diff options
Diffstat (limited to 'interface-definitions')
49 files changed, 1179 insertions, 449 deletions
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index 5b0c87597..4faf604ad 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -105,6 +105,456 @@ </leafNode> </children> </tagNode> + <tagNode name="authoritative-domain"> + <properties> + <help>Domain to host authoritative records for</help> + <valueHelp> + <format>text</format> + <description>An absolute DNS name</description> + </valueHelp> + <constraint> + <regex>^[-_a-zA-Z0-9.]{1,63}$</regex> + </constraint> + </properties> + <children> + <node name="records"> + <properties> + <help>DNS zone records</help> + </properties> + <children> + <tagNode name="a"> + <properties> + <help>"A" record</help> + <valueHelp> + <format>text</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + </constraint> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IPv4 address [REQUIRED]</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="aaaa"> + <properties> + <help>"AAAA" record</help> + <valueHelp> + <format>text</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + </constraint> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IPv6 address [REQUIRED]</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="cname"> + <properties> + <help>"CNAME" record</help> + <valueHelp> + <format>text</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + </constraint> + </properties> + <children> + <leafNode name="target"> + <properties> + <help>Target DNS name [REQUIRED]</help> + <valueHelp> + <format>name.example.com</format> + <description>An absolute DNS name</description> + </valueHelp> + <constraint> + <regex>^[-_a-zA-Z0-9.]{1,63}(?<!\.)$</regex> + </constraint> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="mx"> + <properties> + <help>"MX" record</help> + <valueHelp> + <format>text</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + </constraint> + </properties> + <children> + <tagNode name="server"> + <properties> + <help>Mail server [REQUIRED]</help> + <valueHelp> + <format>name.example.com</format> + <description>An absolute DNS name</description> + </valueHelp> + <constraint> + <regex>^[-_a-zA-Z0-9.]{1,63}(?<!\.)$</regex> + </constraint> + </properties> + <children> + <leafNode name="priority"> + <properties> + <help>Server priority</help> + <valueHelp> + <format>u32:1-999</format> + <description>Server priority (lower numbers are higher priority)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999"/> + </constraint> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + </children> + </tagNode> + #include <include/dns/time-to-live.xml.i> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="ptr"> + <properties> + <help>"PTR" record</help> + <valueHelp> + <format>text</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + </constraint> + </properties> + <children> + <leafNode name="target"> + <properties> + <help>Target DNS name [REQUIRED]</help> + <valueHelp> + <format>name.example.com</format> + <description>An absolute DNS name</description> + </valueHelp> + <constraint> + <regex>^[-_a-zA-Z0-9.]{1,63}(?<!\.)$</regex> + </constraint> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="txt"> + <properties> + <help>"TXT" record</help> + <valueHelp> + <format>text</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + </constraint> + </properties> + <children> + <leafNode name="value"> + <properties> + <help>Record contents [REQUIRED]</help> + <valueHelp> + <format>text</format> + <description>Record contents</description> + </valueHelp> + <multi/> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="spf"> + <properties> + <help>"SPF" record (type=SPF)</help> + <valueHelp> + <format>text</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + </constraint> + </properties> + <children> + <leafNode name="value"> + <properties> + <help>Record contents [REQUIRED]</help> + <valueHelp> + <format>text</format> + <description>Record contents</description> + </valueHelp> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="srv"> + <properties> + <help>"SRV" record</help> + <valueHelp> + <format>text</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + </constraint> + </properties> + <children> + <tagNode name="entry"> + <properties> + <help>Service entry [REQUIRED]</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Entry number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <children> + <leafNode name="hostname"> + <properties> + <help>Server hostname [REQUIRED]</help> + <valueHelp> + <format>name.example.com</format> + <description>An absolute DNS name</description> + </valueHelp> + <constraint> + <regex>^[-_a-zA-Z0-9.]{1,63}(?<!\.)$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Port number [REQUIRED]</help> + <valueHelp> + <format>u32:0-65535</format> + <description>TCP/UDP port number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65536"/> + </constraint> + </properties> + </leafNode> + <leafNode name="priority"> + <properties> + <help>Entry priority</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Entry priority (lower numbers are higher priority)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + <leafNode name="weight"> + <properties> + <help>Entry weight</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Entry weight</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + </children> + </tagNode> + #include <include/dns/time-to-live.xml.i> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="naptr"> + <properties> + <help>"NAPTR" record</help> + <valueHelp> + <format>text</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>^([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)$</regex> + </constraint> + </properties> + <children> + <tagNode name="rule"> + <properties> + <help>NAPTR rule [REQUIRED]</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Rule number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <children> + <leafNode name="order"> + <properties> + <help>Rule order</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Rule order (lower order is evaluated first)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="preference"> + <properties> + <help>Rule preference</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Rule preference</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + <leafNode name="lookup-srv"> + <properties> + <help>"S" flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="lookup-a"> + <properties> + <help>"A" flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="resolve-uri"> + <properties> + <help>"U" flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="protocol-specific"> + <properties> + <help>"P" flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="service"> + <properties> + <help>Service type</help> + <constraint> + <regex>^[a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})?$</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="regexp"> + <properties> + <help>Regular expression</help> + </properties> + </leafNode> + <leafNode name="replacement"> + <properties> + <help>Replacement DNS name</help> + <valueHelp> + <format>name.example.com</format> + <description>An absolute DNS name</description> + </valueHelp> + <constraint> + <regex>^[-_a-zA-Z0-9.]{1,63}(?<!\.)$</regex> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + #include <include/dns/time-to-live.xml.i> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + </children> + </node> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> <leafNode name="ignore-hosts-file"> <properties> <help>Do not use local /etc/hosts file in name resolution</help> @@ -114,7 +564,7 @@ <leafNode name="no-serve-rfc1918"> <properties> <help>Makes the server authoritatively not aware of RFC1918 addresses</help> - <valueless/> + <valueless/> </properties> </leafNode> <leafNode name="allow-from"> diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 1bb7fb4a1..78a48a522 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -218,7 +218,15 @@ #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> - <help>Rule number (1-9999)</help> + <help>Firewall rule number (IPv6)</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this Firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> #include <include/firewall/action.xml.i> @@ -544,7 +552,15 @@ #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> - <help>Rule number (1-9999)</help> + <help>Firewall rule number (IPv4)</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this Firewall rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>Firewall rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> #include <include/firewall/action.xml.i> diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in index 113c1d849..1b57d706c 100644 --- a/interface-definitions/flow-accounting-conf.xml.in +++ b/interface-definitions/flow-accounting-conf.xml.in @@ -14,23 +14,37 @@ <help>Buffer size</help> <valueHelp> <format>u32</format> - <description>Buffer size in MiB</description> + <description>Buffer size in MiB (default: 10)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-4294967295" /> + <validator name="numeric" argument="--range 0-4294967295"/> </constraint> </properties> + <defaultValue>10</defaultValue> + </leafNode> + <leafNode name="packet-length"> + <properties> + <help>Specifies the maximum number of bytes to capture for each packet</help> + <valueHelp> + <format>u32:128-750</format> + <description>Packet length in bytes (default: 128)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 128-750"/> + </constraint> + </properties> + <defaultValue>128</defaultValue> </leafNode> <leafNode name="enable-egress"> <properties> <help>Enable egress flow accounting</help> - <valueless /> + <valueless/> </properties> </leafNode> <leafNode name="disable-imt"> <properties> <help>Disable in memory table plugin</help> - <valueless /> + <valueless/> </properties> </leafNode> <leafNode name="syslog-facility"> @@ -166,7 +180,7 @@ <description>NetFlow maximum flows</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-4294967295" /> + <validator name="numeric" argument="--range 0-4294967295"/> </constraint> </properties> </leafNode> @@ -178,27 +192,11 @@ <description>Sampling rate (1 in N packets)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-4294967295" /> - </constraint> - </properties> - </leafNode> - <leafNode name="source-ip"> - <properties> - <help>IPv4 or IPv6 source address of NetFlow packets</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 source address of NetFlow packets</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 source address of NetFlow packets</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ipv6-address"/> + <validator name="numeric" argument="--range 0-4294967295"/> </constraint> </properties> </leafNode> + #include <include/source-address-ipv4-ipv6.xml.i> <leafNode name="version"> <properties> <help>NetFlow version to export</help> @@ -218,6 +216,7 @@ <description>Internet Protocol Flow Information Export (IPFIX)</description> </valueHelp> </properties> + <defaultValue>9</defaultValue> </leafNode> <tagNode name="server"> <properties> @@ -241,12 +240,13 @@ <help>NetFlow port number</help> <valueHelp> <format>u32:1025-65535</format> - <description>NetFlow port number (default 2055)</description> + <description>NetFlow port number (default: 2055)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1025-65535" /> + <validator name="numeric" argument="--range 1025-65535"/> </constraint> </properties> + <defaultValue>2055</defaultValue> </leafNode> </children> </tagNode> @@ -260,96 +260,104 @@ <help>Expiry scan interval</help> <valueHelp> <format>u32:0-2147483647</format> - <description>Expiry scan interval (default 60)</description> + <description>Expiry scan interval (default: 60)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-2147483647" /> + <validator name="numeric" argument="--range 0-2147483647"/> </constraint> </properties> + <defaultValue>60</defaultValue> </leafNode> <leafNode name="flow-generic"> <properties> <help>Generic flow timeout value</help> <valueHelp> <format>u32:0-2147483647</format> - <description>Generic flow timeout in seconds (default 3600)</description> + <description>Generic flow timeout in seconds (default: 3600)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-2147483647" /> + <validator name="numeric" argument="--range 0-2147483647"/> </constraint> </properties> + <defaultValue>3600</defaultValue> </leafNode> <leafNode name="icmp"> <properties> <help>ICMP timeout value</help> <valueHelp> <format>u32:0-2147483647</format> - <description>ICMP timeout in seconds (default 300)</description> + <description>ICMP timeout in seconds (default: 300)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-2147483647" /> + <validator name="numeric" argument="--range 0-2147483647"/> </constraint> </properties> + <defaultValue>300</defaultValue> </leafNode> <leafNode name="max-active-life"> <properties> <help>Max active timeout value</help> <valueHelp> <format>u32:0-2147483647</format> - <description>Max active timeout in seconds (default 604800)</description> + <description>Max active timeout in seconds (default: 604800)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-2147483647" /> + <validator name="numeric" argument="--range 0-2147483647"/> </constraint> </properties> + <defaultValue>604800</defaultValue> </leafNode> <leafNode name="tcp-fin"> <properties> <help>TCP finish timeout value</help> <valueHelp> <format>u32:0-2147483647</format> - <description>TCP FIN timeout in seconds (default 300)</description> + <description>TCP FIN timeout in seconds (default: 300)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-2147483647" /> + <validator name="numeric" argument="--range 0-2147483647"/> </constraint> </properties> + <defaultValue>300</defaultValue> </leafNode> <leafNode name="tcp-generic"> <properties> <help>TCP generic timeout value</help> <valueHelp> <format>u32:0-2147483647</format> - <description>TCP generic timeout in seconds (default 3600)</description> + <description>TCP generic timeout in seconds (default: 3600)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-2147483647" /> + <validator name="numeric" argument="--range 0-2147483647"/> </constraint> </properties> + <defaultValue>3600</defaultValue> </leafNode> <leafNode name="tcp-rst"> <properties> <help>TCP reset timeout value</help> <valueHelp> <format>u32:0-2147483647</format> - <description>TCP RST timeout in seconds (default 120)</description> + <description>TCP RST timeout in seconds (default: 120)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-2147483647" /> + <validator name="numeric" argument="--range 0-2147483647"/> </constraint> </properties> + <defaultValue>120</defaultValue> </leafNode> <leafNode name="udp"> <properties> <help>UDP timeout value</help> <valueHelp> <format>u32:0-2147483647</format> - <description>UDP timeout in seconds (default 300)</description> + <description>UDP timeout in seconds (default: 300)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-2147483647" /> + <validator name="numeric" argument="--range 0-2147483647"/> </constraint> </properties> + <defaultValue>300</defaultValue> </leafNode> </children> </node> @@ -363,17 +371,16 @@ <leafNode name="agent-address"> <properties> <help>sFlow agent IPv4 address</help> - <valueHelp> - <format>auto</format> - <description>auto select sFlow agent-address (default)</description> - </valueHelp> + <completionHelp> + <list>auto</list> + <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> + </completionHelp> <valueHelp> <format>ipv4</format> <description>sFlow IPv4 agent address</description> </valueHelp> <constraint> <validator name="ipv4-address"/> - <regex>^auto$</regex> </constraint> </properties> </leafNode> @@ -385,7 +392,7 @@ <description>Sampling rate (1 in N packets)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-4294967295" /> + <validator name="numeric" argument="--range 0-4294967295"/> </constraint> </properties> </leafNode> @@ -411,15 +418,17 @@ <help>sFlow port number</help> <valueHelp> <format>u32:1025-65535</format> - <description>sFlow port number (default 6343)</description> + <description>sFlow port number (default: 6343)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1025-65535" /> + <validator name="numeric" argument="--range 1025-65535"/> </constraint> </properties> + <defaultValue>6343</defaultValue> </leafNode> </children> </tagNode> + #include <include/source-address-ipv4-ipv6.xml.i> </children> </node> </children> diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in index f60df7c34..6fea2f1f6 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/https.xml.in @@ -101,6 +101,25 @@ <hidden/> </properties> </leafNode> + <leafNode name="socket"> + <properties> + <help>Run server on Unix domain socket</help> + <valueless/> + </properties> + </leafNode> + <node name="cors"> + <properties> + <help>Set CORS options</help> + </properties> + <children> + <leafNode name="allow-origin"> + <properties> + <help>Allow resource request from origin</help> + <multi/> + </properties> + </leafNode> + </children> + </node> </children> </node> <node name="api-restrict"> @@ -143,6 +162,7 @@ </node> </children> </node> + #include <include/interface/vrf.xml.i> </children> </node> </children> diff --git a/interface-definitions/include/bfd.xml.i b/interface-definitions/include/bfd.xml.i deleted file mode 100644 index 2bc3664e1..000000000 --- a/interface-definitions/include/bfd.xml.i +++ /dev/null @@ -1,8 +0,0 @@ -<!-- include start from bfd.xml.i --> -<leafNode name="bfd"> - <properties> - <help>Enable Bidirectional Forwarding Detection (BFD)</help> - <valueless/> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/bfd/bfd.xml.i b/interface-definitions/include/bfd/bfd.xml.i new file mode 100644 index 000000000..022956d98 --- /dev/null +++ b/interface-definitions/include/bfd/bfd.xml.i @@ -0,0 +1,10 @@ +<!-- include start from bfd/bfd.xml.i --> +<node name="bfd"> + <properties> + <help>Enable Bidirectional Forwarding Detection (BFD)</help> + </properties> + <children> + #include <include/bfd/profile.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bfd-common.xml.i b/interface-definitions/include/bfd/common.xml.i index 8379784f7..e52221441 100644 --- a/interface-definitions/include/bfd-common.xml.i +++ b/interface-definitions/include/bfd/common.xml.i @@ -1,4 +1,4 @@ -<!-- include start from bfd-common.xml.i --> +<!-- include start from bfd/common.xml.i --> <leafNode name="echo-mode"> <properties> <help>Enables the echo transmission mode</help> diff --git a/interface-definitions/include/bfd/profile.xml.i b/interface-definitions/include/bfd/profile.xml.i new file mode 100644 index 000000000..5ff057286 --- /dev/null +++ b/interface-definitions/include/bfd/profile.xml.i @@ -0,0 +1,14 @@ +<!-- include start from bfd/profile.xml.i --> +<leafNode name="profile"> + <properties> + <help>Use settings from BFD profile</help> + <completionHelp> + <path>protocols bfd profile</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>BFD profile name</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-common.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i index 62beff40c..f3fc4444c 100644 --- a/interface-definitions/include/bgp/afi-common.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i @@ -1,4 +1,4 @@ -<!-- include start from bgp/afi-common.xml.i --> +<!-- include start from bgp/neighbor-afi-ipv4-ipv6-common.xml.i --> <leafNode name="addpath-tx-all"> <properties> <help>Use addpath to advertise all paths to a neighbor</help> @@ -11,6 +11,61 @@ <valueless/> </properties> </leafNode> +<node name="conditionally-advertise"> + <properties> + <help>Use route-map to conditionally advertise routes</help> + </properties> + <children> + <leafNode name="advertise-map"> + <properties> + <help>Route-map to conditionally advertise routes</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + <regex>^[-_a-zA-Z0-9.]+$</regex> + </constraint> + <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="exist-map"> + <properties> + <help>Advertise routes only if prefixes in exist-map are installed in BGP table</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + <regex>^[-_a-zA-Z0-9.]+$</regex> + </constraint> + <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="non-exist-map"> + <properties> + <help>Advertise routes only if prefixes in non-exist-map are not installed in BGP table</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + <regex>^[-_a-zA-Z0-9.]+$</regex> + </constraint> + <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + </children> +</node> #include <include/bgp/afi-allowas-in.xml.i> <leafNode name="as-override"> <properties> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i index 45a440fd8..0eae29f5e 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-labeled-unicast.xml.i @@ -13,7 +13,7 @@ </children> </node> #include <include/bgp/afi-ipv4-prefix-list.xml.i> - #include <include/bgp/afi-common.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> #include <include/bgp/afi-default-originate.xml.i> </children> </node> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-multicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-multicast.xml.i index 6526169ca..4bb6df7c3 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv4-multicast.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-multicast.xml.i @@ -13,7 +13,7 @@ </children> </node> #include <include/bgp/afi-ipv4-prefix-list.xml.i> - #include <include/bgp/afi-common.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> #include <include/bgp/afi-default-originate.xml.i> </children> </node> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-unicast.xml.i index b7b7ca5b5..0094ce874 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv4-unicast.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-unicast.xml.i @@ -13,7 +13,7 @@ </children> </node> #include <include/bgp/afi-ipv4-prefix-list.xml.i> - #include <include/bgp/afi-common.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> #include <include/bgp/afi-default-originate.xml.i> </children> </node> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv4-vpn.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv4-vpn.xml.i index 838327bc9..220f22fe3 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv4-vpn.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv4-vpn.xml.i @@ -5,7 +5,7 @@ </properties> <children> #include <include/bgp/afi-ipv4-prefix-list.xml.i> - #include <include/bgp/afi-common.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i index f680b7357..995183571 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-labeled-unicast.xml.i @@ -14,7 +14,7 @@ </node> #include <include/bgp/afi-ipv6-nexthop-local.xml.i> #include <include/bgp/afi-ipv6-prefix-list.xml.i> - #include <include/bgp/afi-common.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> #include <include/bgp/afi-default-originate.xml.i> </children> </node> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-multicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-multicast.xml.i index 1f8db8361..bb713c313 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv6-multicast.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-multicast.xml.i @@ -6,7 +6,7 @@ <children> #include <include/bgp/afi-ipv6-nexthop-local.xml.i> #include <include/bgp/afi-ipv6-prefix-list.xml.i> - #include <include/bgp/afi-common.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> #include <include/bgp/afi-default-originate.xml.i> </children> </node> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-unicast.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-unicast.xml.i index f6b812c28..26a5e7090 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv6-unicast.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-unicast.xml.i @@ -14,7 +14,7 @@ </node> #include <include/bgp/afi-ipv6-nexthop-local.xml.i> #include <include/bgp/afi-ipv6-prefix-list.xml.i> - #include <include/bgp/afi-common.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> #include <include/bgp/afi-default-originate.xml.i> </children> </node> diff --git a/interface-definitions/include/bgp/neighbor-afi-ipv6-vpn.xml.i b/interface-definitions/include/bgp/neighbor-afi-ipv6-vpn.xml.i index c0df71cf3..5c6811986 100644 --- a/interface-definitions/include/bgp/neighbor-afi-ipv6-vpn.xml.i +++ b/interface-definitions/include/bgp/neighbor-afi-ipv6-vpn.xml.i @@ -6,7 +6,7 @@ <children> #include <include/bgp/afi-ipv6-nexthop-local.xml.i> #include <include/bgp/afi-ipv6-prefix-list.xml.i> - #include <include/bgp/afi-common.xml.i> + #include <include/bgp/neighbor-afi-ipv4-ipv6-common.xml.i> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/bgp/neighbor-bfd.xml.i b/interface-definitions/include/bgp/neighbor-bfd.xml.i index d486bdd8a..fac2a1166 100644 --- a/interface-definitions/include/bgp/neighbor-bfd.xml.i +++ b/interface-definitions/include/bgp/neighbor-bfd.xml.i @@ -4,6 +4,7 @@ <help>Enable Bidirectional Forwarding Detection (BFD) support</help> </properties> <children> + #include <include/bfd/profile.xml.i> <leafNode name="check-control-plane-failure"> <properties> <help>Allow to write CBIT independence in BFD outgoing packets and read both C-BIT value of BFD and lookup BGP peer status</help> diff --git a/interface-definitions/include/bgp/neighbor-shutdown.xml.i b/interface-definitions/include/bgp/neighbor-shutdown.xml.i index 6d15899a6..acc7bc5a9 100644 --- a/interface-definitions/include/bgp/neighbor-shutdown.xml.i +++ b/interface-definitions/include/bgp/neighbor-shutdown.xml.i @@ -1,7 +1,7 @@ <!-- include start from bgp/neighbor-shutdown.xml.i --> <leafNode name="shutdown"> <properties> - <help>Administratively shut down this neighbor</help> + <help>Administratively shutdown this neighbor</help> <valueless/> </properties> </leafNode> diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index 2dfae517e..8214d0779 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -1181,6 +1181,26 @@ </leafNode> </children> </node> + <node name="conditional-advertisement"> + <properties> + <help>Conditional advertisement settings</help> + </properties> + <children> + <leafNode name="timer"> + <properties> + <help>Set period to rescan BGP table to check if condition is met</help> + <valueHelp> + <format>u32:5-240</format> + <description>Period to rerun the conditional advertisement scanner process (default: 60)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-240"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> + </leafNode> + </children> + </node> <node name="dampening"> <properties> <help>Enable route-flap dampening</help> @@ -1343,6 +1363,12 @@ <valueless/> </properties> </leafNode> + <leafNode name="fast-convergence"> + <properties> + <help>Teardown sessions immediately whenever peer becomes unreachable</help> + <valueless/> + </properties> + </leafNode> <node name="graceful-restart"> <properties> <help>Graceful restart capability parameters</help> @@ -1374,6 +1400,18 @@ <valueless/> </properties> </leafNode> + <leafNode name="minimum-holdtime"> + <properties> + <help>BGP minimum holdtime</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Minimum holdtime in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> <leafNode name="network-import-check"> <properties> <help>Enable IGP route check for network statements</help> @@ -1392,6 +1430,24 @@ <valueless/> </properties> </leafNode> + <leafNode name="reject-as-sets"> + <properties> + <help>Reject routes with AS_SET or AS_CONFED_SET flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="shutdown"> + <properties> + <help>Administrative shutdown of the BGP instance</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="suppress-fib-pending"> + <properties> + <help>Advertise only routes that are programmed in kernel to peers</help> + <valueless/> + </properties> + </leafNode> #include <include/router-id.xml.i> </children> </node> @@ -1441,4 +1497,4 @@ #include <include/bgp/timers-keepalive.xml.i> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/dhcp/ntp-server.xml.i b/interface-definitions/include/dhcp/ntp-server.xml.i index 32d8207e5..4d7235aa1 100644 --- a/interface-definitions/include/dhcp/ntp-server.xml.i +++ b/interface-definitions/include/dhcp/ntp-server.xml.i @@ -1,15 +1,15 @@ <!-- include start from dhcp/ntp-server.xml.i --> - <leafNode name="ntp-server"> - <properties> - <help>IP address of NTP server</help> - <valueHelp> - <format>ipv4</format> - <description>NTP server IPv4 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <multi/> - </properties> - </leafNode> +<leafNode name="ntp-server"> + <properties> + <help>IP address of NTP server</help> + <valueHelp> + <format>ipv4</format> + <description>NTP server IPv4 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> +</leafNode> <!-- include end --> diff --git a/interface-definitions/include/dns/time-to-live.xml.i b/interface-definitions/include/dns/time-to-live.xml.i new file mode 100644 index 000000000..5c1a1472d --- /dev/null +++ b/interface-definitions/include/dns/time-to-live.xml.i @@ -0,0 +1,15 @@ +<!-- include start from dns/time-to-live.xml.i --> +<leafNode name="ttl"> + <properties> + <help>Time-to-live (TTL)</help> + <valueHelp> + <format>u32:0-2147483647</format> + <description>TTL in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647"/> + </constraint> + </properties> + <defaultValue>300</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/netns.xml.i b/interface-definitions/include/interface/netns.xml.i new file mode 100644 index 000000000..39f9118fa --- /dev/null +++ b/interface-definitions/include/interface/netns.xml.i @@ -0,0 +1,14 @@ +<!-- include start from interface/netns.xml.i --> +<leafNode name="netns"> + <properties> + <help>Network namespace name</help> + <valueHelp> + <format>text</format> + <description>Network namespace name</description> + </valueHelp> + <completionHelp> + <path>netns name</path> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/vrf.xml.i b/interface-definitions/include/interface/vrf.xml.i index 5ad978a27..8605f56e8 100644 --- a/interface-definitions/include/interface/vrf.xml.i +++ b/interface-definitions/include/interface/vrf.xml.i @@ -3,7 +3,7 @@ <properties> <help>VRF instance name</help> <valueHelp> - <format>text</format> + <format>txt</format> <description>VRF instance name</description> </valueHelp> <completionHelp> diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i index 84e2f7bb2..8ffa14a19 100644 --- a/interface-definitions/include/isis/protocol-common-config.xml.i +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -648,7 +648,7 @@ </completionHelp> </properties> <children> - #include <include/bfd.xml.i> + #include <include/bfd/bfd.xml.i> <leafNode name="circuit-type"> <properties> <help>Configure circuit type for interface</help> diff --git a/interface-definitions/include/listen-address-ipv4.xml.i b/interface-definitions/include/listen-address-ipv4.xml.i index ee52cebe8..9cca297a0 100644 --- a/interface-definitions/include/listen-address-ipv4.xml.i +++ b/interface-definitions/include/listen-address-ipv4.xml.i @@ -1,13 +1,13 @@ <!-- include start from listen-address-ipv4.xml.i --> <leafNode name="listen-address"> <properties> - <help>Local IPv4 addresses for service to listen on</help> + <help>Local IPv4 addresses to listen on</help> <completionHelp> <script>${vyos_completion_dir}/list_local_ips.sh --ipv4</script> </completionHelp> <valueHelp> <format>ipv4</format> - <description>IP address to listen for incoming connections</description> + <description>IPv4 address to listen for incoming connections</description> </valueHelp> <multi/> <constraint> diff --git a/interface-definitions/include/listen-address-vrf.xml.i b/interface-definitions/include/listen-address-vrf.xml.i index 7ec9eace4..8c2bdce70 100644 --- a/interface-definitions/include/listen-address-vrf.xml.i +++ b/interface-definitions/include/listen-address-vrf.xml.i @@ -1,13 +1,13 @@ <!-- include start from listen-address-vrf.xml.i --> <tagNode name="listen-address"> <properties> - <help>Local IP addresses for service to listen on</help> + <help>Local IP addresses to listen on</help> <completionHelp> <script>${vyos_completion_dir}/list_local_ips.sh --both</script> </completionHelp> <valueHelp> <format>ipv4</format> - <description>IP address to listen for incoming connections</description> + <description>IPv4 address to listen for incoming connections</description> </valueHelp> <valueHelp> <format>ipv6</format> diff --git a/interface-definitions/include/listen-address.xml.i b/interface-definitions/include/listen-address.xml.i index 9b86851c7..19ddf0bb0 100644 --- a/interface-definitions/include/listen-address.xml.i +++ b/interface-definitions/include/listen-address.xml.i @@ -1,13 +1,13 @@ <!-- include start from listen-address.xml.i --> <leafNode name="listen-address"> <properties> - <help>Local IP addresses for service to listen on</help> + <help>Local IP addresses to listen on</help> <completionHelp> <script>${vyos_completion_dir}/list_local_ips.sh --both</script> </completionHelp> <valueHelp> <format>ipv4</format> - <description>IP address to listen for incoming connections</description> + <description>IPv4 address to listen for incoming connections</description> </valueHelp> <valueHelp> <format>ipv6</format> diff --git a/interface-definitions/include/ospf/auto-cost.xml.i b/interface-definitions/include/ospf/auto-cost.xml.i new file mode 100644 index 000000000..3e6cc8232 --- /dev/null +++ b/interface-definitions/include/ospf/auto-cost.xml.i @@ -0,0 +1,22 @@ +<!-- include start from ospf/auto-cost.xml.i --> +<node name="auto-cost"> + <properties> + <help>Calculate interface cost according to bandwidth</help> + </properties> + <children> + <leafNode name="reference-bandwidth"> + <properties> + <help>Reference bandwidth method to assign cost (default: 100)</help> + <valueHelp> + <format>u32:1-4294967</format> + <description>Reference bandwidth cost in Mbits/sec</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967"/> + </constraint> + </properties> + <defaultValue>100</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ospf/default-information.xml.i b/interface-definitions/include/ospf/default-information.xml.i new file mode 100644 index 000000000..50cda54a4 --- /dev/null +++ b/interface-definitions/include/ospf/default-information.xml.i @@ -0,0 +1,25 @@ +<!-- include start from ospf/intervals.xml.i --> +<node name="default-information"> + <properties> + <help>Default route advertisment settings</help> + </properties> + <children> + <node name="originate"> + <properties> + <help>Distribute a default route</help> + </properties> + <children> + <leafNode name="always"> + <properties> + <help>Always advertise a default route</help> + <valueless/> + </properties> + </leafNode> + #include <include/ospf/metric.xml.i> + #include <include/ospf/metric-type.xml.i> + #include <include/route-map.xml.i> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/ospf/interface-common.xml.i b/interface-definitions/include/ospf/interface-common.xml.i index 4b0aef380..738651594 100644 --- a/interface-definitions/include/ospf/interface-common.xml.i +++ b/interface-definitions/include/ospf/interface-common.xml.i @@ -1,5 +1,5 @@ <!-- include start from ospf/interface-common.xml.i --> -#include <include/bfd.xml.i> +#include <include/bfd/bfd.xml.i> <leafNode name="cost"> <properties> <help>Interface cost</help> diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i index ac165a157..688e78034 100644 --- a/interface-definitions/include/ospf/protocol-common-config.xml.i +++ b/interface-definitions/include/ospf/protocol-common-config.xml.i @@ -275,49 +275,8 @@ </tagNode> </children> </tagNode> -<node name="auto-cost"> - <properties> - <help>Calculate OSPF interface cost according to bandwidth (default: 100)</help> - </properties> - <children> - <leafNode name="reference-bandwidth"> - <properties> - <help>Reference bandwidth method to assign OSPF cost</help> - <valueHelp> - <format>u32:1-4294967</format> - <description>Reference bandwidth cost in Mbits/sec</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967"/> - </constraint> - </properties> - <defaultValue>100</defaultValue> - </leafNode> - </children> -</node> -<node name="default-information"> - <properties> - <help>Default route advertisment settings</help> - </properties> - <children> - <node name="originate"> - <properties> - <help>Distribute a default route</help> - </properties> - <children> - <leafNode name="always"> - <properties> - <help>Always advertise a default route</help> - <valueless/> - </properties> - </leafNode> - #include <include/ospf/metric.xml.i> - #include <include/ospf/metric-type.xml.i> - #include <include/route-map.xml.i> - </children> - </node> - </children> -</node> +#include <include/ospf/auto-cost.xml.i> +#include <include/ospf/default-information.xml.i> <leafNode name="default-metric"> <properties> <help>Metric of redistributed routes</help> diff --git a/interface-definitions/include/ospfv3/no-summary.xml.i b/interface-definitions/include/ospfv3/no-summary.xml.i new file mode 100644 index 000000000..a6afda3e0 --- /dev/null +++ b/interface-definitions/include/ospfv3/no-summary.xml.i @@ -0,0 +1,8 @@ +<!-- include start from ospfv3/no-summary.xml.i --> +<leafNode name="no-summary"> + <properties> + <help>Do not inject inter-area routes into the stub</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ospfv3/protocol-common-config.xml.i b/interface-definitions/include/ospfv3/protocol-common-config.xml.i index a93939a34..5d08debda 100644 --- a/interface-definitions/include/ospfv3/protocol-common-config.xml.i +++ b/interface-definitions/include/ospfv3/protocol-common-config.xml.i @@ -21,17 +21,26 @@ <help>OSPFv3 Area type</help> </properties> <children> - <node name="stub"> + <node name="nssa"> <properties> - <help>Stub OSPFv3 area</help> + <help>NSSA OSPFv3 area</help> </properties> <children> - <leafNode name="no-summary"> + <leafNode name="default-information-originate"> <properties> - <help>Do not inject inter-area routes into the stub</help> + <help>Originate Type 7 default into NSSA area</help> <valueless/> </properties> </leafNode> + #include <include/ospfv3/no-summary.xml.i> + </children> + </node> + <node name="stub"> + <properties> + <help>Stub OSPFv3 area</help> + </properties> + <children> + #include <include/ospfv3/no-summary.xml.i> </children> </node> </children> @@ -80,6 +89,8 @@ </tagNode> </children> </tagNode> +#include <include/ospf/auto-cost.xml.i> +#include <include/ospf/default-information.xml.i> <node name="distance"> <properties> <help>Administrative distance</help> diff --git a/interface-definitions/include/snmp/access-mode.xml.i b/interface-definitions/include/snmp/access-mode.xml.i new file mode 100644 index 000000000..1fce2364e --- /dev/null +++ b/interface-definitions/include/snmp/access-mode.xml.i @@ -0,0 +1,23 @@ +<!-- include start from snmp/access-mode.xml.i --> +<leafNode name="mode"> + <properties> + <help>Define access permission</help> + <completionHelp> + <list>ro rw</list> + </completionHelp> + <valueHelp> + <format>ro</format> + <description>Read-Only (default)</description> + </valueHelp> + <valueHelp> + <format>rw</format> + <description>read write</description> + </valueHelp> + <constraint> + <regex>^(ro|rw)$</regex> + </constraint> + <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> + </properties> + <defaultValue>ro</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/snmp/authentication-type.xml.i b/interface-definitions/include/snmp/authentication-type.xml.i new file mode 100644 index 000000000..2a545864a --- /dev/null +++ b/interface-definitions/include/snmp/authentication-type.xml.i @@ -0,0 +1,22 @@ +<!-- include start from snmp/authentication-type.xml.i --> +<leafNode name="type"> + <properties> + <help>Define used protocol</help> + <completionHelp> + <list>md5 sha</list> + </completionHelp> + <valueHelp> + <format>md5</format> + <description>Message Digest 5 (default)</description> + </valueHelp> + <valueHelp> + <format>sha</format> + <description>Secure Hash Algorithm</description> + </valueHelp> + <constraint> + <regex>^(md5|sha)$</regex> + </constraint> + </properties> + <defaultValue>md5</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/snmp/privacy-type.xml.i b/interface-definitions/include/snmp/privacy-type.xml.i new file mode 100644 index 000000000..47a1e632e --- /dev/null +++ b/interface-definitions/include/snmp/privacy-type.xml.i @@ -0,0 +1,22 @@ +<!-- include start from snmp/privacy-type.xml.i --> +<leafNode name="type"> + <properties> + <help>Defines the protocol for privacy</help> + <completionHelp> + <list>des aes</list> + </completionHelp> + <valueHelp> + <format>des</format> + <description>Data Encryption Standard (default)</description> + </valueHelp> + <valueHelp> + <format>aes</format> + <description>Advanced Encryption Standard</description> + </valueHelp> + <constraint> + <regex>^(des|aes)$</regex> + </constraint> + </properties> + <defaultValue>des</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/snmp/protocol.xml.i b/interface-definitions/include/snmp/protocol.xml.i new file mode 100644 index 000000000..335736724 --- /dev/null +++ b/interface-definitions/include/snmp/protocol.xml.i @@ -0,0 +1,22 @@ +<!-- include start from snmp/protocol.xml.i -->
+<leafNode name="protocol">
+ <properties>
+ <help>Protocol to be used (TCP/UDP)</help>
+ <completionHelp>
+ <list>udp tcp</list>
+ </completionHelp>
+ <valueHelp>
+ <format>udp</format>
+ <description>Listen protocol UDP (default)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>tcp</format>
+ <description>Listen protocol TCP</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(udp|tcp)$</regex>
+ </constraint>
+ </properties>
+ <defaultValue>udp</defaultValue>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in index 1231b1492..3bca8b950 100644 --- a/interface-definitions/interfaces-dummy.xml.in +++ b/interface-definitions/interfaces-dummy.xml.in @@ -29,6 +29,7 @@ #include <include/interface/source-validation.xml.i> </children> </node> + #include <include/interface/netns.xml.i> #include <include/interface/vrf.xml.i> </children> </tagNode> diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in index e08b2fdab..fd69fd177 100644 --- a/interface-definitions/interfaces-tunnel.xml.in +++ b/interface-definitions/interfaces-tunnel.xml.in @@ -68,39 +68,39 @@ </valueHelp> <valueHelp> <format>gre</format> - <description>Generic Routing Encapsulation</description> + <description>Generic Routing Encapsulation (network layer)</description> </valueHelp> <valueHelp> <format>gretap</format> - <description>Generic Routing Encapsulation (virtual L2 tunnel)</description> + <description>Generic Routing Encapsulation (datalink layer)</description> </valueHelp> <valueHelp> <format>ip6erspan</format> - <description>Encapsulated Remote Switched Port Analyzer over IPv6 network</description> + <description>Encapsulated Remote Switched Port Analyzer over IPv6</description> </valueHelp> <valueHelp> <format>ip6gre</format> - <description>GRE over IPv6 network</description> + <description>GRE over IPv6 (network layer)</description> </valueHelp> <valueHelp> <format>ip6gretap</format> - <description>Generic Routing Encapsulation over IPv6 (virtual L2 tunnel)</description> + <description>GRE over IPv6 (datalink layer)</description> </valueHelp> <valueHelp> <format>ip6ip6</format> - <description>IP6 in IP6 encapsulation</description> + <description>IPv6 in IPv6 encapsulation</description> </valueHelp> <valueHelp> <format>ipip</format> - <description>IP in IP encapsulation</description> + <description>IPv4 in IPv4 encapsulation</description> </valueHelp> <valueHelp> <format>ipip6</format> - <description>IP in IP6 encapsulation</description> + <description>IPv4 in IP6 encapsulation</description> </valueHelp> <valueHelp> <format>sit</format> - <description>Simple Internet Transition encapsulation</description> + <description>Simple Internet Transition (IPv6 in IPv4)</description> </valueHelp> <constraint> <regex>^(erspan|gre|gretap|ip6erspan|ip6gre|ip6gretap|ip6ip6|ipip|ipip6|sit)$</regex> @@ -116,11 +116,11 @@ </completionHelp> <valueHelp> <format>enable</format> - <description>Enable Multicast</description> + <description>Enable multicast</description> </valueHelp> <valueHelp> <format>disable</format> - <description>Disable Multicast (default)</description> + <description>Disable multicast (default)</description> </valueHelp> <constraint> <regex>^(enable|disable)$</regex> @@ -135,22 +135,22 @@ <children> <node name="erspan"> <properties> - <help>ERSPAN Tunnel parameters</help> + <help>ERSPAN tunnel parameters</help> </properties> <children> <leafNode name="direction"> <properties> - <help>Specifies mirrored traffic direction</help> + <help>Mirrored traffic direction</help> <completionHelp> <list>ingress egress</list> </completionHelp> <valueHelp> <format>ingress</format> - <description>Mirror ingress direction</description> + <description>Mirror ingress traffic</description> </valueHelp> <valueHelp> <format>egress</format> - <description>Mirror egress direction</description> + <description>Mirror egress traffic</description> </valueHelp> <constraint> <regex>^(ingress|egress)$</regex> @@ -159,10 +159,10 @@ </leafNode> <leafNode name="hw-id"> <properties> - <help>Unique identifier of ERSPAN engine within a system</help> + <help>Unique identifier of an ERSPAN engine within a system</help> <valueHelp> <format>u32:0-1048575</format> - <description>Unique identifier of ERSPAN engine</description> + <description>Unique identifier of an ERSPAN engine</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-1048575"/> @@ -171,7 +171,7 @@ </leafNode> <leafNode name="index"> <properties> - <help>Specifify ERSPAN version 1 index field</help> + <help>ERSPAN version 1 index field</help> <valueHelp> <format>u32:0-63</format> <description>Platform-depedent field for specifying port number and direction</description> @@ -205,18 +205,18 @@ </node> <node name="ip"> <properties> - <help>IPv4 specific tunnel parameters</help> + <help>IPv4-specific tunnel parameters</help> </properties> <children> <leafNode name="no-pmtu-discovery"> <properties> - <help>Disable Path MTU Discovery on this tunnel</help> + <help>Disable path MTU discovery</help> <valueless/> </properties> </leafNode> <leafNode name="ignore-df"> <properties> - <help>Enable IPv4 DF suppression on this tunnel</help> + <help>Ignore the DF (don't fragment) bit</help> <valueless/> </properties> </leafNode> @@ -230,7 +230,7 @@ </node> <node name="ipv6"> <properties> - <help>IPv6 specific tunnel parameters</help> + <help>IPv6-specific tunnel parameters</help> </properties> <children> <leafNode name="encaplimit"> @@ -241,11 +241,11 @@ </completionHelp> <valueHelp> <format>u32:0-255</format> - <description>Encaplimit (default: 4)</description> + <description>Encapsulation limit (default: 4)</description> </valueHelp> <valueHelp> <format>none</format> - <description>Encaplimit disabled</description> + <description>Disable encapsulation limit</description> </valueHelp> <constraint> <regex>^(none)$</regex> @@ -261,12 +261,12 @@ <help>Hoplimit</help> <valueHelp> <format>u32:0-255</format> - <description>Hoplimit (default 64)</description> + <description>Hop limit (default: 64)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-255"/> </constraint> - <constraintErrorMessage>hoplimit must be between 0-255</constraintErrorMessage> + <constraintErrorMessage>hop limit must be between 0-255</constraintErrorMessage> </properties> <defaultValue>64</defaultValue> </leafNode> diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in index 0c13dd4d3..4c3c3ac71 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -19,6 +19,18 @@ #include <include/interface/address-ipv4-ipv6.xml.i> #include <include/interface/description.xml.i> #include <include/interface/disable.xml.i> + <leafNode name="external"> + <properties> + <help>Use external control plane</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="gpe"> + <properties> + <help>Enable Generic Protocol extension (VXLAN-GPE)</help> + <valueless/> + </properties> + </leafNode> <leafNode name="group"> <properties> <help>Multicast group address for VXLAN interface</help> diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in index 3cf3ba6aa..f79680947 100644 --- a/interface-definitions/nat.xml.in +++ b/interface-definitions/nat.xml.in @@ -18,6 +18,7 @@ <properties> <help>Inbound interface of NAT traffic</help> <completionHelp> + <list>any</list> <script>${vyos_completion_dir}/list_interfaces.py</script> </completionHelp> </properties> diff --git a/interface-definitions/netns.xml.in b/interface-definitions/netns.xml.in new file mode 100644 index 000000000..80de805fb --- /dev/null +++ b/interface-definitions/netns.xml.in @@ -0,0 +1,23 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="netns" owner="${vyos_conf_scripts_dir}/netns.py"> + <properties> + <help>Network namespace</help> + <priority>299</priority> + </properties> + <children> + <tagNode name="name"> + <properties> + <help>Network namespace name</help> + <constraint> + <regex>^[a-zA-Z0-9-_]{1,100}</regex> + </constraint> + <constraintErrorMessage>Netns name must be alphanumeric and can contain hyphens and underscores.</constraintErrorMessage> + </properties> + <children> + #include <include/interface/description.xml.i> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/protocols-bfd.xml.in b/interface-definitions/protocols-bfd.xml.in index d5a968001..a9957d884 100644 --- a/interface-definitions/protocols-bfd.xml.in +++ b/interface-definitions/protocols-bfd.xml.in @@ -26,18 +26,7 @@ </constraint> </properties> <children> - <leafNode name="profile"> - <properties> - <help>Use settings from BFD profile</help> - <completionHelp> - <path>protocols bfd profile</path> - </completionHelp> - <valueHelp> - <format>txt</format> - <description>BFD profile name</description> - </valueHelp> - </properties> - </leafNode> + #include <include/bfd/profile.xml.i> <node name="source"> <properties> <help>Bind listener to specified interface/address, mandatory for IPv6</help> @@ -66,7 +55,7 @@ </leafNode> </children> </node> - #include <include/bfd-common.xml.i> + #include <include/bfd/common.xml.i> <leafNode name="multihop"> <properties> <help>Allow this BFD peer to not be directly connected</help> @@ -88,7 +77,7 @@ </constraint> </properties> <children> - #include <include/bfd-common.xml.i> + #include <include/bfd/common.xml.i> </children> </tagNode> </children> diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 188aed6c4..97952d882 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -70,19 +70,27 @@ <children> <leafNode name="vlan-id"> <properties> - <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help> + <help>VLAN monitor for the automatic creation of single vlan</help> + <valueHelp> + <format>u32:1-4094</format> + <description>VLAN monitor for the automatic creation of single vlan</description> + </valueHelp> <constraint> - <validator name="numeric" argument="--range 1-4096"/> + <validator name="numeric" argument="--range 1-4094"/> </constraint> - <constraintErrorMessage>VLAN ID needs to be between 1 and 4096</constraintErrorMessage> + <constraintErrorMessage>VLAN ID needs to be between 1 and 4094</constraintErrorMessage> <multi/> </properties> </leafNode> <leafNode name="vlan-range"> <properties> - <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help> + <help>VLAN monitor for the automatic creation of vlans range</help> + <valueHelp> + <format>start-end</format> + <description>VLAN monitor range for the automatic creation of vlans (e.g. 1-4094)</description> + </valueHelp> <constraint> - <regex>(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})-(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})</regex> + <validator name="range" argument="--min=1 --max=4094"/> </constraint> <multi/> </properties> diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in index 949536fe7..67d3aef9a 100644 --- a/interface-definitions/snmp.xml.in +++ b/interface-definitions/snmp.xml.in @@ -20,23 +20,24 @@ <children> <leafNode name="authorization"> <properties> - <help>Authorization type (default: 'ro')</help> + <help>Authorization type</help> <completionHelp> <list>ro rw</list> </completionHelp> <valueHelp> <format>ro</format> - <description>read only</description> + <description>Read-Only (default)</description> </valueHelp> <valueHelp> <format>rw</format> - <description>read write</description> + <description>Read-Write</description> </valueHelp> <constraint> <regex>^(ro|rw)$</regex> </constraint> <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> </properties> + <defaultValue>ro</defaultValue> </leafNode> <leafNode name="client"> <properties> @@ -105,18 +106,9 @@ </constraint> </properties> <children> + #include <include/port-number.xml.i> <leafNode name="port"> - <properties> - <help>Port for SNMP service (default: '161')</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Numeric IP port</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - <constraintErrorMessage>Port number must be in range 1 to 65535</constraintErrorMessage> - </properties> + <defaultValue>161</defaultValue> </leafNode> </children> </tagNode> @@ -131,50 +123,27 @@ </leafNode> <leafNode name="oid-enable"> <properties> - <help>Enable specific oids</help> - <valueHelp> - <format>txt</format> - <description>Enable specific oids</description> - </valueHelp> - <valueHelp> - <format>route-table</format> - <description>Enable route table oids (ipCidrRouteTable inetCidrRouteTable)</description> - </valueHelp> + <help>Enable specific OIDs</help> <completionHelp> <list>route-table</list> </completionHelp> - <constraint> - <regex>^(route-table)$</regex> - </constraint> - <constraintErrorMessage>Oid must be 'route-table'</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="protocol"> - <properties> - <help>Listen protocol for SNMP</help> - <completionHelp> - <list>udp tcp</list> - </completionHelp> <valueHelp> - <format>udp</format> - <description>Listen protocol UDP (default)</description> - </valueHelp> - <valueHelp> - <format>tcp</format> - <description>Listen protocol TCP</description> + <format>route-table</format> + <description>Enable routing table OIDs (ipCidrRouteTable inetCidrRouteTable)</description> </valueHelp> <constraint> - <regex>^(udp|tcp)$</regex> + <regex>^(route-table)$</regex> </constraint> + <constraintErrorMessage>OID must be 'route-table'</constraintErrorMessage> </properties> - <defaultValue>udp</defaultValue> </leafNode> + #include <include/snmp/protocol.xml.i> <leafNode name="smux-peer"> <properties> <help>Register a subtree for SMUX-based processing</help> <valueHelp> - <format>oid</format> - <description>Object Identifier</description> + <format>txt</format> + <description>SNMP Object Identifier</description> </valueHelp> <multi/> </properties> @@ -218,18 +187,9 @@ <help>Community used when sending trap information</help> </properties> </leafNode> + #include <include/port-number.xml.i> <leafNode name="port"> - <properties> - <help>Destination port used for trap notification</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Numeric IP port</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - <constraintErrorMessage>Port number must be in range 1 to 65535</constraintErrorMessage> - </properties> + <defaultValue>162</defaultValue> </leafNode> </children> </tagNode> @@ -246,32 +206,14 @@ </constraint> <constraintErrorMessage>ID must contain an even number (from 2 to 36) of hex digits</constraintErrorMessage> </properties> + <defaultValue></defaultValue> </leafNode> <tagNode name="group"> <properties> <help>Specifies the group with name groupname</help> </properties> <children> - <leafNode name="mode"> - <properties> - <help>Define group access permission (default: 'ro')</help> - <completionHelp> - <list>ro rw</list> - </completionHelp> - <valueHelp> - <format>ro</format> - <description>read only</description> - </valueHelp> - <valueHelp> - <format>rw</format> - <description>read write</description> - </valueHelp> - <constraint> - <regex>^(ro|rw)$</regex> - </constraint> - <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> - </properties> - </leafNode> + #include <include/snmp/access-mode.xml.i> <leafNode name="seclevel"> <properties> <help>Security levels</help> @@ -284,7 +226,7 @@ </valueHelp> <valueHelp> <format>auth</format> - <description>Messages are authenticated but not encrypted (authNoPriv)</description> + <description>Messages are authenticated but not encrypted (authNoPriv, default)</description> </valueHelp> <valueHelp> <format>priv</format> @@ -294,6 +236,7 @@ <regex>^(noauth|auth|priv)$</regex> </constraint> </properties> + <defaultValue>auth</defaultValue> </leafNode> <leafNode name="view"> <properties> @@ -345,39 +288,12 @@ <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> </leafNode> - <leafNode name="type"> - <properties> - <help>Defines the protocol used for authentication (default: 'md5')</help> - <completionHelp> - <list>md5 sha</list> - </completionHelp> - <valueHelp> - <format>md5</format> - <description>Message Digest 5</description> - </valueHelp> - <valueHelp> - <format>sha</format> - <description>Secure Hash Algorithm</description> - </valueHelp> - <constraint> - <regex>^(md5|sha)$</regex> - </constraint> - </properties> - </leafNode> + #include <include/snmp/authentication-type.xml.i> </children> </node> + #include <include/port-number.xml.i> <leafNode name="port"> - <properties> - <help>Specifies TCP/UDP port of destination SNMP traps/informs (default: '162')</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Numeric IP port</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - <constraintErrorMessage>Port number must be in range 1 to 65535</constraintErrorMessage> - </properties> + <defaultValue>162</defaultValue> </leafNode> <node name="privacy"> <properties> @@ -402,54 +318,18 @@ <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> </leafNode> - <leafNode name="type"> - <properties> - <help>Defines the protocol for privacy (default: 'des')</help> - <completionHelp> - <list>des aes</list> - </completionHelp> - <valueHelp> - <format>des</format> - <description>Data Encryption Standard</description> - </valueHelp> - <valueHelp> - <format>aes</format> - <description>Advanced Encryption Standard</description> - </valueHelp> - <constraint> - <regex>^(des|aes)$</regex> - </constraint> - </properties> - </leafNode> + #include <include/snmp/privacy-type.xml.i> </children> </node> - <leafNode name="protocol"> - <properties> - <help>Defines protocol for notification between TCP and UDP</help> - <completionHelp> - <list>tcp udp</list> - </completionHelp> - <valueHelp> - <format>tcp</format> - <description>Use Transmission Control Protocol for notifications</description> - </valueHelp> - <valueHelp> - <format>udp</format> - <description>Use User Datagram Protocol for notifications</description> - </valueHelp> - <constraint> - <regex>^(tcp|udp)$</regex> - </constraint> - </properties> - </leafNode> + #include <include/snmp/protocol.xml.i> <leafNode name="type"> <properties> - <help>Specifies the type of notification between inform and trap (default: 'inform')</help> + <help>Specifies the type of notification between inform and trap</help> <completionHelp> <list>inform trap</list> </completionHelp> <valueHelp> - <format>inform</format> + <format>inform (default)</format> <description>Use INFORM</description> </valueHelp> <valueHelp> @@ -460,6 +340,7 @@ <regex>^(inform|trap)$</regex> </constraint> </properties> + <defaultValue>inform</defaultValue> </leafNode> <leafNode name="user"> <properties> @@ -503,25 +384,7 @@ <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> </leafNode> - <leafNode name="type"> - <properties> - <help>Defines the protocol used for authentication (default: 'md5')</help> - <completionHelp> - <list>md5 sha</list> - </completionHelp> - <valueHelp> - <format>md5</format> - <description>Message Digest 5</description> - </valueHelp> - <valueHelp> - <format>sha</format> - <description>Secure Hash Algorithm</description> - </valueHelp> - <constraint> - <regex>^(md5|sha)$</regex> - </constraint> - </properties> - </leafNode> + #include <include/snmp/authentication-type.xml.i> </children> </node> <leafNode name="group"> @@ -532,26 +395,7 @@ </completionHelp> </properties> </leafNode> - <leafNode name="mode"> - <properties> - <help>Define users access permission (default: 'ro')</help> - <completionHelp> - <list>ro rw</list> - </completionHelp> - <valueHelp> - <format>ro</format> - <description>read only</description> - </valueHelp> - <valueHelp> - <format>rw</format> - <description>read write</description> - </valueHelp> - <constraint> - <regex>^(ro|rw)$</regex> - </constraint> - <constraintErrorMessage>Authorization type must be either 'rw' or 'ro'</constraintErrorMessage> - </properties> - </leafNode> + #include <include/snmp/access-mode.xml.i> <node name="privacy"> <properties> <help>Defines the privacy</help> @@ -575,25 +419,7 @@ <constraintErrorMessage>Key must contain 8 or more characters</constraintErrorMessage> </properties> </leafNode> - <leafNode name="type"> - <properties> - <help>Defines the protocol for privacy (default: 'des')</help> - <completionHelp> - <list>des aes</list> - </completionHelp> - <valueHelp> - <format>des</format> - <description>Data Encryption Standard</description> - </valueHelp> - <valueHelp> - <format>aes</format> - <description>Advanced Encryption Standard</description> - </valueHelp> - <constraint> - <regex>^(des|aes)$</regex> - </constraint> - </properties> - </leafNode> + #include <include/snmp/privacy-type.xml.i> </children> </node> </children> diff --git a/interface-definitions/system-login-banner.xml.in b/interface-definitions/system-login-banner.xml.in index c4bb14bd6..bdd0ad96a 100644 --- a/interface-definitions/system-login-banner.xml.in +++ b/interface-definitions/system-login-banner.xml.in @@ -15,12 +15,12 @@ <children> <leafNode name="post-login"> <properties> - <help>System loging banner post-login</help> + <help>A system banner after the user logs in </help> </properties> </leafNode> <leafNode name="pre-login"> <properties> - <help>System loging banner pre-login</help> + <help>A system banner before the user logs in</help> </properties> </leafNode> </children> diff --git a/interface-definitions/system-logs.xml.in b/interface-definitions/system-logs.xml.in new file mode 100644 index 000000000..8b6c7c399 --- /dev/null +++ b/interface-definitions/system-logs.xml.in @@ -0,0 +1,92 @@ +<?xml version="1.0" encoding="UTF-8"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="logs" owner="${vyos_conf_scripts_dir}/system-logs.py"> + <properties> + <help>Logging options</help> + <priority>9999</priority> + </properties> + <children> + <node name="logrotate"> + <properties> + <help>Logrotate options</help> + </properties> + <children> + <node name="atop"> + <properties> + <help>Atop logs options (system resources usage)</help> + </properties> + <children> + <leafNode name="max-size"> + <properties> + <help>Size of a single log file that triggers rotation</help> + <valueHelp> + <format>u32:1-1024</format> + <description>Size in MB (default: 10)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1024" /> + </constraint> + <constraintErrorMessage>The size must be between 1 and 1024 MB</constraintErrorMessage> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + <leafNode name="rotate"> + <properties> + <help>Count of rotations before old logs will be deleted</help> + <valueHelp> + <format>u32:1-100</format> + <description>Rotations (default: 10)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-100" /> + </constraint> + <constraintErrorMessage>The count must be between 1 and 100</constraintErrorMessage> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + </children> + </node> + <node name="messages"> + <properties> + <help>The /var/log/messages file rotation</help> + </properties> + <children> + <leafNode name="max-size"> + <properties> + <help>Size of a single log file that triggers rotation</help> + <valueHelp> + <format>u32:1-1024</format> + <description>Size in MB (default: 1)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-1024" /> + </constraint> + <constraintErrorMessage>The size must be between 1 and 1024 MB</constraintErrorMessage> + </properties> + <defaultValue>1</defaultValue> + </leafNode> + <leafNode name="rotate"> + <properties> + <help>Count of rotations before old logs will be deleted</help> + <valueHelp> + <format>u32:1-100</format> + <description>Rotations (default: 10)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-100" /> + </constraint> + <constraintErrorMessage>The count must be between 1 and 100</constraintErrorMessage> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index e82249d44..0c2205410 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -13,13 +13,13 @@ <children> <leafNode name="disable-uniqreqids"> <properties> - <help>Option to disable requirement for unique IDs in the Security Database</help> + <help>Disable requirement for unique IDs in the Security Database</help> <valueless/> </properties> </leafNode> <tagNode name="esp-group"> <properties> - <help>Name of Encapsulating Security Payload (ESP) group</help> + <help>Encapsulated Security Payload (ESP) group name</help> </properties> <children> <leafNode name="compression"> @@ -47,7 +47,7 @@ <help>ESP lifetime</help> <valueHelp> <format>u32:30-86400</format> - <description>ESP lifetime in seconds (default 3600)</description> + <description>ESP lifetime in seconds (default: 3600)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 30-86400"/> @@ -83,7 +83,7 @@ </completionHelp> <valueHelp> <format>enable</format> - <description>Inherit Diffie-Hellman group from IKE group - default</description> + <description>Inherit Diffie-Hellman group from the IKE group (default)</description> </valueHelp> <valueHelp> <format>dh-group1</format> @@ -185,10 +185,10 @@ </leafNode> <tagNode name="proposal"> <properties> - <help>ESP-group proposal [REQUIRED]</help> + <help>ESP group proposal [REQUIRED]</help> <valueHelp> <format>u32:1-65535</format> - <description>ESP-group proposal number</description> + <description>ESP group proposal number</description> </valueHelp> </properties> <children> @@ -200,30 +200,30 @@ </tagNode> <tagNode name="ike-group"> <properties> - <help>Name of Internet Key Exchange (IKE) group</help> + <help>Internet Key Exchange (IKE) group name</help> </properties> <children> <leafNode name="close-action"> <properties> - <help>close-action_help</help> + <help>Action to take if a child SA is unexpectedly closed</help> <completionHelp> <list>none hold clear restart</list> </completionHelp> <valueHelp> <format>none</format> - <description>Set action to none (default)</description> + <description>Do nothing (default)</description> </valueHelp> <valueHelp> <format>hold</format> - <description>Set action to hold</description> + <description>Attempt to re-negotiate when matching traffic is seen</description> </valueHelp> <valueHelp> <format>clear</format> - <description>Set action to clear</description> + <description>Remove the connection immediately</description> </valueHelp> <valueHelp> <format>restart</format> - <description>Set action to restart</description> + <description>Attempt to re-negotiate the connection immediately</description> </valueHelp> <constraint> <regex>^(none|hold|clear|restart)$</regex> @@ -243,15 +243,15 @@ </completionHelp> <valueHelp> <format>hold</format> - <description>Set action to hold (default)</description> + <description>Attempt to re-negotiate the connection when matching traffic is seen (default)</description> </valueHelp> <valueHelp> <format>clear</format> - <description>Set action to clear</description> + <description>Remove the connection immediately</description> </valueHelp> <valueHelp> <format>restart</format> - <description>Set action to restart</description> + <description>Attempt to re-negotiate the connection immediately</description> </valueHelp> <constraint> <regex>^(hold|clear|restart)$</regex> @@ -263,7 +263,7 @@ <help>Keep-alive interval</help> <valueHelp> <format>u32:2-86400</format> - <description>Keep-alive interval in seconds (default 30)</description> + <description>Keep-alive interval in seconds (default: 30)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 2-86400"/> @@ -272,7 +272,7 @@ </leafNode> <leafNode name="timeout"> <properties> - <help>Dead-Peer-Detection keep-alive timeout (IKEv1 only)</help> + <help>Dead Peer Detection keep-alive timeout (IKEv1 only)</help> <valueHelp> <format>u32:2-86400</format> <description>Keep-alive timeout in seconds (default 120)</description> @@ -296,7 +296,7 @@ </valueHelp> <valueHelp> <format>no</format> - <description>Disable remote host re-authenticaton during an IKE rekey. (Default)</description> + <description>Disable remote host re-authenticaton during an IKE rekey. (default)</description> </valueHelp> <constraint> <regex>^(yes|no)$</regex> @@ -305,17 +305,17 @@ </leafNode> <leafNode name="key-exchange"> <properties> - <help>Key Exchange Version</help> + <help>IKE version</help> <completionHelp> <list>ikev1 ikev2</list> </completionHelp> <valueHelp> <format>ikev1</format> - <description>Use IKEv1 for Key Exchange [DEFAULT]</description> + <description>Use IKEv1 for key exchange [DEFAULT]</description> </valueHelp> <valueHelp> <format>ikev2</format> - <description>Use IKEv2 for Key Exchange</description> + <description>Use IKEv2 for key exchange</description> </valueHelp> <constraint> <regex>^(ikev1|ikev2)$</regex> @@ -327,7 +327,7 @@ <help>IKE lifetime</help> <valueHelp> <format>u32:30-86400</format> - <description>IKE lifetime in seconds (default 28800)</description> + <description>IKE lifetime in seconds (default: 28800)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 30-86400"/> @@ -337,7 +337,7 @@ </leafNode> <leafNode name="mobike"> <properties> - <help>Enable MOBIKE Support. MOBIKE is only available for IKEv2.</help> + <help>Enable MOBIKE Support (IKEv2 only)</help> <completionHelp> <list>enable disable</list> </completionHelp> @@ -356,17 +356,17 @@ </leafNode> <leafNode name="mode"> <properties> - <help>IKEv1 Phase 1 Mode Selection</help> + <help>IKEv1 phase 1 mode selection</help> <completionHelp> <list>main aggressive</list> </completionHelp> <valueHelp> <format>main</format> - <description>Use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default)</description> + <description>Use the main mode (recommended, default)</description> </valueHelp> <valueHelp> <format>aggressive</format> - <description>Use Aggressive mode for Key Exchanges in the IKEv1 protocol - We do not recommend users to use aggressive mode as it is much more insecure compared to Main mode.</description> + <description>Use the aggressive mode (insecure, not recommended)</description> </valueHelp> <constraint> <regex>^(main|aggressive)$</regex> @@ -375,10 +375,10 @@ </leafNode> <tagNode name="proposal"> <properties> - <help>proposal_help</help> + <help>IKE proposal</help> <valueHelp> <format>u32:1-65535</format> - <description>IKE-group proposal</description> + <description>IKE group proposal</description> </valueHelp> </properties> <children> @@ -490,12 +490,12 @@ </tagNode> <leafNode name="include-ipsec-conf"> <properties> - <help>Sets to include an additional configuration directive file for strongSwan. Use an absolute path to specify the included file</help> + <help>Absolute path to specify a strongSwan config include file</help> </properties> </leafNode> <leafNode name="include-ipsec-secrets"> <properties> - <help>Sets to include an additional secrets file for strongSwan. Use an absolute path to specify the included file.</help> + <help>Absolute path to a strongSwan secrets include file</help> </properties> </leafNode> #include <include/generic-interface-multi.xml.i> @@ -506,7 +506,7 @@ <children> <leafNode name="level"> <properties> - <help>strongSwan Logger Level</help> + <help>strongSwan logging Level</help> <valueHelp> <format>0</format> <description>Very basic auditing logs e.g. SA up/SA down (default)</description> @@ -527,7 +527,7 @@ </leafNode> <leafNode name="subsystem"> <properties> - <help>Subsystem in the daemon the log comes from</help> + <help>Subsystem logging levels</help> <completionHelp> <list>dmn mgr ike chd job cfg knl net asn enc lib esp tls tnc imc imv pts any</list> </completionHelp> @@ -626,7 +626,7 @@ </node> <tagNode name="profile"> <properties> - <help>VPN IPSec Profile</help> + <help>VPN IPSec profile</help> </properties> <children> #include <include/generic-disable-node.xml.i> @@ -643,7 +643,7 @@ </completionHelp> <valueHelp> <format>pre-shared-secret</format> - <description>Use pre shared secret key</description> + <description>Use a pre-shared secret key</description> </valueHelp> </properties> </leafNode> @@ -657,13 +657,13 @@ <children> <leafNode name="tunnel"> <properties> - <help>Tunnel interface associated with this configuration profile</help> + <help>Tunnel interface associated with this profile</help> <completionHelp> <path>interfaces tunnel</path> </completionHelp> <valueHelp> <format>txt</format> - <description>Associated interface to this configuration profile</description> + <description>Associated interface to this profile</description> </valueHelp> <multi/> </properties> @@ -699,15 +699,15 @@ </completionHelp> <valueHelp> <format>eap-tls</format> - <description>Client uses EAP-TLS authentication</description> + <description>Use EAP-TLS authentication</description> </valueHelp> <valueHelp> <format>eap-mschapv2</format> - <description>Client uses EAP-MSCHAPv2 authentication</description> + <description>Use EAP-MSCHAPv2 authentication</description> </valueHelp> <valueHelp> <format>eap-radius</format> - <description>Client uses EAP-RADIUS authentication</description> + <description>Use EAP-RADIUS authentication</description> </valueHelp> <constraint> <regex>^(eap-tls|eap-mschapv2|eap-radius)$</regex> @@ -724,11 +724,11 @@ </completionHelp> <valueHelp> <format>pre-shared-secret</format> - <description>Authentication pre-shared-secret</description> + <description>Use a pre-shared secret key</description> </valueHelp> <valueHelp> <format>x509</format> - <description>Authentication x509</description> + <description>Use x.509 certificate</description> </valueHelp> <constraint> <regex>^(pre-shared-secret|x509)$</regex> @@ -754,7 +754,7 @@ </valueHelp> <valueHelp> <format>u32:1-86400</format> - <description>Timeout in seconds (default 28800)</description> + <description>Timeout in seconds (default: 28800)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-86400"/> @@ -764,14 +764,14 @@ </leafNode> <leafNode name="pool"> <properties> - <help>Pool name used for IP address assignments</help> + <help>IP address pool</help> <completionHelp> <path>vpn ipsec remote-access pool</path> <list>dhcp radius</list> </completionHelp> <valueHelp> <format>txt</format> - <description>Name of predefined IP pool</description> + <description>Predefined IP pool name</description> </valueHelp> <valueHelp> <format>dhcp</format> @@ -786,17 +786,17 @@ </leafNode> <leafNode name="unique"> <properties> - <help>Connection uniqueness policy to enforce</help> + <help>Connection uniqueness enforcement policy</help> <completionHelp> <list>never keep replace</list> </completionHelp> <valueHelp> <format>never</format> - <description>Never enforce connection uniqueness policy</description> + <description>Never enforce connection uniqueness</description> </valueHelp> <valueHelp> <format>keep</format> - <description>Rejects new connection attempts if the same user already has an active connection</description> + <description>Reject new connection attempts if the same user already has an active connection</description> </valueHelp> <valueHelp> <format>replace</format> @@ -811,7 +811,7 @@ </tagNode> <node name="dhcp"> <properties> - <help>DHCP pool options for remote-access</help> + <help>DHCP pool options for remote access</help> </properties> <children> #include <include/generic-interface.xml.i> @@ -831,7 +831,7 @@ </node> <tagNode name="pool"> <properties> - <help>IP address pool for remote-access users</help> + <help>IP address pool for remote access users</help> </properties> <children> <leafNode name="exclude"> @@ -936,7 +936,7 @@ </valueHelp> <valueHelp> <format>x509</format> - <description>Use X.509 certificate</description> + <description>Use x.509 certificate</description> </valueHelp> <constraint> <regex>^(pre-shared-secret|rsa|x509)$</regex> @@ -992,17 +992,17 @@ #include <include/dhcp-interface.xml.i> <leafNode name="force-encapsulation"> <properties> - <help>Force UDP Encapsulation for ESP Payloads</help> + <help>Force UDP Encapsulation for ESP payloads</help> <completionHelp> <list>enable disable</list> </completionHelp> <valueHelp> <format>enable</format> - <description>This endpoint will force UDP encapsulation for this peer</description> + <description>Force UDP encapsulation</description> </valueHelp> <valueHelp> <format>disable</format> - <description>This endpoint will not force UDP encapsulation for this peer</description> + <description>Do not force UDP encapsulation</description> </valueHelp> <constraint> <regex>^(enable|disable)$</regex> @@ -1012,7 +1012,7 @@ #include <include/ipsec/ike-group.xml.i> <leafNode name="ikev2-reauth"> <properties> - <help>Re-authentication of the remote peer during an IKE re-key. IKEv2 option only</help> + <help>Re-authentication of the remote peer during an IKE re-key (IKEv2 only)</help> <completionHelp> <list>yes no inherit</list> </completionHelp> @@ -1026,7 +1026,7 @@ </valueHelp> <valueHelp> <format>inherit</format> - <description>Inherit the reauth configuration form your IKE-group (Default)</description> + <description>Inherit the reauth configuration form your IKE-group (default)</description> </valueHelp> <constraint> <regex>^(yes|no|inherit)$</regex> @@ -1047,9 +1047,21 @@ #include <include/ipsec/esp-group.xml.i> #include <include/ipsec/local-traffic-selector.xml.i> #include <include/ip-protocol.xml.i> + <leafNode name="priority"> + <properties> + <help>Priority for IPSec policy (lowest value more preferable)</help> + <valueHelp> + <format>u32:1-100</format> + <description>Priority for IPSec policy (lowest value more preferable)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-100"/> + </constraint> + </properties> + </leafNode> <node name="remote"> <properties> - <help>Remote parameters for interesting traffic</help> + <help>Match remote addresses</help> </properties> <children> #include <include/port-number.xml.i> |