summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/container.xml.in8
-rw-r--r--interface-definitions/include/accel-ppp/radius-additions.xml.i7
-rw-r--r--interface-definitions/include/firewall/match-interface.xml.i2
-rw-r--r--interface-definitions/include/haproxy/http-response-headers.xml.i29
-rw-r--r--interface-definitions/include/interface/evpn-mh-uplink.xml.i8
-rw-r--r--interface-definitions/include/nat-translation-options.xml.i8
-rw-r--r--interface-definitions/include/radius-priority.xml.i14
-rw-r--r--interface-definitions/include/version/nat-version.xml.i2
-rw-r--r--interface-definitions/include/version/pppoe-server-version.xml.i2
-rw-r--r--interface-definitions/interfaces_bonding.xml.in19
-rw-r--r--interface-definitions/interfaces_ethernet.xml.in8
-rw-r--r--interface-definitions/interfaces_openvpn.xml.in2
-rw-r--r--interface-definitions/load-balancing_reverse-proxy.xml.in2
-rw-r--r--interface-definitions/nat.xml.in1
-rw-r--r--interface-definitions/nat_cgnat.xml.in1
-rw-r--r--interface-definitions/policy.xml.in4
-rw-r--r--interface-definitions/service_config-sync.xml.in4
-rw-r--r--interface-definitions/service_pppoe-server.xml.in8
-rw-r--r--interface-definitions/service_upnp.xml.in229
-rw-r--r--interface-definitions/system_login.xml.in11
-rw-r--r--interface-definitions/vpn_sstp.xml.in9
-rw-r--r--interface-definitions/vrf.xml.in15
22 files changed, 121 insertions, 272 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
index e7dacea36..2296a3e9e 100644
--- a/interface-definitions/container.xml.in
+++ b/interface-definitions/container.xml.in
@@ -15,9 +15,15 @@
<constraintErrorMessage>Container name must be alphanumeric and can contain hyphens</constraintErrorMessage>
</properties>
<children>
+ <leafNode name="allow-host-pid">
+ <properties>
+ <help>Allow sharing host process namespace with container</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="allow-host-networks">
<properties>
- <help>Allow host networks in container</help>
+ <help>Allow sharing host networking with container</help>
<valueless/>
</properties>
</leafNode>
diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i
index 3c2eb09eb..5222ba864 100644
--- a/interface-definitions/include/accel-ppp/radius-additions.xml.i
+++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i
@@ -57,6 +57,13 @@
</properties>
<defaultValue>0</defaultValue>
</leafNode>
+ #include <include/radius-priority.xml.i>
+ <leafNode name="backup">
+ <properties>
+ <help>Use backup server if other servers are not available</help>
+ <valueless/>
+ </properties>
+ </leafNode>
</children>
</tagNode>
<leafNode name="timeout">
diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i
index 5da6f51fb..f25686e72 100644
--- a/interface-definitions/include/firewall/match-interface.xml.i
+++ b/interface-definitions/include/firewall/match-interface.xml.i
@@ -19,7 +19,7 @@
<description>Inverted interface name to match</description>
</valueHelp>
<constraint>
- <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex>
+ <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|ipoe|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex>
<validator name="vrf-name"/>
</constraint>
</properties>
diff --git a/interface-definitions/include/haproxy/http-response-headers.xml.i b/interface-definitions/include/haproxy/http-response-headers.xml.i
new file mode 100644
index 000000000..9e7ddfd28
--- /dev/null
+++ b/interface-definitions/include/haproxy/http-response-headers.xml.i
@@ -0,0 +1,29 @@
+<!-- include start from haproxy/http-response-headers.xml.i -->
+<tagNode name="http-response-headers">
+ <properties>
+ <help>Headers to include in HTTP response</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>HTTP header name</description>
+ </valueHelp>
+ <constraint>
+ <regex>[-a-zA-Z]+</regex>
+ </constraint>
+ <constraintErrorMessage>Header names must only include alphabetical characters and hyphens</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="value">
+ <properties>
+ <help>HTTP header value</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>HTTP header value</description>
+ </valueHelp>
+ <constraint>
+ <regex>[[:ascii:]]{1,256}</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+</tagNode>
+<!-- include end -->
diff --git a/interface-definitions/include/interface/evpn-mh-uplink.xml.i b/interface-definitions/include/interface/evpn-mh-uplink.xml.i
new file mode 100644
index 000000000..5f7fe1b7f
--- /dev/null
+++ b/interface-definitions/include/interface/evpn-mh-uplink.xml.i
@@ -0,0 +1,8 @@
+<!-- include start from interface/evpn-mh-uplink.xml.i -->
+<leafNode name="uplink">
+ <properties>
+ <help>Uplink to the VXLAN core</help>
+ <valueless/>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/nat-translation-options.xml.i b/interface-definitions/include/nat-translation-options.xml.i
index 6b95de045..c8900590f 100644
--- a/interface-definitions/include/nat-translation-options.xml.i
+++ b/interface-definitions/include/nat-translation-options.xml.i
@@ -28,22 +28,18 @@
<properties>
<help>Port mapping options</help>
<completionHelp>
- <list>random fully-random none</list>
+ <list>random none</list>
</completionHelp>
<valueHelp>
<format>random</format>
<description>Randomize source port mapping</description>
</valueHelp>
<valueHelp>
- <format>fully-random</format>
- <description>Full port randomization</description>
- </valueHelp>
- <valueHelp>
<format>none</format>
<description>Do not apply port randomization</description>
</valueHelp>
<constraint>
- <regex>(random|fully-random|none)</regex>
+ <regex>(random|none)</regex>
</constraint>
</properties>
<defaultValue>none</defaultValue>
diff --git a/interface-definitions/include/radius-priority.xml.i b/interface-definitions/include/radius-priority.xml.i
new file mode 100644
index 000000000..f77f5016e
--- /dev/null
+++ b/interface-definitions/include/radius-priority.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from radius-priority.xml.i -->
+<leafNode name="priority">
+ <properties>
+ <help>Server priority</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>Server priority</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i
index 656da6e14..173e91ed3 100644
--- a/interface-definitions/include/version/nat-version.xml.i
+++ b/interface-definitions/include/version/nat-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/nat-version.xml.i -->
-<syntaxVersion component='nat' version='7'></syntaxVersion>
+<syntaxVersion component='nat' version='8'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/pppoe-server-version.xml.i b/interface-definitions/include/version/pppoe-server-version.xml.i
index c253c58d9..61de1277a 100644
--- a/interface-definitions/include/version/pppoe-server-version.xml.i
+++ b/interface-definitions/include/version/pppoe-server-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/pppoe-server-version.xml.i -->
-<syntaxVersion component='pppoe-server' version='9'></syntaxVersion>
+<syntaxVersion component='pppoe-server' version='10'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/interfaces_bonding.xml.in b/interface-definitions/interfaces_bonding.xml.in
index 92c0911db..cc0327f3d 100644
--- a/interface-definitions/interfaces_bonding.xml.in
+++ b/interface-definitions/interfaces_bonding.xml.in
@@ -102,12 +102,7 @@
</constraint>
</properties>
</leafNode>
- <leafNode name="uplink">
- <properties>
- <help>Uplink to the VXLAN core</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/interface/evpn-mh-uplink.xml.i>
</children>
</node>
<leafNode name="hash-policy">
@@ -176,6 +171,18 @@
</properties>
<defaultValue>0</defaultValue>
</leafNode>
+ <leafNode name="system-mac">
+ <properties>
+ <help>System MAC address for 802.3ad</help>
+ <valueHelp>
+ <format>macaddr</format>
+ <description>MAC address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="mac-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
<leafNode name="lacp-rate">
<properties>
<help>Rate in which we will ask our link partner to transmit LACPDU packets</help>
diff --git a/interface-definitions/interfaces_ethernet.xml.in b/interface-definitions/interfaces_ethernet.xml.in
index 4e55bac7c..89f990d41 100644
--- a/interface-definitions/interfaces_ethernet.xml.in
+++ b/interface-definitions/interfaces_ethernet.xml.in
@@ -57,6 +57,14 @@
<defaultValue>auto</defaultValue>
</leafNode>
#include <include/interface/eapol.xml.i>
+ <node name="evpn">
+ <properties>
+ <help>EVPN Multihoming</help>
+ </properties>
+ <children>
+ #include <include/interface/evpn-mh-uplink.xml.i>
+ </children>
+ </node>
#include <include/interface/hw-id.xml.i>
#include <include/interface/ipv4-options.xml.i>
#include <include/interface/ipv6-options.xml.i>
diff --git a/interface-definitions/interfaces_openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in
index 7b46f32b3..23cc83e9a 100644
--- a/interface-definitions/interfaces_openvpn.xml.in
+++ b/interface-definitions/interfaces_openvpn.xml.in
@@ -663,7 +663,7 @@
<help>Number of digits to use for totp hash</help>
<valueHelp>
<format>1-65535</format>
- <description>Seconds</description>
+ <description>Digits</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
diff --git a/interface-definitions/load-balancing_reverse-proxy.xml.in b/interface-definitions/load-balancing_reverse-proxy.xml.in
index 6a3b3cef1..011e1b53c 100644
--- a/interface-definitions/load-balancing_reverse-proxy.xml.in
+++ b/interface-definitions/load-balancing_reverse-proxy.xml.in
@@ -39,6 +39,7 @@
#include <include/port-number.xml.i>
#include <include/haproxy/rule-frontend.xml.i>
#include <include/haproxy/tcp-request.xml.i>
+ #include <include/haproxy/http-response-headers.xml.i>
<leafNode name="redirect-http-to-https">
<properties>
<help>Redirect HTTP to HTTPS</help>
@@ -90,6 +91,7 @@
</leafNode>
#include <include/generic-description.xml.i>
#include <include/haproxy/mode.xml.i>
+ #include <include/haproxy/http-response-headers.xml.i>
<node name="parameters">
<properties>
<help>Backend parameters</help>
diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in
index 0a639bd80..73a748137 100644
--- a/interface-definitions/nat.xml.in
+++ b/interface-definitions/nat.xml.in
@@ -141,6 +141,7 @@
</children>
</node>
#include <include/inbound-interface.xml.i>
+ #include <include/firewall/log.xml.i>
<node name="translation">
<properties>
<help>Translation address or prefix</help>
diff --git a/interface-definitions/nat_cgnat.xml.in b/interface-definitions/nat_cgnat.xml.in
index caa26b4d9..fce5e655d 100644
--- a/interface-definitions/nat_cgnat.xml.in
+++ b/interface-definitions/nat_cgnat.xml.in
@@ -123,6 +123,7 @@
<validator name="ipv4-host"/>
<validator name="ipv4-range"/>
</constraint>
+ <multi/>
</properties>
</leafNode>
</children>
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index 791fa1d87..eb907cb9e 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -1546,11 +1546,11 @@
<properties>
<help>Set prefixes to table</help>
<valueHelp>
- <format>u32:1-200</format>
+ <format>u32:1-4294967295</format>
<description>Table value</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1-200"/>
+ <validator name="numeric" argument="--range 1-4294967295"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/service_config-sync.xml.in b/interface-definitions/service_config-sync.xml.in
index e9ea9aa4b..648c14aee 100644
--- a/interface-definitions/service_config-sync.xml.in
+++ b/interface-definitions/service_config-sync.xml.in
@@ -34,6 +34,10 @@
</constraint>
</properties>
</leafNode>
+ #include <include/port-number.xml.i>
+ <leafNode name="port">
+ <defaultValue>443</defaultValue>
+ </leafNode>
<leafNode name="timeout">
<properties>
<help>Connection API timeout</help>
diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in
index 9b5e4d3fb..5d357c2f9 100644
--- a/interface-definitions/service_pppoe-server.xml.in
+++ b/interface-definitions/service_pppoe-server.xml.in
@@ -74,11 +74,19 @@
<properties>
<help>PADO delays</help>
<valueHelp>
+ <format>disable</format>
+ <description>Disable new connections</description>
+ </valueHelp>
+ <completionHelp>
+ <list>disable</list>
+ </completionHelp>
+ <valueHelp>
<format>u32:1-999999</format>
<description>Number in ms</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-999999"/>
+ <regex>disable</regex>
</constraint>
<constraintErrorMessage>Invalid PADO delay</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/service_upnp.xml.in b/interface-definitions/service_upnp.xml.in
deleted file mode 100644
index 064386ee5..000000000
--- a/interface-definitions/service_upnp.xml.in
+++ /dev/null
@@ -1,229 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
- <node name="service">
- <children>
- <node name="upnp" owner="${vyos_conf_scripts_dir}/service_upnp.py">
- <properties>
- <help>Universal Plug and Play (UPnP) service</help>
- <priority>900</priority>
- </properties>
- <children>
- <leafNode name="friendly-name">
- <properties>
- <help>Name of this service</help>
- <valueHelp>
- <format>txt</format>
- <description>Friendly name</description>
- </valueHelp>
- </properties>
- </leafNode>
- <leafNode name="wan-interface">
- <properties>
- <help>WAN network interface</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_interfaces</script>
- </completionHelp>
- <constraint>
- #include <include/constraint/interface-name.xml.i>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="wan-ip">
- <properties>
- <help>WAN network IP</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address" />
- <validator name="ipv6-address" />
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="nat-pmp">
- <properties>
- <help>Enable NAT-PMP support</help>
- <valueless />
- </properties>
- </leafNode>
- <leafNode name="secure-mode">
- <properties>
- <help>Enable Secure Mode</help>
- <valueless />
- </properties>
- </leafNode>
- <leafNode name="presentation-url">
- <properties>
- <help>Presentation Url</help>
- <valueHelp>
- <format>txt</format>
- <description>Presentation Url</description>
- </valueHelp>
- </properties>
- </leafNode>
- <node name="pcp-lifetime">
- <properties>
- <help>PCP-base lifetime Option</help>
- </properties>
- <children>
- <leafNode name="max">
- <properties>
- <help>Max lifetime time</help>
- <constraint>
- <validator name="numeric" />
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="min">
- <properties>
- <help>Min lifetime time</help>
- <constraint>
- <validator name="numeric" />
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
- <leafNode name="listen">
- <properties>
- <help>Local IP addresses for service to listen on</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
- <script>${vyos_completion_dir}/list_interfaces</script>
- </completionHelp>
- <valueHelp>
- <format>&lt;interface&gt;</format>
- <description>Monitor interface address</description>
- </valueHelp>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address to listen for incoming connections</description>
- </valueHelp>
- <valueHelp>
- <format>ipv4net</format>
- <description>IPv4 prefix to listen for incoming connections</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address to listen for incoming connections</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6net</format>
- <description>IPv6 prefix to listen for incoming connections</description>
- </valueHelp>
- <multi/>
- <constraint>
- #include <include/constraint/interface-name.xml.i>
- <validator name="ip-address"/>
- <validator name="ipv4-prefix"/>
- <validator name="ipv6-prefix"/>
- </constraint>
- </properties>
- </leafNode>
- <node name="stun">
- <properties>
- <help>Enable STUN probe support (can be used with NAT 1:1 support for WAN interfaces)</help>
- </properties>
- <children>
- <leafNode name="host">
- <properties>
- <help>The STUN server address</help>
- <valueHelp>
- <format>txt</format>
- <description>The STUN server host address</description>
- </valueHelp>
- <constraint>
- <validator name="fqdn"/>
- </constraint>
- </properties>
- </leafNode>
- #include <include/port-number.xml.i>
- </children>
- </node>
- <tagNode name="rule">
- <properties>
- <help>UPnP Rule</help>
- <valueHelp>
- <format>u32:0-65535</format>
- <description>Rule number</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-65535"/>
- </constraint>
- </properties>
- <children>
- #include <include/generic-disable-node.xml.i>
- <leafNode name="external-port-range">
- <properties>
- <help>Port range (REQUIRE)</help>
- <valueHelp>
- <format>&lt;port&gt;</format>
- <description>single port</description>
- </valueHelp>
- <valueHelp>
- <format>&lt;portN&gt;-&lt;portM&gt;</format>
- <description>Port range (use '-' as delimiter)</description>
- </valueHelp>
- <constraint>
- <validator name="port-range"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="internal-port-range">
- <properties>
- <help>Port range (REQUIRE)</help>
- <valueHelp>
- <format>&lt;port&gt;</format>
- <description>single port</description>
- </valueHelp>
- <valueHelp>
- <format>&lt;portN&gt;-&lt;portM&gt;</format>
- <description>Port range (use '-' as delimiter)</description>
- </valueHelp>
- <constraint>
- <validator name="port-range"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="ip">
- <properties>
- <help>The IP to which this rule applies (REQUIRE)</help>
- <valueHelp>
- <format>ipv4</format>
- <description>The IPv4 address to which this rule applies</description>
- </valueHelp>
- <valueHelp>
- <format>ipv4net</format>
- <description>The IPv4 to which this rule applies</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- <validator name="ipv4-host"/>
- <validator name="ipv4-prefix"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="action">
- <properties>
- <help>Actions against the rule (REQUIRE)</help>
- <completionHelp>
- <list>allow deny</list>
- </completionHelp>
- <constraint>
- <regex>(allow|deny)</regex>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- </children>
- </node>
- </children>
- </node>
-</interfaceDefinition>
diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in
index e94bb7219..f6c8021d3 100644
--- a/interface-definitions/system_login.xml.in
+++ b/interface-definitions/system_login.xml.in
@@ -202,17 +202,8 @@
<tagNode name="server">
<children>
#include <include/radius-timeout.xml.i>
+ #include <include/radius-priority.xml.i>
<leafNode name="priority">
- <properties>
- <help>Server priority</help>
- <valueHelp>
- <format>u32:1-255</format>
- <description>Server priority</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-255"/>
- </constraint>
- </properties>
<defaultValue>255</defaultValue>
</leafNode>
</children>
diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
index d23a001d5..d9ed1c040 100644
--- a/interface-definitions/vpn_sstp.xml.in
+++ b/interface-definitions/vpn_sstp.xml.in
@@ -53,6 +53,15 @@
#include <include/accel-ppp/wins-server.xml.i>
#include <include/generic-description.xml.i>
#include <include/name-server-ipv4-ipv6.xml.i>
+ <leafNode name="host-name">
+ <properties>
+ <help>Only allow connection to specified host with the same TLS SNI</help>
+ <constraint>
+ #include <include/constraint/host-name.xml.i>
+ </constraint>
+ <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage>
+ </properties>
+ </leafNode>
</children>
</node>
</children>
diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in
index 94ed96e4b..a20be995a 100644
--- a/interface-definitions/vrf.xml.in
+++ b/interface-definitions/vrf.xml.in
@@ -120,20 +120,7 @@
<constraintErrorMessage>VRF routing table must be in range from 100 to 65535</constraintErrorMessage>
</properties>
</leafNode>
- <leafNode name="vni" owner="${vyos_conf_scripts_dir}/vrf_vni.py $VAR(../@)">
- <properties>
- <help>Virtual Network Identifier</help>
- <!-- must be after BGP to keep correct order when removing L3VNIs in FRR -->
- <priority>822</priority>
- <valueHelp>
- <format>u32:0-16777214</format>
- <description>VXLAN virtual network identifier</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-16777214"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/vni.xml.i>
</children>
</tagNode>
</children>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 22:14:33 +0000