diff options
Diffstat (limited to 'interface-definitions')
33 files changed, 584 insertions, 149 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index 434bf7528..f20fd7690 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -532,6 +532,30 @@ </leafNode> </children> </tagNode> + <leafNode name="log-driver"> + <properties> + <help>Configure container log driver</help> + <completionHelp> + <list>k8s-file journald none</list> + </completionHelp> + <valueHelp> + <format>k8s-file</format> + <description>Logs to plain-text file</description> + </valueHelp> + <valueHelp> + <format>journald</format> + <description>Logs to systemd's journal</description> + </valueHelp> + <valueHelp> + <format>none</format> + <description>Disable logging for the container</description> + </valueHelp> + <constraint> + <regex>(k8s-file|journald|none)</regex> + </constraint> + </properties> + <defaultValue>journald</defaultValue> + </leafNode> </children> </tagNode> <tagNode name="network"> @@ -627,25 +651,6 @@ </node> </children> </tagNode> - <leafNode name="log-driver"> - <properties> - <help>Configure container log driver</help> - <completionHelp> - <list>k8s-file journald</list> - </completionHelp> - <valueHelp> - <format>k8s-file</format> - <description>Logs to plain-text json file</description> - </valueHelp> - <valueHelp> - <format>journald</format> - <description>Logs to systemd's journal</description> - </valueHelp> - <constraint> - <regex>(k8s-file|journald)</regex> - </constraint> - </properties> - </leafNode> </children> </node> </interfaceDefinition> diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i index 5222ba864..b6c88c6e8 100644 --- a/interface-definitions/include/accel-ppp/radius-additions.xml.i +++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i @@ -133,17 +133,8 @@ </valueHelp> </properties> </leafNode> + #include <include/port-number.xml.i> <leafNode name="port"> - <properties> - <help>Port for Dynamic Authorization Extension server (DM/CoA)</help> - <valueHelp> - <format>u32:1-65535</format> - <description>TCP port</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> <defaultValue>1700</defaultValue> </leafNode> <leafNode name="key"> diff --git a/interface-definitions/include/accel-ppp/thread-count.xml.i b/interface-definitions/include/accel-ppp/thread-count.xml.i new file mode 100644 index 000000000..84d9224d0 --- /dev/null +++ b/interface-definitions/include/accel-ppp/thread-count.xml.i @@ -0,0 +1,27 @@ +<!-- include start from accel-ppp/thread-count.xml.i --> +<leafNode name="thread-count"> + <properties> + <help>Number of working threads</help> + <completionHelp> + <list>all half</list> + </completionHelp> + <valueHelp> + <format>all</format> + <description>Use all available CPU cores</description> + </valueHelp> + <valueHelp> + <format>half</format> + <description>Use half of available CPU cores</description> + </valueHelp> + <valueHelp> + <format>u32:1-512</format> + <description>Thread count</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-512"/> + <regex>(all|half)</regex> + </constraint> + </properties> + <defaultValue>all</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index 31c8cafea..ab016884e 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -1596,6 +1596,12 @@ <valueless/> </properties> </leafNode> + <leafNode name="no-ipv6-auto-ra"> + <properties> + <help>Disable IPv6 automatic router advertisement</help> + <valueless/> + </properties> + </leafNode> <leafNode name="no-suppress-duplicates"> <properties> <help>Disable suppress duplicate updates if the route actually not changed</help> diff --git a/interface-definitions/include/firewall/geoip.xml.i b/interface-definitions/include/firewall/geoip.xml.i index 9fb37a574..b8f2cbc45 100644 --- a/interface-definitions/include/firewall/geoip.xml.i +++ b/interface-definitions/include/firewall/geoip.xml.i @@ -12,7 +12,7 @@ <description>Country code (2 characters)</description> </valueHelp> <constraint> - <regex>^(ad|ae|af|ag|ai|al|am|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bl|bm|bn|bo|bq|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cw|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mf|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|ss|st|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tr|tt|tv|tw|tz|ua|ug|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|za|zm|zw)$</regex> + <regex>(ad|ae|af|ag|ai|al|am|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bl|bm|bn|bo|bq|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cw|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mf|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|ss|st|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tr|tt|tv|tw|tz|ua|ug|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|za|zm|zw)</regex> </constraint> <multi /> </properties> diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i index 7393ff5c9..e19f3a7c5 100644 --- a/interface-definitions/include/firewall/global-options.xml.i +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -49,12 +49,53 @@ <help>Apply configured firewall rules to traffic switched by bridges</help> </properties> <children> - <leafNode name="invalid-connections"> + <node name="accept-invalid"> <properties> - <help>Accept ARP, DHCP and PPPoE despite they are marked as invalid connection</help> - <valueless/> + <help>Accept connections despite they are marked as invalid</help> </properties> - </leafNode> + <children> + <leafNode name="ethernet-type"> + <properties> + <help>Ethernet type</help> + <completionHelp> + <list>arp dhcp pppoe 802.1q 802.1ad pppoe-discovery wol</list> + </completionHelp> + <valueHelp> + <format>arp</format> + <description>Adress Resolution Protocol (ARP)</description> + </valueHelp> + <valueHelp> + <format>dhcp</format> + <description>Dynamic Host Configuration Protocol (DHCP)</description> + </valueHelp> + <valueHelp> + <format>pppoe</format> + <description>Point to Point over Ethernet (PPPoE) Session</description> + </valueHelp> + <valueHelp> + <format>pppoe-discovery</format> + <description>PPPoE Discovery</description> + </valueHelp> + <valueHelp> + <format>802.1q</format> + <description>Customer VLAN tag type (802.1Q)</description> + </valueHelp> + <valueHelp> + <format>802.1ad</format> + <description>Service VLAN tag type (802.1ad)</description> + </valueHelp> + <valueHelp> + <format>wol</format> + <description>Wake-on-LAN magic packet</description> + </valueHelp> + <constraint> + <regex>(arp|dhcp|pppoe|pppoe-discovery|802.1q|802.1ad|wol)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <leafNode name="ipv4"> <properties> <help>Apply configured IPv4 firewall rules</help> diff --git a/interface-definitions/include/haproxy/logging.xml.i b/interface-definitions/include/haproxy/logging.xml.i index e0af54fa4..315c959bf 100644 --- a/interface-definitions/include/haproxy/logging.xml.i +++ b/interface-definitions/include/haproxy/logging.xml.i @@ -4,7 +4,137 @@ <help>Logging parameters</help> </properties> <children> - #include <include/syslog-facility.xml.i> + <tagNode name="facility"> + <properties> + <help>Facility for logging</help> + <completionHelp> + <list>auth cron daemon kern lpr mail news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7</list> + </completionHelp> + <constraint> + <regex>(auth|cron|daemon|kern|lpr|mail|news|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> + <valueHelp> + <format>auth</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>cron</format> + <description>Cron daemon</description> + </valueHelp> + <valueHelp> + <format>daemon</format> + <description>System daemons</description> + </valueHelp> + <valueHelp> + <format>kern</format> + <description>Kernel</description> + </valueHelp> + <valueHelp> + <format>lpr</format> + <description>Line printer spooler</description> + </valueHelp> + <valueHelp> + <format>mail</format> + <description>Mail subsystem</description> + </valueHelp> + <valueHelp> + <format>news</format> + <description>USENET subsystem</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>user</format> + <description>Application processes</description> + </valueHelp> + <valueHelp> + <format>uucp</format> + <description>UUCP subsystem</description> + </valueHelp> + <valueHelp> + <format>local0</format> + <description>Local facility 0</description> + </valueHelp> + <valueHelp> + <format>local1</format> + <description>Local facility 1</description> + </valueHelp> + <valueHelp> + <format>local2</format> + <description>Local facility 2</description> + </valueHelp> + <valueHelp> + <format>local3</format> + <description>Local facility 3</description> + </valueHelp> + <valueHelp> + <format>local4</format> + <description>Local facility 4</description> + </valueHelp> + <valueHelp> + <format>local5</format> + <description>Local facility 5</description> + </valueHelp> + <valueHelp> + <format>local6</format> + <description>Local facility 6</description> + </valueHelp> + <valueHelp> + <format>local7</format> + <description>Local facility 7</description> + </valueHelp> + </properties> + <children> + <leafNode name="level"> + <properties> + <help>Logging level</help> + <completionHelp> + <list>emerg alert crit err warning notice info debug</list> + </completionHelp> + <valueHelp> + <format>emerg</format> + <description>Emergency messages</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Urgent messages</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical messages</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error messages</description> + </valueHelp> + <valueHelp> + <format>warning</format> + <description>Warning messages</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Messages for further investigation</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Informational messages</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug messages</description> + </valueHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> + </properties> + <defaultValue>err</defaultValue> + </leafNode> + </children> + </tagNode> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/haproxy/rule-backend.xml.i b/interface-definitions/include/haproxy/rule-backend.xml.i index 1df9d5dcf..5faf09a96 100644 --- a/interface-definitions/include/haproxy/rule-backend.xml.i +++ b/interface-definitions/include/haproxy/rule-backend.xml.i @@ -38,7 +38,7 @@ <description>Set URL location</description> </valueHelp> <constraint> - <regex>^\/[\w\-.\/]+$</regex> + <regex>\/[\w\-.\/]+</regex> </constraint> <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> </properties> @@ -90,7 +90,7 @@ <description>Begin URL</description> </valueHelp> <constraint> - <regex>^\/[\w\-.\/]+$</regex> + <regex>\/[\w\-.\/]+</regex> </constraint> <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> <multi/> @@ -104,7 +104,7 @@ <description>End URL</description> </valueHelp> <constraint> - <regex>^\/[\w\-.\/]+$</regex> + <regex>\/[\w\-.\/]+</regex> </constraint> <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> <multi/> @@ -118,7 +118,7 @@ <description>Exactly URL</description> </valueHelp> <constraint> - <regex>^\/[\w\-.\/]*$</regex> + <regex>\/[\w\-.\/]*</regex> </constraint> <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> <multi/> diff --git a/interface-definitions/include/haproxy/rule-frontend.xml.i b/interface-definitions/include/haproxy/rule-frontend.xml.i index eabdd8632..d2e7a38c3 100644 --- a/interface-definitions/include/haproxy/rule-frontend.xml.i +++ b/interface-definitions/include/haproxy/rule-frontend.xml.i @@ -32,15 +32,15 @@ <children> <leafNode name="redirect-location"> <properties> - <help>Set URL location</help> + <help>Set path location</help> <valueHelp> <format>url</format> - <description>Set URL location</description> + <description>Set path location</description> </valueHelp> <constraint> - <regex>^\/[\w\-.\/]+$</regex> + <regex>\/[\w\-.\/]+</regex> </constraint> - <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <constraintErrorMessage>Incorrect path format</constraintErrorMessage> </properties> </leafNode> <leafNode name="backend"> @@ -93,7 +93,7 @@ <description>Begin URL</description> </valueHelp> <constraint> - <regex>^\/[\w\-.\/]+$</regex> + <regex>\/[\w\-.\/]+</regex> </constraint> <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> <multi/> @@ -107,7 +107,7 @@ <description>End URL</description> </valueHelp> <constraint> - <regex>^\/[\w\-.\/]+$</regex> + <regex>\/[\w\-.\/]+</regex> </constraint> <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> <multi/> @@ -121,7 +121,7 @@ <description>Exactly URL</description> </valueHelp> <constraint> - <regex>^\/[\w\-.\/]+$</regex> + <regex>\/[\w\-.\/]+</regex> </constraint> <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> <multi/> diff --git a/interface-definitions/include/rpki/protocol-common-config.xml.i b/interface-definitions/include/rpki/protocol-common-config.xml.i new file mode 100644 index 000000000..0b3356604 --- /dev/null +++ b/interface-definitions/include/rpki/protocol-common-config.xml.i @@ -0,0 +1,87 @@ +<!-- include start from rpki/protocol-common-config.xml.i --> +<tagNode name="cache"> + <properties> + <help>RPKI cache server address</help> + <valueHelp> + <format>ipv4</format> + <description>IP address of RPKI server</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of RPKI server</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Fully qualified domain name of RPKI server</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="fqdn"/> + </constraint> + </properties> + <children> + #include <include/port-number.xml.i> + <leafNode name="preference"> + <properties> + <help>Preference of the cache server</help> + <valueHelp> + <format>u32:1-255</format> + <description>Preference of the cache server</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + #include <include/source-address-ipv4.xml.i> + <node name="ssh"> + <properties> + <help>RPKI SSH connection settings</help> + </properties> + <children> + #include <include/pki/openssh-key.xml.i> + #include <include/generic-username.xml.i> + </children> + </node> + </children> +</tagNode> +<leafNode name="expire-interval"> + <properties> + <help>Interval to wait before expiring the cache</help> + <valueHelp> + <format>u32:600-172800</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 600-172800"/> + </constraint> + </properties> + <defaultValue>7200</defaultValue> +</leafNode> +<leafNode name="polling-period"> + <properties> + <help>Cache polling interval</help> + <valueHelp> + <format>u32:1-86400</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-86400"/> + </constraint> + </properties> + <defaultValue>300</defaultValue> +</leafNode> +<leafNode name="retry-interval"> + <properties> + <help>Retry interval to connect to the cache server</help> + <valueHelp> + <format>u32:1-7200</format> + <description>Interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-7200"/> + </constraint> + </properties> + <defaultValue>600</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/version/conntrack-version.xml.i b/interface-definitions/include/version/conntrack-version.xml.i index 6995ce119..517424034 100644 --- a/interface-definitions/include/version/conntrack-version.xml.i +++ b/interface-definitions/include/version/conntrack-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/conntrack-version.xml.i --> -<syntaxVersion component='conntrack' version='5'></syntaxVersion> +<syntaxVersion component='conntrack' version='6'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/container-version.xml.i b/interface-definitions/include/version/container-version.xml.i index ed6e942cd..046bacfdc 100644 --- a/interface-definitions/include/version/container-version.xml.i +++ b/interface-definitions/include/version/container-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/container-version.xml.i --> -<syntaxVersion component='container' version='2'></syntaxVersion> +<syntaxVersion component='container' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index 1a8098297..1f3b779d5 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/firewall-version.xml.i --> -<syntaxVersion component='firewall' version='18'></syntaxVersion> +<syntaxVersion component='firewall' version='19'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/reverseproxy-version.xml.i b/interface-definitions/include/version/reverseproxy-version.xml.i index 4f09f2848..71f7def1a 100644 --- a/interface-definitions/include/version/reverseproxy-version.xml.i +++ b/interface-definitions/include/version/reverseproxy-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/reverseproxy-version.xml.i --> -<syntaxVersion component='reverse-proxy' version='2'></syntaxVersion> +<syntaxVersion component='reverse-proxy' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/interfaces_bonding.xml.in b/interface-definitions/interfaces_bonding.xml.in index cdacae2d0..9945fc15d 100644 --- a/interface-definitions/interfaces_bonding.xml.in +++ b/interface-definitions/interfaces_bonding.xml.in @@ -240,7 +240,7 @@ <description>Distribute based on MAC address</description> </valueHelp> <constraint> - <regex>(802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash)</regex> + <regex>(802\.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash)</regex> </constraint> <constraintErrorMessage>mode must be 802.3ad, active-backup, broadcast, round-robin, transmit-load-balance, adaptive-load-balance, or xor</constraintErrorMessage> </properties> diff --git a/interface-definitions/interfaces_bridge.xml.in b/interface-definitions/interfaces_bridge.xml.in index 667ae3b19..b360f34f1 100644 --- a/interface-definitions/interfaces_bridge.xml.in +++ b/interface-definitions/interfaces_bridge.xml.in @@ -201,6 +201,18 @@ <valueless/> </properties> </leafNode> + <leafNode name="bpdu-guard"> + <properties> + <help>Enable BPDU Guard</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="root-guard"> + <properties> + <help>Enable Root Guard</help> + <valueless/> + </properties> + </leafNode> </children> </tagNode> </children> diff --git a/interface-definitions/load-balancing_haproxy.xml.in b/interface-definitions/load-balancing_haproxy.xml.in index f0f64e75a..61ff8bc81 100644 --- a/interface-definitions/load-balancing_haproxy.xml.in +++ b/interface-definitions/load-balancing_haproxy.xml.in @@ -159,7 +159,7 @@ <properties> <help>URI used for HTTP health check (Example: '/' or '/health')</help> <constraint> - <regex>^\/([^?#\s]*)(\?[^#\s]*)?$</regex> + <regex>\/([^?#\s]*)(\?[^#\s]*)?</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in index c59725c53..2c1babd5a 100644 --- a/interface-definitions/nat66.xml.in +++ b/interface-definitions/nat66.xml.in @@ -53,6 +53,7 @@ </properties> </leafNode> #include <include/nat-port.xml.i> + #include <include/firewall/source-destination-group-ipv6.xml.i> </children> </node> <node name="source"> diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index 25dbf5581..31e01c68c 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -1519,7 +1519,7 @@ <constraint> <validator name="numeric" argument="--relative --"/> <validator name="numeric" argument="--range 0-4294967295"/> - <regex>^[+|-]?rtt$</regex> + <regex>[+|-]?rtt</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/protocols_rpki.xml.in b/interface-definitions/protocols_rpki.xml.in index 9e2e84717..a298cdbfd 100644 --- a/interface-definitions/protocols_rpki.xml.in +++ b/interface-definitions/protocols_rpki.xml.in @@ -8,91 +8,7 @@ <priority>819</priority> </properties> <children> - <tagNode name="cache"> - <properties> - <help>RPKI cache server address</help> - <valueHelp> - <format>ipv4</format> - <description>IP address of RPKI server</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address of RPKI server</description> - </valueHelp> - <valueHelp> - <format>hostname</format> - <description>Fully qualified domain name of RPKI server</description> - </valueHelp> - <constraint> - <validator name="ip-address"/> - <validator name="fqdn"/> - </constraint> - </properties> - <children> - #include <include/port-number.xml.i> - <leafNode name="preference"> - <properties> - <help>Preference of the cache server</help> - <valueHelp> - <format>u32:1-255</format> - <description>Preference of the cache server</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-255"/> - </constraint> - </properties> - </leafNode> - #include <include/source-address-ipv4.xml.i> - <node name="ssh"> - <properties> - <help>RPKI SSH connection settings</help> - </properties> - <children> - #include <include/pki/openssh-key.xml.i> - #include <include/generic-username.xml.i> - </children> - </node> - </children> - </tagNode> - <leafNode name="expire-interval"> - <properties> - <help>Interval to wait before expiring the cache</help> - <valueHelp> - <format>u32:600-172800</format> - <description>Interval in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 600-172800"/> - </constraint> - </properties> - <defaultValue>7200</defaultValue> - </leafNode> - <leafNode name="polling-period"> - <properties> - <help>Cache polling interval</help> - <valueHelp> - <format>u32:1-86400</format> - <description>Interval in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-86400"/> - </constraint> - </properties> - <defaultValue>300</defaultValue> - </leafNode> - <leafNode name="retry-interval"> - <properties> - <help>Retry interval to connect to the cache server</help> - <valueHelp> - <format>u32:1-7200</format> - <description>Interval in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-7200"/> - </constraint> - </properties> - <defaultValue>600</defaultValue> - </leafNode> + #include <include/rpki/protocol-common-config.xml.i> </children> </node> </children> diff --git a/interface-definitions/qos.xml.in b/interface-definitions/qos.xml.in index c6ecb742e..aad1de629 100644 --- a/interface-definitions/qos.xml.in +++ b/interface-definitions/qos.xml.in @@ -135,6 +135,25 @@ <valueless/> </properties> </leafNode> + <leafNode name="no-split-gso"> + <properties> + <help>Do not split GSO super-packets into on-the-wire components</help> + <valueless/> + </properties> + </leafNode> + <node name="ack-filter"> + <properties> + <help>Identify and filter out TCP ACK packets that do not convey significant new information</help> + </properties> + <children> + <leafNode name="aggressive"> + <properties> + <help>Enable aggressive mode which will result in more ACK packets being compresses/filtered</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> <leafNode name="rtt"> <properties> <help>Round-Trip-Time for Active Queue Management (AQM)</help> diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in index fe9d32bbd..3093151ea 100644 --- a/interface-definitions/service_ipoe-server.xml.in +++ b/interface-definitions/service_ipoe-server.xml.in @@ -237,6 +237,7 @@ #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/shaper.xml.i> #include <include/accel-ppp/snmp.xml.i> + #include <include/accel-ppp/thread-count.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> #include <include/accel-ppp/log.xml.i> diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 32215e9d2..81a4a95e3 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -175,6 +175,7 @@ </node> #include <include/accel-ppp/shaper.xml.i> #include <include/accel-ppp/snmp.xml.i> + #include <include/accel-ppp/thread-count.xml.i> #include <include/accel-ppp/wins-server.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> diff --git a/interface-definitions/service_snmp.xml.in b/interface-definitions/service_snmp.xml.in index cc21f5b8b..bdc9f88fe 100644 --- a/interface-definitions/service_snmp.xml.in +++ b/interface-definitions/service_snmp.xml.in @@ -13,7 +13,7 @@ <properties> <help>Community name</help> <constraint> - <regex>[[:alnum:]-_!@*#]{1,100}</regex> + <regex>[[:alnum:]\-_!@*#]{1,100}</regex> </constraint> <constraintErrorMessage>Community string is limited to alphanumerical characters, -, _, !, @, *, and # with a total lenght of 100</constraintErrorMessage> </properties> diff --git a/interface-definitions/service_ssh.xml.in b/interface-definitions/service_ssh.xml.in index 14d358c78..c659a7db7 100644 --- a/interface-definitions/service_ssh.xml.in +++ b/interface-definitions/service_ssh.xml.in @@ -275,14 +275,18 @@ </constraint> </properties> </leafNode> - <node name="trusted-user-ca-key"> + <leafNode name="trusted-user-ca"> <properties> - <help>Trusted user CA key</help> + <help>OpenSSH trusted user CA</help> + <completionHelp> + <path>pki openssh</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>OpenSSH certificate name from PKI subsystem</description> + </valueHelp> </properties> - <children> - #include <include/pki/ca-certificate.xml.i> - </children> - </node> + </leafNode> #include <include/vrf-multi.xml.i> </children> </node> diff --git a/interface-definitions/system_conntrack.xml.in b/interface-definitions/system_conntrack.xml.in index 54610b625..92c4d24cf 100644 --- a/interface-definitions/system_conntrack.xml.in +++ b/interface-definitions/system_conntrack.xml.in @@ -32,14 +32,14 @@ <properties> <help>Hash size for connection tracking table</help> <valueHelp> - <format>u32:1-50000000</format> + <format>u32:1024-50000000</format> <description>Size of hash to use for connection tracking table</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1-50000000"/> + <validator name="numeric" argument="--range 1024-50000000"/> </constraint> </properties> - <defaultValue>32768</defaultValue> + <defaultValue>65536</defaultValue> </leafNode> <node name="ignore"> <properties> diff --git a/interface-definitions/system_ip.xml.in b/interface-definitions/system_ip.xml.in index b4b5092fe..f2bb5bd8a 100644 --- a/interface-definitions/system_ip.xml.in +++ b/interface-definitions/system_ip.xml.in @@ -17,6 +17,22 @@ #include <include/arp-ndp-table-size.xml.i> </children> </node> + <tagNode name="import-table"> + <properties> + <help>Routing table for import</help> + <valueHelp> + <format>u32:1-252</format> + <description>Table number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-252"/> + </constraint> + </properties> + <children> + #include <include/static/static-route-distance.xml.i> + #include <include/route-map.xml.i> + </children> + </tagNode> <leafNode name="disable-forwarding"> <properties> <help>Disable IPv4 forwarding on all interfaces</help> diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in index 9865e3d32..a13ba10ea 100644 --- a/interface-definitions/system_login.xml.in +++ b/interface-definitions/system_login.xml.in @@ -103,6 +103,15 @@ <help>Plaintext password used for encryption</help> </properties> </leafNode> + <leafNode name="principal"> + <properties> + <help>Accepted principal names for certificate authentication</help> + <constraint> + #include <include/constraint/login-username.xml.i> + </constraint> + <multi/> + </properties> + </leafNode> <tagNode name="public-keys"> <properties> <help>Remote access public keys</help> diff --git a/interface-definitions/system_option.xml.in b/interface-definitions/system_option.xml.in index c9240064f..5d385e3d0 100644 --- a/interface-definitions/system_option.xml.in +++ b/interface-definitions/system_option.xml.in @@ -37,7 +37,145 @@ <help>Kernel boot parameters</help> </properties> <children> - <leafNode name="disable-mitigations"> + <node name="cpu"> + <properties> + <help>CPU settings</help> + </properties> + <children> + <leafNode name="disable-nmi-watchdog"> + <properties> + <help>Disable the NMI watchdog for detecting hard CPU lockups</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="isolate-cpus"> + <properties> + <help>Isolate specified CPUs from the scheduler</help> + <valueHelp> + <format>u32:0-511</format> + <description>CPU core</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description> + </valueHelp> + <constraint> + <validator name="cpu"/> + </constraint> + </properties> + </leafNode> + <leafNode name="nohz-full"> + <properties> + <help>Enable full tickless mode for specified CPUs</help> + <valueHelp> + <format>u32:0-511</format> + <description>CPU core</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description> + </valueHelp> + <constraint> + <validator name="cpu"/> + </constraint> + </properties> + </leafNode> + <leafNode name="rcu-no-cbs"> + <properties> + <help>Offload Read-Copy-Update (RCU) callback processing to specified CPUs</help> + <valueHelp> + <format>u32:0-511</format> + <description>CPU core</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description> + </valueHelp> + <constraint> + <validator name="cpu"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="memory"> + <properties> + <help>Memory settings</help> + </properties> + <children> + <leafNode name="disable-numa-balancing"> + <properties> + <help>Disable automatic NUMA memory balancing</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="default-hugepage-size"> + <properties> + <help>Set default hugepage size (e.g., 2M, 1G)</help> + <completionHelp> + <list>2M 1G</list> + </completionHelp> + <valueHelp> + <format>2M</format> + <description>2 megabytes</description> + </valueHelp> + <valueHelp> + <format>1G</format> + <description>1 gigabyte</description> + </valueHelp> + <constraint> + <regex>(2M|1G)</regex> + </constraint> + </properties> + </leafNode> + <tagNode name="hugepage-size"> + <properties> + <help>Set hugepage size for allocation (e.g., 2M, 1G)</help> + <completionHelp> + <list>2M 1G</list> + </completionHelp> + <valueHelp> + <format>2M</format> + <description>2 megabytes</description> + </valueHelp> + <valueHelp> + <format>1G</format> + <description>1 gigabyte</description> + </valueHelp> + <constraint> + <regex>(2M|1G)</regex> + </constraint> + </properties> + <children> + <leafNode name="hugepage-count"> + <properties> + <help>Allocate number of hugepages for system use</help> + <valueHelp> + <format>u32</format> + <description>Number of hugepages</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-100000"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <leafNode name="disable-hpet"> + <properties> + <help>Disable High Precision Event Timer (HPET)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-mce"> + <properties> + <help>Disable Machine Check Exceptions (MCE) reporting and handling</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-mitigations"> <properties> <help>Disable all optional CPU mitigations</help> <valueless/> @@ -69,6 +207,12 @@ </valueHelp> </properties> </leafNode> + <leafNode name="disable-softlockup"> + <properties> + <help>Disable soft lockup detector for kernel threads</help> + <valueless/> + </properties> + </leafNode> <leafNode name="quiet"> <properties> <help>Disable most log messages</help> @@ -198,6 +342,19 @@ <valueless/> </properties> </leafNode> + <leafNode name="reboot-on-upgrade-failure"> + <properties> + <help>Automatic reboot into previous running image on upgrade failure</help> + <valueHelp> + <format>u32:1-30</format> + <description>Timeout before automatic reboot (minutes)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-30"/> + </constraint> + <constraintErrorMessage>Timeout out of range, must be 5 to 30 minutes</constraintErrorMessage> + </properties> + </leafNode> <node name="ssh-client"> <properties> <help>Global options used for SSH client</help> diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index c00e82534..d28f86653 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -137,6 +137,7 @@ #include <include/accel-ppp/ppp-options.xml.i> #include <include/accel-ppp/shaper.xml.i> #include <include/accel-ppp/snmp.xml.i> + #include <include/accel-ppp/thread-count.xml.i> #include <include/accel-ppp/wins-server.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in index 8aec0cb1c..3e985486d 100644 --- a/interface-definitions/vpn_pptp.xml.in +++ b/interface-definitions/vpn_pptp.xml.in @@ -53,6 +53,7 @@ #include <include/accel-ppp/ppp-options.xml.i> #include <include/accel-ppp/shaper.xml.i> #include <include/accel-ppp/snmp.xml.i> + #include <include/accel-ppp/thread-count.xml.i> #include <include/accel-ppp/wins-server.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index 5fd5c95ca..851a202dc 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -50,6 +50,7 @@ #include <include/accel-ppp/ppp-options.xml.i> #include <include/accel-ppp/shaper.xml.i> #include <include/accel-ppp/snmp.xml.i> + #include <include/accel-ppp/thread-count.xml.i> #include <include/accel-ppp/wins-server.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index a20be995a..03128cb99 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -95,6 +95,15 @@ #include <include/ospfv3/protocol-common-config.xml.i> </children> </node> + <node name="rpki" owner="${vyos_conf_scripts_dir}/protocols_rpki.py $VAR(../../@)"> + <properties> + <help>Resource Public Key Infrastructure (RPKI)</help> + <priority>820</priority> + </properties> + <children> + #include <include/rpki/protocol-common-config.xml.i> + </children> + </node> <node name="static" owner="${vyos_conf_scripts_dir}/protocols_static.py $VAR(../../@)"> <properties> <help>Static Routing</help> |