diff options
Diffstat (limited to 'interface-definitions')
17 files changed, 266 insertions, 67 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 8e462f3eb..81e6b89ea 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -7,6 +7,46 @@ </properties> <children> #include <include/firewall/global-options.xml.i> + <tagNode name="flowtable"> + <properties> + <help>Flowtable</help> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/generic-description.xml.i> + <leafNode name="interface"> + <properties> + <help>Interfaces to use this flowtable</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="offload"> + <properties> + <help>Offloading method</help> + <completionHelp> + <list>hardware software</list> + </completionHelp> + <valueHelp> + <format>hardware</format> + <description>Hardware offload</description> + </valueHelp> + <valueHelp> + <format>software</format> + <description>Software offload</description> + </valueHelp> + <constraint> + <regex>(hardware|software)</regex> + </constraint> + </properties> + <defaultValue>software</defaultValue> + </leafNode> + </children> + </tagNode> <node name="group"> <properties> <help>Firewall group</help> diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in index 47a772d04..aa23888a4 100644 --- a/interface-definitions/high-availability.xml.in +++ b/interface-definitions/high-availability.xml.in @@ -12,10 +12,10 @@ <help>Virtual Router Redundancy Protocol settings</help> </properties> <children> - <leafNode name="disable-snmp"> + <leafNode name="snmp"> <properties> <valueless/> - <help>Disable SNMP</help> + <help>Enable SNMP</help> </properties> </leafNode> <node name="global-parameters"> diff --git a/interface-definitions/include/firewall/action-forward.xml.i b/interface-definitions/include/firewall/action-forward.xml.i new file mode 100644 index 000000000..f61e51887 --- /dev/null +++ b/interface-definitions/include/firewall/action-forward.xml.i @@ -0,0 +1,45 @@ +<!-- include start from firewall/action-forward.xml.i --> +<leafNode name="action"> + <properties> + <help>Rule action</help> + <completionHelp> + <list>accept continue jump reject return drop queue offload</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept matching entries</description> + </valueHelp> + <valueHelp> + <format>continue</format> + <description>Continue parsing next rule</description> + </valueHelp> + <valueHelp> + <format>jump</format> + <description>Jump to another chain</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Reject matching entries</description> + </valueHelp> + <valueHelp> + <format>return</format> + <description>Return from the current chain and continue at the next rule of the last chain</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop matching entries</description> + </valueHelp> + <valueHelp> + <format>queue</format> + <description>Enqueue packet to userspace</description> + </valueHelp> + <valueHelp> + <format>offload</format> + <description>Offload packet via flowtable</description> + </valueHelp> + <constraint> + <regex>(accept|continue|jump|reject|return|drop|queue|offload)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index 7a2eb86d4..e51dd0056 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -303,6 +303,7 @@ </children> </node> #include <include/firewall/tcp-flags.xml.i> +#include <include/firewall/tcp-mss.xml.i> <node name="time"> <properties> <help>Time to match rule</help> diff --git a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i index a1071a09a..e040c9b13 100644 --- a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i @@ -260,6 +260,7 @@ </children> </node> #include <include/firewall/tcp-flags.xml.i> +#include <include/firewall/tcp-mss.xml.i> <node name="time"> <properties> <help>Time to match rule</help> diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i index 7417a3c58..c62bf2c5f 100644 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -315,6 +315,7 @@ </children> </node> #include <include/firewall/tcp-flags.xml.i> +#include <include/firewall/tcp-mss.xml.i> <node name="time"> <properties> <help>Time to match rule</help> diff --git a/interface-definitions/include/firewall/flow-offload.xml.i b/interface-definitions/include/firewall/flow-offload.xml.i deleted file mode 100644 index 706836362..000000000 --- a/interface-definitions/include/firewall/flow-offload.xml.i +++ /dev/null @@ -1,47 +0,0 @@ -<!-- include start from firewall/flow-offload.xml.i --> -<node name="flow-offload"> - <properties> - <help>Configurable flow offload options</help> - </properties> - <children> - <leafNode name="disable"> - <properties> - <help>Disable flow offload</help> - <valueless/> - </properties> - </leafNode> - <node name="software"> - <properties> - <help>Software offload</help> - </properties> - <children> - <leafNode name="interface"> - <properties> - <help>Interfaces to enable</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - <multi/> - </properties> - </leafNode> - </children> - </node> - <node name="hardware"> - <properties> - <help>Hardware offload</help> - </properties> - <children> - <leafNode name="interface"> - <properties> - <help>Interfaces to enable</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - <multi/> - </properties> - </leafNode> - </children> - </node> - </children> -</node> -<!-- include end --> diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i index 03c07e657..e655cd6ac 100644 --- a/interface-definitions/include/firewall/global-options.xml.i +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -271,7 +271,6 @@ </properties> <defaultValue>disable</defaultValue> </leafNode> - #include <include/firewall/flow-offload.xml.i> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i index 08ee96419..70c0adb77 100644 --- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i @@ -24,8 +24,10 @@ <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> + #include <include/firewall/action-forward.xml.i> #include <include/firewall/common-rule-ipv4.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/offload-target.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i index 20ab8dbe8..d83827161 100644 --- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i @@ -24,8 +24,10 @@ <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> + #include <include/firewall/action-forward.xml.i> #include <include/firewall/common-rule-ipv6.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/offload-target.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> diff --git a/interface-definitions/include/firewall/offload-target.xml.i b/interface-definitions/include/firewall/offload-target.xml.i new file mode 100644 index 000000000..940ed8091 --- /dev/null +++ b/interface-definitions/include/firewall/offload-target.xml.i @@ -0,0 +1,10 @@ +<!-- include start from firewall/offload-target.xml.i --> +<leafNode name="offload-target"> + <properties> + <help>Set flowtable offload target. Action offload must be defined to use this setting</help> + <completionHelp> + <path>firewall flowtable</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i index e2ce7b9fd..36546c2e4 100644 --- a/interface-definitions/include/firewall/tcp-flags.xml.i +++ b/interface-definitions/include/firewall/tcp-flags.xml.i @@ -1,7 +1,7 @@ <!-- include start from firewall/tcp-flags.xml.i --> <node name="tcp"> <properties> - <help>TCP flags to match</help> + <help>TCP options to match</help> </properties> <children> <node name="flags"> @@ -114,22 +114,6 @@ </node> </children> </node> - <leafNode name="mss"> - <properties> - <help>Maximum segment size (MSS)</help> - <valueHelp> - <format>u32:1-16384</format> - <description>Maximum segment size</description> - </valueHelp> - <valueHelp> - <format><min>-<max></format> - <description>TCP MSS range (use '-' as delimiter)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--allow-range --range 1-16384"/> - </constraint> - </properties> - </leafNode> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/firewall/tcp-mss.xml.i b/interface-definitions/include/firewall/tcp-mss.xml.i new file mode 100644 index 000000000..dc49b4272 --- /dev/null +++ b/interface-definitions/include/firewall/tcp-mss.xml.i @@ -0,0 +1,25 @@ +<!-- include start from firewall/tcp-mss.xml.i --> +<node name="tcp"> + <properties> + <help>TCP options to match</help> + </properties> + <children> + <leafNode name="mss"> + <properties> + <help>Maximum segment size (MSS)</help> + <valueHelp> + <format>u32:1-16384</format> + <description>Maximum segment size</description> + </valueHelp> + <valueHelp> + <format><min>-<max></format> + <description>TCP MSS range (use '-' as delimiter)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 1-16384"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i index 216ec9bea..6551d23ab 100644 --- a/interface-definitions/include/policy/route-common.xml.i +++ b/interface-definitions/include/policy/route-common.xml.i @@ -314,6 +314,7 @@ </children>
</node>
#include <include/firewall/tcp-flags.xml.i>
+#include <include/firewall/tcp-mss.xml.i>
<node name="time">
<properties>
<help>Time to match rule</help>
diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in index 3669336fd..5aaa7095c 100644 --- a/interface-definitions/interfaces-ethernet.xml.in +++ b/interface-definitions/interfaces-ethernet.xml.in @@ -80,6 +80,12 @@ <valueless/> </properties> </leafNode> + <leafNode name="hw-tc-offload"> + <properties> + <help>Enable Hardware Flow Offload</help> + <valueless/> + </properties> + </leafNode> <leafNode name="lro"> <properties> <help>Enable Large Receive Offload</help> diff --git a/interface-definitions/service-aws-glb.xml.in b/interface-definitions/service-aws-glb.xml.in new file mode 100644 index 000000000..c749fd04e --- /dev/null +++ b/interface-definitions/service-aws-glb.xml.in @@ -0,0 +1,127 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="aws"> + <properties> + <help>Amazon Web Service</help> + <priority>1280</priority> + </properties> + <children> + <node name="glb" owner="${vyos_conf_scripts_dir}/service_aws_glb.py"> + <properties> + <help>Gateway load-balancer tunnel handler</help> + </properties> + <children> + <node name="script"> + <properties> + <help>Script executed on create or destroy tunnel</help> + </properties> + <children> + <leafNode name="on-create"> + <properties> + <help>Script to run when interface is created</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + <leafNode name="on-destroy"> + <properties> + <help>Script to run when interface is destroyed</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="status"> + <properties> + <help>Status</help> + </properties> + <children> + <leafNode name="format"> + <properties> + <help>Statistic format</help> + <completionHelp> + <list>simple full</list> + </completionHelp> + <valueHelp> + <format>simple</format> + <description>Simple format</description> + </valueHelp> + <valueHelp> + <format>full</format> + <description>Full format</description> + </valueHelp> + <constraint> + <regex>(simple|full)</regex> + </constraint> + </properties> + </leafNode> + #include <include/port-number.xml.i> + </children> + </node> + <node name="threads"> + <properties> + <help>Threads settings</help> + </properties> + <children> + <leafNode name="tunnel"> + <properties> + <help>Number of threads for each tunnel processor</help> + <valueHelp> + <format>u32:1-256</format> + <description>Number of threads</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-256"/> + </constraint> + </properties> + </leafNode> + <leafNode name="tunnel-affinity"> + <properties> + <help>List of cores worker threads</help> + <valueHelp> + <format><idN>-<idM></format> + <description>CPU core id range (use '-' as delimiter)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="udp"> + <properties> + <help>Number of threads for UDP receiver</help> + <valueHelp> + <format>u32:1-256</format> + <description>Number of threads</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-256"/> + </constraint> + </properties> + </leafNode> + <leafNode name="udp-affinity"> + <properties> + <help>List of cores worker threads</help> + <valueHelp> + <format><idN>-<idM></format> + <description>CPU core id range (use '-' as delimiter)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-255"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in index 78d19090c..4452f1a74 100644 --- a/interface-definitions/system-conntrack.xml.in +++ b/interface-definitions/system-conntrack.xml.in @@ -127,6 +127,7 @@ #include <include/nat-port.xml.i> </children> </node> + #include <include/firewall/tcp-flags.xml.i> </children> </tagNode> </children> @@ -212,6 +213,7 @@ #include <include/nat-port.xml.i> </children> </node> + #include <include/firewall/tcp-flags.xml.i> </children> </tagNode> </children> |