diff options
Diffstat (limited to 'interface-definitions')
36 files changed, 294 insertions, 484 deletions
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in index 081f7ed42..8aaeeb29d 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/dhcp-server.xml.in @@ -284,11 +284,11 @@ </tagNode> <tagNode name="static-mapping"> <properties> - <help>Name of static mapping</help> + <help>Hostname for static mapping reservation</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + <validator name="fqdn"/> </constraint> - <constraintErrorMessage>Invalid static mapping name, may only be alphanumeric, dot and hyphen</constraintErrorMessage> + <constraintErrorMessage>Invalid static mapping hostname</constraintErrorMessage> </properties> <children> #include <include/generic-disable-node.xml.i> @@ -304,18 +304,8 @@ </constraint> </properties> </leafNode> - <leafNode name="mac-address"> - <properties> - <help>Media Access Control (MAC) address</help> - <valueHelp> - <format>macaddr</format> - <description>Hardware (MAC) address</description> - </valueHelp> - <constraint> - <validator name="mac-address"/> - </constraint> - </properties> - </leafNode> + #include <include/interface/mac.xml.i> + #include <include/interface/duid.xml.i> </children> </tagNode> <tagNode name="static-route"> diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in index b37f79434..10fdbf3f7 100644 --- a/interface-definitions/dhcpv6-server.xml.in +++ b/interface-definitions/dhcpv6-server.xml.in @@ -301,27 +301,16 @@ </leafNode> <tagNode name="static-mapping"> <properties> - <help>Name of static mapping</help> + <help>Hostname for static mapping reservation</help> <constraint> - <regex>[-_a-zA-Z0-9.]+</regex> + <validator name="fqdn"/> </constraint> - <constraintErrorMessage>Invalid static mapping name. May only contain letters, numbers and .-_</constraintErrorMessage> + <constraintErrorMessage>Invalid static mapping hostname</constraintErrorMessage> </properties> <children> #include <include/generic-disable-node.xml.i> - <leafNode name="identifier"> - <properties> - <help>Client identifier (DUID) for this static mapping</help> - <valueHelp> - <format>h[[:h]...]</format> - <description>DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id)</description> - </valueHelp> - <constraint> - <regex>([0-9A-Fa-f]{1,2}[:])*([0-9A-Fa-f]{1,2})</regex> - </constraint> - <constraintErrorMessage>Invalid DUID, must be in the format h[[:h]...]</constraintErrorMessage> - </properties> - </leafNode> + #include <include/interface/mac.xml.i> + #include <include/interface/duid.xml.i> <leafNode name="ipv6-address"> <properties> <help>Client IPv6 address for this static mapping</help> diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 70afdc995..a4023058f 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -368,7 +368,7 @@ </properties> <children> #include <include/generic-description.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> <leafNode name="default-action"> <properties> <help>Default-action for traffic coming into this zone</help> diff --git a/interface-definitions/include/firewall/bridge-custom-name.xml.i b/interface-definitions/include/firewall/bridge-custom-name.xml.i index a85fd5a19..654493c0e 100644 --- a/interface-definitions/include/firewall/bridge-custom-name.xml.i +++ b/interface-definitions/include/firewall/bridge-custom-name.xml.i @@ -8,7 +8,7 @@ </properties> <children> #include <include/firewall/default-action.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <leafNode name="default-jump-target"> <properties> @@ -36,4 +36,4 @@ </tagNode> </children> </tagNode> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/bridge-hook-forward.xml.i b/interface-definitions/include/firewall/bridge-hook-forward.xml.i index ff86bf466..99f66ec77 100644 --- a/interface-definitions/include/firewall/bridge-hook-forward.xml.i +++ b/interface-definitions/include/firewall/bridge-hook-forward.xml.i @@ -10,7 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -32,4 +32,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i index a27cae43b..6de770c79 100644 --- a/interface-definitions/include/firewall/common-rule-bridge.xml.i +++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i @@ -24,7 +24,7 @@ </properties> </leafNode> #include <include/firewall/log.xml.i> -#include <include/firewall/rule-log-options.xml.i> +#include <include/firewall/log-options.xml.i> <node name="source"> <properties> <help>Source parameters</help> @@ -36,4 +36,4 @@ #include <include/firewall/inbound-interface.xml.i> #include <include/firewall/outbound-interface.xml.i> #include <include/firewall/match-vlan.xml.i> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index aabefcb27..6f56ecc85 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -83,7 +83,7 @@ </children> </node> #include <include/firewall/log.xml.i> -#include <include/firewall/rule-log-options.xml.i> +#include <include/firewall/log-options.xml.i> <node name="connection-status"> <properties> <help>Connection status</help> diff --git a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i index e040c9b13..0d749aa27 100644 --- a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i @@ -144,7 +144,7 @@ </constraint> </properties> </leafNode> -#include <include/firewall/rule-log-options.xml.i> +#include <include/firewall/log-options.xml.i> <node name="connection-status"> <properties> <help>Connection status</help> diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i deleted file mode 100644 index c62bf2c5f..000000000 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ /dev/null @@ -1,387 +0,0 @@ -<!-- include start from firewall/common-rule.xml.i --> -#include <include/firewall/action.xml.i> -#include <include/generic-description.xml.i> -<node name="destination"> - <properties> - <help>Destination parameters</help> - </properties> - <children> - #include <include/firewall/mac-address.xml.i> - </children> -</node> -<leafNode name="disable"> - <properties> - <help>Option to disable firewall rule</help> - <valueless/> - </properties> -</leafNode> -<node name="fragment"> - <properties> - <help>IP fragment match</help> - </properties> - <children> - <leafNode name="match-frag"> - <properties> - <help>Second and further fragments of fragmented packets</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="match-non-frag"> - <properties> - <help>Head fragments or unfragmented packets</help> - <valueless/> - </properties> - </leafNode> - </children> -</node> -<node name="inbound-interface"> - <properties> - <help>Match inbound-interface</help> - </properties> - <children> - #include <include/firewall/match-interface.xml.i> - </children> -</node> -<node name="outbound-interface"> - <properties> - <help>Match outbound-interface</help> - </properties> - <children> - #include <include/firewall/match-interface.xml.i> - </children> -</node> -<node name="ipsec"> - <properties> - <help>Inbound IPsec packets</help> - </properties> - <children> - <leafNode name="match-ipsec"> - <properties> - <help>Inbound IPsec packets</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="match-none"> - <properties> - <help>Inbound non-IPsec packets</help> - <valueless/> - </properties> - </leafNode> - </children> -</node> -<node name="limit"> - <properties> - <help>Rate limit using a token bucket filter</help> - </properties> - <children> - <leafNode name="burst"> - <properties> - <help>Maximum number of packets to allow in excess of rate</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Maximum number of packets to allow in excess of rate</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-4294967295"/> - </constraint> - </properties> - </leafNode> - <leafNode name="rate"> - <properties> - <help>Maximum average matching rate</help> - <valueHelp> - <format>txt</format> - <description>integer/unit (Example: 5/minute)</description> - </valueHelp> - <constraint> - <regex>\d+/(second|minute|hour|day)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -<leafNode name="log"> - <properties> - <help>Option to log packets matching rule</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable log</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable log</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> -</leafNode> -#include <include/firewall/rule-log-options.xml.i> -<node name="connection-status"> - <properties> - <help>Connection status</help> - </properties> - <children> - <leafNode name="nat"> - <properties> - <help>NAT connection status</help> - <completionHelp> - <list>destination source</list> - </completionHelp> - <valueHelp> - <format>destination</format> - <description>Match connections that are subject to destination NAT</description> - </valueHelp> - <valueHelp> - <format>source</format> - <description>Match connections that are subject to source NAT</description> - </valueHelp> - <constraint> - <regex>^(destination|source)$</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -<leafNode name="protocol"> - <properties> - <help>Protocol to match (protocol name, number, or "all")</help> - <completionHelp> - <script>${vyos_completion_dir}/list_protocols.sh</script> - <list>all tcp_udp</list> - </completionHelp> - <valueHelp> - <format>all</format> - <description>All IP protocols</description> - </valueHelp> - <valueHelp> - <format>tcp_udp</format> - <description>Both TCP and UDP</description> - </valueHelp> - <valueHelp> - <format>u32:0-255</format> - <description>IP protocol number</description> - </valueHelp> - <valueHelp> - <format><protocol></format> - <description>IP protocol name</description> - </valueHelp> - <valueHelp> - <format>!<protocol></format> - <description>IP protocol name</description> - </valueHelp> - <constraint> - <validator name="ip-protocol"/> - </constraint> - </properties> -</leafNode> -<node name="recent"> - <properties> - <help>Parameters for matching recently seen sources</help> - </properties> - <children> - <leafNode name="count"> - <properties> - <help>Source addresses seen more than N times</help> - <valueHelp> - <format>u32:1-255</format> - <description>Source addresses seen more than N times</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-255"/> - </constraint> - </properties> - </leafNode> - <leafNode name="time"> - <properties> - <help>Source addresses seen in the last second/minute/hour</help> - <completionHelp> - <list>second minute hour</list> - </completionHelp> - <valueHelp> - <format>second</format> - <description>Source addresses seen COUNT times in the last second</description> - </valueHelp> - <valueHelp> - <format>minute</format> - <description>Source addresses seen COUNT times in the last minute</description> - </valueHelp> - <valueHelp> - <format>hour</format> - <description>Source addresses seen COUNT times in the last hour</description> - </valueHelp> - <constraint> - <regex>(second|minute|hour)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -<node name="source"> - <properties> - <help>Source parameters</help> - </properties> - <children> - #include <include/firewall/address.xml.i> - #include <include/firewall/source-destination-group.xml.i> - #include <include/firewall/mac-address.xml.i> - #include <include/firewall/port.xml.i> - </children> -</node> -<node name="state"> - <properties> - <help>Session state</help> - </properties> - <children> - <leafNode name="established"> - <properties> - <help>Established state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="invalid"> - <properties> - <help>Invalid state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="new"> - <properties> - <help>New state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="related"> - <properties> - <help>Related state</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> - </properties> - </leafNode> - </children> -</node> -#include <include/firewall/tcp-flags.xml.i> -#include <include/firewall/tcp-mss.xml.i> -<node name="time"> - <properties> - <help>Time to match rule</help> - </properties> - <children> - <leafNode name="startdate"> - <properties> - <help>Date to start matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter date using following notation - YYYY-MM-DD</description> - </valueHelp> - <constraint> - <regex>(\d{4}\-\d{2}\-\d{2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="starttime"> - <properties> - <help>Time of day to start matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter time using using 24 hour notation - hh:mm:ss</description> - </valueHelp> - <constraint> - <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="stopdate"> - <properties> - <help>Date to stop matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter date using following notation - YYYY-MM-DD</description> - </valueHelp> - <constraint> - <regex>(\d{4}\-\d{2}\-\d{2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="stoptime"> - <properties> - <help>Time of day to stop matching rule</help> - <valueHelp> - <format>txt</format> - <description>Enter time using using 24 hour notation - hh:mm:ss</description> - </valueHelp> - <constraint> - <regex>([0-2][0-9](\:[0-5][0-9]){1,2})</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="weekdays"> - <properties> - <help>Comma separated weekdays to match rule on</help> - <valueHelp> - <format>txt</format> - <description>Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday)</description> - </valueHelp> - <valueHelp> - <format>u32:0-6</format> - <description>Day number (0 = Sunday ... 6 = Saturday)</description> - </valueHelp> - </properties> - </leafNode> - </children> -</node> -<!-- include end --> diff --git a/interface-definitions/include/firewall/default-log.xml.i b/interface-definitions/include/firewall/default-log.xml.i new file mode 100644 index 000000000..dceacdb89 --- /dev/null +++ b/interface-definitions/include/firewall/default-log.xml.i @@ -0,0 +1,8 @@ +<!-- include start from firewall/default-log.xml.i --> +<leafNode name="default-log"> + <properties> + <help>Log packets hitting default-action</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/enable-default-log.xml.i b/interface-definitions/include/firewall/enable-default-log.xml.i deleted file mode 100644 index 0efd8341b..000000000 --- a/interface-definitions/include/firewall/enable-default-log.xml.i +++ /dev/null @@ -1,8 +0,0 @@ -<!-- include start from firewall/enable-default-log.xml.i --> -<leafNode name="enable-default-log"> - <properties> - <help>Log packets hitting default-action</help> - <valueless/> - </properties> -</leafNode> -<!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/ipv4-custom-name.xml.i b/interface-definitions/include/firewall/ipv4-custom-name.xml.i index c6420fe1f..8199d15fe 100644 --- a/interface-definitions/include/firewall/ipv4-custom-name.xml.i +++ b/interface-definitions/include/firewall/ipv4-custom-name.xml.i @@ -8,7 +8,7 @@ </properties> <children> #include <include/firewall/default-action.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <leafNode name="default-jump-target"> <properties> @@ -39,4 +39,4 @@ </tagNode> </children> </tagNode> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i index 100f1c3d9..de2c70482 100644 --- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i @@ -10,7 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -36,4 +36,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i index 22546640b..5d32657ea 100644 --- a/interface-definitions/include/firewall/ipv4-hook-input.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i @@ -10,7 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -33,4 +33,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i index 80c30cdeb..2b537ce5e 100644 --- a/interface-definitions/include/firewall/ipv4-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i @@ -10,7 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -33,4 +33,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-custom-name.xml.i b/interface-definitions/include/firewall/ipv6-custom-name.xml.i index 2cc45a60c..5748b3927 100644 --- a/interface-definitions/include/firewall/ipv6-custom-name.xml.i +++ b/interface-definitions/include/firewall/ipv6-custom-name.xml.i @@ -8,7 +8,7 @@ </properties> <children> #include <include/firewall/default-action.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <leafNode name="default-jump-target"> <properties> @@ -39,4 +39,4 @@ </tagNode> </children> </tagNode> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i index fb38267eb..b53f09f59 100644 --- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i @@ -10,7 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -36,4 +36,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i index 49d4493cc..493611fb1 100644 --- a/interface-definitions/include/firewall/ipv6-hook-input.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i @@ -10,7 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -33,4 +33,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i index 452b9027f..ffe1c72b8 100644 --- a/interface-definitions/include/firewall/ipv6-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i @@ -10,7 +10,7 @@ </properties> <children> #include <include/firewall/default-action-base-chains.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-description.xml.i> <tagNode name="rule"> <properties> @@ -33,4 +33,4 @@ </node> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/rule-log-options.xml.i b/interface-definitions/include/firewall/log-options.xml.i index e8b0cdec3..e8b0cdec3 100644 --- a/interface-definitions/include/firewall/rule-log-options.xml.i +++ b/interface-definitions/include/firewall/log-options.xml.i diff --git a/interface-definitions/include/firewall/log.xml.i b/interface-definitions/include/firewall/log.xml.i index 21b883e6a..21548f3fb 100644 --- a/interface-definitions/include/firewall/log.xml.i +++ b/interface-definitions/include/firewall/log.xml.i @@ -1,7 +1,7 @@ <!-- include start from firewall/log.xml.i --> <leafNode name="log"> <properties> - <help>Enable log</help> + <help>Log packets hitting this rule</help> <valueless/> </properties> </leafNode> diff --git a/interface-definitions/include/interface/dhcpv6-options.xml.i b/interface-definitions/include/interface/dhcpv6-options.xml.i index 5ca1d525f..68d1b172f 100644 --- a/interface-definitions/include/interface/dhcpv6-options.xml.i +++ b/interface-definitions/include/interface/dhcpv6-options.xml.i @@ -4,18 +4,7 @@ <help>DHCPv6 client settings/options</help> </properties> <children> - <leafNode name="duid"> - <properties> - <help>DHCP unique identifier (DUID) to be sent by dhcpv6 client</help> - <valueHelp> - <format>duid</format> - <description>DHCP unique identifier (DUID)</description> - </valueHelp> - <constraint> - <validator name="ipv6-duid"/> - </constraint> - </properties> - </leafNode> + #include <include/interface/duid.xml.i> <leafNode name="parameters-only"> <properties> <help>Acquire only config parameters, no address</help> diff --git a/interface-definitions/include/interface/duid.xml.i b/interface-definitions/include/interface/duid.xml.i new file mode 100644 index 000000000..8d808696e --- /dev/null +++ b/interface-definitions/include/interface/duid.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/duid.xml.i --> +<leafNode name="duid"> + <properties> + <help>DHCP unique identifier (DUID) to be sent by client</help> + <valueHelp> + <format>duid</format> + <description>DHCP unique identifier</description> + </valueHelp> + <constraint> + <regex>([0-9A-Fa-f]{2}:){0,127}([0-9A-Fa-f]{2})</regex> + </constraint> + <constraintErrorMessage>Invalid DUID, must be in the format h[[:h]...]</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/version/dhcp-server-version.xml.i b/interface-definitions/include/version/dhcp-server-version.xml.i index 7c4b5633e..cc84ea8b9 100644 --- a/interface-definitions/include/version/dhcp-server-version.xml.i +++ b/interface-definitions/include/version/dhcp-server-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/dhcp-server-version.xml.i --> -<syntaxVersion component='dhcp-server' version='7'></syntaxVersion> +<syntaxVersion component='dhcp-server' version='8'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/dhcpv6-server-version.xml.i b/interface-definitions/include/version/dhcpv6-server-version.xml.i index ae4178c90..cb026a54a 100644 --- a/interface-definitions/include/version/dhcpv6-server-version.xml.i +++ b/interface-definitions/include/version/dhcpv6-server-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/dhcpv6-server-version.xml.i --> -<syntaxVersion component='dhcpv6-server' version='2'></syntaxVersion> +<syntaxVersion component='dhcpv6-server' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index 299eebb00..6702ee041 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/firewall-version.xml.i --> -<syntaxVersion component='firewall' version='13'></syntaxVersion> +<syntaxVersion component='firewall' version='14'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/lldp-version.xml.i b/interface-definitions/include/version/lldp-version.xml.i index 0deb73279..b41d80451 100644 --- a/interface-definitions/include/version/lldp-version.xml.i +++ b/interface-definitions/include/version/lldp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/lldp-version.xml.i --> -<syntaxVersion component='lldp' version='1'></syntaxVersion> +<syntaxVersion component='lldp' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/nat66-version.xml.i b/interface-definitions/include/version/nat66-version.xml.i index 478ca080f..43a54c969 100644 --- a/interface-definitions/include/version/nat66-version.xml.i +++ b/interface-definitions/include/version/nat66-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat66-version.xml.i --> -<syntaxVersion component='nat66' version='2'></syntaxVersion> +<syntaxVersion component='nat66' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/policy-version.xml.i b/interface-definitions/include/version/policy-version.xml.i index 4fbe757f5..db727fea9 100644 --- a/interface-definitions/include/version/policy-version.xml.i +++ b/interface-definitions/include/version/policy-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/policy-version.xml.i --> -<syntaxVersion component='policy' version='7'></syntaxVersion> +<syntaxVersion component='policy' version='8'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/interfaces-virtual-ethernet.xml.in b/interface-definitions/interfaces-virtual-ethernet.xml.in index 5f205f354..0fc89efc0 100644 --- a/interface-definitions/interfaces-virtual-ethernet.xml.in +++ b/interface-definitions/interfaces-virtual-ethernet.xml.in @@ -9,7 +9,7 @@ <constraint> <regex>veth[0-9]+</regex> </constraint> - <constraintErrorMessage>Virutal Ethernet interface must be named vethN</constraintErrorMessage> + <constraintErrorMessage>Virtual Ethernet interface must be named vethN</constraintErrorMessage> <valueHelp> <format>vethN</format> <description>Virtual Ethernet interface name</description> diff --git a/interface-definitions/lldp.xml.in b/interface-definitions/lldp.xml.in index 738bb11c1..25fb575b6 100644 --- a/interface-definitions/lldp.xml.in +++ b/interface-definitions/lldp.xml.in @@ -175,19 +175,12 @@ <multi/> </properties> </leafNode> - <node name="snmp"> + <leafNode name="snmp"> <properties> - <help>SNMP parameters for LLDP</help> + <help>Enable SNMP queries of the LLDP database</help> + <valueless/> </properties> - <children> - <leafNode name="enable"> - <properties> - <help>Enable SNMP queries of the LLDP database</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> + </leafNode> </children> </node> </children> diff --git a/interface-definitions/nat64.xml.in b/interface-definitions/nat64.xml.in index baf13e6cb..dfdd295d2 100644 --- a/interface-definitions/nat64.xml.in +++ b/interface-definitions/nat64.xml.in @@ -26,6 +26,25 @@ <children> #include <include/generic-description.xml.i> #include <include/generic-disable-node.xml.i> + <node name="match"> + <properties> + <help>Match</help> + </properties> + <children> + <leafNode name="mark"> + <properties> + <help>Match fwmark value</help> + <valueHelp> + <format>u32:1-2147483647</format> + <description>Fwmark value to match against</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2147483647"/> + </constraint> + </properties> + </leafNode> + </children> + </node> <node name="source"> <properties> <help>IPv6 source prefix options</help> diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in index d4ec75786..92e7a0cb4 100644 --- a/interface-definitions/policy-route.xml.in +++ b/interface-definitions/policy-route.xml.in @@ -12,7 +12,7 @@ </properties> <children> #include <include/generic-description.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-interface-multi-wildcard.xml.i> <tagNode name="rule"> <properties> @@ -67,7 +67,7 @@ </properties> <children> #include <include/generic-description.xml.i> - #include <include/firewall/enable-default-log.xml.i> + #include <include/firewall/default-log.xml.i> #include <include/generic-interface-multi-wildcard.xml.i> <tagNode name="rule"> <properties> diff --git a/interface-definitions/protocols-segment-routing.xml.in b/interface-definitions/protocols-segment-routing.xml.in index d461e9c5d..4308f0c91 100644 --- a/interface-definitions/protocols-segment-routing.xml.in +++ b/interface-definitions/protocols-segment-routing.xml.in @@ -8,6 +8,54 @@ <priority>900</priority> </properties> <children> + <tagNode name="interface"> + <properties> + <help>Interface specific Segment Routing options</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <node name="srv6"> + <properties> + <help>Accept SR-enabled IPv6 packets on this interface</help> + </properties> + <children> + <leafNode name="hmac"> + <properties> + <help>Define HMAC policy for ingress SR-enabled packets on this interface</help> + <completionHelp> + <list>accept drop ignore</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept packets without HMAC, validate packets with HMAC</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Drop packets without HMAC, validate packets with HMAC</description> + </valueHelp> + <valueHelp> + <format>ignore</format> + <description>Ignore HMAC field.</description> + </valueHelp> + <constraint> + <regex>(accept|drop|ignore)</regex> + </constraint> + </properties> + <defaultValue>accept</defaultValue> + </leafNode> + </children> + </node> + </children> + </tagNode> <node name="srv6"> <properties> <help>Segment-Routing SRv6 configuration</help> diff --git a/interface-definitions/service_ndp-proxy.xml.in b/interface-definitions/service_ndp-proxy.xml.in new file mode 100644 index 000000000..9801c99ab --- /dev/null +++ b/interface-definitions/service_ndp-proxy.xml.in @@ -0,0 +1,132 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="ndp-proxy" owner="${vyos_conf_scripts_dir}/service_ndp-proxy.py"> + <properties> + <help>Neighbor Discovery Protocol (NDP) Proxy</help> + </properties> + <children> + <leafNode name="route-refresh"> + <properties> + <help>Refresh interval for IPv6 routes</help> + <valueHelp> + <format>u32:10000-120000</format> + <description>Time in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10000-120000"/> + </constraint> + <constraintErrorMessage>Route-refresh must be between 10000 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>30000</defaultValue> + </leafNode> + <tagNode name="interface"> + <properties> + <help>NDP proxy listener interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="enable-router-bit"> + <properties> + <help>Enable router bit in Neighbor Advertisement messages</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="timeout"> + <properties> + <help>Timeout for Neighbor Advertisement after Neighbor Solicitation message</help> + <valueHelp> + <format>u32:500-120000</format> + <description>Timeout in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 500-120000"/> + </constraint> + <constraintErrorMessage>Timeout must be between 500 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>500</defaultValue> + </leafNode> + <leafNode name="ttl"> + <properties> + <help>Proxy entry cache Time-To-Live</help> + <valueHelp> + <format>u32:10000-120000</format> + <description>Time in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10000-120000"/> + </constraint> + <constraintErrorMessage>TTL must be between 10000 and 120000 milliseconds</constraintErrorMessage> + </properties> + <defaultValue>30000</defaultValue> + </leafNode> + <tagNode name="prefix"> + <properties> + <help>Prefix target addresses are matched against</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 network prefix</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="mode"> + <properties> + <help>Specify the running mode of the rule</help> + <completionHelp> + <list>static auto interface</list> + </completionHelp> + <valueHelp> + <format>static</format> + <description>Immediately answer any Neighbor Solicitation Messages</description> + </valueHelp> + <valueHelp> + <format>auto</format> + <description>Check for a matching route in /proc/net/ipv6_route</description> + </valueHelp> + <valueHelp> + <format>interface</format> + <description>Forward Neighbor Solicitation message through specified interface</description> + </valueHelp> + <constraint> + <regex>(static|auto|interface)</regex> + </constraint> + <constraintErrorMessage>Mode must be either one of: static, auto or interface</constraintErrorMessage> + </properties> + <defaultValue>static</defaultValue> + </leafNode> + <leafNode name="interface"> + <properties> + <help>Interface to forward Neighbor Solicitation message through. Required for "iface" mode</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn-pptp.xml.in index 96f87f3e2..7bb8db798 100644 --- a/interface-definitions/vpn-pptp.xml.in +++ b/interface-definitions/vpn-pptp.xml.in @@ -15,6 +15,9 @@ <children> #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> + <leafNode name="mtu"> + <defaultValue>1436</defaultValue> + </leafNode> <leafNode name="outside-address"> <properties> <help>External IP address to which VPN clients will connect</help> @@ -35,6 +38,9 @@ <leafNode name="require"> <properties> <help>Authentication protocol for remote access peer PPTP VPN</help> + <completionHelp> + <list>pap chap mschap mschap-v2</list> + </completionHelp> <valueHelp> <format>pap</format> <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description> @@ -51,7 +57,11 @@ <format>mschap-v2</format> <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description> </valueHelp> + <constraint> + <regex>(pap|chap|mschap|mschap-v2)</regex> + </constraint> </properties> + <defaultValue>mschap-v2</defaultValue> </leafNode> <leafNode name="mppe"> <properties> @@ -75,6 +85,7 @@ <list>deny prefer require</list> </completionHelp> </properties> + <defaultValue>prefer</defaultValue> </leafNode> #include <include/accel-ppp/auth-mode.xml.i> <node name="local-users"> @@ -97,6 +108,7 @@ <properties> <help>Static client IP address</help> </properties> + <defaultValue>*</defaultValue> </leafNode> </children> </tagNode> @@ -109,6 +121,16 @@ </node> #include <include/radius-auth-server-ipv4.xml.i> #include <include/accel-ppp/radius-additions.xml.i> + <node name="radius"> + <children> + <leafNode name="timeout"> + <defaultValue>30</defaultValue> + </leafNode> + <leafNode name="acct-timeout"> + <defaultValue>30</defaultValue> + </leafNode> + </children> + </node> </children> </node> #include <include/accel-ppp/default-pool.xml.i> |