From c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Wed, 31 Jul 2024 12:42:25 +0000
Subject: T4072: change same helpers in xml definitions; add notrack action for
 prerouting chain; re introduce <set vrf> in policy; change global options for
 passing traffic to IPvX firewall; update smoketest

---
 .../include/firewall/bridge-custom-name.xml.i      |  1 +
 .../include/firewall/bridge-hook-forward.xml.i     |  1 +
 .../include/firewall/bridge-hook-input.xml.i       |  1 +
 .../include/firewall/bridge-hook-output.xml.i      |  1 +
 .../include/firewall/bridge-hook-prerouting.xml.i  |  4 +--
 .../include/firewall/common-rule-bridge.xml.i      |  1 -
 .../include/firewall/global-options.xml.i          |  2 +-
 .../firewall/set-packet-modifications.xml.i        | 32 +++++++++++++++++-----
 8 files changed, 32 insertions(+), 11 deletions(-)

(limited to 'interface-definitions/include/firewall')

diff --git a/interface-definitions/include/firewall/bridge-custom-name.xml.i b/interface-definitions/include/firewall/bridge-custom-name.xml.i
index 48d48949e..9a2a829d0 100644
--- a/interface-definitions/include/firewall/bridge-custom-name.xml.i
+++ b/interface-definitions/include/firewall/bridge-custom-name.xml.i
@@ -32,6 +32,7 @@
       </properties>
       <children>
         #include <include/firewall/common-rule-bridge.xml.i>
+        #include <include/firewall/action-l2.xml.i>
         #include <include/firewall/connection-mark.xml.i>
         #include <include/firewall/connection-status.xml.i>
         #include <include/firewall/state.xml.i>
diff --git a/interface-definitions/include/firewall/bridge-hook-forward.xml.i b/interface-definitions/include/firewall/bridge-hook-forward.xml.i
index 0bc1fc357..fcc981925 100644
--- a/interface-definitions/include/firewall/bridge-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/bridge-hook-forward.xml.i
@@ -26,6 +26,7 @@
           </properties>
           <children>
             #include <include/firewall/common-rule-bridge.xml.i>
+            #include <include/firewall/action-l2.xml.i>
             #include <include/firewall/connection-mark.xml.i>
             #include <include/firewall/connection-status.xml.i>
             #include <include/firewall/state.xml.i>
diff --git a/interface-definitions/include/firewall/bridge-hook-input.xml.i b/interface-definitions/include/firewall/bridge-hook-input.xml.i
index 32de14d54..f6a11f8da 100644
--- a/interface-definitions/include/firewall/bridge-hook-input.xml.i
+++ b/interface-definitions/include/firewall/bridge-hook-input.xml.i
@@ -26,6 +26,7 @@
           </properties>
           <children>
             #include <include/firewall/common-rule-bridge.xml.i>
+            #include <include/firewall/action-l2.xml.i>
             #include <include/firewall/connection-mark.xml.i>
             #include <include/firewall/connection-status.xml.i>
             #include <include/firewall/state.xml.i>
diff --git a/interface-definitions/include/firewall/bridge-hook-output.xml.i b/interface-definitions/include/firewall/bridge-hook-output.xml.i
index da0c02470..38b8b08ca 100644
--- a/interface-definitions/include/firewall/bridge-hook-output.xml.i
+++ b/interface-definitions/include/firewall/bridge-hook-output.xml.i
@@ -26,6 +26,7 @@
           </properties>
           <children>
             #include <include/firewall/common-rule-bridge.xml.i>
+            #include <include/firewall/action-l2.xml.i>
             #include <include/firewall/connection-mark.xml.i>
             #include <include/firewall/connection-status.xml.i>
             #include <include/firewall/state.xml.i>
diff --git a/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i
index b6c1fe87a..ea567644f 100644
--- a/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i
+++ b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i
@@ -14,7 +14,7 @@
         #include <include/generic-description.xml.i>
         <tagNode name="rule">
           <properties>
-            <help>Bridge Firewall prerouting filter rule number</help>
+            <help>Bridge firewall prerouting filter rule number</help>
             <valueHelp>
               <format>u32:1-999999</format>
               <description>Number for this firewall rule</description>
@@ -26,7 +26,7 @@
           </properties>
           <children>
             #include <include/firewall/common-rule-bridge.xml.i>
-            #include <include/firewall/set-packet-modifications.xml.i>
+            #include <include/firewall/action-and-notrack.xml.i>
             #include <include/firewall/inbound-interface.xml.i>
           </children>
         </tagNode>
diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i
index b47408aa8..9ae28f7be 100644
--- a/interface-definitions/include/firewall/common-rule-bridge.xml.i
+++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i
@@ -1,7 +1,6 @@
 <!-- include start from firewall/common-rule-bridge.xml.i -->
 #include <include/generic-description.xml.i>
 #include <include/generic-disable-node.xml.i>
-#include <include/firewall/action-l2.xml.i>
 #include <include/firewall/dscp.xml.i>
 #include <include/firewall/firewall-mark.xml.i>
 #include <include/firewall/fragment.xml.i>
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index 1f2899672..cee8f1854 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -44,7 +44,7 @@
       </properties>
       <defaultValue>disable</defaultValue>
     </leafNode>
-    <node name="apply-for-bridge">
+    <node name="apply-to-bridged-traffic">
       <properties>
         <help>Apply configured firewall rules to traffic switched by bridges</help>
       </properties>
diff --git a/interface-definitions/include/firewall/set-packet-modifications.xml.i b/interface-definitions/include/firewall/set-packet-modifications.xml.i
index eda568a0e..ee019b64e 100644
--- a/interface-definitions/include/firewall/set-packet-modifications.xml.i
+++ b/interface-definitions/include/firewall/set-packet-modifications.xml.i
@@ -6,10 +6,10 @@
   <children>
     <leafNode name="connection-mark">
       <properties>
-        <help>Connection marking</help>
+        <help>Set connection mark</help>
         <valueHelp>
           <format>u32:0-2147483647</format>
-          <description>Connection marking</description>
+          <description>Connection mark</description>
         </valueHelp>
         <constraint>
           <validator name="numeric" argument="--range 0-2147483647"/>
@@ -18,7 +18,7 @@
     </leafNode>
     <leafNode name="dscp">
       <properties>
-        <help>Packet Differentiated Services Codepoint (DSCP)</help>
+        <help>Set DSCP (Packet Differentiated Services Codepoint) bits</help>
         <valueHelp>
           <format>u32:0-63</format>
           <description>DSCP number</description>
@@ -30,10 +30,10 @@
     </leafNode>
     <leafNode name="mark">
       <properties>
-        <help>Packet marking</help>
+        <help>Set packet mark</help>
         <valueHelp>
           <format>u32:1-2147483647</format>
-          <description>Packet marking</description>
+          <description>Packet mark</description>
         </valueHelp>
         <constraint>
           <validator name="numeric" argument="--range 1-2147483647"/>
@@ -42,7 +42,7 @@
     </leafNode>
     <leafNode name="table">
       <properties>
-        <help>Routing table to forward packet with</help>
+        <help>Set the routing table for matched packets</help>
         <valueHelp>
           <format>u32:1-200</format>
           <description>Table number</description>
@@ -61,9 +61,27 @@
         </completionHelp>
       </properties>
     </leafNode>
+    <leafNode name="vrf">
+      <properties>
+        <help>VRF to forward packet with</help>
+        <valueHelp>
+          <format>txt</format>
+          <description>VRF instance name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>default</format>
+          <description>Forward into default global VRF</description>
+        </valueHelp>
+        <completionHelp>
+          <list>default</list>
+          <path>vrf name</path>
+        </completionHelp>
+        #include <include/constraint/vrf.xml.i>
+      </properties>
+    </leafNode>
     <leafNode name="tcp-mss">
       <properties>
-        <help>TCP Maximum Segment Size</help>
+        <help>Set TCP Maximum Segment Size</help>
         <valueHelp>
           <format>u32:500-1460</format>
           <description>Explicitly set TCP MSS value</description>
-- 
cgit v1.2.3