diff options
Diffstat (limited to 'interface-definitions')
248 files changed, 4782 insertions, 3482 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index b35ba8d1c..f0db8a6f2 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -316,6 +316,30 @@ </properties> <defaultValue>on-failure</defaultValue> </leafNode> + <leafNode name="uid"> + <properties> + <help>User ID this container will run as</help> + <valueHelp> + <format>u32:0-65535</format> + <description>User ID this container will run as</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="gid"> + <properties> + <help>Group ID this container will run as</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Group ID this container will run as</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> <tagNode name="volume"> <properties> <help>Mount a volume into the container</help> diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in deleted file mode 100644 index 583de7ba9..000000000 --- a/interface-definitions/dhcp-server.xml.in +++ /dev/null @@ -1,490 +0,0 @@ -<?xml version="1.0"?> -<!-- DHCP server configuration --> -<interfaceDefinition> - <node name="service"> - <children> - <node name="dhcp-server" owner="${vyos_conf_scripts_dir}/dhcp_server.py"> - <properties> - <help>Dynamic Host Configuration Protocol (DHCP) for DHCP server</help> - <priority>911</priority> - </properties> - <children> - #include <include/generic-disable-node.xml.i> - <leafNode name="dynamic-dns-update"> - <properties> - <help>Dynamically update Domain Name System (RFC4702)</help> - <valueless/> - </properties> - </leafNode> - <node name="failover"> - <properties> - <help>DHCP failover configuration</help> - </properties> - <children> - #include <include/source-address-ipv4.xml.i> - <leafNode name="remote"> - <properties> - <help>IPv4 remote address used for connectio</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of failover peer</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> - <leafNode name="name"> - <properties> - <help>Peer name used to identify connection</help> - <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> - </constraint> - <constraintErrorMessage>Invalid failover peer name. May only contain letters, numbers and .-_</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="status"> - <properties> - <help>Failover hierarchy</help> - <completionHelp> - <list>primary secondary</list> - </completionHelp> - <valueHelp> - <format>primary</format> - <description>Configure this server to be the primary node</description> - </valueHelp> - <valueHelp> - <format>secondary</format> - <description>Configure this server to be the secondary node</description> - </valueHelp> - <constraint> - <regex>(primary|secondary)</regex> - </constraint> - <constraintErrorMessage>Invalid DHCP failover peer status</constraintErrorMessage> - </properties> - </leafNode> - </children> - </node> - <leafNode name="global-parameters"> - <properties> - <help>Additional global parameters for DHCP server. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.</help> - <multi/> - </properties> - </leafNode> - <leafNode name="hostfile-update"> - <properties> - <help>Updating /etc/hosts file (per client lease)</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="host-decl-name"> - <properties> - <help>Use host declaration name for forward DNS name</help> - <valueless/> - </properties> - </leafNode> - #include <include/listen-address-ipv4.xml.i> - <tagNode name="shared-network-name"> - <properties> - <help>Name of DHCP shared network</help> - <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> - </constraint> - <constraintErrorMessage>Invalid shared network name. May only contain letters, numbers and .-_</constraintErrorMessage> - </properties> - <children> - <leafNode name="authoritative"> - <properties> - <help>Option to make DHCP server authoritative for this physical network</help> - <valueless/> - </properties> - </leafNode> - #include <include/dhcp/domain-name.xml.i> - #include <include/dhcp/domain-search.xml.i> - #include <include/dhcp/ntp-server.xml.i> - #include <include/dhcp/ping-check.xml.i> - #include <include/generic-description.xml.i> - #include <include/generic-disable-node.xml.i> - #include <include/name-server-ipv4.xml.i> - <leafNode name="shared-network-parameters"> - <properties> - <help>Additional shared-network parameters for DHCP server. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.</help> - <multi/> - </properties> - </leafNode> - <tagNode name="subnet"> - <properties> - <help>DHCP subnet for shared network</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv4-prefix"/> - </constraint> - <constraintErrorMessage>Invalid IPv4 subnet definition</constraintErrorMessage> - </properties> - <children> - <leafNode name="bootfile-name"> - <properties> - <help>Bootstrap file name</help> - <constraint> - <regex>[[:ascii:]]{1,253}</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="bootfile-server"> - <properties> - <help>Server from which the initial boot file is to be loaded</help> - <valueHelp> - <format>ipv4</format> - <description>Bootfile server IPv4 address</description> - </valueHelp> - <valueHelp> - <format>hostname</format> - <description>Bootfile server FQDN</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="fqdn"/> - </constraint> - </properties> - </leafNode> - <leafNode name="bootfile-size"> - <properties> - <help>Bootstrap file size</help> - <valueHelp> - <format>u32:1-16</format> - <description>Bootstrap file size in 512 byte blocks</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-16"/> - </constraint> - </properties> - </leafNode> - <leafNode name="client-prefix-length"> - <properties> - <help>Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used.</help> - <valueHelp> - <format>u32:0-32</format> - <description>DHCP client prefix length must be 0 to 32</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-32"/> - </constraint> - <constraintErrorMessage>DHCP client prefix length must be 0 to 32</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="default-router"> - <properties> - <help>IP address of default router</help> - <valueHelp> - <format>ipv4</format> - <description>Default router IPv4 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> - #include <include/dhcp/domain-name.xml.i> - #include <include/dhcp/domain-search.xml.i> - #include <include/generic-description.xml.i> - #include <include/name-server-ipv4.xml.i> - <leafNode name="enable-failover"> - <properties> - <help>Enable DHCP failover support for this subnet</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="exclude"> - <properties> - <help>IP address to exclude from DHCP lease range</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address to exclude from lease range</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="ip-forwarding"> - <properties> - <help>Enable IP forwarding on client</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="lease"> - <properties> - <help>Lease timeout in seconds</help> - <valueHelp> - <format>u32</format> - <description>DHCP lease time in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-4294967295"/> - </constraint> - <constraintErrorMessage>DHCP lease time must be between 0 and 4294967295 (49 days)</constraintErrorMessage> - </properties> - <defaultValue>86400</defaultValue> - </leafNode> - #include <include/dhcp/ntp-server.xml.i> - #include <include/dhcp/ping-check.xml.i> - <leafNode name="pop-server"> - <properties> - <help>IP address of POP3 server</help> - <valueHelp> - <format>ipv4</format> - <description>POP3 server IPv4 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="server-identifier"> - <properties> - <help>Address for DHCP server identifier</help> - <valueHelp> - <format>ipv4</format> - <description>DHCP server identifier IPv4 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> - <leafNode name="smtp-server"> - <properties> - <help>IP address of SMTP server</help> - <valueHelp> - <format>ipv4</format> - <description>SMTP server IPv4 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - <tagNode name="range"> - <properties> - <help>DHCP lease range</help> - <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> - </constraint> - <constraintErrorMessage>Invalid range name, may only be alphanumeric, dot and hyphen</constraintErrorMessage> - </properties> - <children> - <leafNode name="start"> - <properties> - <help>First IP address for DHCP lease range</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 start address of pool</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> - <leafNode name="stop"> - <properties> - <help>Last IP address for DHCP lease range</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 end address of pool</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - <tagNode name="static-mapping"> - <properties> - <help>Name of static mapping</help> - <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> - </constraint> - <constraintErrorMessage>Invalid static mapping name, may only be alphanumeric, dot and hyphen</constraintErrorMessage> - </properties> - <children> - #include <include/generic-disable-node.xml.i> - <leafNode name="ip-address"> - <properties> - <help>Fixed IP address of static mapping</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address used in static mapping</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> - <leafNode name="mac-address"> - <properties> - <help>Media Access Control (MAC) address</help> - <valueHelp> - <format>macaddr</format> - <description>Hardware (MAC) address</description> - </valueHelp> - <constraint> - <validator name="mac-address"/> - </constraint> - </properties> - </leafNode> - <leafNode name="static-mapping-parameters"> - <properties> - <help>Additional static-mapping parameters for DHCP server. Will be placed inside the "host" block of the mapping. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.</help> - <multi/> - </properties> - </leafNode> - </children> - </tagNode> - <tagNode name="static-route"> - <properties> - <help>Classless static route destination subnet</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv4-prefix"/> - </constraint> - </properties> - <children> - <leafNode name="next-hop"> - <properties> - <help>IP address of router to be used to reach the destination subnet</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of router</description> - </valueHelp> - <constraint> - <validator name="ip-address"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode > - <leafNode name="ipv6-only-preferred"> - <properties> - <help>Disable IPv4 on IPv6 only hosts (RFC 8925)</help> - <valueHelp> - <format>u32</format> - <description>Seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-4294967295"/> - </constraint> - <constraintErrorMessage>Seconds must be between 0 and 4294967295 (49 days)</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="subnet-parameters"> - <properties> - <help>Additional subnet parameters for DHCP server. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.</help> - <multi/> - </properties> - </leafNode> - <leafNode name="tftp-server-name"> - <properties> - <help>TFTP server name</help> - <valueHelp> - <format>ipv4</format> - <description>TFTP server IPv4 address</description> - </valueHelp> - <valueHelp> - <format>hostname</format> - <description>TFTP server FQDN</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="fqdn"/> - </constraint> - </properties> - </leafNode> - <leafNode name="time-offset"> - <properties> - <help>Client subnet offset in seconds from Coordinated Universal Time (UTC)</help> - <valueHelp> - <format>[-]N</format> - <description>Time offset (number, may be negative)</description> - </valueHelp> - <constraint> - <regex>-?[0-9]+</regex> - </constraint> - <constraintErrorMessage>Invalid time offset value</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="time-server"> - <properties> - <help>IP address of time server</help> - <valueHelp> - <format>ipv4</format> - <description>Time server IPv4 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - <node name="vendor-option"> - <properties> - <help>Vendor Specific Options</help> - </properties> - <children> - <node name="ubiquiti"> - <properties> - <help>Ubiquiti specific parameters</help> - </properties> - <children> - <leafNode name="unifi-controller"> - <properties> - <help>Address of UniFi controller</help> - <valueHelp> - <format>ipv4</format> - <description>IP address of UniFi controller</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - </children> - </node> - <leafNode name="wins-server"> - <properties> - <help>IP address for Windows Internet Name Service (WINS) server</help> - <valueHelp> - <format>ipv4</format> - <description>WINS server IPv4 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="wpad-url"> - <properties> - <help>Web Proxy Autodiscovery (WPAD) URL</help> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </tagNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in deleted file mode 100644 index ef34ecbf5..000000000 --- a/interface-definitions/dns-domain-name.xml.in +++ /dev/null @@ -1,114 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="system"> - <children> - <leafNode name="name-server" owner="${vyos_conf_scripts_dir}/host_name.py"> - <properties> - <help>System Domain Name Servers (DNS)</help> - <priority>400</priority> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - <valueHelp> - <format>ipv4</format> - <description>Domain Name Server IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>Domain Name Server IPv6 address</description> - </valueHelp> - <valueHelp> - <format>txt</format> - <description>Use Domain Name Server from DHCP interface</description> - </valueHelp> - <multi/> - <constraint> - <validator name="ip-address"/> - #include <include/constraint/interface-name.xml.i> - </constraint> - </properties> - </leafNode> - <!-- script does not use XML defaults so far --> - <leafNode name="host-name" owner="${vyos_conf_scripts_dir}/host_name.py"> - <properties> - <help>System host name (default: vyos)</help> - <constraint> - #include <include/constraint/host-name.xml.i> - </constraint> - </properties> - </leafNode> - <leafNode name="domain-name" owner="${vyos_conf_scripts_dir}/host_name.py"> - <properties> - <help>System domain name</help> - <constraint> - <validator name="fqdn"/> - </constraint> - </properties> - </leafNode> - <node name="domain-search" owner="${vyos_conf_scripts_dir}/host_name.py"> - <properties> - <help>Domain Name Server (DNS) domain completion order</help> - <priority>400</priority> - </properties> - <children> - <leafNode name="domain"> - <properties> - <help>DNS domain completion order</help> - <constraint> - <regex>[-a-zA-Z0-9.]+</regex> - </constraint> - <constraintErrorMessage>Invalid domain name</constraintErrorMessage> - <multi/> - </properties> - </leafNode> - </children> - </node> - <node name="static-host-mapping" owner="${vyos_conf_scripts_dir}/host_name.py"> - <properties> - <help>Map host names to addresses</help> - <priority>400</priority> - </properties> - <children> - <tagNode name="host-name"> - <properties> - <help>Host name for static address mapping</help> - <constraint> - #include <include/constraint/host-name.xml.i> - </constraint> - <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> - </properties> - <children> - <leafNode name="alias"> - <properties> - <help>Alias for this address</help> - <constraint> - <regex>.{1,63}</regex> - </constraint> - <constraintErrorMessage>invalid alias hostname, needs to be between 1 and 63 charactes</constraintErrorMessage> - <multi /> - </properties> - </leafNode> - <leafNode name="inet"> - <properties> - <help>IP Address</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address</description> - </valueHelp> - <constraint> - <validator name="ip-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in deleted file mode 100644 index 723223f1c..000000000 --- a/interface-definitions/dns-dynamic.xml.in +++ /dev/null @@ -1,158 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="service"> - <children> - <node name="dns"> - <properties> - <help>Domain Name System (DNS) related services</help> - </properties> - <children> - <node name="dynamic" owner="${vyos_conf_scripts_dir}/dns_dynamic.py"> - <properties> - <help>Dynamic DNS</help> - </properties> - <children> - <tagNode name="address"> - <properties> - <help>Obtain IP address to send Dynamic DNS update for</help> - <valueHelp> - <format>txt</format> - <description>Use interface to obtain the IP address</description> - </valueHelp> - <valueHelp> - <format>web</format> - <description>Use HTTP(S) web request to obtain the IP address</description> - </valueHelp> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - <list>web</list> - </completionHelp> - <constraint> - #include <include/constraint/interface-name.xml.i> - <regex>web</regex> - </constraint> - </properties> - <children> - <node name="web-options"> - <properties> - <help>Options when using HTTP(S) web request to obtain the IP address</help> - </properties> - <children> - #include <include/url.xml.i> - <leafNode name="skip"> - <properties> - <help>Pattern to skip from the HTTP(S) respose</help> - <valueHelp> - <format>txt</format> - <description>Pattern to skip from the HTTP(S) respose to extract the external IP address</description> - </valueHelp> - </properties> - </leafNode> - </children> - </node> - <tagNode name="rfc2136"> - <properties> - <help>RFC2136 nsupdate configuration</help> - <valueHelp> - <format>txt</format> - <description>RFC2136 nsupdate service name</description> - </valueHelp> - </properties> - <children> - #include <include/generic-description.xml.i> - #include <include/dns/dynamic-service-host-name-server.xml.i> - #include <include/dns/dynamic-service-wait-expiry-time.xml.i> - <leafNode name="key"> - <properties> - <help>File containing the TSIG secret key shared with remote DNS server</help> - <valueHelp> - <format>filename</format> - <description>File in /config/auth directory</description> - </valueHelp> - <constraint> - <validator name="file-path" argument="--strict --parent-dir /config/auth"/> - </constraint> - </properties> - </leafNode> - #include <include/dns/time-to-live.xml.i> - #include <include/dns/dynamic-service-zone.xml.i> - </children> - </tagNode> - <tagNode name="service"> - <properties> - <help>Dynamic DNS configuration</help> - <valueHelp> - <format>txt</format> - <description>Dynamic DNS service name</description> - </valueHelp> - </properties> - <children> - #include <include/generic-description.xml.i> - #include <include/dns/dynamic-service-host-name-server.xml.i> - #include <include/dns/dynamic-service-wait-expiry-time.xml.i> - #include <include/generic-username.xml.i> - #include <include/generic-password.xml.i> - #include <include/dns/time-to-live.xml.i> - <leafNode name="protocol"> - <properties> - <help>ddclient protocol used for Dynamic DNS service</help> - <completionHelp> - <script>${vyos_completion_dir}/list_ddclient_protocols.sh</script> - </completionHelp> - <constraint> - <validator name="ddclient-protocol"/> - </constraint> - </properties> - </leafNode> - #include <include/dns/dynamic-service-zone.xml.i> - <leafNode name="ip-version"> - <properties> - <help>IP address version to use</help> - <valueHelp> - <format>_ipv4</format> - <description>Use only IPv4 address</description> - </valueHelp> - <valueHelp> - <format>_ipv6</format> - <description>Use only IPv6 address</description> - </valueHelp> - <valueHelp> - <format>both</format> - <description>Use both IPv4 and IPv6 address</description> - </valueHelp> - <completionHelp> - <list>ipv4 ipv6 both</list> - </completionHelp> - <constraint> - <regex>(ipv[46]|both)</regex> - </constraint> - <constraintErrorMessage>IP Version must be literal 'ipv4', 'ipv6' or 'both'</constraintErrorMessage> - </properties> - <defaultValue>ipv4</defaultValue> - </leafNode> - </children> - </tagNode> - </children> - </tagNode> - <leafNode name="timeout"> - <properties> - <help>Time in seconds to wait between DNS updates</help> - <valueHelp> - <format>u32:60-3600</format> - <description>Time in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 60-3600"/> - </constraint> - <constraintErrorMessage>Timeout must be between 60 and 3600 seconds</constraintErrorMessage> - </properties> - <defaultValue>300</defaultValue> - </leafNode> - #include <include/interface/vrf.xml.i> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 81e6b89ea..662ba24ab 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -115,6 +115,35 @@ #include <include/generic-description.xml.i> </children> </tagNode> + <node name="dynamic-group"> + <properties> + <help>Firewall dynamic group</help> + </properties> + <children> + <tagNode name="address-group"> + <properties> + <help>Firewall dynamic address group</help> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/generic-description.xml.i> + </children> + </tagNode> + <tagNode name="ipv6-address-group"> + <properties> + <help>Firewall dynamic IPv6 address group</help> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/generic-description.xml.i> + </children> + </tagNode> + </children> + </node> <tagNode name="interface-group"> <properties> <help>Firewall interface-group</help> @@ -355,6 +384,148 @@ #include <include/firewall/ipv6-custom-name.xml.i> </children> </node> + <tagNode name="zone"> + <properties> + <help>Zone-policy</help> + <valueHelp> + <format>txt</format> + <description>Zone name</description> + </valueHelp> + <constraint> + <regex>[a-zA-Z0-9][\w\-\.]*</regex> + </constraint> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/firewall/default-log.xml.i> + <leafNode name="default-action"> + <properties> + <help>Default-action for traffic coming into this zone</help> + <completionHelp> + <list>drop reject</list> + </completionHelp> + <valueHelp> + <format>drop</format> + <description>Drop silently</description> + </valueHelp> + <valueHelp> + <format>reject</format> + <description>Drop and notify source</description> + </valueHelp> + <constraint> + <regex>(drop|reject)</regex> + </constraint> + </properties> + <defaultValue>drop</defaultValue> + </leafNode> + <tagNode name="from"> + <properties> + <help>Zone from which to filter traffic</help> + <completionHelp> + <path>firewall zone</path> + </completionHelp> + </properties> + <children> + <node name="firewall"> + <properties> + <help>Firewall options</help> + </properties> + <children> + <leafNode name="ipv6-name"> + <properties> + <help>IPv6 firewall ruleset</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="name"> + <properties> + <help>IPv4 firewall ruleset</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + <leafNode name="interface"> + <properties> + <help>Interface associated with zone</help> + <valueHelp> + <format>txt</format> + <description>Interface associated with zone</description> + </valueHelp> + <valueHelp> + <format>vrf</format> + <description>VRF associated with zone</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <multi/> + </properties> + </leafNode> + <node name="intra-zone-filtering"> + <properties> + <help>Intra-zone filtering</help> + </properties> + <children> + <leafNode name="action"> + <properties> + <help>Action for intra-zone traffic</help> + <completionHelp> + <list>accept drop</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept traffic</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop silently</description> + </valueHelp> + <constraint> + <regex>(accept|drop)</regex> + </constraint> + </properties> + </leafNode> + <node name="firewall"> + <properties> + <help>Use the specified firewall chain</help> + </properties> + <children> + <leafNode name="ipv6-name"> + <properties> + <help>IPv6 firewall ruleset</help> + <completionHelp> + <path>firewall ipv6 name</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="name"> + <properties> + <help>IPv4 firewall ruleset</help> + <completionHelp> + <path>firewall ipv4 name</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="local-zone"> + <properties> + <help>Zone to be local-zone</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> </children> </node> </interfaceDefinition> diff --git a/interface-definitions/include/accel-ppp/auth-protocols.xml.i b/interface-definitions/include/accel-ppp/auth-protocols.xml.i index d43266152..4ab4753bb 100644 --- a/interface-definitions/include/accel-ppp/auth-protocols.xml.i +++ b/interface-definitions/include/accel-ppp/auth-protocols.xml.i @@ -1,7 +1,7 @@ <!-- include start from accel-ppp/auth-protocols.xml.i --> <leafNode name="protocols"> <properties> - <help>Authentication protocol for remote access peer SSTP VPN</help> + <help>Authentication protocol for remote access peer</help> <completionHelp> <list>pap chap mschap mschap-v2</list> </completionHelp> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i deleted file mode 100644 index b442a15b9..000000000 --- a/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i +++ /dev/null @@ -1,30 +0,0 @@ -<!-- include start from accel-ppp/client-ip-pool-name.xml.i --> -<tagNode name="name"> - <properties> - <help>Pool name</help> - <valueHelp> - <format>txt</format> - <description>Name of IP pool</description> - </valueHelp> - <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> - </constraint> - </properties> - <children> - #include <include/accel-ppp/gateway-address.xml.i> - #include <include/accel-ppp/client-ip-pool-subnet-single.xml.i> - <leafNode name="next-pool"> - <properties> - <help>Next pool name</help> - <valueHelp> - <format>txt</format> - <description>Name of IP pool</description> - </valueHelp> - <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> - </constraint> - </properties> - </leafNode> - </children> -</tagNode> -<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool-start-stop.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool-start-stop.xml.i deleted file mode 100644 index 5f4132d13..000000000 --- a/interface-definitions/include/accel-ppp/client-ip-pool-start-stop.xml.i +++ /dev/null @@ -1,18 +0,0 @@ -<!-- include start from accel-ppp/client-ip-pool-start-stop.xml.i --> -<leafNode name="start"> - <properties> - <help>First IP address in the pool</help> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> -</leafNode> -<leafNode name="stop"> - <properties> - <help>Last IP address in the pool</help> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool-subnet-single.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool-subnet-single.xml.i deleted file mode 100644 index b93ba67d8..000000000 --- a/interface-definitions/include/accel-ppp/client-ip-pool-subnet-single.xml.i +++ /dev/null @@ -1,16 +0,0 @@ -<!-- include start from accel-ppp/client-ip-pool-subnet-single.xml.i --> -<leafNode name="subnet"> - <properties> - <help>Client IP subnet (CIDR notation)</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv4-prefix"/> - <validator name="ipv4-host"/> - </constraint> - <constraintErrorMessage>Not a valid IP address or prefix</constraintErrorMessage> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool-subnet.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool-subnet.xml.i deleted file mode 100644 index 2dc71d3f9..000000000 --- a/interface-definitions/include/accel-ppp/client-ip-pool-subnet.xml.i +++ /dev/null @@ -1,16 +0,0 @@ -<!-- include start from accel-ppp/client-ip-pool-subnet.xml.i --> -<leafNode name="subnet"> - <properties> - <help>Client IP subnet (CIDR notation)</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv4-prefix"/> - </constraint> - <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage> - <multi /> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ip-pool.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i new file mode 100644 index 000000000..b30a5ee01 --- /dev/null +++ b/interface-definitions/include/accel-ppp/client-ip-pool.xml.i @@ -0,0 +1,50 @@ +<!-- include start from accel-ppp/client-ip-pool.xml.i --> +<tagNode name="client-ip-pool"> + <properties> + <help>Client IP pool</help> + <valueHelp> + <format>txt</format> + <description>Name of IP pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> + <children> + <leafNode name="range"> + <properties> + <help>Range of IP addresses</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix</description> + </valueHelp> + <valueHelp> + <format>ipv4range</format> + <description>IPv4 address range inside /24 network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv4-host"/> + <validator name="ipv4-range-mask" argument="-m 24 -r"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="next-pool"> + <properties> + <help>Next pool name</help> + <completionHelp> + <path>${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-4}</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of IP pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i index 774741a5e..0c8c2e34c 100644 --- a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i +++ b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i @@ -1,7 +1,14 @@ <!-- include start from accel-ppp/client-ipv6-pool.xml.i --> -<node name="client-ipv6-pool"> +<tagNode name="client-ipv6-pool"> <properties> <help>Pool of client IPv6 addresses</help> + <valueHelp> + <format>txt</format> + <description>Name of IPv6 pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> </properties> <children> <tagNode name="prefix"> @@ -58,5 +65,5 @@ </children> </tagNode> </children> -</node> +</tagNode> <!-- include end --> diff --git a/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i b/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i new file mode 100644 index 000000000..1093f6713 --- /dev/null +++ b/interface-definitions/include/accel-ppp/default-ipv6-pool.xml.i @@ -0,0 +1,17 @@ +<!-- include start from accel-ppp/default-pool.xml.i --> +<leafNode name="default-ipv6-pool"> + <properties> + <help>Default client IPv6 pool name</help> + <completionHelp> + <path>${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-3} client-ipv6-pool</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Default IPv6 pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/default-pool.xml.i b/interface-definitions/include/accel-ppp/default-pool.xml.i new file mode 100644 index 000000000..e06642c37 --- /dev/null +++ b/interface-definitions/include/accel-ppp/default-pool.xml.i @@ -0,0 +1,17 @@ +<!-- include start from accel-ppp/default-pool.xml.i --> +<leafNode name="default-pool"> + <properties> + <help>Default client IP pool name</help> + <completionHelp> + <path>${COMP_WORDS[@]:1:${#COMP_WORDS[@]}-3} client-ip-pool</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Default IP pool</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i b/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i new file mode 100644 index 000000000..dcc58b97a --- /dev/null +++ b/interface-definitions/include/accel-ppp/gateway-address-multi.xml.i @@ -0,0 +1,17 @@ +<!-- include start from accel-ppp/gateway-address-multi.xml.i --> +<leafNode name="gateway-address"> + <properties> + <help>Gateway IP address</help> + <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage> + <valueHelp> + <format>ipv4net</format> + <description>Default Gateway, mask send to the client</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv4-host"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i b/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i new file mode 100644 index 000000000..f6ef41019 --- /dev/null +++ b/interface-definitions/include/accel-ppp/max-concurrent-sessions.xml.i @@ -0,0 +1,15 @@ +<!-- include start from accel-ppp/max-concurrent-sessions.xml.i --> +<leafNode name="max-concurrent-sessions"> + <properties> + <help>Maximum number of concurrent session start attempts</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Maximum number of concurrent session start attempts</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-65535"/> + </constraint> + <constraintErrorMessage>Maximum concurent sessions must be in range 0-65535</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i b/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i index b4008a63b..5661bdc05 100644 --- a/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i +++ b/interface-definitions/include/accel-ppp/mtu-128-16384.xml.i @@ -1,7 +1,7 @@ <!-- include start from accel-ppp/mtu-128-16384.xml.i --> <leafNode name="mtu"> <properties> - <help>Maximum Transmission Unit (MTU) - default 1492</help> + <help>Maximum Transmission Unit (MTU)</help> <constraint> <validator name="numeric" argument="--range 128-16384"/> </constraint> diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i index 265f7f97c..c4cf0a458 100644 --- a/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6-interface-id.xml.i @@ -1,5 +1,5 @@ <!-- include start from accel-ppp/ppp-options-ipv6-interface-id.xml.i --> -<leafNode name="ipv6-intf-id"> +<leafNode name="ipv6-interface-id"> <properties> <help>Fixed or random interface identifier for IPv6</help> <completionHelp> @@ -18,11 +18,11 @@ </constraint> </properties> </leafNode> -<leafNode name="ipv6-peer-intf-id"> +<leafNode name="ipv6-peer-interface-id"> <properties> <help>Peer interface identifier for IPv6</help> <completionHelp> - <list>random calling-sid ipv4</list> + <list>random calling-sid ipv4-addr</list> </completionHelp> <valueHelp> <format>x:x:x:x</format> @@ -33,7 +33,7 @@ <description>Use a random interface identifier for IPv6</description> </valueHelp> <valueHelp> - <format>ipv4</format> + <format>ipv4-addr</format> <description>Calculate interface identifier from IPv4 address, for example 192:168:0:1</description> </valueHelp> <valueHelp> @@ -41,11 +41,11 @@ <description>Calculate interface identifier from calling-station-id</description> </valueHelp> <constraint> - <regex>(random|calling-sid|ipv4|((\d+){1,4}:){3}(\d+){1,4})</regex> + <regex>(random|calling-sid|ipv4-addr|((\d+){1,4}:){3}(\d+){1,4})</regex> </constraint> </properties> </leafNode> -<leafNode name="ipv6-accept-peer-intf-id"> +<leafNode name="ipv6-accept-peer-interface-id"> <properties> <help>Accept peer interface identifier</help> <valueless/> diff --git a/interface-definitions/include/accel-ppp/ppp-options.xml.i b/interface-definitions/include/accel-ppp/ppp-options.xml.i new file mode 100644 index 000000000..9b4f1d0ca --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options.xml.i @@ -0,0 +1,65 @@ +<!-- include start from accel-ppp/ppp-options.xml.i --> +<node name="ppp-options"> + <properties> + <help>Advanced protocol options</help> + </properties> + <children> + <leafNode name="min-mtu"> + <properties> + <help>Minimum acceptable MTU (68-65535)</help> + <constraint> + <validator name="numeric" argument="--range 68-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mru"> + <properties> + <help>Preferred MRU (68-65535)</help> + <constraint> + <validator name="numeric" argument="--range 68-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="disable-ccp"> + <properties> + <help>Disable Compression Control Protocol (CCP)</help> + <valueless /> + </properties> + </leafNode> + #include <include/accel-ppp/ppp-mppe.xml.i> + #include <include/accel-ppp/lcp-echo-interval-failure.xml.i> + #include <include/accel-ppp/lcp-echo-timeout.xml.i> + #include <include/accel-ppp/ppp-interface-cache.xml.i> + <leafNode name="ipv4"> + <properties> + <help>IPv4 (IPCP) negotiation algorithm</help> + <constraint> + <regex>(deny|allow|prefer|require)</regex> + </constraint> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>deny</format> + <description>Do not negotiate IPv4</description> + </valueHelp> + <valueHelp> + <format>allow</format> + <description>Negotiate IPv4 only if client requests</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>Ask client for IPv4 negotiation, do not fail if it rejects</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>Require IPv4 negotiation</description> + </valueHelp> + <completionHelp> + <list>deny allow prefer require</list> + </completionHelp> + </properties> + </leafNode> + #include <include/accel-ppp/ppp-options-ipv6.xml.i> + #include <include/accel-ppp/ppp-options-ipv6-interface-id.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i index b8dbe73b2..c0367b891 100644 --- a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i +++ b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i @@ -13,12 +13,6 @@ <leafNode name="vendor"> <properties> <help>Vendor dictionary</help> - <completionHelp> - <list>alcatel cisco microsoft mikrotik</list> - </completionHelp> - <constraint> - <validator name="accel-radius-dictionary" /> - </constraint> </properties> </leafNode> <leafNode name="enable"> diff --git a/interface-definitions/include/bfd/common.xml.i b/interface-definitions/include/bfd/common.xml.i index 126ab9b9a..8e6999d28 100644 --- a/interface-definitions/include/bfd/common.xml.i +++ b/interface-definitions/include/bfd/common.xml.i @@ -63,6 +63,18 @@ </leafNode> </children> </node> +<leafNode name="minimum-ttl"> + <properties> + <help>Expect packets with at least this TTL</help> + <valueHelp> + <format>u32:1-254</format> + <description>Minimum TTL expected</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-254"/> + </constraint> + </properties> +</leafNode> <leafNode name="passive"> <properties> <help>Do not attempt to start sessions</help> diff --git a/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i b/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i new file mode 100644 index 000000000..d90597f37 --- /dev/null +++ b/interface-definitions/include/bgp/afi-nexthop-vpn-export.xml.i @@ -0,0 +1,32 @@ +<!-- include start from bgp/afi-nexthop-vpn-export.xml.i --> +<node name="nexthop"> + <properties> + <help>Specify next hop to use for VRF advertised prefixes</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Between current address-family and vpn</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>For routes leaked from current address-family to vpn</help> + <valueHelp> + <format>ipv4</format> + <description>BGP neighbor IP address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>BGP neighbor IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> +</node> + <!-- include end --> diff --git a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i index c218937c8..388991241 100644 --- a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i +++ b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i @@ -10,7 +10,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -26,7 +26,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/bgp/afi-sid.xml.i b/interface-definitions/include/bgp/afi-sid.xml.i new file mode 100644 index 000000000..38a3dcf9b --- /dev/null +++ b/interface-definitions/include/bgp/afi-sid.xml.i @@ -0,0 +1,36 @@ +<!-- include start from bgp/sid.xml.i --> +<node name="sid"> + <properties> + <help>SID value for VRF</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Between current VRF and VPN</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>For routes leaked from current VRF to VPN</help> + <completionHelp> + <list>auto</list> + </completionHelp> + <valueHelp> + <format>u32:1-1048575</format> + <description>SID allocation index</description> + </valueHelp> + <valueHelp> + <format>auto</format> + <description>Automatically assign a label</description> + </valueHelp> + <constraint> + <regex>auto</regex> + <validator name="numeric" argument="--range 1-1048575"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <!-- include end --> diff --git a/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i b/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i new file mode 100644 index 000000000..261d60232 --- /dev/null +++ b/interface-definitions/include/bgp/bmp-monitor-afi-policy.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bgp/bmp-monitor-afi-policy.xml.i --> +<leafNode name="pre-policy"> + <properties> + <help>Send state before policy and filter processing</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="post-policy"> + <properties> + <help>Send state with policy and filters applied</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i index 9ec513da9..a433f7cc6 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i @@ -1,5 +1,4 @@ <!-- include start from bgp/neighbor-afi-ipv4-ipv6-common.xml.i --> - <leafNode name="addpath-tx-all"> <properties> <help>Use addpath to advertise all paths to a neighbor</help> @@ -28,7 +27,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -44,7 +43,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -60,7 +59,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -185,7 +184,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index 504385b53..ea6e75bbd 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -120,6 +120,7 @@ #include <include/bgp/afi-rd.xml.i> #include <include/bgp/afi-route-map-vpn.xml.i> #include <include/bgp/afi-route-target-vpn.xml.i> + #include <include/bgp/afi-nexthop-vpn-export.xml.i> <node name="redistribute"> <properties> <help>Redistribute routes from other protocols into BGP</help> @@ -188,6 +189,7 @@ </leafNode> </children> </node> + #include <include/bgp/afi-sid.xml.i> </children> </node> <node name="ipv4-multicast"> @@ -343,6 +345,7 @@ #include <include/route-map.xml.i> </children> </tagNode> + #include <include/bgp/afi-maximum-paths.xml.i> </children> </node> <node name="ipv4-flowspec"> @@ -494,6 +497,7 @@ #include <include/bgp/afi-rd.xml.i> #include <include/bgp/afi-route-map-vpn.xml.i> #include <include/bgp/afi-route-target-vpn.xml.i> + #include <include/bgp/afi-nexthop-vpn-export.xml.i> <node name="redistribute"> <properties> <help>Redistribute routes from other protocols into BGP</help> @@ -554,6 +558,7 @@ </leafNode> </children> </node> + #include <include/bgp/afi-sid.xml.i> </children> </node> <node name="ipv6-multicast"> @@ -805,6 +810,76 @@ <valueless/> </properties> </leafNode> + <node name="default-originate"> + <properties> + <help>Originate a default route</help> + </properties> + <children> + <leafNode name="ipv4"> + <properties> + <help>IPv4 address family</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ipv6"> + <properties> + <help>IPv6 address family</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="disable-ead-evi-rx"> + <properties> + <help>Activate PE on EAD-ES even if EAD-EVI is not received</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-ead-evi-tx"> + <properties> + <help>Do not advertise EAD-EVI for local ESs</help> + <valueless/> + </properties> + </leafNode> + <node name="ead-es-frag"> + <properties> + <help>EAD ES fragment config</help> + </properties> + <children> + <leafNode name="evi-limit"> + <properties> + <help>EVIs per-fragment</help> + <valueHelp> + <format>u32:1-1000</format> + <description>limit</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1000"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="ead-es-route-target"> + <properties> + <help>EAD ES Route Target</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>Route Target export</help> + <valueHelp> + <format>txt</format> + <description>Route target (A.B.C.D:MN|EF:OPQR|GHJK:MN)</description> + </valueHelp> + <constraint> + <validator name="bgp-rd-rt" argument="--route-target-multi"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <node name="flooding"> <properties> <help>Specify handling for BUM packets</help> @@ -838,6 +913,92 @@ </node> </children> </node> +<node name="bmp"> + <properties> + <help>BGP Monitoring Protocol (BMP)</help> + </properties> + <children> + <leafNode name="mirror-buffer-limit"> + <properties> + <help>Maximum memory used for buffered mirroring messages (in bytes)</help> + <valueHelp> + <format>u32:0-4294967294</format> + <description>Limit in bytes</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967294"/> + </constraint> + </properties> + </leafNode> + <tagNode name="target"> + <properties> + <help>BMP target</help> + </properties> + <children> + #include <include/address-ipv4-ipv6-single.xml.i> + #include <include/port-number.xml.i> + <leafNode name="port"> + <defaultValue>5000</defaultValue> + </leafNode> + <leafNode name="min-retry"> + <properties> + <help>Minimum connection retry interval (in milliseconds)</help> + <valueHelp> + <format>u32:100-86400000</format> + <description>Minimum connection retry interval</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 100-86400000"/> + </constraint> + </properties> + <defaultValue>1000</defaultValue> + </leafNode> + <leafNode name="max-retry"> + <properties> + <help>Maximum connection retry interval</help> + <valueHelp> + <format>u32:100-4294967295</format> + <description>Maximum connection retry interval</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 100-86400000"/> + </constraint> + </properties> + <defaultValue>2000</defaultValue> + </leafNode> + <leafNode name="mirror"> + <properties> + <help>Send BMP route mirroring messages</help> + <valueless/> + </properties> + </leafNode> + <node name="monitor"> + <properties> + <help>Send BMP route monitoring messages</help> + </properties> + <children> + <node name="ipv4-unicast"> + <properties> + <help>Address family IPv4 unicast</help> + </properties> + <children> + #include <include/bgp/bmp-monitor-afi-policy.xml.i> + </children> + </node> + <node name="ipv6-unicast"> + <properties> + <help>Address family IPv6 unicast</help> + </properties> + <children> + #include <include/bgp/bmp-monitor-afi-policy.xml.i> + </children> + </node> + </children> + </node> + </children> + </tagNode> + </children> +</node> <tagNode name="interface"> <properties> <help>Configure interface related parameters, e.g. MPLS</help> @@ -1058,6 +1219,12 @@ <help>BGP parameters</help> </properties> <children> + <leafNode name="allow-martian-nexthop"> + <properties> + <help>Allow Martian nexthops to be received in the NLRI from a peer</help> + <valueless/> + </properties> + </leafNode> <leafNode name="always-compare-med"> <properties> <help>Always compare MEDs from different neighbors</help> @@ -1415,6 +1582,35 @@ <valueless/> </properties> </leafNode> + <leafNode name="no-hard-administrative-reset"> + <properties> + <help>Do not send hard reset CEASE Notification for 'Administrative Reset'</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="labeled-unicast"> + <properties> + <help>BGP Labeled-unicast options</help> + <completionHelp> + <list>explicit-null ipv4-explicit-null ipv6-explicit-null</list> + </completionHelp> + <valueHelp> + <format>explicit-null</format> + <description>Use explicit-null label values for all local prefixes</description> + </valueHelp> + <valueHelp> + <format>ipv4-explicit-null</format> + <description>Use IPv4 explicit-null label value for IPv4 local prefixes</description> + </valueHelp> + <valueHelp> + <format>ipv6-explicit-null</format> + <description>Use IPv6 explicit-null label value for IPv4 local prefixes</description> + </valueHelp> + <constraint> + <regex>(explicit-null|ipv4-explicit-null|ipv6-explicit-null)</regex> + </constraint> + </properties> + </leafNode> <leafNode name="log-neighbor-changes"> <properties> <help>Log neighbor up/down changes and reset reason</help> @@ -1541,8 +1737,10 @@ </properties> <children> #include <include/bgp/neighbor-afi-ipv4-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i> #include <include/bgp/neighbor-afi-ipv4-vpn.xml.i> #include <include/bgp/neighbor-afi-ipv6-unicast.xml.i> + #include <include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i> #include <include/bgp/neighbor-afi-ipv6-vpn.xml.i> #include <include/bgp/neighbor-afi-l2vpn-evpn.xml.i> </children> @@ -1568,6 +1766,66 @@ #include <include/port-number.xml.i> </children> </tagNode> +<node name="srv6"> + <properties> + <help>Segment-Routing SRv6 configuration</help> + </properties> + <children> + <leafNode name="locator"> + <properties> + <help>Specify SRv6 locator</help> + <valueHelp> + <format>txt</format> + <description>SRv6 locator name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="sid"> + <properties> + <help>SID value for VRF</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Between current VRF and VPN</help> + </properties> + <children> + <node name="per-vrf"> + <properties> + <help>SID per-VRF (both IPv4 and IPv6 address families)</help> + </properties> + <children> + <leafNode name="export"> + <properties> + <help>For routes leaked from current VRF to VPN</help> + <completionHelp> + <list>auto</list> + </completionHelp> + <valueHelp> + <format>u32:1-1048575</format> + <description>SID allocation index</description> + </valueHelp> + <valueHelp> + <format>auto</format> + <description>Automatically assign a label</description> + </valueHelp> + <constraint> + <regex>auto</regex> + <validator name="numeric" argument="--range 1-1048575"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> +</node> <node name="timers"> <properties> <help>BGP protocol timers</help> diff --git a/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i b/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i new file mode 100644 index 000000000..e6bff7e4d --- /dev/null +++ b/interface-definitions/include/conntrack/timeout-custom-protocols.xml.i @@ -0,0 +1,136 @@ +<!-- include start from conntrack/timeout-custom-protocols.xml.i --> +<node name="tcp"> + <properties> + <help>TCP connection timeout options</help> + </properties> + <children> + <leafNode name="close-wait"> + <properties> + <help>TCP CLOSE-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP CLOSE-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="close"> + <properties> + <help>TCP CLOSE timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP CLOSE timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="established"> + <properties> + <help>TCP ESTABLISHED timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP ESTABLISHED timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="fin-wait"> + <properties> + <help>TCP FIN-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP FIN-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="last-ack"> + <properties> + <help>TCP LAST-ACK timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP LAST-ACK timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="syn-recv"> + <properties> + <help>TCP SYN-RECEIVED timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP SYN-RECEIVED timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="syn-sent"> + <properties> + <help>TCP SYN-SENT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP SYN-SENT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time-wait"> + <properties> + <help>TCP TIME-WAIT timeout in seconds</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>TCP TIME-WAIT timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="udp"> + <properties> + <help>UDP timeout options</help> + </properties> + <children> + <leafNode name="replied"> + <properties> + <help>Timeout for UDP connection seen in both directions</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>Timeout for UDP connection seen in both directions</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + <leafNode name="unreplied"> + <properties> + <help>Timeout for unreplied UDP</help> + <valueHelp> + <format>u32:1-21474836</format> + <description>Timeout for unreplied UDP</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-21474836"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i new file mode 100644 index 000000000..7aeb85260 --- /dev/null +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/alpha-numeric-hyphen-underscore-dot.xml.i --> +<regex>[-_a-zA-Z0-9.]+</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i index ba097c6b5..399f2e1da 100644 --- a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i @@ -1,3 +1,3 @@ -<!-- include start from include/constraint/alpha-numeric-hyphen-underscore.xml.i --> +<!-- include start from constraint/alpha-numeric-hyphen-underscore.xml.i --> <regex>[-_a-zA-Z0-9]+</regex> <!-- include end --> diff --git a/interface-definitions/include/constraint/dhcp-client-string-option.xml.i b/interface-definitions/include/constraint/dhcp-client-string-option.xml.i new file mode 100644 index 000000000..88257a9bb --- /dev/null +++ b/interface-definitions/include/constraint/dhcp-client-string-option.xml.i @@ -0,0 +1,4 @@ +<!-- include start from constraint/dhcp-client-string-option.xml.i --> +<regex>[-_a-zA-Z0-9\s]+</regex> +<regex>([a-fA-F0-9][a-fA-F0-9]:){2,}[a-fA-F0-9][a-fA-F0-9]</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/email.xml.i b/interface-definitions/include/constraint/email.xml.i new file mode 100644 index 000000000..b19a88d64 --- /dev/null +++ b/interface-definitions/include/constraint/email.xml.i @@ -0,0 +1,3 @@ +<!-- include start from constraint/email.xml.i --> +<regex>[^\s@]+@([^\s@.,]+\.)+[^\s@.,]{2,}</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/host-name.xml.i b/interface-definitions/include/constraint/host-name.xml.i index cc9740c16..5943772a2 100644 --- a/interface-definitions/include/constraint/host-name.xml.i +++ b/interface-definitions/include/constraint/host-name.xml.i @@ -1,3 +1,3 @@ -<!-- include start from constraint/host-name.xml.i -->
-<regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex>
-<!-- include end -->
+<!-- include start from constraint/host-name.xml.i --> +<regex>[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9]</regex> +<!-- include end --> diff --git a/interface-definitions/include/constraint/interface-name.xml.i b/interface-definitions/include/constraint/interface-name.xml.i index 1b14eabf5..3e7c4e667 100644 --- a/interface-definitions/include/constraint/interface-name.xml.i +++ b/interface-definitions/include/constraint/interface-name.xml.i @@ -1,4 +1,4 @@ <!-- include start from constraint/interface-name.xml.i --> -<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex> +<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|ipoe|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex> <validator name="file-path --lookup-path /sys/class/net --directory"/> <!-- include end --> diff --git a/interface-definitions/include/dhcp/captive-portal.xml.i b/interface-definitions/include/dhcp/captive-portal.xml.i new file mode 100644 index 000000000..643f055a8 --- /dev/null +++ b/interface-definitions/include/dhcp/captive-portal.xml.i @@ -0,0 +1,11 @@ +<!-- include start from dhcp/captive-portal.xml.i --> +<leafNode name="captive-portal"> + <properties> + <help>Captive portal API endpoint</help> + <valueHelp> + <format>txt</format> + <description>Captive portal API endpoint</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/option-v4.xml.i b/interface-definitions/include/dhcp/option-v4.xml.i new file mode 100644 index 000000000..bd6fc6043 --- /dev/null +++ b/interface-definitions/include/dhcp/option-v4.xml.i @@ -0,0 +1,257 @@ +<!-- include start from dhcp/option-v4.xml.i --> +<node name="option"> + <properties> + <help>DHCP option</help> + </properties> + <children> + #include <include/dhcp/captive-portal.xml.i> + #include <include/dhcp/domain-name.xml.i> + #include <include/dhcp/domain-search.xml.i> + #include <include/dhcp/ntp-server.xml.i> + #include <include/name-server-ipv4.xml.i> + <leafNode name="bootfile-name"> + <properties> + <help>Bootstrap file name</help> + <constraint> + <regex>[[:ascii:]]{1,253}</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="bootfile-server"> + <properties> + <help>Server from which the initial boot file is to be loaded</help> + <valueHelp> + <format>ipv4</format> + <description>Bootfile server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Bootfile server FQDN</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + <leafNode name="bootfile-size"> + <properties> + <help>Bootstrap file size</help> + <valueHelp> + <format>u32:1-16</format> + <description>Bootstrap file size in 512 byte blocks</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16"/> + </constraint> + </properties> + </leafNode> + <leafNode name="client-prefix-length"> + <properties> + <help>Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used.</help> + <valueHelp> + <format>u32:0-32</format> + <description>DHCP client prefix length must be 0 to 32</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-32"/> + </constraint> + <constraintErrorMessage>DHCP client prefix length must be 0 to 32</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="default-router"> + <properties> + <help>IP address of default router</help> + <valueHelp> + <format>ipv4</format> + <description>Default router IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ip-forwarding"> + <properties> + <help>Enable IP forwarding on client</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="ipv6-only-preferred"> + <properties> + <help>Disable IPv4 on IPv6 only hosts (RFC 8925)</help> + <valueHelp> + <format>u32</format> + <description>Seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + <constraintErrorMessage>Seconds must be between 0 and 4294967295 (49 days)</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="pop-server"> + <properties> + <help>IP address of POP3 server</help> + <valueHelp> + <format>ipv4</format> + <description>POP3 server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="server-identifier"> + <properties> + <help>Address for DHCP server identifier</help> + <valueHelp> + <format>ipv4</format> + <description>DHCP server identifier IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="smtp-server"> + <properties> + <help>IP address of SMTP server</help> + <valueHelp> + <format>ipv4</format> + <description>SMTP server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <tagNode name="static-route"> + <properties> + <help>Classless static route destination subnet</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="next-hop"> + <properties> + <help>IP address of router to be used to reach the destination subnet</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of router</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode > + <leafNode name="tftp-server-name"> + <properties> + <help>TFTP server name</help> + <valueHelp> + <format>ipv4</format> + <description>TFTP server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>TFTP server FQDN</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time-offset"> + <properties> + <help>Client subnet offset in seconds from Coordinated Universal Time (UTC)</help> + <valueHelp> + <format>[-]N</format> + <description>Time offset (number, may be negative)</description> + </valueHelp> + <constraint> + <regex>-?[0-9]+</regex> + </constraint> + <constraintErrorMessage>Invalid time offset value</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="time-server"> + <properties> + <help>IP address of time server</help> + <valueHelp> + <format>ipv4</format> + <description>Time server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="time-zone"> + <properties> + <help>Time zone to send to clients. Uses RFC4833 options 100 and 101</help> + <completionHelp> + <script>timedatectl list-timezones</script> + </completionHelp> + <constraint> + <validator name="timezone" argument="--validate"/> + </constraint> + </properties> + </leafNode> + <node name="vendor-option"> + <properties> + <help>Vendor Specific Options</help> + </properties> + <children> + <node name="ubiquiti"> + <properties> + <help>Ubiquiti specific parameters</help> + </properties> + <children> + <leafNode name="unifi-controller"> + <properties> + <help>Address of UniFi controller</help> + <valueHelp> + <format>ipv4</format> + <description>IP address of UniFi controller</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="wins-server"> + <properties> + <help>IP address for Windows Internet Name Service (WINS) server</help> + <valueHelp> + <format>ipv4</format> + <description>WINS server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="wpad-url"> + <properties> + <help>Web Proxy Autodiscovery (WPAD) URL</help> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/option-v6.xml.i b/interface-definitions/include/dhcp/option-v6.xml.i new file mode 100644 index 000000000..1df0c3934 --- /dev/null +++ b/interface-definitions/include/dhcp/option-v6.xml.i @@ -0,0 +1,110 @@ +<!-- include start from dhcp/option-v6.xml.i --> +<node name="option"> + <properties> + <help>DHCPv6 option</help> + </properties> + <children> + #include <include/dhcp/captive-portal.xml.i> + #include <include/dhcp/domain-search.xml.i> + #include <include/name-server-ipv6.xml.i> + <leafNode name="nis-domain"> + <properties> + <help>NIS domain name for client to use</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Invalid NIS domain name</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="nis-server"> + <properties> + <help>IPv6 address of a NIS Server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of NIS server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="nisplus-domain"> + <properties> + <help>NIS+ domain name for client to use</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Invalid NIS+ domain name. May only contain letters, numbers and .-_</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="nisplus-server"> + <properties> + <help>IPv6 address of a NIS+ Server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of NIS+ server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="sip-server"> + <properties> + <help>IPv6 address of SIP server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of SIP server</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>FQDN of SIP server</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + <validator name="fqdn"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="sntp-server"> + <properties> + <help>IPv6 address of an SNTP server for client to use</help> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="vendor-option"> + <properties> + <help>Vendor Specific Options</help> + </properties> + <children> + <node name="cisco"> + <properties> + <help>Cisco specific parameters</help> + </properties> + <children> + <leafNode name="tftp-server"> + <properties> + <help>TFTP server name</help> + <valueHelp> + <format>ipv6</format> + <description>TFTP server IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/ping-check.xml.i b/interface-definitions/include/dhcp/ping-check.xml.i deleted file mode 100644 index a506f68e4..000000000 --- a/interface-definitions/include/dhcp/ping-check.xml.i +++ /dev/null @@ -1,8 +0,0 @@ -<!-- include start from dhcp/ping-check.xml.i --> -<leafNode name="ping-check"> - <properties> - <help>Sends ICMP Echo request to the address being assigned</help> - <valueless/> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i b/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i deleted file mode 100644 index 9dd14f97c..000000000 --- a/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i +++ /dev/null @@ -1,35 +0,0 @@ -<!-- include start from dns/dynamic-service-host-name-server.xml.i --> -<leafNode name="host-name"> - <properties> - <help>Hostname to register with Dynamic DNS service</help> - <constraint> - #include <include/constraint/host-name.xml.i> - <regex>(\@|\*)[-.A-Za-z0-9]*</regex> - </constraint> - <constraintErrorMessage>Host-name must be alphanumeric, can contain hyphens and can be prefixed with '@' or '*'</constraintErrorMessage> - <multi/> - </properties> -</leafNode> -<leafNode name="server"> - <properties> - <help>Remote Dynamic DNS server to send updates to</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of the remote server</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address of the remote server</description> - </valueHelp> - <valueHelp> - <format>hostname</format> - <description>Fully qualified domain name of the remote server</description> - </valueHelp> - <constraint> - <validator name="ip-address"/> - <validator name="fqdn"/> - </constraint> - <constraintErrorMessage>Remote server must be IP address or fully qualified domain name</constraintErrorMessage> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/dns/dynamic-service-wait-expiry-time.xml.i b/interface-definitions/include/dns/dynamic-service-wait-expiry-time.xml.i deleted file mode 100644 index 866690cbe..000000000 --- a/interface-definitions/include/dns/dynamic-service-wait-expiry-time.xml.i +++ /dev/null @@ -1,28 +0,0 @@ -<!-- include start from dns/dynamic-service-wait-expiry-time.xml.i --> -<leafNode name="wait-time"> - <properties> - <help>Time in seconds to wait between update attempts</help> - <valueHelp> - <format>u32:60-86400</format> - <description>Time in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 60-86400"/> - </constraint> - <constraintErrorMessage>Wait time must be between 60 and 86400 seconds</constraintErrorMessage> - </properties> -</leafNode> -<leafNode name="expiry-time"> - <properties> - <help>Time in seconds for the hostname to be marked expired in cache</help> - <valueHelp> - <format>u32:300-2160000</format> - <description>Time in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 300-2160000"/> - </constraint> - <constraintErrorMessage>Expiry time must be between 300 and 2160000 seconds</constraintErrorMessage> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/dns/dynamic-service-zone.xml.i b/interface-definitions/include/dns/dynamic-service-zone.xml.i deleted file mode 100644 index 0cc00468f..000000000 --- a/interface-definitions/include/dns/dynamic-service-zone.xml.i +++ /dev/null @@ -1,14 +0,0 @@ -<!-- include start from dns/dynamic-service-zone.xml.i --> -<leafNode name="zone"> - <properties> - <help>DNS zone to be updated</help> - <valueHelp> - <format>txt</format> - <description>Name of DNS zone</description> - </valueHelp> - <constraint> - <validator name="fqdn"/> - </constraint> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i index 954e4f23e..e1f0c6cb6 100644 --- a/interface-definitions/include/firewall/action.xml.i +++ b/interface-definitions/include/firewall/action.xml.i @@ -3,7 +3,7 @@ <properties> <help>Rule action</help> <completionHelp> - <list>accept continue jump reject return drop queue synproxy</list> + <list>accept continue jump reject return drop queue offload synproxy</list> </completionHelp> <valueHelp> <format>accept</format> @@ -34,11 +34,15 @@ <description>Enqueue packet to userspace</description> </valueHelp> <valueHelp> + <format>offload</format> + <description>Offload packet via flowtable</description> + </valueHelp> + <valueHelp> <format>synproxy</format> <description>Synproxy connections</description> </valueHelp> <constraint> - <regex>(accept|continue|jump|reject|return|drop|queue|synproxy)</regex> + <regex>(accept|continue|jump|reject|return|drop|queue|offload|synproxy)</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i b/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i new file mode 100644 index 000000000..769761cb6 --- /dev/null +++ b/interface-definitions/include/firewall/add-dynamic-address-groups.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/add-dynamic-address-groups.xml.i --> +<leafNode name="address-group"> + <properties> + <help>Dynamic address-group</help> + <completionHelp> + <path>firewall group dynamic-group address-group</path> + </completionHelp> + </properties> +</leafNode> +<leafNode name="timeout"> + <properties> + <help>Set timeout</help> + <valueHelp> + <format><number>s</format> + <description>Timeout value in seconds</description> + </valueHelp> + <valueHelp> + <format><number>m</format> + <description>Timeout value in minutes</description> + </valueHelp> + <valueHelp> + <format><number>h</format> + <description>Timeout value in hours</description> + </valueHelp> + <valueHelp> + <format><number>d</format> + <description>Timeout value in days</description> + </valueHelp> + <constraint> + <regex>\d+(s|m|h|d)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i b/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i new file mode 100644 index 000000000..7bd91c58a --- /dev/null +++ b/interface-definitions/include/firewall/add-dynamic-ipv6-address-groups.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/add-dynamic-ipv6-address-groups.xml.i --> +<leafNode name="address-group"> + <properties> + <help>Dynamic ipv6-address-group</help> + <completionHelp> + <path>firewall group dynamic-group ipv6-address-group</path> + </completionHelp> + </properties> +</leafNode> +<leafNode name="timeout"> + <properties> + <help>Set timeout</help> + <valueHelp> + <format><number>s</format> + <description>Timeout value in seconds</description> + </valueHelp> + <valueHelp> + <format><number>m</format> + <description>Timeout value in minutes</description> + </valueHelp> + <valueHelp> + <format><number>h</format> + <description>Timeout value in hours</description> + </valueHelp> + <valueHelp> + <format><number>d</format> + <description>Timeout value in days</description> + </valueHelp> + <constraint> + <regex>\d+(s|m|h|d)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/bridge-custom-name.xml.i b/interface-definitions/include/firewall/bridge-custom-name.xml.i index a85fd5a19..654493c0e 100644 --- a/interface-definitions/include/firewall/bridge-custom-name.xml.i +++ b/interface-definitions/include/firewall/bridge-custom-name.xml.i @@ -8,7 +8,7 @@ </properties> <children> #include <include/firewall/default-action.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <leafNode name="default-jump-target"> <properties> @@ -36,4 +36,4 @@ </tagNode> </children> </tagNode> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/bridge-hook-forward.xml.i b/interface-definitions/include/firewall/bridge-hook-forward.xml.i index 23d757070..99f66ec77 100644 --- a/interface-definitions/include/firewall/bridge-hook-forward.xml.i +++ b/interface-definitions/include/firewall/bridge-hook-forward.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -31,4 +32,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i index 381e04b1e..6de770c79 100644 --- a/interface-definitions/include/firewall/common-rule-bridge.xml.i +++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i @@ -23,26 +23,8 @@ </completionHelp> </properties> </leafNode> -<leafNode name="log"> - <properties> - <help>Option to log packets matching rule</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable log</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable log</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> -</leafNode> -#include <include/firewall/rule-log-options.xml.i> +#include <include/firewall/log.xml.i> +#include <include/firewall/log-options.xml.i> <node name="source"> <properties> <help>Source parameters</help> @@ -54,4 +36,4 @@ #include <include/firewall/inbound-interface.xml.i> #include <include/firewall/outbound-interface.xml.i> #include <include/firewall/match-vlan.xml.i> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index a55a1a551..85189d975 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -32,25 +32,6 @@ </leafNode> </children> </node> -<node name="ipsec"> - <properties> - <help>Inbound IPsec packets</help> - </properties> - <children> - <leafNode name="match-ipsec"> - <properties> - <help>Inbound IPsec packets</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="match-none"> - <properties> - <help>Inbound non-IPsec packets</help> - <valueless/> - </properties> - </leafNode> - </children> -</node> <node name="limit"> <properties> <help>Rate limit using a token bucket filter</help> @@ -82,45 +63,8 @@ </leafNode> </children> </node> -<leafNode name="log"> - <properties> - <help>Option to log packets matching rule</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable log</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable log</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> -</leafNode> -<leafNode name="log"> - <properties> - <help>Option to log packets matching rule</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable log</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable log</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> -</leafNode> -#include <include/firewall/rule-log-options.xml.i> +#include <include/firewall/log.xml.i> +#include <include/firewall/log-options.xml.i> <node name="connection-status"> <properties> <help>Connection status</help> @@ -222,89 +166,7 @@ </children> </node> #include <include/firewall/synproxy.xml.i> -<node name="state"> - <properties> - <help>Session state</help> - </properties> - <children> - <leafNode name="established"> - <properties> - <help>Established state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="invalid"> - <properties> - <help>Invalid state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="new"> - <properties> - <help>New state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="related"> - <properties> - <help>Related state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> +#include <include/firewall/state.xml.i> #include <include/firewall/tcp-flags.xml.i> #include <include/firewall/tcp-mss.xml.i> <node name="time"> diff --git a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i index e040c9b13..0d749aa27 100644 --- a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i @@ -144,7 +144,7 @@ </constraint> </properties> </leafNode> -#include <include/firewall/rule-log-options.xml.i> +#include <include/firewall/log-options.xml.i> <node name="connection-status"> <properties> <help>Connection status</help> diff --git a/interface-definitions/include/firewall/common-rule-ipv4.xml.i b/interface-definitions/include/firewall/common-rule-ipv4.xml.i index 4ed179ae7..158c7a662 100644 --- a/interface-definitions/include/firewall/common-rule-ipv4.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv4.xml.i @@ -1,6 +1,29 @@ <!-- include start from firewall/common-rule-ipv4.xml.i --> #include <include/firewall/common-rule-inet.xml.i> #include <include/firewall/ttl.xml.i> +<node name="add-address-to-group"> + <properties> + <help>Add ip address to dynamic address-group</help> + </properties> + <children> + <node name="source-address"> + <properties> + <help>Add source ip addresses to dynamic address-group</help> + </properties> + <children> + #include <include/firewall/add-dynamic-address-groups.xml.i> + </children> + </node> + <node name="destination-address"> + <properties> + <help>Add destination ip addresses to dynamic address-group</help> + </properties> + <children> + #include <include/firewall/add-dynamic-address-groups.xml.i> + </children> + </node> + </children> +</node> <node name="destination"> <properties> <help>Destination parameters</help> @@ -13,6 +36,7 @@ #include <include/firewall/mac-address.xml.i> #include <include/firewall/port.xml.i> #include <include/firewall/source-destination-group.xml.i> + #include <include/firewall/source-destination-dynamic-group.xml.i> </children> </node> <node name="icmp"> @@ -67,6 +91,7 @@ #include <include/firewall/mac-address.xml.i> #include <include/firewall/port.xml.i> #include <include/firewall/source-destination-group.xml.i> + #include <include/firewall/source-destination-dynamic-group.xml.i> </children> </node> <!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule-ipv6.xml.i b/interface-definitions/include/firewall/common-rule-ipv6.xml.i index 6219557db..78eeb361e 100644 --- a/interface-definitions/include/firewall/common-rule-ipv6.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv6.xml.i @@ -1,6 +1,29 @@ <!-- include start from firewall/common-rule-ipv6.xml.i --> #include <include/firewall/common-rule-inet.xml.i> #include <include/firewall/hop-limit.xml.i> +<node name="add-address-to-group"> + <properties> + <help>Add ipv6 address to dynamic ipv6-address-group</help> + </properties> + <children> + <node name="source-address"> + <properties> + <help>Add source ipv6 addresses to dynamic ipv6-address-group</help> + </properties> + <children> + #include <include/firewall/add-dynamic-ipv6-address-groups.xml.i> + </children> + </node> + <node name="destination-address"> + <properties> + <help>Add destination ipv6 addresses to dynamic ipv6-address-group</help> + </properties> + <children> + #include <include/firewall/add-dynamic-ipv6-address-groups.xml.i> + </children> + </node> + </children> +</node> <node name="destination"> <properties> <help>Destination parameters</help> @@ -13,6 +36,7 @@ #include <include/firewall/mac-address.xml.i> #include <include/firewall/port.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> + #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i> </children> </node> <node name="icmpv6"> @@ -67,6 +91,7 @@ #include <include/firewall/mac-address.xml.i> #include <include/firewall/port.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> + #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i> </children> </node> <!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i deleted file mode 100644 index c62bf2c5f..000000000 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ /dev/null @@ -1,387 +0,0 @@ -<!-- include start from firewall/common-rule.xml.i --> -#include <include/firewall/action.xml.i> -#include <include/generic-description.xml.i> -<node name="destination"> - <properties> - <help>Destination parameters</help> - </properties> - <children> - #include <include/firewall/mac-address.xml.i> - </children> -</node> -<leafNode name="disable"> - <properties> - <help>Option to disable firewall rule</help> - <valueless/> - </properties> -</leafNode> -<node name="fragment"> - <properties> - <help>IP fragment match</help> - </properties> - <children> - <leafNode name="match-frag"> - <properties> - <help>Second and further fragments of fragmented packets</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="match-non-frag"> - <properties> - <help>Head fragments or unfragmented packets</help> - <valueless/> - </properties> - </leafNode> - </children> -</node> -<node name="inbound-interface"> - <properties> - <help>Match inbound-interface</help> - </properties> - <children> - #include <include/firewall/match-interface.xml.i> - </children> -</node> -<node name="outbound-interface"> - <properties> - <help>Match outbound-interface</help> - </properties> - <children> - #include <include/firewall/match-interface.xml.i> - </children> -</node> -<node name="ipsec"> - <properties> - <help>Inbound IPsec packets</help> - </properties> - <children> - <leafNode name="match-ipsec"> - <properties> - <help>Inbound IPsec packets</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="match-none"> - <properties> - <help>Inbound non-IPsec packets</help> - <valueless/> - </properties> - </leafNode> - </children> -</node> -<node name="limit"> - <properties> - <help>Rate limit using a token bucket filter</help> - </properties> - <children> - <leafNode name="burst"> - <properties> - <help>Maximum number of packets to allow in excess of rate</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Maximum number of packets to allow in excess of rate</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-4294967295"/> - </constraint> - </properties> - </leafNode> - <leafNode name="rate"> - <properties> - <help>Maximum average matching rate</help> - <valueHelp> - <format>txt</format> - <description>integer/unit (Example: 5/minute)</description> - </valueHelp> - <constraint> - <regex>\d+/(second|minute|hour|day)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -<leafNode name="log"> - <properties> - <help>Option to log packets matching rule</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable log</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable log</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> -</leafNode> -#include <include/firewall/rule-log-options.xml.i> -<node name="connection-status"> - <properties> - <help>Connection status</help> - </properties> - <children> - <leafNode name="nat"> - <properties> - <help>NAT connection status</help> - <completionHelp> - <list>destination source</list> - </completionHelp> - <valueHelp> - <format>destination</format> - <description>Match connections that are subject to destination NAT</description> - </valueHelp> - <valueHelp> - <format>source</format> - <description>Match connections that are subject to source NAT</description> - </valueHelp> - <constraint> - <regex>^(destination|source)$</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -<leafNode name="protocol"> - <properties> - <help>Protocol to match (protocol name, number, or "all")</help> - <completionHelp> - <script>${vyos_completion_dir}/list_protocols.sh</script> - <list>all tcp_udp</list> - </completionHelp> - <valueHelp> - <format>all</format> - <description>All IP protocols</description> - </valueHelp> - <valueHelp> - <format>tcp_udp</format> - <description>Both TCP and UDP</description> - </valueHelp> - <valueHelp> - <format>u32:0-255</format> - <description>IP protocol number</description> - </valueHelp> - <valueHelp> - <format><protocol></format> - <description>IP protocol name</description> - </valueHelp> - <valueHelp> - <format>!<protocol></format> - <description>IP protocol name</description> - </valueHelp> - <constraint> - <validator name="ip-protocol"/> - </constraint> - </properties> -</leafNode> -<node name="recent"> - <properties> - <help>Parameters for matching recently seen sources</help> - </properties> - <children> - <leafNode name="count"> - <properties> - <help>Source addresses seen more than N times</help> - <valueHelp> - <format>u32:1-255</format> - <description>Source addresses seen more than N times</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-255"/> - </constraint> - </properties> - </leafNode> - <leafNode name="time"> - <properties> - <help>Source addresses seen in the last second/minute/hour</help> - <completionHelp> - <list>second minute hour</list> - </completionHelp> - <valueHelp> - <format>second</format> - <description>Source addresses seen COUNT times in the last second</description> - </valueHelp> - <valueHelp> - <format>minute</format> - <description>Source addresses seen COUNT times in the last minute</description> - </valueHelp> - <valueHelp> - <format>hour</format> - <description>Source addresses seen COUNT times in the last hour</description> - </valueHelp> - <constraint> - <regex>(second|minute|hour)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -<node name="source"> - <properties> - <help>Source parameters</help> - </properties> - <children> - #include <include/firewall/address.xml.i> - #include <include/firewall/source-destination-group.xml.i> - #include <include/firewall/mac-address.xml.i> - #include <include/firewall/port.xml.i> - </children> -</node> -<node name="state"> - <properties> - <help>Session state</help> - </properties> - <children> - <leafNode name="established"> - <properties> - <help>Established state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="invalid"> - <properties> - <help>Invalid state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="new"> - <properties> - <help>New state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="related"> - <properties> - <help>Related state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -#include <include/firewall/tcp-flags.xml.i> -#include <include/firewall/tcp-mss.xml.i> -<node name="time"> - <properties> - <help>Time to match rule</help> - </properties> - <children> - <leafNode name="startdate"> - <properties> - <help>Date to start matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter date using following notation - YYYY-MM-DD</description> - </valueHelp> - <constraint> - <regex>(\d{4}\-\d{2}\-\d{2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="starttime"> - <properties> - <help>Time of day to start matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter time using using 24 hour notation - hh:mm:ss</description> - </valueHelp> - <constraint> - <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="stopdate"> - <properties> - <help>Date to stop matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter date using following notation - YYYY-MM-DD</description> - </valueHelp> - <constraint> - <regex>(\d{4}\-\d{2}\-\d{2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="stoptime"> - <properties> - <help>Time of day to stop matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter time using using 24 hour notation - hh:mm:ss</description> - </valueHelp> - <constraint> - <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="weekdays"> - <properties> - <help>Comma separated weekdays to match rule on</help> - <valueHelp> - <format>txt</format> - <description>Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday)</description> - </valueHelp> - <valueHelp> - <format>u32:0-6</format> - <description>Day number (0 = Sunday ... 6 = Saturday)</description> - </valueHelp> - </properties> - </leafNode> - </children> -</node> -<!-- include end --> diff --git a/interface-definitions/include/firewall/default-log.xml.i b/interface-definitions/include/firewall/default-log.xml.i new file mode 100644 index 000000000..dceacdb89 --- /dev/null +++ b/interface-definitions/include/firewall/default-log.xml.i @@ -0,0 +1,8 @@ +<!-- include start from firewall/default-log.xml.i --> +<leafNode name="default-log"> + <properties> + <help>Log packets hitting default-action</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/enable-default-log.xml.i b/interface-definitions/include/firewall/enable-default-log.xml.i deleted file mode 100644 index 0efd8341b..000000000 --- a/interface-definitions/include/firewall/enable-default-log.xml.i +++ /dev/null @@ -1,8 +0,0 @@ -<!-- include start from firewall/enable-default-log.xml.i --> -<leafNode name="enable-default-log"> - <properties> - <help>Log packets hitting default-action</help> - <valueless/> - </properties> -</leafNode> -<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i index e655cd6ac..415d85f05 100644 --- a/interface-definitions/include/firewall/global-options.xml.i +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -167,6 +167,43 @@ </properties> <defaultValue>disable</defaultValue> </leafNode> + <node name="state-policy"> + <properties> + <help>Global firewall state-policy</help> + </properties> + <children> + <node name="established"> + <properties> + <help>Global firewall policy for packets part of an established connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> + </children> + </node> + <node name="invalid"> + <properties> + <help>Global firewall policy for packets part of an invalid connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> + </children> + </node> + <node name="related"> + <properties> + <help>Global firewall policy for packets part of a related connection</help> + </properties> + <children> + #include <include/firewall/action-accept-drop-reject.xml.i> + #include <include/firewall/log.xml.i> + #include <include/firewall/rule-log-level.xml.i> + </children> + </node> + </children> + </node> <leafNode name="syn-cookies"> <properties> <help>Policy for using TCP SYN cookies with IPv4</help> diff --git a/interface-definitions/include/firewall/inbound-interface-no-group.xml.i b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i new file mode 100644 index 000000000..bcd4c9570 --- /dev/null +++ b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/inbound-interface-no-group.xml.i --> +<node name="inbound-interface"> + <properties> + <help>Match inbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv4-custom-name.xml.i b/interface-definitions/include/firewall/ipv4-custom-name.xml.i index 9d6ecfaf2..8046b2d6c 100644 --- a/interface-definitions/include/firewall/ipv4-custom-name.xml.i +++ b/interface-definitions/include/firewall/ipv4-custom-name.xml.i @@ -8,7 +8,7 @@ </properties> <children> #include <include/firewall/default-action.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <leafNode name="default-jump-target"> <properties> @@ -33,9 +33,11 @@ <children> #include <include/firewall/common-rule-ipv4.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec.xml.i> + #include <include/firewall/offload-target.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> </children> </tagNode> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i index 70c0adb77..b0e240a03 100644 --- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -27,6 +28,7 @@ #include <include/firewall/action-forward.xml.i> #include <include/firewall/common-rule-ipv4.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec.xml.i> #include <include/firewall/offload-target.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> @@ -35,4 +37,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i index 32b0ec94f..cefb1ffa7 100644 --- a/interface-definitions/include/firewall/ipv4-hook-input.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -26,10 +27,11 @@ <children> #include <include/firewall/common-rule-ipv4.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec.xml.i> </children> </tagNode> </children> </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i index d50d1e93b..2b537ce5e 100644 --- a/interface-definitions/include/firewall/ipv4-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -32,4 +33,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-custom-name.xml.i b/interface-definitions/include/firewall/ipv6-custom-name.xml.i index 81610babf..fb8740c38 100644 --- a/interface-definitions/include/firewall/ipv6-custom-name.xml.i +++ b/interface-definitions/include/firewall/ipv6-custom-name.xml.i @@ -8,7 +8,7 @@ </properties> <children> #include <include/firewall/default-action.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <leafNode name="default-jump-target"> <properties> @@ -33,9 +33,11 @@ <children> #include <include/firewall/common-rule-ipv6.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec.xml.i> + #include <include/firewall/offload-target.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> </tagNode> </children> </tagNode> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i index d83827161..7efc2614e 100644 --- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -27,6 +28,7 @@ #include <include/firewall/action-forward.xml.i> #include <include/firewall/common-rule-ipv6.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec.xml.i> #include <include/firewall/offload-target.xml.i> #include <include/firewall/outbound-interface.xml.i> </children> @@ -35,4 +37,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i index e34958f28..e1f41e64c 100644 --- a/interface-definitions/include/firewall/ipv6-hook-input.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -26,10 +27,11 @@ <children> #include <include/firewall/common-rule-ipv6.xml.i> #include <include/firewall/inbound-interface.xml.i> + #include <include/firewall/match-ipsec.xml.i> </children> </tagNode> </children> </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i index eb4ea7ac3..ffe1c72b8 100644 --- a/interface-definitions/include/firewall/ipv6-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i @@ -10,6 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -32,4 +33,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/rule-log-options.xml.i b/interface-definitions/include/firewall/log-options.xml.i index e8b0cdec3..e8b0cdec3 100644 --- a/interface-definitions/include/firewall/rule-log-options.xml.i +++ b/interface-definitions/include/firewall/log-options.xml.i diff --git a/interface-definitions/include/firewall/log.xml.i b/interface-definitions/include/firewall/log.xml.i index 46d20c1df..21548f3fb 100644 --- a/interface-definitions/include/firewall/log.xml.i +++ b/interface-definitions/include/firewall/log.xml.i @@ -1,15 +1,8 @@ <!-- include start from firewall/log.xml.i --> -<node name="log"> +<leafNode name="log"> <properties> - <help>Option to log packets</help> + <help>Log packets hitting this rule</help> + <valueless/> </properties> - <children> - <leafNode name="enable"> - <properties> - <help>Enable logging</help> - <valueless/> - </properties> - </leafNode> - </children> -</node> +</leafNode> <!-- include end --> diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i index 1cd9f8c4a..5da6f51fb 100644 --- a/interface-definitions/include/firewall/match-interface.xml.i +++ b/interface-definitions/include/firewall/match-interface.xml.i @@ -1,5 +1,5 @@ <!-- include start from firewall/match-interface.xml.i --> -<leafNode name="interface-name"> +<leafNode name="name"> <properties> <help>Match interface</help> <completionHelp> @@ -24,7 +24,7 @@ </constraint> </properties> </leafNode> -<leafNode name="interface-group"> +<leafNode name="group"> <properties> <help>Match interface-group</help> <completionHelp> diff --git a/interface-definitions/include/firewall/match-ipsec.xml.i b/interface-definitions/include/firewall/match-ipsec.xml.i new file mode 100644 index 000000000..82c2b324d --- /dev/null +++ b/interface-definitions/include/firewall/match-ipsec.xml.i @@ -0,0 +1,21 @@ +<!-- include start from firewall/match-ipsec.xml.i --> +<node name="ipsec"> + <properties> + <help>Inbound IPsec packets</help> + </properties> + <children> + <leafNode name="match-ipsec"> + <properties> + <help>Inbound IPsec packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none"> + <properties> + <help>Inbound non-IPsec packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/outbound-interface-no-group.xml.i b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i new file mode 100644 index 000000000..e3bace42d --- /dev/null +++ b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i @@ -0,0 +1,34 @@ +<!-- include start from firewall/outbound-interface-no-group.xml.i --> +<node name="outbound-interface"> + <properties> + <help>Match outbound-interface</help> + </properties> + <children> + <leafNode name="name"> + <properties> + <help>Match interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + <path>vrf name</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <valueHelp> + <format>txt*</format> + <description>Interface name with wildcard</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Inverted interface name to match</description> + </valueHelp> + <constraint> + <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex> + <validator name="vrf-name"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i b/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i new file mode 100644 index 000000000..845f8fe7c --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-dynamic-group-ipv6.xml.i @@ -0,0 +1,17 @@ +<!-- include start from firewall/source-destination-dynamic-group-ipv6.xml.i --> +<node name="group"> + <properties> + <help>Group</help> + </properties> + <children> + <leafNode name="dynamic-address-group"> + <properties> + <help>Group of dynamic ipv6 addresses</help> + <completionHelp> + <path>firewall group dynamic-group ipv6-address-group</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i b/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i new file mode 100644 index 000000000..29ab98c68 --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-dynamic-group.xml.i @@ -0,0 +1,17 @@ +<!-- include start from firewall/source-destination-dynamic-group.xml.i --> +<node name="group"> + <properties> + <help>Group</help> + </properties> + <children> + <leafNode name="dynamic-address-group"> + <properties> + <help>Group of dynamic addresses</help> + <completionHelp> + <path>firewall group dynamic-group address-group</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/firewall/state.xml.i b/interface-definitions/include/firewall/state.xml.i new file mode 100644 index 000000000..dee9722e5 --- /dev/null +++ b/interface-definitions/include/firewall/state.xml.i @@ -0,0 +1,30 @@ +<!-- include start from firewall/state.xml.i --> +<leafNode name="state"> + <properties> + <help>Session state</help> + <completionHelp> + <list>established invalid new related</list> + </completionHelp> + <valueHelp> + <format>established</format> + <description>Established state</description> + </valueHelp> + <valueHelp> + <format>invalid</format> + <description>Invalid state</description> + </valueHelp> + <valueHelp> + <format>new</format> + <description>New state</description> + </valueHelp> + <valueHelp> + <format>related</format> + <description>Related state</description> + </valueHelp> + <constraint> + <regex>(established|invalid|new|related)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/rule-backend.xml.i b/interface-definitions/include/haproxy/rule-backend.xml.i index a6832d693..b2be4fde4 100644 --- a/interface-definitions/include/haproxy/rule-backend.xml.i +++ b/interface-definitions/include/haproxy/rule-backend.xml.i @@ -118,7 +118,7 @@ <description>Exactly URL</description> </valueHelp> <constraint> - <regex>^\/[\w\-.\/]+$</regex> + <regex>^\/[\w\-.\/]*$</regex> </constraint> <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> <multi/> diff --git a/interface-definitions/include/interface/dhcp-options.xml.i b/interface-definitions/include/interface/dhcp-options.xml.i index 8027769ff..733512a98 100644 --- a/interface-definitions/include/interface/dhcp-options.xml.i +++ b/interface-definitions/include/interface/dhcp-options.xml.i @@ -7,6 +7,13 @@ <leafNode name="client-id"> <properties> <help>Identifier used by client to identify itself to the DHCP server</help> + <valueHelp> + <format>txt</format> + <description>DHCP option string</description> + </valueHelp> + <constraint> + #include <include/constraint/dhcp-client-string-option.xml.i> + </constraint> </properties> </leafNode> <leafNode name="host-name"> @@ -27,6 +34,25 @@ <leafNode name="vendor-class-id"> <properties> <help>Identify the vendor client type to the DHCP server</help> + <valueHelp> + <format>txt</format> + <description>DHCP option string</description> + </valueHelp> + <constraint> + #include <include/constraint/dhcp-client-string-option.xml.i> + </constraint> + </properties> + </leafNode> + <leafNode name="user-class"> + <properties> + <help>Identify to the DHCP server, user configurable option</help> + <valueHelp> + <format>txt</format> + <description>DHCP option string</description> + </valueHelp> + <constraint> + #include <include/constraint/dhcp-client-string-option.xml.i> + </constraint> </properties> </leafNode> #include <include/interface/no-default-route.xml.i> diff --git a/interface-definitions/include/interface/dhcpv6-options.xml.i b/interface-definitions/include/interface/dhcpv6-options.xml.i index 5ca1d525f..68d1b172f 100644 --- a/interface-definitions/include/interface/dhcpv6-options.xml.i +++ b/interface-definitions/include/interface/dhcpv6-options.xml.i @@ -4,18 +4,7 @@ <help>DHCPv6 client settings/options</help> </properties> <children> - <leafNode name="duid"> - <properties> - <help>DHCP unique identifier (DUID) to be sent by dhcpv6 client</help> - <valueHelp> - <format>duid</format> - <description>DHCP unique identifier (DUID)</description> - </valueHelp> - <constraint> - <validator name="ipv6-duid"/> - </constraint> - </properties> - </leafNode> + #include <include/interface/duid.xml.i> <leafNode name="parameters-only"> <properties> <help>Acquire only config parameters, no address</help> diff --git a/interface-definitions/include/interface/duid.xml.i b/interface-definitions/include/interface/duid.xml.i new file mode 100644 index 000000000..8d808696e --- /dev/null +++ b/interface-definitions/include/interface/duid.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/duid.xml.i --> +<leafNode name="duid"> + <properties> + <help>DHCP unique identifier (DUID) to be sent by client</help> + <valueHelp> + <format>duid</format> + <description>DHCP unique identifier</description> + </valueHelp> + <constraint> + <regex>([0-9A-Fa-f]{2}:){0,127}([0-9A-Fa-f]{2})</regex> + </constraint> + <constraintErrorMessage>Invalid DUID, must be in the format h[[:h]...]</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/replay-window.xml.i b/interface-definitions/include/ipsec/replay-window.xml.i new file mode 100644 index 000000000..f35ed550a --- /dev/null +++ b/interface-definitions/include/ipsec/replay-window.xml.i @@ -0,0 +1,19 @@ +<!-- include start from ipsec/replay-window.xml.i --> +<leafNode name="replay-window"> + <properties> + <help>IPsec replay window to configure for this CHILD_SA</help> + <valueHelp> + <format>u32:0</format> + <description>Disable IPsec replay protection</description> + </valueHelp> + <valueHelp> + <format>u32:1-2040</format> + <description>Replay window size in packets</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2040"/> + </constraint> + </properties> + <defaultValue>32</defaultValue> + </leafNode> + <!-- include end --> diff --git a/interface-definitions/include/isis/level-1-2-leaf.xml.i b/interface-definitions/include/isis/level-1-2-leaf.xml.i new file mode 100644 index 000000000..3703da1ed --- /dev/null +++ b/interface-definitions/include/isis/level-1-2-leaf.xml.i @@ -0,0 +1,13 @@ +<!-- include start from isis/level-1-2-leaf.xml.i --> +<leafNode name="level-1"> + <properties> + <help>Match on IS-IS level-1 routes</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="level-2"> + <properties> + <help>Match on IS-IS level-2 routes</help> + <valueless/> + </properties> +</leafNode>
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-local.xml.i b/interface-definitions/include/isis/lfa-local.xml.i new file mode 100644 index 000000000..c5bf6a3eb --- /dev/null +++ b/interface-definitions/include/isis/lfa-local.xml.i @@ -0,0 +1,128 @@ +<!-- include start from isis/lfa-local.xml.i --> +<node name="local"> + <properties> + <help>Local loop free alternate options</help> + </properties> + <children> + <node name="load-sharing"> + <properties> + <help>Load share prefixes across multiple backups</help> + </properties> + <children> + <node name="disable"> + <properties> + <help>Disable load sharing</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + </children> + </node> + <node name="priority-limit"> + <properties> + <help>Limit backup computation up to the prefix priority</help> + </properties> + <children> + <node name="medium"> + <properties> + <help>Compute for critical, high, and medium priority prefixes</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + <node name="high"> + <properties> + <help>Compute for critical, and high priority prefixes</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + <node name="critical"> + <properties> + <help>Compute for critical priority prefixes only</help> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </node> + </children> + </node> + <node name="tiebreaker"> + <properties> + <help>Configure tiebreaker for multiple backups</help> + </properties> + <children> + <node name="downstream"> + <properties> + <help>Prefer backup path via downstream node</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="lowest-backup-metric"> + <properties> + <help>Prefer backup path with lowest total metric</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + <node name="node-protecting"> + <properties> + <help>Prefer node protecting backup path</help> + </properties> + <children> + <tagNode name="index"> + <properties> + <help>Set preference order among tiebreakers</help> + <valueHelp> + <format>u32:1-255</format> + <description>The index integer value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-protocol.xml.i b/interface-definitions/include/isis/lfa-protocol.xml.i new file mode 100644 index 000000000..cfb1a6dc1 --- /dev/null +++ b/interface-definitions/include/isis/lfa-protocol.xml.i @@ -0,0 +1,11 @@ +<!-- include start from isis/lfa-protocol.xml.i --> +<node name="lfa"> + <properties> + <help>Loop free alternate functionality</help> + </properties> + <children> + #include <include/isis/lfa-remote.xml.i> + #include <include/isis/lfa-local.xml.i> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/lfa-remote.xml.i b/interface-definitions/include/isis/lfa-remote.xml.i new file mode 100644 index 000000000..8434e35bf --- /dev/null +++ b/interface-definitions/include/isis/lfa-remote.xml.i @@ -0,0 +1,28 @@ +<!-- include start from isis/lfa-remote.xml.i --> +<node name="remote"> + <properties> + <help>Remote loop free alternate options</help> + </properties> + <children> + <tagNode name="prefix-list"> + <properties> + <help>Filter PQ node router ID based on prefix list</help> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of IPv4/IPv6 prefix-list</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + <children> + #include <include/isis/level-1-2-leaf.xml.i> + </children> + </tagNode> + </children> +</node> +<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i index 648f2b319..404f03cb5 100644 --- a/interface-definitions/include/isis/protocol-common-config.xml.i +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -165,6 +165,14 @@ </properties> </leafNode> #include <include/isis/ldp-sync-protocol.xml.i> +<node name="fast-reroute"> + <properties> + <help>IS-IS fast reroute configuration</help> + </properties> + <children> + #include <include/isis/lfa-protocol.xml.i> + </children> +</node> <leafNode name="net"> <properties> <help>A Network Entity Title for this process (ISO only)</help> diff --git a/interface-definitions/include/listen-interface-multi-broadcast.xml.i b/interface-definitions/include/listen-interface-multi-broadcast.xml.i new file mode 100644 index 000000000..00bd45e6e --- /dev/null +++ b/interface-definitions/include/listen-interface-multi-broadcast.xml.i @@ -0,0 +1,18 @@ +<!-- include start from listen-interface-multi-broadcast.xml.i --> +<leafNode name="listen-interface"> + <properties> + <help>Interface to listen on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces --broadcast</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i index 6234e6195..deb13529d 100644 --- a/interface-definitions/include/nat-rule.xml.i +++ b/interface-definitions/include/nat-rule.xml.i @@ -34,12 +34,7 @@ #include <include/firewall/nat-balance.xml.i> </children> </node> - <leafNode name="log"> - <properties> - <help>NAT rule logging</help> - <valueless/> - </properties> - </leafNode> + #include <include/firewall/log.xml.i> <leafNode name="packet-type"> <properties> <help>Packet type</help> diff --git a/interface-definitions/include/nat64/protocol.xml.i b/interface-definitions/include/nat64/protocol.xml.i new file mode 100644 index 000000000..a640873b5 --- /dev/null +++ b/interface-definitions/include/nat64/protocol.xml.i @@ -0,0 +1,27 @@ +<!-- include start from nat64/protocol.xml.i --> +<node name="protocol"> + <properties> + <help>Apply translation address to a specfic protocol</help> + </properties> + <children> + <leafNode name="tcp"> + <properties> + <help>Transmission Control Protocol</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="udp"> + <properties> + <help>User Datagram Protocol</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="icmp"> + <properties> + <help>Internet Control Message Protocol</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/pim/bsm.xml.i b/interface-definitions/include/pim/bsm.xml.i new file mode 100644 index 000000000..cc2cf14ca --- /dev/null +++ b/interface-definitions/include/pim/bsm.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/bsm.xml.i --> +<leafNode name="no-bsm"> + <properties> + <help>Do not process bootstrap messages</help> + <valueless/> + </properties> +</leafNode> +<leafNode name="no-unicast-bsm"> + <properties> + <help>Do not process unicast bootstrap messages</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/dr-priority.xml.i b/interface-definitions/include/pim/dr-priority.xml.i new file mode 100644 index 000000000..e4b3067c2 --- /dev/null +++ b/interface-definitions/include/pim/dr-priority.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/dr-priority.xml.i --> +<leafNode name="dr-priority"> + <properties> + <help>Designated router election priority</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>DR Priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/hello.xml.i b/interface-definitions/include/pim/hello.xml.i new file mode 100644 index 000000000..0c7601be7 --- /dev/null +++ b/interface-definitions/include/pim/hello.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/hello.xml.i --> +<leafNode name="hello"> + <properties> + <help>Hello Interval</help> + <valueHelp> + <format>u32:1-180</format> + <description>Hello Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-180"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/join-prune-interval.xml.i b/interface-definitions/include/pim/join-prune-interval.xml.i new file mode 100644 index 000000000..882787d3f --- /dev/null +++ b/interface-definitions/include/pim/join-prune-interval.xml.i @@ -0,0 +1,15 @@ +<!-- include start from pim/join-prune-interval.xml.i --> +<leafNode name="join-prune-interval"> + <properties> + <help>Join prune send interval</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/keep-alive-timer.xml.i b/interface-definitions/include/pim/keep-alive-timer.xml.i new file mode 100644 index 000000000..0dd27d6e7 --- /dev/null +++ b/interface-definitions/include/pim/keep-alive-timer.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/keep-alive-timer.xml.i --> +<leafNode name="keep-alive-timer"> + <properties> + <help>Keep alive Timer</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Keep alive Timer in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/packets.xml.i b/interface-definitions/include/pim/packets.xml.i new file mode 100644 index 000000000..1dc00c971 --- /dev/null +++ b/interface-definitions/include/pim/packets.xml.i @@ -0,0 +1,15 @@ +<!-- include start from pim/packets.xml.i --> +<leafNode name="packets"> + <properties> + <help>Packets to process at once</help> + <valueHelp> + <format>u32:1-255</format> + <description>Number of packets</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>3</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/passive.xml.i b/interface-definitions/include/pim/passive.xml.i new file mode 100644 index 000000000..e4e9ca0b1 --- /dev/null +++ b/interface-definitions/include/pim/passive.xml.i @@ -0,0 +1,8 @@ +<!-- include start from pim/passive.xml.i --> +<leafNode name="passive"> + <properties> + <help>Disable sending and receiving PIM control packets on the interface</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pim/register-suppress-time.xml.i b/interface-definitions/include/pim/register-suppress-time.xml.i new file mode 100644 index 000000000..919945b52 --- /dev/null +++ b/interface-definitions/include/pim/register-suppress-time.xml.i @@ -0,0 +1,14 @@ +<!-- include start from pim/register-suppress-time.xml.i --> +<leafNode name="register-suppress-time"> + <properties> + <help>Register suppress timer</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Timer in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/certificate-multi.xml.i b/interface-definitions/include/pki/certificate-multi.xml.i new file mode 100644 index 000000000..c49c5d9b2 --- /dev/null +++ b/interface-definitions/include/pki/certificate-multi.xml.i @@ -0,0 +1,15 @@ +<!-- include start from pki/certificate-multi.xml.i --> +<leafNode name="certificate"> + <properties> + <help>Certificate in PKI configuration</help> + <completionHelp> + <path>pki certificate</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Name of certificate in PKI configuration</description> + </valueHelp> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/pki/dh-params.xml.i b/interface-definitions/include/pki/dh-params.xml.i new file mode 100644 index 000000000..a422df832 --- /dev/null +++ b/interface-definitions/include/pki/dh-params.xml.i @@ -0,0 +1,10 @@ +<!-- include start from pki/certificate-multi.xml.i --> +<leafNode name="dh-params"> + <properties> + <help>Diffie Hellman parameters (server only)</help> + <completionHelp> + <path>pki dh</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/prefix-list.xml.i b/interface-definitions/include/policy/prefix-list.xml.i new file mode 100644 index 000000000..5d7980ee2 --- /dev/null +++ b/interface-definitions/include/policy/prefix-list.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/prefix-list.xml.i --> +<leafNode name="prefix-list"> + <properties> + <help>Prefix-list to use</help> + <valueHelp> + <format>txt</format> + <description>Prefix-list to apply (IPv4)</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/prefix-list6.xml.i b/interface-definitions/include/policy/prefix-list6.xml.i new file mode 100644 index 000000000..101702f1f --- /dev/null +++ b/interface-definitions/include/policy/prefix-list6.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/prefix-list6.xml.i --> +<leafNode name="prefix-list6"> + <properties> + <help>Prefix-list to use</help> + <valueHelp> + <format>txt</format> + <description>Prefix-list to apply (IPv6)</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list6</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i index 8eab04d4a..e412fe58e 100644 --- a/interface-definitions/include/policy/route-common.xml.i +++ b/interface-definitions/include/policy/route-common.xml.i @@ -1,362 +1,257 @@ -<!-- include start from policy/route-common.xml.i -->
-#include <include/policy/route-rule-action.xml.i>
-#include <include/generic-description.xml.i>
-#include <include/firewall/firewall-mark.xml.i>
-<leafNode name="disable">
- <properties>
- <help>Option to disable firewall rule</help>
- <valueless/>
- </properties>
-</leafNode>
-<node name="fragment">
- <properties>
- <help>IP fragment match</help>
- </properties>
- <children>
- <leafNode name="match-frag">
- <properties>
- <help>Second and further fragments of fragmented packets</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="match-non-frag">
- <properties>
- <help>Head fragments or unfragmented packets</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="ipsec">
- <properties>
- <help>Inbound IPsec packets</help>
- </properties>
- <children>
- <leafNode name="match-ipsec">
- <properties>
- <help>Inbound IPsec packets</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="match-none">
- <properties>
- <help>Inbound non-IPsec packets</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="limit">
- <properties>
- <help>Rate limit using a token bucket filter</help>
- </properties>
- <children>
- <leafNode name="burst">
- <properties>
- <help>Maximum number of packets to allow in excess of rate</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Maximum number of packets to allow in excess of rate</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="rate">
- <properties>
- <help>Maximum average matching rate</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Maximum average matching rate</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<leafNode name="log">
- <properties>
- <help>Option to log packets matching rule</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable log</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable log</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
-</leafNode>
-<leafNode name="protocol">
- <properties>
- <help>Protocol to match (protocol name, number, or "all")</help>
- <completionHelp>
- <script>cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'</script>
- </completionHelp>
- <valueHelp>
- <format>all</format>
- <description>All IP protocols</description>
- </valueHelp>
- <valueHelp>
- <format>tcp_udp</format>
- <description>Both TCP and UDP</description>
- </valueHelp>
- <valueHelp>
- <format>0-255</format>
- <description>IP protocol number</description>
- </valueHelp>
- <valueHelp>
- <format>!<protocol></format>
- <description>IP protocol number</description>
- </valueHelp>
- <constraint>
- <validator name="ip-protocol"/>
- </constraint>
- </properties>
- <defaultValue>all</defaultValue>
-</leafNode>
-<node name="recent">
- <properties>
- <help>Parameters for matching recently seen sources</help>
- </properties>
- <children>
- <leafNode name="count">
- <properties>
- <help>Source addresses seen more than N times</help>
- <valueHelp>
- <format>u32:1-255</format>
- <description>Source addresses seen more than N times</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-255"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="time">
- <properties>
- <help>Source addresses seen in the last N seconds</help>
- <valueHelp>
- <format>u32:0-4294967295</format>
- <description>Source addresses seen in the last N seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-4294967295"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="set">
- <properties>
- <help>Packet modifications</help>
- </properties>
- <children>
- <leafNode name="connection-mark">
- <properties>
- <help>Connection marking</help>
- <valueHelp>
- <format>u32:0-2147483647</format>
- <description>Connection marking</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-2147483647"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="dscp">
- <properties>
- <help>Packet Differentiated Services Codepoint (DSCP)</help>
- <valueHelp>
- <format>u32:0-63</format>
- <description>DSCP number</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-63"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="mark">
- <properties>
- <help>Packet marking</help>
- <valueHelp>
- <format>u32:1-2147483647</format>
- <description>Packet marking</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-2147483647"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="table">
- <properties>
- <help>Routing table to forward packet with</help>
- <valueHelp>
- <format>u32:1-200</format>
- <description>Table number</description>
- </valueHelp>
- <valueHelp>
- <format>main</format>
- <description>Main table</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-200"/>
- <regex>(main)</regex>
- </constraint>
- <completionHelp>
- <list>main</list>
- <path>protocols static table</path>
- </completionHelp>
- </properties>
- </leafNode>
- <leafNode name="tcp-mss">
- <properties>
- <help>TCP Maximum Segment Size</help>
- <valueHelp>
- <format>u32:500-1460</format>
- <description>Explicitly set TCP MSS value</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 500-1460"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-<node name="state">
- <properties>
- <help>Session state</help>
- </properties>
- <children>
- <leafNode name="established">
- <properties>
- <help>Established state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="invalid">
- <properties>
- <help>Invalid state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="new">
- <properties>
- <help>New state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="related">
- <properties>
- <help>Related state</help>
- <completionHelp>
- <list>enable disable</list>
- </completionHelp>
- <valueHelp>
- <format>enable</format>
- <description>Enable</description>
- </valueHelp>
- <valueHelp>
- <format>disable</format>
- <description>Disable</description>
- </valueHelp>
- <constraint>
- <regex>(enable|disable)</regex>
- </constraint>
- </properties>
- </leafNode>
- </children>
-</node>
-#include <include/firewall/tcp-flags.xml.i>
-#include <include/firewall/tcp-mss.xml.i>
-<node name="time">
- <properties>
- <help>Time to match rule</help>
- </properties>
- <children>
- <leafNode name="monthdays">
- <properties>
- <help>Monthdays to match rule on</help>
- </properties>
- </leafNode>
- <leafNode name="startdate">
- <properties>
- <help>Date to start matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="starttime">
- <properties>
- <help>Time of day to start matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="stopdate">
- <properties>
- <help>Date to stop matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="stoptime">
- <properties>
- <help>Time of day to stop matching rule</help>
- </properties>
- </leafNode>
- <leafNode name="utc">
- <properties>
- <help>Interpret times for startdate, stopdate, starttime and stoptime to be UTC</help>
- <valueless/>
- </properties>
- </leafNode>
- <leafNode name="weekdays">
- <properties>
- <help>Weekdays to match rule on</help>
- </properties>
- </leafNode>
- </children>
-</node>
-<!-- include end -->
+<!-- include start from policy/route-common.xml.i --> +#include <include/policy/route-rule-action.xml.i> +#include <include/generic-description.xml.i> +#include <include/firewall/firewall-mark.xml.i> +#include <include/generic-disable-node.xml.i> +<node name="fragment"> + <properties> + <help>IP fragment match</help> + </properties> + <children> + <leafNode name="match-frag"> + <properties> + <help>Second and further fragments of fragmented packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-non-frag"> + <properties> + <help>Head fragments or unfragmented packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="ipsec"> + <properties> + <help>Inbound IPsec packets</help> + </properties> + <children> + <leafNode name="match-ipsec"> + <properties> + <help>Inbound IPsec packets</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="match-none"> + <properties> + <help>Inbound non-IPsec packets</help> + <valueless/> + </properties> + </leafNode> + </children> +</node> +<node name="limit"> + <properties> + <help>Rate limit using a token bucket filter</help> + </properties> + <children> + <leafNode name="burst"> + <properties> + <help>Maximum number of packets to allow in excess of rate</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>Maximum number of packets to allow in excess of rate</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="rate"> + <properties> + <help>Maximum average matching rate</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>Maximum average matching rate</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +#include <include/firewall/log.xml.i> +<leafNode name="protocol"> + <properties> + <help>Protocol to match (protocol name, number, or "all")</help> + <completionHelp> + <script>cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }'</script> + </completionHelp> + <valueHelp> + <format>all</format> + <description>All IP protocols</description> + </valueHelp> + <valueHelp> + <format>tcp_udp</format> + <description>Both TCP and UDP</description> + </valueHelp> + <valueHelp> + <format>0-255</format> + <description>IP protocol number</description> + </valueHelp> + <valueHelp> + <format>!<protocol></format> + <description>IP protocol number</description> + </valueHelp> + <constraint> + <validator name="ip-protocol"/> + </constraint> + </properties> + <defaultValue>all</defaultValue> +</leafNode> +<node name="recent"> + <properties> + <help>Parameters for matching recently seen sources</help> + </properties> + <children> + <leafNode name="count"> + <properties> + <help>Source addresses seen more than N times</help> + <valueHelp> + <format>u32:1-255</format> + <description>Source addresses seen more than N times</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="time"> + <properties> + <help>Source addresses seen in the last N seconds</help> + <valueHelp> + <format>u32:0-4294967295</format> + <description>Source addresses seen in the last N seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<node name="set"> + <properties> + <help>Packet modifications</help> + </properties> + <children> + <leafNode name="connection-mark"> + <properties> + <help>Connection marking</help> + <valueHelp> + <format>u32:0-2147483647</format> + <description>Connection marking</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647"/> + </constraint> + </properties> + </leafNode> + <leafNode name="dscp"> + <properties> + <help>Packet Differentiated Services Codepoint (DSCP)</help> + <valueHelp> + <format>u32:0-63</format> + <description>DSCP number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-63"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mark"> + <properties> + <help>Packet marking</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Packet marking</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + </leafNode> + <leafNode name="table"> + <properties> + <help>Routing table to forward packet with</help> + <valueHelp> + <format>u32:1-200</format> + <description>Table number</description> + </valueHelp> + <valueHelp> + <format>main</format> + <description>Main table</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-200"/> + <regex>(main)</regex> + </constraint> + <completionHelp> + <list>main</list> + <path>protocols static table</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="tcp-mss"> + <properties> + <help>TCP Maximum Segment Size</help> + <valueHelp> + <format>u32:500-1460</format> + <description>Explicitly set TCP MSS value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 500-1460"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +#include <include/firewall/state.xml.i> +#include <include/firewall/tcp-flags.xml.i> +#include <include/firewall/tcp-mss.xml.i> +<node name="time"> + <properties> + <help>Time to match rule</help> + </properties> + <children> + <leafNode name="monthdays"> + <properties> + <help>Monthdays to match rule on</help> + </properties> + </leafNode> + <leafNode name="startdate"> + <properties> + <help>Date to start matching rule</help> + </properties> + </leafNode> + <leafNode name="starttime"> + <properties> + <help>Time of day to start matching rule</help> + </properties> + </leafNode> + <leafNode name="stopdate"> + <properties> + <help>Date to stop matching rule</help> + </properties> + </leafNode> + <leafNode name="stoptime"> + <properties> + <help>Time of day to stop matching rule</help> + </properties> + </leafNode> + <leafNode name="utc"> + <properties> + <help>Interpret times for startdate, stopdate, starttime and stoptime to be UTC</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="weekdays"> + <properties> + <help>Weekdays to match rule on</help> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/protocol-tcp-udp.xml.i b/interface-definitions/include/protocol-tcp-udp.xml.i index d7e6752ad..c186c026a 100644 --- a/interface-definitions/include/protocol-tcp-udp.xml.i +++ b/interface-definitions/include/protocol-tcp-udp.xml.i @@ -1,22 +1,22 @@ -<!-- include start from snmp/protocol.xml.i -->
-<leafNode name="protocol">
- <properties>
- <help>Protocol to be used (TCP/UDP)</help>
- <completionHelp>
- <list>udp tcp</list>
- </completionHelp>
- <valueHelp>
- <format>udp</format>
- <description>Listen protocol UDP</description>
- </valueHelp>
- <valueHelp>
- <format>tcp</format>
- <description>Listen protocol TCP</description>
- </valueHelp>
- <constraint>
- <regex>(udp|tcp)</regex>
- </constraint>
- </properties>
- <defaultValue>udp</defaultValue>
-</leafNode>
-<!-- include end -->
+<!-- include start from snmp/protocol.xml.i --> +<leafNode name="protocol"> + <properties> + <help>Protocol to be used (TCP/UDP)</help> + <completionHelp> + <list>udp tcp</list> + </completionHelp> + <valueHelp> + <format>udp</format> + <description>Listen protocol UDP</description> + </valueHelp> + <valueHelp> + <format>tcp</format> + <description>Listen protocol TCP</description> + </valueHelp> + <constraint> + <regex>(udp|tcp)</regex> + </constraint> + </properties> + <defaultValue>udp</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/hfsc-m1.xml.i b/interface-definitions/include/qos/hfsc-m1.xml.i index 677d817ba..21b9c4f32 100644 --- a/interface-definitions/include/qos/hfsc-m1.xml.i +++ b/interface-definitions/include/qos/hfsc-m1.xml.i @@ -27,6 +27,6 @@ <description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description> </valueHelp> </properties> - <defaultValue>100%%</defaultValue> + <defaultValue>0bit</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/qos/hfsc-m2.xml.i b/interface-definitions/include/qos/hfsc-m2.xml.i index 7690df4b0..24e8f5d63 100644 --- a/interface-definitions/include/qos/hfsc-m2.xml.i +++ b/interface-definitions/include/qos/hfsc-m2.xml.i @@ -27,6 +27,6 @@ <description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description> </valueHelp> </properties> - <defaultValue>100%%</defaultValue> + <defaultValue>100%</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i index a0cdcd7c3..e454b9025 100644 --- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i +++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i @@ -25,27 +25,7 @@ #include <include/radius-server-auth-port.xml.i> </children> </tagNode> - <leafNode name="source-address"> - <properties> - <help>Source IP address used to initiate connection</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - </completionHelp> - <valueHelp> - <format>ipv4</format> - <description>IPv4 source address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 source address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> - </constraint> - <multi/> - </properties> - </leafNode> + #include <include/source-address-ipv4-ipv6-multi.xml.i> <leafNode name="security-mode"> <properties> <help>Security mode for RADIUS authentication</help> diff --git a/interface-definitions/include/rip/interface.xml.i b/interface-definitions/include/rip/interface.xml.i index 8007f0208..7c64d0708 100644 --- a/interface-definitions/include/rip/interface.xml.i +++ b/interface-definitions/include/rip/interface.xml.i @@ -19,12 +19,7 @@ <help>Split horizon parameters</help> </properties> <children> - <leafNode name="disable"> - <properties> - <help>Disable split horizon on specified interface</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> <leafNode name="poison-reverse"> <properties> <help>Disable split horizon on specified interface</help> diff --git a/interface-definitions/include/rip/version.xml.i b/interface-definitions/include/rip/version.xml.i index a35350aee..61458b28e 100644 --- a/interface-definitions/include/rip/version.xml.i +++ b/interface-definitions/include/rip/version.xml.i @@ -1,18 +1,18 @@ -<!-- include start from rip/version.xml.i -->
-<leafNode name="version">
- <properties>
- <help>Limit RIP protocol version</help>
- <valueHelp>
- <format>1</format>
- <description>Allow RIPv1 only</description>
- </valueHelp>
- <valueHelp>
- <format>2</format>
- <description>Allow RIPv2 only</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-2"/>
- </constraint>
- </properties>
-</leafNode>
-<!-- include end -->
+<!-- include start from rip/version.xml.i --> +<leafNode name="version"> + <properties> + <help>Limit RIP protocol version</help> + <valueHelp> + <format>1</format> + <description>Allow RIPv1 only</description> + </valueHelp> + <valueHelp> + <format>2</format> + <description>Allow RIPv2 only</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/route-map.xml.i b/interface-definitions/include/route-map.xml.i index 019868373..e49c388d6 100644 --- a/interface-definitions/include/route-map.xml.i +++ b/interface-definitions/include/route-map.xml.i @@ -10,7 +10,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i b/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i new file mode 100644 index 000000000..d56ca5be6 --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-ipv6-multi.xml.i @@ -0,0 +1,22 @@ +<!-- include start from source-address-ipv4-ipv6-multi.xml.i --> +<leafNode name="source-address"> + <properties> + <help>Source IP address used to initiate connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 source address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/source-address-ipv4-multi.xml.i b/interface-definitions/include/source-address-ipv4-multi.xml.i new file mode 100644 index 000000000..319a118f3 --- /dev/null +++ b/interface-definitions/include/source-address-ipv4-multi.xml.i @@ -0,0 +1,18 @@ +<!-- include start from source-address-ipv4-multi.xml.i --> +<leafNode name="source-address"> + <properties> + <help>IPv4 source address used to initiate connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/url-http-https.xml.i b/interface-definitions/include/url-http-https.xml.i new file mode 100644 index 000000000..f763c2bb2 --- /dev/null +++ b/interface-definitions/include/url-http-https.xml.i @@ -0,0 +1,15 @@ +<!-- include start from url-http-https.xml.i --> +<leafNode name="url"> + <properties> + <help>Remote URL</help> + <valueHelp> + <format>url</format> + <description>Remote HTTP(S) URL</description> + </valueHelp> + <constraint> + <validator name="url" argument="--scheme http --scheme https"/> + </constraint> + <constraintErrorMessage>Invalid HTTP(S) URL format</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/url.xml.i b/interface-definitions/include/url.xml.i deleted file mode 100644 index caa6f67bd..000000000 --- a/interface-definitions/include/url.xml.i +++ /dev/null @@ -1,15 +0,0 @@ -<!-- include start from url.xml.i --> -<leafNode name="url"> - <properties> - <help>Remote URL</help> - <valueHelp> - <format>url</format> - <description>Remote URL</description> - </valueHelp> - <constraint> - <regex>^https?:\/\/?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*(\:[0-9]+)*(\/.*)?</regex> - </constraint> - <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/version/bgp-version.xml.i b/interface-definitions/include/version/bgp-version.xml.i index 1386ea9bc..6bed7189f 100644 --- a/interface-definitions/include/version/bgp-version.xml.i +++ b/interface-definitions/include/version/bgp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/bgp-version.xml.i --> -<syntaxVersion component='bgp' version='4'></syntaxVersion> +<syntaxVersion component='bgp' version='5'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/cluster-version.xml.i b/interface-definitions/include/version/cluster-version.xml.i index 621996df4..402fe36c5 100644 --- a/interface-definitions/include/version/cluster-version.xml.i +++ b/interface-definitions/include/version/cluster-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/cluster-version.xml.i --> -<syntaxVersion component='cluster' version='1'></syntaxVersion> +<syntaxVersion component='cluster' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/conntrack-version.xml.i b/interface-definitions/include/version/conntrack-version.xml.i index c0f632c70..6995ce119 100644 --- a/interface-definitions/include/version/conntrack-version.xml.i +++ b/interface-definitions/include/version/conntrack-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/conntrack-version.xml.i --> -<syntaxVersion component='conntrack' version='4'></syntaxVersion> +<syntaxVersion component='conntrack' version='5'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/dhcp-server-version.xml.i b/interface-definitions/include/version/dhcp-server-version.xml.i index 330cb7d1b..d83172e72 100644 --- a/interface-definitions/include/version/dhcp-server-version.xml.i +++ b/interface-definitions/include/version/dhcp-server-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/dhcp-server-version.xml.i --> -<syntaxVersion component='dhcp-server' version='6'></syntaxVersion> +<syntaxVersion component='dhcp-server' version='9'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/dhcpv6-server-version.xml.i b/interface-definitions/include/version/dhcpv6-server-version.xml.i index 4b2cf40aa..bfef27b77 100644 --- a/interface-definitions/include/version/dhcpv6-server-version.xml.i +++ b/interface-definitions/include/version/dhcpv6-server-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/dhcpv6-server-version.xml.i --> -<syntaxVersion component='dhcpv6-server' version='1'></syntaxVersion> +<syntaxVersion component='dhcpv6-server' version='4'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/dns-dynamic-version.xml.i b/interface-definitions/include/version/dns-dynamic-version.xml.i index b25fc6e76..346385ccb 100644 --- a/interface-definitions/include/version/dns-dynamic-version.xml.i +++ b/interface-definitions/include/version/dns-dynamic-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/dns-dynamic-version.xml.i --> -<syntaxVersion component='dns-dynamic' version='1'></syntaxVersion> +<syntaxVersion component='dns-dynamic' version='4'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index dd21bfaca..6702ee041 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/firewall-version.xml.i --> -<syntaxVersion component='firewall' version='11'></syntaxVersion> +<syntaxVersion component='firewall' version='14'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/https-version.xml.i b/interface-definitions/include/version/https-version.xml.i index 111076974..525314dbd 100644 --- a/interface-definitions/include/version/https-version.xml.i +++ b/interface-definitions/include/version/https-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/https-version.xml.i --> -<syntaxVersion component='https' version='4'></syntaxVersion> +<syntaxVersion component='https' version='6'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/interfaces-version.xml.i b/interface-definitions/include/version/interfaces-version.xml.i index 3d11ce888..854e60f4e 100644 --- a/interface-definitions/include/version/interfaces-version.xml.i +++ b/interface-definitions/include/version/interfaces-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/interfaces-version.xml.i --> -<syntaxVersion component='interfaces' version='30'></syntaxVersion> +<syntaxVersion component='interfaces' version='32'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/ipoe-server-version.xml.i b/interface-definitions/include/version/ipoe-server-version.xml.i index 00d2544e6..659433382 100644 --- a/interface-definitions/include/version/ipoe-server-version.xml.i +++ b/interface-definitions/include/version/ipoe-server-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/ipoe-server-version.xml.i --> -<syntaxVersion component='ipoe-server' version='1'></syntaxVersion> +<syntaxVersion component='ipoe-server' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/ipsec-version.xml.i b/interface-definitions/include/version/ipsec-version.xml.i index de7a9c088..a4d556cfc 100644 --- a/interface-definitions/include/version/ipsec-version.xml.i +++ b/interface-definitions/include/version/ipsec-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/ipsec-version.xml.i --> -<syntaxVersion component='ipsec' version='12'></syntaxVersion> +<syntaxVersion component='ipsec' version='13'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/l2tp-version.xml.i b/interface-definitions/include/version/l2tp-version.xml.i index 86114d676..01004c5a0 100644 --- a/interface-definitions/include/version/l2tp-version.xml.i +++ b/interface-definitions/include/version/l2tp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/l2tp-version.xml.i --> -<syntaxVersion component='l2tp' version='4'></syntaxVersion> +<syntaxVersion component='l2tp' version='8'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/lldp-version.xml.i b/interface-definitions/include/version/lldp-version.xml.i index 0deb73279..b41d80451 100644 --- a/interface-definitions/include/version/lldp-version.xml.i +++ b/interface-definitions/include/version/lldp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/lldp-version.xml.i --> -<syntaxVersion component='lldp' version='1'></syntaxVersion> +<syntaxVersion component='lldp' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i index 027216a07..656da6e14 100644 --- a/interface-definitions/include/version/nat-version.xml.i +++ b/interface-definitions/include/version/nat-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat-version.xml.i --> -<syntaxVersion component='nat' version='5'></syntaxVersion> +<syntaxVersion component='nat' version='7'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/nat66-version.xml.i b/interface-definitions/include/version/nat66-version.xml.i index 7b7123dcc..43a54c969 100644 --- a/interface-definitions/include/version/nat66-version.xml.i +++ b/interface-definitions/include/version/nat66-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat66-version.xml.i --> -<syntaxVersion component='nat66' version='1'></syntaxVersion> +<syntaxVersion component='nat66' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/openvpn-version.xml.i b/interface-definitions/include/version/openvpn-version.xml.i new file mode 100644 index 000000000..b4dd742a3 --- /dev/null +++ b/interface-definitions/include/version/openvpn-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/openvpn-version.xml.i --> +<syntaxVersion component='openvpn' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/pim-version.xml.i b/interface-definitions/include/version/pim-version.xml.i new file mode 100644 index 000000000..24cc38cdf --- /dev/null +++ b/interface-definitions/include/version/pim-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/pim-version.xml.i --> +<syntaxVersion component='pim' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/include/version/policy-version.xml.i b/interface-definitions/include/version/policy-version.xml.i index 2c96e0f15..db727fea9 100644 --- a/interface-definitions/include/version/policy-version.xml.i +++ b/interface-definitions/include/version/policy-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/policy-version.xml.i --> -<syntaxVersion component='policy' version='6'></syntaxVersion> +<syntaxVersion component='policy' version='8'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/pppoe-server-version.xml.i b/interface-definitions/include/version/pppoe-server-version.xml.i index 6bdd8d75c..c253c58d9 100644 --- a/interface-definitions/include/version/pppoe-server-version.xml.i +++ b/interface-definitions/include/version/pppoe-server-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/pppoe-server-version.xml.i --> -<syntaxVersion component='pppoe-server' version='6'></syntaxVersion> +<syntaxVersion component='pppoe-server' version='9'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/pptp-version.xml.i b/interface-definitions/include/version/pptp-version.xml.i index 0296c44e9..3e1482ecc 100644 --- a/interface-definitions/include/version/pptp-version.xml.i +++ b/interface-definitions/include/version/pptp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/pptp-version.xml.i --> -<syntaxVersion component='pptp' version='2'></syntaxVersion> +<syntaxVersion component='pptp' version='4'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/rpki-version.xml.i b/interface-definitions/include/version/rpki-version.xml.i index 2fff259a8..45ff4fbfb 100644 --- a/interface-definitions/include/version/rpki-version.xml.i +++ b/interface-definitions/include/version/rpki-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/rpki-version.xml.i --> -<syntaxVersion component='rpki' version='1'></syntaxVersion> +<syntaxVersion component='rpki' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/sstp-version.xml.i b/interface-definitions/include/version/sstp-version.xml.i index 79b43a3e7..5e30950d8 100644 --- a/interface-definitions/include/version/sstp-version.xml.i +++ b/interface-definitions/include/version/sstp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/sstp-version.xml.i --> -<syntaxVersion component='sstp' version='4'></syntaxVersion> +<syntaxVersion component='sstp' version='6'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/system-version.xml.i b/interface-definitions/include/version/system-version.xml.i index 73df8bd8e..fcb24abe2 100644 --- a/interface-definitions/include/version/system-version.xml.i +++ b/interface-definitions/include/version/system-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/system-version.xml.i --> -<syntaxVersion component='system' version='26'></syntaxVersion> +<syntaxVersion component='system' version='27'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces_bonding.xml.in index 427e04a54..62ee0bdc7 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces_bonding.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="bonding" owner="${vyos_conf_scripts_dir}/interfaces-bonding.py"> + <tagNode name="bonding" owner="${vyos_conf_scripts_dir}/interfaces_bonding.py"> <properties> <help>Bonding Interface/Link Aggregation</help> <priority>320</priority> @@ -56,6 +56,60 @@ #include <include/interface/disable.xml.i> #include <include/interface/vrf.xml.i> #include <include/interface/mirror.xml.i> + <node name="evpn"> + <properties> + <help>EVPN Multihoming</help> + </properties> + <children> + <leafNode name="es-df-pref"> + <properties> + <help>Preference value used for designated forwarder (DF) election</help> + <valueHelp> + <format>u32:1-65535</format> + <description>DF Preference value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="es-id"> + <properties> + <help>Ethernet segment identifier</help> + <valueHelp> + <format>u32:1-16777215</format> + <description>Local discriminator</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>10-byte ID - 00:11:22:33:44:55:AA:BB:CC:DD</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + <regex>([0-9A-Fa-f][0-9A-Fa-f]:){9}[0-9A-Fa-f][0-9A-Fa-f]</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="es-sys-mac"> + <properties> + <help>Ethernet segment system MAC</help> + <valueHelp> + <format>macaddr</format> + <description>MAC address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="uplink"> + <properties> + <help>Uplink to the VXLAN core</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> <leafNode name="hash-policy"> <properties> <help>Bonding transmit hash policy</help> diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces_bridge.xml.in index fcfb8686c..d4d277cfc 100644 --- a/interface-definitions/interfaces-bridge.xml.in +++ b/interface-definitions/interfaces_bridge.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="bridge" owner="${vyos_conf_scripts_dir}/interfaces-bridge.py"> + <tagNode name="bridge" owner="${vyos_conf_scripts_dir}/interfaces_bridge.py"> <properties> <help>Bridge Interface</help> <priority>310</priority> @@ -123,6 +123,9 @@ <completionHelp> <script>${vyos_completion_dir}/list_interfaces --bridgeable</script> </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> </properties> <children> <leafNode name="native-vlan"> diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces_dummy.xml.in index 00784fcdf..ef8ee78e7 100644 --- a/interface-definitions/interfaces-dummy.xml.in +++ b/interface-definitions/interfaces_dummy.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="dummy" owner="${vyos_conf_scripts_dir}/interfaces-dummy.py"> + <tagNode name="dummy" owner="${vyos_conf_scripts_dir}/interfaces_dummy.py"> <properties> <help>Dummy Interface</help> <priority>300</priority> diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces_ethernet.xml.in index 5aaa7095c..4e55bac7c 100644 --- a/interface-definitions/interfaces-ethernet.xml.in +++ b/interface-definitions/interfaces_ethernet.xml.in @@ -5,7 +5,7 @@ <help>Network interfaces</help> </properties> <children> - <tagNode name="ethernet" owner="${vyos_conf_scripts_dir}/interfaces-ethernet.py"> + <tagNode name="ethernet" owner="${vyos_conf_scripts_dir}/interfaces_ethernet.py"> <properties> <help>Ethernet Interface</help> <priority>318</priority> diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces_geneve.xml.in index 29b563a09..c94113271 100644 --- a/interface-definitions/interfaces-geneve.xml.in +++ b/interface-definitions/interfaces_geneve.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="geneve" owner="${vyos_conf_scripts_dir}/interfaces-geneve.py"> + <tagNode name="geneve" owner="${vyos_conf_scripts_dir}/interfaces_geneve.py"> <properties> <help>Generic Network Virtualization Encapsulation (GENEVE) Interface</help> <priority>460</priority> diff --git a/interface-definitions/interfaces-input.xml.in b/interface-definitions/interfaces_input.xml.in index d90cf936f..771c47e42 100644 --- a/interface-definitions/interfaces-input.xml.in +++ b/interface-definitions/interfaces_input.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="input" owner="${vyos_conf_scripts_dir}/interfaces-input.py"> + <tagNode name="input" owner="${vyos_conf_scripts_dir}/interfaces_input.py"> <properties> <help>Input Functional Block (IFB) interface name</help> <!-- before real devices that redirect --> diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces_l2tpv3.xml.in index 1f0dd3d19..5f816c956 100644 --- a/interface-definitions/interfaces-l2tpv3.xml.in +++ b/interface-definitions/interfaces_l2tpv3.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="l2tpv3" owner="${vyos_conf_scripts_dir}/interfaces-l2tpv3.py"> + <tagNode name="l2tpv3" owner="${vyos_conf_scripts_dir}/interfaces_l2tpv3.py"> <properties> <help>Layer 2 Tunnel Protocol Version 3 (L2TPv3) Interface</help> <priority>485</priority> diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces_loopback.xml.in index fe0944467..09b4a00cf 100644 --- a/interface-definitions/interfaces-loopback.xml.in +++ b/interface-definitions/interfaces_loopback.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="loopback" owner="${vyos_conf_scripts_dir}/interfaces-loopback.py"> + <tagNode name="loopback" owner="${vyos_conf_scripts_dir}/interfaces_loopback.py"> <properties> <help>Loopback Interface</help> <priority>300</priority> diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces_macsec.xml.in index 766b0bede..d825f8262 100644 --- a/interface-definitions/interfaces-macsec.xml.in +++ b/interface-definitions/interfaces_macsec.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="macsec" owner="${vyos_conf_scripts_dir}/interfaces-macsec.py"> + <tagNode name="macsec" owner="${vyos_conf_scripts_dir}/interfaces_macsec.py"> <properties> <help>MACsec Interface (802.1ae)</help> <priority>461</priority> diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in index 831659250..389b5b5c9 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces_openvpn.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="openvpn" owner="${vyos_conf_scripts_dir}/interfaces-openvpn.py"> + <tagNode name="openvpn" owner="${vyos_conf_scripts_dir}/interfaces_openvpn.py"> <properties> <help>OpenVPN Tunnel Interface</help> <priority>460</priority> @@ -48,29 +48,17 @@ <properties> <help>Standard Data Encryption Algorithm</help> <completionHelp> - <list>none des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> + <list>none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> </completionHelp> <valueHelp> <format>none</format> <description>Disable encryption</description> </valueHelp> <valueHelp> - <format>des</format> - <description>DES algorithm</description> - </valueHelp> - <valueHelp> <format>3des</format> <description>DES algorithm with triple encryption</description> </valueHelp> <valueHelp> - <format>bf128</format> - <description>Blowfish algorithm with 128-bit key</description> - </valueHelp> - <valueHelp> - <format>bf256</format> - <description>Blowfish algorithm with 256-bit key</description> - </valueHelp> - <valueHelp> <format>aes128</format> <description>AES algorithm with 128-bit key CBC</description> </valueHelp> @@ -95,7 +83,7 @@ <description>AES algorithm with 256-bit key GCM</description> </valueHelp> <constraint> - <regex>(none|des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> + <regex>(none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> </constraint> </properties> </leafNode> @@ -103,17 +91,13 @@ <properties> <help>Cipher negotiation list for use in server or client mode</help> <completionHelp> - <list>none des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> + <list>none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> </completionHelp> <valueHelp> <format>none</format> <description>Disable encryption</description> </valueHelp> <valueHelp> - <format>des</format> - <description>DES algorithm</description> - </valueHelp> - <valueHelp> <format>3des</format> <description>DES algorithm with triple encryption</description> </valueHelp> @@ -142,7 +126,7 @@ <description>AES algorithm with 256-bit key GCM</description> </valueHelp> <constraint> - <regex>(none|des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> + <regex>(none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> </constraint> <multi/> </properties> @@ -736,14 +720,7 @@ </leafNode> #include <include/pki/certificate.xml.i> #include <include/pki/ca-certificate-multi.xml.i> - <leafNode name="dh-params"> - <properties> - <help>Diffie Hellman parameters (server only)</help> - <completionHelp> - <path>pki dh</path> - </completionHelp> - </properties> - </leafNode> + #include <include/pki/dh-params.xml.i> <leafNode name="crypt-key"> <properties> <help>Static key to use to authenticate control channel</help> diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces_pppoe.xml.in index b78f92c85..56660bc15 100644 --- a/interface-definitions/interfaces-pppoe.xml.in +++ b/interface-definitions/interfaces_pppoe.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="pppoe" owner="${vyos_conf_scripts_dir}/interfaces-pppoe.py"> + <tagNode name="pppoe" owner="${vyos_conf_scripts_dir}/interfaces_pppoe.py"> <properties> <help>Point-to-Point Protocol over Ethernet (PPPoE) Interface</help> <priority>322</priority> @@ -109,6 +109,19 @@ <leafNode name="mtu"> <defaultValue>1492</defaultValue> </leafNode> + <leafNode name="mru"> + <properties> + <help>Maximum Receive Unit (MRU) (default: MTU value)</help> + <valueHelp> + <format>u32:128-16384</format> + <description>Maximum Receive Unit in byte</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 128-16384"/> + </constraint> + <constraintErrorMessage>MRU must be between 128 and 16384</constraintErrorMessage> + </properties> + </leafNode> #include <include/interface/no-peer-dns.xml.i> <leafNode name="remote-address"> <properties> diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces_pseudo-ethernet.xml.in index 5c73825c3..031af3563 100644 --- a/interface-definitions/interfaces-pseudo-ethernet.xml.in +++ b/interface-definitions/interfaces_pseudo-ethernet.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="pseudo-ethernet" owner="${vyos_conf_scripts_dir}/interfaces-pseudo-ethernet.py"> + <tagNode name="pseudo-ethernet" owner="${vyos_conf_scripts_dir}/interfaces_pseudo-ethernet.py"> <properties> <help>Pseudo Ethernet Interface (Macvlan)</help> <priority>321</priority> diff --git a/interface-definitions/interfaces-sstpc.xml.in b/interface-definitions/interfaces_sstpc.xml.in index b569e9bde..b7c49446f 100644 --- a/interface-definitions/interfaces-sstpc.xml.in +++ b/interface-definitions/interfaces_sstpc.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="sstpc" owner="${vyos_conf_scripts_dir}/interfaces-sstpc.py"> + <tagNode name="sstpc" owner="${vyos_conf_scripts_dir}/interfaces_sstpc.py"> <properties> <help>Secure Socket Tunneling Protocol (SSTP) client Interface</help> <priority>460</priority> diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces_tunnel.xml.in index 58f95dddb..99d9b34c6 100644 --- a/interface-definitions/interfaces-tunnel.xml.in +++ b/interface-definitions/interfaces_tunnel.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="tunnel" owner="${vyos_conf_scripts_dir}/interfaces-tunnel.py"> + <tagNode name="tunnel" owner="${vyos_conf_scripts_dir}/interfaces_tunnel.py"> <properties> <help>Tunnel interface</help> <priority>380</priority> diff --git a/interface-definitions/interfaces-virtual-ethernet.xml.in b/interface-definitions/interfaces_virtual-ethernet.xml.in index 5f205f354..c4610feec 100644 --- a/interface-definitions/interfaces-virtual-ethernet.xml.in +++ b/interface-definitions/interfaces_virtual-ethernet.xml.in @@ -2,14 +2,14 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="virtual-ethernet" owner="${vyos_conf_scripts_dir}/interfaces-virtual-ethernet.py"> + <tagNode name="virtual-ethernet" owner="${vyos_conf_scripts_dir}/interfaces_virtual-ethernet.py"> <properties> <help>Virtual Ethernet (veth) Interface</help> <priority>300</priority> <constraint> <regex>veth[0-9]+</regex> </constraint> - <constraintErrorMessage>Virutal Ethernet interface must be named vethN</constraintErrorMessage> + <constraintErrorMessage>Virtual Ethernet interface must be named vethN</constraintErrorMessage> <valueHelp> <format>vethN</format> <description>Virtual Ethernet interface name</description> diff --git a/interface-definitions/interfaces-vti.xml.in b/interface-definitions/interfaces_vti.xml.in index b116f7386..158d9afd0 100644 --- a/interface-definitions/interfaces-vti.xml.in +++ b/interface-definitions/interfaces_vti.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="vti" owner="${vyos_conf_scripts_dir}/interfaces-vti.py"> + <tagNode name="vti" owner="${vyos_conf_scripts_dir}/interfaces_vti.py"> <properties> <help>Virtual Tunnel Interface (XFRM)</help> <priority>381</priority> diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces_vxlan.xml.in index b246d9a09..504c08e7e 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces_vxlan.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="vxlan" owner="${vyos_conf_scripts_dir}/interfaces-vxlan.py"> + <tagNode name="vxlan" owner="${vyos_conf_scripts_dir}/interfaces_vxlan.py"> <properties> <help>Virtual Extensible LAN (VXLAN) Interface</help> <priority>460</priority> @@ -19,12 +19,6 @@ #include <include/interface/address-ipv4-ipv6.xml.i> #include <include/generic-description.xml.i> #include <include/interface/disable.xml.i> - <leafNode name="external"> - <properties> - <help>Use external control plane</help> - <valueless/> - </properties> - </leafNode> <leafNode name="gpe"> <properties> <help>Enable Generic Protocol extension (VXLAN-GPE)</help> @@ -54,9 +48,6 @@ #include <include/interface/mac.xml.i> #include <include/interface/mtu-1200-16000.xml.i> #include <include/interface/mirror.xml.i> - <leafNode name="mtu"> - <defaultValue>1450</defaultValue> - </leafNode> <node name="parameters"> <properties> <help>VXLAN tunnel parameters</help> @@ -83,17 +74,35 @@ #include <include/interface/parameters-flowlabel.xml.i> </children> </node> + <leafNode name="external"> + <properties> + <help>Use external control plane</help> + <valueless/> + </properties> + </leafNode> <leafNode name="nolearning"> <properties> <help>Do not add unknown addresses into forwarding database</help> <valueless/> </properties> </leafNode> + <leafNode name="neighbor-suppress"> + <properties> + <help>Enable neighbor discovery (ARP and ND) suppression</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="vni-filter"> + <properties> + <help>Enable VNI filter support</help> + <valueless/> + </properties> + </leafNode> </children> </node> #include <include/port-number.xml.i> <leafNode name="port"> - <defaultValue>8472</defaultValue> + <defaultValue>4789</defaultValue> </leafNode> #include <include/source-address-ipv4-ipv6.xml.i> #include <include/source-interface.xml.i> diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in index 3c79cef28..fba1064ef 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces_wireguard.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="wireguard" owner="${vyos_conf_scripts_dir}/interfaces-wireguard.py"> + <tagNode name="wireguard" owner="${vyos_conf_scripts_dir}/interfaces_wireguard.py"> <properties> <help>WireGuard Interface</help> <priority>379</priority> @@ -44,9 +44,9 @@ <properties> <help>Base64 encoded private key</help> <constraint> - <regex>[0-9a-zA-Z\+/]{43}=</regex> + <validator name="base64"/> </constraint> - <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage> + <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <tagNode name="peer"> @@ -64,18 +64,18 @@ <properties> <help>base64 encoded public key</help> <constraint> - <regex>[0-9a-zA-Z\+/]{43}=</regex> + <validator name="base64"/> </constraint> - <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage> + <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="preshared-key"> <properties> <help>base64 encoded preshared key</help> <constraint> - <regex>[0-9a-zA-Z\+/]{43}=</regex> + <validator name="base64"/> </constraint> - <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage> + <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="allowed-ips"> diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in index 88b858c07..b5da0a556 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces_wireless.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="wireless" owner="${vyos_conf_scripts_dir}/interfaces-wireless.py"> + <tagNode name="wireless" owner="${vyos_conf_scripts_dir}/interfaces_wireless.py"> <properties> <help>Wireless (WiFi/WLAN) Network Interface</help> <priority>318</priority> diff --git a/interface-definitions/interfaces-wwan.xml.in b/interface-definitions/interfaces_wwan.xml.in index 5fa3be8db..1580c3bcb 100644 --- a/interface-definitions/interfaces-wwan.xml.in +++ b/interface-definitions/interfaces_wwan.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="wwan" owner="${vyos_conf_scripts_dir}/interfaces-wwan.py"> + <tagNode name="wwan" owner="${vyos_conf_scripts_dir}/interfaces_wwan.py"> <properties> <help>Wireless Modem (WWAN) Interface</help> <priority>350</priority> diff --git a/interface-definitions/load-balancing-haproxy.xml.in b/interface-definitions/load-balancing_reverse-proxy.xml.in index 564c335ec..2c2742dff 100644 --- a/interface-definitions/load-balancing-haproxy.xml.in +++ b/interface-definitions/load-balancing_reverse-proxy.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="load-balancing"> <children> - <node name="reverse-proxy" owner="${vyos_conf_scripts_dir}/load-balancing-haproxy.py"> + <node name="reverse-proxy" owner="${vyos_conf_scripts_dir}/load-balancing_reverse-proxy.py"> <properties> <help>Configure reverse-proxy</help> </properties> @@ -49,7 +49,7 @@ <help>SSL Certificate, SSL Key and CA</help> </properties> <children> - #include <include/pki/certificate.xml.i> + #include <include/pki/certificate-multi.xml.i> </children> </node> </children> diff --git a/interface-definitions/load-balancing-wan.xml.in b/interface-definitions/load-balancing_wan.xml.in index c12cab22a..e117fd1b2 100644 --- a/interface-definitions/load-balancing-wan.xml.in +++ b/interface-definitions/load-balancing_wan.xml.in @@ -6,7 +6,7 @@ <priority>900</priority> </properties> <children> - <node name="wan" owner="${vyos_conf_scripts_dir}/load-balancing-wan.py"> + <node name="wan" owner="${vyos_conf_scripts_dir}/load-balancing_wan.py"> <properties> <help>Configure Wide Area Network (WAN) load-balancing</help> </properties> diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in index a06ceefb6..0a639bd80 100644 --- a/interface-definitions/nat.xml.in +++ b/interface-definitions/nat.xml.in @@ -14,7 +14,7 @@ #include <include/nat-rule.xml.i> <tagNode name="rule"> <children> - #include <include/inbound-interface.xml.i> + #include <include/firewall/inbound-interface.xml.i> <node name="translation"> <properties> <help>Inside NAT IP (destination NAT only)</help> @@ -77,7 +77,7 @@ <constraintErrorMessage>NAT rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> - #include <include/nat-interface.xml.i> + #include <include/firewall/outbound-interface.xml.i> <node name="translation"> <properties> <help>Outside NAT IP (source NAT only)</help> diff --git a/interface-definitions/nat64.xml.in b/interface-definitions/nat64.xml.in new file mode 100644 index 000000000..dfdd295d2 --- /dev/null +++ b/interface-definitions/nat64.xml.in @@ -0,0 +1,116 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="nat64" owner="${vyos_conf_scripts_dir}/nat64.py"> + <properties> + <help>IPv6-to-IPv4 Network Address Translation (NAT64) Settings</help> + <priority>501</priority> + </properties> + <children> + <node name="source"> + <properties> + <help>IPv6 source to IPv4 destination address translation</help> + </properties> + <children> + <tagNode name="rule"> + <properties> + <help>Source NAT64 rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>NAT64 rule number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/generic-disable-node.xml.i> + <node name="match"> + <properties> + <help>Match</help> + </properties> + <children> + <leafNode name="mark"> + <properties> + <help>Match fwmark value</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Fwmark value to match against</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="source"> + <properties> + <help>IPv6 source prefix options</help> + </properties> + <children> + <leafNode name="prefix"> + <properties> + <help>IPv6 prefix to be translated</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="translation"> + <properties> + <help>Translated IPv4 address options</help> + </properties> + <children> + <tagNode name="pool"> + <properties> + <help>Translation IPv4 pool number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>NAT64 pool number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/generic-disable-node.xml.i> + #include <include/nat-translation-port.xml.i> + #include <include/nat64/protocol.xml.i> + <leafNode name="address"> + <properties> + <help>IPv4 address or prefix to translate to</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in index 7a8970bdf..1518de8bd 100644 --- a/interface-definitions/nat66.xml.in +++ b/interface-definitions/nat66.xml.in @@ -25,27 +25,10 @@ </properties> <children> #include <include/generic-description.xml.i> - <leafNode name="disable"> - <properties> - <help>Disable NAT66 rule</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> #include <include/nat-exclude.xml.i> - <leafNode name="log"> - <properties> - <help>NAT66 rule logging</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="outbound-interface"> - <properties> - <help>Outbound interface of NAT66 traffic</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> + #include <include/firewall/log.xml.i> + #include <include/firewall/outbound-interface-no-group.xml.i> #include <include/nat/protocol.xml.i> <node name="destination"> <properties> @@ -153,12 +136,7 @@ </properties> <children> #include <include/generic-description.xml.i> - <leafNode name="disable"> - <properties> - <help>Disable NAT66 rule</help> - <valueless/> - </properties> - </leafNode> + #include <include/generic-disable-node.xml.i> #include <include/nat-exclude.xml.i> <leafNode name="log"> <properties> @@ -166,15 +144,7 @@ <valueless/> </properties> </leafNode> - <leafNode name="inbound-interface"> - <properties> - <help>Inbound interface of NAT66 traffic</help> - <completionHelp> - <list>any</list> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> + #include <include/firewall/inbound-interface-no-group.xml.i> #include <include/nat/protocol.xml.i> <node name="destination"> <properties> diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in index a13a357fd..0ed199539 100644 --- a/interface-definitions/pki.xml.in +++ b/interface-definitions/pki.xml.in @@ -9,11 +9,18 @@ <tagNode name="ca"> <properties> <help>Certificate Authority</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> </properties> <children> <leafNode name="certificate"> <properties> <help>CA certificate in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>CA certificate is not base64-encoded</constraintErrorMessage> </properties> </leafNode> #include <include/generic-description.xml.i> @@ -25,6 +32,10 @@ <leafNode name="key"> <properties> <help>CA private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>CA private key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="password-protected"> @@ -38,6 +49,10 @@ <leafNode name="crl"> <properties> <help>Certificate revocation list in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>CRL is not base64-encoded</constraintErrorMessage> <multi/> </properties> </leafNode> @@ -52,13 +67,74 @@ <tagNode name="certificate"> <properties> <help>Certificate</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> </properties> <children> <leafNode name="certificate"> <properties> <help>Certificate in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage> </properties> </leafNode> + <node name="acme"> + <properties> + <help>Automatic Certificate Management Environment (ACME) request</help> + </properties> + <children> + #include <include/url-http-https.xml.i> + <leafNode name="url"> + <defaultValue>https://acme-v02.api.letsencrypt.org/directory</defaultValue> + </leafNode> + <leafNode name="domain-name"> + <properties> + <help>Domain Name</help> + <constraint> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="email"> + <properties> + <help>Email address to associate with certificate</help> + <constraint> + #include <include/constraint/email.xml.i> + </constraint> + </properties> + </leafNode> + #include <include/listen-address-ipv4-single.xml.i> + <leafNode name="rsa-key-size"> + <properties> + <help>Size of the RSA key</help> + <completionHelp> + <list>2048 3072 4096</list> + </completionHelp> + <valueHelp> + <format>2048</format> + <description>RSA key length 2048 bit</description> + </valueHelp> + <valueHelp> + <format>3072</format> + <description>RSA key length 3072 bit</description> + </valueHelp> + <valueHelp> + <format>4096</format> + <description>RSA key length 4096 bit</description> + </valueHelp> + <constraint> + <regex>(2048|3072|4096)</regex> + </constraint> + </properties> + <defaultValue>2048</defaultValue> + </leafNode> + </children> + </node> #include <include/generic-description.xml.i> <node name="private"> <properties> @@ -68,6 +144,10 @@ <leafNode name="key"> <properties> <help>Certificate private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Certificate private key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="password-protected"> @@ -89,11 +169,18 @@ <tagNode name="dh"> <properties> <help>Diffie-Hellman parameters</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> </properties> <children> <leafNode name="parameters"> <properties> <help>DH parameters in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>DH parameters are not base64-encoded</constraintErrorMessage> </properties> </leafNode> </children> @@ -111,6 +198,10 @@ <leafNode name="key"> <properties> <help>Public key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Public key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> </children> @@ -123,6 +214,10 @@ <leafNode name="key"> <properties> <help>Private key in PEM format</help> + <constraint> + <validator name="base64"/> + </constraint> + <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage> </properties> </leafNode> <leafNode name="password-protected"> diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index c470cfdb3..0d82cd3f8 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -476,7 +476,7 @@ <description>Route map name</description> </valueHelp> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> </properties> @@ -1446,9 +1446,18 @@ <format>u32:0-4294967295</format> <description>Metric value</description> </valueHelp> + <valueHelp> + <format><+/-rtt></format> + <description>Add or subtract round trip time</description> + </valueHelp> + <valueHelp> + <format><rtt></format> + <description>Round trip time</description> + </valueHelp> <constraint> <validator name="numeric" argument="--relative --"/> <validator name="numeric" argument="--range 0-4294967295"/> + <regex>^[+|-]?rtt$</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy_local-route.xml.in index 6827bd64e..7a019154a 100644 --- a/interface-definitions/policy-local-route.xml.in +++ b/interface-definitions/policy_local-route.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="policy"> <children> - <node name="local-route" owner="${vyos_conf_scripts_dir}/policy-local-route.py"> + <node name="local-route" owner="${vyos_conf_scripts_dir}/policy_local-route.py"> <properties> <help>IPv4 policy route of local traffic</help> <priority>500</priority> @@ -60,6 +60,7 @@ </properties> <children> #include <include/policy/local-route_rule_ipv4_address.xml.i> + #include <include/port-number.xml.i> </children> </node> <node name="destination"> @@ -68,6 +69,7 @@ </properties> <children> #include <include/policy/local-route_rule_ipv4_address.xml.i> + #include <include/port-number.xml.i> </children> </node> #include <include/interface/inbound-interface.xml.i> @@ -75,7 +77,7 @@ </tagNode> </children> </node> - <node name="local-route6" owner="${vyos_conf_scripts_dir}/policy-local-route.py"> + <node name="local-route6" owner="${vyos_conf_scripts_dir}/policy_local-route.py"> <properties> <help>IPv6 policy route of local traffic</help> <priority>500</priority> @@ -125,12 +127,14 @@ </constraint> </properties> </leafNode> + #include <include/policy/local-route_rule_protocol.xml.i> <node name="source"> <properties> <help>Source parameters</help> </properties> <children> #include <include/policy/local-route_rule_ipv6_address.xml.i> + #include <include/port-number.xml.i> </children> </node> <node name="destination"> @@ -139,6 +143,7 @@ </properties> <children> #include <include/policy/local-route_rule_ipv6_address.xml.i> + #include <include/port-number.xml.i> </children> </node> #include <include/interface/inbound-interface.xml.i> diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy_route.xml.in index d4ec75786..9cc22540b 100644 --- a/interface-definitions/policy-route.xml.in +++ b/interface-definitions/policy_route.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="policy"> <children> - <tagNode name="route6" owner="${vyos_conf_scripts_dir}/policy-route.py"> + <tagNode name="route6" owner="${vyos_conf_scripts_dir}/policy_route.py"> <properties> <help>Policy route rule set name for IPv6</help> <constraint> @@ -12,7 +12,7 @@ </properties> <children> #include <include/generic-description.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-interface-multi-wildcard.xml.i> <tagNode name="rule"> <properties> @@ -57,7 +57,7 @@ </tagNode> </children> </tagNode> - <tagNode name="route" owner="${vyos_conf_scripts_dir}/policy-route.py"> + <tagNode name="route" owner="${vyos_conf_scripts_dir}/policy_route.py"> <properties> <help>Policy route rule set name for IPv4</help> <constraint> @@ -67,7 +67,7 @@ </properties> <children> #include <include/generic-description.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-interface-multi-wildcard.xml.i> <tagNode name="rule"> <properties> diff --git a/interface-definitions/protocols-igmp.xml.in b/interface-definitions/protocols-igmp.xml.in deleted file mode 100644 index a055db71e..000000000 --- a/interface-definitions/protocols-igmp.xml.in +++ /dev/null @@ -1,95 +0,0 @@ -<?xml version="1.0"?> -<!-- Internet Group Management Protocol (IGMP) configuration --> -<interfaceDefinition> - <node name="protocols"> - <children> - <node name="igmp" owner="${vyos_conf_scripts_dir}/protocols_igmp.py"> - <properties> - <help>Internet Group Management Protocol (IGMP)</help> - </properties> - <children> - <tagNode name="interface"> - <properties> - <help>IGMP interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - <children> - <tagNode name="join"> - <properties> - <help>IGMP join multicast group</help> - <valueHelp> - <format>ipv4</format> - <description>Multicast group address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - <children> - <leafNode name="source"> - <properties> - <help>Source address</help> - <valueHelp> - <format>ipv4</format> - <description>Source address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="version"> - <properties> - <help>IGMP version</help> - <completionHelp> - <list>2 3</list> - </completionHelp> - <valueHelp> - <format>2</format> - <description>IGMP version 2</description> - </valueHelp> - <valueHelp> - <format>3</format> - <description>IGMP version 3</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 2-3"/> - </constraint> - </properties> - </leafNode> - <leafNode name="query-interval"> - <properties> - <help>IGMP host query interval</help> - <valueHelp> - <format>u32:1-1800</format> - <description>Query interval in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-1800"/> - </constraint> - </properties> - </leafNode> - <leafNode name="query-max-response-time"> - <properties> - <help>IGMP max query response time</help> - <valueHelp> - <format>u32:10-250</format> - <description>Query response value in deci-seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 10-250"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/protocols-pim.xml.in b/interface-definitions/protocols-pim.xml.in deleted file mode 100644 index e9475930c..000000000 --- a/interface-definitions/protocols-pim.xml.in +++ /dev/null @@ -1,96 +0,0 @@ -<?xml version="1.0"?> -<!-- Protocol Independent Multicast (PIM) configuration --> -<interfaceDefinition> - <node name="protocols"> - <children> - <node name="pim" owner="${vyos_conf_scripts_dir}/protocols_pim.py"> - <properties> - <help>Protocol Independent Multicast (PIM)</help> - <priority>400</priority> - </properties> - <children> - <tagNode name="interface"> - <properties> - <help>PIM interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - <children> - <leafNode name="dr-priority"> - <properties> - <help>Designated Router Election Priority</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>Value of the new DR Priority</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - </leafNode> - <leafNode name="hello"> - <properties> - <help>Hello Interval</help> - <valueHelp> - <format>u32:1-180</format> - <description>Hello Interval in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-180"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - <node name="rp"> - <properties> - <help>Rendezvous Point</help> - </properties> - <children> - <tagNode name="address"> - <properties> - <help>Rendezvous Point address</help> - <valueHelp> - <format>ipv4</format> - <description>Rendezvous Point address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - <children> - <leafNode name="group"> - <properties> - <help>Group Address range</help> - <valueHelp> - <format>ipv4net</format> - <description>Group Address range RFC 3171</description> - </valueHelp> - <constraint> - <validator name="ip-prefix"/> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="keep-alive-timer"> - <properties> - <help>Keep alive Timer</help> - <valueHelp> - <format>u32:31-60000</format> - <description>Keep alive Timer in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 31-60000"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/protocols-babel.xml.in b/interface-definitions/protocols_babel.xml.in index 49fffe230..49fffe230 100644 --- a/interface-definitions/protocols-babel.xml.in +++ b/interface-definitions/protocols_babel.xml.in diff --git a/interface-definitions/protocols-bfd.xml.in b/interface-definitions/protocols_bfd.xml.in index 9048cf5c2..9048cf5c2 100644 --- a/interface-definitions/protocols-bfd.xml.in +++ b/interface-definitions/protocols_bfd.xml.in diff --git a/interface-definitions/protocols-bgp.xml.in b/interface-definitions/protocols_bgp.xml.in index e1a822999..e1a822999 100644 --- a/interface-definitions/protocols-bgp.xml.in +++ b/interface-definitions/protocols_bgp.xml.in diff --git a/interface-definitions/protocols-eigrp.xml.in b/interface-definitions/protocols_eigrp.xml.in index 88a881a1e..88a881a1e 100644 --- a/interface-definitions/protocols-eigrp.xml.in +++ b/interface-definitions/protocols_eigrp.xml.in diff --git a/interface-definitions/protocols-failover.xml.in b/interface-definitions/protocols_failover.xml.in index c0caec68e..c0caec68e 100644 --- a/interface-definitions/protocols-failover.xml.in +++ b/interface-definitions/protocols_failover.xml.in diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/protocols_igmp-proxy.xml.in index 0eea85060..5cde484f5 100644 --- a/interface-definitions/igmp-proxy.xml.in +++ b/interface-definitions/protocols_igmp-proxy.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="protocols"> <children> - <node name="igmp-proxy" owner="${vyos_conf_scripts_dir}/igmp_proxy.py"> + <node name="igmp-proxy" owner="${vyos_conf_scripts_dir}/protocols_igmp-proxy.py"> <properties> <help>Internet Group Management Protocol (IGMP) proxy parameters</help> <priority>740</priority> diff --git a/interface-definitions/protocols-isis.xml.in b/interface-definitions/protocols_isis.xml.in index e0bc47bb9..e0bc47bb9 100644 --- a/interface-definitions/protocols-isis.xml.in +++ b/interface-definitions/protocols_isis.xml.in diff --git a/interface-definitions/protocols-mpls.xml.in b/interface-definitions/protocols_mpls.xml.in index 831601fc6..831601fc6 100644 --- a/interface-definitions/protocols-mpls.xml.in +++ b/interface-definitions/protocols_mpls.xml.in diff --git a/interface-definitions/protocols-nhrp.xml.in b/interface-definitions/protocols_nhrp.xml.in index d7663c095..d7663c095 100644 --- a/interface-definitions/protocols-nhrp.xml.in +++ b/interface-definitions/protocols_nhrp.xml.in diff --git a/interface-definitions/protocols-ospf.xml.in b/interface-definitions/protocols_ospf.xml.in index b3c063d0d..b3c063d0d 100644 --- a/interface-definitions/protocols-ospf.xml.in +++ b/interface-definitions/protocols_ospf.xml.in diff --git a/interface-definitions/protocols-ospfv3.xml.in b/interface-definitions/protocols_ospfv3.xml.in index 2b98ffa7b..2b98ffa7b 100644 --- a/interface-definitions/protocols-ospfv3.xml.in +++ b/interface-definitions/protocols_ospfv3.xml.in diff --git a/interface-definitions/protocols_pim.xml.in b/interface-definitions/protocols_pim.xml.in new file mode 100644 index 000000000..4a20c0d9b --- /dev/null +++ b/interface-definitions/protocols_pim.xml.in @@ -0,0 +1,210 @@ +<?xml version="1.0"?> +<!-- Protocol Independent Multicast (PIM) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="pim" owner="${vyos_conf_scripts_dir}/protocols_pim.py"> + <properties> + <help>Protocol Independent Multicast (PIM) and IGMP</help> + <priority>400</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>PIM interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + #include <include/bfd/bfd.xml.i> + #include <include/pim/bsm.xml.i> + #include <include/pim/dr-priority.xml.i> + #include <include/pim/hello.xml.i> + #include <include/pim/passive.xml.i> + #include <include/source-address-ipv4.xml.i> + <node name="igmp"> + <properties> + <help>Internet Group Management Protocol (IGMP) options</help> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <tagNode name="join"> + <properties> + <help>IGMP join multicast group</help> + <valueHelp> + <format>ipv4</format> + <description>Multicast group address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/source-address-ipv4-multi.xml.i> + </children> + </tagNode> + <leafNode name="query-interval"> + <properties> + <help>IGMP host query interval</help> + <valueHelp> + <format>u32:1-1800</format> + <description>Query interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1800"/> + </constraint> + </properties> + </leafNode> + <leafNode name="query-max-response-time"> + <properties> + <help>IGMP max query response time</help> + <valueHelp> + <format>u32:10-250</format> + <description>Query response value in deci-seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-250"/> + </constraint> + </properties> + </leafNode> + <leafNode name="version"> + <properties> + <help>Interface IGMP version</help> + <completionHelp> + <list>2 3</list> + </completionHelp> + <valueHelp> + <format>2</format> + <description>IGMP version 2</description> + </valueHelp> + <valueHelp> + <format>3</format> + <description>IGMP version 3</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 2-3"/> + </constraint> + </properties> + <defaultValue>3</defaultValue> + </leafNode> + </children> + </node> + </children> + </tagNode> + <node name="ecmp"> + <properties> + <help>Enable PIM ECMP</help> + </properties> + <children> + <leafNode name="rebalance"> + <properties> + <help>Enable PIM ECMP Rebalance</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <node name="igmp"> + <properties> + <help>Internet Group Management Protocol (IGMP) options</help> + </properties> + <children> + <leafNode name="watermark-warning"> + <properties> + <help>Configure group limit for watermark warning</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Group count to generate watermark warning</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + #include <include/pim/join-prune-interval.xml.i> + #include <include/pim/keep-alive-timer.xml.i> + #include <include/pim/packets.xml.i> + #include <include/pim/register-suppress-time.xml.i> + <node name="register-accept-list"> + <properties> + <help>Only accept registers from a specific source prefix list</help> + </properties> + <children> + #include <include/policy/prefix-list.xml.i> + </children> + </node> + <node name="rp"> + <properties> + <help>Rendezvous Point</help> + </properties> + <children> + <tagNode name="address"> + <properties> + <help>Rendezvous Point address</help> + <valueHelp> + <format>ipv4</format> + <description>Rendezvous Point address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + <leafNode name="group"> + <properties> + <help>Group Address range</help> + <valueHelp> + <format>ipv4net</format> + <description>Group Address range RFC 3171</description> + </valueHelp> + <constraint> + <validator name="ip-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + #include <include/pim/keep-alive-timer.xml.i> + </children> + </node> + <leafNode name="no-v6-secondary"> + <properties> + <help>Disable IPv6 secondary address in hello packets</help> + <valueless/> + </properties> + </leafNode> + <node name="spt-switchover"> + <properties> + <help>Shortest-path tree (SPT) switchover</help> + </properties> + <children> + <node name="infinity-and-beyond"> + <properties> + <help>Never switch to SPT Tree</help> + </properties> + <children> + #include <include/policy/prefix-list.xml.i> + </children> + </node> + </children> + </node> + <node name="ssm"> + <properties> + <help>Source-Specific Multicast</help> + </properties> + <children> + #include <include/policy/prefix-list.xml.i> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-pim6.xml.in b/interface-definitions/protocols_pim6.xml.in index 58ef5a1e3..8bd3f3fee 100644 --- a/interface-definitions/protocols-pim6.xml.in +++ b/interface-definitions/protocols_pim6.xml.in @@ -5,7 +5,7 @@ <children> <node name="pim6" owner="${vyos_conf_scripts_dir}/protocols_pim6.py"> <properties> - <help>Protocol Independent Multicast for IPv6 (PIMv6)</help> + <help>Protocol Independent Multicast for IPv6 (PIMv6) and MLD</help> <priority>400</priority> </properties> <children> @@ -15,8 +15,15 @@ <completionHelp> <script>${vyos_completion_dir}/list_interfaces</script> </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> </properties> <children> + #include <include/pim/bsm.xml.i> + #include <include/pim/dr-priority.xml.i> + #include <include/pim/hello.xml.i> + #include <include/pim/passive.xml.i> <node name="mld"> <properties> <help>Multicast Listener Discovery (MLD)</help> @@ -53,25 +60,29 @@ </leafNode> </children> </tagNode> - <leafNode name="version"> + <leafNode name="last-member-query-count"> <properties> - <help>MLD version</help> - <completionHelp> - <list>1 2</list> - </completionHelp> + <help>Last member query count</help> <valueHelp> - <format>1</format> - <description>MLD version 1</description> + <format>u32:1-255</format> + <description>Count</description> </valueHelp> - <valueHelp> - <format>2</format> - <description>MLD version 2</description> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <leafNode name="last-member-query-interval"> + <properties> + <help>Last member query interval</help> + <valueHelp> + <format>u32:100-6553500</format> + <description>Last member query interval in milliseconds</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1-2"/> + <validator name="numeric" argument="--range 100-6553500"/> </constraint> </properties> - <defaultValue>2</defaultValue> </leafNode> <leafNode name="interval"> <properties> @@ -97,34 +108,70 @@ </constraint> </properties> </leafNode> - <leafNode name="last-member-query-count"> + <leafNode name="version"> <properties> - <help>Last member query count</help> + <help>MLD version</help> + <completionHelp> + <list>1 2</list> + </completionHelp> <valueHelp> - <format>u32:1-255</format> - <description>Count</description> + <format>1</format> + <description>MLD version 1</description> + </valueHelp> + <valueHelp> + <format>2</format> + <description>MLD version 2</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1-255"/> + <validator name="numeric" argument="--range 1-2"/> </constraint> </properties> + <defaultValue>2</defaultValue> </leafNode> - <leafNode name="last-member-query-interval"> + </children> + </node> + </children> + </tagNode> + #include <include/pim/join-prune-interval.xml.i> + #include <include/pim/keep-alive-timer.xml.i> + #include <include/pim/packets.xml.i> + #include <include/pim/register-suppress-time.xml.i> + <node name="rp"> + <properties> + <help>Rendezvous Point</help> + </properties> + <children> + <tagNode name="address"> + <properties> + <help>Rendezvous Point address</help> + <valueHelp> + <format>ipv6</format> + <description>Rendezvous Point address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + <leafNode name="group"> <properties> - <help>Last member query interval</help> + <help>Group Address range</help> <valueHelp> - <format>u32:100-6553500</format> - <description>Last member query interval in milliseconds</description> + <format>ipv6net</format> + <description>Group Address range</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 100-6553500"/> + <validator name="ipv6-prefix"/> </constraint> + <multi/> </properties> </leafNode> + #include <include/policy/prefix-list6.xml.i> </children> - </node> + </tagNode> + #include <include/pim/keep-alive-timer.xml.i> </children> - </tagNode> + </node> </children> </node> </children> diff --git a/interface-definitions/protocols-rip.xml.in b/interface-definitions/protocols_rip.xml.in index 0edd8f2ce..0edd8f2ce 100644 --- a/interface-definitions/protocols-rip.xml.in +++ b/interface-definitions/protocols_rip.xml.in diff --git a/interface-definitions/protocols-ripng.xml.in b/interface-definitions/protocols_ripng.xml.in index 9d4d87422..9d4d87422 100644 --- a/interface-definitions/protocols-ripng.xml.in +++ b/interface-definitions/protocols_ripng.xml.in diff --git a/interface-definitions/protocols-rpki.xml.in b/interface-definitions/protocols_rpki.xml.in index e9fd04b5f..6a38b2961 100644 --- a/interface-definitions/protocols-rpki.xml.in +++ b/interface-definitions/protocols_rpki.xml.in @@ -46,14 +46,6 @@ <help>RPKI SSH connection settings</help> </properties> <children> - <leafNode name="known-hosts-file"> - <properties> - <help>RPKI SSH known hosts file</help> - <constraint> - <validator name="file-path"/> - </constraint> - </properties> - </leafNode> <leafNode name="private-key-file"> <properties> <help>RPKI SSH private key file</help> diff --git a/interface-definitions/protocols_segment-routing.xml.in b/interface-definitions/protocols_segment-routing.xml.in new file mode 100644 index 000000000..c299f624e --- /dev/null +++ b/interface-definitions/protocols_segment-routing.xml.in @@ -0,0 +1,137 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="segment-routing" owner="${vyos_conf_scripts_dir}/protocols_segment-routing.py"> + <properties> + <help>Segment Routing</help> + <priority>900</priority> + </properties> + <children> + <tagNode name="interface"> + <properties> + <help>Interface specific Segment Routing options</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <node name="srv6"> + <properties> + <help>Accept SR-enabled IPv6 packets on this interface</help> + </properties> + <children> + <leafNode name="hmac"> + <properties> + <help>Define HMAC policy for ingress SR-enabled packets on this interface</help> + <completionHelp> + <list>accept drop ignore</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept packets without HMAC, validate packets with HMAC</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop packets without HMAC, validate packets with HMAC</description> + </valueHelp> + <valueHelp> + <format>ignore</format> + <description>Ignore HMAC field.</description> + </valueHelp> + <constraint> + <regex>(accept|drop|ignore)</regex> + </constraint> + </properties> + <defaultValue>accept</defaultValue> + </leafNode> + </children> + </node> + </children> + </tagNode> + <node name="srv6"> + <properties> + <help>Segment-Routing SRv6 configuration</help> + </properties> + <children> + <tagNode name="locator"> + <properties> + <help>Segment Routing SRv6 locator</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + </properties> + <children> + <leafNode name="behavior-usid"> + <properties> + <help>Set SRv6 behavior uSID</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="prefix"> + <properties> + <help>SRv6 locator prefix</help> + <valueHelp> + <format>ipv6net</format> + <description>SRv6 locator prefix</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="block-len"> + <properties> + <help>Configure SRv6 locator block length in bits</help> + <valueHelp> + <format>u32:16-64</format> + <description>Specify SRv6 locator block length in bits</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 16-64"/> + </constraint> + </properties> + <defaultValue>40</defaultValue> + </leafNode> + <leafNode name="func-bits"> + <properties> + <help>Configure SRv6 locator function length in bits</help> + <valueHelp> + <format>u32:0-64</format> + <description>Specify SRv6 locator function length in bits</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-64"/> + </constraint> + </properties> + <defaultValue>16</defaultValue> + </leafNode> + <leafNode name="node-len"> + <properties> + <help>Configure SRv6 locator node length in bits</help> + <valueHelp> + <format>u32:16-64</format> + <description>Configure SRv6 locator node length in bits</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 16-64"/> + </constraint> + </properties> + <defaultValue>24</defaultValue> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-static.xml.in b/interface-definitions/protocols_static.xml.in index ca4ca2d74..ca4ca2d74 100644 --- a/interface-definitions/protocols-static.xml.in +++ b/interface-definitions/protocols_static.xml.in diff --git a/interface-definitions/protocols-static-arp.xml.in b/interface-definitions/protocols_static_arp.xml.in index 4b338df63..05c69f1ed 100644 --- a/interface-definitions/protocols-static-arp.xml.in +++ b/interface-definitions/protocols_static_arp.xml.in @@ -4,7 +4,7 @@ <children> <node name="static"> <children> - <node name="arp" owner="${vyos_conf_scripts_dir}/arp.py"> + <node name="arp" owner="${vyos_conf_scripts_dir}/protocols_static_arp.py"> <properties> <help>Static ARP translation</help> </properties> diff --git a/interface-definitions/protocols-multicast.xml.in b/interface-definitions/protocols_static_multicast.xml.in index c8e28ed35..c8e28ed35 100644 --- a/interface-definitions/protocols-multicast.xml.in +++ b/interface-definitions/protocols_static_multicast.xml.in diff --git a/interface-definitions/protocols_static_neighbor-proxy.xml.in b/interface-definitions/protocols_static_neighbor-proxy.xml.in new file mode 100644 index 000000000..1c8433a39 --- /dev/null +++ b/interface-definitions/protocols_static_neighbor-proxy.xml.in @@ -0,0 +1,48 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="static"> + <children> + <node name="neighbor-proxy" owner="${vyos_conf_scripts_dir}/protocols_static_neighbor-proxy.py"> + <properties> + <help>Neighbor proxy parameters</help> + </properties> + <children> + <tagNode name="arp"> + <properties> + <help>IP address for selective ARP proxy</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 destination address allowed for proxy-arp</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/generic-interface-multi.xml.i> + </children> + </tagNode> + <tagNode name="nd"> + <properties> + <help>IPv6 address for selective NDP proxy</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 destination address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + #include <include/generic-interface-multi.xml.i> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/qos.xml.in b/interface-definitions/qos.xml.in index c7bd8606a..31b9a7d21 100644 --- a/interface-definitions/qos.xml.in +++ b/interface-definitions/qos.xml.in @@ -122,13 +122,19 @@ </leafNode> <leafNode name="dual-src-host"> <properties> - <help>Flows are defined by the 5-tuple, and fairness is applied first over source addresses, then over individual flows</help> + <help>Flows are defined by the 5-tuple, fairness is applied first over source addresses, then over individual flows</help> <valueless/> </properties> </leafNode> <leafNode name="dual-dst-host"> <properties> - <help>Flows are defined by the 5-tuple, and fairness is applied first over destination addresses, then over individual flows</help> + <help>Flows are defined by the 5-tuple, fairness is applied first over destination addresses, then over individual flows</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="triple-isolate"> + <properties> + <help>Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows (default)</help> <valueless/> </properties> </leafNode> diff --git a/interface-definitions/service-aws-glb.xml.in b/interface-definitions/service_aws_glb.xml.in index c749fd04e..c749fd04e 100644 --- a/interface-definitions/service-aws-glb.xml.in +++ b/interface-definitions/service_aws_glb.xml.in diff --git a/interface-definitions/bcast-relay.xml.in b/interface-definitions/service_broadcast-relay.xml.in index e2993f3f3..2e4330e20 100644 --- a/interface-definitions/bcast-relay.xml.in +++ b/interface-definitions/service_broadcast-relay.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="broadcast-relay" owner="${vyos_conf_scripts_dir}/bcast_relay.py"> + <node name="broadcast-relay" owner="${vyos_conf_scripts_dir}/service_broadcast-relay.py"> <properties> <help>UDP broadcast relay service</help> <priority>990</priority> diff --git a/interface-definitions/service-config-sync.xml.in b/interface-definitions/service_config-sync.xml.in index e804e17f7..9955acfee 100644 --- a/interface-definitions/service-config-sync.xml.in +++ b/interface-definitions/service_config-sync.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="config-sync" owner="${vyos_conf_scripts_dir}/service_config_sync.py"> + <node name="config-sync" owner="${vyos_conf_scripts_dir}/service_config-sync.py"> <properties> <help>Configuration synchronization</help> </properties> diff --git a/interface-definitions/service-conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in index 50a4bf62f..46dc8adc0 100644 --- a/interface-definitions/service-conntrack-sync.xml.in +++ b/interface-definitions/service_conntrack-sync.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py"> + <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/service_conntrack-sync.py"> <properties> <help>Connection tracking synchronization</help> <!-- before VRRP / HA --> diff --git a/interface-definitions/service-console-server.xml.in b/interface-definitions/service_console-server.xml.in index fc6dbe954..fc6dbe954 100644 --- a/interface-definitions/service-console-server.xml.in +++ b/interface-definitions/service_console-server.xml.in diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/service_dhcp-relay.xml.in index 42715c9bb..9fdd9581d 100644 --- a/interface-definitions/dhcp-relay.xml.in +++ b/interface-definitions/service_dhcp-relay.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="dhcp-relay" owner="${vyos_conf_scripts_dir}/dhcp_relay.py"> + <node name="dhcp-relay" owner="${vyos_conf_scripts_dir}/service_dhcp-relay.py"> <properties> <help>Host Configuration Protocol (DHCP) relay agent</help> <priority>910</priority> diff --git a/interface-definitions/service_dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in new file mode 100644 index 000000000..5c9d4a360 --- /dev/null +++ b/interface-definitions/service_dhcp-server.xml.in @@ -0,0 +1,223 @@ +<?xml version="1.0"?> +<!-- DHCP server configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dhcp-server" owner="${vyos_conf_scripts_dir}/service_dhcp-server.py"> + <properties> + <help>Dynamic Host Configuration Protocol (DHCP) for DHCP server</help> + <priority>911</priority> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="dynamic-dns-update"> + <properties> + <help>Dynamically update Domain Name System (RFC4702)</help> + <valueless/> + </properties> + </leafNode> + <node name="failover"> + <properties> + <help>DHCP failover configuration</help> + </properties> + <children> + #include <include/source-address-ipv4.xml.i> + <leafNode name="remote"> + <properties> + <help>IPv4 remote address used for connectio</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of failover peer</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="name"> + <properties> + <help>Peer name used to identify connection</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Invalid failover peer name. May only contain letters, numbers and .-_</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="status"> + <properties> + <help>Failover hierarchy</help> + <completionHelp> + <list>primary secondary</list> + </completionHelp> + <valueHelp> + <format>primary</format> + <description>Configure this server to be the primary node</description> + </valueHelp> + <valueHelp> + <format>secondary</format> + <description>Configure this server to be the secondary node</description> + </valueHelp> + <constraint> + <regex>(primary|secondary)</regex> + </constraint> + <constraintErrorMessage>Invalid DHCP failover peer status</constraintErrorMessage> + </properties> + </leafNode> + #include <include/pki/ca-certificate.xml.i> + #include <include/pki/certificate.xml.i> + </children> + </node> + <leafNode name="hostfile-update"> + <properties> + <help>Updating /etc/hosts file (per client lease)</help> + <valueless/> + </properties> + </leafNode> + #include <include/listen-address-ipv4.xml.i> + #include <include/listen-interface-multi-broadcast.xml.i> + <tagNode name="shared-network-name"> + <properties> + <help>Name of DHCP shared network</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Invalid shared network name. May only contain letters, numbers and .-_</constraintErrorMessage> + </properties> + <children> + <leafNode name="authoritative"> + <properties> + <help>Option to make DHCP server authoritative for this physical network</help> + <valueless/> + </properties> + </leafNode> + #include <include/dhcp/option-v4.xml.i> + #include <include/generic-description.xml.i> + #include <include/generic-disable-node.xml.i> + <tagNode name="subnet"> + <properties> + <help>DHCP subnet for shared network</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <constraintErrorMessage>Invalid IPv4 subnet definition</constraintErrorMessage> + </properties> + <children> + #include <include/dhcp/option-v4.xml.i> + #include <include/generic-description.xml.i> + #include <include/generic-disable-node.xml.i> + <leafNode name="exclude"> + <properties> + <help>IP address to exclude from DHCP lease range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to exclude from lease range</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="lease"> + <properties> + <help>Lease timeout in seconds</help> + <valueHelp> + <format>u32</format> + <description>DHCP lease time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + <constraintErrorMessage>DHCP lease time must be between 0 and 4294967295 (49 days)</constraintErrorMessage> + </properties> + <defaultValue>86400</defaultValue> + </leafNode> + <tagNode name="range"> + <properties> + <help>DHCP lease range</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Invalid range name, may only be alphanumeric, dot and hyphen</constraintErrorMessage> + </properties> + <children> + #include <include/dhcp/option-v4.xml.i> + <leafNode name="start"> + <properties> + <help>First IP address for DHCP lease range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 start address of pool</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Last IP address for DHCP lease range</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 end address of pool</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="static-mapping"> + <properties> + <help>Hostname for static mapping reservation</help> + <constraint> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid static mapping hostname</constraintErrorMessage> + </properties> + <children> + #include <include/dhcp/option-v4.xml.i> + #include <include/generic-description.xml.i> + #include <include/generic-disable-node.xml.i> + <leafNode name="ip-address"> + <properties> + <help>Fixed IP address of static mapping</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address used in static mapping</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + #include <include/interface/mac.xml.i> + #include <include/interface/duid.xml.i> + </children> + </tagNode> + <leafNode name="subnet-id"> + <properties> + <help>Unique ID mapped to leases in the lease file</help> + <valueHelp> + <format>u32</format> + <description>Unique subnet ID</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/dhcpv6-relay.xml.in b/interface-definitions/service_dhcpv6-relay.xml.in index a80317609..40679d1c2 100644 --- a/interface-definitions/dhcpv6-relay.xml.in +++ b/interface-definitions/service_dhcpv6-relay.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="dhcpv6-relay" owner="${vyos_conf_scripts_dir}/dhcpv6_relay.py"> + <node name="dhcpv6-relay" owner="${vyos_conf_scripts_dir}/service_dhcpv6-relay.py"> <properties> <help>DHCPv6 Relay Agent parameters</help> <priority>900</priority> diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/service_dhcpv6-server.xml.in index 9dff68a24..28b97a64b 100644 --- a/interface-definitions/dhcpv6-server.xml.in +++ b/interface-definitions/service_dhcpv6-server.xml.in @@ -2,13 +2,20 @@ <interfaceDefinition> <node name="service"> <children> - <node name="dhcpv6-server" owner="${vyos_conf_scripts_dir}/dhcpv6_server.py"> + <node name="dhcpv6-server" owner="${vyos_conf_scripts_dir}/service_dhcpv6-server.py"> <properties> <help>DHCP for IPv6 (DHCPv6) server</help> <priority>900</priority> </properties> <children> #include <include/generic-disable-node.xml.i> + #include <include/listen-interface-multi-broadcast.xml.i> + <leafNode name="disable-route-autoinstall"> + <properties> + <help>Do not install routes for delegated prefixes</help> + <valueless/> + </properties> + </leafNode> <node name="global-parameters"> <properties> <help>Additional global parameters for DHCPv6 server</help> @@ -34,13 +41,28 @@ <properties> <help>DHCPv6 shared network name</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> </constraint> <constraintErrorMessage>Invalid DHCPv6 shared network name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> <children> #include <include/generic-disable-node.xml.i> #include <include/generic-description.xml.i> + <leafNode name="interface"> + <properties> + <help>Optional interface for this shared network to accept requests from</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + </leafNode> <node name="common-options"> <properties> <help>Common options to distribute to all clients, including stateless clients</help> @@ -74,12 +96,18 @@ </constraint> </properties> <children> - <node name="address-range"> + #include <include/dhcp/option-v6.xml.i> + <tagNode name="range"> <properties> <help>Parameters setting ranges for assigning IPv6 addresses</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Invalid range name, may only be alphanumeric, dot and hyphen</constraintErrorMessage> </properties> <children> - <tagNode name="prefix"> + #include <include/dhcp/option-v6.xml.i> + <leafNode name="prefix"> <properties> <help>IPv6 prefix defining range of addresses to assign</help> <valueHelp> @@ -90,16 +118,8 @@ <validator name="ipv6-prefix"/> </constraint> </properties> - <children> - <leafNode name="temporary"> - <properties> - <help>Address range will be used for temporary addresses</help> - <valueless/> - </properties> - </leafNode> - </children> - </tagNode> - <tagNode name="start"> + </leafNode> + <leafNode name="start"> <properties> <help>First in range of consecutive IPv6 addresses to assign</help> <valueHelp> @@ -110,24 +130,21 @@ <validator name="ipv6-address"/> </constraint> </properties> - <children> - <leafNode name="stop"> - <properties> - <help>Last in range of consecutive IPv6 addresses</help> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address</description> - </valueHelp> - <constraint> - <validator name="ipv6-address"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> + </leafNode> + <leafNode name="stop"> + <properties> + <help>Last in range of consecutive IPv6 addresses</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> </children> - </node> - #include <include/dhcp/domain-search.xml.i> + </tagNode> <node name="lease-time"> <properties> <help>Parameters relating to the lease time</help> @@ -171,62 +188,17 @@ </leafNode> </children> </node> - #include <include/name-server-ipv6.xml.i> - <leafNode name="nis-domain"> - <properties> - <help>NIS domain name for client to use</help> - <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> - </constraint> - <constraintErrorMessage>Invalid NIS domain name</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="nis-server"> - <properties> - <help>IPv6 address of a NIS Server</help> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address of NIS server</description> - </valueHelp> - <constraint> - <validator name="ipv6-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="nisplus-domain"> - <properties> - <help>NIS+ domain name for client to use</help> - <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> - </constraint> - <constraintErrorMessage>Invalid NIS+ domain name. May only contain letters, numbers and .-_</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="nisplus-server"> - <properties> - <help>IPv6 address of a NIS+ Server</help> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address of NIS+ server</description> - </valueHelp> - <constraint> - <validator name="ipv6-address"/> - </constraint> - <multi/> - </properties> - </leafNode> <node name="prefix-delegation"> <properties> <help>Parameters relating to IPv6 prefix delegation</help> </properties> <children> - <tagNode name="start"> + <tagNode name="prefix"> <properties> - <help>First in range of IPv6 addresses to be used in prefix delegation</help> + <help>IPv6 prefix to be used in prefix delegation</help> <valueHelp> <format>ipv6</format> - <description>IPv6 address used in prefix delegation</description> + <description>IPv6 prefix used in prefix delegation</description> </valueHelp> <constraint> <validator name="ipv6-address"/> @@ -235,83 +207,72 @@ <children> <leafNode name="prefix-length"> <properties> - <help>Length in bits of prefixes to be delegated</help> + <help>Length in bits of prefix</help> <valueHelp> <format>u32:32-64</format> - <description>Delagated prefix length (32-64)</description> + <description>Prefix length (32-64)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 32-64"/> </constraint> - <constraintErrorMessage>Delegated prefix length must be between 32 and 64</constraintErrorMessage> + <constraintErrorMessage>Prefix length must be between 32 and 64</constraintErrorMessage> </properties> </leafNode> - <leafNode name="stop"> + <leafNode name="delegated-length"> <properties> - <help>Last in range of IPv6 addresses to be used in prefix delegation</help> + <help>Length in bits of prefixes to be delegated</help> + <valueHelp> + <format>u32:32-64</format> + <description>Delegated prefix length (32-64)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 32-96"/> + </constraint> + <constraintErrorMessage>Delegated prefix length must be between 32 and 96</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="excluded-prefix"> + <properties> + <help>IPv6 prefix to be excluded from prefix delegation</help> <valueHelp> <format>ipv6</format> - <description>IPv6 address used in prefix delegation</description> + <description>IPv6 prefix excluded from prefix delegation</description> </valueHelp> <constraint> <validator name="ipv6-address"/> </constraint> </properties> </leafNode> + <leafNode name="excluded-prefix-length"> + <properties> + <help>Length in bits of excluded prefix</help> + <valueHelp> + <format>u32:33-64</format> + <description>Excluded prefix length (33-128)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 33-128"/> + </constraint> + <constraintErrorMessage>Prefix length must be between 33 and 128</constraintErrorMessage> + </properties> + </leafNode> </children> </tagNode> </children> </node> - <leafNode name="sip-server"> - <properties> - <help>IPv6 address of SIP server</help> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address of SIP server</description> - </valueHelp> - <valueHelp> - <format>hostname</format> - <description>FQDN of SIP server</description> - </valueHelp> - <constraint> - <validator name="ipv6-address"/> - <validator name="fqdn"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="sntp-server"> - <properties> - <help>IPv6 address of an SNTP server for client to use</help> - <constraint> - <validator name="ipv6-address"/> - </constraint> - <multi/> - </properties> - </leafNode> <tagNode name="static-mapping"> <properties> - <help>Name of static mapping</help> + <help>Hostname for static mapping reservation</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + <validator name="fqdn"/> </constraint> - <constraintErrorMessage>Invalid static mapping name. May only contain letters, numbers and .-_</constraintErrorMessage> + <constraintErrorMessage>Invalid static mapping hostname</constraintErrorMessage> </properties> <children> + #include <include/dhcp/option-v6.xml.i> #include <include/generic-disable-node.xml.i> - <leafNode name="identifier"> - <properties> - <help>Client identifier (DUID) for this static mapping</help> - <valueHelp> - <format>h[[:h]...]</format> - <description>DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id)</description> - </valueHelp> - <constraint> - <regex>([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2})</regex> - </constraint> - <constraintErrorMessage>Invalid DUID, must be in the format h[[:h]...]</constraintErrorMessage> - </properties> - </leafNode> + #include <include/interface/mac.xml.i> + #include <include/interface/duid.xml.i> <leafNode name="ipv6-address"> <properties> <help>Client IPv6 address for this static mapping</help> @@ -338,33 +299,18 @@ </leafNode> </children> </tagNode> - <node name="vendor-option"> + <leafNode name="subnet-id"> <properties> - <help>Vendor Specific Options</help> + <help>Unique ID mapped to leases in the lease file</help> + <valueHelp> + <format>u32</format> + <description>Unique subnet ID</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> </properties> - <children> - <node name="cisco"> - <properties> - <help>Cisco specific parameters</help> - </properties> - <children> - <leafNode name="tftp-server"> - <properties> - <help>TFTP server name</help> - <valueHelp> - <format>ipv6</format> - <description>TFTP server IPv6 address</description> - </valueHelp> - <constraint> - <validator name="ipv6-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </node> - </children> - </node> + </leafNode> </children> </tagNode> </children> diff --git a/interface-definitions/service_dns_dynamic.xml.in b/interface-definitions/service_dns_dynamic.xml.in new file mode 100644 index 000000000..75e5520b7 --- /dev/null +++ b/interface-definitions/service_dns_dynamic.xml.in @@ -0,0 +1,200 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dns"> + <properties> + <help>Domain Name System (DNS) related services</help> + </properties> + <children> + <node name="dynamic" owner="${vyos_conf_scripts_dir}/service_dns_dynamic.py"> + <properties> + <help>Dynamic DNS</help> + <priority>990</priority> + </properties> + <children> + <tagNode name="name"> + <properties> + <help>Dynamic DNS configuration</help> + <valueHelp> + <format>txt</format> + <description>Dynamic DNS service name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Dynamic DNS service name must be alphanumeric and can contain hyphens and underscores</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + <leafNode name="protocol"> + <properties> + <help>ddclient protocol used for Dynamic DNS service</help> + <completionHelp> + <script>${vyos_completion_dir}/list_ddclient_protocols.sh</script> + </completionHelp> + <constraint> + <validator name="ddclient-protocol"/> + </constraint> + </properties> + </leafNode> + <node name="address"> + <properties> + <help>Obtain IP address to send Dynamic DNS update for</help> + </properties> + <children> + #include <include/generic-interface.xml.i> + <node name="web"> + <properties> + <help>HTTP(S) web request to use</help> + </properties> + <children> + #include <include/url-http-https.xml.i> + <leafNode name="skip"> + <properties> + <help>Pattern to skip from the HTTP(S) respose</help> + <valueHelp> + <format>txt</format> + <description>Pattern to skip from the HTTP(S) respose to extract the external IP address</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="ip-version"> + <properties> + <help>IP address version to use</help> + <valueHelp> + <format>_ipv4</format> + <description>Use only IPv4 address</description> + </valueHelp> + <valueHelp> + <format>_ipv6</format> + <description>Use only IPv6 address</description> + </valueHelp> + <valueHelp> + <format>both</format> + <description>Use both IPv4 and IPv6 address</description> + </valueHelp> + <completionHelp> + <list>ipv4 ipv6 both</list> + </completionHelp> + <constraint> + <regex>(ipv[46]|both)</regex> + </constraint> + <constraintErrorMessage>IP Version must be literal 'ipv4', 'ipv6' or 'both'</constraintErrorMessage> + </properties> + <defaultValue>ipv4</defaultValue> + </leafNode> + <leafNode name="host-name"> + <properties> + <help>Hostname to register with Dynamic DNS service</help> + <constraint> + #include <include/constraint/host-name.xml.i> + <regex>(\@|\*)[-.A-Za-z0-9]*</regex> + </constraint> + <constraintErrorMessage>Host-name must be alphanumeric, can contain hyphens and can be prefixed with '@' or '*'</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="server"> + <properties> + <help>Remote Dynamic DNS server to send updates to</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of the remote server</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of the remote server</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Fully qualified domain name of the remote server</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Remote server must be IP address or fully qualified domain name</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="zone"> + <properties> + <help>DNS zone to be updated</help> + <valueHelp> + <format>txt</format> + <description>Name of DNS zone</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + #include <include/generic-username.xml.i> + #include <include/generic-password.xml.i> + <leafNode name="key"> + <properties> + <help>File containing TSIG authentication key for RFC2136 nsupdate on remote DNS server</help> + <valueHelp> + <format>filename</format> + <description>File in /config/auth directory</description> + </valueHelp> + <constraint> + <validator name="file-path" argument="--strict --parent-dir /config/auth"/> + </constraint> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="wait-time"> + <properties> + <help>Time in seconds to wait between update attempts</help> + <valueHelp> + <format>u32:60-86400</format> + <description>Time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 60-86400"/> + </constraint> + <constraintErrorMessage>Wait time must be between 60 and 86400 seconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="expiry-time"> + <properties> + <help>Time in seconds for the hostname to be marked expired in cache</help> + <valueHelp> + <format>u32:300-2160000</format> + <description>Time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 300-2160000"/> + </constraint> + <constraintErrorMessage>Expiry time must be between 300 and 2160000 seconds</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="interval"> + <properties> + <help>Interval in seconds to wait between Dynamic DNS updates</help> + <valueHelp> + <format>u32:60-3600</format> + <description>Time in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 60-3600"/> + </constraint> + <constraintErrorMessage>Interval must be between 60 and 3600 seconds</constraintErrorMessage> + </properties> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/interface/vrf.xml.i> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/service_dns_forwarding.xml.in index c4295317a..a54618e82 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/service_dns_forwarding.xml.in @@ -8,7 +8,7 @@ <help>Domain Name System (DNS) related services</help> </properties> <children> - <node name="forwarding" owner="${vyos_conf_scripts_dir}/dns_forwarding.py"> + <node name="forwarding" owner="${vyos_conf_scripts_dir}/service_dns_forwarding.py"> <properties> <help>DNS forwarding</help> <priority>918</priority> @@ -670,6 +670,19 @@ </properties> <defaultValue>3600</defaultValue> </leafNode> + <leafNode name="serve-stale-extension"> + <properties> + <help>Number of times the expired TTL of a record is extended by 30 seconds when serving stale</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Number of times to extend the TTL</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> <leafNode name="timeout"> <properties> <help>Number of milliseconds to wait for a remote authoritative server to respond</help> @@ -684,33 +697,101 @@ <defaultValue>1500</defaultValue> </leafNode> #include <include/name-server-ipv4-ipv6-port.xml.i> + #include <include/source-address-ipv4-ipv6-multi.xml.i> <leafNode name="source-address"> + <defaultValue>0.0.0.0 ::</defaultValue> + </leafNode> + <leafNode name="system"> <properties> - <help>Local addresses from which to send DNS queries</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - </completionHelp> + <help>Use system name servers</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="exclude-throttle-address"> + <properties> + <help>IP address or subnet</help> <valueHelp> <format>ipv4</format> - <description>IPv4 address from which to send traffic</description> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> </valueHelp> <valueHelp> <format>ipv6</format> - <description>IPv6 address from which to send traffic</description> + <description>IPv6 address</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address</description> </valueHelp> <multi/> <constraint> - <validator name="ip-address"/> + <validator name="ipv4-address"/> + <validator name="ipv4-prefix"/> + <validator name="ipv6-address"/> + <validator name="ipv6-prefix"/> </constraint> </properties> - <defaultValue>0.0.0.0 ::</defaultValue> </leafNode> - <leafNode name="system"> + <node name="options"> <properties> - <help>Use system name servers</help> - <valueless/> + <help>DNS server options</help> </properties> - </leafNode> + <children> + <leafNode name="ecs-add-for"> + <properties> + <help>Client netmask for which EDNS Client Subnet will be added</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <valueHelp> + <format>!ipv4net</format> + <description>Match everything except the specified IPv4 prefix</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix to match</description> + </valueHelp> + <valueHelp> + <format>!ipv6net</format> + <description>Match everything except the specified IPv6 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv4-prefix-exclude"/> + <validator name="ipv6-prefix"/> + <validator name="ipv6-prefix-exclude"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="ecs-ipv4-bits"> + <properties> + <help>Number of bits of IPv4 address to pass for EDNS Client Subnet</help> + <valueHelp> + <format>u32:0-32</format> + <description>Number of bits of IPv4 address</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-32"/> + </constraint> + </properties> + </leafNode> + <leafNode name="edns-subnet-allow-list"> + <properties> + <help>Netmask or domain that we should enable EDNS subnet for</help> + <valueHelp> + <format>txt</format> + <description>Netmask or domain</description> + </valueHelp> + <multi/> + </properties> + </leafNode> + </children> + </node> </children> </node> </children> diff --git a/interface-definitions/service-event-handler.xml.in b/interface-definitions/service_event-handler.xml.in index aef6bc1bc..2cee4f595 100644 --- a/interface-definitions/service-event-handler.xml.in +++ b/interface-definitions/service_event-handler.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="event-handler" owner="${vyos_conf_scripts_dir}/service_event_handler.py"> + <node name="event-handler" owner="${vyos_conf_scripts_dir}/service_event-handler.py"> <properties> <help>Service event handler</help> </properties> diff --git a/interface-definitions/https.xml.in b/interface-definitions/service_https.xml.in index 5430193b5..b60c7ff2e 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/service_https.xml.in @@ -2,73 +2,17 @@ <interfaceDefinition> <node name="service"> <children> - <node name="https" owner="${vyos_conf_scripts_dir}/https.py"> + <node name="https" owner="${vyos_conf_scripts_dir}/service_https.py"> <properties> <help>HTTPS configuration</help> <priority>1001</priority> </properties> <children> - <tagNode name="virtual-host"> - <properties> - <help>Identifier for virtual host</help> - <constraint> - <regex>[a-zA-Z0-9-_.:]{1,255}</regex> - </constraint> - <constraintErrorMessage>illegal characters in identifier or identifier longer than 255 characters</constraintErrorMessage> - </properties> - <children> - <leafNode name="listen-address"> - <properties> - <help>Address to listen for HTTPS requests</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - </completionHelp> - <valueHelp> - <format>ipv4</format> - <description>HTTPS IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>HTTPS IPv6 address</description> - </valueHelp> - <valueHelp> - <format>'*'</format> - <description>any</description> - </valueHelp> - <constraint> - <validator name="ip-address"/> - <regex>\*</regex> - </constraint> - </properties> - </leafNode> - <leafNode name='listen-port'> - <properties> - <help>Port to listen for HTTPS requests; default 443</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Numeric IP port</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="server-name"> - <properties> - <help>Server names: exact, wildcard, or regex</help> - <multi/> - </properties> - </leafNode> - #include <include/allow-client.xml.i> - </children> - </tagNode> - <node name="api" owner="${vyos_conf_scripts_dir}/http-api.py"> + <node name="api"> <properties> <help>VyOS HTTP API configuration</help> - <priority>1002</priority> </properties> <children> - #include <include/port-number.xml.i> <node name="keys"> <properties> <help>HTTP API keys</help> @@ -101,12 +45,6 @@ <hidden/> </properties> </leafNode> - <leafNode name="socket"> - <properties> - <help>Run server on Unix domain socket</help> - <valueless/> - </properties> - </leafNode> <node name="graphql"> <properties> <help>GraphQL support</help> @@ -188,19 +126,18 @@ </node> </children> </node> - <node name="api-restrict"> + #include <include/allow-client.xml.i> + <leafNode name="enable-http-redirect"> <properties> - <help>Restrict api proxy to subset of virtual hosts</help> + <help>Enable HTTP to HTTPS redirect</help> + <valueless/> </properties> - <children> - <leafNode name="virtual-host"> - <properties> - <help>Restrict proxy to virtual host(s)</help> - <multi/> - </properties> - </leafNode> - </children> - </node> + </leafNode> + #include <include/listen-address.xml.i> + #include <include/port-number.xml.i> + <leafNode name='port'> + <defaultValue>443</defaultValue> + </leafNode> <node name="certificates"> <properties> <help>TLS certificates</help> @@ -208,26 +145,30 @@ <children> #include <include/pki/ca-certificate.xml.i> #include <include/pki/certificate.xml.i> - <node name="certbot" owner="${vyos_conf_scripts_dir}/le_cert.py"> - <properties> - <help>Request or apply a letsencrypt certificate for domain-name</help> - </properties> - <children> - <leafNode name="domain-name"> - <properties> - <help>Domain name(s) for which to obtain certificate</help> - <multi/> - </properties> - </leafNode> - <leafNode name="email"> - <properties> - <help>Email address to associate with certificate</help> - </properties> - </leafNode> - </children> - </node> + #include <include/pki/dh-params.xml.i> </children> </node> + <leafNode name="tls-version"> + <properties> + <help>Specify available TLS version(s)</help> + <completionHelp> + <list>1.2 1.3</list> + </completionHelp> + <valueHelp> + <format>1.2</format> + <description>TLSv1.2</description> + </valueHelp> + <valueHelp> + <format>1.3</format> + <description>TLSv1.3</description> + </valueHelp> + <constraint> + <regex>(1.2|1.3)</regex> + </constraint> + <multi/> + </properties> + <defaultValue>1.2 1.3</defaultValue> + </leafNode> #include <include/interface/vrf.xml.i> </children> </node> diff --git a/interface-definitions/service-ids-ddos-protection.xml.in b/interface-definitions/service_ids_ddos-protection.xml.in index 78463136b..3ef2640b3 100644 --- a/interface-definitions/service-ids-ddos-protection.xml.in +++ b/interface-definitions/service_ids_ddos-protection.xml.in @@ -7,7 +7,7 @@ <help>Intrusion Detection System</help> </properties> <children> - <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_fastnetmon.py"> + <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_ddos-protection.py"> <properties> <help>FastNetMon detection and protection parameters</help> <priority>731</priority> diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in index b6e6503d3..eeec2aeef 100644 --- a/interface-definitions/service-ipoe-server.xml.in +++ b/interface-definitions/service_ipoe-server.xml.in @@ -102,15 +102,10 @@ #include <include/accel-ppp/vlan.xml.i> </children> </tagNode> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> - <node name="client-ip-pool"> - <properties> - <help>Client IP pools and gateway setting</help> - </properties> - <children> - #include <include/accel-ppp/client-ip-pool-name.xml.i> - </children> - </node> + #include <include/accel-ppp/client-ip-pool.xml.i> + #include <include/accel-ppp/gateway-address-multi.xml.i> #include <include/accel-ppp/client-ipv6-pool.xml.i> <node name="authentication"> <properties> @@ -187,6 +182,8 @@ #include <include/accel-ppp/radius-additions.xml.i> </children> </node> + #include <include/accel-ppp/default-pool.xml.i> + #include <include/accel-ppp/default-ipv6-pool.xml.i> </children> </node> </children> diff --git a/interface-definitions/lldp.xml.in b/interface-definitions/service_lldp.xml.in index 738bb11c1..1a06e0cb3 100644 --- a/interface-definitions/lldp.xml.in +++ b/interface-definitions/service_lldp.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="lldp" owner="${vyos_conf_scripts_dir}/lldp.py"> + <node name="lldp" owner="${vyos_conf_scripts_dir}/service_lldp.py"> <properties> <help>LLDP settings</help> <priority>985</priority> @@ -175,19 +175,12 @@ <multi/> </properties> </leafNode> - <node name="snmp"> + <leafNode name="snmp"> <properties> - <help>SNMP parameters for LLDP</help> + <help>Enable SNMP queries of the LLDP database</help> + <valueless/> </properties> - <children> - <leafNode name="enable"> - <properties> - <help>Enable SNMP queries of the LLDP database</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> + </leafNode> </children> </node> </children> diff --git a/interface-definitions/service-mdns-repeater.xml.in b/interface-definitions/service_mdns_repeater.xml.in index 67870946c..5d6f61d74 100644 --- a/interface-definitions/service-mdns-repeater.xml.in +++ b/interface-definitions/service_mdns_repeater.xml.in @@ -7,7 +7,7 @@ <help>Multicast DNS (mDNS) parameters</help> </properties> <children> - <node name="repeater" owner="${vyos_conf_scripts_dir}/service_mdns-repeater.py"> + <node name="repeater" owner="${vyos_conf_scripts_dir}/service_mdns_repeater.py"> <properties> <help>mDNS repeater configuration</help> <priority>990</priority> diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in index ae0bae900..4d694114a 100644 --- a/interface-definitions/service-monitoring-telegraf.xml.in +++ b/interface-definitions/service_monitoring_telegraf.xml.in @@ -53,7 +53,7 @@ </properties> <defaultValue>main</defaultValue> </leafNode> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> #include <include/port-number.xml.i> <leafNode name="port"> <defaultValue>8086</defaultValue> @@ -145,7 +145,7 @@ <constraintErrorMessage>Table is limited to alphanumerical characters and can contain hyphen and underscores</constraintErrorMessage> </properties> </leafNode> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> </children> </node> <leafNode name="source"> @@ -271,7 +271,7 @@ </leafNode> </children> </node> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> </children> </node> #include <include/interface/vrf.xml.i> diff --git a/interface-definitions/service-monitoring-zabbix-agent.xml.in b/interface-definitions/service_monitoring_zabbix-agent.xml.in index 40f2df642..40f2df642 100644 --- a/interface-definitions/service-monitoring-zabbix-agent.xml.in +++ b/interface-definitions/service_monitoring_zabbix-agent.xml.in diff --git a/interface-definitions/service_ndp-proxy.xml.in b/interface-definitions/service_ndp-proxy.xml.in new file mode 100644 index 000000000..aabba3f4e --- /dev/null +++ b/interface-definitions/service_ndp-proxy.xml.in @@ -0,0 +1,133 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="ndp-proxy" owner="${vyos_conf_scripts_dir}/service_ndp-proxy.py"> + <properties> + <help>Neighbor Discovery Protocol (NDP) Proxy</help> + <priority>600</priority> + </properties> + <children> + <leafNode name="route-refresh"> + <properties> + <help>Refresh interval for IPv6 routes</help> + <valueHelp> + <format>u32:10000-120000</format> + <description>Time in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10000-120000"/> + </constraint> + <constraintErrorMessage>Route-refresh must be between 10000 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>30000</defaultValue> + </leafNode> + <tagNode name="interface"> + <properties> + <help>NDP proxy listener interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="enable-router-bit"> + <properties> + <help>Enable router bit in Neighbor Advertisement messages</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="timeout"> + <properties> + <help>Timeout for Neighbor Advertisement after Neighbor Solicitation message</help> + <valueHelp> + <format>u32:500-120000</format> + <description>Timeout in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 500-120000"/> + </constraint> + <constraintErrorMessage>Timeout must be between 500 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>500</defaultValue> + </leafNode> + <leafNode name="ttl"> + <properties> + <help>Proxy entry cache Time-To-Live</help> + <valueHelp> + <format>u32:10000-120000</format> + <description>Time in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10000-120000"/> + </constraint> + <constraintErrorMessage>TTL must be between 10000 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>30000</defaultValue> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>Prefix target addresses are matched against</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 network prefix</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="mode"> + <properties> + <help>Specify the running mode of the rule</help> + <completionHelp> + <list>static auto interface</list> + </completionHelp> + <valueHelp> + <format>static</format> + <description>Immediately answer any Neighbor Solicitation Messages</description> + </valueHelp> + <valueHelp> + <format>auto</format> + <description>Check for a matching route in /proc/net/ipv6_route</description> + </valueHelp> + <valueHelp> + <format>interface</format> + <description>Forward Neighbor Solicitation message through specified interface</description> + </valueHelp> + <constraint> + <regex>(static|auto|interface)</regex> + </constraint> + <constraintErrorMessage>Mode must be either one of: static, auto or interface</constraintErrorMessage> + </properties> + <defaultValue>static</defaultValue> + </leafNode> + <leafNode name="interface"> + <properties> + <help>Interface to forward Neighbor Solicitation message through. Required for "iface" mode</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/service_ntp.xml.in index 4e874434b..c057b62b5 100644 --- a/interface-definitions/ntp.xml.in +++ b/interface-definitions/service_ntp.xml.in @@ -3,12 +3,44 @@ <interfaceDefinition> <node name="service"> <children> - <node name="ntp" owner="${vyos_conf_scripts_dir}/ntp.py"> + <node name="ntp" owner="${vyos_conf_scripts_dir}/service_ntp.py"> <properties> <help>Network Time Protocol (NTP) configuration</help> <priority>900</priority> </properties> <children> + #include <include/allow-client.xml.i> + #include <include/generic-interface.xml.i> + #include <include/listen-address.xml.i> + #include <include/interface/vrf.xml.i> + <leafNode name="leap-second"> + <properties> + <help>Leap second behavior</help> + <completionHelp> + <list>ignore smear system timezone</list> + </completionHelp> + <valueHelp> + <format>ignore</format> + <description>No correction is applied to the clock for the leap second</description> + </valueHelp> + <valueHelp> + <format>smear</format> + <description>Correct served time slowly be slewing instead of stepping</description> + </valueHelp> + <valueHelp> + <format>system</format> + <description>Kernel steps the system clock forward or backward</description> + </valueHelp> + <valueHelp> + <format>timezone</format> + <description>Use UTC timezone database to determine when will the next leap second occur</description> + </valueHelp> + <constraint> + <regex>(ignore|smear|system|timezone)</regex> + </constraint> + </properties> + <defaultValue>timezone</defaultValue> + </leafNode> <tagNode name="server"> <properties> <help>Network Time Protocol (NTP) server</help> @@ -56,10 +88,6 @@ </leafNode> </children> </tagNode> - #include <include/allow-client.xml.i> - #include <include/generic-interface.xml.i> - #include <include/listen-address.xml.i> - #include <include/interface/vrf.xml.i> </children> </node> </children> diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 022ac2885..477ed115f 100644 --- a/interface-definitions/service-pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -49,16 +49,7 @@ </node> </children> </node> - <node name="client-ip-pool"> - <properties> - <help>Pool of client IP addresses (must be within a /24)</help> - </properties> - <children> - #include <include/accel-ppp/client-ip-pool-start-stop.xml.i> - #include <include/accel-ppp/client-ip-pool-subnet.xml.i> - #include <include/accel-ppp/client-ip-pool-name.xml.i> - </children> - </node> + #include <include/accel-ppp/client-ip-pool.xml.i> #include <include/accel-ppp/client-ipv6-pool.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> <tagNode name="interface"> @@ -73,6 +64,7 @@ </children> </tagNode> #include <include/accel-ppp/gateway-address.xml.i> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> <node name="limits"> <properties> @@ -111,68 +103,12 @@ </properties> </leafNode> #include <include/accel-ppp/wins-server.xml.i> + #include <include/accel-ppp/ppp-options.xml.i> <node name="ppp-options"> - <properties> - <help>Advanced protocol options</help> - </properties> <children> <leafNode name="min-mtu"> - <properties> - <help>Minimum acceptable MTU (68-65535)</help> - <constraint> - <validator name="numeric" argument="--range 68-65535"/> - </constraint> - </properties> <defaultValue>1280</defaultValue> </leafNode> - <leafNode name="mru"> - <properties> - <help>Preferred MRU (68-65535)</help> - <constraint> - <validator name="numeric" argument="--range 68-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="ccp"> - <properties> - <help>CCP negotiation (default disabled)</help> - <valueless /> - </properties> - </leafNode> - #include <include/accel-ppp/ppp-mppe.xml.i> - #include <include/accel-ppp/lcp-echo-interval-failure.xml.i> - #include <include/accel-ppp/lcp-echo-timeout.xml.i> - #include <include/accel-ppp/ppp-interface-cache.xml.i> - <leafNode name="ipv4"> - <properties> - <help>IPv4 (IPCP) negotiation algorithm</help> - <constraint> - <regex>(deny|allow|prefer|require)</regex> - </constraint> - <constraintErrorMessage>invalid value</constraintErrorMessage> - <valueHelp> - <format>deny</format> - <description>Do not negotiate IPv4</description> - </valueHelp> - <valueHelp> - <format>allow</format> - <description>Negotiate IPv4 only if client requests</description> - </valueHelp> - <valueHelp> - <format>prefer</format> - <description>Ask client for IPv4 negotiation, do not fail if it rejects</description> - </valueHelp> - <valueHelp> - <format>require</format> - <description>Require IPv4 negotiation</description> - </valueHelp> - <completionHelp> - <list>deny allow prefer require</list> - </completionHelp> - </properties> - </leafNode> - #include <include/accel-ppp/ppp-options-ipv6.xml.i> - #include <include/accel-ppp/ppp-options-ipv6-interface-id.xml.i> </children> </node> <tagNode name="pado-delay"> @@ -281,6 +217,8 @@ </leafNode> </children> </node> + #include <include/accel-ppp/default-pool.xml.i> + #include <include/accel-ppp/default-ipv6-pool.xml.i> </children> </node> </children> diff --git a/interface-definitions/service-router-advert.xml.in b/interface-definitions/service_router-advert.xml.in index 16c29022d..16c29022d 100644 --- a/interface-definitions/service-router-advert.xml.in +++ b/interface-definitions/service_router-advert.xml.in diff --git a/interface-definitions/salt-minion.xml.in b/interface-definitions/service_salt-minion.xml.in index c3219cff3..eaa2899f4 100644 --- a/interface-definitions/salt-minion.xml.in +++ b/interface-definitions/service_salt-minion.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="salt-minion" owner="${vyos_conf_scripts_dir}/salt-minion.py"> + <node name="salt-minion" owner="${vyos_conf_scripts_dir}/service_salt-minion.py"> <properties> <help>Salt Minion</help> <priority>500</priority> diff --git a/interface-definitions/service-sla.xml.in b/interface-definitions/service_sla.xml.in index 0c4f8a591..0c4f8a591 100644 --- a/interface-definitions/service-sla.xml.in +++ b/interface-definitions/service_sla.xml.in diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/service_snmp.xml.in index 0851b8389..e16e9daa1 100644 --- a/interface-definitions/snmp.xml.in +++ b/interface-definitions/service_snmp.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="snmp" owner="${vyos_conf_scripts_dir}/snmp.py"> + <node name="snmp" owner="${vyos_conf_scripts_dir}/service_snmp.py"> <properties> <help>Simple Network Management Protocol (SNMP)</help> <priority>900</priority> @@ -79,6 +79,101 @@ </properties> </leafNode> #include <include/generic-description.xml.i> + <node name="mib"> + <properties> + <help>Management information base (MIB)</help> + </properties> + <children> + <leafNode name="interface-max"> + <properties> + <help>Sets the maximum number of interfaces included in IF-MIB data collection</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Sets the maximum number of interfaces included in IF-MIB data collection</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="interface"> + <properties> + <help>Sets the interface name prefix to include in the IF-MIB data collection</help> + <completionHelp> + <list>br bond dum eth gnv macsec peth sstpc tun veth vti vtun vxlan wg wlan wwan</list> + </completionHelp> + <valueHelp> + <format>br</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>bond</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>dum</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>eth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>gnv</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>macsec</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>peth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>sstpc</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>tun</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>veth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vti</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vtun</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vxlan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wg</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wlan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wwan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <constraint> + <regex>(br|bond|dum|eth|gnv|macsec|peth|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <tagNode name="listen-address"> <properties> <help>IP address to listen for incoming SNMP requests</help> diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/service_ssh.xml.in index 2bcce2cf0..5c893bd35 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/service_ssh.xml.in @@ -5,7 +5,7 @@ <help>System services</help> </properties> <children> - <node name="ssh" owner="${vyos_conf_scripts_dir}/ssh.py"> + <node name="ssh" owner="${vyos_conf_scripts_dir}/service_ssh.py"> <properties> <help>Secure Shell (SSH)</help> <priority>1000</priority> diff --git a/interface-definitions/tftp-server.xml.in b/interface-definitions/service_tftp-server.xml.in index 8ca4da883..e48b5a3f0 100644 --- a/interface-definitions/tftp-server.xml.in +++ b/interface-definitions/service_tftp-server.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="service"> <children> - <node name="tftp-server" owner="${vyos_conf_scripts_dir}/tftp_server.py"> + <node name="tftp-server" owner="${vyos_conf_scripts_dir}/service_tftp-server.py"> <properties> <help>Trivial File Transfer Protocol (TFTP) server</help> <priority>990</priority> diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service_upnp.xml.in index 20e01bfbd..064386ee5 100644 --- a/interface-definitions/service-upnp.xml.in +++ b/interface-definitions/service_upnp.xml.in @@ -205,6 +205,7 @@ <constraint> <validator name="ipv4-address"/> <validator name="ipv4-host"/> + <validator name="ipv4-prefix"/> </constraint> </properties> </leafNode> diff --git a/interface-definitions/service-webproxy.xml.in b/interface-definitions/service_webproxy.xml.in index 637d57891..637d57891 100644 --- a/interface-definitions/service-webproxy.xml.in +++ b/interface-definitions/service_webproxy.xml.in diff --git a/interface-definitions/system-acceleration-qat.xml.in b/interface-definitions/system_acceleration.xml.in index 812484184..fb5c9d4ea 100644 --- a/interface-definitions/system-acceleration-qat.xml.in +++ b/interface-definitions/system_acceleration.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="acceleration" owner="${vyos_conf_scripts_dir}/intel_qat.py"> + <node name="acceleration" owner="${vyos_conf_scripts_dir}/system_acceleration.py"> <properties> <help>Acceleration components</help> <priority>50</priority> diff --git a/interface-definitions/system-config-mgmt.xml.in b/interface-definitions/system_config-management.xml.in index de5a8cc16..e666633b7 100644 --- a/interface-definitions/system-config-mgmt.xml.in +++ b/interface-definitions/system_config-management.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="config-management" owner="${vyos_conf_scripts_dir}/config_mgmt.py"> + <node name="config-management" owner="${vyos_conf_scripts_dir}/system_config-management.py"> <properties> <help>Configuration management settings</help> <priority>400</priority> @@ -17,24 +17,41 @@ <properties> <help>Commit archive location</help> <valueHelp> - <format>uri</format> - <description>Uniform Resource Identifier</description> + <format>http://<user>:<passwd>@<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>https://<user>:<passwd>@<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>ftp://<user>:<passwd>@<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>sftp://<user>:<passwd>@<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>scp://<user>:<passwd>@<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>tftp://<host>/<path></format> + <description/> + </valueHelp> + <valueHelp> + <format>git+https://<user>:<passwd>@<host>/<path></format> + <description/> </valueHelp> <constraint> <validator name="url --file-transport"/> + <regex>(ssh|git|git\+(\w+)):\/\/.*</regex> </constraint> <multi/> </properties> </leafNode> - <leafNode name="source-address"> - <properties> - <help>Source address or interface for archive server connections</help> - <constraint> - <validator name="ip-address"/> - #include <include/constraint/interface-name.xml.i> - </constraint> - </properties> - </leafNode> + #include <include/source-address-ipv4-ipv6.xml.i> </children> </node> <leafNode name="commit-revisions"> diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system_conntrack.xml.in index 4452f1a74..a348097cc 100644 --- a/interface-definitions/system-conntrack.xml.in +++ b/interface-definitions/system_conntrack.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="conntrack" owner="${vyos_conf_scripts_dir}/conntrack.py"> + <node name="conntrack" owner="${vyos_conf_scripts_dir}/system_conntrack.py"> <properties> <help>Connection Tracking Engine Options</help> <!-- Before NAT and conntrack-sync are configured --> @@ -218,7 +218,7 @@ </tagNode> </children> </node> - + </children> </node> <node name="log"> @@ -385,58 +385,122 @@ <help>Define custom timeouts per connection</help> </properties> <children> - <tagNode name="rule"> + <node name="ipv4"> <properties> - <help>Rule number</help> - <valueHelp> - <format>u32:1-999999</format> - <description>Number of conntrack rule</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-999999"/> - </constraint> - <constraintErrorMessage>Ignore rule number must be between 1 and 999999</constraintErrorMessage> + <help>IPv4 rules</help> </properties> <children> - #include <include/generic-description.xml.i> - <node name="destination"> - <properties> - <help>Destination parameters</help> - </properties> - <children> - #include <include/nat-address.xml.i> - #include <include/nat-port.xml.i> - </children> - </node> - <leafNode name="inbound-interface"> - <properties> - <help>Interface to ignore connections tracking on</help> - <completionHelp> - <list>any</list> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - </leafNode> - #include <include/ip-protocol.xml.i> - <node name="protocol"> + <tagNode name="rule"> <properties> - <help>Customize protocol specific timers, one protocol configuration per rule</help> + <help>Rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number of conntrack rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Ignore rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> - #include <include/conntrack/timeout-common-protocols.xml.i> + #include <include/generic-description.xml.i> + <node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/nat-address.xml.i> + #include <include/nat-port.xml.i> + </children> + </node> + <leafNode name="inbound-interface"> + <properties> + <help>Interface to ignore connections tracking on</help> + <completionHelp> + <list>any</list> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + </properties> + </leafNode> + <node name="protocol"> + <properties> + <help>Customize protocol specific timers, one protocol configuration per rule</help> + </properties> + <children> + #include <include/conntrack/timeout-custom-protocols.xml.i> + </children> + </node> + <node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/nat-address.xml.i> + #include <include/nat-port.xml.i> + </children> + </node> </children> - </node> - <node name="source"> + </tagNode> + </children> + </node> + <node name="ipv6"> + <properties> + <help>IPv6 rules</help> + </properties> + <children> + <tagNode name="rule"> <properties> - <help>Source parameters</help> + <help>Rule number</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number of conntrack rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Ignore rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> - #include <include/nat-address.xml.i> - #include <include/nat-port.xml.i> + #include <include/generic-description.xml.i> + <node name="destination"> + <properties> + <help>Destination parameters</help> + </properties> + <children> + #include <include/firewall/address-ipv6.xml.i> + #include <include/nat-port.xml.i> + </children> + </node> + <leafNode name="inbound-interface"> + <properties> + <help>Interface to ignore connections tracking on</help> + <completionHelp> + <list>any</list> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + </properties> + </leafNode> + <node name="protocol"> + <properties> + <help>Customize protocol specific timers, one protocol configuration per rule</help> + </properties> + <children> + #include <include/conntrack/timeout-custom-protocols.xml.i> + </children> + </node> + <node name="source"> + <properties> + <help>Source parameters</help> + </properties> + <children> + #include <include/firewall/address-ipv6.xml.i> + #include <include/nat-port.xml.i> + </children> + </node> </children> - </node> + </tagNode> </children> - </tagNode> + </node> </children> </node> #include <include/conntrack/timeout-common-protocols.xml.i> diff --git a/interface-definitions/system-console.xml.in b/interface-definitions/system_console.xml.in index 5acd3e90b..5acd3e90b 100644 --- a/interface-definitions/system-console.xml.in +++ b/interface-definitions/system_console.xml.in diff --git a/interface-definitions/system_domain-name.xml.in b/interface-definitions/system_domain-name.xml.in new file mode 100644 index 000000000..bfca9b8ce --- /dev/null +++ b/interface-definitions/system_domain-name.xml.in @@ -0,0 +1,15 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <leafNode name="domain-name" owner="${vyos_conf_scripts_dir}/system_host-name.py"> + <properties> + <help>System domain name</help> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system_domain-search.xml.in b/interface-definitions/system_domain-search.xml.in new file mode 100644 index 000000000..eb6c8a85c --- /dev/null +++ b/interface-definitions/system_domain-search.xml.in @@ -0,0 +1,18 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <leafNode name="domain-search" owner="${vyos_conf_scripts_dir}/system_host-name.py"> + <properties> + <help>Domain Name Server (DNS) domain completion order</help> + <priority>400</priority> + <constraint> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and period.</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/system_flow-accounting.xml.in index 40a9bb423..83a2480a3 100644 --- a/interface-definitions/flow-accounting-conf.xml.in +++ b/interface-definitions/system_flow-accounting.xml.in @@ -3,7 +3,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="flow-accounting" owner="${vyos_conf_scripts_dir}/flow_accounting_conf.py"> + <node name="flow-accounting" owner="${vyos_conf_scripts_dir}/system_flow-accounting.py"> <properties> <help>Flow accounting settings</help> <priority>990</priority> diff --git a/interface-definitions/system-frr.xml.in b/interface-definitions/system_frr.xml.in index 9fe23ed75..28242dfe4 100644 --- a/interface-definitions/system-frr.xml.in +++ b/interface-definitions/system_frr.xml.in @@ -4,7 +4,7 @@ <children> <node name="frr" owner="${vyos_conf_scripts_dir}/system_frr.py"> <properties> - <help>Configure FRR parameters</help> + <help>Configure FRRouting parameters</help> <!-- Before components that use FRR --> <priority>150</priority> </properties> @@ -15,6 +15,20 @@ <valueless/> </properties> </leafNode> + <leafNode name="descriptors"> + <properties> + <help>Number of open file descriptors a process is allowed to use</help> + <valueHelp> + <format>u32:1024-8192</format> + <description>Number of file descriptors</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1024-8192"/> + </constraint> + <constraintErrorMessage>Port number must be in range 1024 to 8192</constraintErrorMessage> + </properties> + <defaultValue>1024</defaultValue> + </leafNode> <leafNode name="irdp"> <properties> <help>Enable ICMP Router Discovery Protocol support</help> diff --git a/interface-definitions/system_host-name.xml.in b/interface-definitions/system_host-name.xml.in new file mode 100644 index 000000000..423531a68 --- /dev/null +++ b/interface-definitions/system_host-name.xml.in @@ -0,0 +1,16 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <!-- script does not use XML defaults so far --> + <leafNode name="host-name" owner="${vyos_conf_scripts_dir}/system_host-name.py"> + <properties> + <help>System host name (default: vyos)</help> + <constraint> + #include <include/constraint/host-name.xml.i> + </constraint> + </properties> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-ip.xml.in b/interface-definitions/system_ip.xml.in index 6db4dbfc7..6e3b7d5d0 100644 --- a/interface-definitions/system-ip.xml.in +++ b/interface-definitions/system_ip.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="ip" owner="${vyos_conf_scripts_dir}/system-ip.py"> + <node name="ip" owner="${vyos_conf_scripts_dir}/system_ip.py"> <properties> <help>IPv4 Settings</help> <!-- must be before any interface, check /opt/vyatta/sbin/priority.pl --> diff --git a/interface-definitions/system-ipv6.xml.in b/interface-definitions/system_ipv6.xml.in index e17e1c01c..8957cb6a7 100644 --- a/interface-definitions/system-ipv6.xml.in +++ b/interface-definitions/system_ipv6.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="ipv6" owner="${vyos_conf_scripts_dir}/system-ipv6.py"> + <node name="ipv6" owner="${vyos_conf_scripts_dir}/system_ipv6.py"> <properties> <help>IPv6 Settings</help> <!-- must be before any interface, check /opt/vyatta/sbin/priority.pl --> diff --git a/interface-definitions/system-lcd.xml.in b/interface-definitions/system_lcd.xml.in index 0cf4de308..0cf4de308 100644 --- a/interface-definitions/system-lcd.xml.in +++ b/interface-definitions/system_lcd.xml.in diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system_login.xml.in index 30fea91b0..44e1a7a92 100644 --- a/interface-definitions/system-login.xml.in +++ b/interface-definitions/system_login.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="login" owner="${vyos_conf_scripts_dir}/system-login.py"> + <node name="login" owner="${vyos_conf_scripts_dir}/system_login.py"> <properties> <help>System User Login Configuration</help> <priority>400</priority> @@ -244,21 +244,7 @@ </leafNode> </children> </tagNode> - <leafNode name="source-address"> - <properties> - <help>Source IP used to communicate with TACACS+ server</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> - </completionHelp> - <valueHelp> - <format>ipv4</format> - <description>IPv4 source address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> + #include <include/source-address-ipv4.xml.i> <leafNode name="security-mode"> <properties> <help>Security mode for TACACS+ authentication</help> diff --git a/interface-definitions/system-login-banner.xml.in b/interface-definitions/system_login_banner.xml.in index bdd0ad96a..211505ae4 100644 --- a/interface-definitions/system-login-banner.xml.in +++ b/interface-definitions/system_login_banner.xml.in @@ -2,13 +2,13 @@ <interfaceDefinition> <node name="system"> <children> - <node name="login" owner="${vyos_conf_scripts_dir}/system-login.py"> + <node name="login" owner="${vyos_conf_scripts_dir}/system_login.py"> <properties> <help>System User Login Configuration</help> <priority>400</priority> </properties> <children> - <node name="banner" owner="${vyos_conf_scripts_dir}/system-login-banner.py"> + <node name="banner" owner="${vyos_conf_scripts_dir}/system_login_banner.py"> <properties> <help>System login banners</help> </properties> diff --git a/interface-definitions/system-logs.xml.in b/interface-definitions/system_logs.xml.in index 1caa7abb6..b34cbdc39 100644 --- a/interface-definitions/system-logs.xml.in +++ b/interface-definitions/system_logs.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="logs" owner="${vyos_conf_scripts_dir}/system-logs.py"> + <node name="logs" owner="${vyos_conf_scripts_dir}/system_logs.py"> <properties> <help>Logging options</help> <priority>9999</priority> diff --git a/interface-definitions/system_name-server.xml.in b/interface-definitions/system_name-server.xml.in new file mode 100644 index 000000000..2f750abfa --- /dev/null +++ b/interface-definitions/system_name-server.xml.in @@ -0,0 +1,33 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <leafNode name="name-server" owner="${vyos_conf_scripts_dir}/system_host-name.py"> + <properties> + <help>System Domain Name Servers (DNS)</help> + <priority>400</priority> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server IPv6 address</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>Use Domain Name Server from DHCP interface</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ip-address"/> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system_option.xml.in index b1b5f7fae..602d7d100 100644 --- a/interface-definitions/system-option.xml.in +++ b/interface-definitions/system_option.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="option" owner="${vyos_conf_scripts_dir}/system-option.py"> + <node name="option" owner="${vyos_conf_scripts_dir}/system_option.py"> <properties> <help>System Options</help> <priority>9999</priority> @@ -32,6 +32,19 @@ <constraintErrorMessage>Must be ignore, reboot, or poweroff</constraintErrorMessage> </properties> </leafNode> + <node name="kernel"> + <properties> + <help>Kernel boot parameters</help> + </properties> + <children> + <leafNode name="disable-mitigations"> + <properties> + <help>Disable all optional CPU mitigations</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> <leafNode name="keyboard-layout"> <properties> <help>System keyboard layout, type ISO2</help> diff --git a/interface-definitions/system-proxy.xml.in b/interface-definitions/system_proxy.xml.in index f7ab31d7e..214534dbb 100644 --- a/interface-definitions/system-proxy.xml.in +++ b/interface-definitions/system_proxy.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="proxy" owner="${vyos_conf_scripts_dir}/system-proxy.py"> + <node name="proxy" owner="${vyos_conf_scripts_dir}/system_proxy.py"> <properties> <help>Sets a proxy for system wide use</help> </properties> diff --git a/interface-definitions/system-sflow.xml.in b/interface-definitions/system_sflow.xml.in index c5152abe9..aaf4033d8 100644 --- a/interface-definitions/system-sflow.xml.in +++ b/interface-definitions/system_sflow.xml.in @@ -106,6 +106,7 @@ </leafNode> </children> </tagNode> + #include <include/interface/vrf.xml.i> </children> </node> </children> diff --git a/interface-definitions/system_static-host-mapping.xml.in b/interface-definitions/system_static-host-mapping.xml.in new file mode 100644 index 000000000..492741f11 --- /dev/null +++ b/interface-definitions/system_static-host-mapping.xml.in @@ -0,0 +1,53 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="static-host-mapping" owner="${vyos_conf_scripts_dir}/system_host-name.py"> + <properties> + <help>Map host names to addresses</help> + <priority>400</priority> + </properties> + <children> + <tagNode name="host-name"> + <properties> + <help>Host name for static address mapping</help> + <constraint> + #include <include/constraint/host-name.xml.i> + </constraint> + <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> + </properties> + <children> + <leafNode name="alias"> + <properties> + <help>Alias for this address</help> + <constraint> + <regex>.{1,63}</regex> + </constraint> + <constraintErrorMessage>invalid alias hostname, needs to be between 1 and 63 charactes</constraintErrorMessage> + <multi /> + </properties> + </leafNode> + <leafNode name="inet"> + <properties> + <help>IP Address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/system-sysctl.xml.in b/interface-definitions/system_sysctl.xml.in index bf118c24b..bf118c24b 100644 --- a/interface-definitions/system-sysctl.xml.in +++ b/interface-definitions/system_sysctl.xml.in diff --git a/interface-definitions/system-syslog.xml.in b/interface-definitions/system_syslog.xml.in index cd5c514a8..3343e2c59 100644 --- a/interface-definitions/system-syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="syslog" owner="${vyos_conf_scripts_dir}/system-syslog.py"> + <node name="syslog" owner="${vyos_conf_scripts_dir}/system_syslog.py"> <properties> <help>System logging</help> <priority>400</priority> diff --git a/interface-definitions/cron.xml.in b/interface-definitions/system_task-scheduler.xml.in index 58dcf64ac..597d58813 100644 --- a/interface-definitions/cron.xml.in +++ b/interface-definitions/system_task-scheduler.xml.in @@ -7,7 +7,7 @@ <help>Task scheduler settings</help> </properties> <children> - <tagNode name="task" owner="${vyos_conf_scripts_dir}/task_scheduler.py"> + <tagNode name="task" owner="${vyos_conf_scripts_dir}/system_task-scheduler.py"> <properties> <help>Scheduled task</help> <valueHelp> diff --git a/interface-definitions/system-time-zone.xml.in b/interface-definitions/system_time-zone.xml.in index f6b291984..65cce9e95 100644 --- a/interface-definitions/system-time-zone.xml.in +++ b/interface-definitions/system_time-zone.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <leafNode name="time-zone" owner="${vyos_conf_scripts_dir}/system-timezone.py"> + <leafNode name="time-zone" owner="${vyos_conf_scripts_dir}/system_timezone.py"> <properties> <help>Local time zone (default UTC)</help> <priority>100</priority> diff --git a/interface-definitions/system-update-check.xml.in b/interface-definitions/system_update-check.xml.in index e4d7041ec..14570b039 100644 --- a/interface-definitions/system-update-check.xml.in +++ b/interface-definitions/system_update-check.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="system"> <children> - <node name="update-check" owner="${vyos_conf_scripts_dir}/system_update_check.py"> + <node name="update-check" owner="${vyos_conf_scripts_dir}/system_update-check.py"> <properties> <help>Check available update images</help> <priority>9999</priority> @@ -14,7 +14,7 @@ <valueless/> </properties> </leafNode> - #include <include/url.xml.i> + #include <include/url-http-https.xml.i> </children> </node> </children> diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn-l2tp.xml.in deleted file mode 100644 index ee0edc3e3..000000000 --- a/interface-definitions/vpn-l2tp.xml.in +++ /dev/null @@ -1,261 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="vpn"> - <children> - <node name="l2tp" owner="${vyos_conf_scripts_dir}/vpn_l2tp.py"> - <properties> - <help>L2TP Virtual Private Network (VPN)</help> - <priority>902</priority> - </properties> - <children> - <node name="remote-access"> - <properties> - <help>Remote access L2TP VPN</help> - </properties> - <children> - #include <include/accel-ppp/mtu-128-16384.xml.i> - <leafNode name="outside-address"> - <properties> - <help>External IP address to which VPN clients will connect</help> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> - #include <include/accel-ppp/gateway-address.xml.i> - #include <include/name-server-ipv4-ipv6.xml.i> - <node name="lns"> - <properties> - <help>L2TP Network Server (LNS)</help> - </properties> - <children> - <leafNode name="shared-secret"> - <properties> - <help>Tunnel password used to authenticate the client (LAC)</help> - </properties> - </leafNode> - <leafNode name="host-name"> - <properties> - <help>Sent to the client (LAC) in the Host-Name attribute</help> - <constraint> - #include <include/constraint/host-name.xml.i> - </constraint> - <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> - </properties> - </leafNode> - </children> - </node> - <leafNode name="ccp-disable"> - <properties> - <help>Disable Compression Control Protocol (CCP)</help> - <valueless /> - </properties> - </leafNode> - <node name="ipsec-settings"> - <properties> - <help>Internet Protocol Security (IPsec) for remote access L2TP VPN</help> - </properties> - <children> - <node name="authentication"> - <properties> - <help>IPsec authentication settings</help> - </properties> - <children> - <leafNode name="mode"> - <properties> - <help>Authentication mode for IPsec</help> - <valueHelp> - <format>pre-shared-secret</format> - <description>Use pre-shared secret for IPsec authentication</description> - </valueHelp> - <valueHelp> - <format>x509</format> - <description>Use X.509 certificate for IPsec authentication</description> - </valueHelp> - <constraint> - <regex>(pre-shared-secret|x509)</regex> - </constraint> - <completionHelp> - <list>pre-shared-secret x509</list> - </completionHelp> - </properties> - </leafNode> - #include <include/ipsec/authentication-pre-shared-secret.xml.i> - #include <include/ipsec/authentication-x509.xml.i> - </children> - </node> - <leafNode name="ike-lifetime"> - <properties> - <help>IKE lifetime</help> - <valueHelp> - <format>u32:30-86400</format> - <description>IKE lifetime in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 30-86400"/> - </constraint> - </properties> - <defaultValue>3600</defaultValue> - </leafNode> - <leafNode name="lifetime"> - <properties> - <help>ESP lifetime</help> - <valueHelp> - <format>u32:30-86400</format> - <description>IKE lifetime in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 30-86400"/> - </constraint> - </properties> - <defaultValue>3600</defaultValue> - </leafNode> - #include <include/ipsec/esp-group.xml.i> - #include <include/ipsec/ike-group.xml.i> - </children> - </node> - #include <include/accel-ppp/wins-server.xml.i> - <node name="client-ip-pool"> - <properties> - <help>Pool of client IP addresses (must be within a /24)</help> - </properties> - <children> - #include <include/accel-ppp/client-ip-pool-start-stop.xml.i> - #include <include/accel-ppp/client-ip-pool-subnet.xml.i> - </children> - </node> - #include <include/accel-ppp/client-ipv6-pool.xml.i> - #include <include/generic-description.xml.i> - #include <include/dhcp-interface.xml.i> - <leafNode name="idle"> - <properties> - <help>PPP idle timeout</help> - <valueHelp> - <format>u32:30-86400</format> - <description>PPP idle timeout in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 30-86400"/> - </constraint> - </properties> - </leafNode> - <node name="authentication"> - <properties> - <help>Authentication for remote access L2TP VPN</help> - </properties> - <children> - <leafNode name="require"> - <properties> - <help>Authentication protocol for remote access peer L2TP VPN</help> - <valueHelp> - <format>pap</format> - <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description> - </valueHelp> - <valueHelp> - <format>chap</format> - <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> - </valueHelp> - <valueHelp> - <format>mschap</format> - <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> - </valueHelp> - <valueHelp> - <format>mschap-v2</format> - <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description> - </valueHelp> - <constraint> - <regex>(pap|chap|mschap|mschap-v2)</regex> - </constraint> - <completionHelp> - <list>pap chap mschap mschap-v2</list> - </completionHelp> - <multi /> - </properties> - </leafNode> - #include <include/accel-ppp/ppp-mppe.xml.i> - #include <include/accel-ppp/auth-mode.xml.i> - #include <include/accel-ppp/auth-local-users.xml.i> - #include <include/radius-auth-server-ipv4.xml.i> - <node name="radius"> - <children> - #include <include/accel-ppp/radius-accounting-interim-interval.xml.i> - <tagNode name="server"> - <children> - #include <include/accel-ppp/radius-additions-disable-accounting.xml.i> - <leafNode name="fail-time"> - <properties> - <help>Mark server unavailable for N seconds on failure</help> - <valueHelp> - <format>u32:0-600</format> - <description>Fail time penalty</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-600"/> - </constraint> - <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="timeout"> - <properties> - <help>Timeout to wait response from server (seconds)</help> - </properties> - </leafNode> - <leafNode name="acct-timeout"> - <properties> - <help>Timeout to wait reply for Interim-Update packets</help> - </properties> - </leafNode> - <leafNode name="max-try"> - <properties> - <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help> - </properties> - </leafNode> - #include <include/radius-nas-identifier.xml.i> - #include <include/radius-nas-ip-address.xml.i> - <node name="dae-server"> - <properties> - <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - <children> - <leafNode name="ip-address"> - <properties> - <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - </leafNode> - <leafNode name="port"> - <properties> - <help>Port for Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - <defaultValue>1700</defaultValue> - </leafNode> - <leafNode name="secret"> - <properties> - <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - </leafNode> - </children> - </node> - #include <include/accel-ppp/radius-additions-rate-limit.xml.i> - </children> - </node> - </children> - </node> - <node name="ppp-options"> - <properties> - <help>Advanced protocol options</help> - </properties> - <children> - #include <include/accel-ppp/lcp-echo-interval-failure.xml.i> - #include <include/accel-ppp/ppp-options-ipv6.xml.i> - #include <include/accel-ppp/ppp-options-ipv6-interface-id.xml.i> - </children> - </node> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 64cfbda08..44ca1c7a0 100644 --- a/interface-definitions/vpn-ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -251,22 +251,22 @@ <properties> <help>Action to take if a child SA is unexpectedly closed</help> <completionHelp> - <list>none hold restart</list> + <list>none trap start</list> </completionHelp> <valueHelp> <format>none</format> <description>Do nothing</description> </valueHelp> <valueHelp> - <format>hold</format> + <format>trap</format> <description>Attempt to re-negotiate when matching traffic is seen</description> </valueHelp> <valueHelp> - <format>restart</format> + <format>start</format> <description>Attempt to re-negotiate the connection immediately</description> </valueHelp> <constraint> - <regex>(none|hold|restart)</regex> + <regex>(none|trap|start)</regex> </constraint> </properties> <defaultValue>none</defaultValue> @@ -280,10 +280,10 @@ <properties> <help>Keep-alive failure action</help> <completionHelp> - <list>hold clear restart</list> + <list>trap clear restart</list> </completionHelp> <valueHelp> - <format>hold</format> + <format>trap</format> <description>Attempt to re-negotiate the connection when matching traffic is seen</description> </valueHelp> <valueHelp> @@ -295,7 +295,7 @@ <description>Attempt to re-negotiate the connection immediately</description> </valueHelp> <constraint> - <regex>(hold|clear|restart)</regex> + <regex>(trap|clear|restart)</regex> </constraint> </properties> <defaultValue>clear</defaultValue> @@ -772,9 +772,13 @@ <properties> <help>Client authentication mode</help> <completionHelp> - <list>eap-tls eap-mschapv2 eap-radius</list> + <list>x509 eap-tls eap-mschapv2 eap-radius</list> </completionHelp> <valueHelp> + <format>x509</format> + <description>Use IPsec x.509 certificate authentication</description> + </valueHelp> + <valueHelp> <format>eap-tls</format> <description>Use EAP-TLS authentication</description> </valueHelp> @@ -787,7 +791,7 @@ <description>Use EAP-RADIUS authentication</description> </valueHelp> <constraint> - <regex>(eap-tls|eap-mschapv2|eap-radius)</regex> + <regex>(x509|eap-tls|eap-mschapv2|eap-radius)</regex> </constraint> </properties> <defaultValue>eap-mschapv2</defaultValue> @@ -822,6 +826,7 @@ #include <include/ipsec/ike-group.xml.i> #include <include/ipsec/local-address.xml.i> #include <include/ipsec/local-traffic-selector.xml.i> + #include <include/ipsec/replay-window.xml.i> <leafNode name="timeout"> <properties> <help>Timeout to close connection if no data is transmitted</help> @@ -1096,6 +1101,7 @@ </leafNode> #include <include/ipsec/local-address.xml.i> #include <include/ipsec/remote-address.xml.i> + #include <include/ipsec/replay-window.xml.i> <tagNode name="tunnel"> <properties> <help>Peer tunnel</help> diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in new file mode 100644 index 000000000..942690bca --- /dev/null +++ b/interface-definitions/vpn_l2tp.xml.in @@ -0,0 +1,146 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="vpn"> + <children> + <node name="l2tp" owner="${vyos_conf_scripts_dir}/vpn_l2tp.py"> + <properties> + <help>L2TP Virtual Private Network (VPN)</help> + <priority>902</priority> + </properties> + <children> + <node name="remote-access"> + <properties> + <help>Remote access L2TP VPN</help> + </properties> + <children> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> + #include <include/accel-ppp/mtu-128-16384.xml.i> + <leafNode name="mtu"> + <defaultValue>1436</defaultValue> + </leafNode> + <leafNode name="outside-address"> + <properties> + <help>External IP address to which VPN clients will connect</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + #include <include/accel-ppp/gateway-address.xml.i> + #include <include/name-server-ipv4-ipv6.xml.i> + <node name="lns"> + <properties> + <help>L2TP Network Server (LNS)</help> + </properties> + <children> + <leafNode name="shared-secret"> + <properties> + <help>Tunnel password used to authenticate the client (LAC)</help> + </properties> + </leafNode> + <leafNode name="host-name"> + <properties> + <help>Sent to the client (LAC) in the Host-Name attribute</help> + <constraint> + #include <include/constraint/host-name.xml.i> + </constraint> + <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <node name="ipsec-settings"> + <properties> + <help>Internet Protocol Security (IPsec) for remote access L2TP VPN</help> + </properties> + <children> + <node name="authentication"> + <properties> + <help>IPsec authentication settings</help> + </properties> + <children> + <leafNode name="mode"> + <properties> + <help>Authentication mode for IPsec</help> + <valueHelp> + <format>pre-shared-secret</format> + <description>Use pre-shared secret for IPsec authentication</description> + </valueHelp> + <valueHelp> + <format>x509</format> + <description>Use X.509 certificate for IPsec authentication</description> + </valueHelp> + <constraint> + <regex>(pre-shared-secret|x509)</regex> + </constraint> + <completionHelp> + <list>pre-shared-secret x509</list> + </completionHelp> + </properties> + </leafNode> + #include <include/ipsec/authentication-pre-shared-secret.xml.i> + #include <include/ipsec/authentication-x509.xml.i> + </children> + </node> + <leafNode name="ike-lifetime"> + <properties> + <help>IKE lifetime</help> + <valueHelp> + <format>u32:30-86400</format> + <description>IKE lifetime in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 30-86400"/> + </constraint> + </properties> + <defaultValue>3600</defaultValue> + </leafNode> + <leafNode name="lifetime"> + <properties> + <help>ESP lifetime</help> + <valueHelp> + <format>u32:30-86400</format> + <description>IKE lifetime in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 30-86400"/> + </constraint> + </properties> + <defaultValue>3600</defaultValue> + </leafNode> + #include <include/ipsec/esp-group.xml.i> + #include <include/ipsec/ike-group.xml.i> + </children> + </node> + #include <include/accel-ppp/wins-server.xml.i> + #include <include/accel-ppp/client-ip-pool.xml.i> + #include <include/accel-ppp/client-ipv6-pool.xml.i> + #include <include/generic-description.xml.i> + #include <include/dhcp-interface.xml.i> + <node name="authentication"> + <properties> + <help>Authentication for remote access L2TP VPN</help> + </properties> + <children> + #include <include/accel-ppp/auth-protocols.xml.i> + #include <include/accel-ppp/auth-mode.xml.i> + #include <include/accel-ppp/auth-local-users.xml.i> + #include <include/radius-auth-server-ipv4.xml.i> + #include <include/accel-ppp/radius-additions.xml.i> + <node name="radius"> + <children> + #include <include/accel-ppp/radius-additions-rate-limit.xml.i> + </children> + </node> + </children> + </node> + #include <include/accel-ppp/ppp-options.xml.i> + #include <include/accel-ppp/default-pool.xml.i> + #include <include/accel-ppp/default-ipv6-pool.xml.i> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in index 75c64a99a..736084f8b 100644 --- a/interface-definitions/vpn-openconnect.xml.in +++ b/interface-definitions/vpn_openconnect.xml.in @@ -260,6 +260,12 @@ </leafNode> </children> </node> + <leafNode name="http-security-headers"> + <properties> + <help>Enable HTTP security headers</help> + <valueless/> + </properties> + </leafNode> <node name="ssl"> <properties> <help>SSL Certificate, SSL Key and CA</help> diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn_pptp.xml.in index 5a8b4a78a..d23086c02 100644 --- a/interface-definitions/vpn-pptp.xml.in +++ b/interface-definitions/vpn_pptp.xml.in @@ -13,7 +13,11 @@ <help>Remote access PPTP VPN</help> </properties> <children> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> + <leafNode name="mtu"> + <defaultValue>1436</defaultValue> + </leafNode> <leafNode name="outside-address"> <properties> <help>External IP address to which VPN clients will connect</help> @@ -22,17 +26,10 @@ </constraint> </properties> </leafNode> - #include <include/name-server-ipv4.xml.i> - #include <include/accel-ppp/wins-server.xml.i> - <node name="client-ip-pool"> - <properties> - <help>Pool of client IP addresses (must be within a /24)</help> - </properties> - <children> - #include <include/accel-ppp/client-ip-pool-start-stop.xml.i> - </children> - </node> #include <include/accel-ppp/gateway-address.xml.i> + #include <include/name-server-ipv4-ipv6.xml.i> + #include <include/accel-ppp/wins-server.xml.i> + #include <include/accel-ppp/client-ip-pool.xml.i> <node name="authentication"> <properties> <help>Authentication for remote access PPTP VPN</help> @@ -41,6 +38,9 @@ <leafNode name="require"> <properties> <help>Authentication protocol for remote access peer PPTP VPN</help> + <completionHelp> + <list>pap chap mschap mschap-v2</list> + </completionHelp> <valueHelp> <format>pap</format> <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description> @@ -57,30 +57,11 @@ <format>mschap-v2</format> <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description> </valueHelp> - </properties> - </leafNode> - <leafNode name="mppe"> - <properties> - <help>Specifies mppe negotioation preference. (default require mppe 128-bit stateless</help> - <valueHelp> - <format>deny</format> - <description>deny mppe</description> - </valueHelp> - <valueHelp> - <format>prefer</format> - <description>ask client for mppe, if it rejects do not fail</description> - </valueHelp> - <valueHelp> - <format>require</format> - <description>ask client for mppe, if it rejects drop connection</description> - </valueHelp> <constraint> - <regex>(deny|prefer|require)</regex> + <regex>(pap|chap|mschap|mschap-v2)</regex> </constraint> - <completionHelp> - <list>deny prefer require</list> - </completionHelp> </properties> + <defaultValue>mschap-v2</defaultValue> </leafNode> #include <include/accel-ppp/auth-mode.xml.i> <node name="local-users"> @@ -103,6 +84,7 @@ <properties> <help>Static client IP address</help> </properties> + <defaultValue>*</defaultValue> </leafNode> </children> </tagNode> @@ -115,8 +97,22 @@ </node> #include <include/radius-auth-server-ipv4.xml.i> #include <include/accel-ppp/radius-additions.xml.i> + <node name="radius"> + <children> + <leafNode name="timeout"> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="acct-timeout"> + <defaultValue>30</defaultValue> + </leafNode> + </children> + </node> </children> </node> + #include <include/accel-ppp/default-pool.xml.i> + #include <include/accel-ppp/client-ipv6-pool.xml.i> + #include <include/accel-ppp/default-ipv6-pool.xml.i> + #include <include/accel-ppp/ppp-options.xml.i> </children> </node> </children> diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index 9e912063f..0d5d53301 100644 --- a/interface-definitions/vpn-sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -25,34 +25,19 @@ </node> </children> </node> + #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/interface/mtu-68-1500.xml.i> #include <include/accel-ppp/gateway-address.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> - <node name="client-ip-pool"> - <properties> - <help>Client IP pools and gateway setting</help> - </properties> - <children> - #include <include/accel-ppp/client-ip-pool-subnet.xml.i> - </children> - </node> + #include <include/accel-ppp/client-ip-pool.xml.i> #include <include/accel-ppp/client-ipv6-pool.xml.i> #include <include/port-number.xml.i> <leafNode name="port"> <defaultValue>443</defaultValue> </leafNode> - <node name="ppp-options"> - <properties> - <help>PPP (Point-to-Point Protocol) settings</help> - </properties> - <children> - #include <include/accel-ppp/ppp-mppe.xml.i> - #include <include/accel-ppp/ppp-options-ipv4.xml.i> - #include <include/accel-ppp/ppp-options-ipv6.xml.i> - #include <include/accel-ppp/lcp-echo-interval-failure.xml.i> - #include <include/accel-ppp/lcp-echo-timeout.xml.i> - </children> - </node> + #include <include/accel-ppp/default-pool.xml.i> + #include <include/accel-ppp/default-ipv6-pool.xml.i> + #include <include/accel-ppp/ppp-options.xml.i> <node name="ssl"> <properties> <help>SSL Certificate, SSL Key and CA</help> diff --git a/interface-definitions/vpp.xml.in b/interface-definitions/vpp.xml.in deleted file mode 100644 index 3f0758c0a..000000000 --- a/interface-definitions/vpp.xml.in +++ /dev/null @@ -1,342 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="vpp" owner="${vyos_conf_scripts_dir}/vpp.py"> - <properties> - <help>Accelerated data-plane</help> - <priority>295</priority> - </properties> - <children> - <node name="cpu"> - <properties> - <help>CPU settings</help> - </properties> - <children> - <leafNode name="corelist-workers"> - <properties> - <help>List of cores worker threads</help> - <valueHelp> - <format><id></format> - <description>CPU core id</description> - </valueHelp> - <valueHelp> - <format><idN>-<idM></format> - <description>CPU core id range (use '-' as delimiter)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--allow-range --range 0-512"/> - </constraint> - <constraintErrorMessage>not a valid CPU core value or range</constraintErrorMessage> - <multi/> - </properties> - </leafNode> - <leafNode name="main-core"> - <properties> - <help>Main core</help> - <valueHelp> - <format>u32:0-512</format> - <description>Assign main thread to specific core</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-512"/> - </constraint> - </properties> - </leafNode> - <leafNode name="skip-cores"> - <properties> - <help>Skip cores</help> - <valueHelp> - <format>u32:0-512</format> - <description>Skip cores</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-512"/> - </constraint> - </properties> - </leafNode> - <leafNode name="workers"> - <properties> - <help>Create worker threads</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Worker threads</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-512"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <tagNode name="interface"> - <properties> - <help>Interface</help> - <valueHelp> - <format>ethN</format> - <description>Interface name</description> - </valueHelp> - <constraint> - <regex>((eth|lan)[0-9]+|(eno|ens|enp|enx).+)</regex> - </constraint> - <constraintErrorMessage>Invalid interface name</constraintErrorMessage> - </properties> - <children> - <leafNode name="num-rx-desc"> - <properties> - <help>Number of receive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of receive ring descriptors</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name="num-tx-desc"> - <properties> - <help>Number of tranceive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of tranceive ring descriptors</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name="num-rx-queues"> - <properties> - <help>Number of receive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of receive queues</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name="num-tx-queues"> - <properties> - <help>Number of tranceive ring descriptors</help> - <valueHelp> - <format>u32:256-8192</format> - <description>Number of tranceive queues</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 256-8192"/> - </constraint> - </properties> - </leafNode> - <leafNode name='pci'> - <properties> - <help>PCI address allocation</help> - <valueHelp> - <format>auto</format> - <description>Auto detect PCI address</description> - </valueHelp> - <valueHelp> - <format><xxxx:xx:xx.x></format> - <description>Set Peripheral Component Interconnect (PCI) address</description> - </valueHelp> - <constraint> - <regex>(auto|[0-9a-fA-F]{4}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}\.[0-9a-fA-F])</regex> - </constraint> - </properties> - <defaultValue>auto</defaultValue> - </leafNode> - <leafNode name="rx-mode"> - <properties> - <help>Receive packet processing mode</help> - <completionHelp> - <list>polling interrupt adaptive</list> - </completionHelp> - <valueHelp> - <format>polling</format> - <description>Constantly check for new data</description> - </valueHelp> - <valueHelp> - <format>interrupt</format> - <description>Interrupt mode</description> - </valueHelp> - <valueHelp> - <format>adaptive</format> - <description>Adaptive mode</description> - </valueHelp> - <constraint> - <regex>(polling|interrupt|adaptive)</regex> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - <node name="ip"> - <properties> - <help>IP settings</help> - </properties> - <children> - <leafNode name="heap-size"> - <properties> - <help>IPv4 heap size</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Amount of memory (in Mbytes) dedicated to the destination IP lookup table</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>32</defaultValue> - </leafNode> - </children> - </node> - <node name="ip6"> - <properties> - <help>IPv6 settings</help> - </properties> - <children> - <leafNode name="heap-size"> - <properties> - <help>IPv6 heap size</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Amount of memory (in Mbytes) dedicated to the destination IP lookup table</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>32</defaultValue> - </leafNode> - <leafNode name="hash-buckets"> - <properties> - <help>IPv6 forwarding table hash buckets</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>IPv6 forwarding table hash buckets</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>65536</defaultValue> - </leafNode> - </children> - </node> - <node name="l2learn"> - <properties> - <help>Level 2 MAC address learning settings</help> - </properties> - <children> - <leafNode name="limit"> - <properties> - <help>Number of MAC addresses in the L2 FIB</help> - <valueHelp> - <format>u32:1-4294967295</format> - <description>Number of concurent entries</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967295"/> - </constraint> - </properties> - <defaultValue>4194304</defaultValue> - </leafNode> - </children> - </node> - <node name="logging"> - <properties> - <help>Loggint settings</help> - </properties> - <children> - <leafNode name="default-log-level"> - <properties> - <help>default-log-level</help> - <completionHelp> - <list>alert crit debug disabled emerg err info notice warn</list> - </completionHelp> - <valueHelp> - <format>alert</format> - <description>Alert</description> - </valueHelp> - <valueHelp> - <format>crit</format> - <description>Critical</description> - </valueHelp> - <valueHelp> - <format>debug</format> - <description>Debug</description> - </valueHelp> - <valueHelp> - <format>disabled</format> - <description>Disabled</description> - </valueHelp> - <valueHelp> - <format>emerg</format> - <description>Emergency</description> - </valueHelp> - <valueHelp> - <format>err</format> - <description>Error</description> - </valueHelp> - <valueHelp> - <format>info</format> - <description>Informational</description> - </valueHelp> - <valueHelp> - <format>notice</format> - <description>Notice</description> - </valueHelp> - <valueHelp> - <format>warn</format> - <description>Warning</description> - </valueHelp> - <constraint> - <regex>(alert|crit|debug|disabled|emerg|err|info|notice|warn)</regex> - </constraint> - </properties> - </leafNode> - </children> - </node> - <node name="physmem"> - <properties> - <help>Memory settings</help> - </properties> - <children> - <leafNode name="max-size"> - <properties> - <help>Set memory size for protectable memory allocator (pmalloc) memory space</help> - <valueHelp> - <format><number>m</format> - <description>Megabyte</description> - </valueHelp> - <valueHelp> - <format><number>g</format> - <description>Gigabyte</description> - </valueHelp> - </properties> - </leafNode> - </children> - </node> - <node name="unix"> - <properties> - <help>Unix settings</help> - </properties> - <children> - <leafNode name="poll-sleep-usec"> - <properties> - <help>Add a fixed-sleep between main loop poll</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Number of receive queues</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-4294967295"/> - </constraint> - </properties> - <defaultValue>0</defaultValue> - </leafNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/xml-component-version.xml.in b/interface-definitions/xml-component-version.xml.in index 8c9e816d1..10a1be242 100644 --- a/interface-definitions/xml-component-version.xml.in +++ b/interface-definitions/xml-component-version.xml.in @@ -19,6 +19,7 @@ #include <include/version/ids-version.xml.i> #include <include/version/ipoe-server-version.xml.i> #include <include/version/ipsec-version.xml.i> + #include <include/version/openvpn-version.xml.i> #include <include/version/isis-version.xml.i> #include <include/version/l2tp-version.xml.i> #include <include/version/lldp-version.xml.i> @@ -29,6 +30,7 @@ #include <include/version/ntp-version.xml.i> #include <include/version/openconnect-version.xml.i> #include <include/version/ospf-version.xml.i> + #include <include/version/pim-version.xml.i> #include <include/version/policy-version.xml.i> #include <include/version/pppoe-server-version.xml.i> #include <include/version/pptp-version.xml.i> |