diff options
Diffstat (limited to 'interface-definitions')
34 files changed, 598 insertions, 351 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index e7dacea36..1ad7215e5 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -15,9 +15,15 @@ <constraintErrorMessage>Container name must be alphanumeric and can contain hyphens</constraintErrorMessage> </properties> <children> + <leafNode name="allow-host-pid"> + <properties> + <help>Allow sharing host process namespace with container</help> + <valueless/> + </properties> + </leafNode> <leafNode name="allow-host-networks"> <properties> - <help>Allow host networks in container</help> + <help>Allow sharing host networking with container</help> <valueless/> </properties> </leafNode> @@ -186,6 +192,24 @@ </leafNode> </children> </tagNode> + <leafNode name="cpu-quota"> + <properties> + <help>This limits the number of CPU resources the container can use</help> + <valueHelp> + <format>u32:0</format> + <description>Unlimited</description> + </valueHelp> + <valueHelp> + <format>txt</format> + <description>Amount of CPU time the container can use in amount of cores (up to three decimals)</description> + </valueHelp> + <constraint> + <regex>(0|[1-9]\d*)(\.\d{1,3})?</regex> + </constraint> + <constraintErrorMessage>Container CPU limit must be a (decimal) number in range 0 to number of threads</constraintErrorMessage> + </properties> + <defaultValue>0</defaultValue> + </leafNode> <leafNode name="memory"> <properties> <help>Memory (RAM) available to this container</help> diff --git a/interface-definitions/include/accel-ppp/log.xml.i b/interface-definitions/include/accel-ppp/log.xml.i new file mode 100644 index 000000000..96ce93ff9 --- /dev/null +++ b/interface-definitions/include/accel-ppp/log.xml.i @@ -0,0 +1,42 @@ +<!-- include start from accel-ppp/log.xml.i --> +<node name="log"> + <properties> + <help>Server logging </help> + </properties> + <children> + <leafNode name="level"> + <properties> + <help>Specifies log level</help> + <valueHelp> + <format>0</format> + <description>Turn off logging</description> + </valueHelp> + <valueHelp> + <format>1</format> + <description>Log only error messages</description> + </valueHelp> + <valueHelp> + <format>2</format> + <description>Log error and warning messages</description> + </valueHelp> + <valueHelp> + <format>3</format> + <description>Log error, warning and minimum information messages</description> + </valueHelp> + <valueHelp> + <format>4</format> + <description>Log error, warning and full information messages</description> + </valueHelp> + <valueHelp> + <format>5</format> + <description>Log all messages including debug messages</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-5"/> + </constraint> + </properties> + <defaultValue>3</defaultValue> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i index 3c2eb09eb..5222ba864 100644 --- a/interface-definitions/include/accel-ppp/radius-additions.xml.i +++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i @@ -57,6 +57,13 @@ </properties> <defaultValue>0</defaultValue> </leafNode> + #include <include/radius-priority.xml.i> + <leafNode name="backup"> + <properties> + <help>Use backup server if other servers are not available</help> + <valueless/> + </properties> + </leafNode> </children> </tagNode> <leafNode name="timeout"> diff --git a/interface-definitions/include/haproxy/http-response-headers.xml.i b/interface-definitions/include/haproxy/http-response-headers.xml.i new file mode 100644 index 000000000..9e7ddfd28 --- /dev/null +++ b/interface-definitions/include/haproxy/http-response-headers.xml.i @@ -0,0 +1,29 @@ +<!-- include start from haproxy/http-response-headers.xml.i --> +<tagNode name="http-response-headers"> + <properties> + <help>Headers to include in HTTP response</help> + <valueHelp> + <format>txt</format> + <description>HTTP header name</description> + </valueHelp> + <constraint> + <regex>[-a-zA-Z]+</regex> + </constraint> + <constraintErrorMessage>Header names must only include alphabetical characters and hyphens</constraintErrorMessage> + </properties> + <children> + <leafNode name="value"> + <properties> + <help>HTTP header value</help> + <valueHelp> + <format>txt</format> + <description>HTTP header value</description> + </valueHelp> + <constraint> + <regex>[[:ascii:]]{1,256}</regex> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/timeout.xml.i b/interface-definitions/include/haproxy/timeout.xml.i index 250b35683..79e7303b1 100644 --- a/interface-definitions/include/haproxy/timeout.xml.i +++ b/interface-definitions/include/haproxy/timeout.xml.i @@ -1,7 +1,7 @@ <!-- include start from haproxy/timeout.xml.i --> <node name="timeout"> <properties> - <help>Tiemout options</help> + <help>Timeout options</help> </properties> <children> <leafNode name="check"> diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i index 404f03cb5..0e79ca5f2 100644 --- a/interface-definitions/include/isis/protocol-common-config.xml.i +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -165,6 +165,41 @@ </properties> </leafNode> #include <include/isis/ldp-sync-protocol.xml.i> +<leafNode name="topology"> + <properties> + <help>Configure IS-IS topologies</help> + <completionHelp> + <list>ipv4-multicast ipv4-mgmt ipv6-unicast ipv6-multicast ipv6-mgmt ipv6-dstsrc</list> + </completionHelp> + <valueHelp> + <format>ipv4-multicast</format> + <description>Use IPv4 multicast topology</description> + </valueHelp> + <valueHelp> + <format>ipv4-mgmt</format> + <description>Use IPv4 management topology</description> + </valueHelp> + <valueHelp> + <format>ipv6-unicast</format> + <description>Use IPv6 unicast topology</description> + </valueHelp> + <valueHelp> + <format>ipv6-multicast</format> + <description>Use IPv6 multicast topology</description> + </valueHelp> + <valueHelp> + <format>ipv6-mgmt</format> + <description>Use IPv6 management topology</description> + </valueHelp> + <valueHelp> + <format>ipv6-dstsrc</format> + <description>Use IPv6 dst-src topology</description> + </valueHelp> + <constraint> + <regex>(ipv4-multicast|ipv4-mgmt|ipv6-unicast|ipv6-multicast|ipv6-mgmt|ipv6-dstsrc)</regex> + </constraint> + </properties> +</leafNode> <node name="fast-reroute"> <properties> <help>IS-IS fast reroute configuration</help> diff --git a/interface-definitions/include/nat-translation-options.xml.i b/interface-definitions/include/nat-translation-options.xml.i index 6b95de045..c8900590f 100644 --- a/interface-definitions/include/nat-translation-options.xml.i +++ b/interface-definitions/include/nat-translation-options.xml.i @@ -28,22 +28,18 @@ <properties> <help>Port mapping options</help> <completionHelp> - <list>random fully-random none</list> + <list>random none</list> </completionHelp> <valueHelp> <format>random</format> <description>Randomize source port mapping</description> </valueHelp> <valueHelp> - <format>fully-random</format> - <description>Full port randomization</description> - </valueHelp> - <valueHelp> <format>none</format> <description>Do not apply port randomization</description> </valueHelp> <constraint> - <regex>(random|fully-random|none)</regex> + <regex>(random|none)</regex> </constraint> </properties> <defaultValue>none</defaultValue> diff --git a/interface-definitions/include/qos/class-match-group.xml.i b/interface-definitions/include/qos/class-match-group.xml.i new file mode 100644 index 000000000..40e3b7259 --- /dev/null +++ b/interface-definitions/include/qos/class-match-group.xml.i @@ -0,0 +1,15 @@ +<!-- include start from qos/class-match-group.xml.i --> +<leafNode name="match-group"> + <properties> + <help>Filter group for QoS policy</help> + <valueHelp> + <format>txt</format> + <description>Match group name</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/qos/list_traffic_match_group.py</script> + </completionHelp> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-ipv4.xml.i b/interface-definitions/include/qos/class-match-ipv4.xml.i new file mode 100644 index 000000000..dc44d32d5 --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv4.xml.i @@ -0,0 +1,31 @@ +<!-- include start from qos/class-match-ipv4.xml.i --> +<node name="ip"> + <properties> + <help>Match IP protocol header</help> + </properties> + <children> + <node name="destination"> + <properties> + <help>Match on destination port or address</help> + </properties> + <children> + #include <include/qos/class-match-ipv4-address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> + #include <include/qos/match-dscp.xml.i> + #include <include/qos/max-length.xml.i> + #include <include/ip-protocol.xml.i> + <node name="source"> + <properties> + <help>Match on source port or address</help> + </properties> + <children> + #include <include/qos/class-match-ipv4-address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> + #include <include/qos/tcp-flags.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-ipv6.xml.i b/interface-definitions/include/qos/class-match-ipv6.xml.i new file mode 100644 index 000000000..ed7aceff9 --- /dev/null +++ b/interface-definitions/include/qos/class-match-ipv6.xml.i @@ -0,0 +1,31 @@ +<!-- include start from qos/class-match-ipv6.xml.i --> +<node name="ipv6"> + <properties> + <help>Match IPv6 protocol header</help> + </properties> + <children> + <node name="destination"> + <properties> + <help>Match on destination port or address</help> + </properties> + <children> + #include <include/qos/class-match-ipv6-address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> + #include <include/qos/match-dscp.xml.i> + #include <include/qos/max-length.xml.i> + #include <include/ip-protocol.xml.i> + <node name="source"> + <properties> + <help>Match on source port or address</help> + </properties> + <children> + #include <include/qos/class-match-ipv6-address.xml.i> + #include <include/port-number.xml.i> + </children> + </node> + #include <include/qos/tcp-flags.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-mark.xml.i b/interface-definitions/include/qos/class-match-mark.xml.i new file mode 100644 index 000000000..a7481c6aa --- /dev/null +++ b/interface-definitions/include/qos/class-match-mark.xml.i @@ -0,0 +1,14 @@ +<!-- include start from qos/class-match-mark.xml.i --> +<leafNode name="mark"> + <properties> + <help>Match on mark applied by firewall</help> + <valueHelp> + <format>u32</format> + <description>FW mark to match</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match-vif.xml.i b/interface-definitions/include/qos/class-match-vif.xml.i new file mode 100644 index 000000000..ec58db606 --- /dev/null +++ b/interface-definitions/include/qos/class-match-vif.xml.i @@ -0,0 +1,15 @@ +<!-- include start from qos/class-match-vif.xml.i --> +<leafNode name="vif"> + <properties> + <help>Virtual Local Area Network (VLAN) ID for this match</help> + <valueHelp> + <format>u32:0-4095</format> + <description>Virtual Local Area Network (VLAN) tag </description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4095"/> + </constraint> + <constraintErrorMessage>VLAN ID must be between 0 and 4095</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/qos/class-match.xml.i b/interface-definitions/include/qos/class-match.xml.i index 4ba12f8f7..77d1933a3 100644 --- a/interface-definitions/include/qos/class-match.xml.i +++ b/interface-definitions/include/qos/class-match.xml.i @@ -5,7 +5,7 @@ <constraint> <regex>[^-].*</regex> </constraint> - <constraintErrorMessage>Match queue name cannot start with hyphen (-)</constraintErrorMessage> + <constraintErrorMessage>Match queue name cannot start with hyphen</constraintErrorMessage> </properties> <children> #include <include/generic-description.xml.i> @@ -89,89 +89,10 @@ </children> </node> #include <include/generic-interface.xml.i> - <node name="ip"> - <properties> - <help>Match IP protocol header</help> - </properties> - <children> - <node name="destination"> - <properties> - <help>Match on destination port or address</help> - </properties> - <children> - #include <include/qos/class-match-ipv4-address.xml.i> - #include <include/port-number.xml.i> - </children> - </node> - #include <include/qos/match-dscp.xml.i> - #include <include/qos/max-length.xml.i> - #include <include/ip-protocol.xml.i> - <node name="source"> - <properties> - <help>Match on source port or address</help> - </properties> - <children> - #include <include/qos/class-match-ipv4-address.xml.i> - #include <include/port-number.xml.i> - </children> - </node> - #include <include/qos/tcp-flags.xml.i> - </children> - </node> - <node name="ipv6"> - <properties> - <help>Match IPv6 protocol header</help> - </properties> - <children> - <node name="destination"> - <properties> - <help>Match on destination port or address</help> - </properties> - <children> - #include <include/qos/class-match-ipv6-address.xml.i> - #include <include/port-number.xml.i> - </children> - </node> - #include <include/qos/match-dscp.xml.i> - #include <include/qos/max-length.xml.i> - #include <include/ip-protocol.xml.i> - <node name="source"> - <properties> - <help>Match on source port or address</help> - </properties> - <children> - #include <include/qos/class-match-ipv6-address.xml.i> - #include <include/port-number.xml.i> - </children> - </node> - #include <include/qos/tcp-flags.xml.i> - </children> - </node> - <leafNode name="mark"> - <properties> - <help>Match on mark applied by firewall</help> - <valueHelp> - <format>u32</format> - <description>FW mark to match</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-4294967295"/> - </constraint> - </properties> - </leafNode> - <leafNode name="vif"> - <properties> - <help>Virtual Local Area Network (VLAN) ID for this match</help> - <valueHelp> - <format>u32:0-4095</format> - <description>Virtual Local Area Network (VLAN) tag </description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-4095"/> - </constraint> - <constraintErrorMessage>VLAN ID must be between 0 and 4095</constraintErrorMessage> - </properties> - </leafNode> + #include <include/qos/class-match-ipv4.xml.i> + #include <include/qos/class-match-ipv6.xml.i> + #include <include/qos/class-match-mark.xml.i> + #include <include/qos/class-match-vif.xml.i> </children> </tagNode> <!-- include end --> diff --git a/interface-definitions/include/radius-priority.xml.i b/interface-definitions/include/radius-priority.xml.i new file mode 100644 index 000000000..f77f5016e --- /dev/null +++ b/interface-definitions/include/radius-priority.xml.i @@ -0,0 +1,14 @@ +<!-- include start from radius-priority.xml.i --> +<leafNode name="priority"> + <properties> + <help>Server priority</help> + <valueHelp> + <format>u32:1-255</format> + <description>Server priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i index 656da6e14..173e91ed3 100644 --- a/interface-definitions/include/version/nat-version.xml.i +++ b/interface-definitions/include/version/nat-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/nat-version.xml.i --> -<syntaxVersion component='nat' version='7'></syntaxVersion> +<syntaxVersion component='nat' version='8'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/reverseproxy-version.xml.i b/interface-definitions/include/version/reverseproxy-version.xml.i new file mode 100644 index 000000000..907ea1e5e --- /dev/null +++ b/interface-definitions/include/version/reverseproxy-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/reverseproxy-version.xml.i --> +<syntaxVersion component='reverse-proxy' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/load-balancing_reverse-proxy.xml.in b/interface-definitions/load-balancing_reverse-proxy.xml.in index 6a3b3cef1..ce757a5d6 100644 --- a/interface-definitions/load-balancing_reverse-proxy.xml.in +++ b/interface-definitions/load-balancing_reverse-proxy.xml.in @@ -39,6 +39,7 @@ #include <include/port-number.xml.i> #include <include/haproxy/rule-frontend.xml.i> #include <include/haproxy/tcp-request.xml.i> + #include <include/haproxy/http-response-headers.xml.i> <leafNode name="redirect-http-to-https"> <properties> <help>Redirect HTTP to HTTPS</help> @@ -90,19 +91,7 @@ </leafNode> #include <include/generic-description.xml.i> #include <include/haproxy/mode.xml.i> - <node name="parameters"> - <properties> - <help>Backend parameters</help> - </properties> - <children> - <leafNode name="http-check"> - <properties> - <help>HTTP health check</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> + #include <include/haproxy/http-response-headers.xml.i> <node name="http-check"> <properties> <help>HTTP check configuration</help> @@ -162,6 +151,37 @@ </node> </children> </node> + <leafNode name="health-check"> + <properties> + <help>Non HTTP health check options</help> + <completionHelp> + <list>ldap mysql pgsql redis smtp</list> + </completionHelp> + <valueHelp> + <format>ldap</format> + <description>LDAP protocol check</description> + </valueHelp> + <valueHelp> + <format>mysql</format> + <description>MySQL protocol check</description> + </valueHelp> + <valueHelp> + <format>pgsql</format> + <description>PostgreSQL protocol check</description> + </valueHelp> + <valueHelp> + <format>redis</format> + <description>Redis protocol check</description> + </valueHelp> + <valueHelp> + <format>smtp</format> + <description>SMTP protocol check</description> + </valueHelp> + <constraint> + <regex>(ldap|mysql|redis|pgsql|smtp)</regex> + </constraint> + </properties> + </leafNode> #include <include/haproxy/rule-backend.xml.i> <tagNode name="server"> <properties> diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in index 0a639bd80..73a748137 100644 --- a/interface-definitions/nat.xml.in +++ b/interface-definitions/nat.xml.in @@ -141,6 +141,7 @@ </children> </node> #include <include/inbound-interface.xml.i> + #include <include/firewall/log.xml.i> <node name="translation"> <properties> <help>Translation address or prefix</help> diff --git a/interface-definitions/nat_cgnat.xml.in b/interface-definitions/nat_cgnat.xml.in index caa26b4d9..fce5e655d 100644 --- a/interface-definitions/nat_cgnat.xml.in +++ b/interface-definitions/nat_cgnat.xml.in @@ -123,6 +123,7 @@ <validator name="ipv4-host"/> <validator name="ipv4-range"/> </constraint> + <multi/> </properties> </leafNode> </children> diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index 791fa1d87..eb907cb9e 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -1546,11 +1546,11 @@ <properties> <help>Set prefixes to table</help> <valueHelp> - <format>u32:1-200</format> + <format>u32:1-4294967295</format> <description>Table value</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1-200"/> + <validator name="numeric" argument="--range 1-4294967295"/> </constraint> </properties> </leafNode> diff --git a/interface-definitions/qos.xml.in b/interface-definitions/qos.xml.in index 8f9ae3fa6..927594c11 100644 --- a/interface-definitions/qos.xml.in +++ b/interface-definitions/qos.xml.in @@ -281,6 +281,7 @@ #include <include/qos/mtu.xml.i> #include <include/qos/class-police-exceed.xml.i> #include <include/qos/class-match.xml.i> + #include <include/qos/class-match-group.xml.i> #include <include/qos/class-priority.xml.i> <leafNode name="priority"> <defaultValue>20</defaultValue> @@ -415,6 +416,7 @@ #include <include/qos/flows.xml.i> #include <include/qos/interval.xml.i> #include <include/qos/class-match.xml.i> + #include <include/qos/class-match-group.xml.i> #include <include/qos/queue-limit-1-4294967295.xml.i> #include <include/qos/queue-type.xml.i> <leafNode name="queue-type"> @@ -542,6 +544,8 @@ #include <include/qos/flows.xml.i> #include <include/qos/interval.xml.i> #include <include/qos/class-match.xml.i> + #include <include/qos/class-match-group.xml.i> + <leafNode name="quantum"> <properties> <help>Packet scheduling quantum</help> @@ -645,6 +649,7 @@ #include <include/qos/flows.xml.i> #include <include/qos/interval.xml.i> #include <include/qos/class-match.xml.i> + #include <include/qos/class-match-group.xml.i> #include <include/qos/class-priority.xml.i> #include <include/qos/queue-average-packet.xml.i> #include <include/qos/queue-maximum-threshold.xml.i> @@ -767,6 +772,7 @@ </children> </node> #include <include/qos/class-match.xml.i> + #include <include/qos/class-match-group.xml.i> <node name="realtime"> <properties> <help>Realtime class settings</help> @@ -830,6 +836,39 @@ </tagNode> </children> </node> + <tagNode name="traffic-match-group"> + <properties> + <help>Filter group for QoS policy</help> + <valueHelp> + <format>txt</format> + <description>Match group name</description> + </valueHelp> + <constraint> + <regex>[^-].*</regex> + </constraint> + <constraintErrorMessage>Match group name cannot start with hyphen</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + <tagNode name="match"> + <properties> + <help>Class matching rule name</help> + <constraint> + <regex>[^-].*</regex> + </constraint> + <constraintErrorMessage>Match queue name cannot start with hyphen</constraintErrorMessage> + </properties> + <children> + #include <include/generic-description.xml.i> + #include <include/qos/class-match-ipv4.xml.i> + #include <include/qos/class-match-ipv6.xml.i> + #include <include/qos/class-match-mark.xml.i> + #include <include/qos/class-match-vif.xml.i> + </children> + </tagNode> + #include <include/qos/class-match-group.xml.i> + </children> + </tagNode> </children> </node> </interfaceDefinition> diff --git a/interface-definitions/service_dns_forwarding.xml.in b/interface-definitions/service_dns_forwarding.xml.in index b52b4bda3..5667028b7 100644 --- a/interface-definitions/service_dns_forwarding.xml.in +++ b/interface-definitions/service_dns_forwarding.xml.in @@ -311,6 +311,7 @@ <constraint> <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> </constraint> + <multi/> </properties> </leafNode> #include <include/dns/time-to-live.xml.i> diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in index 414c9a731..c7542f0d0 100644 --- a/interface-definitions/service_ipoe-server.xml.in +++ b/interface-definitions/service_ipoe-server.xml.in @@ -189,6 +189,7 @@ #include <include/accel-ppp/snmp.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> + #include <include/accel-ppp/log.xml.i> </children> </node> </children> diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 5d357c2f9..81228938f 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -153,6 +153,7 @@ #include <include/accel-ppp/wins-server.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> + #include <include/accel-ppp/log.xml.i> </children> </node> </children> diff --git a/interface-definitions/service_suricata.xml.in b/interface-definitions/service_suricata.xml.in new file mode 100644 index 000000000..e0159e2ba --- /dev/null +++ b/interface-definitions/service_suricata.xml.in @@ -0,0 +1,238 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="service"> + <children> + <node name="suricata" owner="${vyos_conf_scripts_dir}/service_suricata.py"> + <properties> + <help>Network IDS, IPS and Security Monitoring</help> + <priority>740</priority> + </properties> + <children> + #include <include/generic-interface-multi.xml.i> + <tagNode name="address-group"> + <properties> + <help>Address group name</help> + <constraint> + <regex>[a-z0-9-]+</regex> + </constraint> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IP address or subnet</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to match</description> + </valueHelp> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 prefix to match</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 prefix to match</description> + </valueHelp> + <valueHelp> + <format>!ipv4</format> + <description>Exclude the specified IPv4 address from matches</description> + </valueHelp> + <valueHelp> + <format>!ipv6</format> + <description>Exclude the specified IPv6 address from matches</description> + </valueHelp> + <valueHelp> + <format>!ipv4net</format> + <description>Exclude the specified IPv6 prefix from matches</description> + </valueHelp> + <valueHelp> + <format>!ipv6net</format> + <description>Exclude the specified IPv6 prefix from matches</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + <validator name="ipv4-prefix"/> + <validator name="ipv6-prefix"/> + <validator name="ipv4-address-exclude"/> + <validator name="ipv6-address-exclude"/> + <validator name="ipv4-prefix-exclude"/> + <validator name="ipv6-prefix-exclude"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="group"> + <properties> + <help>Address group</help> + <completionHelp> + <path>service ids suricata address-group</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Address group to match</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Exclude the specified address group from matches</description> + </valueHelp> + <constraint> + <regex>!?[a-z0-9-]+</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="port-group"> + <properties> + <help>Port group name</help> + <constraint> + <regex>[a-z0-9-]+</regex> + </constraint> + </properties> + <children> + <leafNode name="port"> + <properties> + <help>Port number</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Numeric port to match</description> + </valueHelp> + <valueHelp> + <format>!u32:1-65535</format> + <description>Numeric port to exclude from matches</description> + </valueHelp> + <valueHelp> + <format>start-end</format> + <description>Numbered port range (e.g. 1001-1005) to match</description> + </valueHelp> + <valueHelp> + <format>!start-end</format> + <description>Numbered port range (e.g. !1001-1005) to exclude from matches</description> + </valueHelp> + <constraint> + <validator name="port-range"/> + <validator name="port-range-exclude"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="group"> + <properties> + <help>Port group</help> + <completionHelp> + <path>service ids suricata port-group</path> + </completionHelp> + <valueHelp> + <format>txt</format> + <description>Port group to match</description> + </valueHelp> + <valueHelp> + <format>!txt</format> + <description>Exclude the specified port group from matches</description> + </valueHelp> + <constraint> + <regex>!?[a-z0-9-]+</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + <node name="log"> + <properties> + <help>Suricata log outputs</help> + </properties> + <children> + <node name="eve"> + <properties> + <help>Extensible Event Format (EVE)</help> + </properties> + <children> + <leafNode name="filetype"> + <properties> + <help>EVE logging destination</help> + <completionHelp> + <list>regular syslog</list> + </completionHelp> + <valueHelp> + <format>regular</format> + <description>Log to filename</description> + </valueHelp> + <valueHelp> + <format>syslog</format> + <description>Log to syslog</description> + </valueHelp> + <constraint> + <regex>(regular|syslog)</regex> + </constraint> + </properties> + <defaultValue>regular</defaultValue> + </leafNode> + <leafNode name="filename"> + <properties> + <help>Log file</help> + <valueHelp> + <format>filename</format> + <description>File name in default Suricata log directory</description> + </valueHelp> + <valueHelp> + <format>/path</format> + <description>Absolute file path</description> + </valueHelp> + </properties> + <defaultValue>eve.json</defaultValue> + </leafNode> + <leafNode name="type"> + <properties> + <help>Log types</help> + <completionHelp> + <list>alert anomaly drop files http dns tls smtp dnp3 ftp rdp nfs smb tftp ikev2 dcerpc krb5 snmp rfb sip dhcp ssh mqtt http2 flow netflow</list> + </completionHelp> + <valueHelp> + <format>alert</format> + <description>Record events for rule matches</description> + </valueHelp> + <valueHelp> + <format>anomaly</format> + <description>Record unexpected conditions such as truncated packets, packets with invalid IP/UDP/TCP length values, and other events that render the packet invalid for further processing or describe unexpected behavior on an established stream</description> + </valueHelp> + <valueHelp> + <format>drop</format> + <description>Record events for dropped packets</description> + </valueHelp> + <valueHelp> + <format>file</format> + <description>Record file details (e.g., MD5) for files extracted from application protocols (e.g., HTTP)</description> + </valueHelp> + <valueHelp> + <format>application (http, dns, tls, ...)</format> + <description>Record application-level transactions</description> + </valueHelp> + <valueHelp> + <format>flow</format> + <description>Record bi-directional flows</description> + </valueHelp> + <valueHelp> + <format>netflow</format> + <description>Record uni-directional flows</description> + </valueHelp> + <constraint> + <regex>(alert|anomaly|http|dns|tls|files|drop|smtp|dnp3|ftp|rdp|nfs|smb|tftp|ikev2|dcerpc|krb5|snmp|rfb|sip|dhcp|ssh|mqtt|http2|flow|netflow)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/service_upnp.xml.in b/interface-definitions/service_upnp.xml.in deleted file mode 100644 index 064386ee5..000000000 --- a/interface-definitions/service_upnp.xml.in +++ /dev/null @@ -1,229 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="service"> - <children> - <node name="upnp" owner="${vyos_conf_scripts_dir}/service_upnp.py"> - <properties> - <help>Universal Plug and Play (UPnP) service</help> - <priority>900</priority> - </properties> - <children> - <leafNode name="friendly-name"> - <properties> - <help>Name of this service</help> - <valueHelp> - <format>txt</format> - <description>Friendly name</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="wan-interface"> - <properties> - <help>WAN network interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - <constraint> - #include <include/constraint/interface-name.xml.i> - </constraint> - </properties> - </leafNode> - <leafNode name="wan-ip"> - <properties> - <help>WAN network IP</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address</description> - </valueHelp> - <constraint> - <validator name="ipv4-address" /> - <validator name="ipv6-address" /> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="nat-pmp"> - <properties> - <help>Enable NAT-PMP support</help> - <valueless /> - </properties> - </leafNode> - <leafNode name="secure-mode"> - <properties> - <help>Enable Secure Mode</help> - <valueless /> - </properties> - </leafNode> - <leafNode name="presentation-url"> - <properties> - <help>Presentation Url</help> - <valueHelp> - <format>txt</format> - <description>Presentation Url</description> - </valueHelp> - </properties> - </leafNode> - <node name="pcp-lifetime"> - <properties> - <help>PCP-base lifetime Option</help> - </properties> - <children> - <leafNode name="max"> - <properties> - <help>Max lifetime time</help> - <constraint> - <validator name="numeric" /> - </constraint> - </properties> - </leafNode> - <leafNode name="min"> - <properties> - <help>Min lifetime time</help> - <constraint> - <validator name="numeric" /> - </constraint> - </properties> - </leafNode> - </children> - </node> - <leafNode name="listen"> - <properties> - <help>Local IP addresses for service to listen on</help> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - <valueHelp> - <format><interface></format> - <description>Monitor interface address</description> - </valueHelp> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address to listen for incoming connections</description> - </valueHelp> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 prefix to listen for incoming connections</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address to listen for incoming connections</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 prefix to listen for incoming connections</description> - </valueHelp> - <multi/> - <constraint> - #include <include/constraint/interface-name.xml.i> - <validator name="ip-address"/> - <validator name="ipv4-prefix"/> - <validator name="ipv6-prefix"/> - </constraint> - </properties> - </leafNode> - <node name="stun"> - <properties> - <help>Enable STUN probe support (can be used with NAT 1:1 support for WAN interfaces)</help> - </properties> - <children> - <leafNode name="host"> - <properties> - <help>The STUN server address</help> - <valueHelp> - <format>txt</format> - <description>The STUN server host address</description> - </valueHelp> - <constraint> - <validator name="fqdn"/> - </constraint> - </properties> - </leafNode> - #include <include/port-number.xml.i> - </children> - </node> - <tagNode name="rule"> - <properties> - <help>UPnP Rule</help> - <valueHelp> - <format>u32:0-65535</format> - <description>Rule number</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-65535"/> - </constraint> - </properties> - <children> - #include <include/generic-disable-node.xml.i> - <leafNode name="external-port-range"> - <properties> - <help>Port range (REQUIRE)</help> - <valueHelp> - <format><port></format> - <description>single port</description> - </valueHelp> - <valueHelp> - <format><portN>-<portM></format> - <description>Port range (use '-' as delimiter)</description> - </valueHelp> - <constraint> - <validator name="port-range"/> - </constraint> - </properties> - </leafNode> - <leafNode name="internal-port-range"> - <properties> - <help>Port range (REQUIRE)</help> - <valueHelp> - <format><port></format> - <description>single port</description> - </valueHelp> - <valueHelp> - <format><portN>-<portM></format> - <description>Port range (use '-' as delimiter)</description> - </valueHelp> - <constraint> - <validator name="port-range"/> - </constraint> - </properties> - </leafNode> - <leafNode name="ip"> - <properties> - <help>The IP to which this rule applies (REQUIRE)</help> - <valueHelp> - <format>ipv4</format> - <description>The IPv4 address to which this rule applies</description> - </valueHelp> - <valueHelp> - <format>ipv4net</format> - <description>The IPv4 to which this rule applies</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ipv4-host"/> - <validator name="ipv4-prefix"/> - </constraint> - </properties> - </leafNode> - <leafNode name="action"> - <properties> - <help>Actions against the rule (REQUIRE)</help> - <completionHelp> - <list>allow deny</list> - </completionHelp> - <constraint> - <regex>(allow|deny)</regex> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </node> - </children> - </node> -</interfaceDefinition> diff --git a/interface-definitions/system_conntrack.xml.in b/interface-definitions/system_conntrack.xml.in index 33aa832a8..0dfa2ea81 100644 --- a/interface-definitions/system_conntrack.xml.in +++ b/interface-definitions/system_conntrack.xml.in @@ -406,7 +406,7 @@ <constraint> <validator name="numeric" argument="--range 1-999999"/> </constraint> - <constraintErrorMessage>Ignore rule number must be between 1 and 999999</constraintErrorMessage> + <constraintErrorMessage>Timeout rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> #include <include/generic-description.xml.i> @@ -421,7 +421,7 @@ </node> <leafNode name="inbound-interface"> <properties> - <help>Interface to ignore connections tracking on</help> + <help>Interface to apply custom connection timers on</help> <completionHelp> <list>any</list> <script>${vyos_completion_dir}/list_interfaces</script> @@ -464,7 +464,7 @@ <constraint> <validator name="numeric" argument="--range 1-999999"/> </constraint> - <constraintErrorMessage>Ignore rule number must be between 1 and 999999</constraintErrorMessage> + <constraintErrorMessage>Timeout rule number must be between 1 and 999999</constraintErrorMessage> </properties> <children> #include <include/generic-description.xml.i> @@ -479,7 +479,7 @@ </node> <leafNode name="inbound-interface"> <properties> - <help>Interface to ignore connections tracking on</help> + <help>Interface to apply custom connection timers on</help> <completionHelp> <list>any</list> <script>${vyos_completion_dir}/list_interfaces</script> diff --git a/interface-definitions/system_domain-name.xml.in b/interface-definitions/system_domain-name.xml.in index bfca9b8ce..695af29d9 100644 --- a/interface-definitions/system_domain-name.xml.in +++ b/interface-definitions/system_domain-name.xml.in @@ -5,6 +5,7 @@ <leafNode name="domain-name" owner="${vyos_conf_scripts_dir}/system_host-name.py"> <properties> <help>System domain name</help> + <priority>6</priority> <constraint> <validator name="fqdn"/> </constraint> diff --git a/interface-definitions/system_host-name.xml.in b/interface-definitions/system_host-name.xml.in index 423531a68..f74baab48 100644 --- a/interface-definitions/system_host-name.xml.in +++ b/interface-definitions/system_host-name.xml.in @@ -6,6 +6,7 @@ <leafNode name="host-name" owner="${vyos_conf_scripts_dir}/system_host-name.py"> <properties> <help>System host name (default: vyos)</help> + <priority>5</priority> <constraint> #include <include/constraint/host-name.xml.i> </constraint> diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in index e94bb7219..f6c8021d3 100644 --- a/interface-definitions/system_login.xml.in +++ b/interface-definitions/system_login.xml.in @@ -202,17 +202,8 @@ <tagNode name="server"> <children> #include <include/radius-timeout.xml.i> + #include <include/radius-priority.xml.i> <leafNode name="priority"> - <properties> - <help>Server priority</help> - <valueHelp> - <format>u32:1-255</format> - <description>Server priority</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-255"/> - </constraint> - </properties> <defaultValue>255</defaultValue> </leafNode> </children> diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index 85a375db4..c00e82534 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -140,6 +140,7 @@ #include <include/accel-ppp/wins-server.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> + #include <include/accel-ppp/log.xml.i> </children> </node> </children> diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in index a63633f57..8aec0cb1c 100644 --- a/interface-definitions/vpn_pptp.xml.in +++ b/interface-definitions/vpn_pptp.xml.in @@ -56,6 +56,7 @@ #include <include/accel-ppp/wins-server.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> + #include <include/accel-ppp/log.xml.i> </children> </node> </children> diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index d9ed1c040..5fd5c95ca 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -62,6 +62,7 @@ <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> </properties> </leafNode> + #include <include/accel-ppp/log.xml.i> </children> </node> </children> diff --git a/interface-definitions/xml-component-version.xml.in b/interface-definitions/xml-component-version.xml.in index 10a1be242..67d86a1d0 100644 --- a/interface-definitions/xml-component-version.xml.in +++ b/interface-definitions/xml-component-version.xml.in @@ -48,4 +48,5 @@ #include <include/version/vyos-accel-ppp-version.xml.i> #include <include/version/wanloadbalance-version.xml.i> #include <include/version/webproxy-version.xml.i> + #include <include/version/reverseproxy-version.xml.i> </interfaceDefinition> |