diff options
Diffstat (limited to 'interface-definitions')
18 files changed, 218 insertions, 76 deletions
diff --git a/interface-definitions/include/interface-mtu-1200-9000.xml.i b/interface-definitions/include/interface-mtu-1200-9000.xml.i index 336845b77..de48db65e 100644 --- a/interface-definitions/include/interface-mtu-1200-9000.xml.i +++ b/interface-definitions/include/interface-mtu-1200-9000.xml.i @@ -10,4 +10,5 @@ </constraint> <constraintErrorMessage>MTU must be between 1200 and 9000</constraintErrorMessage> </properties> + <defaultValue>1500</defaultValue> </leafNode> diff --git a/interface-definitions/include/interface-mtu-1450-9000.xml.i b/interface-definitions/include/interface-mtu-1450-9000.xml.i index 87296a050..d15987394 100644 --- a/interface-definitions/include/interface-mtu-1450-9000.xml.i +++ b/interface-definitions/include/interface-mtu-1450-9000.xml.i @@ -10,4 +10,5 @@ </constraint> <constraintErrorMessage>MTU must be between 1450 and 9000</constraintErrorMessage> </properties> + <defaultValue>1500</defaultValue> </leafNode> diff --git a/interface-definitions/include/interface-mtu-64-8024.xml.i b/interface-definitions/include/interface-mtu-64-8024.xml.i index e917c816f..e60867e35 100644 --- a/interface-definitions/include/interface-mtu-64-8024.xml.i +++ b/interface-definitions/include/interface-mtu-64-8024.xml.i @@ -10,4 +10,5 @@ </constraint> <constraintErrorMessage>MTU must be between 64 and 8024</constraintErrorMessage> </properties> + <defaultValue>1500</defaultValue> </leafNode> diff --git a/interface-definitions/include/interface-mtu-68-1500.xml.i b/interface-definitions/include/interface-mtu-68-1500.xml.i index 81223c332..d47efd2c9 100644 --- a/interface-definitions/include/interface-mtu-68-1500.xml.i +++ b/interface-definitions/include/interface-mtu-68-1500.xml.i @@ -10,4 +10,5 @@ </constraint> <constraintErrorMessage>MTU must be between 68 and 1500</constraintErrorMessage> </properties> + <defaultValue>1500</defaultValue> </leafNode> diff --git a/interface-definitions/include/interface-mtu-68-9000.xml.i b/interface-definitions/include/interface-mtu-68-9000.xml.i index ad11afa80..8fae2043c 100644 --- a/interface-definitions/include/interface-mtu-68-9000.xml.i +++ b/interface-definitions/include/interface-mtu-68-9000.xml.i @@ -10,4 +10,5 @@ </constraint> <constraintErrorMessage>MTU must be between 68 and 9000</constraintErrorMessage> </properties> + <defaultValue>1500</defaultValue> </leafNode> diff --git a/interface-definitions/include/nat-outbound-interface.xml.i b/interface-definitions/include/nat-interface.xml.i index d562f7f03..c49483297 100644 --- a/interface-definitions/include/nat-outbound-interface.xml.i +++ b/interface-definitions/include/nat-interface.xml.i @@ -2,6 +2,7 @@ <properties> <help>Outbound interface of NAT traffic</help> <completionHelp> + <list>any</list> <script>${vyos_completion_dir}/list_interfaces.py</script> </completionHelp> </properties> diff --git a/interface-definitions/include/source-address-ipv4-ipv6.xml.i b/interface-definitions/include/source-address-ipv4-ipv6.xml.i new file mode 100644 index 000000000..6d2d77c95 --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-ipv6.xml.i @@ -0,0 +1,17 @@ +<leafNode name="source-address"> + <properties> + <help>IPv4/IPv6 source address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source-address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 source-address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> +</leafNode> diff --git a/interface-definitions/include/source-interface.xml.i b/interface-definitions/include/source-interface.xml.i new file mode 100644 index 000000000..ae579c2a6 --- /dev/null +++ b/interface-definitions/include/source-interface.xml.i @@ -0,0 +1,12 @@ +<leafNode name="source-interface"> + <properties> + <help>Physical interface used for connection</help> + <valueHelp> + <format>interface</format> + <description>Physical interface used for connection</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> +</leafNode> diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in index 36605ab59..dfef387d2 100644 --- a/interface-definitions/interfaces-macsec.xml.in +++ b/interface-definitions/interfaces-macsec.xml.in @@ -83,6 +83,7 @@ <validator name="numeric" argument="--range 0-255" /> </constraint> </properties> + <defaultValue>255</defaultValue> </leafNode> </children> </node> diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in index 0092f9ce5..8a6c61312 100644 --- a/interface-definitions/interfaces-pppoe.xml.in +++ b/interface-definitions/interfaces-pppoe.xml.in @@ -71,6 +71,7 @@ <description>Replace existing default route</description> </valueHelp> </properties> + <defaultValue>auto</defaultValue> </leafNode> #include <include/dhcpv6-options.xml.i> #include <include/interface-description.xml.i> @@ -128,19 +129,7 @@ </constraint> </properties> </leafNode> - <leafNode name="mtu"> - <properties> - <help>Maximum Transmission Unit (MTU)</help> - <valueHelp> - <format>68-1500</format> - <description>Maximum Transmission Unit (default 1492)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 68-1500"/> - </constraint> - <constraintErrorMessage>MTU must be between 68 and 1500</constraintErrorMessage> - </properties> - </leafNode> + #include <include/interface-mtu-68-1500.xml.i> <leafNode name="no-peer-dns"> <properties> <help>Do not use DNS servers provided by the peer</help> diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in index fdde57525..bd3ab4022 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -64,18 +64,7 @@ </constraint> </properties> </leafNode> - <leafNode name="source-interface"> - <properties> - <help>Physical Interface used for this connection</help> - <valueHelp> - <format>interface</format> - <description>Interface used for VXLAN underlay</description> - </valueHelp> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> - </completionHelp> - </properties> - </leafNode> + #include <include/source-interface.xml.i> #include <include/interface-mtu-1200-9000.xml.i> <leafNode name="remote"> <properties> diff --git a/interface-definitions/interfaces-wirelessmodem.xml.in b/interface-definitions/interfaces-wirelessmodem.xml.in index 8b68594da..d375b808d 100644 --- a/interface-definitions/interfaces-wirelessmodem.xml.in +++ b/interface-definitions/interfaces-wirelessmodem.xml.in @@ -38,6 +38,7 @@ </constraint> <constraintErrorMessage>Must be between (1-255)</constraintErrorMessage> </properties> + <defaultValue>10</defaultValue> </leafNode> </children> </node> diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in index 7998bd660..f8415b7c0 100644 --- a/interface-definitions/nat.xml.in +++ b/interface-definitions/nat.xml.in @@ -81,7 +81,7 @@ <valueless/> </properties> </leafNode> - #include <include/nat-outbound-interface.xml.i> + #include <include/nat-interface.xml.i> <node name="source"> <properties> <help>IPv6 source prefix options</help> @@ -132,7 +132,7 @@ #include <include/nat-rule.xml.i> <tagNode name="rule"> <children> - #include <include/nat-outbound-interface.xml.i> + #include <include/nat-interface.xml.i> <node name="translation"> <properties> <help>Outside NAT IP (source NAT only)</help> diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service-ids-ddos-protection.xml.in new file mode 100644 index 000000000..93d4cc682 --- /dev/null +++ b/interface-definitions/service-ids-ddos-protection.xml.in @@ -0,0 +1,118 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="ids"> + <properties> + <help>Intrusion Detection System</help> + </properties> + <children> + <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_fastnetmon.py"> + <properties> + <help>FastNetMon detection and protection parameters</help> + <priority>731</priority> + </properties> + <children> + <leafNode name="alert-script"> + <properties> + <help>Path to fastnetmon alert script</help> + </properties> + </leafNode> + <leafNode name="direction"> + <properties> + <help>Direction for processing traffic</help> + <completionHelp> + <list>in out</list> + </completionHelp> + <constraint> + <regex>(in|out)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="listen-interface"> + <properties> + <help>Listen interface for mirroring traffic</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <node name="mode"> + <properties> + <help>Traffic capture modes</help> + </properties> + <children> + <!-- Future modes "mirror" "netflow" "combine (both)" --> + <leafNode name="mirror"> + <properties> + <help>Listen mirrored traffic mode</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="network"> + <properties> + <help>Define monitoring networks</help> + <valueHelp> + <format>ipv4net</format> + <description>Processed network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="threshold"> + <properties> + <help>Attack limits thresholds</help> + </properties> + <children> + <leafNode name="fps"> + <properties> + <help>Flows per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Flows per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mbps"> + <properties> + <help>Megabits per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Megabits per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + <leafNode name="pps"> + <properties> + <help>Packets per second</help> + <valueHelp> + <format><0-4294967294></format> + <description>Packets per second</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in index 31428092f..2fe8ce583 100644 --- a/interface-definitions/snmp.xml.in +++ b/interface-definitions/snmp.xml.in @@ -11,9 +11,9 @@ <children> <tagNode name="community"> <properties> - <help>Community name [REQUIRED]</help> + <help>Community name</help> <constraint> - <regex>[a-zA-Z0-9\-_]{1,100}</regex> + <regex>^[a-zA-Z0-9\-_]{1,100}$</regex> </constraint> <constraintErrorMessage>Community string is limited to alphanumerical characters only with a total lenght of 100</constraintErrorMessage> </properties> @@ -33,7 +33,7 @@ <description>read write</description> </valueHelp> <constraint> - <regex>(ro|rw)</regex> + <regex>^(ro|rw)$</regex> </constraint> <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> </properties> @@ -71,7 +71,7 @@ <properties> <help>Contact information</help> <constraint> - <regex>.{1,255}</regex> + <regex>^.{1,255}$</regex> </constraint> <constraintErrorMessage>Contact information is limited to 255 characters or less</constraintErrorMessage> </properties> @@ -80,7 +80,7 @@ <properties> <help>Description information</help> <constraint> - <regex>.{1,255}</regex> + <regex>^.{1,255}$</regex> </constraint> <constraintErrorMessage>Description is limited to 255 characters or less</constraintErrorMessage> </properties> @@ -121,7 +121,7 @@ <properties> <help>Location information</help> <constraint> - <regex>.{1,255}</regex> + <regex>^.{1,255}$</regex> </constraint> <constraintErrorMessage>Location is limited to 255 characters or less</constraintErrorMessage> </properties> @@ -197,9 +197,9 @@ <children> <leafNode name="engineid"> <properties> - <help>Specifies the EngineID that uniquely identify an agent (e.g. 0xff42)</help> + <help>Specifies the EngineID that uniquely identify an agent (e.g. 000000000000000000000002)</help> <constraint> - <regex>(0x){0,1}([0-9a-f][0-9a-f]){1,18}$</regex> + <regex>^([0-9a-f][0-9a-f]){1,18}$</regex> </constraint> <constraintErrorMessage>ID must contain an even number (from 2 to 36) of hex digits</constraintErrorMessage> </properties> @@ -224,7 +224,7 @@ <description>read write</description> </valueHelp> <constraint> - <regex>(ro|rw)</regex> + <regex>^(ro|rw)$</regex> </constraint> <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> </properties> @@ -233,7 +233,7 @@ <properties> <help>Security levels</help> <completionHelp> - <list>noauth auth priv2</list> + <list>noauth auth priv</list> </completionHelp> <valueHelp> <format>noauth</format> @@ -248,7 +248,7 @@ <description>Messages are authenticated and encrypted (authPriv)</description> </valueHelp> <constraint> - <regex>(noauth|auth|priv)</regex> + <regex>^(noauth|auth|priv)$</regex> </constraint> </properties> </leafNode> @@ -284,20 +284,20 @@ <help>Defines the privacy</help> </properties> <children> - <leafNode name="encrypted-key"> + <leafNode name="encrypted-password"> <properties> <help>Defines the encrypted key for authentication</help> <constraint> - <regex>0x[0-9a-f]*$</regex> + <regex>^[0-9a-f]*$</regex> </constraint> - <constraintErrorMessage>Key must start from '0x' and contain hex digits</constraintErrorMessage> + <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> </properties> </leafNode> - <leafNode name="plaintext-key"> + <leafNode name="plaintext-password"> <properties> <help>Defines the clear text key for authentication</help> <constraint> - <regex>.{8,}$</regex> + <regex>^.{8,}$</regex> </constraint> <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> @@ -317,7 +317,7 @@ <description>Secure Hash Algorithm</description> </valueHelp> <constraint> - <regex>(md5|sha)</regex> + <regex>^(md5|sha)$</regex> </constraint> </properties> </leafNode> @@ -341,20 +341,20 @@ <help>Defines the privacy</help> </properties> <children> - <leafNode name="encrypted-key"> + <leafNode name="encrypted-password"> <properties> <help>Defines the encrypted key for privacy protocol</help> <constraint> - <regex>0x[0-9a-f]*$</regex> + <regex>^[0-9a-f]*$</regex> </constraint> - <constraintErrorMessage>Key must start from '0x' and contain hex digits</constraintErrorMessage> + <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> </properties> </leafNode> - <leafNode name="plaintext-key"> + <leafNode name="plaintext-password"> <properties> <help>Defines the clear text key for privacy protocol</help> <constraint> - <regex>.{8,}$</regex> + <regex>^.{8,}$</regex> </constraint> <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> @@ -374,7 +374,7 @@ <description>Advanced Encryption Standard</description> </valueHelp> <constraint> - <regex>(des|aes)</regex> + <regex>^(des|aes)$</regex> </constraint> </properties> </leafNode> @@ -395,7 +395,7 @@ <description>Use User Datagram Protocol for notifications</description> </valueHelp> <constraint> - <regex>(tcp|udp)</regex> + <regex>^(tcp|udp)$</regex> </constraint> </properties> </leafNode> @@ -414,7 +414,7 @@ <description>Use TRAP</description> </valueHelp> <constraint> - <regex>(inform|trap)</regex> + <regex>^(inform|trap)$</regex> </constraint> </properties> </leafNode> @@ -442,20 +442,20 @@ <help>Specifies the auth</help> </properties> <children> - <leafNode name="encrypted-key"> + <leafNode name="encrypted-password"> <properties> <help>Defines the encrypted key for authentication</help> <constraint> - <regex>0x[0-9a-f]*$</regex> + <regex>^[0-9a-f]*$</regex> </constraint> - <constraintErrorMessage>Key must start from '0x' and contain hex digits</constraintErrorMessage> + <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> </properties> </leafNode> - <leafNode name="plaintext-key"> + <leafNode name="plaintext-password"> <properties> <help>Defines the clear text key for authentication</help> <constraint> - <regex>.{8,}$</regex> + <regex>^.{8,}$</regex> </constraint> <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> @@ -475,7 +475,7 @@ <description>Secure Hash Algorithm</description> </valueHelp> <constraint> - <regex>(md5|sha)</regex> + <regex>^(md5|sha)$</regex> </constraint> </properties> </leafNode> @@ -504,7 +504,7 @@ <description>read write</description> </valueHelp> <constraint> - <regex>(ro|rw)</regex> + <regex>^(ro|rw)$</regex> </constraint> <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> </properties> @@ -514,20 +514,20 @@ <help>Defines the privacy</help> </properties> <children> - <leafNode name="encrypted-key"> + <leafNode name="encrypted-password"> <properties> <help>Defines the encrypted key for privacy protocol</help> <constraint> - <regex>0x[0-9a-f]*$</regex> + <regex>^[0-9a-f]*$</regex> </constraint> - <constraintErrorMessage>Key must start from '0x' and contain hex digits</constraintErrorMessage> + <constraintErrorMessage>Encrypted key must only contain hex digits</constraintErrorMessage> </properties> </leafNode> - <leafNode name="plaintext-key"> + <leafNode name="plaintext-password"> <properties> <help>Defines the clear text key for privacy protocol</help> <constraint> - <regex>.{8,}$</regex> + <regex>^.{8,}$</regex> </constraint> <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> @@ -547,7 +547,7 @@ <description>Advanced Encryption Standard</description> </valueHelp> <constraint> - <regex>(des|aes)</regex> + <regex>^(des|aes)$</regex> </constraint> </properties> </leafNode> @@ -568,7 +568,7 @@ <properties> <help>Specifies the oid</help> <constraint> - <regex>[0-9]+(\.[0-9]+)*$</regex> + <regex>^[0-9]+(\.[0-9]+)*$</regex> </constraint> <constraintErrorMessage>OID must start from a number</constraintErrorMessage> </properties> @@ -582,7 +582,7 @@ <properties> <help>Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant</help> <constraint> - <regex>[0-9a-f]{2}([\.:][0-9a-f]{2})*$</regex> + <regex>^[0-9a-f]{2}([\.:][0-9a-f]{2})*$</regex> </constraint> <constraintErrorMessage>MASK is a list of hex octets, separated by '.' or ':'</constraintErrorMessage> </properties> diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in index 1b20f5776..d253c2f34 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/ssh.xml.in @@ -132,30 +132,30 @@ <properties> <help>Log level</help> <completionHelp> - <list>QUIET FATAL ERROR INFO VERBOSE</list> + <list>quiet fatal error info verbose</list> </completionHelp> <valueHelp> - <format>QUIET</format> + <format>quiet</format> <description>stay silent</description> </valueHelp> <valueHelp> - <format>FATAL</format> + <format>fatal</format> <description>log fatals only</description> </valueHelp> <valueHelp> - <format>ERROR</format> + <format>error</format> <description>log errors and fatals only</description> </valueHelp> <valueHelp> - <format>INFO</format> + <format>info</format> <description>default log level</description> </valueHelp> <valueHelp> - <format>VERBOSE</format> + <format>verbose</format> <description>enable logging of failed login attempts</description> </valueHelp> <constraint> - <regex>^(QUIET|FATAL|ERROR|INFO|VERBOSE)$</regex> + <regex>^(quiet|fatal|error|info|verbose)$</regex> </constraint> </properties> <defaultValue>INFO</defaultValue> diff --git a/interface-definitions/system-options.xml.in b/interface-definitions/system-options.xml.in index 48bc353ab..194773329 100644 --- a/interface-definitions/system-options.xml.in +++ b/interface-definitions/system-options.xml.in @@ -33,7 +33,7 @@ <description>Poweroff VyOS</description> </valueHelp> <constraint> - <regex>(ignore|reboot|poweroff)</regex> + <regex>^(ignore|reboot|poweroff)$</regex> </constraint> <constraintErrorMessage>Must be ignore, reboot, or poweroff</constraintErrorMessage> </properties> @@ -44,6 +44,15 @@ <valueless/> </properties> </leafNode> + <node name="http-client"> + <properties> + <help>Global options used for HTTP based commands</help> + </properties> + <children> + #include <include/source-interface.xml.i> + #include <include/source-address-ipv4-ipv6.xml.i> + </children> + </node> </children> </node> </children> diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index 9b9828ddd..159f4ea3e 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -4,7 +4,7 @@ <properties> <help>Virtual Routing and Forwarding</help> <!-- must be before any interface creation --> - <priority>210</priority> + <priority>60</priority> </properties> <children> <leafNode name="bind-to-all"> |