6 files changed, 40 insertions, 11 deletions

diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index 7393ff5c9..794da4f9d 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -51,7 +51,7 @@
       <children>
         <leafNode name="invalid-connections">
           <properties>
-            <help>Accept ARP, DHCP and PPPoE despite they are marked as invalid connection</help>
+            <help>Accept ARP, 802.1q, 802.1ad, DHCP, PPPoE and WoL despite being marked as invalid connections</help>
             <valueless/>
           </properties>
         </leafNode>
diff --git a/interface-definitions/include/version/conntrack-version.xml.i b/interface-definitions/include/version/conntrack-version.xml.i
index 6995ce119..517424034 100644
--- a/interface-definitions/include/version/conntrack-version.xml.i
+++ b/interface-definitions/include/version/conntrack-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/conntrack-version.xml.i -->
-<syntaxVersion component='conntrack' version='5'></syntaxVersion>
+<syntaxVersion component='conntrack' version='6'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/service_ssh.xml.in b/interface-definitions/service_ssh.xml.in
index 14d358c78..c659a7db7 100644
--- a/interface-definitions/service_ssh.xml.in
+++ b/interface-definitions/service_ssh.xml.in
@@ -275,14 +275,18 @@
               </constraint>
             </properties>
           </leafNode>
-          <node name="trusted-user-ca-key">
+          <leafNode name="trusted-user-ca">
             <properties>
-              <help>Trusted user CA key</help>
+              <help>OpenSSH trusted user CA</help>
+              <completionHelp>
+                <path>pki openssh</path>
+              </completionHelp>
+              <valueHelp>
+                <format>txt</format>
+                <description>OpenSSH certificate name from PKI subsystem</description>
+              </valueHelp>
             </properties>
-            <children>
-              #include <include/pki/ca-certificate.xml.i>
-            </children>
-          </node>
+          </leafNode>
           #include <include/vrf-multi.xml.i>
         </children>
       </node>
diff --git a/interface-definitions/system_conntrack.xml.in b/interface-definitions/system_conntrack.xml.in
index 54610b625..92c4d24cf 100644
--- a/interface-definitions/system_conntrack.xml.in
+++ b/interface-definitions/system_conntrack.xml.in
@@ -32,14 +32,14 @@
             <properties>
               <help>Hash size for connection tracking table</help>
               <valueHelp>
-                <format>u32:1-50000000</format>
+                <format>u32:1024-50000000</format>
                 <description>Size of hash to use for connection tracking table</description>
               </valueHelp>
               <constraint>
-                <validator name="numeric" argument="--range 1-50000000"/>
+                <validator name="numeric" argument="--range 1024-50000000"/>
               </constraint>
             </properties>
-            <defaultValue>32768</defaultValue>
+            <defaultValue>65536</defaultValue>
           </leafNode>
           <node name="ignore">
             <properties>
diff --git a/interface-definitions/system_ip.xml.in b/interface-definitions/system_ip.xml.in
index b4b5092fe..f2bb5bd8a 100644
--- a/interface-definitions/system_ip.xml.in
+++ b/interface-definitions/system_ip.xml.in
@@ -17,6 +17,22 @@
               #include <include/arp-ndp-table-size.xml.i>
             </children>
           </node>
+          <tagNode name="import-table">
+            <properties>
+              <help>Routing table for import</help>
+              <valueHelp>
+                <format>u32:1-252</format>
+                <description>Table number</description>
+              </valueHelp>
+                <constraint>
+                  <validator name="numeric" argument="--range 1-252"/>
+                </constraint>
+            </properties>
+            <children>
+              #include <include/static/static-route-distance.xml.i>
+              #include <include/route-map.xml.i>
+            </children>
+          </tagNode>
           <leafNode name="disable-forwarding">
             <properties>
               <help>Disable IPv4 forwarding on all interfaces</help>
diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in
index 9865e3d32..a13ba10ea 100644
--- a/interface-definitions/system_login.xml.in
+++ b/interface-definitions/system_login.xml.in
@@ -103,6 +103,15 @@
                       <help>Plaintext password used for encryption</help>
                     </properties>
                   </leafNode>
+                  <leafNode name="principal">
+                    <properties>
+                      <help>Accepted principal names for certificate authentication</help>
+                      <constraint>
+                        #include <include/constraint/login-username.xml.i>
+                      </constraint>
+                      <multi/>
+                    </properties>
+                  </leafNode>
                   <tagNode name="public-keys">
                     <properties>
                       <help>Remote access public keys</help>