summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/container.xml.in55
-rw-r--r--interface-definitions/dhcp-server.xml.in13
-rw-r--r--interface-definitions/dns-domain-name.xml.in2
-rw-r--r--interface-definitions/dns-dynamic.xml.in14
-rw-r--r--interface-definitions/dns-forwarding.xml.in4
-rw-r--r--interface-definitions/firewall.xml.in62
-rw-r--r--interface-definitions/high-availability.xml.in54
-rw-r--r--interface-definitions/https.xml.in55
-rw-r--r--interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i54
-rw-r--r--interface-definitions/include/bgp/afi-rd.xml.i2
-rw-r--r--interface-definitions/include/bgp/neighbor-local-role.xml.i42
-rw-r--r--interface-definitions/include/bgp/neighbor-update-source.xml.i2
-rw-r--r--interface-definitions/include/bgp/protocol-common-config.xml.i10
-rw-r--r--interface-definitions/include/certificate-ca.xml.i2
-rw-r--r--interface-definitions/include/certificate-key.xml.i2
-rw-r--r--interface-definitions/include/certificate.xml.i2
-rw-r--r--interface-definitions/include/constraint/interface-name.xml.in4
-rw-r--r--interface-definitions/include/dhcp-interface-multi.xml.i18
-rw-r--r--interface-definitions/include/dhcp-interface.xml.i2
-rw-r--r--interface-definitions/include/firewall/address-mask-ipv6.xml.i14
-rw-r--r--interface-definitions/include/firewall/address-mask.xml.i14
-rw-r--r--interface-definitions/include/firewall/common-rule.xml.i51
-rw-r--r--interface-definitions/include/firewall/connection-mark.xml.i15
-rw-r--r--interface-definitions/include/firewall/fqdn.xml.i14
-rw-r--r--interface-definitions/include/firewall/fwmark.xml.i14
-rw-r--r--interface-definitions/include/firewall/icmpv6-type-name.xml.i16
-rw-r--r--interface-definitions/include/firewall/mac-address.xml.i19
-rw-r--r--interface-definitions/include/firewall/match-interface.xml.i18
-rw-r--r--interface-definitions/include/firewall/rule-log-level.xml.i2
-rw-r--r--interface-definitions/include/firewall/source-destination-group-ipv6.xml.i8
-rw-r--r--interface-definitions/include/generic-description.xml.i4
-rw-r--r--interface-definitions/include/generic-interface-broadcast.xml.i2
-rw-r--r--interface-definitions/include/generic-interface-multi-broadcast.xml.i2
-rw-r--r--interface-definitions/include/generic-interface-multi.xml.i2
-rw-r--r--interface-definitions/include/generic-interface.xml.i2
-rw-r--r--interface-definitions/include/interface/description.xml.i11
-rw-r--r--interface-definitions/include/interface/interface-policy-vif-c.xml.i26
-rw-r--r--interface-definitions/include/interface/interface-policy-vif.xml.i26
-rw-r--r--interface-definitions/include/interface/interface-policy.xml.i26
-rw-r--r--interface-definitions/include/interface/mirror.xml.i18
-rw-r--r--interface-definitions/include/interface/no-peer-dns.xml.i8
-rw-r--r--interface-definitions/include/interface/redirect.xml.i6
-rw-r--r--interface-definitions/include/interface/vif-s.xml.i6
-rw-r--r--interface-definitions/include/interface/vif.xml.i3
-rw-r--r--interface-definitions/include/listen-address-ipv4-single.xml.i17
-rw-r--r--interface-definitions/include/listen-address-single.xml.i1
-rw-r--r--interface-definitions/include/nat-rule.xml.i2
-rw-r--r--interface-definitions/include/ospf/protocol-common-config.xml.i2
-rw-r--r--interface-definitions/include/ospfv3/protocol-common-config.xml.i2
-rw-r--r--interface-definitions/include/policy/route-common-rule-ipv6.xml.i557
-rw-r--r--interface-definitions/include/policy/route-common.xml.i (renamed from interface-definitions/include/policy/route-common-rule.xml.i)766
-rw-r--r--interface-definitions/include/policy/route-ipv4.xml.i45
-rw-r--r--interface-definitions/include/policy/route-ipv6.xml.i196
-rw-r--r--interface-definitions/include/port-number-start-zero.xml.i15
-rw-r--r--interface-definitions/include/qos/bandwidth-auto.xml.i47
-rw-r--r--interface-definitions/include/qos/bandwidth.xml.i32
-rw-r--r--interface-definitions/include/qos/class-match-ipv4-address.xml.i19
-rw-r--r--interface-definitions/include/qos/class-match-ipv6-address.xml.i14
-rw-r--r--interface-definitions/include/qos/class-match.xml.i (renamed from interface-definitions/include/qos/match.xml.i)62
-rw-r--r--interface-definitions/include/qos/class-police-exceed.xml.i (renamed from interface-definitions/include/qos/limiter-actions.xml.i)14
-rw-r--r--interface-definitions/include/qos/class-priority.xml.i15
-rw-r--r--interface-definitions/include/qos/match-dscp.xml.i (renamed from interface-definitions/include/qos/dscp.xml.i)3
-rw-r--r--interface-definitions/include/qos/max-length.xml.i8
-rw-r--r--interface-definitions/include/qos/queue-type.xml.i17
-rw-r--r--interface-definitions/include/qos/set-dscp.xml.i84
-rw-r--r--interface-definitions/include/radius-acct-server-ipv4.xml.i26
-rw-r--r--interface-definitions/include/radius-auth-server-ipv4.xml.i (renamed from interface-definitions/include/radius-server-ipv4.xml.i)4
-rw-r--r--interface-definitions/include/radius-server-acct-port.xml.i15
-rw-r--r--interface-definitions/include/radius-server-auth-port.xml.i (renamed from interface-definitions/include/radius-server-port.xml.i)2
-rw-r--r--interface-definitions/include/radius-server-ipv4-ipv6.xml.i2
-rw-r--r--interface-definitions/include/radius-timeout.xml.i16
-rw-r--r--interface-definitions/include/rip/interface.xml.i2
-rw-r--r--interface-definitions/include/routing-passive-interface.xml.i2
-rw-r--r--interface-definitions/include/server-ipv4-fqdn.xml.i15
-rw-r--r--interface-definitions/include/source-interface.xml.i2
-rw-r--r--interface-definitions/include/static/static-route-interface.xml.i2
-rw-r--r--interface-definitions/include/static/static-route.xml.i3
-rw-r--r--interface-definitions/include/static/static-route6.xml.i3
-rw-r--r--interface-definitions/include/version/container-version.xml.i3
-rw-r--r--interface-definitions/include/version/firewall-version.xml.i2
-rw-r--r--interface-definitions/include/version/https-version.xml.i2
-rw-r--r--interface-definitions/include/version/ipsec-version.xml.i2
-rw-r--r--interface-definitions/include/version/ntp-version.xml.i2
-rw-r--r--interface-definitions/include/version/policy-version.xml.i2
-rw-r--r--interface-definitions/include/version/qos-version.xml.i2
-rw-r--r--interface-definitions/include/version/snmp-version.xml.i2
-rw-r--r--interface-definitions/include/vrrp/garp.xml.i78
-rw-r--r--interface-definitions/interfaces-bonding.xml.in7
-rw-r--r--interface-definitions/interfaces-bridge.xml.in5
-rw-r--r--interface-definitions/interfaces-dummy.xml.in22
-rw-r--r--interface-definitions/interfaces-ethernet.xml.in3
-rw-r--r--interface-definitions/interfaces-geneve.xml.in3
-rw-r--r--interface-definitions/interfaces-input.xml.in3
-rw-r--r--interface-definitions/interfaces-l2tpv3.xml.in3
-rw-r--r--interface-definitions/interfaces-loopback.xml.in2
-rw-r--r--interface-definitions/interfaces-macsec.xml.in3
-rw-r--r--interface-definitions/interfaces-openvpn.xml.in3
-rw-r--r--interface-definitions/interfaces-pppoe.xml.in23
-rw-r--r--interface-definitions/interfaces-pseudo-ethernet.xml.in3
-rw-r--r--interface-definitions/interfaces-sstpc.xml.in47
-rw-r--r--interface-definitions/interfaces-tunnel.xml.in3
-rw-r--r--interface-definitions/interfaces-virtual-ethernet.xml.in45
-rw-r--r--interface-definitions/interfaces-vti.xml.in3
-rw-r--r--interface-definitions/interfaces-vxlan.xml.in3
-rw-r--r--interface-definitions/interfaces-wireguard.xml.in3
-rw-r--r--interface-definitions/interfaces-wireless.xml.in5
-rw-r--r--interface-definitions/interfaces-wwan.xml.in3
-rw-r--r--interface-definitions/netns.xml.in2
-rw-r--r--interface-definitions/ntp.xml.in25
-rw-r--r--interface-definitions/policy-route.xml.in10
-rw-r--r--interface-definitions/policy.xml.in20
-rw-r--r--interface-definitions/protocols-failover.xml.in114
-rw-r--r--interface-definitions/protocols-rip.xml.in2
-rw-r--r--interface-definitions/protocols-ripng.xml.in2
-rw-r--r--interface-definitions/protocols-rpki.xml.in6
-rw-r--r--interface-definitions/protocols-static-arp.xml.in2
-rw-r--r--interface-definitions/protocols-static.xml.in7
-rw-r--r--interface-definitions/qos.xml.in471
-rw-r--r--interface-definitions/service-console-server.xml.in2
-rw-r--r--interface-definitions/service-ipoe-server.xml.in2
-rw-r--r--interface-definitions/service-pppoe-server.xml.in49
-rw-r--r--interface-definitions/service-router-advert.xml.in13
-rw-r--r--interface-definitions/service-upnp.xml.in4
-rw-r--r--interface-definitions/snmp.xml.in29
-rw-r--r--interface-definitions/ssh.xml.in13
-rw-r--r--interface-definitions/system-config-mgmt.xml.in58
-rw-r--r--interface-definitions/system-login.xml.in28
-rw-r--r--interface-definitions/system-option.xml.in1
-rw-r--r--interface-definitions/vpn-ipsec.xml.in78
-rw-r--r--interface-definitions/vpn-l2tp.xml.in4
-rw-r--r--interface-definitions/vpn-openconnect.xml.in40
-rw-r--r--interface-definitions/vpn-pptp.xml.in2
-rw-r--r--interface-definitions/vpn-sstp.xml.in2
-rw-r--r--interface-definitions/vrf.xml.in2
-rw-r--r--interface-definitions/xml-component-version.xml.in1
135 files changed, 2429 insertions, 1585 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
index 51171d881..b61664125 100644
--- a/interface-definitions/container.xml.in
+++ b/interface-definitions/container.xml.in
@@ -111,7 +111,7 @@
</leafNode>
<leafNode name="memory">
<properties>
- <help>Constrain the memory available to a container</help>
+ <help>Memory (RAM) available to this container</help>
<valueHelp>
<format>u32:0</format>
<description>Unlimited</description>
@@ -127,6 +127,24 @@
</properties>
<defaultValue>512</defaultValue>
</leafNode>
+ <leafNode name="shared-memory">
+ <properties>
+ <help>Shared memory available to this container</help>
+ <valueHelp>
+ <format>u32:0</format>
+ <description>Unlimited</description>
+ </valueHelp>
+ <valueHelp>
+ <format>u32:1-8192</format>
+ <description>Container memory in megabytes (MB)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-8192"/>
+ </constraint>
+ <constraintErrorMessage>Container memory must be in range 0 to 8192 MB</constraintErrorMessage>
+ </properties>
+ <defaultValue>64</defaultValue>
+ </leafNode>
<tagNode name="network">
<properties>
<help>Attach user defined network to container</help>
@@ -189,14 +207,23 @@
</leafNode>
<leafNode name="protocol">
<properties>
- <help>Protocol tcp/udp</help>
+ <help>Transport protocol used for port mapping</help>
<completionHelp>
<list>tcp udp</list>
</completionHelp>
+ <valueHelp>
+ <format>tcp</format>
+ <description>Use Transmission Control Protocol for given port</description>
+ </valueHelp>
+ <valueHelp>
+ <format>udp</format>
+ <description>Use User Datagram Protocol for given port</description>
+ </valueHelp>
<constraint>
<regex>(tcp|udp)</regex>
</constraint>
</properties>
+ <defaultValue>tcp</defaultValue>
</leafNode>
</children>
</tagNode>
@@ -247,6 +274,26 @@
</valueHelp>
</properties>
</leafNode>
+ <leafNode name="mode">
+ <properties>
+ <help>Volume access mode ro/rw</help>
+ <completionHelp>
+ <list>ro rw</list>
+ </completionHelp>
+ <valueHelp>
+ <format>ro</format>
+ <description>Volume mounted into the container as read-only</description>
+ </valueHelp>
+ <valueHelp>
+ <format>rw</format>
+ <description>Volume mounted into the container as read-write</description>
+ </valueHelp>
+ <constraint>
+ <regex>(ro|rw)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>rw</defaultValue>
+ </leafNode>
</children>
</tagNode>
</children>
@@ -254,6 +301,10 @@
<tagNode name="network">
<properties>
<help>Network name</help>
+ <constraint>
+ <regex>[-_a-zA-Z0-9]{1,11}</regex>
+ </constraint>
+ <constraintErrorMessage>Network name cannot be longer than 11 characters</constraintErrorMessage>
</properties>
<children>
<leafNode name="description">
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index 6e1592200..1830cc1ad 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -373,6 +373,19 @@
</leafNode>
</children>
</tagNode >
+ <leafNode name="ipv6-only-preferred">
+ <properties>
+ <help>Disable IPv4 on IPv6 only hosts (RFC 8925)</help>
+ <valueHelp>
+ <format>u32</format>
+ <description>Seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-4294967295"/>
+ </constraint>
+ <constraintErrorMessage>Seconds must be between 0 and 4294967295 (49 days)</constraintErrorMessage>
+ </properties>
+ </leafNode>
<leafNode name="subnet-parameters">
<properties>
<help>Additional subnet parameters for DHCP server. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.</help>
diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in
index 70b2fb271..9aca38735 100644
--- a/interface-definitions/dns-domain-name.xml.in
+++ b/interface-definitions/dns-domain-name.xml.in
@@ -25,7 +25,7 @@
<constraint>
<validator name="ipv4-address"/>
<validator name="ipv6-address"/>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in
index e41ba7f60..a39e412b2 100644
--- a/interface-definitions/dns-dynamic.xml.in
+++ b/interface-definitions/dns-dynamic.xml.in
@@ -237,19 +237,7 @@
<constraintErrorMessage>Please choose from the list of allowed protocols</constraintErrorMessage>
</properties>
</leafNode>
- <leafNode name="server">
- <properties>
- <help>Server to send DDNS update to</help>
- <valueHelp>
- <format>IPv4</format>
- <description>IP address of DDNS server</description>
- </valueHelp>
- <valueHelp>
- <format>FQDN</format>
- <description>Hostname of DDNS server</description>
- </valueHelp>
- </properties>
- </leafNode>
+ #include <include/server-ipv4-fqdn.xml.i>
<leafNode name="zone">
<properties>
<help>DNS zone to update (only available with CloudFlare)</help>
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in
index 3de0dc0eb..409028572 100644
--- a/interface-definitions/dns-forwarding.xml.in
+++ b/interface-definitions/dns-forwarding.xml.in
@@ -605,6 +605,10 @@
</properties>
</leafNode>
#include <include/listen-address.xml.i>
+ #include <include/port-number.xml.i>
+ <leafNode name="port">
+ <defaultValue>53</defaultValue>
+ </leafNode>
<leafNode name="negative-ttl">
<properties>
<help>Maximum amount of time negative entries are cached</help>
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 673461036..7d7e0a38f 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -126,7 +126,7 @@
<description>Domain address to match</description>
</valueHelp>
<constraint>
- <regex>[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,99}?(\/.*)?</regex>
+ <validator name="fqdn"/>
</constraint>
<multi/>
</properties>
@@ -134,6 +134,35 @@
#include <include/generic-description.xml.i>
</children>
</tagNode>
+ <tagNode name="interface-group">
+ <properties>
+ <help>Firewall interface-group</help>
+ <constraint>
+ <regex>[a-zA-Z0-9][\w\-\.]*</regex>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="interface">
+ <properties>
+ <help>Interface-group member</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="include">
+ <properties>
+ <help>Include another interface-group</help>
+ <completionHelp>
+ <path>firewall group interface-group</path>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ #include <include/generic-description.xml.i>
+ </children>
+ </tagNode>
<tagNode name="ipv6-address-group">
<properties>
<help>Firewall ipv6-address-group</help>
@@ -218,7 +247,7 @@
<properties>
<help>Mac-group member</help>
<valueHelp>
- <format>&lt;MAC address&gt;</format>
+ <format>macaddr</format>
<description>MAC address to match</description>
</valueHelp>
<constraint>
@@ -408,9 +437,11 @@
</properties>
<children>
#include <include/firewall/address-ipv6.xml.i>
+ #include <include/firewall/fqdn.xml.i>
#include <include/firewall/geoip.xml.i>
#include <include/firewall/source-destination-group-ipv6.xml.i>
#include <include/firewall/port.xml.i>
+ #include <include/firewall/address-mask-ipv6.xml.i>
</children>
</node>
<node name="source">
@@ -419,15 +450,18 @@
</properties>
<children>
#include <include/firewall/address-ipv6.xml.i>
+ #include <include/firewall/fqdn.xml.i>
#include <include/firewall/geoip.xml.i>
#include <include/firewall/source-destination-group-ipv6.xml.i>
#include <include/firewall/port.xml.i>
+ #include <include/firewall/address-mask-ipv6.xml.i>
</children>
</node>
#include <include/firewall/common-rule.xml.i>
#include <include/firewall/dscp.xml.i>
#include <include/firewall/packet-length.xml.i>
#include <include/firewall/hop-limit.xml.i>
+ #include <include/firewall/connection-mark.xml.i>
<node name="icmpv6">
<properties>
<help>ICMPv6 type and code information</help>
@@ -572,9 +606,11 @@
</properties>
<children>
#include <include/firewall/address.xml.i>
+ #include <include/firewall/fqdn.xml.i>
#include <include/firewall/geoip.xml.i>
#include <include/firewall/source-destination-group.xml.i>
#include <include/firewall/port.xml.i>
+ #include <include/firewall/address-mask.xml.i>
</children>
</node>
<node name="source">
@@ -583,14 +619,17 @@
</properties>
<children>
#include <include/firewall/address.xml.i>
+ #include <include/firewall/fqdn.xml.i>
#include <include/firewall/geoip.xml.i>
#include <include/firewall/source-destination-group.xml.i>
#include <include/firewall/port.xml.i>
+ #include <include/firewall/address-mask.xml.i>
</children>
</node>
#include <include/firewall/common-rule.xml.i>
#include <include/firewall/dscp.xml.i>
#include <include/firewall/packet-length.xml.i>
+ #include <include/firewall/connection-mark.xml.i>
<node name="icmp">
<properties>
<help>ICMP type and code information</help>
@@ -656,6 +695,25 @@
</properties>
<defaultValue>disable</defaultValue>
</leafNode>
+ <leafNode name="resolver-cache">
+ <properties>
+ <help>Retains last successful value if domain resolution fails</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="resolver-interval">
+ <properties>
+ <help>Domain resolver update interval</help>
+ <valueHelp>
+ <format>u32:10-3600</format>
+ <description>Interval (seconds)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 10-3600"/>
+ </constraint>
+ </properties>
+ <defaultValue>300</defaultValue>
+ </leafNode>
<leafNode name="send-redirects">
<properties>
<help>Policy for sending IPv4 ICMP redirect messages</help>
diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in
index 0631acdda..6cb40247a 100644
--- a/interface-definitions/high-availability.xml.in
+++ b/interface-definitions/high-availability.xml.in
@@ -11,12 +11,33 @@
<help>Virtual Router Redundancy Protocol settings</help>
</properties>
<children>
+ <node name="global-parameters">
+ <properties>
+ <help>VRRP global parameters</help>
+ </properties>
+ <children>
+ #include <include/vrrp/garp.xml.i>
+ <leafNode name="startup-delay">
+ <properties>
+ <help>Time VRRP startup process (in seconds)</help>
+ <valueHelp>
+ <format>u32:1-600</format>
+ <description>Interval in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-600"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
<tagNode name="group">
<properties>
<help>VRRP group</help>
</properties>
<children>
#include <include/generic-interface-broadcast.xml.i>
+ #include <include/vrrp/garp.xml.i>
<leafNode name="advertise-interval">
<properties>
<help>Advertise interval</help>
@@ -199,7 +220,7 @@
<description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
<multi/>
</properties>
@@ -211,16 +232,15 @@
<properties>
<help>Virtual IP address</help>
<valueHelp>
- <format>ipv4</format>
- <description>IPv4 virtual address</description>
+ <format>ipv4net</format>
+ <description>IPv4 address and prefix length</description>
</valueHelp>
<valueHelp>
- <format>ipv6</format>
- <description>IPv6 virtual address</description>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
</valueHelp>
<constraint>
- <validator name="ipv4-host"/>
- <validator name="ipv6-host"/>
+ <validator name="ip-host"/>
</constraint>
</properties>
<children>
@@ -365,7 +385,8 @@
</properties>
<defaultValue>nat</defaultValue>
</leafNode>
- #include <include/port-number.xml.i>
+ #include <include/firewall/fwmark.xml.i>
+ #include <include/port-number-start-zero.xml.i>
<leafNode name="persistence-timeout">
<properties>
<help>Timeout for persistent connections</help>
@@ -404,7 +425,7 @@
<help>Real server address</help>
</properties>
<children>
- #include <include/port-number.xml.i>
+ #include <include/port-number-start-zero.xml.i>
<leafNode name="connection-timeout">
<properties>
<help>Server connection timeout</help>
@@ -417,6 +438,21 @@
</constraint>
</properties>
</leafNode>
+ <node name="health-check">
+ <properties>
+ <help>Health check script</help>
+ </properties>
+ <children>
+ <leafNode name="script">
+ <properties>
+ <help>Health check script file</help>
+ <constraint>
+ <validator name="script"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in
index d096c4ff1..6adb07598 100644
--- a/interface-definitions/https.xml.in
+++ b/interface-definitions/https.xml.in
@@ -107,7 +107,7 @@
<valueless/>
</properties>
</leafNode>
- <node name="gql">
+ <node name="graphql">
<properties>
<help>GraphQL support</help>
</properties>
@@ -118,6 +118,59 @@
<valueless/>
</properties>
</leafNode>
+ <node name="authentication">
+ <properties>
+ <help>GraphQL authentication</help>
+ </properties>
+ <children>
+ <leafNode name="type">
+ <properties>
+ <help>Authentication type</help>
+ <completionHelp>
+ <list>key token</list>
+ </completionHelp>
+ <valueHelp>
+ <format>key</format>
+ <description>Use API keys</description>
+ </valueHelp>
+ <valueHelp>
+ <format>token</format>
+ <description>Use JWT token</description>
+ </valueHelp>
+ <constraint>
+ <regex>(key|token)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>key</defaultValue>
+ </leafNode>
+ <leafNode name="expiration">
+ <properties>
+ <help>Token time to expire in seconds</help>
+ <valueHelp>
+ <format>u32:60-31536000</format>
+ <description>Token lifetime in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 60-31536000"/>
+ </constraint>
+ </properties>
+ <defaultValue>3600</defaultValue>
+ </leafNode>
+ <leafNode name="secret-length">
+ <properties>
+ <help>Length of shared secret in bytes</help>
+ <valueHelp>
+ <format>u32:16-65535</format>
+ <description>Byte length of generated shared secret</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 16-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>32</defaultValue>
+ </leafNode>
+ </children>
+ </node>
</children>
</node>
<node name="cors">
diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i
new file mode 100644
index 000000000..265f7f97c
--- /dev/null
+++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i
@@ -0,0 +1,54 @@
+<!-- include start from accel-ppp/ppp-options-ipv6-interface-id.xml.i -->
+<leafNode name="ipv6-intf-id">
+ <properties>
+ <help>Fixed or random interface identifier for IPv6</help>
+ <completionHelp>
+ <list>random</list>
+ </completionHelp>
+ <valueHelp>
+ <format>random</format>
+ <description>Random interface identifier for IPv6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>x:x:x:x</format>
+ <description>specify interface identifier for IPv6</description>
+ </valueHelp>
+ <constraint>
+ <regex>(random|((\d+){1,4}:){3}(\d+){1,4})</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<leafNode name="ipv6-peer-intf-id">
+ <properties>
+ <help>Peer interface identifier for IPv6</help>
+ <completionHelp>
+ <list>random calling-sid ipv4</list>
+ </completionHelp>
+ <valueHelp>
+ <format>x:x:x:x</format>
+ <description>Interface identifier for IPv6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>random</format>
+ <description>Use a random interface identifier for IPv6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Calculate interface identifier from IPv4 address, for example 192:168:0:1</description>
+ </valueHelp>
+ <valueHelp>
+ <format>calling-sid</format>
+ <description>Calculate interface identifier from calling-station-id</description>
+ </valueHelp>
+ <constraint>
+ <regex>(random|calling-sid|ipv4|((\d+){1,4}:){3}(\d+){1,4})</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<leafNode name="ipv6-accept-peer-intf-id">
+ <properties>
+ <help>Accept peer interface identifier</help>
+ <valueless/>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/bgp/afi-rd.xml.i b/interface-definitions/include/bgp/afi-rd.xml.i
index 767502094..beb1447df 100644
--- a/interface-definitions/include/bgp/afi-rd.xml.i
+++ b/interface-definitions/include/bgp/afi-rd.xml.i
@@ -17,7 +17,7 @@
<description>Route Distinguisher, (x.x.x.x:yyy|xxxx:yyyy)</description>
</valueHelp>
<constraint>
- <regex>((25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)(\.(25[0-5]|2[0-4][0-9]|[1][0-9][0-9]|[1-9][0-9]|[0-9]?)){3}|[0-9]{1,10}):[0-9]{1,5}</regex>
+ <validator name="bgp-rd-rt" argument="--route-distinguisher"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/bgp/neighbor-local-role.xml.i b/interface-definitions/include/bgp/neighbor-local-role.xml.i
new file mode 100644
index 000000000..6ddb4908f
--- /dev/null
+++ b/interface-definitions/include/bgp/neighbor-local-role.xml.i
@@ -0,0 +1,42 @@
+<!-- include start from bgp/neigbhor-local-role.xml.i -->
+<tagNode name="local-role">
+ <properties>
+ <help>Local role for BGP neighbor (RFC9234)</help>
+ <completionHelp>
+ <list>customer peer provider rs-client rs-server</list>
+ </completionHelp>
+ <valueHelp>
+ <format>customer</format>
+ <description>Using Transit</description>
+ </valueHelp>
+ <valueHelp>
+ <format>peer</format>
+ <description>Public/Private Peering</description>
+ </valueHelp>
+ <valueHelp>
+ <format>provider</format>
+ <description>Providing Transit</description>
+ </valueHelp>
+ <valueHelp>
+ <format>rs-client</format>
+ <description>RS Client</description>
+ </valueHelp>
+ <valueHelp>
+ <format>rs-server</format>
+ <description>Route Server</description>
+ </valueHelp>
+ <constraint>
+ <regex>(provider|rs-server|rs-client|customer|peer)</regex>
+ </constraint>
+ <constraintErrorMessage>BGP local-role must be one of the following: customer, peer, provider, rs-client or rs-server</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="strict">
+ <properties>
+ <help>Neighbor must send this exact capability, otherwise a role missmatch notification will be sent</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+</tagNode>
+<!-- include end -->
diff --git a/interface-definitions/include/bgp/neighbor-update-source.xml.i b/interface-definitions/include/bgp/neighbor-update-source.xml.i
index 37faf2cce..60c127e8f 100644
--- a/interface-definitions/include/bgp/neighbor-update-source.xml.i
+++ b/interface-definitions/include/bgp/neighbor-update-source.xml.i
@@ -22,7 +22,7 @@
<constraint>
<validator name="ipv4-address"/>
<validator name="ipv6-address"/>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index 70176144d..ec065347c 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -926,7 +926,7 @@
<constraint>
<validator name="ipv4-address"/>
<validator name="ipv6-address"/>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
<children>
@@ -987,6 +987,7 @@
</children>
</node>
#include <include/bgp/neighbor-local-as.xml.i>
+ #include <include/bgp/neighbor-local-role.xml.i>
#include <include/bgp/neighbor-override-capability.xml.i>
#include <include/bgp/neighbor-passive.xml.i>
#include <include/bgp/neighbor-password.xml.i>
@@ -1431,6 +1432,12 @@
<valueless/>
</properties>
</leafNode>
+ <leafNode name="route-reflector-allow-outbound-policy">
+ <properties>
+ <help>Route reflector client allow policy outbound</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="no-client-to-client-reflection">
<properties>
<help>Disable client to client route reflection</help>
@@ -1497,6 +1504,7 @@
#include <include/bgp/neighbor-graceful-restart.xml.i>
#include <include/bgp/neighbor-graceful-restart.xml.i>
#include <include/bgp/neighbor-local-as.xml.i>
+ #include <include/bgp/neighbor-local-role.xml.i>
#include <include/bgp/neighbor-override-capability.xml.i>
#include <include/bgp/neighbor-passive.xml.i>
#include <include/bgp/neighbor-password.xml.i>
diff --git a/interface-definitions/include/certificate-ca.xml.i b/interface-definitions/include/certificate-ca.xml.i
index b97378658..3cde2a48d 100644
--- a/interface-definitions/include/certificate-ca.xml.i
+++ b/interface-definitions/include/certificate-ca.xml.i
@@ -7,7 +7,7 @@
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
+ <validator name="file-path" argument="--strict --parent-dir /config/auth"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/certificate-key.xml.i b/interface-definitions/include/certificate-key.xml.i
index 1db9dd069..2c4d81fbb 100644
--- a/interface-definitions/include/certificate-key.xml.i
+++ b/interface-definitions/include/certificate-key.xml.i
@@ -7,7 +7,7 @@
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
+ <validator name="file-path" argument="--strict --parent-dir /config/auth"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/certificate.xml.i b/interface-definitions/include/certificate.xml.i
index fb5be45cc..6a5b2936c 100644
--- a/interface-definitions/include/certificate.xml.i
+++ b/interface-definitions/include/certificate.xml.i
@@ -7,7 +7,7 @@
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
+ <validator name="file-path" argument="--strict --parent-dir /config/auth"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/constraint/interface-name.xml.in b/interface-definitions/include/constraint/interface-name.xml.in
new file mode 100644
index 000000000..2d1f7b757
--- /dev/null
+++ b/interface-definitions/include/constraint/interface-name.xml.in
@@ -0,0 +1,4 @@
+<!-- include start from constraint/interface-name.xml.in -->
+<regex>(bond|br|dum|en|ersp|eth|gnv|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex>
+<validator name="file-path --lookup-path /sys/class/net --directory"/>
+<!-- include end -->
diff --git a/interface-definitions/include/dhcp-interface-multi.xml.i b/interface-definitions/include/dhcp-interface-multi.xml.i
new file mode 100644
index 000000000..c74751a19
--- /dev/null
+++ b/interface-definitions/include/dhcp-interface-multi.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from dhcp-interface-multi.xml.i -->
+<leafNode name="dhcp-interface">
+ <properties>
+ <help>DHCP interface supplying next-hop IP address</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>DHCP interface name</description>
+ </valueHelp>
+ <constraint>
+ #include <include/constraint/interface-name.xml.in>
+ </constraint>
+ <multi/>
+ </properties>
+</leafNode>
+<!-- include end --> \ No newline at end of file
diff --git a/interface-definitions/include/dhcp-interface.xml.i b/interface-definitions/include/dhcp-interface.xml.i
index 939b45f15..f5107ba2b 100644
--- a/interface-definitions/include/dhcp-interface.xml.i
+++ b/interface-definitions/include/dhcp-interface.xml.i
@@ -9,7 +9,7 @@
<description>DHCP interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/firewall/address-mask-ipv6.xml.i b/interface-definitions/include/firewall/address-mask-ipv6.xml.i
new file mode 100644
index 000000000..8c0483209
--- /dev/null
+++ b/interface-definitions/include/firewall/address-mask-ipv6.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from firewall/address-mask-ipv6.xml.i -->
+<leafNode name="address-mask">
+ <properties>
+ <help>IP mask</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IP mask to apply</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/address-mask.xml.i b/interface-definitions/include/firewall/address-mask.xml.i
new file mode 100644
index 000000000..7f6f17d1e
--- /dev/null
+++ b/interface-definitions/include/firewall/address-mask.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from firewall/address-mask.xml.i -->
+<leafNode name="address-mask">
+ <properties>
+ <help>IP mask</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 mask to apply</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i
index a4f66f5cb..3fe3ca872 100644
--- a/interface-definitions/include/firewall/common-rule.xml.i
+++ b/interface-definitions/include/firewall/common-rule.xml.i
@@ -1,6 +1,14 @@
<!-- include start from firewall/common-rule.xml.i -->
#include <include/firewall/action.xml.i>
#include <include/generic-description.xml.i>
+<node name="destination">
+ <properties>
+ <help>Destination parameters</help>
+ </properties>
+ <children>
+ #include <include/firewall/mac-address.xml.i>
+ </children>
+</node>
<leafNode name="disable">
<properties>
<help>Option to disable firewall rule</help>
@@ -26,14 +34,22 @@
</leafNode>
</children>
</node>
-<leafNode name="inbound-interface">
+<node name="inbound-interface">
<properties>
<help>Match inbound-interface</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_interfaces.py</script>
- </completionHelp>
</properties>
-</leafNode>
+ <children>
+ #include <include/firewall/match-interface.xml.i>
+ </children>
+</node>
+<node name="outbound-interface">
+ <properties>
+ <help>Match outbound-interface</help>
+ </properties>
+ <children>
+ #include <include/firewall/match-interface.xml.i>
+ </children>
+</node>
<node name="ipsec">
<properties>
<help>Inbound IPsec packets</help>
@@ -130,14 +146,6 @@
</leafNode>
</children>
</node>
-<leafNode name="outbound-interface">
- <properties>
- <help>Match outbound-interface</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_interfaces.py</script>
- </completionHelp>
- </properties>
-</leafNode>
<leafNode name="protocol">
<properties>
<help>Protocol to match (protocol name, number, or "all")</help>
@@ -219,22 +227,7 @@
<children>
#include <include/firewall/address.xml.i>
#include <include/firewall/source-destination-group.xml.i>
- <leafNode name="mac-address">
- <properties>
- <help>Source MAC address</help>
- <valueHelp>
- <format>&lt;MAC address&gt;</format>
- <description>MAC address to match</description>
- </valueHelp>
- <valueHelp>
- <format>!&lt;MAC address&gt;</format>
- <description>Match everything except the specified MAC address</description>
- </valueHelp>
- <constraint>
- <validator name="mac-address-firewall"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/firewall/mac-address.xml.i>
#include <include/firewall/port.xml.i>
</children>
</node>
diff --git a/interface-definitions/include/firewall/connection-mark.xml.i b/interface-definitions/include/firewall/connection-mark.xml.i
new file mode 100644
index 000000000..2cb826635
--- /dev/null
+++ b/interface-definitions/include/firewall/connection-mark.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from firewall/connection-mark.xml.i -->
+<leafNode name="connection-mark">
+ <properties>
+ <help>Connection mark</help>
+ <valueHelp>
+ <format>u32:1-2147483647</format>
+ <description>Connection-mark to match</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-2147483647"/>
+ </constraint>
+ <multi/>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/fqdn.xml.i b/interface-definitions/include/firewall/fqdn.xml.i
new file mode 100644
index 000000000..9eb3925b5
--- /dev/null
+++ b/interface-definitions/include/firewall/fqdn.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from firewall/fqdn.xml.i -->
+<leafNode name="fqdn">
+ <properties>
+ <help>Fully qualified domain name</help>
+ <valueHelp>
+ <format>&lt;fqdn&gt;</format>
+ <description>Fully qualified domain name</description>
+ </valueHelp>
+ <constraint>
+ <validator name="fqdn"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/fwmark.xml.i b/interface-definitions/include/firewall/fwmark.xml.i
new file mode 100644
index 000000000..4607ef58f
--- /dev/null
+++ b/interface-definitions/include/firewall/fwmark.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from firewall/fwmark.xml.i -->
+<leafNode name="fwmark">
+ <properties>
+ <help>Match fwmark value</help>
+ <valueHelp>
+ <format>u32:1-2147483647</format>
+ <description>Match firewall mark value</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-2147483647"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/icmpv6-type-name.xml.i b/interface-definitions/include/firewall/icmpv6-type-name.xml.i
index a2e68abfb..e17a20e17 100644
--- a/interface-definitions/include/firewall/icmpv6-type-name.xml.i
+++ b/interface-definitions/include/firewall/icmpv6-type-name.xml.i
@@ -3,7 +3,7 @@
<properties>
<help>ICMPv6 type-name</help>
<completionHelp>
- <list>destination-unreachable packet-too-big time-exceeded echo-request echo-reply mld-listener-query mld-listener-report mld-listener-reduction nd-router-solicit nd-router-advert nd-neighbor-solicit nd-neighbor-advert nd-redirect parameter-problem router-renumbering</list>
+ <list>destination-unreachable packet-too-big time-exceeded echo-request echo-reply mld-listener-query mld-listener-report mld-listener-reduction nd-router-solicit nd-router-advert nd-neighbor-solicit nd-neighbor-advert nd-redirect parameter-problem router-renumbering ind-neighbor-solicit ind-neighbor-advert mld2-listener-report</list>
</completionHelp>
<valueHelp>
<format>destination-unreachable</format>
@@ -65,8 +65,20 @@
<format>router-renumbering</format>
<description>ICMPv6 type 138: router-renumbering</description>
</valueHelp>
+ <valueHelp>
+ <format>ind-neighbor-solicit</format>
+ <description>ICMPv6 type 141: ind-neighbor-solicit</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ind-neighbor-advert</format>
+ <description>ICMPv6 type 142: ind-neighbor-advert</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mld2-listener-report</format>
+ <description>ICMPv6 type 143: mld2-listener-report</description>
+ </valueHelp>
<constraint>
- <regex>(destination-unreachable|packet-too-big|time-exceeded|echo-request|echo-reply|mld-listener-query|mld-listener-report|mld-listener-reduction|nd-router-solicit|nd-router-advert|nd-neighbor-solicit|nd-neighbor-advert|nd-redirect|parameter-problem|router-renumbering)</regex>
+ <regex>(destination-unreachable|packet-too-big|time-exceeded|echo-request|echo-reply|mld-listener-query|mld-listener-report|mld-listener-reduction|nd-router-solicit|nd-router-advert|nd-neighbor-solicit|nd-neighbor-advert|nd-redirect|parameter-problem|router-renumbering|ind-neighbor-solicit|ind-neighbor-advert|mld2-listener-report)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/firewall/mac-address.xml.i b/interface-definitions/include/firewall/mac-address.xml.i
new file mode 100644
index 000000000..db3e1e312
--- /dev/null
+++ b/interface-definitions/include/firewall/mac-address.xml.i
@@ -0,0 +1,19 @@
+<!-- include start from firewall/mac-address.xml.i -->
+<leafNode name="mac-address">
+ <properties>
+ <help>MAC address</help>
+ <valueHelp>
+ <format>macaddr</format>
+ <description>MAC address to match</description>
+ </valueHelp>
+ <valueHelp>
+ <format>!macaddr</format>
+ <description>Match everything except the specified MAC address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="mac-address"/>
+ <validator name="mac-address-exclude"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i
new file mode 100644
index 000000000..675a87574
--- /dev/null
+++ b/interface-definitions/include/firewall/match-interface.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from firewall/match-interface.xml.i -->
+<leafNode name="interface-name">
+ <properties>
+ <help>Match interface</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ </properties>
+</leafNode>
+<leafNode name="interface-group">
+ <properties>
+ <help>Match interface-group</help>
+ <completionHelp>
+ <path>firewall group interface-group</path>
+ </completionHelp>
+ </properties>
+</leafNode>
+<!-- include end --> \ No newline at end of file
diff --git a/interface-definitions/include/firewall/rule-log-level.xml.i b/interface-definitions/include/firewall/rule-log-level.xml.i
index 10c8de5e3..3ac473844 100644
--- a/interface-definitions/include/firewall/rule-log-level.xml.i
+++ b/interface-definitions/include/firewall/rule-log-level.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from firewall/common-rule.xml.i -->
+<!-- include start from firewall/rule-log-level.xml.i -->
<leafNode name="log-level">
<properties>
<help>Set log-level. Log must be enable.</help>
diff --git a/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i b/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i
index c2cc7edb3..2a42d236c 100644
--- a/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i
+++ b/interface-definitions/include/firewall/source-destination-group-ipv6.xml.i
@@ -12,6 +12,14 @@
</completionHelp>
</properties>
</leafNode>
+ <leafNode name="domain-group">
+ <properties>
+ <help>Group of domains</help>
+ <completionHelp>
+ <path>firewall group domain-group</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
#include <include/firewall/mac-group.xml.i>
<leafNode name="network-group">
<properties>
diff --git a/interface-definitions/include/generic-description.xml.i b/interface-definitions/include/generic-description.xml.i
index 03fc564e6..63e5e174e 100644
--- a/interface-definitions/include/generic-description.xml.i
+++ b/interface-definitions/include/generic-description.xml.i
@@ -6,6 +6,10 @@
<format>txt</format>
<description>Description</description>
</valueHelp>
+ <constraint>
+ <regex>[[:ascii:]]{0,256}</regex>
+ </constraint>
+ <constraintErrorMessage>Description too long (limit 256 characters)</constraintErrorMessage>
</properties>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/generic-interface-broadcast.xml.i b/interface-definitions/include/generic-interface-broadcast.xml.i
index 6f76dde1a..af35a888b 100644
--- a/interface-definitions/include/generic-interface-broadcast.xml.i
+++ b/interface-definitions/include/generic-interface-broadcast.xml.i
@@ -10,7 +10,7 @@
<description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/generic-interface-multi-broadcast.xml.i b/interface-definitions/include/generic-interface-multi-broadcast.xml.i
index 00638f3b7..1ae38fb43 100644
--- a/interface-definitions/include/generic-interface-multi-broadcast.xml.i
+++ b/interface-definitions/include/generic-interface-multi-broadcast.xml.i
@@ -10,7 +10,7 @@
<description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
<multi/>
</properties>
diff --git a/interface-definitions/include/generic-interface-multi.xml.i b/interface-definitions/include/generic-interface-multi.xml.i
index 65aae28ae..16916ff54 100644
--- a/interface-definitions/include/generic-interface-multi.xml.i
+++ b/interface-definitions/include/generic-interface-multi.xml.i
@@ -10,7 +10,7 @@
<description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
<multi/>
</properties>
diff --git a/interface-definitions/include/generic-interface.xml.i b/interface-definitions/include/generic-interface.xml.i
index 8b4cf1d65..36ddee417 100644
--- a/interface-definitions/include/generic-interface.xml.i
+++ b/interface-definitions/include/generic-interface.xml.i
@@ -10,7 +10,7 @@
<description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/interface/description.xml.i b/interface-definitions/include/interface/description.xml.i
deleted file mode 100644
index de01d22ca..000000000
--- a/interface-definitions/include/interface/description.xml.i
+++ /dev/null
@@ -1,11 +0,0 @@
-<!-- include start from interface/description.xml.i -->
-<leafNode name="description">
- <properties>
- <help>Interface specific description</help>
- <constraint>
- <regex>.{1,256}</regex>
- </constraint>
- <constraintErrorMessage>Description too long (limit 256 characters)</constraintErrorMessage>
- </properties>
-</leafNode>
-<!-- include end -->
diff --git a/interface-definitions/include/interface/interface-policy-vif-c.xml.i b/interface-definitions/include/interface/interface-policy-vif-c.xml.i
deleted file mode 100644
index 866fcd5c0..000000000
--- a/interface-definitions/include/interface/interface-policy-vif-c.xml.i
+++ /dev/null
@@ -1,26 +0,0 @@
-<!-- include start from interface/interface-policy-vif-c.xml.i -->
-<node name="policy" owner="${vyos_conf_scripts_dir}/policy-route-interface.py $VAR(../../../@).$VAR(../../@).$VAR(../@)">
- <properties>
- <priority>620</priority>
- <help>Policy route options</help>
- </properties>
- <children>
- <leafNode name="route">
- <properties>
- <help>IPv4 policy route ruleset for interface</help>
- <completionHelp>
- <path>policy route</path>
- </completionHelp>
- </properties>
- </leafNode>
- <leafNode name="route6">
- <properties>
- <help>IPv6 policy route ruleset for interface</help>
- <completionHelp>
- <path>policy route6</path>
- </completionHelp>
- </properties>
- </leafNode>
- </children>
-</node>
-<!-- include end -->
diff --git a/interface-definitions/include/interface/interface-policy-vif.xml.i b/interface-definitions/include/interface/interface-policy-vif.xml.i
deleted file mode 100644
index 83510fe59..000000000
--- a/interface-definitions/include/interface/interface-policy-vif.xml.i
+++ /dev/null
@@ -1,26 +0,0 @@
-<!-- include start from interface/interface-policy-vif.xml.i -->
-<node name="policy" owner="${vyos_conf_scripts_dir}/policy-route-interface.py $VAR(../../@).$VAR(../@)">
- <properties>
- <priority>620</priority>
- <help>Policy route options</help>
- </properties>
- <children>
- <leafNode name="route">
- <properties>
- <help>IPv4 policy route ruleset for interface</help>
- <completionHelp>
- <path>policy route</path>
- </completionHelp>
- </properties>
- </leafNode>
- <leafNode name="route6">
- <properties>
- <help>IPv6 policy route ruleset for interface</help>
- <completionHelp>
- <path>policy route6</path>
- </completionHelp>
- </properties>
- </leafNode>
- </children>
-</node>
-<!-- include end -->
diff --git a/interface-definitions/include/interface/interface-policy.xml.i b/interface-definitions/include/interface/interface-policy.xml.i
deleted file mode 100644
index 42a8fd009..000000000
--- a/interface-definitions/include/interface/interface-policy.xml.i
+++ /dev/null
@@ -1,26 +0,0 @@
-<!-- include start from interface/interface-policy.xml.i -->
-<node name="policy" owner="${vyos_conf_scripts_dir}/policy-route-interface.py $VAR(../@)">
- <properties>
- <priority>620</priority>
- <help>Policy route options</help>
- </properties>
- <children>
- <leafNode name="route">
- <properties>
- <help>IPv4 policy route ruleset for interface</help>
- <completionHelp>
- <path>policy route</path>
- </completionHelp>
- </properties>
- </leafNode>
- <leafNode name="route6">
- <properties>
- <help>IPv6 policy route ruleset for interface</help>
- <completionHelp>
- <path>policy route6</path>
- </completionHelp>
- </properties>
- </leafNode>
- </children>
-</node>
-<!-- include end -->
diff --git a/interface-definitions/include/interface/mirror.xml.i b/interface-definitions/include/interface/mirror.xml.i
index 2959551f0..74a172b50 100644
--- a/interface-definitions/include/interface/mirror.xml.i
+++ b/interface-definitions/include/interface/mirror.xml.i
@@ -1,23 +1,31 @@
<!-- include start from interface/mirror.xml.i -->
<node name="mirror">
<properties>
- <help>Incoming/outgoing packet mirroring destination</help>
+ <help>Mirror ingress/egress packets</help>
</properties>
<children>
<leafNode name="ingress">
<properties>
- <help>Mirror the ingress traffic of the interface to the destination interface</help>
+ <help>Mirror ingress traffic to destination interface</help>
<completionHelp>
- <script>${vyos_completion_dir}/list_interfaces.py</script>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
</completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Destination interface name</description>
+ </valueHelp>
</properties>
</leafNode>
<leafNode name="egress">
<properties>
- <help>Mirror the egress traffic of the interface to the destination interface</help>
+ <help>Mirror egress traffic to destination interface</help>
<completionHelp>
- <script>${vyos_completion_dir}/list_interfaces.py</script>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
</completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Destination interface name</description>
+ </valueHelp>
</properties>
</leafNode>
</children>
diff --git a/interface-definitions/include/interface/no-peer-dns.xml.i b/interface-definitions/include/interface/no-peer-dns.xml.i
new file mode 100644
index 000000000..d663f04c1
--- /dev/null
+++ b/interface-definitions/include/interface/no-peer-dns.xml.i
@@ -0,0 +1,8 @@
+<!-- include start from interface/no-peer-dns.xml.i -->
+<leafNode name="no-peer-dns">
+ <properties>
+ <help>Do not use DNS servers provided by the peer</help>
+ <valueless/>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/interface/redirect.xml.i b/interface-definitions/include/interface/redirect.xml.i
index 3be9ee16b..b01e486ce 100644
--- a/interface-definitions/include/interface/redirect.xml.i
+++ b/interface-definitions/include/interface/redirect.xml.i
@@ -1,16 +1,16 @@
<!-- include start from interface/redirect.xml.i -->
<leafNode name="redirect">
<properties>
- <help>Incoming packet redirection destination</help>
+ <help>Redirect incoming packet to destination</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces.py</script>
</completionHelp>
<valueHelp>
<format>txt</format>
- <description>Interface name</description>
+ <description>Destination interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i
index 916349ade..fdd62b63d 100644
--- a/interface-definitions/include/interface/vif-s.xml.i
+++ b/interface-definitions/include/interface/vif-s.xml.i
@@ -12,13 +12,12 @@
<constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage>
</properties>
<children>
+ #include <include/generic-description.xml.i>
#include <include/interface/address-ipv4-ipv6-dhcp.xml.i>
- #include <include/interface/description.xml.i>
#include <include/interface/dhcp-options.xml.i>
#include <include/interface/dhcpv6-options.xml.i>
#include <include/interface/disable-link-detect.xml.i>
#include <include/interface/disable.xml.i>
- #include <include/interface/interface-policy-vif.xml.i>
<leafNode name="protocol">
<properties>
<help>Protocol used for service VLAN (default: 802.1ad)</help>
@@ -54,8 +53,8 @@
<constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage>
</properties>
<children>
+ #include <include/generic-description.xml.i>
#include <include/interface/address-ipv4-ipv6-dhcp.xml.i>
- #include <include/interface/description.xml.i>
#include <include/interface/dhcp-options.xml.i>
#include <include/interface/dhcpv6-options.xml.i>
#include <include/interface/disable-link-detect.xml.i>
@@ -67,7 +66,6 @@
#include <include/interface/mtu-68-16000.xml.i>
#include <include/interface/redirect.xml.i>
#include <include/interface/vrf.xml.i>
- #include <include/interface/interface-policy-vif-c.xml.i>
</children>
</tagNode>
#include <include/interface/redirect.xml.i>
diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i
index 73a8c98ff..ec3921bf6 100644
--- a/interface-definitions/include/interface/vif.xml.i
+++ b/interface-definitions/include/interface/vif.xml.i
@@ -12,13 +12,12 @@
<constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage>
</properties>
<children>
+ #include <include/generic-description.xml.i>
#include <include/interface/address-ipv4-ipv6-dhcp.xml.i>
- #include <include/interface/description.xml.i>
#include <include/interface/dhcp-options.xml.i>
#include <include/interface/dhcpv6-options.xml.i>
#include <include/interface/disable-link-detect.xml.i>
#include <include/interface/disable.xml.i>
- #include <include/interface/interface-policy-vif.xml.i>
<leafNode name="egress-qos">
<properties>
<help>VLAN egress QoS</help>
diff --git a/interface-definitions/include/listen-address-ipv4-single.xml.i b/interface-definitions/include/listen-address-ipv4-single.xml.i
new file mode 100644
index 000000000..81e947953
--- /dev/null
+++ b/interface-definitions/include/listen-address-ipv4-single.xml.i
@@ -0,0 +1,17 @@
+<!-- include start from listen-address-ipv4-single.xml.i -->
+<leafNode name="listen-address">
+ <properties>
+ <help>Local IPv4 addresses to listen on</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script>
+ </completionHelp>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address to listen for incoming connections</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/listen-address-single.xml.i b/interface-definitions/include/listen-address-single.xml.i
index b5841cabb..30293b338 100644
--- a/interface-definitions/include/listen-address-single.xml.i
+++ b/interface-definitions/include/listen-address-single.xml.i
@@ -1,3 +1,4 @@
+<!-- include start from listen-address-single.xml.i -->
<leafNode name="listen-address">
<properties>
<help>Local IP addresses to listen on</help>
diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i
index 84941aa6a..8f2029388 100644
--- a/interface-definitions/include/nat-rule.xml.i
+++ b/interface-definitions/include/nat-rule.xml.i
@@ -20,6 +20,7 @@
<children>
#include <include/nat-address.xml.i>
#include <include/nat-port.xml.i>
+ #include <include/firewall/source-destination-group.xml.i>
</children>
</node>
#include <include/generic-disable-node.xml.i>
@@ -285,6 +286,7 @@
<children>
#include <include/nat-address.xml.i>
#include <include/nat-port.xml.i>
+ #include <include/firewall/source-destination-group.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i
index 0615063af..06609c10e 100644
--- a/interface-definitions/include/ospf/protocol-common-config.xml.i
+++ b/interface-definitions/include/ospf/protocol-common-config.xml.i
@@ -358,7 +358,7 @@
<description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
<children>
diff --git a/interface-definitions/include/ospfv3/protocol-common-config.xml.i b/interface-definitions/include/ospfv3/protocol-common-config.xml.i
index 630534eea..c0aab912d 100644
--- a/interface-definitions/include/ospfv3/protocol-common-config.xml.i
+++ b/interface-definitions/include/ospfv3/protocol-common-config.xml.i
@@ -118,7 +118,7 @@
<description>Interface used for routing information exchange</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
<children>
diff --git a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i b/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
deleted file mode 100644
index 662206336..000000000
--- a/interface-definitions/include/policy/route-common-rule-ipv6.xml.i
+++ /dev/null
@@ -1,557 +0,0 @@
-<!-- include start from policy/route-common-rule.xml.i -->
-#include <include/policy/route-rule-action.xml.i>
-#include <include/generic-description.xml.i>
-<leafNode name="disable">
- <properties>
- <help>Option to disable firewall rule</help>
- <valueless/>
- </properties>
-</leafNode>
-<node name="fragment">
- <properties>
- <help>IP fragment match</help>
- </properties>
- <children>
- <leafNode name="match-frag">
- <properties>
- <help>Second and further fragments of fragmented packets</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="match-non-frag">
- <properties>
- <help>Head fragments or unfragmented packets</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="ipsec">
- <properties>
- <help>Inbound IPsec packets</help>
- </properties>
- <children>
- <leafNode name="match-ipsec">
- <properties>
- <help>Inbound IPsec packets</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="match-none">
- <properties>
- <help>Inbound non-IPsec packets</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="limit">
- <properties>
- <help>Rate limit using a token bucket filter</help>
- </properties>
- <children>
- <leafNode name="burst">
- <properties>
- <help>Maximum number of packets to allow in excess of rate</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Maximum number of packets to allow in excess of rate</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="rate">
- <properties>
- <help>Maximum average matching rate</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Maximum average matching rate</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<leafNode name="log">
- <properties>
- <help>Option to log packets matching rule</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable log</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable log</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
-</leafNode>
-<leafNode name="protocol">
- <properties>
- <help>Protocol to match (protocol name, number, or "all")</help>
- <completionHelp>
- <script>cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'</script>
- </completionHelp>
- <valueHelp>
- <format>all</format>
- <description>All IP protocols</description>
- </valueHelp>
- <valueHelp>
- <format>tcp_udp</format>
- <description>Both TCP and UDP</description>
- </valueHelp>
- <valueHelp>
- <format>0-255</format>
- <description>IP protocol number</description>
- </valueHelp>
- <valueHelp>
- <format>!&lt;protocol&gt;</format>
- <description>IP protocol number</description>
- </valueHelp>
- <constraint>
- <validator name="ip-protocol"/>
- </constraint>
- </properties>
- <defaultValue>all</defaultValue>
-</leafNode>
-<node name="recent">
- <properties>
- <help>Parameters for matching recently seen sources</help>
- </properties>
- <children>
- <leafNode name="count">
- <properties>
- <help>Source addresses seen more than N times</help>
- <valueHelp>
- <format>u32:1-255</format>
- <description>Source addresses seen more than N times</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-255"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="time">
- <properties>
- <help>Source addresses seen in the last N seconds</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Source addresses seen in the last N seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="set">
- <properties>
- <help>Packet modifications</help>
- </properties>
- <children>
- <leafNode name="dscp">
- <properties>
- <help>Packet Differentiated Services Codepoint (DSCP)</help>
- <valueHelp>
- <format>u32:0-63</format>
- <description>DSCP number</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-63"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="mark">
- <properties>
- <help>Packet marking</help>
- <valueHelp>
- <format>u32:1-2147483647</format>
- <description>Packet marking</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-2147483647"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="table">
- <properties>
- <help>Routing table to forward packet with</help>
- <valueHelp>
- <format>u32:1-200</format>
- <description>Table number</description>
- </valueHelp>
- <valueHelp>
- <format>main</format>
- <description>Main table</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-200"/>
- <regex>(main)</regex>
- </constraint>
- <completionHelp>
- <list>main</list>
- <path>protocols static table</path>
- </completionHelp>
- </properties>
- </leafNode>
- <leafNode name="tcp-mss">
- <properties>
- <help>TCP Maximum Segment Size</help>
- <valueHelp>
- <format>u32:500-1460</format>
- <description>Explicitly set TCP MSS value</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 500-1460"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="source">
- <properties>
- <help>Source parameters</help>
- </properties>
- <children>
- #include <include/firewall/address-ipv6.xml.i>
- #include <include/firewall/source-destination-group.xml.i>
- <leafNode name="mac-address">
- <properties>
- <help>Source MAC address</help>
- <valueHelp>
- <format>&lt;MAC address&gt;</format>
- <description>MAC address to match</description>
- </valueHelp>
- <valueHelp>
- <format>!&lt;MAC address&gt;</format>
- <description>Match everything except the specified MAC address</description>
- </valueHelp>
- <constraint>
- <validator name="mac-address-firewall"/>
- </constraint>
- </properties>
- </leafNode>
- #include <include/firewall/port.xml.i>
- </children>
-</node>
-<node name="state">
- <properties>
- <help>Session state</help>
- </properties>
- <children>
- <leafNode name="established">
- <properties>
- <help>Established state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="invalid">
- <properties>
- <help>Invalid state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="new">
- <properties>
- <help>New state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="related">
- <properties>
- <help>Related state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-#include <include/firewall/tcp-flags.xml.i>
-<node name="time">
- <properties>
- <help>Time to match rule</help>
- </properties>
- <children>
- <leafNode name="monthdays">
- <properties>
- <help>Monthdays to match rule on</help>
- </properties>
- </leafNode>
- <leafNode name="startdate">
- <properties>
- <help>Date to start matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="starttime">
- <properties>
- <help>Time of day to start matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="stopdate">
- <properties>
- <help>Date to stop matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="stoptime">
- <properties>
- <help>Time of day to stop matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="utc">
- <properties>
- <help>Interpret times for startdate, stopdate, starttime and stoptime to be UTC</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="weekdays">
- <properties>
- <help>Weekdays to match rule on</help>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="icmpv6">
- <properties>
- <help>ICMPv6 type and code information</help>
- </properties>
- <children>
- <leafNode name="type">
- <properties>
- <help>ICMP type-name</help>
- <completionHelp>
- <list>any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply packet-too-big</list>
- </completionHelp>
- <valueHelp>
- <format>any</format>
- <description>Any ICMP type/code</description>
- </valueHelp>
- <valueHelp>
- <format>echo-reply</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>pong</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>destination-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>protocol-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>port-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>fragmentation-needed</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>source-route-failed</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-unknown</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-unknown</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-prohibited</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-prohibited</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS-network-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS-host-unreachable</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>communication-prohibited</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-precedence-violation</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>precedence-cutoff</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>source-quench</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>network-redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>host-redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS-network-redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>TOS host-redirect</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>echo-request</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ping</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>router-advertisement</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>router-solicitation</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>time-exceeded</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ttl-exceeded</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ttl-zero-during-transit</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ttl-zero-during-reassembly</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>parameter-problem</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>ip-header-bad</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>required-option-missing</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>timestamp-request</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>timestamp-reply</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>address-mask-request</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>address-mask-reply</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <valueHelp>
- <format>packet-too-big</format>
- <description>ICMP type/code name</description>
- </valueHelp>
- <constraint>
- <regex>(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply|packet-too-big)</regex>
- <validator name="numeric" argument="--range 0-255"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<!-- include end -->
diff --git a/interface-definitions/include/policy/route-common-rule.xml.i b/interface-definitions/include/policy/route-common.xml.i
index 35fccca50..6973d7a8f 100644
--- a/interface-definitions/include/policy/route-common-rule.xml.i
+++ b/interface-definitions/include/policy/route-common.xml.i
@@ -1,406 +1,360 @@
-<!-- include start from policy/route-common-rule.xml.i -->
-#include <include/policy/route-rule-action.xml.i>
-#include <include/generic-description.xml.i>
-<leafNode name="disable">
- <properties>
- <help>Option to disable firewall rule</help>
- <valueless/>
- </properties>
-</leafNode>
-<node name="fragment">
- <properties>
- <help>IP fragment match</help>
- </properties>
- <children>
- <leafNode name="match-frag">
- <properties>
- <help>Second and further fragments of fragmented packets</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="match-non-frag">
- <properties>
- <help>Head fragments or unfragmented packets</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="ipsec">
- <properties>
- <help>Inbound IPsec packets</help>
- </properties>
- <children>
- <leafNode name="match-ipsec">
- <properties>
- <help>Inbound IPsec packets</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="match-none">
- <properties>
- <help>Inbound non-IPsec packets</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="limit">
- <properties>
- <help>Rate limit using a token bucket filter</help>
- </properties>
- <children>
- <leafNode name="burst">
- <properties>
- <help>Maximum number of packets to allow in excess of rate</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Maximum number of packets to allow in excess of rate</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="rate">
- <properties>
- <help>Maximum average matching rate</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Maximum average matching rate</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<leafNode name="log">
- <properties>
- <help>Option to log packets matching rule</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable log</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable log</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
-</leafNode>
-<leafNode name="protocol">
- <properties>
- <help>Protocol to match (protocol name, number, or "all")</help>
- <completionHelp>
- <script>cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'</script>
- </completionHelp>
- <valueHelp>
- <format>all</format>
- <description>All IP protocols</description>
- </valueHelp>
- <valueHelp>
- <format>tcp_udp</format>
- <description>Both TCP and UDP</description>
- </valueHelp>
- <valueHelp>
- <format>0-255</format>
- <description>IP protocol number</description>
- </valueHelp>
- <valueHelp>
- <format>!&lt;protocol&gt;</format>
- <description>IP protocol number</description>
- </valueHelp>
- <constraint>
- <validator name="ip-protocol"/>
- </constraint>
- </properties>
- <defaultValue>all</defaultValue>
-</leafNode>
-<node name="recent">
- <properties>
- <help>Parameters for matching recently seen sources</help>
- </properties>
- <children>
- <leafNode name="count">
- <properties>
- <help>Source addresses seen more than N times</help>
- <valueHelp>
- <format>u32:1-255</format>
- <description>Source addresses seen more than N times</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-255"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="time">
- <properties>
- <help>Source addresses seen in the last N seconds</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Source addresses seen in the last N seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="set">
- <properties>
- <help>Packet modifications</help>
- </properties>
- <children>
- <leafNode name="dscp">
- <properties>
- <help>Packet Differentiated Services Codepoint (DSCP)</help>
- <valueHelp>
- <format>u32:0-63</format>
- <description>DSCP number</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-63"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="mark">
- <properties>
- <help>Packet marking</help>
- <valueHelp>
- <format>u32:1-2147483647</format>
- <description>Packet marking</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-2147483647"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="table">
- <properties>
- <help>Routing table to forward packet with</help>
- <valueHelp>
- <format>u32:1-200</format>
- <description>Table number</description>
- </valueHelp>
- <valueHelp>
- <format>main</format>
- <description>Main table</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-200"/>
- <regex>(main)</regex>
- </constraint>
- <completionHelp>
- <list>main</list>
- <path>protocols static table</path>
- </completionHelp>
- </properties>
- </leafNode>
- <leafNode name="tcp-mss">
- <properties>
- <help>TCP Maximum Segment Size</help>
- <valueHelp>
- <format>u32:500-1460</format>
- <description>Explicitly set TCP MSS value</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 500-1460"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="source">
- <properties>
- <help>Source parameters</help>
- </properties>
- <children>
- #include <include/firewall/address.xml.i>
- #include <include/firewall/source-destination-group.xml.i>
- <leafNode name="mac-address">
- <properties>
- <help>Source MAC address</help>
- <valueHelp>
- <format>&lt;MAC address&gt;</format>
- <description>MAC address to match</description>
- </valueHelp>
- <valueHelp>
- <format>!&lt;MAC address&gt;</format>
- <description>Match everything except the specified MAC address</description>
- </valueHelp>
- <constraint>
- <validator name="mac-address-firewall"/>
- </constraint>
- </properties>
- </leafNode>
- #include <include/firewall/port.xml.i>
- </children>
-</node>
-<node name="state">
- <properties>
- <help>Session state</help>
- </properties>
- <children>
- <leafNode name="established">
- <properties>
- <help>Established state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="invalid">
- <properties>
- <help>Invalid state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="new">
- <properties>
- <help>New state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="related">
- <properties>
- <help>Related state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-#include <include/firewall/tcp-flags.xml.i>
-<node name="time">
- <properties>
- <help>Time to match rule</help>
- </properties>
- <children>
- <leafNode name="monthdays">
- <properties>
- <help>Monthdays to match rule on</help>
- </properties>
- </leafNode>
- <leafNode name="startdate">
- <properties>
- <help>Date to start matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="starttime">
- <properties>
- <help>Time of day to start matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="stopdate">
- <properties>
- <help>Date to stop matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="stoptime">
- <properties>
- <help>Time of day to stop matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="utc">
- <properties>
- <help>Interpret times for startdate, stopdate, starttime and stoptime to be UTC</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="weekdays">
- <properties>
- <help>Weekdays to match rule on</help>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="icmp">
- <properties>
- <help>ICMP type and code information</help>
- </properties>
- <children>
- <leafNode name="code">
- <properties>
- <help>ICMP code (0-255)</help>
- <valueHelp>
- <format>u32:0-255</format>
- <description>ICMP code (0-255)</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-255"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="type">
- <properties>
- <help>ICMP type (0-255)</help>
- <valueHelp>
- <format>u32:0-255</format>
- <description>ICMP type (0-255)</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-255"/>
- </constraint>
- </properties>
- </leafNode>
- #include <include/firewall/icmp-type-name.xml.i>
- </children>
-</node>
-<!-- include end -->
+<!-- include start from policy/route-common.xml.i -->
+#include <include/policy/route-rule-action.xml.i>
+#include <include/generic-description.xml.i>
+<leafNode name="disable">
+ <properties>
+ <help>Option to disable firewall rule</help>
+ <valueless/>
+ </properties>
+</leafNode>
+<node name="fragment">
+ <properties>
+ <help>IP fragment match</help>
+ </properties>
+ <children>
+ <leafNode name="match-frag">
+ <properties>
+ <help>Second and further fragments of fragmented packets</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="match-non-frag">
+ <properties>
+ <help>Head fragments or unfragmented packets</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<node name="ipsec">
+ <properties>
+ <help>Inbound IPsec packets</help>
+ </properties>
+ <children>
+ <leafNode name="match-ipsec">
+ <properties>
+ <help>Inbound IPsec packets</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="match-none">
+ <properties>
+ <help>Inbound non-IPsec packets</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<node name="limit">
+ <properties>
+ <help>Rate limit using a token bucket filter</help>
+ </properties>
+ <children>
+ <leafNode name="burst">
+ <properties>
+ <help>Maximum number of packets to allow in excess of rate</help>
+ <valueHelp>
+ <format>u32:0-4294967295</format>
+ <description>Maximum number of packets to allow in excess of rate</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-4294967295"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="rate">
+ <properties>
+ <help>Maximum average matching rate</help>
+ <valueHelp>
+ <format>u32:0-4294967295</format>
+ <description>Maximum average matching rate</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-4294967295"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<leafNode name="log">
+ <properties>
+ <help>Option to log packets matching rule</help>
+ <completionHelp>
+ <list>enable disable</list>
+ </completionHelp>
+ <valueHelp>
+ <format>enable</format>
+ <description>Enable log</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disable</format>
+ <description>Disable log</description>
+ </valueHelp>
+ <constraint>
+ <regex>(enable|disable)</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<leafNode name="protocol">
+ <properties>
+ <help>Protocol to match (protocol name, number, or "all")</help>
+ <completionHelp>
+ <script>cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'</script>
+ </completionHelp>
+ <valueHelp>
+ <format>all</format>
+ <description>All IP protocols</description>
+ </valueHelp>
+ <valueHelp>
+ <format>tcp_udp</format>
+ <description>Both TCP and UDP</description>
+ </valueHelp>
+ <valueHelp>
+ <format>0-255</format>
+ <description>IP protocol number</description>
+ </valueHelp>
+ <valueHelp>
+ <format>!&lt;protocol&gt;</format>
+ <description>IP protocol number</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-protocol"/>
+ </constraint>
+ </properties>
+ <defaultValue>all</defaultValue>
+</leafNode>
+<node name="recent">
+ <properties>
+ <help>Parameters for matching recently seen sources</help>
+ </properties>
+ <children>
+ <leafNode name="count">
+ <properties>
+ <help>Source addresses seen more than N times</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>Source addresses seen more than N times</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="time">
+ <properties>
+ <help>Source addresses seen in the last N seconds</help>
+ <valueHelp>
+ <format>u32:0-4294967295</format>
+ <description>Source addresses seen in the last N seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-4294967295"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<node name="set">
+ <properties>
+ <help>Packet modifications</help>
+ </properties>
+ <children>
+ <leafNode name="connection-mark">
+ <properties>
+ <help>Connection marking</help>
+ <valueHelp>
+ <format>u32:1-2147483647</format>
+ <description>Connection marking</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-2147483647"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="dscp">
+ <properties>
+ <help>Packet Differentiated Services Codepoint (DSCP)</help>
+ <valueHelp>
+ <format>u32:0-63</format>
+ <description>DSCP number</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-63"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="mark">
+ <properties>
+ <help>Packet marking</help>
+ <valueHelp>
+ <format>u32:1-2147483647</format>
+ <description>Packet marking</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-2147483647"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="table">
+ <properties>
+ <help>Routing table to forward packet with</help>
+ <valueHelp>
+ <format>u32:1-200</format>
+ <description>Table number</description>
+ </valueHelp>
+ <valueHelp>
+ <format>main</format>
+ <description>Main table</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-200"/>
+ <regex>(main)</regex>
+ </constraint>
+ <completionHelp>
+ <list>main</list>
+ <path>protocols static table</path>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="tcp-mss">
+ <properties>
+ <help>TCP Maximum Segment Size</help>
+ <valueHelp>
+ <format>u32:500-1460</format>
+ <description>Explicitly set TCP MSS value</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 500-1460"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<node name="state">
+ <properties>
+ <help>Session state</help>
+ </properties>
+ <children>
+ <leafNode name="established">
+ <properties>
+ <help>Established state</help>
+ <completionHelp>
+ <list>enable disable</list>
+ </completionHelp>
+ <valueHelp>
+ <format>enable</format>
+ <description>Enable</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disable</format>
+ <description>Disable</description>
+ </valueHelp>
+ <constraint>
+ <regex>(enable|disable)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="invalid">
+ <properties>
+ <help>Invalid state</help>
+ <completionHelp>
+ <list>enable disable</list>
+ </completionHelp>
+ <valueHelp>
+ <format>enable</format>
+ <description>Enable</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disable</format>
+ <description>Disable</description>
+ </valueHelp>
+ <constraint>
+ <regex>(enable|disable)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="new">
+ <properties>
+ <help>New state</help>
+ <completionHelp>
+ <list>enable disable</list>
+ </completionHelp>
+ <valueHelp>
+ <format>enable</format>
+ <description>Enable</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disable</format>
+ <description>Disable</description>
+ </valueHelp>
+ <constraint>
+ <regex>(enable|disable)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="related">
+ <properties>
+ <help>Related state</help>
+ <completionHelp>
+ <list>enable disable</list>
+ </completionHelp>
+ <valueHelp>
+ <format>enable</format>
+ <description>Enable</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disable</format>
+ <description>Disable</description>
+ </valueHelp>
+ <constraint>
+ <regex>(enable|disable)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+#include <include/firewall/tcp-flags.xml.i>
+<node name="time">
+ <properties>
+ <help>Time to match rule</help>
+ </properties>
+ <children>
+ <leafNode name="monthdays">
+ <properties>
+ <help>Monthdays to match rule on</help>
+ </properties>
+ </leafNode>
+ <leafNode name="startdate">
+ <properties>
+ <help>Date to start matching rule</help>
+ </properties>
+ </leafNode>
+ <leafNode name="starttime">
+ <properties>
+ <help>Time of day to start matching rule</help>
+ </properties>
+ </leafNode>
+ <leafNode name="stopdate">
+ <properties>
+ <help>Date to stop matching rule</help>
+ </properties>
+ </leafNode>
+ <leafNode name="stoptime">
+ <properties>
+ <help>Time of day to stop matching rule</help>
+ </properties>
+ </leafNode>
+ <leafNode name="utc">
+ <properties>
+ <help>Interpret times for startdate, stopdate, starttime and stoptime to be UTC</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="weekdays">
+ <properties>
+ <help>Weekdays to match rule on</help>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/route-ipv4.xml.i b/interface-definitions/include/policy/route-ipv4.xml.i
new file mode 100644
index 000000000..1f717a1a4
--- /dev/null
+++ b/interface-definitions/include/policy/route-ipv4.xml.i
@@ -0,0 +1,45 @@
+<!-- include start from policy/route-ipv4.xml.i -->
+<node name="source">
+ <properties>
+ <help>Source parameters</help>
+ </properties>
+ <children>
+ #include <include/firewall/address.xml.i>
+ #include <include/firewall/source-destination-group.xml.i>
+ #include <include/firewall/mac-address.xml.i>
+ #include <include/firewall/port.xml.i>
+ </children>
+</node>
+<node name="icmp">
+ <properties>
+ <help>ICMP type and code information</help>
+ </properties>
+ <children>
+ <leafNode name="code">
+ <properties>
+ <help>ICMP code (0-255)</help>
+ <valueHelp>
+ <format>u32:0-255</format>
+ <description>ICMP code (0-255)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-255"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="type">
+ <properties>
+ <help>ICMP type (0-255)</help>
+ <valueHelp>
+ <format>u32:0-255</format>
+ <description>ICMP type (0-255)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-255"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ #include <include/firewall/icmp-type-name.xml.i>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/policy/route-ipv6.xml.i b/interface-definitions/include/policy/route-ipv6.xml.i
new file mode 100644
index 000000000..d636a654b
--- /dev/null
+++ b/interface-definitions/include/policy/route-ipv6.xml.i
@@ -0,0 +1,196 @@
+<!-- include start from policy/route-ipv6.xml.i -->
+<node name="source">
+ <properties>
+ <help>Source parameters</help>
+ </properties>
+ <children>
+ #include <include/firewall/address-ipv6.xml.i>
+ #include <include/firewall/source-destination-group.xml.i>
+ #include <include/firewall/mac-address.xml.i>
+ #include <include/firewall/port.xml.i>
+ </children>
+</node>
+<node name="icmpv6">
+ <properties>
+ <help>ICMPv6 type and code information</help>
+ </properties>
+ <children>
+ <leafNode name="type">
+ <properties>
+ <help>ICMP type-name</help>
+ <completionHelp>
+ <list>any echo-reply pong destination-unreachable network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed source-route-failed network-unknown host-unknown network-prohibited host-prohibited TOS-network-unreachable TOS-host-unreachable communication-prohibited host-precedence-violation precedence-cutoff source-quench redirect network-redirect host-redirect TOS-network-redirect TOS host-redirect echo-request ping router-advertisement router-solicitation time-exceeded ttl-exceeded ttl-zero-during-transit ttl-zero-during-reassembly parameter-problem ip-header-bad required-option-missing timestamp-request timestamp-reply address-mask-request address-mask-reply packet-too-big</list>
+ </completionHelp>
+ <valueHelp>
+ <format>any</format>
+ <description>Any ICMP type/code</description>
+ </valueHelp>
+ <valueHelp>
+ <format>echo-reply</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>pong</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>destination-unreachable</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>network-unreachable</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>host-unreachable</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>protocol-unreachable</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>port-unreachable</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>fragmentation-needed</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>source-route-failed</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>network-unknown</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>host-unknown</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>network-prohibited</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>host-prohibited</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>TOS-network-unreachable</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>TOS-host-unreachable</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>communication-prohibited</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>host-precedence-violation</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>precedence-cutoff</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>source-quench</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>redirect</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>network-redirect</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>host-redirect</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>TOS-network-redirect</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>TOS host-redirect</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>echo-request</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ping</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>router-advertisement</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>router-solicitation</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>time-exceeded</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ttl-exceeded</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ttl-zero-during-transit</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ttl-zero-during-reassembly</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>parameter-problem</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ip-header-bad</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>required-option-missing</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>timestamp-request</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>timestamp-reply</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>address-mask-request</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>address-mask-reply</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <valueHelp>
+ <format>packet-too-big</format>
+ <description>ICMP type/code name</description>
+ </valueHelp>
+ <constraint>
+ <regex>(any|echo-reply|pong|destination-unreachable|network-unreachable|host-unreachable|protocol-unreachable|port-unreachable|fragmentation-needed|source-route-failed|network-unknown|host-unknown|network-prohibited|host-prohibited|TOS-network-unreachable|TOS-host-unreachable|communication-prohibited|host-precedence-violation|precedence-cutoff|source-quench|redirect|network-redirect|host-redirect|TOS-network-redirect|TOS host-redirect|echo-request|ping|router-advertisement|router-solicitation|time-exceeded|ttl-exceeded|ttl-zero-during-transit|ttl-zero-during-reassembly|parameter-problem|ip-header-bad|required-option-missing|timestamp-request|timestamp-reply|address-mask-request|address-mask-reply|packet-too-big)</regex>
+ <validator name="numeric" argument="--range 0-255"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/port-number-start-zero.xml.i b/interface-definitions/include/port-number-start-zero.xml.i
new file mode 100644
index 000000000..04a144216
--- /dev/null
+++ b/interface-definitions/include/port-number-start-zero.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from port-number-start-zero.xml.i -->
+<leafNode name="port">
+ <properties>
+ <help>Port number used by connection</help>
+ <valueHelp>
+ <format>u32:0-65535</format>
+ <description>Numeric IP port</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-65535"/>
+ </constraint>
+ <constraintErrorMessage>Port number must be in range 0 to 65535</constraintErrorMessage>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/qos/bandwidth-auto.xml.i b/interface-definitions/include/qos/bandwidth-auto.xml.i
new file mode 100644
index 000000000..fa16a6cb0
--- /dev/null
+++ b/interface-definitions/include/qos/bandwidth-auto.xml.i
@@ -0,0 +1,47 @@
+<!-- include start from qos/bandwidth-auto.xml.i -->
+<leafNode name="bandwidth">
+ <properties>
+ <help>Available bandwidth for this policy</help>
+ <completionHelp>
+ <list>auto</list>
+ </completionHelp>
+ <valueHelp>
+ <format>auto</format>
+ <description>Bandwidth matches interface speed</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;</format>
+ <description>Bits per second</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;bit</format>
+ <description>Bits per second</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;kbit</format>
+ <description>Kilobits per second</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;mbit</format>
+ <description>Megabits per second</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;gbit</format>
+ <description>Gigabits per second</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;tbit</format>
+ <description>Terabits per second</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;%%</format>
+ <description>Percentage of interface link speed</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--positive"/>
+ <regex>(auto|\d+(bit|kbit|mbit|gbit|tbit)?|(100|\d(\d)?)%)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>auto</defaultValue>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/qos/bandwidth.xml.i b/interface-definitions/include/qos/bandwidth.xml.i
index 82af22f42..cc923f642 100644
--- a/interface-definitions/include/qos/bandwidth.xml.i
+++ b/interface-definitions/include/qos/bandwidth.xml.i
@@ -1,15 +1,39 @@
<!-- include start from qos/bandwidth.xml.i -->
<leafNode name="bandwidth">
<properties>
- <help>Traffic-limit used for this class</help>
+ <help>Available bandwidth for this policy</help>
<valueHelp>
<format>&lt;number&gt;</format>
- <description>Rate in kbit (kilobit per second)</description>
+ <description>Bits per second</description>
</valueHelp>
<valueHelp>
- <format>&lt;number&gt;&lt;suffix&gt;</format>
- <description>Rate with scaling suffix (mbit, mbps, ...)</description>
+ <format>&lt;number&gt;bit</format>
+ <description>Bits per second</description>
</valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;kbit</format>
+ <description>Kilobits per second</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;mbit</format>
+ <description>Megabits per second</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;gbit</format>
+ <description>Gigabits per second</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;tbit</format>
+ <description>Terabits per second</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;number&gt;%</format>
+ <description>Percentage of interface link speed</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--positive"/>
+ <regex>(\d+(bit|kbit|mbit|gbit|tbit)?|(100|\d(\d)?)%)</regex>
+ </constraint>
</properties>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/qos/class-match-ipv4-address.xml.i b/interface-definitions/include/qos/class-match-ipv4-address.xml.i
new file mode 100644
index 000000000..8e84c988a
--- /dev/null
+++ b/interface-definitions/include/qos/class-match-ipv4-address.xml.i
@@ -0,0 +1,19 @@
+<!-- include start from qos/class-match-ipv4-address.xml.i -->
+<leafNode name="address">
+ <properties>
+ <help>IPv4 destination address for this match</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 prefix</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv4-prefix"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/qos/class-match-ipv6-address.xml.i b/interface-definitions/include/qos/class-match-ipv6-address.xml.i
new file mode 100644
index 000000000..fd7388127
--- /dev/null
+++ b/interface-definitions/include/qos/class-match-ipv6-address.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from qos/class-match-ipv6-address.xml.i -->
+<leafNode name="address">
+ <properties>
+ <help>IPv6 destination address for this match</help>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/qos/match.xml.i b/interface-definitions/include/qos/class-match.xml.i
index 7d89e4460..4ba12f8f7 100644
--- a/interface-definitions/include/qos/match.xml.i
+++ b/interface-definitions/include/qos/class-match.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from qos/match.xml.i -->
+<!-- include start from qos/class-match.xml.i -->
<tagNode name="match">
<properties>
<help>Class matching rule name</help>
@@ -99,22 +99,11 @@
<help>Match on destination port or address</help>
</properties>
<children>
- <leafNode name="address">
- <properties>
- <help>IPv4 destination address for this match</help>
- <valueHelp>
- <format>ipv4net</format>
- <description>IPv4 address and prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/qos/class-match-ipv4-address.xml.i>
#include <include/port-number.xml.i>
</children>
</node>
- #include <include/qos/dscp.xml.i>
+ #include <include/qos/match-dscp.xml.i>
#include <include/qos/max-length.xml.i>
#include <include/ip-protocol.xml.i>
<node name="source">
@@ -122,18 +111,7 @@
<help>Match on source port or address</help>
</properties>
<children>
- <leafNode name="address">
- <properties>
- <help>IPv4 source address for this match</help>
- <valueHelp>
- <format>ipv4net</format>
- <description>IPv4 address and prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/qos/class-match-ipv4-address.xml.i>
#include <include/port-number.xml.i>
</children>
</node>
@@ -150,22 +128,11 @@
<help>Match on destination port or address</help>
</properties>
<children>
- <leafNode name="address">
- <properties>
- <help>IPv6 destination address for this match</help>
- <valueHelp>
- <format>ipv6net</format>
- <description>IPv6 address and prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="ipv6"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/qos/class-match-ipv6-address.xml.i>
#include <include/port-number.xml.i>
</children>
</node>
- #include <include/qos/dscp.xml.i>
+ #include <include/qos/match-dscp.xml.i>
#include <include/qos/max-length.xml.i>
#include <include/ip-protocol.xml.i>
<node name="source">
@@ -173,18 +140,7 @@
<help>Match on source port or address</help>
</properties>
<children>
- <leafNode name="address">
- <properties>
- <help>IPv6 source address for this match</help>
- <valueHelp>
- <format>ipv6net</format>
- <description>IPv6 address and prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="ipv6"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/qos/class-match-ipv6-address.xml.i>
#include <include/port-number.xml.i>
</children>
</node>
@@ -195,11 +151,11 @@
<properties>
<help>Match on mark applied by firewall</help>
<valueHelp>
- <format>txt</format>
+ <format>u32</format>
<description>FW mark to match</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0x0-0xffff"/>
+ <validator name="numeric" argument="--range 0-4294967295"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/qos/limiter-actions.xml.i b/interface-definitions/include/qos/class-police-exceed.xml.i
index a993423aa..ee2ce16a8 100644
--- a/interface-definitions/include/qos/limiter-actions.xml.i
+++ b/interface-definitions/include/qos/class-police-exceed.xml.i
@@ -1,13 +1,13 @@
-<!-- include start from qos/limiter-actions.xml.i -->
-<leafNode name="exceed-action">
+<!-- include start from qos/police.xml.i -->
+<leafNode name="exceed">
<properties>
- <help>Default action for packets exceeding the limiter (default: drop)</help>
+ <help>Default action for packets exceeding the limiter</help>
<completionHelp>
<list>continue drop ok reclassify pipe</list>
</completionHelp>
<valueHelp>
<format>continue</format>
- <description>Don't do anything, just continue with the next action in line</description>
+ <description>Do not do anything, just continue with the next action in line</description>
</valueHelp>
<valueHelp>
<format>drop</format>
@@ -31,15 +31,15 @@
</properties>
<defaultValue>drop</defaultValue>
</leafNode>
-<leafNode name="notexceed-action">
+<leafNode name="not-exceed">
<properties>
- <help>Default action for packets not exceeding the limiter (default: ok)</help>
+ <help>Default action for packets not exceeding the limiter</help>
<completionHelp>
<list>continue drop ok reclassify pipe</list>
</completionHelp>
<valueHelp>
<format>continue</format>
- <description>Don't do anything, just continue with the next action in line</description>
+ <description>Do not do anything, just continue with the next action in line</description>
</valueHelp>
<valueHelp>
<format>drop</format>
diff --git a/interface-definitions/include/qos/class-priority.xml.i b/interface-definitions/include/qos/class-priority.xml.i
new file mode 100644
index 000000000..3fd848c93
--- /dev/null
+++ b/interface-definitions/include/qos/class-priority.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from qos/class-priority.xml.i -->
+<leafNode name="priority">
+ <properties>
+ <help>Priority for rule evaluation</help>
+ <valueHelp>
+ <format>u32:0-20</format>
+ <description>Priority for match rule evaluation</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-20"/>
+ </constraint>
+ <constraintErrorMessage>Priority must be between 0 and 20</constraintErrorMessage>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/qos/dscp.xml.i b/interface-definitions/include/qos/match-dscp.xml.i
index bb90850ac..2d2fd0a57 100644
--- a/interface-definitions/include/qos/dscp.xml.i
+++ b/interface-definitions/include/qos/match-dscp.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from qos/dscp.xml.i -->
+<!-- include start from qos/match-dscp.xml.i -->
<leafNode name="dscp">
<properties>
<help>Match on Differentiated Services Codepoint (DSCP)</help>
@@ -137,7 +137,6 @@
<validator name="numeric" argument="--range 0-63"/>
<regex>(default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network|AF11|AF12|AF13|AF21|AF22|AF23|AF31|AF32|AF33|AF41|AF42|AF43|CS1|CS2|CS3|CS4|CS5|CS6|CS7|EF)</regex>
</constraint>
- <constraintErrorMessage>Priority must be between 0 and 63</constraintErrorMessage>
</properties>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/qos/max-length.xml.i b/interface-definitions/include/qos/max-length.xml.i
index 4cc20f8c4..64cdd02ec 100644
--- a/interface-definitions/include/qos/max-length.xml.i
+++ b/interface-definitions/include/qos/max-length.xml.i
@@ -1,15 +1,15 @@
<!-- include start from qos/max-length.xml.i -->
<leafNode name="max-length">
<properties>
- <help>Maximum packet length (ipv4)</help>
+ <help>Maximum packet length</help>
<valueHelp>
- <format>u32:0-65535</format>
+ <format>u32:1-65535</format>
<description>Maximum packet/payload length</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 0-65535"/>
+ <validator name="numeric" argument="--range 1-65535"/>
</constraint>
- <constraintErrorMessage>Maximum IPv4 total packet length is 65535</constraintErrorMessage>
+ <constraintErrorMessage>Maximum packet length is 65535</constraintErrorMessage>
</properties>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/qos/queue-type.xml.i b/interface-definitions/include/qos/queue-type.xml.i
index 634f61024..c7d4cde82 100644
--- a/interface-definitions/include/qos/queue-type.xml.i
+++ b/interface-definitions/include/qos/queue-type.xml.i
@@ -3,28 +3,31 @@
<properties>
<help>Queue type for default traffic</help>
<completionHelp>
- <list>fq-codel fair-queue drop-tail random-detect</list>
+ <list>drop-tail fair-queue fq-codel priority random-detect</list>
</completionHelp>
<valueHelp>
- <format>fq-codel</format>
- <description>Fair Queue Codel</description>
+ <format>drop-tail</format>
+ <description>First-In-First-Out (FIFO)</description>
</valueHelp>
<valueHelp>
<format>fair-queue</format>
<description>Stochastic Fair Queue (SFQ)</description>
</valueHelp>
<valueHelp>
- <format>drop-tail</format>
- <description>First-In-First-Out (FIFO)</description>
+ <format>fq-codel</format>
+ <description>Fair Queue Codel</description>
+ </valueHelp>
+ <valueHelp>
+ <format>priority</format>
+ <description>Priority queuing</description>
</valueHelp>
<valueHelp>
<format>random-detect</format>
<description>Random Early Detection (RED)</description>
</valueHelp>
<constraint>
- <regex>(fq-codel|fair-queue|drop-tail|random-detect)</regex>
+ <regex>(drop-tail|fair-queue|fq-codel|priority|random-detect)</regex>
</constraint>
</properties>
- <defaultValue>drop-tail</defaultValue>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/qos/set-dscp.xml.i b/interface-definitions/include/qos/set-dscp.xml.i
index 55c0ea44d..07f33783f 100644
--- a/interface-definitions/include/qos/set-dscp.xml.i
+++ b/interface-definitions/include/qos/set-dscp.xml.i
@@ -3,7 +3,7 @@
<properties>
<help>Change the Differentiated Services (DiffServ) field in the IP header</help>
<completionHelp>
- <list>default reliability throughput lowdelay priority immediate flash flash-override critical internet network</list>
+ <list>default reliability throughput lowdelay priority immediate flash flash-override critical internet network AF11 AF12 AF13 AF21 AF22 AF23 AF31 AF32 AF33 AF41 AF42 AF43 CS1 CS2 CS3 CS4 CS5 CS6 CS7 EF</list>
</completionHelp>
<valueHelp>
<format>u32:0-63</format>
@@ -53,9 +53,89 @@
<format>network</format>
<description>match DSCP (111000)</description>
</valueHelp>
+ <valueHelp>
+ <format>AF11</format>
+ <description>High-throughput data</description>
+ </valueHelp>
+ <valueHelp>
+ <format>AF12</format>
+ <description>High-throughput data</description>
+ </valueHelp>
+ <valueHelp>
+ <format>AF13</format>
+ <description>High-throughput data</description>
+ </valueHelp>
+ <valueHelp>
+ <format>AF21</format>
+ <description>Low-latency data</description>
+ </valueHelp>
+ <valueHelp>
+ <format>AF22</format>
+ <description>Low-latency data</description>
+ </valueHelp>
+ <valueHelp>
+ <format>AF23</format>
+ <description>Low-latency data</description>
+ </valueHelp>
+ <valueHelp>
+ <format>AF31</format>
+ <description>Multimedia streaming</description>
+ </valueHelp>
+ <valueHelp>
+ <format>AF32</format>
+ <description>Multimedia streaming</description>
+ </valueHelp>
+ <valueHelp>
+ <format>AF33</format>
+ <description>Multimedia streaming</description>
+ </valueHelp>
+ <valueHelp>
+ <format>AF41</format>
+ <description>Multimedia conferencing</description>
+ </valueHelp>
+ <valueHelp>
+ <format>AF42</format>
+ <description>Multimedia conferencing</description>
+ </valueHelp>
+ <valueHelp>
+ <format>AF43</format>
+ <description>Multimedia conferencing</description>
+ </valueHelp>
+ <valueHelp>
+ <format>CS1</format>
+ <description>Low-priority data</description>
+ </valueHelp>
+ <valueHelp>
+ <format>CS2</format>
+ <description>OAM</description>
+ </valueHelp>
+ <valueHelp>
+ <format>CS3</format>
+ <description>Broadcast video</description>
+ </valueHelp>
+ <valueHelp>
+ <format>CS4</format>
+ <description>Real-time interactive</description>
+ </valueHelp>
+ <valueHelp>
+ <format>CS5</format>
+ <description>Signaling</description>
+ </valueHelp>
+ <valueHelp>
+ <format>CS6</format>
+ <description>Network control</description>
+ </valueHelp>
+ <valueHelp>
+ <format>CS7</format>
+ <description></description>
+ </valueHelp>
+ <valueHelp>
+ <format>EF</format>
+ <description>Expedited Forwarding</description>
+ </valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-63"/>
- <regex>(default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network)</regex>
+ <regex>(default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network|AF11|AF12|AF13|AF21|AF22|AF23|AF31|AF32|AF33|AF41|AF42|AF43|CS1|CS2|CS3|CS4|CS5|CS6|CS7|EF)</regex>
</constraint>
<constraintErrorMessage>Priority must be between 0 and 63</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/include/radius-acct-server-ipv4.xml.i b/interface-definitions/include/radius-acct-server-ipv4.xml.i
new file mode 100644
index 000000000..9365aa8e9
--- /dev/null
+++ b/interface-definitions/include/radius-acct-server-ipv4.xml.i
@@ -0,0 +1,26 @@
+<!-- include start from radius-acct-server-ipv4.xml.i -->
+<node name="radius">
+ <properties>
+ <help>RADIUS accounting for users OpenConnect VPN sessions OpenConnect authentication mode radius</help>
+ </properties>
+ <children>
+ <tagNode name="server">
+ <properties>
+ <help>RADIUS server configuration</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>RADIUS server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/generic-disable-node.xml.i>
+ #include <include/radius-server-key.xml.i>
+ #include <include/radius-server-acct-port.xml.i>
+ </children>
+ </tagNode>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/radius-server-ipv4.xml.i b/interface-definitions/include/radius-auth-server-ipv4.xml.i
index ab4c8e10e..dc6f4d878 100644
--- a/interface-definitions/include/radius-server-ipv4.xml.i
+++ b/interface-definitions/include/radius-auth-server-ipv4.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from radius-server-ipv4.xml.i -->
+<!-- include start from radius-auth-server-ipv4.xml.i -->
<node name="radius">
<properties>
<help>RADIUS based user authentication</help>
@@ -19,7 +19,7 @@
<children>
#include <include/generic-disable-node.xml.i>
#include <include/radius-server-key.xml.i>
- #include <include/radius-server-port.xml.i>
+ #include <include/radius-server-auth-port.xml.i>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/include/radius-server-acct-port.xml.i b/interface-definitions/include/radius-server-acct-port.xml.i
new file mode 100644
index 000000000..0b356fa18
--- /dev/null
+++ b/interface-definitions/include/radius-server-acct-port.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from radius-server-acct-port.xml.i -->
+<leafNode name="port">
+ <properties>
+ <help>Accounting port</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Numeric IP port</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>1813</defaultValue>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/radius-server-port.xml.i b/interface-definitions/include/radius-server-auth-port.xml.i
index c6b691a0f..660fa540f 100644
--- a/interface-definitions/include/radius-server-port.xml.i
+++ b/interface-definitions/include/radius-server-auth-port.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from radius-server-port.xml.i -->
+<!-- include start from radius-server-auth-port.xml.i -->
<leafNode name="port">
<properties>
<help>Authentication port</help>
diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
index 5b12bec62..c593512b4 100644
--- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
+++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
@@ -23,7 +23,7 @@
<children>
#include <include/generic-disable-node.xml.i>
#include <include/radius-server-key.xml.i>
- #include <include/radius-server-port.xml.i>
+ #include <include/radius-server-auth-port.xml.i>
</children>
</tagNode>
<leafNode name="source-address">
diff --git a/interface-definitions/include/radius-timeout.xml.i b/interface-definitions/include/radius-timeout.xml.i
new file mode 100644
index 000000000..22bb6d312
--- /dev/null
+++ b/interface-definitions/include/radius-timeout.xml.i
@@ -0,0 +1,16 @@
+<!-- include start from radius-timeout.xml.i -->
+<leafNode name="timeout">
+ <properties>
+ <help>Session timeout</help>
+ <valueHelp>
+ <format>u32:1-240</format>
+ <description>Session timeout in seconds (default: 2)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-240"/>
+ </constraint>
+ <constraintErrorMessage>Timeout must be between 1 and 240 seconds</constraintErrorMessage>
+ </properties>
+ <defaultValue>2</defaultValue>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/rip/interface.xml.i b/interface-definitions/include/rip/interface.xml.i
index baeceac1c..e0792cdc1 100644
--- a/interface-definitions/include/rip/interface.xml.i
+++ b/interface-definitions/include/rip/interface.xml.i
@@ -10,7 +10,7 @@
<description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
<children>
diff --git a/interface-definitions/include/routing-passive-interface.xml.i b/interface-definitions/include/routing-passive-interface.xml.i
index 095b683de..fe229aebe 100644
--- a/interface-definitions/include/routing-passive-interface.xml.i
+++ b/interface-definitions/include/routing-passive-interface.xml.i
@@ -16,7 +16,7 @@
</valueHelp>
<constraint>
<regex>(default)</regex>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
<multi/>
</properties>
diff --git a/interface-definitions/include/server-ipv4-fqdn.xml.i b/interface-definitions/include/server-ipv4-fqdn.xml.i
new file mode 100644
index 000000000..7bab9812c
--- /dev/null
+++ b/interface-definitions/include/server-ipv4-fqdn.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from server-ipv4-fqdn.xml.i -->
+<leafNode name="server">
+ <properties>
+ <help>Remote server to connect to</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Server IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>hostname</format>
+ <description>Server hostname/FQDN</description>
+ </valueHelp>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/source-interface.xml.i b/interface-definitions/include/source-interface.xml.i
index a9c2a0f9d..4c1fddb57 100644
--- a/interface-definitions/include/source-interface.xml.i
+++ b/interface-definitions/include/source-interface.xml.i
@@ -10,7 +10,7 @@
<script>${vyos_completion_dir}/list_interfaces.py</script>
</completionHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/static/static-route-interface.xml.i b/interface-definitions/include/static/static-route-interface.xml.i
index ed4f455e5..cc7a92612 100644
--- a/interface-definitions/include/static/static-route-interface.xml.i
+++ b/interface-definitions/include/static/static-route-interface.xml.i
@@ -10,7 +10,7 @@
<description>Gateway interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/static/static-route.xml.i b/interface-definitions/include/static/static-route.xml.i
index 2de5dc58f..aeb2044c9 100644
--- a/interface-definitions/include/static/static-route.xml.i
+++ b/interface-definitions/include/static/static-route.xml.i
@@ -14,6 +14,7 @@
#include <include/static/static-route-blackhole.xml.i>
#include <include/static/static-route-reject.xml.i>
#include <include/dhcp-interface.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="interface">
<properties>
<help>Next-hop IPv4 router interface</help>
@@ -25,7 +26,7 @@
<description>Gateway interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
<children>
diff --git a/interface-definitions/include/static/static-route6.xml.i b/interface-definitions/include/static/static-route6.xml.i
index 35feef41c..d5e7a25bc 100644
--- a/interface-definitions/include/static/static-route6.xml.i
+++ b/interface-definitions/include/static/static-route6.xml.i
@@ -13,6 +13,7 @@
<children>
#include <include/static/static-route-blackhole.xml.i>
#include <include/static/static-route-reject.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="interface">
<properties>
<help>IPv6 gateway interface name</help>
@@ -24,7 +25,7 @@
<description>Gateway interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
<children>
diff --git a/interface-definitions/include/version/container-version.xml.i b/interface-definitions/include/version/container-version.xml.i
new file mode 100644
index 000000000..129469cec
--- /dev/null
+++ b/interface-definitions/include/version/container-version.xml.i
@@ -0,0 +1,3 @@
+<!-- include start from include/version/container-version.xml.i -->
+<syntaxVersion component='container' version='1'></syntaxVersion>
+<!-- include end -->
diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i
index 065925319..bc04f8d51 100644
--- a/interface-definitions/include/version/firewall-version.xml.i
+++ b/interface-definitions/include/version/firewall-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/firewall-version.xml.i -->
-<syntaxVersion component='firewall' version='8'></syntaxVersion>
+<syntaxVersion component='firewall' version='9'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/https-version.xml.i b/interface-definitions/include/version/https-version.xml.i
index 586083649..111076974 100644
--- a/interface-definitions/include/version/https-version.xml.i
+++ b/interface-definitions/include/version/https-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/https-version.xml.i -->
-<syntaxVersion component='https' version='3'></syntaxVersion>
+<syntaxVersion component='https' version='4'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/ipsec-version.xml.i b/interface-definitions/include/version/ipsec-version.xml.i
index 1c978e8e6..8d019b466 100644
--- a/interface-definitions/include/version/ipsec-version.xml.i
+++ b/interface-definitions/include/version/ipsec-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/ipsec-version.xml.i -->
-<syntaxVersion component='ipsec' version='10'></syntaxVersion>
+<syntaxVersion component='ipsec' version='11'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/ntp-version.xml.i b/interface-definitions/include/version/ntp-version.xml.i
index cc4ff9a1c..9eafbf7f0 100644
--- a/interface-definitions/include/version/ntp-version.xml.i
+++ b/interface-definitions/include/version/ntp-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/ntp-version.xml.i -->
-<syntaxVersion component='ntp' version='1'></syntaxVersion>
+<syntaxVersion component='ntp' version='2'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/policy-version.xml.i b/interface-definitions/include/version/policy-version.xml.i
index 89bde20c7..f1494eaa3 100644
--- a/interface-definitions/include/version/policy-version.xml.i
+++ b/interface-definitions/include/version/policy-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/policy-version.xml.i -->
-<syntaxVersion component='policy' version='4'></syntaxVersion>
+<syntaxVersion component='policy' version='5'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/qos-version.xml.i b/interface-definitions/include/version/qos-version.xml.i
index e4d139349..c67e61e91 100644
--- a/interface-definitions/include/version/qos-version.xml.i
+++ b/interface-definitions/include/version/qos-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/qos-version.xml.i -->
-<syntaxVersion component='qos' version='1'></syntaxVersion>
+<syntaxVersion component='qos' version='2'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/snmp-version.xml.i b/interface-definitions/include/version/snmp-version.xml.i
index 0416288f0..fa58672a5 100644
--- a/interface-definitions/include/version/snmp-version.xml.i
+++ b/interface-definitions/include/version/snmp-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/snmp-version.xml.i -->
-<syntaxVersion component='snmp' version='2'></syntaxVersion>
+<syntaxVersion component='snmp' version='3'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/vrrp/garp.xml.i b/interface-definitions/include/vrrp/garp.xml.i
new file mode 100644
index 000000000..b56b490df
--- /dev/null
+++ b/interface-definitions/include/vrrp/garp.xml.i
@@ -0,0 +1,78 @@
+<!-- include start from vrrp/garp.xml.i -->
+<node name="garp">
+ <properties>
+ <help>Gratuitous ARP parameters</help>
+ </properties>
+ <children>
+ <leafNode name="interval">
+ <properties>
+ <help>Interval between Gratuitous ARP</help>
+ <valueHelp>
+ <format>&lt;0.000-1000&gt;</format>
+ <description>Interval in seconds, resolution microseconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0.000-1000 --float"/>
+ </constraint>
+ </properties>
+ <defaultValue>0</defaultValue>
+ </leafNode>
+ <leafNode name="master-delay">
+ <properties>
+ <help>Delay for second set of gratuitous ARPs after transition to master</help>
+ <valueHelp>
+ <format>u32:1-1000</format>
+ <description>Delay in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-1000"/>
+ </constraint>
+ </properties>
+ <defaultValue>5</defaultValue>
+ </leafNode>
+ <leafNode name="master-refresh">
+ <properties>
+ <help>Minimum time interval for refreshing gratuitous ARPs while beeing master</help>
+ <valueHelp>
+ <format>u32:0</format>
+ <description>No refresh</description>
+ </valueHelp>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>Interval in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ <defaultValue>5</defaultValue>
+ </leafNode>
+ <leafNode name="master-refresh-repeat">
+ <properties>
+ <help>Number of gratuitous ARP messages to send at a time while beeing master</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>Number of gratuitous ARP messages</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ <defaultValue>1</defaultValue>
+ </leafNode>
+ <leafNode name="master-repeat">
+ <properties>
+ <help>Number of gratuitous ARP messages to send at a time after transition to master</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>Number of gratuitous ARP messages</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ <defaultValue>5</defaultValue>
+ </leafNode>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in
index 41e4a68a8..6e8c5283a 100644
--- a/interface-definitions/interfaces-bonding.xml.in
+++ b/interface-definitions/interfaces-bonding.xml.in
@@ -49,14 +49,13 @@
</leafNode>
</children>
</node>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/dhcp-options.xml.i>
#include <include/interface/dhcpv6-options.xml.i>
#include <include/interface/disable-link-detect.xml.i>
#include <include/interface/disable.xml.i>
#include <include/interface/vrf.xml.i>
#include <include/interface/mirror.xml.i>
- #include <include/interface/interface-policy.xml.i>
<leafNode name="hash-policy">
<properties>
<help>Bonding transmit hash policy</help>
@@ -200,7 +199,7 @@
<description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
<multi/>
</properties>
@@ -219,7 +218,7 @@
<description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index 1e11cd4c6..1636411ec 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -34,14 +34,13 @@
</properties>
<defaultValue>300</defaultValue>
</leafNode>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/dhcp-options.xml.i>
#include <include/interface/dhcpv6-options.xml.i>
#include <include/interface/disable-link-detect.xml.i>
#include <include/interface/disable.xml.i>
#include <include/interface/vrf.xml.i>
#include <include/interface/mtu-68-16000.xml.i>
- #include <include/interface/interface-policy.xml.i>
<leafNode name="forwarding-delay">
<properties>
<help>Forwarding delay</help>
@@ -151,7 +150,7 @@
<description>VLAN id range allowed on this interface (use '-' as delimiter)</description>
</valueHelp>
<constraint>
- <validator name="allowed-vlan"/>
+ <validator name="numeric" argument="--allow-range --range 1-4094"/>
</constraint>
<constraintErrorMessage>not a valid VLAN ID value or range</constraintErrorMessage>
<multi/>
diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in
index fb36741f7..00784fcdf 100644
--- a/interface-definitions/interfaces-dummy.xml.in
+++ b/interface-definitions/interfaces-dummy.xml.in
@@ -17,17 +17,35 @@
</properties>
<children>
#include <include/interface/address-ipv4-ipv6.xml.i>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/disable.xml.i>
- #include <include/interface/interface-policy.xml.i>
<node name="ip">
<properties>
<help>IPv4 routing parameters</help>
</properties>
<children>
#include <include/interface/source-validation.xml.i>
+ #include <include/interface/disable-forwarding.xml.i>
</children>
</node>
+ <node name="ipv6">
+ <properties>
+ <help>IPv6 routing parameters</help>
+ </properties>
+ <children>
+ #include <include/interface/disable-forwarding.xml.i>
+ <node name="address">
+ <properties>
+ <help>IPv6 address configuration modes</help>
+ </properties>
+ <children>
+ #include <include/interface/ipv6-address-eui64.xml.i>
+ #include <include/interface/ipv6-address-no-default-link-local.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
+ #include <include/interface/mtu-68-16000.xml.i>
#include <include/interface/mirror.xml.i>
#include <include/interface/netns.xml.i>
#include <include/interface/redirect.xml.i>
diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in
index 77f130e1c..e7c196c5c 100644
--- a/interface-definitions/interfaces-ethernet.xml.in
+++ b/interface-definitions/interfaces-ethernet.xml.in
@@ -20,7 +20,7 @@
</properties>
<children>
#include <include/interface/address-ipv4-ipv6-dhcp.xml.i>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/dhcp-options.xml.i>
#include <include/interface/dhcpv6-options.xml.i>
<leafNode name="disable-flow-control">
@@ -31,7 +31,6 @@
</leafNode>
#include <include/interface/disable-link-detect.xml.i>
#include <include/interface/disable.xml.i>
- #include <include/interface/interface-policy.xml.i>
<leafNode name="duplex">
<properties>
<help>Duplex mode</help>
diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in
index b959c787d..ac9794870 100644
--- a/interface-definitions/interfaces-geneve.xml.in
+++ b/interface-definitions/interfaces-geneve.xml.in
@@ -17,13 +17,12 @@
</properties>
<children>
#include <include/interface/address-ipv4-ipv6.xml.i>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/disable.xml.i>
#include <include/interface/ipv4-options.xml.i>
#include <include/interface/ipv6-options.xml.i>
#include <include/interface/mac.xml.i>
#include <include/interface/mtu-1450-16000.xml.i>
- #include <include/interface/interface-policy.xml.i>
<node name="parameters">
<properties>
<help>GENEVE tunnel parameters</help>
diff --git a/interface-definitions/interfaces-input.xml.in b/interface-definitions/interfaces-input.xml.in
index d01c760f8..d90cf936f 100644
--- a/interface-definitions/interfaces-input.xml.in
+++ b/interface-definitions/interfaces-input.xml.in
@@ -17,9 +17,8 @@
</valueHelp>
</properties>
<children>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/disable.xml.i>
- #include <include/interface/interface-policy.xml.i>
#include <include/interface/redirect.xml.i>
</children>
</tagNode>
diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in
index bde68dd5a..1f0dd3d19 100644
--- a/interface-definitions/interfaces-l2tpv3.xml.in
+++ b/interface-definitions/interfaces-l2tpv3.xml.in
@@ -17,7 +17,7 @@
</properties>
<children>
#include <include/interface/address-ipv4-ipv6.xml.i>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="destination-port">
<properties>
<help>UDP destination port for L2TPv3 tunnel</help>
@@ -32,7 +32,6 @@
<defaultValue>5000</defaultValue>
</leafNode>
#include <include/interface/disable.xml.i>
- #include <include/interface/interface-policy.xml.i>
<leafNode name="encapsulation">
<properties>
<help>Encapsulation type</help>
diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces-loopback.xml.in
index 7f59db543..fe0944467 100644
--- a/interface-definitions/interfaces-loopback.xml.in
+++ b/interface-definitions/interfaces-loopback.xml.in
@@ -17,7 +17,7 @@
</properties>
<children>
#include <include/interface/address-ipv4-ipv6.xml.i>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
<node name="ip">
<properties>
<help>IPv4 routing parameters</help>
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in
index 5c9f4cd76..4b4f9149d 100644
--- a/interface-definitions/interfaces-macsec.xml.in
+++ b/interface-definitions/interfaces-macsec.xml.in
@@ -21,7 +21,6 @@
#include <include/interface/dhcpv6-options.xml.i>
#include <include/interface/ipv4-options.xml.i>
#include <include/interface/ipv6-options.xml.i>
- #include <include/interface/interface-policy.xml.i>
#include <include/interface/mirror.xml.i>
<node name="security">
<properties>
@@ -116,7 +115,7 @@
</leafNode>
</children>
</node>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/disable.xml.i>
#include <include/interface/mtu-68-16000.xml.i>
<leafNode name="mtu">
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index 3876e31da..63272a25f 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -33,8 +33,7 @@
</leafNode>
</children>
</node>
- #include <include/interface/description.xml.i>
- #include <include/interface/interface-policy.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="device-type">
<properties>
<help>OpenVPN interface device-type</help>
diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in
index 84f76a7ee..c6fd7096b 100644
--- a/interface-definitions/interfaces-pppoe.xml.in
+++ b/interface-definitions/interfaces-pppoe.xml.in
@@ -19,11 +19,10 @@
#include <include/pppoe-access-concentrator.xml.i>
#include <include/interface/authentication.xml.i>
#include <include/interface/dial-on-demand.xml.i>
- #include <include/interface/interface-policy.xml.i>
#include <include/interface/no-default-route.xml.i>
#include <include/interface/default-route-distance.xml.i>
#include <include/interface/dhcpv6-options.xml.i>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/disable.xml.i>
<leafNode name="idle-timeout">
<properties>
@@ -38,6 +37,19 @@
<constraintErrorMessage>Timeout must be in range 0 to 86400</constraintErrorMessage>
</properties>
</leafNode>
+ <leafNode name="host-uniq">
+ <properties>
+ <help>PPPoE RFC2516 host-uniq tag</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Host-uniq tag as byte string in HEX</description>
+ </valueHelp>
+ <constraint>
+ <regex>([a-fA-F0-9][a-fA-F0-9]){1,18}</regex>
+ </constraint>
+ <constraintErrorMessage>Host-uniq must be specified as hex-adecimal byte-string (even number of HEX characters)</constraintErrorMessage>
+ </properties>
+ </leafNode>
<node name="ip">
<properties>
<help>IPv4 routing parameters</help>
@@ -83,12 +95,7 @@
<leafNode name="mtu">
<defaultValue>1492</defaultValue>
</leafNode>
- <leafNode name="no-peer-dns">
- <properties>
- <help>Do not use DNS servers provided by the peer</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface/no-peer-dns.xml.i>
<leafNode name="remote-address">
<properties>
<help>IPv4 address of remote end of the PPPoE link</help>
diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in
index 4eb9bf111..5c73825c3 100644
--- a/interface-definitions/interfaces-pseudo-ethernet.xml.in
+++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in
@@ -17,7 +17,7 @@
</properties>
<children>
#include <include/interface/address-ipv4-ipv6-dhcp.xml.i>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/dhcp-options.xml.i>
#include <include/interface/dhcpv6-options.xml.i>
#include <include/interface/disable-link-detect.xml.i>
@@ -28,7 +28,6 @@
#include <include/source-interface-ethernet.xml.i>
#include <include/interface/mac.xml.i>
#include <include/interface/mirror.xml.i>
- #include <include/interface/interface-policy.xml.i>
<leafNode name="mode">
<properties>
<help>Receive mode (default: private)</help>
diff --git a/interface-definitions/interfaces-sstpc.xml.in b/interface-definitions/interfaces-sstpc.xml.in
new file mode 100644
index 000000000..b569e9bde
--- /dev/null
+++ b/interface-definitions/interfaces-sstpc.xml.in
@@ -0,0 +1,47 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="interfaces">
+ <children>
+ <tagNode name="sstpc" owner="${vyos_conf_scripts_dir}/interfaces-sstpc.py">
+ <properties>
+ <help>Secure Socket Tunneling Protocol (SSTP) client Interface</help>
+ <priority>460</priority>
+ <constraint>
+ <regex>sstpc[0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>Secure Socket Tunneling Protocol interface must be named sstpcN</constraintErrorMessage>
+ <valueHelp>
+ <format>sstpcN</format>
+ <description>Secure Socket Tunneling Protocol interface name</description>
+ </valueHelp>
+ </properties>
+ <children>
+ #include <include/generic-description.xml.i>
+ #include <include/interface/disable.xml.i>
+ #include <include/interface/authentication.xml.i>
+ #include <include/interface/no-default-route.xml.i>
+ #include <include/interface/default-route-distance.xml.i>
+ #include <include/interface/no-peer-dns.xml.i>
+ #include <include/interface/mtu-68-1500.xml.i>
+ <leafNode name="mtu">
+ <defaultValue>1452</defaultValue>
+ </leafNode>
+ #include <include/server-ipv4-fqdn.xml.i>
+ #include <include/port-number.xml.i>
+ <leafNode name="port">
+ <defaultValue>443</defaultValue>
+ </leafNode>
+ <node name="ssl">
+ <properties>
+ <help>Secure Sockets Layer (SSL) configuration</help>
+ </properties>
+ <children>
+ #include <include/pki/ca-certificate.xml.i>
+ </children>
+ </node>
+ #include <include/interface/vrf.xml.i>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in
index fe49d337a..17fe1e285 100644
--- a/interface-definitions/interfaces-tunnel.xml.in
+++ b/interface-definitions/interfaces-tunnel.xml.in
@@ -16,7 +16,7 @@
</valueHelp>
</properties>
<children>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/address-ipv4-ipv6.xml.i>
#include <include/interface/disable.xml.i>
#include <include/interface/disable-link-detect.xml.i>
@@ -29,7 +29,6 @@
#include <include/source-address-ipv4-ipv6.xml.i>
#include <include/interface/tunnel-remote.xml.i>
#include <include/source-interface.xml.i>
- #include <include/interface/interface-policy.xml.i>
<leafNode name="6rd-prefix">
<properties>
<help>6rd network prefix</help>
diff --git a/interface-definitions/interfaces-virtual-ethernet.xml.in b/interface-definitions/interfaces-virtual-ethernet.xml.in
new file mode 100644
index 000000000..864f658da
--- /dev/null
+++ b/interface-definitions/interfaces-virtual-ethernet.xml.in
@@ -0,0 +1,45 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="interfaces">
+ <children>
+ <tagNode name="virtual-ethernet" owner="${vyos_conf_scripts_dir}/interfaces-virtual-ethernet.py">
+ <properties>
+ <help>Virtual Ethernet (veth) Interface</help>
+ <priority>300</priority>
+ <constraint>
+ <regex>veth[0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>Virutal Ethernet interface must be named vethN</constraintErrorMessage>
+ <valueHelp>
+ <format>vethN</format>
+ <description>Virtual Ethernet interface name</description>
+ </valueHelp>
+ </properties>
+ <children>
+ #include <include/interface/address-ipv4-ipv6-dhcp.xml.i>
+ #include <include/generic-description.xml.i>
+ #include <include/interface/dhcp-options.xml.i>
+ #include <include/interface/dhcpv6-options.xml.i>
+ #include <include/interface/disable.xml.i>
+ #include <include/interface/vrf.xml.i>
+ <leafNode name="peer-name">
+ <properties>
+ <help>Virtual ethernet peer interface name</help>
+ <completionHelp>
+ <path>interfaces virtual-ethernet</path>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Name of peer interface</description>
+ </valueHelp>
+ <constraint>
+ <regex>veth[0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>Virutal Ethernet interface must be named vethN</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/interfaces-vti.xml.in b/interface-definitions/interfaces-vti.xml.in
index eeaea0dc3..b116f7386 100644
--- a/interface-definitions/interfaces-vti.xml.in
+++ b/interface-definitions/interfaces-vti.xml.in
@@ -17,7 +17,7 @@
</properties>
<children>
#include <include/interface/address-ipv4-ipv6.xml.i>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/disable.xml.i>
#include <include/interface/ipv4-options.xml.i>
#include <include/interface/ipv6-options.xml.i>
@@ -25,7 +25,6 @@
#include <include/interface/mirror.xml.i>
#include <include/interface/redirect.xml.i>
#include <include/interface/vrf.xml.i>
- #include <include/interface/interface-policy.xml.i>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in
index 4902ff36d..fb60c93d0 100644
--- a/interface-definitions/interfaces-vxlan.xml.in
+++ b/interface-definitions/interfaces-vxlan.xml.in
@@ -17,7 +17,7 @@
</properties>
<children>
#include <include/interface/address-ipv4-ipv6.xml.i>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/disable.xml.i>
<leafNode name="external">
<properties>
@@ -54,7 +54,6 @@
#include <include/interface/mac.xml.i>
#include <include/interface/mtu-1200-16000.xml.i>
#include <include/interface/mirror.xml.i>
- #include <include/interface/interface-policy.xml.i>
<leafNode name="mtu">
<defaultValue>1450</defaultValue>
</leafNode>
diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in
index 23f50d146..6342b21cf 100644
--- a/interface-definitions/interfaces-wireguard.xml.in
+++ b/interface-definitions/interfaces-wireguard.xml.in
@@ -17,11 +17,10 @@
</properties>
<children>
#include <include/interface/address-ipv4-ipv6.xml.i>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/disable.xml.i>
#include <include/port-number.xml.i>
#include <include/interface/mtu-68-16000.xml.i>
- #include <include/interface/interface-policy.xml.i>
#include <include/interface/mirror.xml.i>
<leafNode name="mtu">
<defaultValue>1420</defaultValue>
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index 9e7fc29bc..a9538d577 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -20,7 +20,6 @@
</properties>
<children>
#include <include/interface/address-ipv4-ipv6-dhcp.xml.i>
- #include <include/interface/interface-policy.xml.i>
<node name="capabilities">
<properties>
<help>HT and VHT capabilities for your card</help>
@@ -468,7 +467,7 @@
<constraintErrorMessage>Invalid ISO/IEC 3166-1 Country Code</constraintErrorMessage>
</properties>
</leafNode>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/dhcp-options.xml.i>
#include <include/interface/dhcpv6-options.xml.i>
<leafNode name="disable-broadcast-ssid">
@@ -726,7 +725,7 @@
<constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage>
</properties>
</leafNode>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
<node name="radius">
<children>
<tagNode name="server">
diff --git a/interface-definitions/interfaces-wwan.xml.in b/interface-definitions/interfaces-wwan.xml.in
index b0b8367dc..5fa3be8db 100644
--- a/interface-definitions/interfaces-wwan.xml.in
+++ b/interface-definitions/interfaces-wwan.xml.in
@@ -28,7 +28,7 @@
#include <include/interface/dhcp-options.xml.i>
#include <include/interface/dhcpv6-options.xml.i>
#include <include/interface/authentication.xml.i>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/disable.xml.i>
#include <include/interface/disable-link-detect.xml.i>
#include <include/interface/mirror.xml.i>
@@ -39,7 +39,6 @@
#include <include/interface/ipv4-options.xml.i>
#include <include/interface/ipv6-options.xml.i>
#include <include/interface/dial-on-demand.xml.i>
- #include <include/interface/interface-policy.xml.i>
#include <include/interface/redirect.xml.i>
#include <include/interface/vrf.xml.i>
</children>
diff --git a/interface-definitions/netns.xml.in b/interface-definitions/netns.xml.in
index 088985cb6..87880e96a 100644
--- a/interface-definitions/netns.xml.in
+++ b/interface-definitions/netns.xml.in
@@ -15,7 +15,7 @@
<constraintErrorMessage>Netns name must be alphanumeric and can contain hyphens and underscores.</constraintErrorMessage>
</properties>
<children>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/ntp.xml.in
index 85636a50f..65e40ee32 100644
--- a/interface-definitions/ntp.xml.in
+++ b/interface-definitions/ntp.xml.in
@@ -1,7 +1,7 @@
<?xml version="1.0"?>
<!-- NTP configuration -->
<interfaceDefinition>
- <node name="system">
+ <node name="service">
<children>
<node name="ntp" owner="${vyos_conf_scripts_dir}/ntp.py">
<properties>
@@ -43,12 +43,6 @@
<valueless/>
</properties>
</leafNode>
- <leafNode name="preempt">
- <properties>
- <help>Specifies the association as preemptable rather than the default persistent</help>
- <valueless/>
- </properties>
- </leafNode>
<leafNode name="prefer">
<properties>
<help>Marks the server as preferred</help>
@@ -57,24 +51,33 @@
</leafNode>
</children>
</tagNode>
- <node name="allow-clients">
+ <node name="allow-client">
<properties>
- <help>Network Time Protocol (NTP) server options</help>
+ <help>Specify NTP clients allowed to access the server</help>
</properties>
<children>
<leafNode name="address">
<properties>
<help>IP address</help>
<valueHelp>
+ <format>ipv4</format>
+ <description>Allowed IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
<format>ipv4net</format>
- <description>IP address and prefix length</description>
+ <description>Allowed IPv4 prefix</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>Allowed IPv6 address</description>
</valueHelp>
<valueHelp>
<format>ipv6net</format>
- <description>IPv6 address and prefix length</description>
+ <description>Allowed IPv6 prefix</description>
</valueHelp>
<multi/>
<constraint>
+ <validator name="ip-address"/>
<validator name="ip-prefix"/>
</constraint>
</properties>
diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in
index f480f3bd5..d7b159839 100644
--- a/interface-definitions/policy-route.xml.in
+++ b/interface-definitions/policy-route.xml.in
@@ -12,6 +12,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
+ #include <include/generic-interface-multi.xml.i>
#include <include/firewall/enable-default-log.xml.i>
<tagNode name="rule">
<properties>
@@ -46,10 +47,12 @@
#include <include/firewall/port.xml.i>
</children>
</node>
- #include <include/policy/route-common-rule-ipv6.xml.i>
+ #include <include/policy/route-common.xml.i>
+ #include <include/policy/route-ipv6.xml.i>
#include <include/firewall/dscp.xml.i>
#include <include/firewall/packet-length.xml.i>
#include <include/firewall/hop-limit.xml.i>
+ #include <include/firewall/connection-mark.xml.i>
</children>
</tagNode>
</children>
@@ -64,6 +67,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
+ #include <include/generic-interface-multi.xml.i>
#include <include/firewall/enable-default-log.xml.i>
<tagNode name="rule">
<properties>
@@ -98,10 +102,12 @@
#include <include/firewall/port.xml.i>
</children>
</node>
- #include <include/policy/route-common-rule.xml.i>
+ #include <include/policy/route-common.xml.i>
+ #include <include/policy/route-ipv4.xml.i>
#include <include/firewall/dscp.xml.i>
#include <include/firewall/packet-length.xml.i>
#include <include/firewall/ttl.xml.i>
+ #include <include/firewall/connection-mark.xml.i>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index 6c60276d5..b3745fda0 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -1356,6 +1356,26 @@
</leafNode>
</children>
</node>
+ <node name="l3vpn-nexthop">
+ <properties>
+ <help>Next hop Information</help>
+ </properties>
+ <children>
+ <node name="encapsulation">
+ <properties>
+ <help>Encapsulation options (for BGP only)</help>
+ </properties>
+ <children>
+ <leafNode name="gre">
+ <properties>
+ <help>Accept L3VPN traffic over GRE encapsulation</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
<leafNode name="local-preference">
<properties>
<help>BGP local preference attribute</help>
diff --git a/interface-definitions/protocols-failover.xml.in b/interface-definitions/protocols-failover.xml.in
new file mode 100644
index 000000000..900c76eab
--- /dev/null
+++ b/interface-definitions/protocols-failover.xml.in
@@ -0,0 +1,114 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="protocols">
+ <children>
+ <node name="failover" owner="${vyos_conf_scripts_dir}/protocols_failover.py">
+ <properties>
+ <help>Failover Routing</help>
+ <priority>490</priority>
+ </properties>
+ <children>
+ <tagNode name="route">
+ <properties>
+ <help>Failover IPv4 route</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 failover route</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ </constraint>
+ </properties>
+ <children>
+ <tagNode name="next-hop">
+ <properties>
+ <help>Next-hop IPv4 router address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Next-hop router address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ <children>
+ <node name="check">
+ <properties>
+ <help>Check target options</help>
+ </properties>
+ <children>
+ #include <include/port-number.xml.i>
+ <leafNode name="target">
+ <properties>
+ <help>Check target address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Address to check</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="timeout">
+ <properties>
+ <help>Timeout between checks</help>
+ <valueHelp>
+ <format>u32:1-300</format>
+ <description>Timeout in seconds between checks</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ <defaultValue>10</defaultValue>
+ </leafNode>
+ <leafNode name="type">
+ <properties>
+ <help>Check type</help>
+ <completionHelp>
+ <list>arp icmp tcp</list>
+ </completionHelp>
+ <valueHelp>
+ <format>arp</format>
+ <description>Check target by ARP</description>
+ </valueHelp>
+ <valueHelp>
+ <format>icmp</format>
+ <description>Check target by ICMP</description>
+ </valueHelp>
+ <valueHelp>
+ <format>tcp</format>
+ <description>Check target by TCP</description>
+ </valueHelp>
+ <constraint>
+ <regex>(arp|icmp|tcp)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>icmp</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ #include <include/static/static-route-interface.xml.i>
+ <leafNode name="metric">
+ <properties>
+ <help>Route metric for this gateway</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>Route metric</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ <defaultValue>1</defaultValue>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/protocols-rip.xml.in b/interface-definitions/protocols-rip.xml.in
index 2195b0316..33aae5015 100644
--- a/interface-definitions/protocols-rip.xml.in
+++ b/interface-definitions/protocols-rip.xml.in
@@ -39,7 +39,7 @@
<script>${vyos_completion_dir}/list_interfaces.py</script>
</completionHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
<children>
diff --git a/interface-definitions/protocols-ripng.xml.in b/interface-definitions/protocols-ripng.xml.in
index d7e4b2514..cd35dbf53 100644
--- a/interface-definitions/protocols-ripng.xml.in
+++ b/interface-definitions/protocols-ripng.xml.in
@@ -40,7 +40,7 @@
<script>${vyos_completion_dir}/list_interfaces.py</script>
</completionHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
<children>
diff --git a/interface-definitions/protocols-rpki.xml.in b/interface-definitions/protocols-rpki.xml.in
index 4535d3990..0098cacb6 100644
--- a/interface-definitions/protocols-rpki.xml.in
+++ b/interface-definitions/protocols-rpki.xml.in
@@ -51,7 +51,7 @@
<properties>
<help>RPKI SSH known hosts file</help>
<constraint>
- <validator name="file-exists"/>
+ <validator name="file-path"/>
</constraint>
</properties>
</leafNode>
@@ -59,7 +59,7 @@
<properties>
<help>RPKI SSH private key file</help>
<constraint>
- <validator name="file-exists"/>
+ <validator name="file-path"/>
</constraint>
</properties>
</leafNode>
@@ -67,7 +67,7 @@
<properties>
<help>RPKI SSH public key file path</help>
<constraint>
- <validator name="file-exists"/>
+ <validator name="file-path"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/protocols-static-arp.xml.in b/interface-definitions/protocols-static-arp.xml.in
index 8b1b3b5e1..52caf435a 100644
--- a/interface-definitions/protocols-static-arp.xml.in
+++ b/interface-definitions/protocols-static-arp.xml.in
@@ -20,7 +20,7 @@
<description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
<children>
diff --git a/interface-definitions/protocols-static.xml.in b/interface-definitions/protocols-static.xml.in
index e89433022..ca4ca2d74 100644
--- a/interface-definitions/protocols-static.xml.in
+++ b/interface-definitions/protocols-static.xml.in
@@ -26,6 +26,13 @@
</constraint>
</properties>
<children>
+ <!--
+ iproute2 only considers the first "word" until whitespace in the name field
+ but does not complain about special characters.
+ We put an artificial limit here to make table descriptions potentially valid node names
+ to avoid quoting and simplify future syntax changes if we decide to make any.
+ -->
+ #include <include/generic-description.xml.i>
#include <include/static/static-route.xml.i>
#include <include/static/static-route6.xml.i>
</children>
diff --git a/interface-definitions/qos.xml.in b/interface-definitions/qos.xml.in
index e2dbcbeef..757c1f856 100644
--- a/interface-definitions/qos.xml.in
+++ b/interface-definitions/qos.xml.in
@@ -3,6 +3,7 @@
<node name="qos" owner="${vyos_conf_scripts_dir}/qos.py">
<properties>
<help>Quality of Service (QoS)</help>
+ <priority>900</priority>
</properties>
<children>
<tagNode name="interface">
@@ -16,7 +17,7 @@
<description>Interface name</description>
</valueHelp>
<constraint>
- <validator name="interface-name"/>
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
<children>
@@ -24,54 +25,137 @@
<properties>
<help>Interface ingress traffic policy</help>
<completionHelp>
- <path>traffic-policy drop-tail</path>
- <path>traffic-policy fair-queue</path>
- <path>traffic-policy fq-codel</path>
- <path>traffic-policy limiter</path>
- <path>traffic-policy network-emulator</path>
- <path>traffic-policy priority-queue</path>
- <path>traffic-policy random-detect</path>
- <path>traffic-policy rate-control</path>
- <path>traffic-policy round-robin</path>
- <path>traffic-policy shaper</path>
- <path>traffic-policy shaper-hfsc</path>
+ <path>qos policy limiter</path>
</completionHelp>
<valueHelp>
<format>txt</format>
- <description>QoS Policy name</description>
+ <description>QoS policy to use</description>
</valueHelp>
+ <constraint>
+ <regex>[[:alnum:]][-_[:alnum:]]*</regex>
+ </constraint>
+ <constraintErrorMessage>Only alpha-numeric policy name allowed</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="egress">
<properties>
<help>Interface egress traffic policy</help>
<completionHelp>
- <path>traffic-policy drop-tail</path>
- <path>traffic-policy fair-queue</path>
- <path>traffic-policy fq-codel</path>
- <path>traffic-policy limiter</path>
- <path>traffic-policy network-emulator</path>
- <path>traffic-policy priority-queue</path>
- <path>traffic-policy random-detect</path>
- <path>traffic-policy rate-control</path>
- <path>traffic-policy round-robin</path>
- <path>traffic-policy shaper</path>
- <path>traffic-policy shaper-hfsc</path>
+ <path>qos policy cake</path>
+ <path>qos policy drop-tail</path>
+ <path>qos policy fair-queue</path>
+ <path>qos policy fq-codel</path>
+ <path>qos policy network-emulator</path>
+ <path>qos policy priority-queue</path>
+ <path>qos policy random-detect</path>
+ <path>qos policy rate-control</path>
+ <path>qos policy round-robin</path>
+ <path>qos policy shaper</path>
+ <path>qos policy shaper-hfsc</path>
</completionHelp>
<valueHelp>
<format>txt</format>
- <description>QoS Policy name</description>
+ <description>QoS policy to use</description>
</valueHelp>
+ <constraint>
+ <regex>[[:alnum:]][-_[:alnum:]]*</regex>
+ </constraint>
+ <constraintErrorMessage>Only alpha-numeric policy name allowed</constraintErrorMessage>
</properties>
</leafNode>
</children>
</tagNode>
- <node name="policy" owner="${vyos_conf_scripts_dir}/qos.py">
+ <node name="policy">
<properties>
<help>Service Policy definitions</help>
- <priority>900</priority>
</properties>
<children>
+ <tagNode name="cake">
+ <properties>
+ <help>Common Applications Kept Enhanced (CAKE)</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Policy name</description>
+ </valueHelp>
+ <constraint>
+ <regex>[[:alnum:]][-_[:alnum:]]*</regex>
+ </constraint>
+ <constraintErrorMessage>Only alpha-numeric policy name allowed</constraintErrorMessage>
+ </properties>
+ <children>
+ #include <include/generic-description.xml.i>
+ #include <include/qos/bandwidth.xml.i>
+ <node name="flow-isolation">
+ <properties>
+ <help>Flow isolation settings</help>
+ </properties>
+ <children>
+ <leafNode name="blind">
+ <properties>
+ <help>Disables flow isolation, all traffic passes through a single queue</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="src-host">
+ <properties>
+ <help>Flows are defined only by source address</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="dst-host">
+ <properties>
+ <help>Flows are defined only by destination address</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="host">
+ <properties>
+ <help>Flows are defined by source-destination host pairs</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="flow">
+ <properties>
+ <help>Flows are defined by the entire 5-tuple</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="dual-src-host">
+ <properties>
+ <help>Flows are defined by the 5-tuple, and fairness is applied first over source addresses, then over individual flows</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="dual-dst-host">
+ <properties>
+ <help>Flows are defined by the 5-tuple, and fairness is applied first over destination addresses, then over individual flows</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="nat">
+ <properties>
+ <help>Perform NAT lookup before applying flow-isolation rules</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="rtt">
+ <properties>
+ <help>Round-Trip-Time for Active Queue Management (AQM)</help>
+ <valueHelp>
+ <format>u32:1-3600000</format>
+ <description>RTT in ms</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-3600000"/>
+ </constraint>
+ <constraintErrorMessage>RTT must be in range 1 to 3600000 milli-seconds</constraintErrorMessage>
+ </properties>
+ <defaultValue>100</defaultValue>
+ </leafNode>
+ </children>
+ </tagNode>
<tagNode name="drop-tail">
<properties>
<help>Packet limited First In, First Out queue</help>
@@ -125,13 +209,13 @@
<properties>
<help>Upper limit of the SFQ</help>
<valueHelp>
- <format>u32:2-127</format>
+ <format>u32:1-127</format>
<description>Queue size in packets</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 2-127"/>
+ <validator name="numeric" argument="--range 1-127"/>
</constraint>
- <constraintErrorMessage>Queue limit must greater than 1 and less than 128</constraintErrorMessage>
+ <constraintErrorMessage>Queue limit must be in range 1 to 127</constraintErrorMessage>
</properties>
<defaultValue>127</defaultValue>
</leafNode>
@@ -139,7 +223,7 @@
</tagNode>
<tagNode name="fq-codel">
<properties>
- <help>Fair Queuing Controlled Delay</help>
+ <help>Fair Queuing (FQ) with Controlled Delay (CoDel)</help>
<valueHelp>
<format>txt</format>
<description>Policy name</description>
@@ -171,6 +255,7 @@
<constraintErrorMessage>Only alpha-numeric policy name allowed</constraintErrorMessage>
</properties>
<children>
+ #include <include/generic-description.xml.i>
<tagNode name="class">
<properties>
<help>Class ID</help>
@@ -184,23 +269,13 @@
<constraintErrorMessage>Class identifier must be between 1 and 4090</constraintErrorMessage>
</properties>
<children>
+ #include <include/generic-description.xml.i>
#include <include/qos/bandwidth.xml.i>
#include <include/qos/burst.xml.i>
- #include <include/generic-description.xml.i>
- #include <include/qos/match.xml.i>
- #include <include/qos/limiter-actions.xml.i>
+ #include <include/qos/class-police-exceed.xml.i>
+ #include <include/qos/class-match.xml.i>
+ #include <include/qos/class-priority.xml.i>
<leafNode name="priority">
- <properties>
- <help>Priority for rule evaluation</help>
- <valueHelp>
- <format>u32:0-20</format>
- <description>Priority for match rule evaluation</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-20"/>
- </constraint>
- <constraintErrorMessage>Priority must be between 0 and 20</constraintErrorMessage>
- </properties>
<defaultValue>20</defaultValue>
</leafNode>
</children>
@@ -212,10 +287,9 @@
<children>
#include <include/qos/bandwidth.xml.i>
#include <include/qos/burst.xml.i>
- #include <include/qos/limiter-actions.xml.i>
+ #include <include/qos/class-police-exceed.xml.i>
</children>
</node>
- #include <include/generic-description.xml.i>
</children>
</tagNode>
<tagNode name="network-emulator">
@@ -231,10 +305,9 @@
<constraintErrorMessage>Only alpha-numeric policy name allowed</constraintErrorMessage>
</properties>
<children>
- #include <include/qos/bandwidth.xml.i>
- #include <include/qos/burst.xml.i>
#include <include/generic-description.xml.i>
- <leafNode name="network-delay">
+ #include <include/qos/bandwidth.xml.i>
+ <leafNode name="delay">
<properties>
<help>Adds delay to packets outgoing to chosen network interface</help>
<valueHelp>
@@ -247,7 +320,7 @@
<constraintErrorMessage>Priority must be between 0 and 65535</constraintErrorMessage>
</properties>
</leafNode>
- <leafNode name="packet-corruption">
+ <leafNode name="corruption">
<properties>
<help>Introducing error in a random position for chosen percent of packets</help>
<valueHelp>
@@ -260,9 +333,9 @@
<constraintErrorMessage>Priority must be between 0 and 100</constraintErrorMessage>
</properties>
</leafNode>
- <leafNode name="packet-loss">
+ <leafNode name="duplicate">
<properties>
- <help>Add independent loss probability to the packets outgoing to chosen network interface</help>
+ <help>Cosen percent of packets is duplicated before queuing them</help>
<valueHelp>
<format>&lt;number&gt;</format>
<description>Percentage of packets affected</description>
@@ -270,10 +343,10 @@
<constraint>
<validator name="numeric" argument="--range 0-100"/>
</constraint>
- <constraintErrorMessage>Must be between 0 and 100</constraintErrorMessage>
+ <constraintErrorMessage>Priority must be between 0 and 100</constraintErrorMessage>
</properties>
</leafNode>
- <leafNode name="packet-loss">
+ <leafNode name="loss">
<properties>
<help>Add independent loss probability to the packets outgoing to chosen network interface</help>
<valueHelp>
@@ -286,9 +359,9 @@
<constraintErrorMessage>Must be between 0 and 100</constraintErrorMessage>
</properties>
</leafNode>
- <leafNode name="packet-loss">
+ <leafNode name="reordering">
<properties>
- <help>Packet reordering percentage</help>
+ <help>Emulated packet reordering percentage</help>
<valueHelp>
<format>&lt;number&gt;</format>
<description>Percentage of packets affected</description>
@@ -315,6 +388,7 @@
<constraintErrorMessage>Only alpha-numeric policy name allowed</constraintErrorMessage>
</properties>
<children>
+ #include <include/generic-description.xml.i>
<tagNode name="class">
<properties>
<help>Class Handle</help>
@@ -332,10 +406,13 @@
#include <include/qos/codel-quantum.xml.i>
#include <include/qos/flows.xml.i>
#include <include/qos/interval.xml.i>
- #include <include/qos/match.xml.i>
- #include <include/qos/queue-limit-2-10999.xml.i>
- #include <include/qos/target.xml.i>
+ #include <include/qos/class-match.xml.i>
+ #include <include/qos/queue-limit-1-4294967295.xml.i>
#include <include/qos/queue-type.xml.i>
+ <leafNode name="queue-type">
+ <defaultValue>drop-tail</defaultValue>
+ </leafNode>
+ #include <include/qos/target.xml.i>
</children>
</tagNode>
<node name="default">
@@ -343,21 +420,22 @@
<help>Default policy</help>
</properties>
<children>
- #include <include/generic-description.xml.i>
#include <include/qos/codel-quantum.xml.i>
#include <include/qos/flows.xml.i>
#include <include/qos/interval.xml.i>
- #include <include/qos/queue-limit-2-10999.xml.i>
- #include <include/qos/target.xml.i>
+ #include <include/qos/queue-limit-1-4294967295.xml.i>
#include <include/qos/queue-type.xml.i>
+ <leafNode name="queue-type">
+ <defaultValue>drop-tail</defaultValue>
+ </leafNode>
+ #include <include/qos/target.xml.i>
</children>
</node>
- #include <include/generic-description.xml.i>
</children>
</tagNode>
<tagNode name="random-detect">
<properties>
- <help>Priority queuing based policy</help>
+ <help>Weighted Random Early Detect policy</help>
<valueHelp>
<format>txt</format>
<description>Policy name</description>
@@ -368,11 +446,8 @@
<constraintErrorMessage>Only alpha-numeric policy name allowed</constraintErrorMessage>
</properties>
<children>
- #include <include/qos/bandwidth.xml.i>
- <leafNode name="bandwidth">
- <defaultValue>auto</defaultValue>
- </leafNode>
#include <include/generic-description.xml.i>
+ #include <include/qos/bandwidth-auto.xml.i>
<tagNode name="precedence">
<properties>
<help>IP precedence</help>
@@ -413,6 +488,7 @@
</constraint>
<constraintErrorMessage>Mark probability must be greater than 0</constraintErrorMessage>
</properties>
+ <defaultValue>10</defaultValue>
</leafNode>
<leafNode name="maximum-threshold">
<properties>
@@ -426,6 +502,7 @@
</constraint>
<constraintErrorMessage>Threshold must be between 0 and 4096</constraintErrorMessage>
</properties>
+ <defaultValue>18</defaultValue>
</leafNode>
<leafNode name="minimum-threshold">
<properties>
@@ -457,8 +534,8 @@
<constraintErrorMessage>Only alpha-numeric policy name allowed</constraintErrorMessage>
</properties>
<children>
- #include <include/qos/bandwidth.xml.i>
#include <include/generic-description.xml.i>
+ #include <include/qos/bandwidth.xml.i>
#include <include/qos/burst.xml.i>
<leafNode name="latency">
<properties>
@@ -478,7 +555,7 @@
</tagNode>
<tagNode name="round-robin">
<properties>
- <help>Round-Robin based policy</help>
+ <help>Deficit Round Robin Scheduler</help>
<valueHelp>
<format>txt</format>
<description>Policy name</description>
@@ -503,11 +580,11 @@
<constraintErrorMessage>Class identifier must be between 1 and 4095</constraintErrorMessage>
</properties>
<children>
- #include <include/qos/codel-quantum.xml.i>
#include <include/generic-description.xml.i>
+ #include <include/qos/codel-quantum.xml.i>
#include <include/qos/flows.xml.i>
#include <include/qos/interval.xml.i>
- #include <include/qos/match.xml.i>
+ #include <include/qos/class-match.xml.i>
<leafNode name="quantum">
<properties>
<help>Packet scheduling quantum</help>
@@ -523,111 +600,26 @@
</leafNode>
#include <include/qos/queue-limit-1-4294967295.xml.i>
#include <include/qos/queue-type.xml.i>
+ <leafNode name="queue-type">
+ <defaultValue>drop-tail</defaultValue>
+ </leafNode>
#include <include/qos/target.xml.i>
</children>
</tagNode>
- </children>
- </tagNode>
- <tagNode name="shaper-hfsc">
- <properties>
- <help>Hierarchical Fair Service Curve's policy</help>
- <valueHelp>
- <format>txt</format>
- <description>Policy name</description>
- </valueHelp>
- <constraint>
- <regex>[[:alnum:]][-_[:alnum:]]*</regex>
- </constraint>
- <constraintErrorMessage>Only alpha-numeric policy name allowed</constraintErrorMessage>
- </properties>
- <children>
- #include <include/qos/bandwidth.xml.i>
- <leafNode name="bandwidth">
- <defaultValue>auto</defaultValue>
- </leafNode>
- #include <include/generic-description.xml.i>
- <tagNode name="class">
- <properties>
- <help>Class ID</help>
- <valueHelp>
- <format>u32:1-4095</format>
- <description>Class Identifier</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-4095"/>
- </constraint>
- <constraintErrorMessage>Class identifier must be between 1 and 4095</constraintErrorMessage>
- </properties>
- <children>
- #include <include/generic-description.xml.i>
- <node name="linkshare">
- <properties>
- <help>Linkshare class settings</help>
- </properties>
- <children>
- #include <include/qos/hfsc-d.xml.i>
- #include <include/qos/hfsc-m1.xml.i>
- #include <include/qos/hfsc-m2.xml.i>
- </children>
- </node>
- #include <include/qos/match.xml.i>
- <node name="realtime">
- <properties>
- <help>Realtime class settings</help>
- </properties>
- <children>
- #include <include/qos/hfsc-d.xml.i>
- #include <include/qos/hfsc-m1.xml.i>
- #include <include/qos/hfsc-m2.xml.i>
- </children>
- </node>
- <node name="upperlimit">
- <properties>
- <help>Upperlimit class settings</help>
- </properties>
- <children>
- #include <include/qos/hfsc-d.xml.i>
- #include <include/qos/hfsc-m1.xml.i>
- #include <include/qos/hfsc-m2.xml.i>
- </children>
- </node>
- </children>
- </tagNode>
<node name="default">
<properties>
<help>Default policy</help>
</properties>
<children>
- <node name="linkshare">
- <properties>
- <help>Linkshare class settings</help>
- </properties>
- <children>
- #include <include/qos/hfsc-d.xml.i>
- #include <include/qos/hfsc-m1.xml.i>
- #include <include/qos/hfsc-m2.xml.i>
- </children>
- </node>
- <node name="realtime">
- <properties>
- <help>Realtime class settings</help>
- </properties>
- <children>
- #include <include/qos/hfsc-d.xml.i>
- #include <include/qos/hfsc-m1.xml.i>
- #include <include/qos/hfsc-m2.xml.i>
- </children>
- </node>
- <node name="upperlimit">
- <properties>
- <help>Upperlimit class settings</help>
- </properties>
- <children>
- #include <include/qos/hfsc-d.xml.i>
- #include <include/qos/hfsc-m1.xml.i>
- #include <include/qos/hfsc-m2.xml.i>
- </children>
- </node>
+ #include <include/qos/codel-quantum.xml.i>
+ #include <include/qos/flows.xml.i>
+ #include <include/qos/interval.xml.i>
+ #include <include/qos/queue-limit-1-4294967295.xml.i>
+ #include <include/qos/queue-type.xml.i>
+ <leafNode name="queue-type">
+ <defaultValue>fair-queue</defaultValue>
+ </leafNode>
+ #include <include/qos/target.xml.i>
</children>
</node>
</children>
@@ -645,10 +637,8 @@
<constraintErrorMessage>Only alpha-numeric policy name allowed</constraintErrorMessage>
</properties>
<children>
- #include <include/qos/bandwidth.xml.i>
- <leafNode name="bandwidth">
- <defaultValue>auto</defaultValue>
- </leafNode>
+ #include <include/generic-description.xml.i>
+ #include <include/qos/bandwidth-auto.xml.i>
<tagNode name="class">
<properties>
<help>Class ID</help>
@@ -662,10 +652,8 @@
<constraintErrorMessage>Class identifier must be between 2 and 4095</constraintErrorMessage>
</properties>
<children>
- #include <include/qos/bandwidth.xml.i>
- <leafNode name="bandwidth">
- <defaultValue>100%</defaultValue>
- </leafNode>
+ #include <include/generic-description.xml.i>
+ #include <include/qos/bandwidth-auto.xml.i>
#include <include/qos/burst.xml.i>
<leafNode name="ceiling">
<properties>
@@ -697,31 +685,19 @@
</properties>
</leafNode>
#include <include/qos/codel-quantum.xml.i>
- #include <include/generic-description.xml.i>
#include <include/qos/flows.xml.i>
#include <include/qos/interval.xml.i>
- #include <include/qos/match.xml.i>
- <leafNode name="priority">
- <properties>
- <help>Priority for usage of excess bandwidth</help>
- <valueHelp>
- <format>u32:0-7</format>
- <description>Priority order for bandwidth pool</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-7"/>
- </constraint>
- <constraintErrorMessage>Priority must be between 0 and 7</constraintErrorMessage>
- </properties>
- <defaultValue>20</defaultValue>
- </leafNode>
+ #include <include/qos/class-match.xml.i>
+ #include <include/qos/class-priority.xml.i>
#include <include/qos/queue-limit-1-4294967295.xml.i>
#include <include/qos/queue-type.xml.i>
+ <leafNode name="queue-type">
+ <defaultValue>fq-codel</defaultValue>
+ </leafNode>
#include <include/qos/set-dscp.xml.i>
#include <include/qos/target.xml.i>
</children>
</tagNode>
- #include <include/generic-description.xml.i>
<node name="default">
<properties>
<help>Default policy</help>
@@ -759,7 +735,6 @@
</properties>
</leafNode>
#include <include/qos/codel-quantum.xml.i>
- #include <include/generic-description.xml.i>
#include <include/qos/flows.xml.i>
#include <include/qos/interval.xml.i>
<leafNode name="priority">
@@ -778,12 +753,116 @@
</leafNode>
#include <include/qos/queue-limit-1-4294967295.xml.i>
#include <include/qos/queue-type.xml.i>
+ <leafNode name="queue-type">
+ <defaultValue>fq-codel</defaultValue>
+ </leafNode>
#include <include/qos/set-dscp.xml.i>
#include <include/qos/target.xml.i>
</children>
</node>
</children>
</tagNode>
+ <tagNode name="shaper-hfsc">
+ <properties>
+ <help>Hierarchical Fair Service Curve's policy</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Policy name</description>
+ </valueHelp>
+ <constraint>
+ <regex>[[:alnum:]][-_[:alnum:]]*</regex>
+ </constraint>
+ <constraintErrorMessage>Only alpha-numeric policy name allowed</constraintErrorMessage>
+ </properties>
+ <children>
+ #include <include/generic-description.xml.i>
+ #include <include/qos/bandwidth-auto.xml.i>
+ <tagNode name="class">
+ <properties>
+ <help>Class ID</help>
+ <valueHelp>
+ <format>u32:1-4095</format>
+ <description>Class Identifier</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-4095"/>
+ </constraint>
+ <constraintErrorMessage>Class identifier must be between 1 and 4095</constraintErrorMessage>
+ </properties>
+ <children>
+ #include <include/generic-description.xml.i>
+ <node name="linkshare">
+ <properties>
+ <help>Linkshare class settings</help>
+ </properties>
+ <children>
+ #include <include/qos/hfsc-d.xml.i>
+ #include <include/qos/hfsc-m1.xml.i>
+ #include <include/qos/hfsc-m2.xml.i>
+ </children>
+ </node>
+ #include <include/qos/class-match.xml.i>
+ <node name="realtime">
+ <properties>
+ <help>Realtime class settings</help>
+ </properties>
+ <children>
+ #include <include/qos/hfsc-d.xml.i>
+ #include <include/qos/hfsc-m1.xml.i>
+ #include <include/qos/hfsc-m2.xml.i>
+ </children>
+ </node>
+ <node name="upperlimit">
+ <properties>
+ <help>Upperlimit class settings</help>
+ </properties>
+ <children>
+ #include <include/qos/hfsc-d.xml.i>
+ #include <include/qos/hfsc-m1.xml.i>
+ #include <include/qos/hfsc-m2.xml.i>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ <node name="default">
+ <properties>
+ <help>Default policy</help>
+ </properties>
+ <children>
+ <node name="linkshare">
+ <properties>
+ <help>Linkshare class settings</help>
+ </properties>
+ <children>
+ #include <include/qos/hfsc-d.xml.i>
+ #include <include/qos/hfsc-m1.xml.i>
+ #include <include/qos/hfsc-m2.xml.i>
+ </children>
+ </node>
+ <node name="realtime">
+ <properties>
+ <help>Realtime class settings</help>
+ </properties>
+ <children>
+ #include <include/qos/hfsc-d.xml.i>
+ #include <include/qos/hfsc-m1.xml.i>
+ #include <include/qos/hfsc-m2.xml.i>
+ </children>
+ </node>
+ <node name="upperlimit">
+ <properties>
+ <help>Upperlimit class settings</help>
+ </properties>
+ <children>
+ #include <include/qos/hfsc-d.xml.i>
+ #include <include/qos/hfsc-m1.xml.i>
+ #include <include/qos/hfsc-m2.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </tagNode>
</children>
</node>
</children>
diff --git a/interface-definitions/service-console-server.xml.in b/interface-definitions/service-console-server.xml.in
index fb71538dd..fc6dbe954 100644
--- a/interface-definitions/service-console-server.xml.in
+++ b/interface-definitions/service-console-server.xml.in
@@ -27,7 +27,7 @@
</constraint>
</properties>
<children>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="alias">
<properties>
<help>Human-readable name for this console</help>
diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service-ipoe-server.xml.in
index ef8569437..d778f9de0 100644
--- a/interface-definitions/service-ipoe-server.xml.in
+++ b/interface-definitions/service-ipoe-server.xml.in
@@ -220,7 +220,7 @@
#include <include/accel-ppp/radius-additions-rate-limit.xml.i>
</children>
</node>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
#include <include/accel-ppp/radius-additions.xml.i>
</children>
</node>
diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service-pppoe-server.xml.in
index b31109296..68592b96b 100644
--- a/interface-definitions/service-pppoe-server.xml.in
+++ b/interface-definitions/service-pppoe-server.xml.in
@@ -20,7 +20,7 @@
#include <include/accel-ppp/auth-local-users.xml.i>
#include <include/accel-ppp/auth-mode.xml.i>
#include <include/accel-ppp/auth-protocols.xml.i>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
#include <include/accel-ppp/radius-additions.xml.i>
<node name="radius">
<children>
@@ -170,52 +170,7 @@
</properties>
</leafNode>
#include <include/accel-ppp/ppp-options-ipv6.xml.i>
- <leafNode name="ipv6-intf-id">
- <properties>
- <help>Fixed or random interface identifier for IPv6</help>
- <completionHelp>
- <list>random</list>
- </completionHelp>
- <valueHelp>
- <format>random</format>
- <description>Random interface identifier for IPv6</description>
- </valueHelp>
- <valueHelp>
- <format>x:x:x:x</format>
- <description>specify interface identifier for IPv6</description>
- </valueHelp>
- </properties>
- </leafNode>
- <leafNode name="ipv6-peer-intf-id">
- <properties>
- <help>Peer interface identifier for IPv6</help>
- <completionHelp>
- <list>random calling-sid ipv4</list>
- </completionHelp>
- <valueHelp>
- <format>x:x:x:x</format>
- <description>Interface identifier for IPv6</description>
- </valueHelp>
- <valueHelp>
- <format>random</format>
- <description>Use a random interface identifier for IPv6</description>
- </valueHelp>
- <valueHelp>
- <format>ipv4</format>
- <description>Calculate interface identifier from IPv4 address, for example 192:168:0:1</description>
- </valueHelp>
- <valueHelp>
- <format>calling-sid</format>
- <description>Calculate interface identifier from calling-station-id</description>
- </valueHelp>
- </properties>
- </leafNode>
- <leafNode name="ipv6-accept-peer-intf-id">
- <properties>
- <help>Accept peer interface identifier</help>
- <valueless />
- </properties>
- </leafNode>
+ #include <include/accel-ppp/ppp-options-ipv6-interface-id.xml.i>
</children>
</node>
<tagNode name="pado-delay">
diff --git a/interface-definitions/service-router-advert.xml.in b/interface-definitions/service-router-advert.xml.in
index 87ec512d6..8b7364a8c 100644
--- a/interface-definitions/service-router-advert.xml.in
+++ b/interface-definitions/service-router-advert.xml.in
@@ -305,6 +305,19 @@
</leafNode>
</children>
</tagNode>
+ <leafNode name="source-address">
+ <properties>
+ <help>Use IPv6 address as source address. Useful with VRRP.</help>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address to be advertized (must be configured on interface)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
<leafNode name="reachable-time">
<properties>
<help>Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation</help>
diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service-upnp.xml.in
index ec23d87df..79d8ae42e 100644
--- a/interface-definitions/service-upnp.xml.in
+++ b/interface-definitions/service-upnp.xml.in
@@ -24,7 +24,7 @@
<script>${vyos_completion_dir}/list_interfaces.py</script>
</completionHelp>
<constraint>
- <validator name="interface-name" />
+ #include <include/constraint/interface-name.xml.in>
</constraint>
</properties>
</leafNode>
@@ -119,7 +119,7 @@
</valueHelp>
<multi/>
<constraint>
- <validator name="interface-name" />
+ #include <include/constraint/interface-name.xml.in>
<validator name="ipv4-address"/>
<validator name="ipv4-prefix"/>
<validator name="ipv6-address"/>
diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in
index b4f72589e..10dd828a5 100644
--- a/interface-definitions/snmp.xml.in
+++ b/interface-definitions/snmp.xml.in
@@ -13,9 +13,9 @@
<properties>
<help>Community name</help>
<constraint>
- <regex>[a-zA-Z0-9\-_]{1,100}</regex>
+ <regex>[a-zA-Z0-9\-_!@*#]{1,100}</regex>
</constraint>
- <constraintErrorMessage>Community string is limited to alphanumerical characters only with a total lenght of 100</constraintErrorMessage>
+ <constraintErrorMessage>Community string is limited to alphanumerical characters, !, @, * and # with a total lenght of 100</constraintErrorMessage>
</properties>
<children>
<leafNode name="authorization">
@@ -123,18 +123,31 @@
</leafNode>
<leafNode name="oid-enable">
<properties>
- <help>Enable specific OIDs</help>
+ <help>Enable specific OIDs that by default are disable</help>
<completionHelp>
- <list>route-table</list>
+ <list>ip-forward ip-route-table ip-net-to-media-table ip-net-to-physical-phys-address</list>
</completionHelp>
<valueHelp>
- <format>route-table</format>
- <description>Enable routing table OIDs (ipCidrRouteTable inetCidrRouteTable)</description>
+ <format>ip-forward</format>
+ <description>Enable ipForward: .1.3.6.1.2.1.4.24</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ip-route-table</format>
+ <description>Enable ipRouteTable: .1.3.6.1.2.1.4.21</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ip-net-to-media-table</format>
+ <description>Enable ipNetToMediaTable: .1.3.6.1.2.1.4.22</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ip-net-to-physical-phys-address</format>
+ <description>Enable ipNetToPhysicalPhysAddress: .1.3.6.1.2.1.4.35</description>
</valueHelp>
<constraint>
- <regex>(route-table)</regex>
+ <regex>(ip-forward|ip-route-table|ip-net-to-media-table|ip-net-to-physical-phys-address)</regex>
</constraint>
- <constraintErrorMessage>OID must be 'route-table'</constraintErrorMessage>
+ <constraintErrorMessage>OID must be one of the liste options</constraintErrorMessage>
+ <multi/>
</properties>
</leafNode>
#include <include/snmp/protocol.xml.i>
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in
index f3c731fe5..2bcce2cf0 100644
--- a/interface-definitions/ssh.xml.in
+++ b/interface-definitions/ssh.xml.in
@@ -133,6 +133,19 @@
</leafNode>
</children>
</node>
+ <leafNode name="hostkey-algorithm">
+ <properties>
+ <help>Allowed host key signature algorithms</help>
+ <completionHelp>
+ <!-- generated by ssh -Q HostKeyAlgorithms | tr '\n' ' ' as this will not change dynamically -->
+ <list>ssh-ed25519 ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 sk-ecdsa-sha2-nistp256@openssh.com webauthn-sk-ecdsa-sha2-nistp256@openssh.com ssh-rsa-cert-v01@openssh.com rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com</list>
+ </completionHelp>
+ <multi/>
+ <constraint>
+ <regex>(ssh-ed25519|ssh-ed25519-cert-v01@openssh.com|sk-ssh-ed25519@openssh.com|sk-ssh-ed25519-cert-v01@openssh.com|ssh-rsa|rsa-sha2-256|rsa-sha2-512|ssh-dss|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|sk-ecdsa-sha2-nistp256@openssh.com|webauthn-sk-ecdsa-sha2-nistp256@openssh.com|ssh-rsa-cert-v01@openssh.com|rsa-sha2-256-cert-v01@openssh.com|rsa-sha2-512-cert-v01@openssh.com|ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com|ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521-cert-v01@openssh.com|sk-ecdsa-sha2-nistp256-cert-v01@openssh.com)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
<leafNode name="key-exchange">
<properties>
<help>Allowed key exchange (KEX) algorithms</help>
diff --git a/interface-definitions/system-config-mgmt.xml.in b/interface-definitions/system-config-mgmt.xml.in
new file mode 100644
index 000000000..1f852d284
--- /dev/null
+++ b/interface-definitions/system-config-mgmt.xml.in
@@ -0,0 +1,58 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="system">
+ <children>
+ <node name="config-management" owner="${vyos_conf_scripts_dir}/config_mgmt.py">
+ <properties>
+ <help>Configuration management settings</help>
+ <priority>400</priority>
+ </properties>
+ <children>
+ <node name="commit-archive">
+ <properties>
+ <help>Commit archive settings</help>
+ </properties>
+ <children>
+ <leafNode name="location">
+ <properties>
+ <help>Commit archive location</help>
+ <valueHelp>
+ <format>uri</format>
+ <description>Uniform Resource Identifier</description>
+ </valueHelp>
+ <constraint>
+ <validator name="url --file-transport"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="source-address">
+ <properties>
+ <help>Source address or interface for archive server connections</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ #include <include/constraint/interface-name.xml.in>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="commit-revisions">
+ <properties>
+ <help>Commit revisions</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Number of config backups to keep</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ <constraintErrorMessage>Number of revisions must be between 0 and 65535</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
index def42544a..e71a647ef 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system-login.xml.in
@@ -127,32 +127,44 @@
</leafNode>
<leafNode name="type">
<properties>
- <help>Public key type</help>
+ <help>SSH public key type</help>
<completionHelp>
- <list>ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519</list>
+ <list>ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ecdsa-sha2-nistp256@openssh.com sk-ssh-ed25519@openssh.com</list>
</completionHelp>
<valueHelp>
<format>ssh-dss</format>
- <description/>
+ <description>Digital Signature Algorithm (DSA) key support</description>
</valueHelp>
<valueHelp>
<format>ssh-rsa</format>
- <description/>
+ <description>Key pair based on RSA algorithm</description>
</valueHelp>
<valueHelp>
<format>ecdsa-sha2-nistp256</format>
- <description/>
+ <description>Elliptic Curve DSA with NIST P-256 curve</description>
</valueHelp>
<valueHelp>
<format>ecdsa-sha2-nistp384</format>
- <description/>
+ <description>Elliptic Curve DSA with NIST P-384 curve</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdsa-sha2-nistp521</format>
+ <description>Elliptic Curve DSA with NIST P-521 curve</description>
</valueHelp>
<valueHelp>
<format>ssh-ed25519</format>
- <description/>
+ <description>Edwards-curve DSA with elliptic curve 25519</description>
+ </valueHelp>
+ <valueHelp>
+ <format>sk-ecdsa-sha2-nistp256@openssh.com</format>
+ <description>Elliptic Curve DSA security key</description>
+ </valueHelp>
+ <valueHelp>
+ <format>sk-ssh-ed25519@openssh.com</format>
+ <description>Elliptic curve 25519 security key</description>
</valueHelp>
<constraint>
- <regex>(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519)</regex>
+ <regex>(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-ed25519|sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com)</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system-option.xml.in
index a9fed81fe..bb15e467e 100644
--- a/interface-definitions/system-option.xml.in
+++ b/interface-definitions/system-option.xml.in
@@ -121,6 +121,7 @@
</properties>
<children>
#include <include/source-address-ipv4-ipv6.xml.i>
+ #include <include/source-interface.xml.i>
</children>
</node>
<leafNode name="startup-beep">
diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn-ipsec.xml.in
index 4776c53dc..9d20926ec 100644
--- a/interface-definitions/vpn-ipsec.xml.in
+++ b/interface-definitions/vpn-ipsec.xml.in
@@ -11,6 +11,40 @@
<priority>901</priority>
</properties>
<children>
+ <node name="authentication">
+ <properties>
+ <help>Authentication</help>
+ </properties>
+ <children>
+ <tagNode name="psk">
+ <properties>
+ <help>Pre-shared key name</help>
+ </properties>
+ <children>
+ #include <include/dhcp-interface-multi.xml.i>
+ <leafNode name="id">
+ <properties>
+ <help>ID for authentication</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>ID used for authentication</description>
+ </valueHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="secret">
+ <properties>
+ <help>IKE pre-shared secret key</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>IKE pre-shared secret key</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
<leafNode name="disable-uniqreqids">
<properties>
<help>Disable requirement for unique IDs in the Security Database</help>
@@ -465,6 +499,45 @@
</properties>
<defaultValue>2</defaultValue>
</leafNode>
+ <leafNode name="prf">
+ <properties>
+ <help>Pseudo-Random Functions</help>
+ <completionHelp>
+ <list>prfmd5 prfsha1 prfaesxcbc prfaescmac prfsha256 prfsha384 prfsha512</list>
+ </completionHelp>
+ <valueHelp>
+ <format>prfmd5</format>
+ <description>MD5 PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfsha1</format>
+ <description>SHA1 PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfaesxcbc</format>
+ <description>AES XCBC PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfaescmac</format>
+ <description>AES CMAC PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfsha256</format>
+ <description>SHA2_256 PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfsha384</format>
+ <description>SHA2_384 PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfsha512</format>
+ <description>SHA2_512 PRF</description>
+ </valueHelp>
+ <constraint>
+ <regex>(prfmd5|prfsha1|prfaesxcbc|prfaescmac|prfsha256|prfsha384|prfsha512)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
#include <include/vpn-ipsec-encryption.xml.i>
#include <include/vpn-ipsec-hash.xml.i>
</children>
@@ -884,10 +957,11 @@
#include <include/name-server-ipv4-ipv6.xml.i>
</children>
</tagNode>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
<node name="radius">
<children>
#include <include/radius-nas-identifier.xml.i>
+ #include <include/radius-timeout.xml.i>
<tagNode name="server">
<children>
#include <include/accel-ppp/radius-additions-disable-accounting.xml.i>
@@ -947,7 +1021,6 @@
</constraint>
</properties>
</leafNode>
- #include <include/ipsec/authentication-pre-shared-secret.xml.i>
<leafNode name="remote-id">
<properties>
<help>ID for remote authentication</help>
@@ -956,6 +1029,7 @@
<description>ID used for peer authentication</description>
</valueHelp>
</properties>
+ <defaultValue>%any</defaultValue>
</leafNode>
<leafNode name="use-x509-id">
<properties>
diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn-l2tp.xml.in
index cb5900e0d..0a92017bd 100644
--- a/interface-definitions/vpn-l2tp.xml.in
+++ b/interface-definitions/vpn-l2tp.xml.in
@@ -178,7 +178,7 @@
#include <include/accel-ppp/ppp-mppe.xml.i>
#include <include/accel-ppp/auth-mode.xml.i>
#include <include/accel-ppp/auth-local-users.xml.i>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
<node name="radius">
<children>
<tagNode name="server">
@@ -230,6 +230,7 @@
<properties>
<help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
</properties>
+ <defaultValue>1700</defaultValue>
</leafNode>
<leafNode name="secret">
<properties>
@@ -250,6 +251,7 @@
<children>
#include <include/accel-ppp/lcp-echo-interval-failure.xml.i>
#include <include/accel-ppp/ppp-options-ipv6.xml.i>
+ #include <include/accel-ppp/ppp-options-ipv6-interface-id.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
index 3b3a83bd4..a426f604d 100644
--- a/interface-definitions/vpn-openconnect.xml.in
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -8,6 +8,27 @@
<priority>901</priority>
</properties>
<children>
+ <node name="accounting">
+ <properties>
+ <help>Accounting for users OpenConnect VPN Sessions</help>
+ </properties>
+ <children>
+ <node name="mode">
+ <properties>
+ <help>Accounting mode used by this server</help>
+ </properties>
+ <children>
+ <leafNode name="radius">
+ <properties>
+ <help>Use RADIUS server for accounting</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ #include <include/radius-acct-server-ipv4.xml.i>
+ </children>
+ </node>
<node name="authentication">
<properties>
<help>Authentication for remote access SSL VPN Server</help>
@@ -137,23 +158,10 @@
</tagNode>
</children>
</node>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
<node name="radius">
<children>
- <leafNode name="timeout">
- <properties>
- <help>Session timeout</help>
- <valueHelp>
- <format>u32:1-240</format>
- <description>Session timeout in seconds (default: 2)</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-240"/>
- </constraint>
- <constraintErrorMessage>Timeout must be between 1 and 240 seconds</constraintErrorMessage>
- </properties>
- <defaultValue>2</defaultValue>
- </leafNode>
+ #include <include/radius-timeout.xml.i>
<leafNode name="groupconfig">
<properties>
<help>If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from RADIUS.</help>
@@ -163,7 +171,7 @@
</node>
</children>
</node>
- #include <include/listen-address-ipv4.xml.i>
+ #include <include/listen-address-ipv4-single.xml.i>
<leafNode name="listen-address">
<defaultValue>0.0.0.0</defaultValue>
</leafNode>
diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn-pptp.xml.in
index 5e52965fd..00ffd26f9 100644
--- a/interface-definitions/vpn-pptp.xml.in
+++ b/interface-definitions/vpn-pptp.xml.in
@@ -108,7 +108,7 @@
</tagNode>
</children>
</node>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
#include <include/accel-ppp/radius-additions.xml.i>
#include <include/accel-ppp/radius-additions-rate-limit.xml.i>
</children>
diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn-sstp.xml.in
index 195d581df..9e912063f 100644
--- a/interface-definitions/vpn-sstp.xml.in
+++ b/interface-definitions/vpn-sstp.xml.in
@@ -16,7 +16,7 @@
#include <include/accel-ppp/auth-local-users.xml.i>
#include <include/accel-ppp/auth-mode.xml.i>
#include <include/accel-ppp/auth-protocols.xml.i>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
#include <include/accel-ppp/radius-additions.xml.i>
<node name="radius">
<children>
diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in
index 3604b41c8..96c6d8be2 100644
--- a/interface-definitions/vrf.xml.in
+++ b/interface-definitions/vrf.xml.in
@@ -26,7 +26,7 @@
</valueHelp>
</properties>
<children>
- #include <include/interface/description.xml.i>
+ #include <include/generic-description.xml.i>
#include <include/interface/disable.xml.i>
<node name="ip">
<properties>
diff --git a/interface-definitions/xml-component-version.xml.in b/interface-definitions/xml-component-version.xml.in
index 914e3bc69..2e6506efc 100644
--- a/interface-definitions/xml-component-version.xml.in
+++ b/interface-definitions/xml-component-version.xml.in
@@ -6,6 +6,7 @@
#include <include/version/config-management-version.xml.i>
#include <include/version/conntrack-sync-version.xml.i>
#include <include/version/conntrack-version.xml.i>
+ #include <include/version/container-version.xml.i>
#include <include/version/dhcp-relay-version.xml.i>
#include <include/version/dhcp-server-version.xml.i>
#include <include/version/dhcpv6-server-version.xml.i>