12 +34,7 @@ #include <include/firewall/nat-balance.xml.i> </children> </node> - <leafNode name="log"> - <properties> - <help>NAT rule logging</help> - <valueless/> - </properties> - </leafNode> + #include <include/firewall/log.xml.i> <leafNode name="packet-type"> <properties> <help>Packet type</help> diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i index 8eab04d4a..4405f9c26 100644 --- a/interface-definitions/include/policy/route-common.xml.i +++ b/interface-definitions/include/policy/route-common.xml.i @@ -77,25 +77,7 @@ </leafNode>
</children>
</node>
-<leafNode name="log">
- <properties>
- <help>Option to log packets matching rule</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable log</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable log</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
-</leafNode>
+#include <include/firewall/log.xml.i>
<leafNode name="protocol">
<properties>
<help>Protocol to match (protocol name, number, or "all")</help>
@@ -231,89 +213,7 @@ </leafNode>
</children>
</node>
-<node name="state">
- <properties>
- <help>Session state</help>
- </properties>
- <children>
- <leafNode name="established">
- <properties>
- <help>Established state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="invalid">
- <properties>
- <help>Invalid state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="new">
- <properties>
- <help>New state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="related">
- <properties>
- <help>Related state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
+#include <include/firewall/state.xml.i>
#include <include/firewall/tcp-flags.xml.i>
#include <include/firewall/tcp-mss.xml.i>
<node name="time">
diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i index a0cdcd7c3..e454b9025 100644 --- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i +++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i @@ -25,27 +25,7 @@ #include <include/radius-server-auth-port.xml.i> </children> </tagNode> - <leafNode name="source-address"> - <properties> - <help>Source IP address used to initiate connection</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - </completionHelp> - <valueHelp> - <format>ipv4</format> - <description>IPv4 source address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 source address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> - </constraint> - <multi/> - </properties> - </leafNode> + #include <include/source-address-ipv4-ipv6-multi.xml.i> <leafNode name="security-mode"> <properties> <help>Security mode for RADIUS authentication</help> diff --git a/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i b/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i new file mode 100644 index 000000000..d56ca5be6 --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i @@ -0,0 +1,22 @@ +<!-- include start from source-address-ipv4-ipv6-multi.xml.i --> +<leafNode name="source-address"> + <properties> + <help>Source IP address used to initiate connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 source address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/url-http-https.xml.i b/interface-definitions/include/url-http-https.xml.i new file mode 100644 index 000000000..f763c2bb2 --- /dev/null +++ b/interface-definitions/include/url-http-https.xml.i @@ -0,0 +1,15 @@ +<!-- include start from url-http-https.xml.i --> +<leafNode name="url"> + <properties> + <help>Remote URL</help> + <valueHelp> + <format>url</format> + <description>Remote HTTP(S) URL</description> + </valueHelp> + <constraint> + <validator name="url" argument="--scheme http --scheme https"/> + </constraint> + <constraintErrorMessage>Invalid HTTP(S) URL format</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/url.xml.i b/interface-definitions/include/url.xml.i deleted file mode 100644 index caa6f67bd..000000000 --- a/interface-definitions/include/url.xml.i +++ /dev/null @@ -1,15 +0,0 @@ -<!-- include start from url.xml.i --> -<leafNode name="url"> - <properties> - <help>Remote URL</help> - <valueHelp> - <format>url</format> - <description>Remote URL</description> - </valueHelp> - <constraint> - <regex>^https?:\/\/?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*(\:[0-9]+)*(\/.*)?</regex> - </constraint> - <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/version/cluster-version.xml.i b/interface-definitions/include/version/cluster-version.xml.i index 621996df4..402fe36c5 100644 --- a/interface-definitions/include/version/cluster-version.xml.i +++ b/interface-definitions/include/version/cluster-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/cluster-version.xml.i --> -<syntaxVersion component='cluster' version='1'></syntaxVersion> +<syntaxVersion component='cluster' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/dns-dynamic-version.xml.i b/interface-definitions/include/version/dns-dynamic-version.xml.i index b25fc6e76..7bdb90a35 100644 --- a/interface-definitions/include/version/dns-dynamic-version.xml.i +++ b/interface-definitions/include/version/dns-dynamic-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/dns-dynamic-version.xml.i --> -<syntaxVersion component='dns-dynamic' version='1'></syntaxVersion> +<syntaxVersion component='dns-dynamic' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index dd21bfaca..299eebb00 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/firewall-version.xml.i --> -<syntaxVersion component='firewall' version='11'></syntaxVersion> +<syntaxVersion component='firewall' version='13'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/interfaces-version.xml.i b/interface-definitions/include/version/interfaces-version.xml.i index 3d11ce888..854e60f4e 100644 --- a/interface-definitions/include/version/interfaces-version.xml.i +++ b/interface-definitions/include/version/interfaces-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/interfaces-version.xml.i --> -<syntaxVersion component='interfaces' version='30'></syntaxVersion> +<syntaxVersion component='interfaces' version='32'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i index 027216a07..656da6e14 100644 --- a/interface-definitions/include/version/nat-version.xml.i +++ b/interface-definitions/include/version/nat-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat-version.xml.i --> -<syntaxVersion component='nat' version='5'></syntaxVersion> +<syntaxVersion component='nat' version='7'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/nat66-version.xml.i b/interface-definitions/include/version/nat66-version.xml.i index 7b7123dcc..478ca080f 100644 --- a/interface-definitions/include/version/nat66-version.xml.i +++ b/interface-definitions/include/version/nat66-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat66-version.xml.i --> -<syntaxVersion component='nat66' version='1'></syntaxVersion> +<syntaxVersion component='nat66' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/openvpn-version.xml.i b/interface-definitions/include/version/openvpn-version.xml.i new file mode 100644 index 000000000..b4dd742a3 --- /dev/null +++ b/interface-definitions/include/version/openvpn-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/openvpn-version.xml.i --> +<syntaxVersion component='openvpn' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/policy-version.xml.i b/interface-definitions/include/version/policy-version.xml.i index 2c96e0f15..4fbe757f5 100644 --- a/interface-definitions/include/version/policy-version.xml.i +++ b/interface-definitions/include/version/policy-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/policy-version.xml.i --> -<syntaxVersion component='policy' version='6'></syntaxVersion> +<syntaxVersion component='policy' version='7'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in index 427e04a54..86c4776b6 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces-bonding.xml.in @@ -56,6 +56,60 @@ #include <include/interface/disable.xml.i> #include <include/interface/vrf.xml.i> #include <include/interface/mirror.xml.i> + <node name="evpn"> + <properties> + <help>EVPN Multihoming</help> + </properties> + <children> + <leafNode name="es-df-pref"> + <properties> + <help>Preference value used for designated forwarder (DF) election</help> + <valueHelp> + <format>u32:1-65535</format> + <description>DF Preference value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="es-id"> + <properties> + <help>Ethernet segment identifier</help> + <valueHelp> + <format>u32:1-16777215</format> + <description>Local discriminator</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>10-byte ID - 00:11:22:33:44:55:AA:BB:CC:DD</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + <regex>([0-9A-Fa-f][0-9A-Fa-f]:){9}[0-9A-Fa-f][0-9A-Fa-f]</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="es-sys-mac"> + <properties> + <help>Ethernet segment system MAC</help> + <valueHelp> + <format>macaddr</format> + <description>MAC address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="uplink"> + <properties> + <help>Uplink to the VXLAN core</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> <leafNode name="hash-policy"> <properties> <help>Bonding transmit hash policy</help> diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in index fcfb8686c..db3762065 100644 --- a/interface-definitions/interfaces-bridge.xml.in +++ b/interface-definitions/interfaces-bridge.xml.in @@ -123,6 +123,9 @@ <completionHelp> <script>${vyos_completion_dir}/list_interfaces --bridgeable</script> </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> </properties> <children> <leafNode name="native-vlan"> diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index 831659250..b8b04334c 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -48,29 +48,17 @@ <properties> <help>Standard Data Encryption Algorithm</help> <completionHelp> - <list>none des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> + <list>none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> </completionHelp> <valueHelp> <format>none</format> <description>Disable encryption</description> </valueHelp> <valueHelp> - <format>des</format> - <description>DES algorithm</description> - </valueHelp> - <valueHelp> <format>3des</format> <description>DES algorithm with triple encryption</description> </valueHelp> <valueHelp> - <format>bf128</format> - <description>Blowfish algorithm with 128-bit key</description> - </valueHelp> - <valueHelp> - <format>bf256</format> - <description>Blowfish algorithm with 256-bit key</description> - </valueHelp> - <valueHelp> <format>aes128</format> <description>AES algorithm with 128-bit key CBC</description> </valueHelp> @@ -95,7 +83,7 @@ <description>AES algorithm with 256-bit key GCM</description> </valueHelp> <constraint> - <regex>(none|des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> + <regex>(none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> </constraint> </properties> </leafNode> @@ -103,17 +91,13 @@ <properties> <help>Cipher negotiation list for use in server or client mode</help> <completionHelp> - <list>none des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> + <list>none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> </completionHelp> <valueHelp> <format>none</format> <description>Disable encryption</description> </valueHelp> <valueHelp> - <format>des</format> - <description>DES algorithm</description> - </valueHelp> - <valueHelp> <format>3des</format> <description>DES algorithm with triple encryption</description> </valueHelp> @@ -142,7 +126,7 @@ <description>AES algorithm with 256-bit key GCM</description> </valueHelp> <constraint> - <regex>(none|des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> + <regex>(none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> </constraint> <multi/> </properties> diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in index b78f92c85..30fcb8573 100644 --- a/interface-definitions/interfaces-pppoe.xml.in +++ b/interface-definitions/interfaces-pppoe.xml.in @@ -109,6 +109,20 @@ <leafNode name="mtu"> <defaultValue>1492</defaultValue> </leafNode> + <leafNode name="mru"> + <properties> + <help>Maximum Receive Unit (MRU)</help> + <valueHelp> + <format>u32:128-16384</format> + <description>Maximum Receive Unit in byte</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 128-16384"/> + </constraint> + <constraintErrorMessage>MRU must be between 128 and 16384</constraintErrorMessage> + </properties> + <defaultValue>1492</defaultValue> + </leafNode> #include <include/interface/no-peer-dns.xml.i> <leafNode name="remote-address"> <properties> diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in index b246d9a09..f20743a65 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -19,12 +19,6 @@ #include <include/interface/address-ipv4-ipv6.xml.i> #include <include/generic-description.xml.i> #include <include/interface/disable.xml.i> - <leafNode name="external"> - <properties> - <help>Use external control plane</help> - <valueless/> - </properties> - </leafNode> <leafNode name="gpe"> <properties> <help>Enable Generic Protocol extension (VXLAN-GPE)</help> @@ -83,17 +77,29 @@ #include <include/interface/parameters-flowlabel.xml.i> </children> </node> + <leafNode name="external"> + <properties> + <help>Use external control plane</help> + <valueless/> + </properties> + </leafNode> <leafNode name="nolearning"> <properties> <help>Do not add unknown addresses into forwarding database</help> <valueless/> </properties> </leafNode> + <leafNode name="neighbor-suppress"> + <properties> + <help>Enable neighbor discovery (ARP and ND) suppression</help> + <valueless/> + </properties> + </leafNode> </children> </node> #include <include/port-number.xml.i> <leafNode name="port"> - <defaultValue>8472</defaultValue> + <defaultValue>4789</defaultValue> </leafNode> #include <include/source-address-ipv4-ipv6.xml.i> #include <include/source-interface.xml.i> diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in index a06ceefb6..0a639bd80 100644 --- a/interface-definitions/nat.xml.in +++ b/interface-definitions/nat.xml.in @@ -14,7 +14,7 @@ #include <include/nat-rule.xml.i> <tagNode name="rule"> <children> - #include <include/inbound-interface.xml.i> + #include <include/firewall/inbound-interface.xml.i> <node name="translation"> <properties> <help>Inside NAT IP (destination NAT only)</help> @@ -77,7 +77,7 @@ <constraintErrorMessage>NAT rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> - #include <include/nat-interface.xml.i> + #include <include/firewall/outbound-interface.xml.i> <node name="translation"> <properties> <help>Outside NAT IP (source NAT only)</help> diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in index 7a8970bdf..2fd95e03a 100644 --- a/interface-definitions/nat66.xml.in +++ b/interface-definitions/nat66.xml.in @@ -32,20 +32,8 @@ </properties> </leafNode> #include <include/nat-exclude.xml.i> - <leafNode name="log"> - <properties> - <help>NAT66 rule logging</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="outbound-interface"> - <properties> - <help>Outbound interface of NAT66 traffic</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> + #include <include/firewall/log.xml.i> + #include <include/firewall/outbound-interface-no-group.xml.i> #include <include/nat/protocol.xml.i> <node name="destination"> <properties> @@ -166,15 +154,7 @@ <valueless/> </properties> </leafNode> - <leafNode name="inbound-interface"> - <properties> - <help>Inbound interface of NAT66 traffic</help> - <completionHelp> - <list>any</list> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> + #include <include/firewall/inbound-interface-no-group.xml.i> #include <include/nat/protocol.xml.i> <node name="destination"> <properties> diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy-local-route.xml.in index 6827bd64e..15be099c9 100644 --- a/interface-definitions/policy-local-route.xml.in +++ b/interface-definitions/policy-local-route.xml.in @@ -60,6 +60,7 @@ </properties> <children> #include <include/policy/local-route_rule_ipv4_address.xml.i> + #include <include/port-number.xml.i> </children> </node> <node name="destination"> @@ -68,6 +69,7 @@ </properties> <children> #include <include/policy/local-route_rule_ipv4_address.xml.i> + #include <include/port-number.xml.i> </children> </node> #include <include/interface/inbound-interface.xml.i> @@ -125,12 +127,14 @@ </constraint> </properties> </leafNode> + #include <include/policy/local-route_rule_protocol.xml.i> <node name="source"> <properties> <help>Source parameters</help> </properties> <children> #include <include/policy/local-route_rule_ipv6_address.xml.i> + #include <include/port-number.xml.i> </children> </node> <node name="destination"> @@ -139,6 +143,7 @@ </properties> <children> #include <include/policy/local-route_rule_ipv6_address.xml.i> + #include <include/port-number.xml.i> </children> </node> #include <include/interface/inbound-interface.xml.i> diff --git a/interface-definitions/protocols_static_neighbor-proxy.xml.in b/interface-definitions/protocols_static_neighbor-proxy.xml.in new file mode 100644 index 000000000..1c8433a39 --- /dev/null +++ b/interface-definitions/protocols_static_neighbor-proxy.xml.in @@ -0,0 +1,48 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="static"> + <children> + <node name="neighbor-proxy" owner="${vyos_conf_scripts_dir}/protocols_static_neighbor-proxy.py"> + <properties> + <help>Neighbor proxy parameters</help> + </properties> + <children> + <tagNode name="arp"> + <properties> + <help>IP address for selective ARP proxy</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 destination address allowed for proxy-arp</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/generic-interface-multi.xml.i> + </children> + </tagNode> + <tagNode name="nd"> + <properties> + <help>IPv6 address for selective NDP proxy</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 destination address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + #include <include/generic-interface-multi.xml.i> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service-ipoe-server.xml.in index b6e6503d3..9ac0c8fdf 100644 --- a/interface-definitions/service-ipoe-server.xml.in +++ b/interface-definitions/service-ipoe-server.xml.in @@ -102,6 +102,7 @@ #include <include/accel-ppp/vlan.xml.i> </children> </tagNode> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> <node name="client-ip-pool"> <properties> diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service-monitoring-telegraf.xml.in index ae0bae900..4d694114a 100644 --- a/interface-definitions/service-monitoring-telegraf.xml.in +++ b/interface-definitions/service-monitoring-telegraf.xml.in @@ -53,7 +53,7 @@ </properties> <defaultValue>main</defaultValue> </leafNode> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> #include <include/port-number.xml.i> <leafNode name="port"> <defaultValue>8086</defaultValue> @@ -145,7 +145,7 @@ <constraintErrorMessage>Table is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage> </properties> </leafNode> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> </children> </node> <leafNode name="source"> @@ -271,7 +271,7 @@ </leafNode> </children> </node> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> </children> </node> #include <include/interface/vrf.xml.i> diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service-pppoe-server.xml.in index 022ac2885..44b689fe1 100644 --- a/interface-definitions/service-pppoe-server.xml.in +++ b/interface-definitions/service-pppoe-server.xml.in @@ -73,6 +73,7 @@ </children> </tagNode> #include <include/accel-ppp/gateway-address.xml.i> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> <node name="limits"> <properties> diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in index 0851b8389..ec2151b98 100644 --- a/interface-definitions/snmp.xml.in +++ b/interface-definitions/snmp.xml.in @@ -79,6 +79,101 @@ </properties> </leafNode> #include <include/generic-description.xml.i> + <node name="mib"> + <properties> + <help>Management information base (MIB)</help> + </properties> + <children> + <leafNode name="interface-max"> + <properties> + <help>Sets the maximum number of interfaces included in IF-MIB data collection</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Sets the maximum number of interfaces included in IF-MIB data collection</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="interface"> + <properties> + <help>Sets the interface name prefix to include in the IF-MIB data collection</help> + <completionHelp> + <list>br bond dum eth gnv macsec peth sstpc tun veth vti vtun vxlan wg wlan wwan</list> + </completionHelp> + <valueHelp> + <format>br</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>bond</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>dum</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>eth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>gnv</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>macsec</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>peth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>sstpc</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>tun</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>veth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vti</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vtun</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vxlan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wg</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wlan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wwan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <constraint> + <regex>(br|bond|dum|eth|gnv|macsec|peth|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <tagNode name="listen-address"> <properties> <help>IP address to listen for incoming SNMP requests</help> diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in index 30fea91b0..a2f8beead 100644 --- a/interface-definitions/system-login.xml.in +++ b/interface-definitions/system-login.xml.in @@ -244,21 +244,7 @@ </leafNode> </children> </tagNode> - <leafNode name="source-address"> - <properties> - <help>Source IP used to communicate with TACACS+ server</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> - </completionHelp> - <valueHelp> - <format>ipv4</format> - <description>IPv4 source address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> + #include <include/source-address-ipv4.xml.i> <leafNode name="security-mode"> <properties> <help>Security mode for TACACS+ authentication</help> diff --git a/interface-definitions/system-update-check.xml.in b/interface-definitions/system-update-check.xml.in index e4d7041ec..a7d754003 100644 --- a/interface-definitions/system-update-check.xml.in +++ b/interface-definitions/system-update-check.xml.in @@ -14,7 +14,7 @@ <valueless/> </properties> </leafNode> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> </children> </node> </children> diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn-l2tp.xml.in index ee0edc3e3..60a1d323b 100644 --- a/interface-definitions/vpn-l2tp.xml.in +++ b/interface-definitions/vpn-l2tp.xml.in @@ -13,6 +13,7 @@ <help>Remote access L2TP VPN</help> </properties> <children> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> <leafNode name="outside-address"> <properties> diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn-pptp.xml.in index 5a8b4a78a..964c4d21e 100644 --- a/interface-definitions/vpn-pptp.xml.in +++ b/interface-definitions/vpn-pptp.xml.in @@ -13,6 +13,7 @@ <help>Remote access PPTP VPN</help> </properties> <children> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> <leafNode name="outside-address"> <properties> diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn-sstp.xml.in index 9e912063f..9c818ba60 100644 --- a/interface-definitions/vpn-sstp.xml.in +++ b/interface-definitions/vpn-sstp.xml.in @@ -25,6 +25,7 @@ </node> </children> </node> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/interface/mtu-68-1500.xml.i> #include <include/accel-ppp/gateway-address.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> diff --git a/interface-definitions/vpp.xml.in b/interface-definitions/vpp.xml.in deleted file mode 100644 index 3f0758c0a..000000000 --- a/interface-definitions/vpp.xml.in +++ /dev/null @@ -1,342 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="vpp" owner="${vyos_conf_scripts_dir}/vpp.py"> - <properties> - <help>Accelerated data-plane</help> - <priority>295</priority> - </properties> - <children> - <node name="cpu"> - <properties> - <help>CPU settings</help> - </properties> - <children> - <leafNode name="corelist-workers"> - <properties> - <help>List of cores worker threads</help> - <valueHelp> - <format><id></format> - <description>CPU core id</description> - </valueHelp> - <valueHelp> - <format><idN>-<idM></format> - <description>CPU core id range (use '-' as delimiter)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--allow-range --range 0-512"/> - </constraint> - <constraintErrorMessage>not a valid CPU core value or range</constraintErrorMessage> - <multi/> - </properties> - </leafNode> - <leafNode name="main-core"> - <properties> - <help>Main core</help> - <valueHelp> - <format>u32:0-512</format> - <description>Assign main thread to specific core</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-512"/> - </constraint> - </properties> - </leafNode> - <leafNode name="skip-cores"> - <properties> - <help>Skip cores</help> - <valueHelp> - <format>u32:0-512</format> - <description>Skip cores</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-512"/> - </constraint> - </properties> - </leafNode> - <leafNode name="workers"> - <properties> - <help>Create worker threads</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Worker threads</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-512"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <tagNode name="interface"> - <properties> - <help>Interface</help> - <valueHelp> - <format>ethN</format> - <description>Interface name</description> - </valueHelp> - <constraint> - <regex>((eth|lan)[0-9]+|(eno|ens|enp|enx).+)</regex> - </constraint> - <constraintErrorMessage>Invalid interface name</constraintErrorMessage> - </properties> - <children> - <leafNode name="num-rx-desc"> - <properties> - <help>Number of receive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of receive ring descriptors</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name="num-tx-desc"> - <properties> - <help>Number of tranceive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of tranceive ring descriptors</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name="num-rx-queues"> - <properties> - <help>Number of receive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of receive queues</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name="num-tx-queues"> - <properties> - <help>Number of tranceive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of tranceive queues</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name='pci'> - <properties> - <help>PCI address allocation</help> - <valueHelp> - <format>auto</format> - <description>Auto detect PCI address</description> - </valueHelp> - <valueHelp> - <format><xxxx:xx:xx.x></format> - <description>Set Peripheral Component Interconnect (PCI) address</description> - </valueHelp> - <constraint> - <regex>(auto|[0-9a-fA-F]{4}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}\.[0-9a-fA-F])</regex> - </constraint> - </properties> - <defaultValue>auto</defaultValue> - </leafNode> - <leafNode name="rx-mode"> - <properties> - <help>Receive packet processing mode</help> - <completionHelp> - <list>polling interrupt adaptive</list> - </completionHelp> - <valueHelp> - <format>polling</format> - <description>Constantly check for new data</description> - </valueHelp> - <valueHelp> - <format>interrupt</format> - <description>Interrupt mode</description> - </valueHelp> - <valueHelp> - <format>adaptive</format> - <description>Adaptive mode</description> - </valueHelp> - <constraint> - <regex>(polling|interrupt|adaptive)</regex> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - <node name="ip"> - <properties> - <help>IP settings</help> - </properties> - <children> - <leafNode name="heap-size"> - <properties> - <help>IPv4 heap size</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Amount of memory (in Mbytes) dedicated to the destination IP lookup table</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>32</defaultValue> - </leafNode> - </children> - </node> - <node name="ip6"> - <properties> - <help>IPv6 settings</help> - </properties> - <children> - <leafNode name="heap-size"> - <properties> - <help>IPv6 heap size</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Amount of memory (in Mbytes) dedicated to the destination IP lookup table</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>32</defaultValue> - </leafNode> - <leafNode name="hash-buckets"> - <properties> - <help>IPv6 forwarding table hash buckets</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>IPv6 forwarding table hash buckets</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>65536</defaultValue> - </leafNode> - </children> - </node> - <node name="l2learn"> - <properties> - <help>Level 2 MAC address learning settings</help> - </properties> - <children> - <leafNode name="limit"> - <properties> - <help>Number of MAC addresses in the L2 FIB</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>Number of concurent entries</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>4194304</defaultValue> - </leafNode> - </children> - </node> - <node name="logging"> - <properties> - <help>Loggint settings</help> - </properties> - <children> - <leafNode name="default-log-level"> - <properties> - <help>default-log-level</help> - <completionHelp> - <list>alert crit debug disabled emerg err info notice warn</list> - </completionHelp> - <valueHelp> - <format>alert</format> - <description>Alert</description> - </valueHelp> - <valueHelp> - <format>crit</format> - <description>Critical</description> - </valueHelp> - <valueHelp> - <format>debug</format> - <description>Debug</description> - </valueHelp> - <valueHelp> - <format>disabled</format> - <description>Disabled</description> - </valueHelp> - <valueHelp> - <format>emerg</format> - <description>Emergency</description> - </valueHelp> - <valueHelp> - <format>err</format> - <description>Error</description> - </valueHelp> - <valueHelp> - <format>info</format> - <description>Informational</description> - </valueHelp> - <valueHelp> - <format>notice</format> - <description>Notice</description> - </valueHelp> - <valueHelp> - <format>warn</format> - <description>Warning</description> - </valueHelp> - <constraint> - <regex>(alert|crit|debug|disabled|emerg|err|info|notice|warn)</regex> - </constraint> - </properties> - </leafNode> - </children> - </node> - <node name="physmem"> - <properties> - <help>Memory settings</help> - </properties> - <children> - <leafNode name="max-size"> - <properties> - <help>Set memory size for protectable memory allocator (pmalloc) memory space</help> - <valueHelp> - <format><number>m</format> - <description>Megabyte</description> - </valueHelp> - <valueHelp> - <format><number>g</format> - <description>Gigabyte</description> - </valueHelp> - </properties> - </leafNode> - </children> - </node> - <node name="unix"> - <properties> - <help>Unix settings</help> - </properties> - <children> - <leafNode name="poll-sleep-usec"> - <properties> - <help>Add a fixed-sleep between main loop poll</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Number of receive queues</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-4294967295"/> - </constraint> - </properties> - <defaultValue>0</defaultValue> - </leafNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/xml-component-version.xml.in b/interface-definitions/xml-component-version.xml.in index 8c9e816d1..cae3423dc 100644 --- a/interface-definitions/xml-component-version.xml.in +++ b/interface-definitions/xml-component-version.xml.in @@ -19,6 +19,7 @@ #include <include/version/ids-version.xml.i> #include <include/version/ipoe-server-version.xml.i> #include <include/version/ipsec-version.xml.i> + #include <include/version/openvpn-version.xml.i> #include <include/version/isis-version.xml.i> #include <include/version/l2tp-version.xml.i> #include <include/version/lldp-version.xml.i> |