diff options
Diffstat (limited to 'interface-definitions')
54 files changed, 969 insertions, 245 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index 5c320e8c6..434bf7528 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -75,6 +75,12 @@ <multi/> </properties> </leafNode> + <leafNode name="privileged"> + <properties> + <help>Grant root capabilities to the container</help> + <valueless/> + </properties> + </leafNode> <node name="sysctl"> <properties> <help>Configure namespaced kernel parameters of the container</help> @@ -571,8 +577,75 @@ <children> #include <include/interface/authentication.xml.i> #include <include/generic-disable-node.xml.i> + <leafNode name="insecure"> + <properties> + <help>Allow registry access over unencrypted HTTP or TLS connections with untrusted certificates</help> + <valueless/> + </properties> + </leafNode> + <node name="mirror"> + <properties> + <help>Registry mirror, use host-name|address[:port][/path]</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IP address of container registry mirror</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of container registry mirror</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of container registry mirror</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + <validator name="ipv6-link-local"/> + </constraint> + </properties> + </leafNode> + <leafNode name="host-name"> + <properties> + <help>Hostname of container registry mirror</help> + <valueHelp> + <format>hostname</format> + <description>FQDN of container registry mirror</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + #include <include/port-number.xml.i> + <leafNode name="path"> + <properties> + <help>Path of container registry mirror, optional, must be start with '/' if not empty</help> + </properties> + </leafNode> + </children> + </node> </children> </tagNode> + <leafNode name="log-driver"> + <properties> + <help>Configure container log driver</help> + <completionHelp> + <list>k8s-file journald</list> + </completionHelp> + <valueHelp> + <format>k8s-file</format> + <description>Logs to plain-text json file</description> + </valueHelp> + <valueHelp> + <format>journald</format> + <description>Logs to systemd's journal</description> + </valueHelp> + <constraint> + <regex>(k8s-file|journald)</regex> + </constraint> + </properties> + </leafNode> </children> </node> </interfaceDefinition> diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index e4fe9a508..7538c3cc5 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -138,6 +138,19 @@ </tagNode> </children> </node> + <tagNode name="remote-group"> + <properties> + <help>Firewall remote-group</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage> + </properties> + <children> + #include <include/url-http-https.xml.i> + #include <include/generic-description.xml.i> + </children> + </tagNode> <tagNode name="interface-group"> <properties> <help>Firewall interface-group</help> diff --git a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i deleted file mode 100644 index 388991241..000000000 --- a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i +++ /dev/null @@ -1,34 +0,0 @@ -<!-- include start from bgp/afi-route-map.xml.i --> -<leafNode name="export"> - <properties> - <help>Route-map to filter outgoing route updates</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - <valueHelp> - <format>txt</format> - <description>Route map name</description> - </valueHelp> - <constraint> - #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> - </constraint> - <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> - </properties> -</leafNode> -<leafNode name="import"> - <properties> - <help>Route-map to filter incoming route updates</help> - <completionHelp> - <path>policy route-map</path> - </completionHelp> - <valueHelp> - <format>txt</format> - <description>Route map name</description> - </valueHelp> - <constraint> - #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> - </constraint> - <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-route-map-export.xml.i b/interface-definitions/include/bgp/afi-route-map-export.xml.i new file mode 100644 index 000000000..94d77caf2 --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-map-export.xml.i @@ -0,0 +1,18 @@ +<!-- include start from bgp/afi-route-map-export.xml.i --> +<leafNode name="export"> + <properties> + <help>Route-map to filter outgoing route updates</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Route map names can only contain alphanumeric characters, hyphens, and underscores</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-route-map-import.xml.i b/interface-definitions/include/bgp/afi-route-map-import.xml.i new file mode 100644 index 000000000..a1b154fcd --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-map-import.xml.i @@ -0,0 +1,18 @@ +<!-- include start from bgp/afi-route-map-import.xml.i --> +<leafNode name="import"> + <properties> + <help>Route-map to filter incoming route updates</help> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Route map name</description> + </valueHelp> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i> + </constraint> + <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-route-map-vpn.xml.i b/interface-definitions/include/bgp/afi-route-map-vpn.xml.i index e6be113c5..ac7b55af6 100644 --- a/interface-definitions/include/bgp/afi-route-map-vpn.xml.i +++ b/interface-definitions/include/bgp/afi-route-map-vpn.xml.i @@ -9,7 +9,8 @@ <help>Between current address-family and VPN</help> </properties> <children> - #include <include/bgp/afi-route-map-export-import.xml.i> + #include <include/bgp/afi-route-map-export.xml.i> + #include <include/bgp/afi-route-map-import.xml.i> </children> </node> </children> diff --git a/interface-definitions/include/bgp/afi-route-map-vrf.xml.i b/interface-definitions/include/bgp/afi-route-map-vrf.xml.i new file mode 100644 index 000000000..5c1783bda --- /dev/null +++ b/interface-definitions/include/bgp/afi-route-map-vrf.xml.i @@ -0,0 +1,17 @@ +<!-- include start from bgp/afi-route-map-vrf.xml.i --> +<node name="route-map"> + <properties> + <help>Route-map to filter route updates to/from this peer</help> + </properties> + <children> + <node name="vrf"> + <properties> + <help>Between current address-family and VRF</help> + </properties> + <children> + #include <include/bgp/afi-route-map-import.xml.i> + </children> + </node> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/bgp/afi-route-map.xml.i b/interface-definitions/include/bgp/afi-route-map.xml.i index 0b6178176..f8e1d7033 100644 --- a/interface-definitions/include/bgp/afi-route-map.xml.i +++ b/interface-definitions/include/bgp/afi-route-map.xml.i @@ -4,7 +4,8 @@ <help>Route-map to filter route updates to/from this peer</help> </properties> <children> - #include <include/bgp/afi-route-map-export-import.xml.i> + #include <include/bgp/afi-route-map-export.xml.i> + #include <include/bgp/afi-route-map-import.xml.i> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index 21514e762..31c8cafea 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -119,6 +119,7 @@ </tagNode> #include <include/bgp/afi-rd.xml.i> #include <include/bgp/afi-route-map-vpn.xml.i> + #include <include/bgp/afi-route-map-vrf.xml.i> #include <include/bgp/afi-route-target-vpn.xml.i> #include <include/bgp/afi-nexthop-vpn-export.xml.i> <node name="redistribute"> diff --git a/interface-definitions/include/constraint/interface-name.xml.i b/interface-definitions/include/constraint/interface-name.xml.i index bf1db243d..f64ea86f5 100644 --- a/interface-definitions/include/constraint/interface-name.xml.i +++ b/interface-definitions/include/constraint/interface-name.xml.i @@ -1,4 +1,4 @@ <!-- include start from constraint/interface-name.xml.i --> -<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|ipoe|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|pod-[-_a-zA-Z0-9]{1,11}|lo</regex> +<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|ipoe|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|sstpc|tun|veth|vpptap|vpptun|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|pod-[-_a-zA-Z0-9]{1,11}|lo</regex> <validator name="file-path --lookup-path /sys/class/net --directory"/> <!-- include end --> diff --git a/interface-definitions/include/constraint/wireguard-keys.xml.i b/interface-definitions/include/constraint/wireguard-keys.xml.i new file mode 100644 index 000000000..f59c86087 --- /dev/null +++ b/interface-definitions/include/constraint/wireguard-keys.xml.i @@ -0,0 +1,6 @@ +<!-- include start from constraint/wireguard-keys.xml.i --> +<constraint> + <validator name="base64" argument="--decoded-len 32"/> +</constraint> +<constraintErrorMessage>Key must be Base64-encoded with 32 bytes in length</constraintErrorMessage> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/ddns-dns-server.xml.i b/interface-definitions/include/dhcp/ddns-dns-server.xml.i new file mode 100644 index 000000000..ba9f186d0 --- /dev/null +++ b/interface-definitions/include/dhcp/ddns-dns-server.xml.i @@ -0,0 +1,19 @@ +<!-- include start from dhcp/ddns-dns-server.xml.i --> +<tagNode name="dns-server"> + <properties> + <help>DNS server specification</help> + <valueHelp> + <format>u32:1-999999</format> + <description>Number for this DNS server</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999999"/> + </constraint> + <constraintErrorMessage>DNS server number must be between 1 and 999999</constraintErrorMessage> + </properties> + <children> + #include <include/address-ipv4-ipv6-single.xml.i> + #include <include/port-number.xml.i> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/ddns-settings.xml.i b/interface-definitions/include/dhcp/ddns-settings.xml.i new file mode 100644 index 000000000..3e202685e --- /dev/null +++ b/interface-definitions/include/dhcp/ddns-settings.xml.i @@ -0,0 +1,172 @@ +<!-- include start from dhcp/ddns-settings.xml.i --> +<leafNode name="send-updates"> + <properties> + <help>Enable or disable updates for this scope</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable updates for this scope</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable updates for this scope</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage> + </properties> +</leafNode> +<leafNode name="override-client-update"> + <properties> + <help>Always update both forward and reverse DNS data, regardless of the client's request</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Force update both forward and reverse DNS records</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Respect client request settings</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage> + </properties> +</leafNode> +<leafNode name="override-no-update"> + <properties> + <help>Perform a DDNS update, even if the client instructs the server not to</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Force DDNS updates regardless of client request</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Respect client request settings</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage> + </properties> +</leafNode> +<leafNode name="replace-client-name"> + <properties> + <help>Replace client name mode</help> + <completionHelp> + <list>never always when-present when-not-present</list> + </completionHelp> + <valueHelp> + <format>never</format> + <description>Use the name the client sent. If the client sent no name, do not generate + one</description> + </valueHelp> + <valueHelp> + <format>always</format> + <description>Replace the name the client sent. If the client sent no name, generate one + for the client</description> + </valueHelp> + <valueHelp> + <format>when-present</format> + <description>Replace the name the client sent. If the client sent no name, do not + generate one</description> + </valueHelp> + <valueHelp> + <format>when-not-present</format> + <description>Use the name the client sent. If the client sent no name, generate one for + the client</description> + </valueHelp> + <constraint> + <regex>(never|always|when-present|when-not-present)</regex> + </constraint> + <constraintErrorMessage>Invalid replace client name mode</constraintErrorMessage> + </properties> +</leafNode> +<leafNode name="generated-prefix"> + <properties> + <help>The prefix used in the generation of an FQDN</help> + <constraint> + <validator name="fqdn" /> + </constraint> + <constraintErrorMessage>Invalid generated prefix</constraintErrorMessage> + </properties> +</leafNode> +<leafNode name="qualifying-suffix"> + <properties> + <help>The suffix used when generating an FQDN, or when qualifying a partial name</help> + <constraint> + <validator name="fqdn" /> + </constraint> + <constraintErrorMessage>Invalid qualifying suffix</constraintErrorMessage> + </properties> +</leafNode> +<leafNode name="update-on-renew"> + <properties> + <help>Update DNS record on lease renew</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Update DNS record on lease renew</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Do not update DNS record on lease renew</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage> + </properties> +</leafNode> +<leafNode name="conflict-resolution"> + <properties> + <help>DNS conflict resolution behavior</help> + <completionHelp> + <list>enable disable</list> + </completionHelp> + <valueHelp> + <format>enable</format> + <description>Enable DNS conflict resolution</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable DNS conflict resolution</description> + </valueHelp> + <constraint> + <regex>(enable|disable)</regex> + </constraint> + <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage> + </properties> +</leafNode> +<leafNode name="ttl-percent"> + <properties> + <help>Calculate TTL of the DNS record as a percentage of the lease lifetime</help> + <constraint> + <validator name="numeric" argument="--range 1-100" /> + </constraint> + <constraintErrorMessage>Invalid qualifying suffix</constraintErrorMessage> + </properties> +</leafNode> +<leafNode name="hostname-char-set"> + <properties> + <help>A regular expression describing the invalid character set in the host name</help> + </properties> +</leafNode> +<leafNode name="hostname-char-replacement"> + <properties> + <help>A string of zero or more characters with which to replace each invalid character in + the host name</help> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/dhcp/option-v4.xml.i b/interface-definitions/include/dhcp/option-v4.xml.i index bd6fc6043..08fbcca4a 100644 --- a/interface-definitions/include/dhcp/option-v4.xml.i +++ b/interface-definitions/include/dhcp/option-v4.xml.i @@ -59,6 +59,18 @@ <constraintErrorMessage>DHCP client prefix length must be 0 to 32</constraintErrorMessage> </properties> </leafNode> + <leafNode name="capwap-controller"> + <properties> + <help>IP address of CAPWAP access controller (Option 138)</help> + <valueHelp> + <format>ipv4</format> + <description>CAPWAP AC controller</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> <leafNode name="default-router"> <properties> <help>IP address of default router</help> diff --git a/interface-definitions/include/dhcp/option-v6.xml.i b/interface-definitions/include/dhcp/option-v6.xml.i index e1897f52d..202843ddf 100644 --- a/interface-definitions/include/dhcp/option-v6.xml.i +++ b/interface-definitions/include/dhcp/option-v6.xml.i @@ -7,6 +7,18 @@ #include <include/dhcp/captive-portal.xml.i> #include <include/dhcp/domain-search.xml.i> #include <include/name-server-ipv6.xml.i> + <leafNode name="capwap-controller"> + <properties> + <help>IP address of CAPWAP access controller (Option 52)</help> + <valueHelp> + <format>ipv6</format> + <description>CAPWAP AC controller</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> <leafNode name="nis-domain"> <properties> <help>NIS domain name for client to use</help> diff --git a/interface-definitions/include/dhcp/ping-check.xml.i b/interface-definitions/include/dhcp/ping-check.xml.i new file mode 100644 index 000000000..a506f68e4 --- /dev/null +++ b/interface-definitions/include/dhcp/ping-check.xml.i @@ -0,0 +1,8 @@ +<!-- include start from dhcp/ping-check.xml.i --> +<leafNode name="ping-check"> + <properties> + <help>Sends ICMP Echo request to the address being assigned</help> + <valueless/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/common-rule-ipv4.xml.i b/interface-definitions/include/firewall/common-rule-ipv4.xml.i index 803b94b06..b67ef25dc 100644 --- a/interface-definitions/include/firewall/common-rule-ipv4.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv4.xml.i @@ -16,6 +16,7 @@ #include <include/firewall/port.xml.i> #include <include/firewall/source-destination-group.xml.i> #include <include/firewall/source-destination-dynamic-group.xml.i> + #include <include/firewall/source-destination-remote-group.xml.i> </children> </node> <leafNode name="jump-target"> @@ -39,6 +40,7 @@ #include <include/firewall/port.xml.i> #include <include/firewall/source-destination-group.xml.i> #include <include/firewall/source-destination-dynamic-group.xml.i> + #include <include/firewall/source-destination-remote-group.xml.i> </children> </node> <!-- include end -->
\ No newline at end of file diff --git a/interface-definitions/include/firewall/common-rule-ipv6.xml.i b/interface-definitions/include/firewall/common-rule-ipv6.xml.i index bb176fe71..65ec415fb 100644 --- a/interface-definitions/include/firewall/common-rule-ipv6.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv6.xml.i @@ -16,6 +16,7 @@ #include <include/firewall/port.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i> + #include <include/firewall/source-destination-remote-group.xml.i> </children> </node> <leafNode name="jump-target"> @@ -39,6 +40,7 @@ #include <include/firewall/port.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i> + #include <include/firewall/source-destination-remote-group.xml.i> </children> </node> -<!-- include end -->
\ No newline at end of file +<!-- include end --> diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i index 355b41fde..7393ff5c9 100644 --- a/interface-definitions/include/firewall/global-options.xml.i +++ b/interface-definitions/include/firewall/global-options.xml.i @@ -217,6 +217,14 @@ <help>Global firewall state-policy</help> </properties> <children> + <node name="offload"> + <properties> + <help>All stateful forward traffic is offloaded to a flowtable</help> + </properties> + <children> + #include <include/firewall/offload-target.xml.i> + </children> + </node> <node name="established"> <properties> <help>Global firewall policy for packets part of an established connection</help> diff --git a/interface-definitions/include/firewall/source-destination-remote-group.xml.i b/interface-definitions/include/firewall/source-destination-remote-group.xml.i new file mode 100644 index 000000000..16463c8eb --- /dev/null +++ b/interface-definitions/include/firewall/source-destination-remote-group.xml.i @@ -0,0 +1,17 @@ +<!-- include start from firewall/source-destination-remote-group.xml.i --> +<node name="group"> + <properties> + <help>Group</help> + </properties> + <children> + <leafNode name="remote-group"> + <properties> + <help>Group of remote addresses</help> + <completionHelp> + <path>firewall group remote-group</path> + </completionHelp> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/logging.xml.i b/interface-definitions/include/haproxy/logging.xml.i index e0af54fa4..315c959bf 100644 --- a/interface-definitions/include/haproxy/logging.xml.i +++ b/interface-definitions/include/haproxy/logging.xml.i @@ -4,7 +4,137 @@ <help>Logging parameters</help> </properties> <children> - #include <include/syslog-facility.xml.i> + <tagNode name="facility"> + <properties> + <help>Facility for logging</help> + <completionHelp> + <list>auth cron daemon kern lpr mail news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7</list> + </completionHelp> + <constraint> + <regex>(auth|cron|daemon|kern|lpr|mail|news|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7)</regex> + </constraint> + <constraintErrorMessage>Invalid facility type</constraintErrorMessage> + <valueHelp> + <format>auth</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>cron</format> + <description>Cron daemon</description> + </valueHelp> + <valueHelp> + <format>daemon</format> + <description>System daemons</description> + </valueHelp> + <valueHelp> + <format>kern</format> + <description>Kernel</description> + </valueHelp> + <valueHelp> + <format>lpr</format> + <description>Line printer spooler</description> + </valueHelp> + <valueHelp> + <format>mail</format> + <description>Mail subsystem</description> + </valueHelp> + <valueHelp> + <format>news</format> + <description>USENET subsystem</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Authentication and authorization</description> + </valueHelp> + <valueHelp> + <format>user</format> + <description>Application processes</description> + </valueHelp> + <valueHelp> + <format>uucp</format> + <description>UUCP subsystem</description> + </valueHelp> + <valueHelp> + <format>local0</format> + <description>Local facility 0</description> + </valueHelp> + <valueHelp> + <format>local1</format> + <description>Local facility 1</description> + </valueHelp> + <valueHelp> + <format>local2</format> + <description>Local facility 2</description> + </valueHelp> + <valueHelp> + <format>local3</format> + <description>Local facility 3</description> + </valueHelp> + <valueHelp> + <format>local4</format> + <description>Local facility 4</description> + </valueHelp> + <valueHelp> + <format>local5</format> + <description>Local facility 5</description> + </valueHelp> + <valueHelp> + <format>local6</format> + <description>Local facility 6</description> + </valueHelp> + <valueHelp> + <format>local7</format> + <description>Local facility 7</description> + </valueHelp> + </properties> + <children> + <leafNode name="level"> + <properties> + <help>Logging level</help> + <completionHelp> + <list>emerg alert crit err warning notice info debug</list> + </completionHelp> + <valueHelp> + <format>emerg</format> + <description>Emergency messages</description> + </valueHelp> + <valueHelp> + <format>alert</format> + <description>Urgent messages</description> + </valueHelp> + <valueHelp> + <format>crit</format> + <description>Critical messages</description> + </valueHelp> + <valueHelp> + <format>err</format> + <description>Error messages</description> + </valueHelp> + <valueHelp> + <format>warning</format> + <description>Warning messages</description> + </valueHelp> + <valueHelp> + <format>notice</format> + <description>Messages for further investigation</description> + </valueHelp> + <valueHelp> + <format>info</format> + <description>Informational messages</description> + </valueHelp> + <valueHelp> + <format>debug</format> + <description>Debug messages</description> + </valueHelp> + <constraint> + <regex>(emerg|alert|crit|err|warning|notice|info|debug)</regex> + </constraint> + <constraintErrorMessage>Invalid loglevel</constraintErrorMessage> + </properties> + <defaultValue>err</defaultValue> + </leafNode> + </children> + </tagNode> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-address-interface-identifier.xml.i b/interface-definitions/include/interface/ipv6-address-interface-identifier.xml.i new file mode 100644 index 000000000..d173dfdb8 --- /dev/null +++ b/interface-definitions/include/interface/ipv6-address-interface-identifier.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/ipv6-address-interface-identifier.xml.i --> +<leafNode name="interface-identifier"> + <properties> + <help>SLAAC interface identifier</help> + <valueHelp> + <format>::h:h:h:h</format> + <description>Interface identifier</description> + </valueHelp> + <constraint> + <regex>::([0-9a-fA-F]{1,4}(:[0-9a-fA-F]{1,4}){0,3})</regex> + </constraint> + <constraintErrorMessage>Interface identifier format must start with :: and may contain up four hextets (::h:h:h:h)</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-address.xml.i b/interface-definitions/include/interface/ipv6-address.xml.i deleted file mode 100644 index e1bdf02fd..000000000 --- a/interface-definitions/include/interface/ipv6-address.xml.i +++ /dev/null @@ -1,12 +0,0 @@ -<!-- include start from interface/ipv6-address.xml.i --> -<node name="address"> - <properties> - <help>IPv6 address configuration modes</help> - </properties> - <children> - #include <include/interface/ipv6-address-autoconf.xml.i> - #include <include/interface/ipv6-address-eui64.xml.i> - #include <include/interface/ipv6-address-no-default-link-local.xml.i> - </children> -</node> -<!-- include end --> diff --git a/interface-definitions/include/interface/ipv6-options-with-nd.xml.i b/interface-definitions/include/interface/ipv6-options-with-nd.xml.i new file mode 100644 index 000000000..5894104b3 --- /dev/null +++ b/interface-definitions/include/interface/ipv6-options-with-nd.xml.i @@ -0,0 +1,9 @@ + <node name="ipv6"> + <children> + <node name="address"> + <children> + #include <include/interface/ipv6-address-interface-identifier.xml.i> + </children> + </node> + </children> + </node> diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i index ec6ec64ee..f84a9f2cd 100644 --- a/interface-definitions/include/interface/ipv6-options.xml.i +++ b/interface-definitions/include/interface/ipv6-options.xml.i @@ -8,9 +8,18 @@ #include <include/interface/base-reachable-time.xml.i> #include <include/interface/disable-forwarding.xml.i> #include <include/interface/ipv6-accept-dad.xml.i> - #include <include/interface/ipv6-address.xml.i> #include <include/interface/ipv6-dup-addr-detect-transmits.xml.i> #include <include/interface/source-validation.xml.i> + <node name="address"> + <properties> + <help>IPv6 address configuration modes</help> + </properties> + <children> + #include <include/interface/ipv6-address-autoconf.xml.i> + #include <include/interface/ipv6-address-eui64.xml.i> + #include <include/interface/ipv6-address-no-default-link-local.xml.i> + </children> + </node> </children> </node> <!-- include end --> diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i index 02e7ab057..65ca10207 100644 --- a/interface-definitions/include/interface/vif-s.xml.i +++ b/interface-definitions/include/interface/vif-s.xml.i @@ -21,6 +21,7 @@ #include <include/interface/vlan-protocol.xml.i> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/mac.xml.i> #include <include/interface/mirror.xml.i> #include <include/interface/mtu-68-16000.xml.i> @@ -41,6 +42,7 @@ #include <include/interface/disable.xml.i> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/mac.xml.i> #include <include/interface/mirror.xml.i> #include <include/interface/mtu-68-16000.xml.i> diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i index ec3921bf6..87f91c5ce 100644 --- a/interface-definitions/include/interface/vif.xml.i +++ b/interface-definitions/include/interface/vif.xml.i @@ -46,6 +46,7 @@ </leafNode> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/mac.xml.i> #include <include/interface/mirror.xml.i> #include <include/interface/mtu-68-16000.xml.i> diff --git a/interface-definitions/include/version/ids-version.xml.i b/interface-definitions/include/version/ids-version.xml.i index 9133be02b..6d4e92c21 100644 --- a/interface-definitions/include/version/ids-version.xml.i +++ b/interface-definitions/include/version/ids-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/ids-version.xml.i --> -<syntaxVersion component='ids' version='1'></syntaxVersion> +<syntaxVersion component='ids' version='2'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/reverseproxy-version.xml.i b/interface-definitions/include/version/reverseproxy-version.xml.i index 4f09f2848..71f7def1a 100644 --- a/interface-definitions/include/version/reverseproxy-version.xml.i +++ b/interface-definitions/include/version/reverseproxy-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/reverseproxy-version.xml.i --> -<syntaxVersion component='reverse-proxy' version='2'></syntaxVersion> +<syntaxVersion component='reverse-proxy' version='3'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/interfaces_bonding.xml.in b/interface-definitions/interfaces_bonding.xml.in index b17cad478..cdacae2d0 100644 --- a/interface-definitions/interfaces_bonding.xml.in +++ b/interface-definitions/interfaces_bonding.xml.in @@ -141,6 +141,7 @@ </leafNode> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/mac.xml.i> <leafNode name="mii-mon-interval"> <properties> diff --git a/interface-definitions/interfaces_bridge.xml.in b/interface-definitions/interfaces_bridge.xml.in index 29dd61df5..667ae3b19 100644 --- a/interface-definitions/interfaces_bridge.xml.in +++ b/interface-definitions/interfaces_bridge.xml.in @@ -93,6 +93,7 @@ </node> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/mac.xml.i> #include <include/interface/mirror.xml.i> <leafNode name="enable-vlan"> diff --git a/interface-definitions/interfaces_ethernet.xml.in b/interface-definitions/interfaces_ethernet.xml.in index b3559a626..819ceb2cb 100644 --- a/interface-definitions/interfaces_ethernet.xml.in +++ b/interface-definitions/interfaces_ethernet.xml.in @@ -74,6 +74,7 @@ #include <include/interface/hw-id.xml.i> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/mac.xml.i> #include <include/interface/mtu-68-16000.xml.i> #include <include/interface/mirror.xml.i> diff --git a/interface-definitions/interfaces_geneve.xml.in b/interface-definitions/interfaces_geneve.xml.in index c1e6c33d5..b85bd3b9e 100644 --- a/interface-definitions/interfaces_geneve.xml.in +++ b/interface-definitions/interfaces_geneve.xml.in @@ -21,6 +21,7 @@ #include <include/interface/disable.xml.i> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/mac.xml.i> #include <include/interface/mtu-1200-16000.xml.i> #include <include/port-number.xml.i> diff --git a/interface-definitions/interfaces_l2tpv3.xml.in b/interface-definitions/interfaces_l2tpv3.xml.in index 5f816c956..381e86bd0 100644 --- a/interface-definitions/interfaces_l2tpv3.xml.in +++ b/interface-definitions/interfaces_l2tpv3.xml.in @@ -55,6 +55,7 @@ </leafNode> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/source-address-ipv4-ipv6.xml.i> #include <include/interface/mirror.xml.i> #include <include/interface/mtu-68-16000.xml.i> diff --git a/interface-definitions/interfaces_macsec.xml.in b/interface-definitions/interfaces_macsec.xml.in index d825f8262..5279a9495 100644 --- a/interface-definitions/interfaces_macsec.xml.in +++ b/interface-definitions/interfaces_macsec.xml.in @@ -21,6 +21,7 @@ #include <include/interface/dhcpv6-options.xml.i> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/mirror.xml.i> <node name="security"> <properties> diff --git a/interface-definitions/interfaces_openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in index 3c844107e..6510ed733 100644 --- a/interface-definitions/interfaces_openvpn.xml.in +++ b/interface-definitions/interfaces_openvpn.xml.in @@ -135,6 +135,7 @@ </node> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/mirror.xml.i> <leafNode name="hash"> <properties> diff --git a/interface-definitions/interfaces_pppoe.xml.in b/interface-definitions/interfaces_pppoe.xml.in index f24bc41d8..66a774e21 100644 --- a/interface-definitions/interfaces_pppoe.xml.in +++ b/interface-definitions/interfaces_pppoe.xml.in @@ -88,6 +88,7 @@ </properties> <children> #include <include/interface/ipv6-address-autoconf.xml.i> + #include <include/interface/ipv6-address-interface-identifier.xml.i> </children> </node> #include <include/interface/adjust-mss.xml.i> diff --git a/interface-definitions/interfaces_pseudo-ethernet.xml.in b/interface-definitions/interfaces_pseudo-ethernet.xml.in index 031af3563..f13144bed 100644 --- a/interface-definitions/interfaces_pseudo-ethernet.xml.in +++ b/interface-definitions/interfaces_pseudo-ethernet.xml.in @@ -25,6 +25,7 @@ #include <include/interface/vrf.xml.i> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/source-interface-ethernet.xml.i> #include <include/interface/mac.xml.i> #include <include/interface/mirror.xml.i> diff --git a/interface-definitions/interfaces_virtual-ethernet.xml.in b/interface-definitions/interfaces_virtual-ethernet.xml.in index c4610feec..2dfbd50b8 100644 --- a/interface-definitions/interfaces_virtual-ethernet.xml.in +++ b/interface-definitions/interfaces_virtual-ethernet.xml.in @@ -21,6 +21,10 @@ #include <include/interface/dhcp-options.xml.i> #include <include/interface/dhcpv6-options.xml.i> #include <include/interface/disable.xml.i> + #include <include/interface/mtu-68-16000.xml.i> + <leafNode name="mtu"> + <defaultValue>1500</defaultValue> + </leafNode> #include <include/interface/netns.xml.i> #include <include/interface/vif-s.xml.i> #include <include/interface/vif.xml.i> diff --git a/interface-definitions/interfaces_vxlan.xml.in b/interface-definitions/interfaces_vxlan.xml.in index 937acb123..f4cd4fcd2 100644 --- a/interface-definitions/interfaces_vxlan.xml.in +++ b/interface-definitions/interfaces_vxlan.xml.in @@ -45,6 +45,7 @@ </leafNode> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/mac.xml.i> #include <include/interface/mtu-1200-16000.xml.i> #include <include/interface/mirror.xml.i> diff --git a/interface-definitions/interfaces_wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in index 4f8b6c751..33cb5864a 100644 --- a/interface-definitions/interfaces_wireguard.xml.in +++ b/interface-definitions/interfaces_wireguard.xml.in @@ -56,10 +56,7 @@ <leafNode name="private-key"> <properties> <help>Base64 encoded private key</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> + #include <include/constraint/wireguard-keys.xml.i> </properties> </leafNode> <tagNode name="peer"> @@ -75,20 +72,14 @@ #include <include/generic-description.xml.i> <leafNode name="public-key"> <properties> - <help>base64 encoded public key</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> + <help>Base64 encoded public key</help> + #include <include/constraint/wireguard-keys.xml.i> </properties> </leafNode> <leafNode name="preshared-key"> <properties> - <help>base64 encoded preshared key</help> - <constraint> - <validator name="base64"/> - </constraint> - <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage> + <help>Base64 encoded preshared key</help> + #include <include/constraint/wireguard-keys.xml.i> </properties> </leafNode> <leafNode name="allowed-ips"> diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in index 474953500..1b5356caa 100644 --- a/interface-definitions/interfaces_wireless.xml.in +++ b/interface-definitions/interfaces_wireless.xml.in @@ -626,6 +626,7 @@ </leafNode> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/hw-id.xml.i> <leafNode name="isolate-stations"> <properties> diff --git a/interface-definitions/interfaces_wwan.xml.in b/interface-definitions/interfaces_wwan.xml.in index 1580c3bcb..552806d4e 100644 --- a/interface-definitions/interfaces_wwan.xml.in +++ b/interface-definitions/interfaces_wwan.xml.in @@ -38,6 +38,7 @@ </leafNode> #include <include/interface/ipv4-options.xml.i> #include <include/interface/ipv6-options.xml.i> + #include <include/interface/ipv6-options-with-nd.xml.i> #include <include/interface/dial-on-demand.xml.i> #include <include/interface/redirect.xml.i> #include <include/interface/vrf.xml.i> diff --git a/interface-definitions/load-balancing_haproxy.xml.in b/interface-definitions/load-balancing_haproxy.xml.in index b95e02337..f0f64e75a 100644 --- a/interface-definitions/load-balancing_haproxy.xml.in +++ b/interface-definitions/load-balancing_haproxy.xml.in @@ -4,7 +4,7 @@ <children> <node name="haproxy" owner="${vyos_conf_scripts_dir}/load-balancing_haproxy.py"> <properties> - <help>Configure haproxy</help> + <help>HAProxy TCP/HTTP Load Balancer</help> <priority>900</priority> </properties> <children> @@ -26,7 +26,7 @@ <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> <valueHelp> <format>txt</format> - <description>Name of haproxy backend system</description> + <description>HAProxy backend system name</description> </valueHelp> <completionHelp> <path>load-balancing haproxy backend</path> diff --git a/interface-definitions/load-balancing_wan.xml.in b/interface-definitions/load-balancing_wan.xml.in index 310aa0343..f80440411 100644 --- a/interface-definitions/load-balancing_wan.xml.in +++ b/interface-definitions/load-balancing_wan.xml.in @@ -7,7 +7,7 @@ <children> <node name="wan" owner="${vyos_conf_scripts_dir}/load-balancing_wan.py"> <properties> - <help>Configure Wide Area Network (WAN) load-balancing</help> + <help>Wide Area Network (WAN) load-balancing</help> <priority>900</priority> </properties> <children> diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in index c59725c53..2c1babd5a 100644 --- a/interface-definitions/nat66.xml.in +++ b/interface-definitions/nat66.xml.in @@ -53,6 +53,7 @@ </properties> </leafNode> #include <include/nat-port.xml.i> + #include <include/firewall/source-destination-group-ipv6.xml.i> </children> </node> <node name="source"> diff --git a/interface-definitions/policy_route.xml.in b/interface-definitions/policy_route.xml.in index 9cc22540b..48f728923 100644 --- a/interface-definitions/policy_route.xml.in +++ b/interface-definitions/policy_route.xml.in @@ -35,6 +35,7 @@ #include <include/firewall/address-ipv6.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> #include <include/firewall/port.xml.i> + #include <include/firewall/geoip.xml.i> </children> </node> <node name="source"> @@ -45,6 +46,7 @@ #include <include/firewall/address-ipv6.xml.i> #include <include/firewall/source-destination-group-ipv6.xml.i> #include <include/firewall/port.xml.i> + #include <include/firewall/geoip.xml.i> </children> </node> #include <include/policy/route-common.xml.i> @@ -90,6 +92,7 @@ #include <include/firewall/address.xml.i> #include <include/firewall/source-destination-group.xml.i> #include <include/firewall/port.xml.i> + #include <include/firewall/geoip.xml.i> </children> </node> <node name="source"> @@ -100,6 +103,7 @@ #include <include/firewall/address.xml.i> #include <include/firewall/source-destination-group.xml.i> #include <include/firewall/port.xml.i> + #include <include/firewall/geoip.xml.i> </children> </node> #include <include/policy/route-common.xml.i> diff --git a/interface-definitions/protocols_mpls.xml.in b/interface-definitions/protocols_mpls.xml.in index 831601fc6..fc1864f38 100644 --- a/interface-definitions/protocols_mpls.xml.in +++ b/interface-definitions/protocols_mpls.xml.in @@ -524,7 +524,29 @@ </node> </children> </node> - #include <include/generic-interface-multi.xml.i> + <tagNode name="interface"> + <properties> + <help>Interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Interface name</description> + </valueHelp> + <constraint> + #include <include/constraint/interface-name.xml.i> + </constraint> + </properties> + <children> + <leafNode name="disable-establish-hello"> + <properties> + <help>Disable response to hello packet with an additional hello LDP packet</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> </children> </node> <node name="parameters"> diff --git a/interface-definitions/service_dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in index 9a194de4f..78f1cea4e 100644 --- a/interface-definitions/service_dhcp-server.xml.in +++ b/interface-definitions/service_dhcp-server.xml.in @@ -10,12 +10,111 @@ </properties> <children> #include <include/generic-disable-node.xml.i> - <leafNode name="dynamic-dns-update"> + <node name="dynamic-dns-update"> <properties> <help>Dynamically update Domain Name System (RFC4702)</help> - <valueless/> </properties> - </leafNode> + <children> + #include <include/dhcp/ddns-settings.xml.i> + <tagNode name="tsig-key"> + <properties> + <help>TSIG key definition for DNS updates</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Invalid TSIG key name. May only contain letters, numbers, hyphen and underscore</constraintErrorMessage> + </properties> + <children> + <leafNode name="algorithm"> + <properties> + <help>TSIG key algorithm</help> + <completionHelp> + <list>md5 sha1 sha224 sha256 sha384 sha512</list> + </completionHelp> + <valueHelp> + <format>md5</format> + <description>MD5 HMAC algorithm</description> + </valueHelp> + <valueHelp> + <format>sha1</format> + <description>SHA1 HMAC algorithm</description> + </valueHelp> + <valueHelp> + <format>sha224</format> + <description>SHA224 HMAC algorithm</description> + </valueHelp> + <valueHelp> + <format>sha256</format> + <description>SHA256 HMAC algorithm</description> + </valueHelp> + <valueHelp> + <format>sha384</format> + <description>SHA384 HMAC algorithm</description> + </valueHelp> + <valueHelp> + <format>sha512</format> + <description>SHA512 HMAC algorithm</description> + </valueHelp> + <constraint> + <regex>(md5|sha1|sha224|sha256|sha384|sha512)</regex> + </constraint> + <constraintErrorMessage>Invalid TSIG key algorithm</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="secret"> + <properties> + <help>TSIG key secret (base64-encoded)</help> + <constraint> + <validator name="base64"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="forward-domain"> + <properties> + <help>Forward DNS domain name</help> + <constraint> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid forward DNS domain name</constraintErrorMessage> + </properties> + <children> + <leafNode name="key-name"> + <properties> + <help>TSIG key name for forward DNS updates</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Invalid TSIG key name. May only contain letters, numbers, numbers, hyphen and underscore</constraintErrorMessage> + </properties> + </leafNode> + #include <include/dhcp/ddns-dns-server.xml.i> + </children> + </tagNode> + <tagNode name="reverse-domain"> + <properties> + <help>Reverse DNS domain name</help> + <constraint> + <validator name="fqdn"/> + </constraint> + <constraintErrorMessage>Invalid reverse DNS domain name</constraintErrorMessage> + </properties> + <children> + <leafNode name="key-name"> + <properties> + <help>TSIG key name for reverse DNS updates</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Invalid TSIG key name. May only contain letters, numbers, numbers, hyphen and underscore</constraintErrorMessage> + </properties> + </leafNode> + #include <include/dhcp/ddns-dns-server.xml.i> + </children> + </tagNode> + </children> + </node> <node name="high-availability"> <properties> <help>DHCP high availability configuration</help> @@ -105,6 +204,14 @@ <constraintErrorMessage>Invalid shared network name. May only contain letters, numbers and .-_</constraintErrorMessage> </properties> <children> + <node name="dynamic-dns-update"> + <properties> + <help>Dynamically update Domain Name System (RFC4702)</help> + </properties> + <children> + #include <include/dhcp/ddns-settings.xml.i> + </children> + </node> <leafNode name="authoritative"> <properties> <help>Option to make DHCP server authoritative for this physical network</help> @@ -112,6 +219,7 @@ </properties> </leafNode> #include <include/dhcp/option-v4.xml.i> + #include <include/dhcp/ping-check.xml.i> #include <include/generic-description.xml.i> #include <include/generic-disable-node.xml.i> <tagNode name="subnet"> @@ -128,8 +236,17 @@ </properties> <children> #include <include/dhcp/option-v4.xml.i> + #include <include/dhcp/ping-check.xml.i> #include <include/generic-description.xml.i> #include <include/generic-disable-node.xml.i> + <node name="dynamic-dns-update"> + <properties> + <help>Dynamically update Domain Name System (RFC4702)</help> + </properties> + <children> + #include <include/dhcp/ddns-settings.xml.i> + </children> + </node> <leafNode name="exclude"> <properties> <help>IP address to exclude from DHCP lease range</help> diff --git a/interface-definitions/service_ids_ddos-protection.xml.in b/interface-definitions/service_ids_ddos-protection.xml.in deleted file mode 100644 index 3ef2640b3..000000000 --- a/interface-definitions/service_ids_ddos-protection.xml.in +++ /dev/null @@ -1,167 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="service"> - <children> - <node name="ids"> - <properties> - <help>Intrusion Detection System</help> - </properties> - <children> - <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_ddos-protection.py"> - <properties> - <help>FastNetMon detection and protection parameters</help> - <priority>731</priority> - </properties> - <children> - <leafNode name="alert-script"> - <properties> - <help>Path to fastnetmon alert script</help> - </properties> - </leafNode> - <leafNode name="ban-time"> - <properties> - <help>How long we should keep an IP in blocked state</help> - <valueHelp> - <format>u32:1-4294967294</format> - <description>Time in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4294967294"/> - </constraint> - </properties> - <defaultValue>1900</defaultValue> - </leafNode> - <leafNode name="direction"> - <properties> - <help>Direction for processing traffic</help> - <completionHelp> - <list>in out</list> - </completionHelp> - <constraint> - <regex>(in|out)</regex> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="excluded-network"> - <properties> - <help>Specify IPv4 and IPv6 networks which are going to be excluded from protection</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 prefix(es) to exclude</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 prefix(es) to exclude</description> - </valueHelp> - <constraint> - <validator name="ipv4-prefix"/> - <validator name="ipv6-prefix"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="listen-interface"> - <properties> - <help>Listen interface for mirroring traffic</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - <multi/> - </properties> - </leafNode> - <leafNode name="mode"> - <properties> - <help>Traffic capture mode</help> - <completionHelp> - <list>mirror sflow</list> - </completionHelp> - <valueHelp> - <format>mirror</format> - <description>Listen to mirrored traffic</description> - </valueHelp> - <valueHelp> - <format>sflow</format> - <description>Capture sFlow flows</description> - </valueHelp> - <constraint> - <regex>(mirror|sflow)</regex> - </constraint> - </properties> - </leafNode> - <node name="sflow"> - <properties> - <help>Sflow settings</help> - </properties> - <children> - #include <include/listen-address-ipv4-single.xml.i> - #include <include/port-number.xml.i> - <leafNode name="port"> - <defaultValue>6343</defaultValue> - </leafNode> - </children> - </node> - <leafNode name="network"> - <properties> - <help>Specify IPv4 and IPv6 networks which belong to you</help> - <valueHelp> - <format>ipv4net</format> - <description>Your IPv4 prefix(es)</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>Your IPv6 prefix(es)</description> - </valueHelp> - <constraint> - <validator name="ipv4-prefix"/> - <validator name="ipv6-prefix"/> - </constraint> - <multi/> - </properties> - </leafNode> - <node name="threshold"> - <properties> - <help>Attack limits thresholds</help> - </properties> - <children> - <node name="general"> - <properties> - <help>General threshold</help> - </properties> - <children> - #include <include/ids/threshold.xml.i> - </children> - </node> - <node name="tcp"> - <properties> - <help>TCP threshold</help> - </properties> - <children> - #include <include/ids/threshold.xml.i> - </children> - </node> - <node name="udp"> - <properties> - <help>UDP threshold</help> - </properties> - <children> - #include <include/ids/threshold.xml.i> - </children> - </node> - <node name="icmp"> - <properties> - <help>ICMP threshold</help> - </properties> - <children> - #include <include/ids/threshold.xml.i> - </children> - </node> - </children> - </node> - </children> - </node> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in index 3fd33540a..7f96cdb19 100644 --- a/interface-definitions/service_router-advert.xml.in +++ b/interface-definitions/service_router-advert.xml.in @@ -255,6 +255,19 @@ </leafNode> </children> </tagNode> + <leafNode name="auto-ignore"> + <properties> + <help>IPv6 prefix to be excluded in Router Advertisements (RAs) - use in conjunction with the ::/64 wildcard prefix</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix to be excluded</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> <tagNode name="prefix"> <properties> <help>IPv6 prefix to be advertised in Router Advertisements (RAs)</help> diff --git a/interface-definitions/system_option.xml.in b/interface-definitions/system_option.xml.in index 638ac1a3d..c0ea958a2 100644 --- a/interface-definitions/system_option.xml.in +++ b/interface-definitions/system_option.xml.in @@ -37,7 +37,145 @@ <help>Kernel boot parameters</help> </properties> <children> - <leafNode name="disable-mitigations"> + <node name="cpu"> + <properties> + <help>CPU settings</help> + </properties> + <children> + <leafNode name="disable-nmi-watchdog"> + <properties> + <help>Disable the NMI watchdog for detecting hard CPU lockups</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="isolate-cpus"> + <properties> + <help>Isolate specified CPUs from the scheduler</help> + <valueHelp> + <format>u32:0-511</format> + <description>CPU core</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description> + </valueHelp> + <constraint> + <validator name="cpu"/> + </constraint> + </properties> + </leafNode> + <leafNode name="nohz-full"> + <properties> + <help>Enable full tickless mode for specified CPUs</help> + <valueHelp> + <format>u32:0-511</format> + <description>CPU core</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description> + </valueHelp> + <constraint> + <validator name="cpu"/> + </constraint> + </properties> + </leafNode> + <leafNode name="rcu-no-cbs"> + <properties> + <help>Offload Read-Copy-Update (RCU) callback processing to specified CPUs</help> + <valueHelp> + <format>u32:0-511</format> + <description>CPU core</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description> + </valueHelp> + <constraint> + <validator name="cpu"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="memory"> + <properties> + <help>Memory settings</help> + </properties> + <children> + <leafNode name="disable-numa-balancing"> + <properties> + <help>Disable automatic NUMA memory balancing</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="default-hugepage-size"> + <properties> + <help>Set default hugepage size (e.g., 2M, 1G)</help> + <completionHelp> + <list>2M 1G</list> + </completionHelp> + <valueHelp> + <format>2M</format> + <description>2 megabytes</description> + </valueHelp> + <valueHelp> + <format>1G</format> + <description>1 gigabyte</description> + </valueHelp> + <constraint> + <regex>(2M|1G)</regex> + </constraint> + </properties> + </leafNode> + <tagNode name="hugepage-size"> + <properties> + <help>Set hugepage size for allocation (e.g., 2M, 1G)</help> + <completionHelp> + <list>2M 1G</list> + </completionHelp> + <valueHelp> + <format>2M</format> + <description>2 megabytes</description> + </valueHelp> + <valueHelp> + <format>1G</format> + <description>1 gigabyte</description> + </valueHelp> + <constraint> + <regex>(2M|1G)</regex> + </constraint> + </properties> + <children> + <leafNode name="hugepage-count"> + <properties> + <help>Allocate number of hugepages for system use</help> + <valueHelp> + <format>u32</format> + <description>Number of hugepages</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-100000"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + <leafNode name="disable-hpet"> + <properties> + <help>Disable High Precision Event Timer (HPET)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-mce"> + <properties> + <help>Disable Machine Check Exceptions (MCE) reporting and handling</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-mitigations"> <properties> <help>Disable all optional CPU mitigations</help> <valueless/> @@ -69,6 +207,18 @@ </valueHelp> </properties> </leafNode> + <leafNode name="disable-softlockup"> + <properties> + <help>Disable soft lockup detector for kernel threads</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="quiet"> + <properties> + <help>Disable most log messages</help> + <valueless/> + </properties> + </leafNode> <node name="debug"> <properties> <help>Dynamic debugging for kernel module</help> diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in index 8b2d9cab7..116cbde73 100644 --- a/interface-definitions/system_syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -46,13 +46,13 @@ <children> <leafNode name="octet-counted"> <properties> - <help>Allows for the transmission of all characters inside a syslog message</help> + <help>Allows for the transmission of multi-line messages (TCP only)</help> <valueless/> </properties> </leafNode> <leafNode name="include-timezone"> <properties> - <help>Include system timezone in syslog message</help> + <help>Use RFC 5424 format (with RFC 3339 timestamp and timezone)</help> <valueless/> </properties> </leafNode> diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 0cf526fad..873a4f882 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -1244,6 +1244,63 @@ <children> #include <include/ipsec/bind.xml.i> #include <include/ipsec/esp-group.xml.i> + <node name="traffic-selector"> + <properties> + <help>Traffic-selectors parameters</help> + </properties> + <children> + <node name="local"> + <properties> + <help>Local parameters for interesting traffic</help> + </properties> + <children> + <leafNode name="prefix"> + <properties> + <help>Local IPv4 or IPv6 prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>Local IPv4 prefix</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>Local IPv6 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv6-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + <node name="remote"> + <properties> + <help>Remote parameters for interesting traffic</help> + </properties> + <children> + <leafNode name="prefix"> + <properties> + <help>Remote IPv4 or IPv6 prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>Remote IPv4 prefix</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>Remote IPv6 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv6-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> </children> </node> </children> |