summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/container.xml.in43
-rw-r--r--interface-definitions/include/accel-ppp/radius-additions.xml.i11
-rw-r--r--interface-definitions/include/accel-ppp/thread-count.xml.i27
-rw-r--r--interface-definitions/include/bgp/protocol-common-config.xml.i6
-rw-r--r--interface-definitions/include/firewall/geoip.xml.i2
-rw-r--r--interface-definitions/include/firewall/global-options.xml.i49
-rw-r--r--interface-definitions/include/haproxy/logging.xml.i132
-rw-r--r--interface-definitions/include/haproxy/rule-backend.xml.i8
-rw-r--r--interface-definitions/include/haproxy/rule-frontend.xml.i14
-rw-r--r--interface-definitions/include/rpki/protocol-common-config.xml.i87
-rw-r--r--interface-definitions/include/version/conntrack-version.xml.i2
-rw-r--r--interface-definitions/include/version/container-version.xml.i2
-rw-r--r--interface-definitions/include/version/firewall-version.xml.i2
-rw-r--r--interface-definitions/include/version/reverseproxy-version.xml.i2
-rw-r--r--interface-definitions/interfaces_bonding.xml.in2
-rw-r--r--interface-definitions/interfaces_bridge.xml.in12
-rw-r--r--interface-definitions/load-balancing_haproxy.xml.in2
-rw-r--r--interface-definitions/nat66.xml.in1
-rw-r--r--interface-definitions/policy.xml.in2
-rw-r--r--interface-definitions/protocols_rpki.xml.in86
-rw-r--r--interface-definitions/qos.xml.in19
-rw-r--r--interface-definitions/service_ipoe-server.xml.in1
-rw-r--r--interface-definitions/service_pppoe-server.xml.in1
-rw-r--r--interface-definitions/service_snmp.xml.in2
-rw-r--r--interface-definitions/service_ssh.xml.in16
-rw-r--r--interface-definitions/system_conntrack.xml.in6
-rw-r--r--interface-definitions/system_ip.xml.in16
-rw-r--r--interface-definitions/system_login.xml.in9
-rw-r--r--interface-definitions/system_option.xml.in159
-rw-r--r--interface-definitions/vpn_l2tp.xml.in1
-rw-r--r--interface-definitions/vpn_pptp.xml.in1
-rw-r--r--interface-definitions/vpn_sstp.xml.in1
-rw-r--r--interface-definitions/vrf.xml.in9
33 files changed, 584 insertions, 149 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
index 434bf7528..f20fd7690 100644
--- a/interface-definitions/container.xml.in
+++ b/interface-definitions/container.xml.in
@@ -532,6 +532,30 @@
</leafNode>
</children>
</tagNode>
+ <leafNode name="log-driver">
+ <properties>
+ <help>Configure container log driver</help>
+ <completionHelp>
+ <list>k8s-file journald none</list>
+ </completionHelp>
+ <valueHelp>
+ <format>k8s-file</format>
+ <description>Logs to plain-text file</description>
+ </valueHelp>
+ <valueHelp>
+ <format>journald</format>
+ <description>Logs to systemd's journal</description>
+ </valueHelp>
+ <valueHelp>
+ <format>none</format>
+ <description>Disable logging for the container</description>
+ </valueHelp>
+ <constraint>
+ <regex>(k8s-file|journald|none)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>journald</defaultValue>
+ </leafNode>
</children>
</tagNode>
<tagNode name="network">
@@ -627,25 +651,6 @@
</node>
</children>
</tagNode>
- <leafNode name="log-driver">
- <properties>
- <help>Configure container log driver</help>
- <completionHelp>
- <list>k8s-file journald</list>
- </completionHelp>
- <valueHelp>
- <format>k8s-file</format>
- <description>Logs to plain-text json file</description>
- </valueHelp>
- <valueHelp>
- <format>journald</format>
- <description>Logs to systemd's journal</description>
- </valueHelp>
- <constraint>
- <regex>(k8s-file|journald)</regex>
- </constraint>
- </properties>
- </leafNode>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i
index 5222ba864..b6c88c6e8 100644
--- a/interface-definitions/include/accel-ppp/radius-additions.xml.i
+++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i
@@ -133,17 +133,8 @@
</valueHelp>
</properties>
</leafNode>
+ #include <include/port-number.xml.i>
<leafNode name="port">
- <properties>
- <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
- <valueHelp>
- <format>u32:1-65535</format>
- <description>TCP port</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- </constraint>
- </properties>
<defaultValue>1700</defaultValue>
</leafNode>
<leafNode name="key">
diff --git a/interface-definitions/include/accel-ppp/thread-count.xml.i b/interface-definitions/include/accel-ppp/thread-count.xml.i
new file mode 100644
index 000000000..84d9224d0
--- /dev/null
+++ b/interface-definitions/include/accel-ppp/thread-count.xml.i
@@ -0,0 +1,27 @@
+<!-- include start from accel-ppp/thread-count.xml.i -->
+<leafNode name="thread-count">
+ <properties>
+ <help>Number of working threads</help>
+ <completionHelp>
+ <list>all half</list>
+ </completionHelp>
+ <valueHelp>
+ <format>all</format>
+ <description>Use all available CPU cores</description>
+ </valueHelp>
+ <valueHelp>
+ <format>half</format>
+ <description>Use half of available CPU cores</description>
+ </valueHelp>
+ <valueHelp>
+ <format>u32:1-512</format>
+ <description>Thread count</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-512"/>
+ <regex>(all|half)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>all</defaultValue>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index 31c8cafea..ab016884e 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -1596,6 +1596,12 @@
<valueless/>
</properties>
</leafNode>
+ <leafNode name="no-ipv6-auto-ra">
+ <properties>
+ <help>Disable IPv6 automatic router advertisement</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="no-suppress-duplicates">
<properties>
<help>Disable suppress duplicate updates if the route actually not changed</help>
diff --git a/interface-definitions/include/firewall/geoip.xml.i b/interface-definitions/include/firewall/geoip.xml.i
index 9fb37a574..b8f2cbc45 100644
--- a/interface-definitions/include/firewall/geoip.xml.i
+++ b/interface-definitions/include/firewall/geoip.xml.i
@@ -12,7 +12,7 @@
<description>Country code (2 characters)</description>
</valueHelp>
<constraint>
- <regex>^(ad|ae|af|ag|ai|al|am|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bl|bm|bn|bo|bq|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cw|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mf|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|ss|st|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tr|tt|tv|tw|tz|ua|ug|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|za|zm|zw)$</regex>
+ <regex>(ad|ae|af|ag|ai|al|am|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bl|bm|bn|bo|bq|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cw|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mf|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|ss|st|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tr|tt|tv|tw|tz|ua|ug|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|za|zm|zw)</regex>
</constraint>
<multi />
</properties>
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index 7393ff5c9..e19f3a7c5 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -49,12 +49,53 @@
<help>Apply configured firewall rules to traffic switched by bridges</help>
</properties>
<children>
- <leafNode name="invalid-connections">
+ <node name="accept-invalid">
<properties>
- <help>Accept ARP, DHCP and PPPoE despite they are marked as invalid connection</help>
- <valueless/>
+ <help>Accept connections despite they are marked as invalid</help>
</properties>
- </leafNode>
+ <children>
+ <leafNode name="ethernet-type">
+ <properties>
+ <help>Ethernet type</help>
+ <completionHelp>
+ <list>arp dhcp pppoe 802.1q 802.1ad pppoe-discovery wol</list>
+ </completionHelp>
+ <valueHelp>
+ <format>arp</format>
+ <description>Adress Resolution Protocol (ARP)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>dhcp</format>
+ <description>Dynamic Host Configuration Protocol (DHCP)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>pppoe</format>
+ <description>Point to Point over Ethernet (PPPoE) Session</description>
+ </valueHelp>
+ <valueHelp>
+ <format>pppoe-discovery</format>
+ <description>PPPoE Discovery</description>
+ </valueHelp>
+ <valueHelp>
+ <format>802.1q</format>
+ <description>Customer VLAN tag type (802.1Q)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>802.1ad</format>
+ <description>Service VLAN tag type (802.1ad)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>wol</format>
+ <description>Wake-on-LAN magic packet</description>
+ </valueHelp>
+ <constraint>
+ <regex>(arp|dhcp|pppoe|pppoe-discovery|802.1q|802.1ad|wol)</regex>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
<leafNode name="ipv4">
<properties>
<help>Apply configured IPv4 firewall rules</help>
diff --git a/interface-definitions/include/haproxy/logging.xml.i b/interface-definitions/include/haproxy/logging.xml.i
index e0af54fa4..315c959bf 100644
--- a/interface-definitions/include/haproxy/logging.xml.i
+++ b/interface-definitions/include/haproxy/logging.xml.i
@@ -4,7 +4,137 @@
<help>Logging parameters</help>
</properties>
<children>
- #include <include/syslog-facility.xml.i>
+ <tagNode name="facility">
+ <properties>
+ <help>Facility for logging</help>
+ <completionHelp>
+ <list>auth cron daemon kern lpr mail news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7</list>
+ </completionHelp>
+ <constraint>
+ <regex>(auth|cron|daemon|kern|lpr|mail|news|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7)</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid facility type</constraintErrorMessage>
+ <valueHelp>
+ <format>auth</format>
+ <description>Authentication and authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>cron</format>
+ <description>Cron daemon</description>
+ </valueHelp>
+ <valueHelp>
+ <format>daemon</format>
+ <description>System daemons</description>
+ </valueHelp>
+ <valueHelp>
+ <format>kern</format>
+ <description>Kernel</description>
+ </valueHelp>
+ <valueHelp>
+ <format>lpr</format>
+ <description>Line printer spooler</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mail</format>
+ <description>Mail subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>news</format>
+ <description>USENET subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>syslog</format>
+ <description>Authentication and authorization</description>
+ </valueHelp>
+ <valueHelp>
+ <format>user</format>
+ <description>Application processes</description>
+ </valueHelp>
+ <valueHelp>
+ <format>uucp</format>
+ <description>UUCP subsystem</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local0</format>
+ <description>Local facility 0</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local1</format>
+ <description>Local facility 1</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local2</format>
+ <description>Local facility 2</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local3</format>
+ <description>Local facility 3</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local4</format>
+ <description>Local facility 4</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local5</format>
+ <description>Local facility 5</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local6</format>
+ <description>Local facility 6</description>
+ </valueHelp>
+ <valueHelp>
+ <format>local7</format>
+ <description>Local facility 7</description>
+ </valueHelp>
+ </properties>
+ <children>
+ <leafNode name="level">
+ <properties>
+ <help>Logging level</help>
+ <completionHelp>
+ <list>emerg alert crit err warning notice info debug</list>
+ </completionHelp>
+ <valueHelp>
+ <format>emerg</format>
+ <description>Emergency messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>alert</format>
+ <description>Urgent messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>crit</format>
+ <description>Critical messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>err</format>
+ <description>Error messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>warning</format>
+ <description>Warning messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>notice</format>
+ <description>Messages for further investigation</description>
+ </valueHelp>
+ <valueHelp>
+ <format>info</format>
+ <description>Informational messages</description>
+ </valueHelp>
+ <valueHelp>
+ <format>debug</format>
+ <description>Debug messages</description>
+ </valueHelp>
+ <constraint>
+ <regex>(emerg|alert|crit|err|warning|notice|info|debug)</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid loglevel</constraintErrorMessage>
+ </properties>
+ <defaultValue>err</defaultValue>
+ </leafNode>
+ </children>
+ </tagNode>
</children>
</node>
<!-- include end -->
diff --git a/interface-definitions/include/haproxy/rule-backend.xml.i b/interface-definitions/include/haproxy/rule-backend.xml.i
index 1df9d5dcf..5faf09a96 100644
--- a/interface-definitions/include/haproxy/rule-backend.xml.i
+++ b/interface-definitions/include/haproxy/rule-backend.xml.i
@@ -38,7 +38,7 @@
<description>Set URL location</description>
</valueHelp>
<constraint>
- <regex>^\/[\w\-.\/]+$</regex>
+ <regex>\/[\w\-.\/]+</regex>
</constraint>
<constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
</properties>
@@ -90,7 +90,7 @@
<description>Begin URL</description>
</valueHelp>
<constraint>
- <regex>^\/[\w\-.\/]+$</regex>
+ <regex>\/[\w\-.\/]+</regex>
</constraint>
<constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
<multi/>
@@ -104,7 +104,7 @@
<description>End URL</description>
</valueHelp>
<constraint>
- <regex>^\/[\w\-.\/]+$</regex>
+ <regex>\/[\w\-.\/]+</regex>
</constraint>
<constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
<multi/>
@@ -118,7 +118,7 @@
<description>Exactly URL</description>
</valueHelp>
<constraint>
- <regex>^\/[\w\-.\/]*$</regex>
+ <regex>\/[\w\-.\/]*</regex>
</constraint>
<constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
<multi/>
diff --git a/interface-definitions/include/haproxy/rule-frontend.xml.i b/interface-definitions/include/haproxy/rule-frontend.xml.i
index eabdd8632..d2e7a38c3 100644
--- a/interface-definitions/include/haproxy/rule-frontend.xml.i
+++ b/interface-definitions/include/haproxy/rule-frontend.xml.i
@@ -32,15 +32,15 @@
<children>
<leafNode name="redirect-location">
<properties>
- <help>Set URL location</help>
+ <help>Set path location</help>
<valueHelp>
<format>url</format>
- <description>Set URL location</description>
+ <description>Set path location</description>
</valueHelp>
<constraint>
- <regex>^\/[\w\-.\/]+$</regex>
+ <regex>\/[\w\-.\/]+</regex>
</constraint>
- <constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
+ <constraintErrorMessage>Incorrect path format</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="backend">
@@ -93,7 +93,7 @@
<description>Begin URL</description>
</valueHelp>
<constraint>
- <regex>^\/[\w\-.\/]+$</regex>
+ <regex>\/[\w\-.\/]+</regex>
</constraint>
<constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
<multi/>
@@ -107,7 +107,7 @@
<description>End URL</description>
</valueHelp>
<constraint>
- <regex>^\/[\w\-.\/]+$</regex>
+ <regex>\/[\w\-.\/]+</regex>
</constraint>
<constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
<multi/>
@@ -121,7 +121,7 @@
<description>Exactly URL</description>
</valueHelp>
<constraint>
- <regex>^\/[\w\-.\/]+$</regex>
+ <regex>\/[\w\-.\/]+</regex>
</constraint>
<constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
<multi/>
diff --git a/interface-definitions/include/rpki/protocol-common-config.xml.i b/interface-definitions/include/rpki/protocol-common-config.xml.i
new file mode 100644
index 000000000..0b3356604
--- /dev/null
+++ b/interface-definitions/include/rpki/protocol-common-config.xml.i
@@ -0,0 +1,87 @@
+<!-- include start from rpki/protocol-common-config.xml.i -->
+<tagNode name="cache">
+ <properties>
+ <help>RPKI cache server address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IP address of RPKI server</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of RPKI server</description>
+ </valueHelp>
+ <valueHelp>
+ <format>hostname</format>
+ <description>Fully qualified domain name of RPKI server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-address"/>
+ <validator name="fqdn"/>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/port-number.xml.i>
+ <leafNode name="preference">
+ <properties>
+ <help>Preference of the cache server</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>Preference of the cache server</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ #include <include/source-address-ipv4.xml.i>
+ <node name="ssh">
+ <properties>
+ <help>RPKI SSH connection settings</help>
+ </properties>
+ <children>
+ #include <include/pki/openssh-key.xml.i>
+ #include <include/generic-username.xml.i>
+ </children>
+ </node>
+ </children>
+</tagNode>
+<leafNode name="expire-interval">
+ <properties>
+ <help>Interval to wait before expiring the cache</help>
+ <valueHelp>
+ <format>u32:600-172800</format>
+ <description>Interval in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 600-172800"/>
+ </constraint>
+ </properties>
+ <defaultValue>7200</defaultValue>
+</leafNode>
+<leafNode name="polling-period">
+ <properties>
+ <help>Cache polling interval</help>
+ <valueHelp>
+ <format>u32:1-86400</format>
+ <description>Interval in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-86400"/>
+ </constraint>
+ </properties>
+ <defaultValue>300</defaultValue>
+</leafNode>
+<leafNode name="retry-interval">
+ <properties>
+ <help>Retry interval to connect to the cache server</help>
+ <valueHelp>
+ <format>u32:1-7200</format>
+ <description>Interval in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-7200"/>
+ </constraint>
+ </properties>
+ <defaultValue>600</defaultValue>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/version/conntrack-version.xml.i b/interface-definitions/include/version/conntrack-version.xml.i
index 6995ce119..517424034 100644
--- a/interface-definitions/include/version/conntrack-version.xml.i
+++ b/interface-definitions/include/version/conntrack-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/conntrack-version.xml.i -->
-<syntaxVersion component='conntrack' version='5'></syntaxVersion>
+<syntaxVersion component='conntrack' version='6'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/container-version.xml.i b/interface-definitions/include/version/container-version.xml.i
index ed6e942cd..046bacfdc 100644
--- a/interface-definitions/include/version/container-version.xml.i
+++ b/interface-definitions/include/version/container-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/container-version.xml.i -->
-<syntaxVersion component='container' version='2'></syntaxVersion>
+<syntaxVersion component='container' version='3'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i
index 1a8098297..1f3b779d5 100644
--- a/interface-definitions/include/version/firewall-version.xml.i
+++ b/interface-definitions/include/version/firewall-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/firewall-version.xml.i -->
-<syntaxVersion component='firewall' version='18'></syntaxVersion>
+<syntaxVersion component='firewall' version='19'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/include/version/reverseproxy-version.xml.i b/interface-definitions/include/version/reverseproxy-version.xml.i
index 4f09f2848..71f7def1a 100644
--- a/interface-definitions/include/version/reverseproxy-version.xml.i
+++ b/interface-definitions/include/version/reverseproxy-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/reverseproxy-version.xml.i -->
-<syntaxVersion component='reverse-proxy' version='2'></syntaxVersion>
+<syntaxVersion component='reverse-proxy' version='3'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/interfaces_bonding.xml.in b/interface-definitions/interfaces_bonding.xml.in
index cdacae2d0..9945fc15d 100644
--- a/interface-definitions/interfaces_bonding.xml.in
+++ b/interface-definitions/interfaces_bonding.xml.in
@@ -240,7 +240,7 @@
<description>Distribute based on MAC address</description>
</valueHelp>
<constraint>
- <regex>(802.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash)</regex>
+ <regex>(802\.3ad|active-backup|broadcast|round-robin|transmit-load-balance|adaptive-load-balance|xor-hash)</regex>
</constraint>
<constraintErrorMessage>mode must be 802.3ad, active-backup, broadcast, round-robin, transmit-load-balance, adaptive-load-balance, or xor</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/interfaces_bridge.xml.in b/interface-definitions/interfaces_bridge.xml.in
index 667ae3b19..b360f34f1 100644
--- a/interface-definitions/interfaces_bridge.xml.in
+++ b/interface-definitions/interfaces_bridge.xml.in
@@ -201,6 +201,18 @@
<valueless/>
</properties>
</leafNode>
+ <leafNode name="bpdu-guard">
+ <properties>
+ <help>Enable BPDU Guard</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="root-guard">
+ <properties>
+ <help>Enable Root Guard</help>
+ <valueless/>
+ </properties>
+ </leafNode>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/load-balancing_haproxy.xml.in b/interface-definitions/load-balancing_haproxy.xml.in
index f0f64e75a..61ff8bc81 100644
--- a/interface-definitions/load-balancing_haproxy.xml.in
+++ b/interface-definitions/load-balancing_haproxy.xml.in
@@ -159,7 +159,7 @@
<properties>
<help>URI used for HTTP health check (Example: '/' or '/health')</help>
<constraint>
- <regex>^\/([^?#\s]*)(\?[^#\s]*)?$</regex>
+ <regex>\/([^?#\s]*)(\?[^#\s]*)?</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in
index c59725c53..2c1babd5a 100644
--- a/interface-definitions/nat66.xml.in
+++ b/interface-definitions/nat66.xml.in
@@ -53,6 +53,7 @@
</properties>
</leafNode>
#include <include/nat-port.xml.i>
+ #include <include/firewall/source-destination-group-ipv6.xml.i>
</children>
</node>
<node name="source">
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index 25dbf5581..31e01c68c 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -1519,7 +1519,7 @@
<constraint>
<validator name="numeric" argument="--relative --"/>
<validator name="numeric" argument="--range 0-4294967295"/>
- <regex>^[+|-]?rtt$</regex>
+ <regex>[+|-]?rtt</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/protocols_rpki.xml.in b/interface-definitions/protocols_rpki.xml.in
index 9e2e84717..a298cdbfd 100644
--- a/interface-definitions/protocols_rpki.xml.in
+++ b/interface-definitions/protocols_rpki.xml.in
@@ -8,91 +8,7 @@
<priority>819</priority>
</properties>
<children>
- <tagNode name="cache">
- <properties>
- <help>RPKI cache server address</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IP address of RPKI server</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address of RPKI server</description>
- </valueHelp>
- <valueHelp>
- <format>hostname</format>
- <description>Fully qualified domain name of RPKI server</description>
- </valueHelp>
- <constraint>
- <validator name="ip-address"/>
- <validator name="fqdn"/>
- </constraint>
- </properties>
- <children>
- #include <include/port-number.xml.i>
- <leafNode name="preference">
- <properties>
- <help>Preference of the cache server</help>
- <valueHelp>
- <format>u32:1-255</format>
- <description>Preference of the cache server</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-255"/>
- </constraint>
- </properties>
- </leafNode>
- #include <include/source-address-ipv4.xml.i>
- <node name="ssh">
- <properties>
- <help>RPKI SSH connection settings</help>
- </properties>
- <children>
- #include <include/pki/openssh-key.xml.i>
- #include <include/generic-username.xml.i>
- </children>
- </node>
- </children>
- </tagNode>
- <leafNode name="expire-interval">
- <properties>
- <help>Interval to wait before expiring the cache</help>
- <valueHelp>
- <format>u32:600-172800</format>
- <description>Interval in seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 600-172800"/>
- </constraint>
- </properties>
- <defaultValue>7200</defaultValue>
- </leafNode>
- <leafNode name="polling-period">
- <properties>
- <help>Cache polling interval</help>
- <valueHelp>
- <format>u32:1-86400</format>
- <description>Interval in seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-86400"/>
- </constraint>
- </properties>
- <defaultValue>300</defaultValue>
- </leafNode>
- <leafNode name="retry-interval">
- <properties>
- <help>Retry interval to connect to the cache server</help>
- <valueHelp>
- <format>u32:1-7200</format>
- <description>Interval in seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-7200"/>
- </constraint>
- </properties>
- <defaultValue>600</defaultValue>
- </leafNode>
+ #include <include/rpki/protocol-common-config.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/qos.xml.in b/interface-definitions/qos.xml.in
index c6ecb742e..aad1de629 100644
--- a/interface-definitions/qos.xml.in
+++ b/interface-definitions/qos.xml.in
@@ -135,6 +135,25 @@
<valueless/>
</properties>
</leafNode>
+ <leafNode name="no-split-gso">
+ <properties>
+ <help>Do not split GSO super-packets into on-the-wire components</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <node name="ack-filter">
+ <properties>
+ <help>Identify and filter out TCP ACK packets that do not convey significant new information</help>
+ </properties>
+ <children>
+ <leafNode name="aggressive">
+ <properties>
+ <help>Enable aggressive mode which will result in more ACK packets being compresses/filtered</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
<leafNode name="rtt">
<properties>
<help>Round-Trip-Time for Active Queue Management (AQM)</help>
diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in
index fe9d32bbd..3093151ea 100644
--- a/interface-definitions/service_ipoe-server.xml.in
+++ b/interface-definitions/service_ipoe-server.xml.in
@@ -237,6 +237,7 @@
#include <include/accel-ppp/max-concurrent-sessions.xml.i>
#include <include/accel-ppp/shaper.xml.i>
#include <include/accel-ppp/snmp.xml.i>
+ #include <include/accel-ppp/thread-count.xml.i>
#include <include/generic-description.xml.i>
#include <include/name-server-ipv4-ipv6.xml.i>
#include <include/accel-ppp/log.xml.i>
diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in
index 32215e9d2..81a4a95e3 100644
--- a/interface-definitions/service_pppoe-server.xml.in
+++ b/interface-definitions/service_pppoe-server.xml.in
@@ -175,6 +175,7 @@
</node>
#include <include/accel-ppp/shaper.xml.i>
#include <include/accel-ppp/snmp.xml.i>
+ #include <include/accel-ppp/thread-count.xml.i>
#include <include/accel-ppp/wins-server.xml.i>
#include <include/generic-description.xml.i>
#include <include/name-server-ipv4-ipv6.xml.i>
diff --git a/interface-definitions/service_snmp.xml.in b/interface-definitions/service_snmp.xml.in
index cc21f5b8b..bdc9f88fe 100644
--- a/interface-definitions/service_snmp.xml.in
+++ b/interface-definitions/service_snmp.xml.in
@@ -13,7 +13,7 @@
<properties>
<help>Community name</help>
<constraint>
- <regex>[[:alnum:]-_!@*#]{1,100}</regex>
+ <regex>[[:alnum:]\-_!@*#]{1,100}</regex>
</constraint>
<constraintErrorMessage>Community string is limited to alphanumerical characters, -, _, !, @, *, and # with a total lenght of 100</constraintErrorMessage>
</properties>
diff --git a/interface-definitions/service_ssh.xml.in b/interface-definitions/service_ssh.xml.in
index 14d358c78..c659a7db7 100644
--- a/interface-definitions/service_ssh.xml.in
+++ b/interface-definitions/service_ssh.xml.in
@@ -275,14 +275,18 @@
</constraint>
</properties>
</leafNode>
- <node name="trusted-user-ca-key">
+ <leafNode name="trusted-user-ca">
<properties>
- <help>Trusted user CA key</help>
+ <help>OpenSSH trusted user CA</help>
+ <completionHelp>
+ <path>pki openssh</path>
+ </completionHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>OpenSSH certificate name from PKI subsystem</description>
+ </valueHelp>
</properties>
- <children>
- #include <include/pki/ca-certificate.xml.i>
- </children>
- </node>
+ </leafNode>
#include <include/vrf-multi.xml.i>
</children>
</node>
diff --git a/interface-definitions/system_conntrack.xml.in b/interface-definitions/system_conntrack.xml.in
index 54610b625..92c4d24cf 100644
--- a/interface-definitions/system_conntrack.xml.in
+++ b/interface-definitions/system_conntrack.xml.in
@@ -32,14 +32,14 @@
<properties>
<help>Hash size for connection tracking table</help>
<valueHelp>
- <format>u32:1-50000000</format>
+ <format>u32:1024-50000000</format>
<description>Size of hash to use for connection tracking table</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1-50000000"/>
+ <validator name="numeric" argument="--range 1024-50000000"/>
</constraint>
</properties>
- <defaultValue>32768</defaultValue>
+ <defaultValue>65536</defaultValue>
</leafNode>
<node name="ignore">
<properties>
diff --git a/interface-definitions/system_ip.xml.in b/interface-definitions/system_ip.xml.in
index b4b5092fe..f2bb5bd8a 100644
--- a/interface-definitions/system_ip.xml.in
+++ b/interface-definitions/system_ip.xml.in
@@ -17,6 +17,22 @@
#include <include/arp-ndp-table-size.xml.i>
</children>
</node>
+ <tagNode name="import-table">
+ <properties>
+ <help>Routing table for import</help>
+ <valueHelp>
+ <format>u32:1-252</format>
+ <description>Table number</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-252"/>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/static/static-route-distance.xml.i>
+ #include <include/route-map.xml.i>
+ </children>
+ </tagNode>
<leafNode name="disable-forwarding">
<properties>
<help>Disable IPv4 forwarding on all interfaces</help>
diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in
index 9865e3d32..a13ba10ea 100644
--- a/interface-definitions/system_login.xml.in
+++ b/interface-definitions/system_login.xml.in
@@ -103,6 +103,15 @@
<help>Plaintext password used for encryption</help>
</properties>
</leafNode>
+ <leafNode name="principal">
+ <properties>
+ <help>Accepted principal names for certificate authentication</help>
+ <constraint>
+ #include <include/constraint/login-username.xml.i>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
<tagNode name="public-keys">
<properties>
<help>Remote access public keys</help>
diff --git a/interface-definitions/system_option.xml.in b/interface-definitions/system_option.xml.in
index c9240064f..5d385e3d0 100644
--- a/interface-definitions/system_option.xml.in
+++ b/interface-definitions/system_option.xml.in
@@ -37,7 +37,145 @@
<help>Kernel boot parameters</help>
</properties>
<children>
- <leafNode name="disable-mitigations">
+ <node name="cpu">
+ <properties>
+ <help>CPU settings</help>
+ </properties>
+ <children>
+ <leafNode name="disable-nmi-watchdog">
+ <properties>
+ <help>Disable the NMI watchdog for detecting hard CPU lockups</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="isolate-cpus">
+ <properties>
+ <help>Isolate specified CPUs from the scheduler</help>
+ <valueHelp>
+ <format>u32:0-511</format>
+ <description>CPU core</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;start-end&gt;</format>
+ <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description>
+ </valueHelp>
+ <constraint>
+ <validator name="cpu"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="nohz-full">
+ <properties>
+ <help>Enable full tickless mode for specified CPUs</help>
+ <valueHelp>
+ <format>u32:0-511</format>
+ <description>CPU core</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;start-end&gt;</format>
+ <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description>
+ </valueHelp>
+ <constraint>
+ <validator name="cpu"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="rcu-no-cbs">
+ <properties>
+ <help>Offload Read-Copy-Update (RCU) callback processing to specified CPUs</help>
+ <valueHelp>
+ <format>u32:0-511</format>
+ <description>CPU core</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;start-end&gt;</format>
+ <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description>
+ </valueHelp>
+ <constraint>
+ <validator name="cpu"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="memory">
+ <properties>
+ <help>Memory settings</help>
+ </properties>
+ <children>
+ <leafNode name="disable-numa-balancing">
+ <properties>
+ <help>Disable automatic NUMA memory balancing</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="default-hugepage-size">
+ <properties>
+ <help>Set default hugepage size (e.g., 2M, 1G)</help>
+ <completionHelp>
+ <list>2M 1G</list>
+ </completionHelp>
+ <valueHelp>
+ <format>2M</format>
+ <description>2 megabytes</description>
+ </valueHelp>
+ <valueHelp>
+ <format>1G</format>
+ <description>1 gigabyte</description>
+ </valueHelp>
+ <constraint>
+ <regex>(2M|1G)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <tagNode name="hugepage-size">
+ <properties>
+ <help>Set hugepage size for allocation (e.g., 2M, 1G)</help>
+ <completionHelp>
+ <list>2M 1G</list>
+ </completionHelp>
+ <valueHelp>
+ <format>2M</format>
+ <description>2 megabytes</description>
+ </valueHelp>
+ <valueHelp>
+ <format>1G</format>
+ <description>1 gigabyte</description>
+ </valueHelp>
+ <constraint>
+ <regex>(2M|1G)</regex>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="hugepage-count">
+ <properties>
+ <help>Allocate number of hugepages for system use</help>
+ <valueHelp>
+ <format>u32</format>
+ <description>Number of hugepages</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-100000"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ <leafNode name="disable-hpet">
+ <properties>
+ <help>Disable High Precision Event Timer (HPET)</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="disable-mce">
+ <properties>
+ <help>Disable Machine Check Exceptions (MCE) reporting and handling</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="disable-mitigations">
<properties>
<help>Disable all optional CPU mitigations</help>
<valueless/>
@@ -69,6 +207,12 @@
</valueHelp>
</properties>
</leafNode>
+ <leafNode name="disable-softlockup">
+ <properties>
+ <help>Disable soft lockup detector for kernel threads</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="quiet">
<properties>
<help>Disable most log messages</help>
@@ -198,6 +342,19 @@
<valueless/>
</properties>
</leafNode>
+ <leafNode name="reboot-on-upgrade-failure">
+ <properties>
+ <help>Automatic reboot into previous running image on upgrade failure</help>
+ <valueHelp>
+ <format>u32:1-30</format>
+ <description>Timeout before automatic reboot (minutes)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 5-30"/>
+ </constraint>
+ <constraintErrorMessage>Timeout out of range, must be 5 to 30 minutes</constraintErrorMessage>
+ </properties>
+ </leafNode>
<node name="ssh-client">
<properties>
<help>Global options used for SSH client</help>
diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
index c00e82534..d28f86653 100644
--- a/interface-definitions/vpn_l2tp.xml.in
+++ b/interface-definitions/vpn_l2tp.xml.in
@@ -137,6 +137,7 @@
#include <include/accel-ppp/ppp-options.xml.i>
#include <include/accel-ppp/shaper.xml.i>
#include <include/accel-ppp/snmp.xml.i>
+ #include <include/accel-ppp/thread-count.xml.i>
#include <include/accel-ppp/wins-server.xml.i>
#include <include/generic-description.xml.i>
#include <include/name-server-ipv4-ipv6.xml.i>
diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in
index 8aec0cb1c..3e985486d 100644
--- a/interface-definitions/vpn_pptp.xml.in
+++ b/interface-definitions/vpn_pptp.xml.in
@@ -53,6 +53,7 @@
#include <include/accel-ppp/ppp-options.xml.i>
#include <include/accel-ppp/shaper.xml.i>
#include <include/accel-ppp/snmp.xml.i>
+ #include <include/accel-ppp/thread-count.xml.i>
#include <include/accel-ppp/wins-server.xml.i>
#include <include/generic-description.xml.i>
#include <include/name-server-ipv4-ipv6.xml.i>
diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
index 5fd5c95ca..851a202dc 100644
--- a/interface-definitions/vpn_sstp.xml.in
+++ b/interface-definitions/vpn_sstp.xml.in
@@ -50,6 +50,7 @@
#include <include/accel-ppp/ppp-options.xml.i>
#include <include/accel-ppp/shaper.xml.i>
#include <include/accel-ppp/snmp.xml.i>
+ #include <include/accel-ppp/thread-count.xml.i>
#include <include/accel-ppp/wins-server.xml.i>
#include <include/generic-description.xml.i>
#include <include/name-server-ipv4-ipv6.xml.i>
diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in
index a20be995a..03128cb99 100644
--- a/interface-definitions/vrf.xml.in
+++ b/interface-definitions/vrf.xml.in
@@ -95,6 +95,15 @@
#include <include/ospfv3/protocol-common-config.xml.i>
</children>
</node>
+ <node name="rpki" owner="${vyos_conf_scripts_dir}/protocols_rpki.py $VAR(../../@)">
+ <properties>
+ <help>Resource Public Key Infrastructure (RPKI)</help>
+ <priority>820</priority>
+ </properties>
+ <children>
+ #include <include/rpki/protocol-common-config.xml.i>
+ </children>
+ </node>
<node name="static" owner="${vyos_conf_scripts_dir}/protocols_static.py $VAR(../../@)">
<properties>
<help>Static Routing</help>