From 0a8a0188033d6b27c521f082fdddae9873dd5d3d Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 19 Aug 2021 13:07:18 +0200 Subject: xml: remove superfluous "interface" prefix from interface includes --- .../include/interface/arp-cache-timeout.xml.i | 16 +++++++++++ .../include/interface/description.xml.i | 11 ++++++++ .../include/interface/dial-on-demand.xml.i | 8 ++++++ .../include/interface/disable-arp-filter.xml.i | 8 ++++++ .../include/interface/disable-forwarding.xml.i | 8 ++++++ .../include/interface/disable-link-detect.xml.i | 8 ++++++ .../include/interface/disable.xml.i | 8 ++++++ .../include/interface/eapol.xml.i | 11 ++++++++ .../include/interface/enable-arp-accept.xml.i | 8 ++++++ .../include/interface/enable-arp-announce.xml.i | 8 ++++++ .../include/interface/enable-arp-ignore.xml.i | 8 ++++++ .../include/interface/enable-proxy-arp.xml.i | 8 ++++++ .../include/interface/hw-id.xml.i | 14 ++++++++++ .../interface/interface-arp-cache-timeout.xml.i | 16 ----------- .../include/interface/interface-description.xml.i | 11 -------- .../interface/interface-dial-on-demand.xml.i | 8 ------ .../interface/interface-disable-arp-filter.xml.i | 8 ------ .../interface/interface-disable-forwarding.xml.i | 8 ------ .../interface/interface-disable-link-detect.xml.i | 8 ------ .../include/interface/interface-disable.xml.i | 8 ------ .../include/interface/interface-eapol.xml.i | 11 -------- .../interface/interface-enable-arp-accept.xml.i | 8 ------ .../interface/interface-enable-arp-announce.xml.i | 8 ------ .../interface/interface-enable-arp-ignore.xml.i | 8 ------ .../interface/interface-enable-proxy-arp.xml.i | 8 ------ .../include/interface/interface-hw-id.xml.i | 14 ---------- .../include/interface/interface-ipv4-options.xml.i | 18 ------------ .../include/interface/interface-ipv6-options.xml.i | 12 -------- .../include/interface/interface-mac.xml.i | 14 ---------- .../include/interface/interface-mirror.xml.i | 25 ----------------- .../interface/interface-mtu-1200-16000.xml.i | 16 ----------- .../interface/interface-mtu-1450-16000.xml.i | 16 ----------- .../include/interface/interface-mtu-64-8024.xml.i | 16 ----------- .../include/interface/interface-mtu-68-1500.xml.i | 16 ----------- .../include/interface/interface-mtu-68-16000.xml.i | 16 ----------- .../interface-parameters-dont-fragment.xml.i | 8 ------ .../interface/interface-parameters-flowlabel.xml.i | 15 ---------- .../interface/interface-parameters-key.xml.i | 15 ---------- .../interface/interface-parameters-tos.xml.i | 16 ----------- .../interface/interface-parameters-ttl.xml.i | 20 -------------- .../interface/interface-proxy-arp-pvlan.xml.i | 8 ------ .../interface/interface-source-validation.xml.i | 25 ----------------- .../include/interface/interface-vrf.xml.i | 14 ---------- .../include/interface/interface-xdp.xml.i | 8 ------ .../include/interface/ipv4-options.xml.i | 18 ++++++++++++ .../include/interface/ipv6-options.xml.i | 12 ++++++++ interface-definitions/include/interface/mac.xml.i | 14 ++++++++++ .../include/interface/mirror.xml.i | 25 +++++++++++++++++ .../include/interface/mtu-1200-16000.xml.i | 16 +++++++++++ .../include/interface/mtu-1450-16000.xml.i | 16 +++++++++++ .../include/interface/mtu-64-8024.xml.i | 16 +++++++++++ .../include/interface/mtu-68-1500.xml.i | 16 +++++++++++ .../include/interface/mtu-68-16000.xml.i | 16 +++++++++++ .../interface/parameters-dont-fragment.xml.i | 8 ++++++ .../include/interface/parameters-flowlabel.xml.i | 15 ++++++++++ .../include/interface/parameters-key.xml.i | 15 ++++++++++ .../include/interface/parameters-tos.xml.i | 16 +++++++++++ .../include/interface/parameters-ttl.xml.i | 20 ++++++++++++++ .../include/interface/proxy-arp-pvlan.xml.i | 8 ++++++ .../include/interface/source-validation.xml.i | 25 +++++++++++++++++ .../include/interface/vif-s.xml.i | 32 +++++++++++----------- interface-definitions/include/interface/vif.xml.i | 16 +++++------ interface-definitions/include/interface/vrf.xml.i | 14 ++++++++++ interface-definitions/include/interface/xdp.xml.i | 8 ++++++ 64 files changed, 426 insertions(+), 426 deletions(-) create mode 100644 interface-definitions/include/interface/arp-cache-timeout.xml.i create mode 100644 interface-definitions/include/interface/description.xml.i create mode 100644 interface-definitions/include/interface/dial-on-demand.xml.i create mode 100644 interface-definitions/include/interface/disable-arp-filter.xml.i create mode 100644 interface-definitions/include/interface/disable-forwarding.xml.i create mode 100644 interface-definitions/include/interface/disable-link-detect.xml.i create mode 100644 interface-definitions/include/interface/disable.xml.i create mode 100644 interface-definitions/include/interface/eapol.xml.i create mode 100644 interface-definitions/include/interface/enable-arp-accept.xml.i create mode 100644 interface-definitions/include/interface/enable-arp-announce.xml.i create mode 100644 interface-definitions/include/interface/enable-arp-ignore.xml.i create mode 100644 interface-definitions/include/interface/enable-proxy-arp.xml.i create mode 100644 interface-definitions/include/interface/hw-id.xml.i delete mode 100644 interface-definitions/include/interface/interface-arp-cache-timeout.xml.i delete mode 100644 interface-definitions/include/interface/interface-description.xml.i delete mode 100644 interface-definitions/include/interface/interface-dial-on-demand.xml.i delete mode 100644 interface-definitions/include/interface/interface-disable-arp-filter.xml.i delete mode 100644 interface-definitions/include/interface/interface-disable-forwarding.xml.i delete mode 100644 interface-definitions/include/interface/interface-disable-link-detect.xml.i delete mode 100644 interface-definitions/include/interface/interface-disable.xml.i delete mode 100644 interface-definitions/include/interface/interface-eapol.xml.i delete mode 100644 interface-definitions/include/interface/interface-enable-arp-accept.xml.i delete mode 100644 interface-definitions/include/interface/interface-enable-arp-announce.xml.i delete mode 100644 interface-definitions/include/interface/interface-enable-arp-ignore.xml.i delete mode 100644 interface-definitions/include/interface/interface-enable-proxy-arp.xml.i delete mode 100644 interface-definitions/include/interface/interface-hw-id.xml.i delete mode 100644 interface-definitions/include/interface/interface-ipv4-options.xml.i delete mode 100644 interface-definitions/include/interface/interface-ipv6-options.xml.i delete mode 100644 interface-definitions/include/interface/interface-mac.xml.i delete mode 100644 interface-definitions/include/interface/interface-mirror.xml.i delete mode 100644 interface-definitions/include/interface/interface-mtu-1200-16000.xml.i delete mode 100644 interface-definitions/include/interface/interface-mtu-1450-16000.xml.i delete mode 100644 interface-definitions/include/interface/interface-mtu-64-8024.xml.i delete mode 100644 interface-definitions/include/interface/interface-mtu-68-1500.xml.i delete mode 100644 interface-definitions/include/interface/interface-mtu-68-16000.xml.i delete mode 100644 interface-definitions/include/interface/interface-parameters-dont-fragment.xml.i delete mode 100644 interface-definitions/include/interface/interface-parameters-flowlabel.xml.i delete mode 100644 interface-definitions/include/interface/interface-parameters-key.xml.i delete mode 100644 interface-definitions/include/interface/interface-parameters-tos.xml.i delete mode 100644 interface-definitions/include/interface/interface-parameters-ttl.xml.i delete mode 100644 interface-definitions/include/interface/interface-proxy-arp-pvlan.xml.i delete mode 100644 interface-definitions/include/interface/interface-source-validation.xml.i delete mode 100644 interface-definitions/include/interface/interface-vrf.xml.i delete mode 100644 interface-definitions/include/interface/interface-xdp.xml.i create mode 100644 interface-definitions/include/interface/ipv4-options.xml.i create mode 100644 interface-definitions/include/interface/ipv6-options.xml.i create mode 100644 interface-definitions/include/interface/mac.xml.i create mode 100644 interface-definitions/include/interface/mirror.xml.i create mode 100644 interface-definitions/include/interface/mtu-1200-16000.xml.i create mode 100644 interface-definitions/include/interface/mtu-1450-16000.xml.i create mode 100644 interface-definitions/include/interface/mtu-64-8024.xml.i create mode 100644 interface-definitions/include/interface/mtu-68-1500.xml.i create mode 100644 interface-definitions/include/interface/mtu-68-16000.xml.i create mode 100644 interface-definitions/include/interface/parameters-dont-fragment.xml.i create mode 100644 interface-definitions/include/interface/parameters-flowlabel.xml.i create mode 100644 interface-definitions/include/interface/parameters-key.xml.i create mode 100644 interface-definitions/include/interface/parameters-tos.xml.i create mode 100644 interface-definitions/include/interface/parameters-ttl.xml.i create mode 100644 interface-definitions/include/interface/proxy-arp-pvlan.xml.i create mode 100644 interface-definitions/include/interface/source-validation.xml.i create mode 100644 interface-definitions/include/interface/vrf.xml.i create mode 100644 interface-definitions/include/interface/xdp.xml.i (limited to 'interface-definitions/include/interface') diff --git a/interface-definitions/include/interface/arp-cache-timeout.xml.i b/interface-definitions/include/interface/arp-cache-timeout.xml.i new file mode 100644 index 000000000..3fb64f1ff --- /dev/null +++ b/interface-definitions/include/interface/arp-cache-timeout.xml.i @@ -0,0 +1,16 @@ + + + + ARP cache entry timeout in seconds + + 1-86400 + ARP cache entry timout in seconds (default 30) + + + + + ARP cache entry timeout must be between 1 and 86400 seconds + + 30 + + diff --git a/interface-definitions/include/interface/description.xml.i b/interface-definitions/include/interface/description.xml.i new file mode 100644 index 000000000..8579cf7d1 --- /dev/null +++ b/interface-definitions/include/interface/description.xml.i @@ -0,0 +1,11 @@ + + + + Interface specific description + + .{1,256}$ + + Description too long (limit 256 characters) + + + diff --git a/interface-definitions/include/interface/dial-on-demand.xml.i b/interface-definitions/include/interface/dial-on-demand.xml.i new file mode 100644 index 000000000..30e8c7e97 --- /dev/null +++ b/interface-definitions/include/interface/dial-on-demand.xml.i @@ -0,0 +1,8 @@ + + + + Establishment connection automatically when traffic is sent + + + + diff --git a/interface-definitions/include/interface/disable-arp-filter.xml.i b/interface-definitions/include/interface/disable-arp-filter.xml.i new file mode 100644 index 000000000..a69455d58 --- /dev/null +++ b/interface-definitions/include/interface/disable-arp-filter.xml.i @@ -0,0 +1,8 @@ + + + + Disable ARP filter on this interface + + + + diff --git a/interface-definitions/include/interface/disable-forwarding.xml.i b/interface-definitions/include/interface/disable-forwarding.xml.i new file mode 100644 index 000000000..a32e5376f --- /dev/null +++ b/interface-definitions/include/interface/disable-forwarding.xml.i @@ -0,0 +1,8 @@ + + + + Disable IPv4 forwarding on this interface + + + + diff --git a/interface-definitions/include/interface/disable-link-detect.xml.i b/interface-definitions/include/interface/disable-link-detect.xml.i new file mode 100644 index 000000000..b101ec292 --- /dev/null +++ b/interface-definitions/include/interface/disable-link-detect.xml.i @@ -0,0 +1,8 @@ + + + + Ignore link state changes + + + + diff --git a/interface-definitions/include/interface/disable.xml.i b/interface-definitions/include/interface/disable.xml.i new file mode 100644 index 000000000..b76bd3f53 --- /dev/null +++ b/interface-definitions/include/interface/disable.xml.i @@ -0,0 +1,8 @@ + + + + Administratively disable interface + + + + diff --git a/interface-definitions/include/interface/eapol.xml.i b/interface-definitions/include/interface/eapol.xml.i new file mode 100644 index 000000000..c4cdeae0c --- /dev/null +++ b/interface-definitions/include/interface/eapol.xml.i @@ -0,0 +1,11 @@ + + + + Extensible Authentication Protocol over Local Area Network + + + #include + #include + + + diff --git a/interface-definitions/include/interface/enable-arp-accept.xml.i b/interface-definitions/include/interface/enable-arp-accept.xml.i new file mode 100644 index 000000000..90f6bc3db --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-accept.xml.i @@ -0,0 +1,8 @@ + + + + Enable ARP accept on this interface + + + + diff --git a/interface-definitions/include/interface/enable-arp-announce.xml.i b/interface-definitions/include/interface/enable-arp-announce.xml.i new file mode 100644 index 000000000..cf02fce0b --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-announce.xml.i @@ -0,0 +1,8 @@ + + + + Enable ARP announce on this interface + + + + diff --git a/interface-definitions/include/interface/enable-arp-ignore.xml.i b/interface-definitions/include/interface/enable-arp-ignore.xml.i new file mode 100644 index 000000000..5bb444f35 --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-ignore.xml.i @@ -0,0 +1,8 @@ + + + + Enable ARP ignore on this interface + + + + diff --git a/interface-definitions/include/interface/enable-proxy-arp.xml.i b/interface-definitions/include/interface/enable-proxy-arp.xml.i new file mode 100644 index 000000000..27e497f84 --- /dev/null +++ b/interface-definitions/include/interface/enable-proxy-arp.xml.i @@ -0,0 +1,8 @@ + + + + Enable proxy-arp on this interface + + + + diff --git a/interface-definitions/include/interface/hw-id.xml.i b/interface-definitions/include/interface/hw-id.xml.i new file mode 100644 index 000000000..a3a1eec7c --- /dev/null +++ b/interface-definitions/include/interface/hw-id.xml.i @@ -0,0 +1,14 @@ + + + + Associate Ethernet Interface with given Media Access Control (MAC) address + + macaddr + Hardware (MAC) address + + + + + + + diff --git a/interface-definitions/include/interface/interface-arp-cache-timeout.xml.i b/interface-definitions/include/interface/interface-arp-cache-timeout.xml.i deleted file mode 100644 index b269fecd8..000000000 --- a/interface-definitions/include/interface/interface-arp-cache-timeout.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - ARP cache entry timeout in seconds - - 1-86400 - ARP cache entry timout in seconds (default 30) - - - - - ARP cache entry timeout must be between 1 and 86400 seconds - - 30 - - diff --git a/interface-definitions/include/interface/interface-description.xml.i b/interface-definitions/include/interface/interface-description.xml.i deleted file mode 100644 index d618b50d2..000000000 --- a/interface-definitions/include/interface/interface-description.xml.i +++ /dev/null @@ -1,11 +0,0 @@ - - - - Interface specific description - - .{1,256}$ - - Description too long (limit 256 characters) - - - diff --git a/interface-definitions/include/interface/interface-dial-on-demand.xml.i b/interface-definitions/include/interface/interface-dial-on-demand.xml.i deleted file mode 100644 index 66edd9678..000000000 --- a/interface-definitions/include/interface/interface-dial-on-demand.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Establishment connection automatically when traffic is sent - - - - diff --git a/interface-definitions/include/interface/interface-disable-arp-filter.xml.i b/interface-definitions/include/interface/interface-disable-arp-filter.xml.i deleted file mode 100644 index 49cddaf76..000000000 --- a/interface-definitions/include/interface/interface-disable-arp-filter.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Disable ARP filter on this interface - - - - diff --git a/interface-definitions/include/interface/interface-disable-forwarding.xml.i b/interface-definitions/include/interface/interface-disable-forwarding.xml.i deleted file mode 100644 index cb6ef0475..000000000 --- a/interface-definitions/include/interface/interface-disable-forwarding.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Disable IPv4 forwarding on this interface - - - - diff --git a/interface-definitions/include/interface/interface-disable-link-detect.xml.i b/interface-definitions/include/interface/interface-disable-link-detect.xml.i deleted file mode 100644 index c528885b2..000000000 --- a/interface-definitions/include/interface/interface-disable-link-detect.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Ignore link state changes - - - - diff --git a/interface-definitions/include/interface/interface-disable.xml.i b/interface-definitions/include/interface/interface-disable.xml.i deleted file mode 100644 index d90e6395b..000000000 --- a/interface-definitions/include/interface/interface-disable.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Administratively disable interface - - - - diff --git a/interface-definitions/include/interface/interface-eapol.xml.i b/interface-definitions/include/interface/interface-eapol.xml.i deleted file mode 100644 index 270ec5b13..000000000 --- a/interface-definitions/include/interface/interface-eapol.xml.i +++ /dev/null @@ -1,11 +0,0 @@ - - - - Extensible Authentication Protocol over Local Area Network - - - #include - #include - - - diff --git a/interface-definitions/include/interface/interface-enable-arp-accept.xml.i b/interface-definitions/include/interface/interface-enable-arp-accept.xml.i deleted file mode 100644 index 7c5d51857..000000000 --- a/interface-definitions/include/interface/interface-enable-arp-accept.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Enable ARP accept on this interface - - - - diff --git a/interface-definitions/include/interface/interface-enable-arp-announce.xml.i b/interface-definitions/include/interface/interface-enable-arp-announce.xml.i deleted file mode 100644 index f44599c54..000000000 --- a/interface-definitions/include/interface/interface-enable-arp-announce.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Enable ARP announce on this interface - - - - diff --git a/interface-definitions/include/interface/interface-enable-arp-ignore.xml.i b/interface-definitions/include/interface/interface-enable-arp-ignore.xml.i deleted file mode 100644 index 3ea39613c..000000000 --- a/interface-definitions/include/interface/interface-enable-arp-ignore.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Enable ARP ignore on this interface - - - - diff --git a/interface-definitions/include/interface/interface-enable-proxy-arp.xml.i b/interface-definitions/include/interface/interface-enable-proxy-arp.xml.i deleted file mode 100644 index dbdeeb7a7..000000000 --- a/interface-definitions/include/interface/interface-enable-proxy-arp.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Enable proxy-arp on this interface - - - - diff --git a/interface-definitions/include/interface/interface-hw-id.xml.i b/interface-definitions/include/interface/interface-hw-id.xml.i deleted file mode 100644 index 989cd9cb7..000000000 --- a/interface-definitions/include/interface/interface-hw-id.xml.i +++ /dev/null @@ -1,14 +0,0 @@ - - - - Associate Ethernet Interface with given Media Access Control (MAC) address - - macaddr - Hardware (MAC) address - - - - - - - diff --git a/interface-definitions/include/interface/interface-ipv4-options.xml.i b/interface-definitions/include/interface/interface-ipv4-options.xml.i deleted file mode 100644 index c2d0677b7..000000000 --- a/interface-definitions/include/interface/interface-ipv4-options.xml.i +++ /dev/null @@ -1,18 +0,0 @@ - - - - IPv4 routing parameters - - - #include - #include - #include - #include - #include - #include - #include - #include - #include - - - diff --git a/interface-definitions/include/interface/interface-ipv6-options.xml.i b/interface-definitions/include/interface/interface-ipv6-options.xml.i deleted file mode 100644 index dcd5a8710..000000000 --- a/interface-definitions/include/interface/interface-ipv6-options.xml.i +++ /dev/null @@ -1,12 +0,0 @@ - - - - IPv6 routing parameters - - - #include - #include - #include - - - diff --git a/interface-definitions/include/interface/interface-mac.xml.i b/interface-definitions/include/interface/interface-mac.xml.i deleted file mode 100644 index d7107ad23..000000000 --- a/interface-definitions/include/interface/interface-mac.xml.i +++ /dev/null @@ -1,14 +0,0 @@ - - - - Media Access Control (MAC) address - - macaddr - Hardware (MAC) address - - - - - - - diff --git a/interface-definitions/include/interface/interface-mirror.xml.i b/interface-definitions/include/interface/interface-mirror.xml.i deleted file mode 100644 index b3b45fb43..000000000 --- a/interface-definitions/include/interface/interface-mirror.xml.i +++ /dev/null @@ -1,25 +0,0 @@ - - - - Incoming/outgoing packet mirroring destination - - - - - Mirror the ingress traffic of the interface to the destination interface - - - - - - - - Mirror the egress traffic of the interface to the destination interface - - - - - - - - diff --git a/interface-definitions/include/interface/interface-mtu-1200-16000.xml.i b/interface-definitions/include/interface/interface-mtu-1200-16000.xml.i deleted file mode 100644 index 3241ba912..000000000 --- a/interface-definitions/include/interface/interface-mtu-1200-16000.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Maximum Transmission Unit (MTU) - - 1200-16000 - Maximum Transmission Unit in byte - - - - - MTU must be between 1200 and 16000 - - 1500 - - diff --git a/interface-definitions/include/interface/interface-mtu-1450-16000.xml.i b/interface-definitions/include/interface/interface-mtu-1450-16000.xml.i deleted file mode 100644 index 0a35bbbaa..000000000 --- a/interface-definitions/include/interface/interface-mtu-1450-16000.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Maximum Transmission Unit (MTU) - - 1450-16000 - Maximum Transmission Unit in byte - - - - - MTU must be between 1450 and 16000 - - 1500 - - diff --git a/interface-definitions/include/interface/interface-mtu-64-8024.xml.i b/interface-definitions/include/interface/interface-mtu-64-8024.xml.i deleted file mode 100644 index f75de02ba..000000000 --- a/interface-definitions/include/interface/interface-mtu-64-8024.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Maximum Transmission Unit (MTU) - - 64-8024 - Maximum Transmission Unit in byte - - - - - MTU must be between 64 and 8024 - - 1500 - - diff --git a/interface-definitions/include/interface/interface-mtu-68-1500.xml.i b/interface-definitions/include/interface/interface-mtu-68-1500.xml.i deleted file mode 100644 index 9e6fe8760..000000000 --- a/interface-definitions/include/interface/interface-mtu-68-1500.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Maximum Transmission Unit (MTU) - - 68-1500 - Maximum Transmission Unit in byte - - - - - MTU must be between 68 and 1500 - - 1500 - - diff --git a/interface-definitions/include/interface/interface-mtu-68-16000.xml.i b/interface-definitions/include/interface/interface-mtu-68-16000.xml.i deleted file mode 100644 index 83af7bbd4..000000000 --- a/interface-definitions/include/interface/interface-mtu-68-16000.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Maximum Transmission Unit (MTU) - - 68-16000 - Maximum Transmission Unit in byte - - - - - MTU must be between 68 and 16000 - - 1500 - - diff --git a/interface-definitions/include/interface/interface-parameters-dont-fragment.xml.i b/interface-definitions/include/interface/interface-parameters-dont-fragment.xml.i deleted file mode 100644 index 166c31115..000000000 --- a/interface-definitions/include/interface/interface-parameters-dont-fragment.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Specifies the usage of the dont fragment (DF) bit - - - - diff --git a/interface-definitions/include/interface/interface-parameters-flowlabel.xml.i b/interface-definitions/include/interface/interface-parameters-flowlabel.xml.i deleted file mode 100644 index ed075e40d..000000000 --- a/interface-definitions/include/interface/interface-parameters-flowlabel.xml.i +++ /dev/null @@ -1,15 +0,0 @@ - - - - Specifies the flow label to use in outgoing packets - - 0x0-0x0FFFFF - Tunnel key, 'inherit' or hex value - - - ^((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit)$ - - Must be 'inherit' or a number - - - diff --git a/interface-definitions/include/interface/interface-parameters-key.xml.i b/interface-definitions/include/interface/interface-parameters-key.xml.i deleted file mode 100644 index 6c59f7879..000000000 --- a/interface-definitions/include/interface/interface-parameters-key.xml.i +++ /dev/null @@ -1,15 +0,0 @@ - - - - Tunnel key (only GRE tunnels) - - u32 - Tunnel key - - - - - key must be between 0-4294967295 - - - diff --git a/interface-definitions/include/interface/interface-parameters-tos.xml.i b/interface-definitions/include/interface/interface-parameters-tos.xml.i deleted file mode 100644 index 83b4e0671..000000000 --- a/interface-definitions/include/interface/interface-parameters-tos.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Specifies TOS value to use in outgoing packets - - 0-99 - Type of Service (TOS) - - - - - TOS must be between 0 and 99 - - inherit - - diff --git a/interface-definitions/include/interface/interface-parameters-ttl.xml.i b/interface-definitions/include/interface/interface-parameters-ttl.xml.i deleted file mode 100644 index df193cf24..000000000 --- a/interface-definitions/include/interface/interface-parameters-ttl.xml.i +++ /dev/null @@ -1,20 +0,0 @@ - - - - Specifies TTL value to use in outgoing packets - - 0 - Inherit - copy value from original IP header - - - 1-255 - Time to Live - - - - - TTL must be between 0 and 255 - - 0 - - diff --git a/interface-definitions/include/interface/interface-proxy-arp-pvlan.xml.i b/interface-definitions/include/interface/interface-proxy-arp-pvlan.xml.i deleted file mode 100644 index 153dfc072..000000000 --- a/interface-definitions/include/interface/interface-proxy-arp-pvlan.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Enable private VLAN proxy ARP on this interface - - - - diff --git a/interface-definitions/include/interface/interface-source-validation.xml.i b/interface-definitions/include/interface/interface-source-validation.xml.i deleted file mode 100644 index 70914f2e9..000000000 --- a/interface-definitions/include/interface/interface-source-validation.xml.i +++ /dev/null @@ -1,25 +0,0 @@ - - - - Source validation by reversed path (RFC3704) - - strict loose disable - - - strict - Enable Strict Reverse Path Forwarding as defined in RFC3704 - - - loose - Enable Loose Reverse Path Forwarding as defined in RFC3704 - - - disable - No source validation - - - ^(strict|loose|disable)$ - - - - diff --git a/interface-definitions/include/interface/interface-vrf.xml.i b/interface-definitions/include/interface/interface-vrf.xml.i deleted file mode 100644 index ef6ca1241..000000000 --- a/interface-definitions/include/interface/interface-vrf.xml.i +++ /dev/null @@ -1,14 +0,0 @@ - - - - VRF instance name - - text - VRF instance name - - - vrf name - - - - diff --git a/interface-definitions/include/interface/interface-xdp.xml.i b/interface-definitions/include/interface/interface-xdp.xml.i deleted file mode 100644 index 0253f6dad..000000000 --- a/interface-definitions/include/interface/interface-xdp.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Enable eXpress Data Path - - - - diff --git a/interface-definitions/include/interface/ipv4-options.xml.i b/interface-definitions/include/interface/ipv4-options.xml.i new file mode 100644 index 000000000..10884b6eb --- /dev/null +++ b/interface-definitions/include/interface/ipv4-options.xml.i @@ -0,0 +1,18 @@ + + + + IPv4 routing parameters + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i new file mode 100644 index 000000000..e57c242b0 --- /dev/null +++ b/interface-definitions/include/interface/ipv6-options.xml.i @@ -0,0 +1,12 @@ + + + + IPv6 routing parameters + + + #include + #include + #include + + + diff --git a/interface-definitions/include/interface/mac.xml.i b/interface-definitions/include/interface/mac.xml.i new file mode 100644 index 000000000..705330dce --- /dev/null +++ b/interface-definitions/include/interface/mac.xml.i @@ -0,0 +1,14 @@ + + + + Media Access Control (MAC) address + + macaddr + Hardware (MAC) address + + + + + + + diff --git a/interface-definitions/include/interface/mirror.xml.i b/interface-definitions/include/interface/mirror.xml.i new file mode 100644 index 000000000..2959551f0 --- /dev/null +++ b/interface-definitions/include/interface/mirror.xml.i @@ -0,0 +1,25 @@ + + + + Incoming/outgoing packet mirroring destination + + + + + Mirror the ingress traffic of the interface to the destination interface + + + + + + + + Mirror the egress traffic of the interface to the destination interface + + + + + + + + diff --git a/interface-definitions/include/interface/mtu-1200-16000.xml.i b/interface-definitions/include/interface/mtu-1200-16000.xml.i new file mode 100644 index 000000000..ccd986d55 --- /dev/null +++ b/interface-definitions/include/interface/mtu-1200-16000.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + 1200-16000 + Maximum Transmission Unit in byte + + + + + MTU must be between 1200 and 16000 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-1450-16000.xml.i b/interface-definitions/include/interface/mtu-1450-16000.xml.i new file mode 100644 index 000000000..2dc3a2029 --- /dev/null +++ b/interface-definitions/include/interface/mtu-1450-16000.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + 1450-16000 + Maximum Transmission Unit in byte + + + + + MTU must be between 1450 and 16000 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-64-8024.xml.i b/interface-definitions/include/interface/mtu-64-8024.xml.i new file mode 100644 index 000000000..9b8bc4697 --- /dev/null +++ b/interface-definitions/include/interface/mtu-64-8024.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + 64-8024 + Maximum Transmission Unit in byte + + + + + MTU must be between 64 and 8024 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-68-1500.xml.i b/interface-definitions/include/interface/mtu-68-1500.xml.i new file mode 100644 index 000000000..e3b70302f --- /dev/null +++ b/interface-definitions/include/interface/mtu-68-1500.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + 68-1500 + Maximum Transmission Unit in byte + + + + + MTU must be between 68 and 1500 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-68-16000.xml.i b/interface-definitions/include/interface/mtu-68-16000.xml.i new file mode 100644 index 000000000..b610ab3e2 --- /dev/null +++ b/interface-definitions/include/interface/mtu-68-16000.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + 68-16000 + Maximum Transmission Unit in byte + + + + + MTU must be between 68 and 16000 + + 1500 + + diff --git a/interface-definitions/include/interface/parameters-dont-fragment.xml.i b/interface-definitions/include/interface/parameters-dont-fragment.xml.i new file mode 100644 index 000000000..d34f0a97b --- /dev/null +++ b/interface-definitions/include/interface/parameters-dont-fragment.xml.i @@ -0,0 +1,8 @@ + + + + Specifies the usage of the dont fragment (DF) bit + + + + diff --git a/interface-definitions/include/interface/parameters-flowlabel.xml.i b/interface-definitions/include/interface/parameters-flowlabel.xml.i new file mode 100644 index 000000000..7fa571634 --- /dev/null +++ b/interface-definitions/include/interface/parameters-flowlabel.xml.i @@ -0,0 +1,15 @@ + + + + Specifies the flow label to use in outgoing packets + + 0x0-0x0FFFFF + Tunnel key, 'inherit' or hex value + + + ^((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit)$ + + Must be 'inherit' or a number + + + diff --git a/interface-definitions/include/interface/parameters-key.xml.i b/interface-definitions/include/interface/parameters-key.xml.i new file mode 100644 index 000000000..25a6c0303 --- /dev/null +++ b/interface-definitions/include/interface/parameters-key.xml.i @@ -0,0 +1,15 @@ + + + + Tunnel key (only GRE tunnels) + + u32 + Tunnel key + + + + + key must be between 0-4294967295 + + + diff --git a/interface-definitions/include/interface/parameters-tos.xml.i b/interface-definitions/include/interface/parameters-tos.xml.i new file mode 100644 index 000000000..83b4e0671 --- /dev/null +++ b/interface-definitions/include/interface/parameters-tos.xml.i @@ -0,0 +1,16 @@ + + + + Specifies TOS value to use in outgoing packets + + 0-99 + Type of Service (TOS) + + + + + TOS must be between 0 and 99 + + inherit + + diff --git a/interface-definitions/include/interface/parameters-ttl.xml.i b/interface-definitions/include/interface/parameters-ttl.xml.i new file mode 100644 index 000000000..da5ce69c2 --- /dev/null +++ b/interface-definitions/include/interface/parameters-ttl.xml.i @@ -0,0 +1,20 @@ + + + + Specifies TTL value to use in outgoing packets + + 0 + Inherit - copy value from original IP header + + + 1-255 + Time to Live + + + + + TTL must be between 0 and 255 + + 0 + + diff --git a/interface-definitions/include/interface/proxy-arp-pvlan.xml.i b/interface-definitions/include/interface/proxy-arp-pvlan.xml.i new file mode 100644 index 000000000..c00b2fe85 --- /dev/null +++ b/interface-definitions/include/interface/proxy-arp-pvlan.xml.i @@ -0,0 +1,8 @@ + + + + Enable private VLAN proxy ARP on this interface + + + + diff --git a/interface-definitions/include/interface/source-validation.xml.i b/interface-definitions/include/interface/source-validation.xml.i new file mode 100644 index 000000000..f38065f4d --- /dev/null +++ b/interface-definitions/include/interface/source-validation.xml.i @@ -0,0 +1,25 @@ + + + + Source validation by reversed path (RFC3704) + + strict loose disable + + + strict + Enable Strict Reverse Path Forwarding as defined in RFC3704 + + + loose + Enable Loose Reverse Path Forwarding as defined in RFC3704 + + + disable + No source validation + + + ^(strict|loose|disable)$ + + + + diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i index 17d1746be..3fd69d9d1 100644 --- a/interface-definitions/include/interface/vif-s.xml.i +++ b/interface-definitions/include/interface/vif-s.xml.i @@ -9,11 +9,11 @@ #include - #include + #include #include #include - #include - #include + #include + #include Protocol used for service VLAN (default: 802.1ad) @@ -35,10 +35,10 @@ 802.1ad - #include - #include - #include - #include + #include + #include + #include + #include QinQ TAG-C Virtual Local Area Network (VLAN) ID @@ -49,19 +49,19 @@ #include - #include + #include #include #include - #include - #include - #include - #include - #include - #include - #include + #include + #include + #include + #include + #include + #include + #include - #include + #include diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i index 9e89cbbf6..8daafeaf4 100644 --- a/interface-definitions/include/interface/vif.xml.i +++ b/interface-definitions/include/interface/vif.xml.i @@ -13,12 +13,12 @@ #include - #include + #include #include #include - #include - #include - #include + #include + #include + #include VLAN egress QoS @@ -45,10 +45,10 @@ QoS mapping should be in the format of '0:7 2:3' with numbers 0-9 - #include - #include - #include - #include + #include + #include + #include + #include diff --git a/interface-definitions/include/interface/vrf.xml.i b/interface-definitions/include/interface/vrf.xml.i new file mode 100644 index 000000000..5ad978a27 --- /dev/null +++ b/interface-definitions/include/interface/vrf.xml.i @@ -0,0 +1,14 @@ + + + + VRF instance name + + text + VRF instance name + + + vrf name + + + + diff --git a/interface-definitions/include/interface/xdp.xml.i b/interface-definitions/include/interface/xdp.xml.i new file mode 100644 index 000000000..10223e766 --- /dev/null +++ b/interface-definitions/include/interface/xdp.xml.i @@ -0,0 +1,8 @@ + + + + Enable eXpress Data Path + + + + -- cgit v1.2.3 From b7bfcb6ef0e712bb8c39241051e716a833b2ffe8 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 19 Aug 2021 18:14:13 +0200 Subject: interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value. --- data/configd-include.json | 1 - interface-definitions/firewall-options.xml.in | 50 ------- .../include/interface/adjust-mss.xml.i | 23 ++++ .../include/interface/ipv4-options.xml.i | 1 + .../include/interface/ipv6-options.xml.i | 1 + interface-definitions/interfaces-pppoe.xml.in | 2 + python/vyos/ifconfig/interface.py | 66 +++++++++ python/vyos/ifconfig/pppoe.py | 4 +- smoketest/scripts/cli/base_interfaces_test.py | 22 ++- src/conf_mode/firewall_options.py | 150 --------------------- src/migration-scripts/firewall/5-to-6 | 63 +++++++++ 11 files changed, 177 insertions(+), 206 deletions(-) delete mode 100644 interface-definitions/firewall-options.xml.in create mode 100644 interface-definitions/include/interface/adjust-mss.xml.i delete mode 100755 src/conf_mode/firewall_options.py create mode 100755 src/migration-scripts/firewall/5-to-6 (limited to 'interface-definitions/include/interface') diff --git a/data/configd-include.json b/data/configd-include.json index 2d7ea149b..6893aaa86 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -6,7 +6,6 @@ "dhcpv6_relay.py", "dns_forwarding.py", "dynamic_dns.py", -"firewall_options.py", "host_name.py", "https.py", "igmp_proxy.py", diff --git a/interface-definitions/firewall-options.xml.in b/interface-definitions/firewall-options.xml.in deleted file mode 100644 index 8d9225a9a..000000000 --- a/interface-definitions/firewall-options.xml.in +++ /dev/null @@ -1,50 +0,0 @@ - - - - - - - Firewall options/Packet manipulation - 990 - - - - - Interface clamping options - - - - - - #include - - - Adjust MSS for IPv4 transit packets - - 500-1460 - TCP Maximum segment size in bytes - - - - - - - - - Adjust MSS for IPv6 transit packets - - 1280-1492 - TCP Maximum segment size in bytes - - - - - - - - - - - - - diff --git a/interface-definitions/include/interface/adjust-mss.xml.i b/interface-definitions/include/interface/adjust-mss.xml.i new file mode 100644 index 000000000..57019f02c --- /dev/null +++ b/interface-definitions/include/interface/adjust-mss.xml.i @@ -0,0 +1,23 @@ + + + + + Adjust TCP MSS value + + clamp-mss-to-pmtu + + + clamp-mss-to-pmtu + Automatically sets the MSS to the proper value + + + u32:500-65535 + TCP Maximum segment size in bytes + + + + ^(clamp-mss-to-pmtu)$ + + + + diff --git a/interface-definitions/include/interface/ipv4-options.xml.i b/interface-definitions/include/interface/ipv4-options.xml.i index 10884b6eb..bca1229c6 100644 --- a/interface-definitions/include/interface/ipv4-options.xml.i +++ b/interface-definitions/include/interface/ipv4-options.xml.i @@ -4,6 +4,7 @@ IPv4 routing parameters + #include #include #include #include diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i index e57c242b0..2d2d1d3b2 100644 --- a/interface-definitions/include/interface/ipv6-options.xml.i +++ b/interface-definitions/include/interface/ipv6-options.xml.i @@ -4,6 +4,7 @@ IPv6 routing parameters + #include #include #include #include diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in index 1bbfa63af..ac8fa378b 100644 --- a/interface-definitions/interfaces-pppoe.xml.in +++ b/interface-definitions/interfaces-pppoe.xml.in @@ -70,6 +70,7 @@ IPv4 routing parameters + #include #include @@ -86,6 +87,7 @@ #include + #include diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index a1928ba51..53b57a83f 100755 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -436,6 +436,62 @@ class Interface(Control): """ return self.set_interface('arp_cache_tmo', tmo) + def set_tcp_ipv4_mss(self, mss): + """ + Set IPv4 TCP MSS value advertised when TCP SYN packets leave this + interface. Value is in bytes. + + A value of 0 will disable the MSS adjustment + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_tcp_ipv4_mss(1340) + """ + iptables_bin = 'iptables' + base_options = f'-A FORWARD -o {self.ifname} -p tcp -m tcp --tcp-flags SYN,RST SYN' + out = self._cmd(f'{iptables_bin}-save -t mangle') + for line in out.splitlines(): + if line.startswith(base_options): + # remove OLD MSS mangling configuration + line = line.replace('-A FORWARD', '-D FORWARD') + self._cmd(f'{iptables_bin} -t mangle {line}') + + cmd_mss = f'{iptables_bin} -t mangle {base_options} --jump TCPMSS' + if mss == 'clamp-mss-to-pmtu': + self._cmd(f'{cmd_mss} --clamp-mss-to-pmtu') + elif int(mss) > 0: + # probably add option to clamp only if bigger: + low_mss = str(int(mss) + 1) + self._cmd(f'{cmd_mss} -m tcpmss --mss {low_mss}:65535 --set-mss {mss}') + + def set_tcp_ipv6_mss(self, mss): + """ + Set IPv6 TCP MSS value advertised when TCP SYN packets leave this + interface. Value is in bytes. + + A value of 0 will disable the MSS adjustment + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_tcp_mss(1320) + """ + iptables_bin = 'ip6tables' + base_options = f'-A FORWARD -o {self.ifname} -p tcp -m tcp --tcp-flags SYN,RST SYN' + out = self._cmd(f'{iptables_bin}-save -t mangle') + for line in out.splitlines(): + if line.startswith(base_options): + # remove OLD MSS mangling configuration + line = line.replace('-A FORWARD', '-D FORWARD') + self._cmd(f'{iptables_bin} -t mangle {line}') + + cmd_mss = f'{iptables_bin} -t mangle {base_options} --jump TCPMSS' + if mss == 'clamp-mss-to-pmtu': + self._cmd(f'{cmd_mss} --clamp-mss-to-pmtu') + elif int(mss) > 0: + # probably add option to clamp only if bigger: + low_mss = str(int(mss) + 1) + self._cmd(f'{cmd_mss} -m tcpmss --mss {low_mss}:65535 --set-mss {mss}') + def set_arp_filter(self, arp_filter): """ Filter ARP requests @@ -1202,6 +1258,16 @@ class Interface(Control): # checked before self.set_vrf(config.get('vrf', '')) + # Configure MSS value for IPv4 TCP connections + tmp = dict_search('ip.adjust_mss', config) + value = tmp if (tmp != None) else '0' + self.set_tcp_ipv4_mss(value) + + # Configure MSS value for IPv6 TCP connections + tmp = dict_search('ipv6.adjust_mss', config) + value = tmp if (tmp != None) else '0' + self.set_tcp_ipv6_mss(value) + # Configure ARP cache timeout in milliseconds - has default value tmp = dict_search('ip.arp_cache_timeout', config) value = tmp if (tmp != None) else '30' diff --git a/python/vyos/ifconfig/pppoe.py b/python/vyos/ifconfig/pppoe.py index 65575cf99..6acf7d1c7 100644 --- a/python/vyos/ifconfig/pppoe.py +++ b/python/vyos/ifconfig/pppoe.py @@ -17,9 +17,7 @@ from vyos.ifconfig.interface import Interface @Interface.register class PPPoEIf(Interface): - default = { - 'type': 'pppoe', - } + iftype = 'pppoe' definition = { **Interface.definition, **{ diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py index 7f69b8444..63f742a8d 100644 --- a/smoketest/scripts/cli/base_interfaces_test.py +++ b/smoketest/scripts/cli/base_interfaces_test.py @@ -556,13 +556,16 @@ class BasicInterfaceTest: if not self._test_ip: self.skipTest('not supported') + arp_tmo = '300' + mss = '1420' + for interface in self._interfaces: - arp_tmo = '300' path = self._base_path + [interface] for option in self._options.get(interface, []): self.cli_set(path + option.split()) # Options + self.cli_set(path + ['ip', 'adjust-mss', mss]) self.cli_set(path + ['ip', 'arp-cache-timeout', arp_tmo]) self.cli_set(path + ['ip', 'disable-arp-filter']) self.cli_set(path + ['ip', 'disable-forwarding']) @@ -576,6 +579,12 @@ class BasicInterfaceTest: self.cli_commit() for interface in self._interfaces: + base_options = f'-A FORWARD -o {interface} -p tcp -m tcp --tcp-flags SYN,RST SYN' + out = cmd('sudo iptables-save -t mangle') + for line in out.splitlines(): + if line.startswith(base_options): + self.assertIn(f'--set-mss {mss}', line) + tmp = read_file(f'/proc/sys/net/ipv4/neigh/{interface}/base_reachable_time_ms') self.assertEqual(tmp, str((int(arp_tmo) * 1000))) # tmo value is in milli seconds @@ -607,19 +616,28 @@ class BasicInterfaceTest: if not self._test_ipv6: self.skipTest('not supported') + mss = '1400' + dad_transmits = '10' + for interface in self._interfaces: - dad_transmits = '10' path = self._base_path + [interface] for option in self._options.get(interface, []): self.cli_set(path + option.split()) # Options + self.cli_set(path + ['ipv6', 'adjust-mss', mss]) self.cli_set(path + ['ipv6', 'disable-forwarding']) self.cli_set(path + ['ipv6', 'dup-addr-detect-transmits', dad_transmits]) self.cli_commit() for interface in self._interfaces: + base_options = f'-A FORWARD -o {interface} -p tcp -m tcp --tcp-flags SYN,RST SYN' + out = cmd('sudo ip6tables-save -t mangle') + for line in out.splitlines(): + if line.startswith(base_options): + self.assertIn(f'--set-mss {mss}', line) + tmp = read_file(f'/proc/sys/net/ipv6/conf/{interface}/forwarding') self.assertEqual('0', tmp) diff --git a/src/conf_mode/firewall_options.py b/src/conf_mode/firewall_options.py deleted file mode 100755 index 67bf5d0e2..000000000 --- a/src/conf_mode/firewall_options.py +++ /dev/null @@ -1,150 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -import sys -import os -import copy - -from vyos.config import Config -from vyos import ConfigError -from vyos.util import call - -from vyos import airbag -airbag.enable() - -default_config_data = { - 'intf_opts': [], - 'new_chain4': False, - 'new_chain6': False -} - -def get_config(config=None): - opts = copy.deepcopy(default_config_data) - if config: - conf = config - else: - conf = Config() - if not conf.exists('firewall options'): - # bail out early - return opts - else: - conf.set_level('firewall options') - - # Parse configuration of each individual instance - if conf.exists('interface'): - for intf in conf.list_nodes('interface'): - conf.set_level('firewall options interface {0}'.format(intf)) - config = { - 'intf': intf, - 'disabled': False, - 'mss4': '', - 'mss6': '' - } - - # Check if individual option is disabled - if conf.exists('disable'): - config['disabled'] = True - - # - # Get MSS value IPv4 - # - if conf.exists('adjust-mss'): - config['mss4'] = conf.return_value('adjust-mss') - - # We need a marker that a new iptables chain needs to be generated - if not opts['new_chain4']: - opts['new_chain4'] = True - - # - # Get MSS value IPv6 - # - if conf.exists('adjust-mss6'): - config['mss6'] = conf.return_value('adjust-mss6') - - # We need a marker that a new ip6tables chain needs to be generated - if not opts['new_chain6']: - opts['new_chain6'] = True - - # Append interface options to global list - opts['intf_opts'].append(config) - - return opts - -def verify(tcp): - # syntax verification is done via cli - return None - -def apply(tcp): - target = 'VYOS_FW_OPTIONS' - - # always cleanup iptables - call('iptables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) - call('iptables --table mangle --flush {} >&/dev/null'.format(target)) - call('iptables --table mangle --delete-chain {} >&/dev/null'.format(target)) - - # always cleanup ip6tables - call('ip6tables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) - call('ip6tables --table mangle --flush {} >&/dev/null'.format(target)) - call('ip6tables --table mangle --delete-chain {} >&/dev/null'.format(target)) - - # Setup new iptables rules - if tcp['new_chain4']: - call('iptables --table mangle --new-chain {} >&/dev/null'.format(target)) - call('iptables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) - - for opts in tcp['intf_opts']: - intf = opts['intf'] - mss = opts['mss4'] - - # Check if this rule iis disabled - if opts['disabled']: - continue - - # adjust TCP MSS per interface - if mss: - call('iptables --table mangle --append {} --out-interface {} --protocol tcp ' - '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) - - # Setup new ip6tables rules - if tcp['new_chain6']: - call('ip6tables --table mangle --new-chain {} >&/dev/null'.format(target)) - call('ip6tables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) - - for opts in tcp['intf_opts']: - intf = opts['intf'] - mss = opts['mss6'] - - # Check if this rule iis disabled - if opts['disabled']: - continue - - # adjust TCP MSS per interface - if mss: - call('ip6tables --table mangle --append {} --out-interface {} --protocol tcp ' - '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) - - return None - -if __name__ == '__main__': - - try: - c = get_config() - verify(c) - apply(c) - except ConfigError as e: - print(e) - sys.exit(1) diff --git a/src/migration-scripts/firewall/5-to-6 b/src/migration-scripts/firewall/5-to-6 new file mode 100755 index 000000000..ccb86830a --- /dev/null +++ b/src/migration-scripts/firewall/5-to-6 @@ -0,0 +1,63 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# T3090: migrate "firewall options interface adjust-mss" to the +# individual interface. + +from sys import argv +from sys import exit + +from vyos.configtree import ConfigTree +from vyos.ifconfig import Section + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['firewall', 'options', 'interface'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + exit(0) + +for interface in config.list_nodes(base): + if config.exists(base + [interface, 'disable']): + continue + + if config.exists(base + [interface, 'adjust-mss']): + section = Section.section(interface) + tmp = config.return_value(base + [interface, 'adjust-mss']) + config.set(['interfaces', section, interface, 'ip', 'adjust-mss'], value=tmp) + + if config.exists(base + [interface, 'adjust-mss6']): + section = Section.section(interface) + tmp = config.return_value(base + [interface, 'adjust-mss6']) + config.set(['interfaces', section, interface, 'ipv6', 'adjust-mss'], value=tmp) + +config.delete(['firewall', 'options']) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) -- cgit v1.2.3 From 0e751221d0832acac807e7f0bc97d7bb31230c3a Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 19 Aug 2021 20:24:39 +0200 Subject: xml: interfaces: use one common building block for "disable-forwarding" Both building blocks only differed in the help text, so use IP for both IPv4 and IPv6. --- interface-definitions/include/interface/disable-forwarding.xml.i | 2 +- .../include/interface/ipv6-disable-forwarding.xml.i | 8 -------- interface-definitions/include/interface/ipv6-options.xml.i | 2 +- 3 files changed, 2 insertions(+), 10 deletions(-) delete mode 100644 interface-definitions/include/interface/ipv6-disable-forwarding.xml.i (limited to 'interface-definitions/include/interface') diff --git a/interface-definitions/include/interface/disable-forwarding.xml.i b/interface-definitions/include/interface/disable-forwarding.xml.i index a32e5376f..45382ec95 100644 --- a/interface-definitions/include/interface/disable-forwarding.xml.i +++ b/interface-definitions/include/interface/disable-forwarding.xml.i @@ -1,7 +1,7 @@ - Disable IPv4 forwarding on this interface + Disable IP forwarding on this interface diff --git a/interface-definitions/include/interface/ipv6-disable-forwarding.xml.i b/interface-definitions/include/interface/ipv6-disable-forwarding.xml.i deleted file mode 100644 index 4adb77d1b..000000000 --- a/interface-definitions/include/interface/ipv6-disable-forwarding.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Disable IPv6 forwarding on this interface - - - - diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i index 2d2d1d3b2..f740ce0c2 100644 --- a/interface-definitions/include/interface/ipv6-options.xml.i +++ b/interface-definitions/include/interface/ipv6-options.xml.i @@ -5,8 +5,8 @@ #include + #include #include - #include #include -- cgit v1.2.3 From 794f193d11c8c1b5fed78f4e40280480446ab593 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 29 Aug 2021 14:29:19 +0200 Subject: xml: add missing "u32:" value declarator on integer ranges --- interface-definitions/bcast-relay.xml.in | 5 ++- interface-definitions/dhcp-relay.xml.in | 4 +-- interface-definitions/dhcp-server.xml.in | 2 +- interface-definitions/dhcpv6-relay.xml.in | 2 +- interface-definitions/dhcpv6-server.xml.in | 13 ++++---- interface-definitions/dns-dynamic.xml.in | 2 +- interface-definitions/dns-forwarding.xml.in | 4 +-- interface-definitions/flow-accounting-conf.xml.in | 16 +++++----- interface-definitions/https.xml.in | 9 +++--- interface-definitions/igmp-proxy.xml.in | 2 +- .../include/accel-ppp/ppp-interface-cache.xml.i | 2 +- .../include/accel-ppp/radius-additions.xml.i | 12 ++++---- interface-definitions/include/bfd-common.xml.i | 8 ++--- .../include/firewall/common-rule.xml.i | 2 +- .../include/interface/arp-cache-timeout.xml.i | 2 +- .../include/interface/dhcpv6-options.xml.i | 4 +-- .../interface/ipv6-dup-addr-detect-transmits.xml.i | 8 ++--- .../include/interface/mtu-1200-16000.xml.i | 2 +- .../include/interface/mtu-1450-16000.xml.i | 2 +- .../include/interface/mtu-64-8024.xml.i | 2 +- .../include/interface/mtu-68-1500.xml.i | 2 +- .../include/interface/mtu-68-16000.xml.i | 2 +- .../include/interface/parameters-flowlabel.xml.i | 11 +++++-- .../include/interface/parameters-tos.xml.i | 2 +- .../include/interface/parameters-ttl.xml.i | 4 +-- .../include/interface/vif-s.xml.i | 4 +++ interface-definitions/include/interface/vif.xml.i | 2 +- interface-definitions/include/nat-rule.xml.i | 2 +- interface-definitions/include/vni.xml.i | 2 +- interface-definitions/interfaces-bridge.xml.in | 18 +++++------ interface-definitions/interfaces-l2tpv3.xml.in | 12 ++++---- interface-definitions/interfaces-macsec.xml.in | 6 ++-- interface-definitions/interfaces-openvpn.xml.in | 12 ++++---- interface-definitions/interfaces-tunnel.xml.in | 13 +++++--- interface-definitions/interfaces-wireguard.xml.in | 2 +- interface-definitions/interfaces-wireless.xml.in | 2 +- interface-definitions/lldp.xml.in | 2 +- interface-definitions/nat66.xml.in | 4 +-- interface-definitions/protocols-igmp.xml.in | 15 ++++++--- interface-definitions/protocols-multicast.xml.in | 4 +-- interface-definitions/protocols-pim.xml.in | 6 ++-- interface-definitions/service_pppoe-server.xml.in | 4 +-- interface-definitions/service_router-advert.xml.in | 36 +++++++++++----------- interface-definitions/ssh.xml.in | 2 +- interface-definitions/vpn_l2tp.xml.in | 4 +-- interface-definitions/vrf.xml.in | 4 +-- 46 files changed, 149 insertions(+), 131 deletions(-) (limited to 'interface-definitions/include/interface') diff --git a/interface-definitions/bcast-relay.xml.in b/interface-definitions/bcast-relay.xml.in index c7948ded1..3f781f07f 100644 --- a/interface-definitions/bcast-relay.xml.in +++ b/interface-definitions/bcast-relay.xml.in @@ -1,5 +1,4 @@ - @@ -14,8 +13,8 @@ Unique ID for each UDP port to forward - 1-99 - Numerical ID # + u32:1-99 + Broadcast relay instance ID diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/dhcp-relay.xml.in index 8c95239d9..0d485ef80 100644 --- a/interface-definitions/dhcp-relay.xml.in +++ b/interface-definitions/dhcp-relay.xml.in @@ -27,7 +27,7 @@ Policy to discard packets that have reached specified hop-count - 1-255 + u32:1-255 Hop count (default: 10) @@ -41,7 +41,7 @@ Maximum packet size to send to a DHCPv4/BOOTP server - 64-1400 + u32:64-1400 Maximum packet size (default: 576) diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in index 015500043..bafd6f6a2 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/dhcp-server.xml.in @@ -96,7 +96,7 @@ Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used. - 0-32 + u32:0-32 DHCP client prefix length must be 0 to 32 diff --git a/interface-definitions/dhcpv6-relay.xml.in b/interface-definitions/dhcpv6-relay.xml.in index 308f94a01..7162cf353 100644 --- a/interface-definitions/dhcpv6-relay.xml.in +++ b/interface-definitions/dhcpv6-relay.xml.in @@ -35,7 +35,7 @@ Maximum hop count for which requests will be processed - 1-255 + u32:1-255 Hop count (default: 10) diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in index 5d6c64685..95b1e5602 100644 --- a/interface-definitions/dhcpv6-server.xml.in +++ b/interface-definitions/dhcpv6-server.xml.in @@ -1,5 +1,4 @@ - @@ -34,7 +33,7 @@ Preference of this DHCPv6 server compared with others - 0-255 + u32:0-255 DHCPv6 server preference (0-255) @@ -62,7 +61,7 @@ Time (in seconds) that stateless clients should wait between refreshing the information they were given - 1-4294967295 + u32:1-4294967295 DHCPv6 information refresh time @@ -161,7 +160,7 @@ Default time (in seconds) that will be assigned to a lease - 1-4294967295 + u32:1-4294967295 DHCPv6 valid lifetime @@ -173,7 +172,7 @@ Maximum time (in seconds) that will be assigned to a lease - 1-4294967295 + u32:1-4294967295 Maximum lease time in seconds @@ -185,7 +184,7 @@ Minimum time (in seconds) that will be assigned to a lease - 1-4294967295 + u32:1-4294967295 Minimum lease time in seconds @@ -273,7 +272,7 @@ Length in bits of prefixes to be delegated - 32-64 + u32:32-64 Delagated prefix length (32-64) diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in index b0b9158c8..250642691 100644 --- a/interface-definitions/dns-dynamic.xml.in +++ b/interface-definitions/dns-dynamic.xml.in @@ -49,7 +49,7 @@ Time To Live (default: 600) - 1-86400 + u32:1-86400 DNS forwarding cache size diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index c420e9b8b..06e45ce1e 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -18,7 +18,7 @@ DNS forwarding cache size (default: 10000) - 0-10000 + u32:0-10000 DNS forwarding cache size @@ -139,7 +139,7 @@ Maximum amount of time negative entries are cached (default: 3600) - 0-7200 + u32:0-7200 Seconds to cache NXDOMAIN entries diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in index b3980d9e2..b0f308afd 100644 --- a/interface-definitions/flow-accounting-conf.xml.in +++ b/interface-definitions/flow-accounting-conf.xml.in @@ -267,7 +267,7 @@ Expiry scan interval - 0-2147483647 + u32:0-2147483647 Expiry scan interval (default 60) @@ -279,7 +279,7 @@ Generic flow timeout value - 0-2147483647 + u32:0-2147483647 Generic flow timeout in seconds (default 3600) @@ -291,7 +291,7 @@ ICMP timeout value - 0-2147483647 + u32:0-2147483647 ICMP timeout in seconds (default 300) @@ -303,7 +303,7 @@ Max active timeout value - 0-2147483647 + u32:0-2147483647 Max active timeout in seconds (default 604800) @@ -315,7 +315,7 @@ TCP finish timeout value - 0-2147483647 + u32:0-2147483647 TCP FIN timeout in seconds (default 300) @@ -327,7 +327,7 @@ TCP generic timeout value - 0-2147483647 + u32:0-2147483647 TCP generic timeout in seconds (default 3600) @@ -339,7 +339,7 @@ TCP reset timeout value - 0-2147483647 + u32:0-2147483647 TCP RST timeout in seconds (default 120) @@ -351,7 +351,7 @@ UDP timeout value - 0-2147483647 + u32:0-2147483647 UDP timeout in seconds (default 300) diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in index b0532e249..bb6f71744 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/https.xml.in @@ -1,5 +1,4 @@ - @@ -47,7 +46,7 @@ Port to listen for HTTPS requests; default 443 - 1-65535 + u32:1-65535 Numeric IP port @@ -135,9 +134,9 @@ - - Email address to associate with certificate - + + Email address to associate with certificate + diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/igmp-proxy.xml.in index d0f44eada..91c912d8b 100644 --- a/interface-definitions/igmp-proxy.xml.in +++ b/interface-definitions/igmp-proxy.xml.in @@ -65,7 +65,7 @@ TTL threshold (default: 1) - 1-255 + u32:1-255 TTL threshold for the interfaces (default: 1) diff --git a/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i b/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i index 9f223d7ed..019601c85 100644 --- a/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i +++ b/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i @@ -3,7 +3,7 @@ PPP interface cache - 1-256000 + u32:1-256000 Count of interfaces to keep in cache diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i index fdcff36bf..258ece2b5 100644 --- a/interface-definitions/include/accel-ppp/radius-additions.xml.i +++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i @@ -5,7 +5,7 @@ Maximum jitter value in seconds to be applied to accounting information interval - 1-60 + u32:1-60 Maximum jitter value in seconds @@ -20,7 +20,7 @@ Accounting port - 1-65535 + u32:1-65535 Numeric IP port (default: 1813) @@ -34,7 +34,7 @@ Mark server unavailable for <n> seconds on failure - 0-600 + u32:0-600 Fail time penalty @@ -50,7 +50,7 @@ Timeout in seconds to wait response from RADIUS server - 1-60 + u32:1-60 Timeout in seconds @@ -64,7 +64,7 @@ Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds) - 0-60 + u32:0-60 Timeout in seconds, 0 to keep active @@ -78,7 +78,7 @@ Number of tries to send Access-Request/Accounting-Request queries - 1-20 + u32:1-20 Maximum tries diff --git a/interface-definitions/include/bfd-common.xml.i b/interface-definitions/include/bfd-common.xml.i index b47b47612..1d6ab5d55 100644 --- a/interface-definitions/include/bfd-common.xml.i +++ b/interface-definitions/include/bfd-common.xml.i @@ -14,7 +14,7 @@ Minimum interval of receiving control packets - 10-60000 + u32:10-60000 Interval in milliseconds @@ -27,7 +27,7 @@ Minimum interval of transmitting control packets - 10-60000 + u32:10-60000 Interval in milliseconds @@ -40,7 +40,7 @@ Multiplier to determine packet loss - 2-255 + u32:2-255 Remote transmission interval will be multiplied by this value @@ -53,7 +53,7 @@ Echo receive transmission interval - 10-60000 + u32:10-60000 The minimal echo receive transmission interval that this system is capable of handling diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i index 1ee8da73d..a59c0b390 100644 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -110,7 +110,7 @@ Both TCP and UDP - 0-255 + u32:0-255 IP protocol number diff --git a/interface-definitions/include/interface/arp-cache-timeout.xml.i b/interface-definitions/include/interface/arp-cache-timeout.xml.i index 3fb64f1ff..cb01d0525 100644 --- a/interface-definitions/include/interface/arp-cache-timeout.xml.i +++ b/interface-definitions/include/interface/arp-cache-timeout.xml.i @@ -3,7 +3,7 @@ ARP cache entry timeout in seconds - 1-86400 + u32:1-86400 ARP cache entry timout in seconds (default 30) diff --git a/interface-definitions/include/interface/dhcpv6-options.xml.i b/interface-definitions/include/interface/dhcpv6-options.xml.i index ca478a3eb..d1abf4a90 100644 --- a/interface-definitions/include/interface/dhcpv6-options.xml.i +++ b/interface-definitions/include/interface/dhcpv6-options.xml.i @@ -38,7 +38,7 @@ Request IPv6 prefix length from peer - 32-64 + u32:32-64 Length of delegated prefix @@ -71,7 +71,7 @@ Interface site-Level aggregator (SLA) - 0-128 + u32:0-128 Decimal integer which fits in the length of SLA IDs diff --git a/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i b/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i index 2b5ec0281..babe6d20f 100644 --- a/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i +++ b/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i @@ -3,12 +3,12 @@ Number of NS messages to send while performing DAD (default: 1) - 1-n - Number of NS messages to send while performing DAD + u32:0 + Disable Duplicate Address Dectection (DAD) - 0 - Disable Duplicate Address Dectection (DAD) + u32:1-n + Number of NS messages to send while performing DAD diff --git a/interface-definitions/include/interface/mtu-1200-16000.xml.i b/interface-definitions/include/interface/mtu-1200-16000.xml.i index ccd986d55..fab053fc1 100644 --- a/interface-definitions/include/interface/mtu-1200-16000.xml.i +++ b/interface-definitions/include/interface/mtu-1200-16000.xml.i @@ -3,7 +3,7 @@ Maximum Transmission Unit (MTU) - 1200-16000 + u32:1200-16000 Maximum Transmission Unit in byte diff --git a/interface-definitions/include/interface/mtu-1450-16000.xml.i b/interface-definitions/include/interface/mtu-1450-16000.xml.i index 2dc3a2029..1e71eab01 100644 --- a/interface-definitions/include/interface/mtu-1450-16000.xml.i +++ b/interface-definitions/include/interface/mtu-1450-16000.xml.i @@ -3,7 +3,7 @@ Maximum Transmission Unit (MTU) - 1450-16000 + u32:1450-16000 Maximum Transmission Unit in byte diff --git a/interface-definitions/include/interface/mtu-64-8024.xml.i b/interface-definitions/include/interface/mtu-64-8024.xml.i index 9b8bc4697..30c77f768 100644 --- a/interface-definitions/include/interface/mtu-64-8024.xml.i +++ b/interface-definitions/include/interface/mtu-64-8024.xml.i @@ -3,7 +3,7 @@ Maximum Transmission Unit (MTU) - 64-8024 + u32:64-8024 Maximum Transmission Unit in byte diff --git a/interface-definitions/include/interface/mtu-68-1500.xml.i b/interface-definitions/include/interface/mtu-68-1500.xml.i index e3b70302f..693e0be7e 100644 --- a/interface-definitions/include/interface/mtu-68-1500.xml.i +++ b/interface-definitions/include/interface/mtu-68-1500.xml.i @@ -3,7 +3,7 @@ Maximum Transmission Unit (MTU) - 68-1500 + u32:68-1500 Maximum Transmission Unit in byte diff --git a/interface-definitions/include/interface/mtu-68-16000.xml.i b/interface-definitions/include/interface/mtu-68-16000.xml.i index b610ab3e2..cb666f470 100644 --- a/interface-definitions/include/interface/mtu-68-16000.xml.i +++ b/interface-definitions/include/interface/mtu-68-16000.xml.i @@ -3,7 +3,7 @@ Maximum Transmission Unit (MTU) - 68-16000 + u32:68-16000 Maximum Transmission Unit in byte diff --git a/interface-definitions/include/interface/parameters-flowlabel.xml.i b/interface-definitions/include/interface/parameters-flowlabel.xml.i index 7fa571634..bd0d1e070 100644 --- a/interface-definitions/include/interface/parameters-flowlabel.xml.i +++ b/interface-definitions/include/interface/parameters-flowlabel.xml.i @@ -2,9 +2,16 @@ Specifies the flow label to use in outgoing packets + + inherit + - 0x0-0x0FFFFF - Tunnel key, 'inherit' or hex value + inherit + Copy field from original header + + + 0x0-0x0fffff + Tunnel key, or hex value ^((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit)$ diff --git a/interface-definitions/include/interface/parameters-tos.xml.i b/interface-definitions/include/interface/parameters-tos.xml.i index 83b4e0671..1b342a43e 100644 --- a/interface-definitions/include/interface/parameters-tos.xml.i +++ b/interface-definitions/include/interface/parameters-tos.xml.i @@ -3,7 +3,7 @@ Specifies TOS value to use in outgoing packets - 0-99 + u32:0-99 Type of Service (TOS) diff --git a/interface-definitions/include/interface/parameters-ttl.xml.i b/interface-definitions/include/interface/parameters-ttl.xml.i index da5ce69c2..ade33b4a4 100644 --- a/interface-definitions/include/interface/parameters-ttl.xml.i +++ b/interface-definitions/include/interface/parameters-ttl.xml.i @@ -3,11 +3,11 @@ Specifies TTL value to use in outgoing packets - 0 + u32:0 Inherit - copy value from original IP header - 1-255 + u32:1-255 Time to Live diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i index 3fd69d9d1..e7ba6d193 100644 --- a/interface-definitions/include/interface/vif-s.xml.i +++ b/interface-definitions/include/interface/vif-s.xml.i @@ -2,6 +2,10 @@ QinQ TAG-S Virtual Local Area Network (VLAN) ID + + u32:0-4094 + QinQ Virtual Local Area Network (VLAN) ID + diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i index 8daafeaf4..5644c554f 100644 --- a/interface-definitions/include/interface/vif.xml.i +++ b/interface-definitions/include/interface/vif.xml.i @@ -3,7 +3,7 @@ Virtual Local Area Network (VLAN) ID - 0-4094 + u32:0-4094 Virtual Local Area Network (VLAN) ID diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i index 579d19bdd..084f1f722 100644 --- a/interface-definitions/include/nat-rule.xml.i +++ b/interface-definitions/include/nat-rule.xml.i @@ -278,7 +278,7 @@ Robust Header Compression - 0-255 + u32:0-255 IP protocol number diff --git a/interface-definitions/include/vni.xml.i b/interface-definitions/include/vni.xml.i index be45c0c97..36176caa3 100644 --- a/interface-definitions/include/vni.xml.i +++ b/interface-definitions/include/vni.xml.i @@ -3,7 +3,7 @@ Virtual Network Identifier - 0-16777214 + u32:0-16777214 VXLAN virtual network identifier diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in index ddfc5ade4..144f43f32 100644 --- a/interface-definitions/interfaces-bridge.xml.in +++ b/interface-definitions/interfaces-bridge.xml.in @@ -21,11 +21,11 @@ MAC address aging interval - 0 + u32:0 Disable MAC address learning (always flood) - 10-1000000 + u32:10-1000000 MAC address aging time in seconds (default: 300) @@ -45,7 +45,7 @@ Forwarding delay - 0-200 + u32:0-200 Spanning Tree Protocol forwarding delay in seconds (default 15) @@ -59,7 +59,7 @@ Hello packet advertisment interval - 1-10 + u32:1-10 Spanning Tree Protocol hello advertisement interval in seconds (default 2) @@ -96,7 +96,7 @@ Interval at which neighbor bridges are removed - 1-40 + u32:1-40 Bridge maximum aging time in seconds (default 20) @@ -123,7 +123,7 @@ Specify VLAN id which should natively be present on the link - 1-4094 + u32:1-4094 Virtual Local Area Network (VLAN) ID @@ -154,7 +154,7 @@ Bridge port cost - 1-65535 + u32:1-65535 Path cost value for Spanning Tree Protocol @@ -168,7 +168,7 @@ Bridge port priority - 0-63 + u32:0-63 Bridge port priority @@ -192,7 +192,7 @@ Priority for this bridge - 0-65535 + u32:0-65535 Bridge priority (default 32768) diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in index 9edc98ef6..9364c85cd 100644 --- a/interface-definitions/interfaces-l2tpv3.xml.in +++ b/interface-definitions/interfaces-l2tpv3.xml.in @@ -22,7 +22,7 @@ UDP destination port for L2TPv3 tunnel (default: 5000) - 1-65535 + u32:1-65535 Numeric IP port @@ -64,7 +64,7 @@ Peer session identifier - 1-429496729 + u32:1-429496729 L2TPv3 peer session identifier @@ -76,7 +76,7 @@ Peer tunnel identifier - 1-429496729 + u32:1-429496729 L2TPv3 peer tunnel identifier @@ -90,7 +90,7 @@ Session identifier - 1-429496729 + u32:1-429496729 L2TPv3 session identifier @@ -102,7 +102,7 @@ UDP source port for L2TPv3 tunnel (default: 5000) - 1-65535 + u32:1-65535 Numeric IP port @@ -115,7 +115,7 @@ Local tunnel identifier - 1-429496729 + u32:1-429496729 L2TPv3 local tunnel identifier diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in index e88cb4794..4a566ef8b 100644 --- a/interface-definitions/interfaces-macsec.xml.in +++ b/interface-definitions/interfaces-macsec.xml.in @@ -82,7 +82,7 @@ Priority of MACsec Key Agreement protocol (MKA) actor (default: 255) - 0-255 + u32:0-255 MACsec Key Agreement protocol (MKA) priority @@ -97,11 +97,11 @@ IEEE 802.1X/MACsec replay protection window - 0 + u32:0 No replay window, strict check - 1-4294967295 + u32:1-4294967295 Number of packets that could be misordered diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index 01e6bf2fb..3ad367900 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -206,7 +206,7 @@ Maximum number of keepalive packet failures (default: 60) - 0-1000 + u32:0-1000 Maximum number of keepalive packet failures @@ -219,7 +219,7 @@ Keepalive packet interval in seconds (default: 10) - 0-600 + u32:0-600 Keepalive packet interval (seconds) @@ -268,7 +268,7 @@ Local port number to accept connections - 1-65535 + u32:1-65535 Numeric IP port @@ -378,7 +378,7 @@ Remote port number to connect to - 1-65535 + u32:1-65535 Numeric IP port @@ -546,7 +546,7 @@ Number of maximum client connections - 1-4096 + u32:1-4096 Number of concurrent clients @@ -591,7 +591,7 @@ Set metric for this route - 0-4294967295 + u32:0-4294967295 Metric for this route diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in index c059ef624..7450ef2af 100644 --- a/interface-definitions/interfaces-tunnel.xml.in +++ b/interface-definitions/interfaces-tunnel.xml.in @@ -160,7 +160,7 @@ Unique identifier of ERSPAN engine within a system - 0-1048575 + u32:0-1048575 Unique identifier of ERSPAN engine @@ -172,7 +172,7 @@ Specifify ERSPAN version 1 index field - 0-63 + u32:0-63 Platform-depedent field for specifying port number and direction @@ -183,6 +183,9 @@ Protocol version + + 1 2 + 1 ERSPAN Type II @@ -236,7 +239,7 @@ none - 0-255 + u32:0-255 Encaplimit (default: 4) @@ -256,7 +259,7 @@ Hoplimit - 0-255 + u32:0-255 Hoplimit (default 64) @@ -270,7 +273,7 @@ Traffic class (Tclass) - 0x0-0x0FFFFF + 0x0-0x0fffff Traffic class, 'inherit' or hex value diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in index ecb4cf331..403282e5c 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -107,7 +107,7 @@ Interval to send keepalive messages - 1-65535 + u32:1-65535 Interval in seconds diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index c96d9b78d..048c7b475 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -206,7 +206,7 @@ Number of antennas on this card - 1-8 + u32:1-8 Number of antennas for this card diff --git a/interface-definitions/lldp.xml.in b/interface-definitions/lldp.xml.in index e14abae14..32ef0ad14 100644 --- a/interface-definitions/lldp.xml.in +++ b/interface-definitions/lldp.xml.in @@ -105,7 +105,7 @@ ECS ELIN (Emergency location identifier number) - 0-9999999999 + u32:0-9999999999 Emergency Call Service ELIN number (between 10-25 numbers) diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in index 7b1ec3706..077f0d5cf 100644 --- a/interface-definitions/nat66.xml.in +++ b/interface-definitions/nat66.xml.in @@ -15,7 +15,7 @@ Source NAT66 rule number - 1-999999 + u32:1-999999 Number for this rule @@ -113,7 +113,7 @@ Destination NAT66 rule number - 1-999999 + u32:1-999999 Number for this rule diff --git a/interface-definitions/protocols-igmp.xml.in b/interface-definitions/protocols-igmp.xml.in index a9b11e1a3..e10340512 100644 --- a/interface-definitions/protocols-igmp.xml.in +++ b/interface-definitions/protocols-igmp.xml.in @@ -46,9 +46,16 @@ IGMP version + + 2 3 + - 2-3 - IGMP version + 2 + IGMP version 2 + + + 3 + IGMP version 3 @@ -59,7 +66,7 @@ IGMP host query interval - 1-1800 + u32:1-1800 Query interval in seconds @@ -71,7 +78,7 @@ IGMP max query response time - 10-250 + u32:10-250 Query response value in deci-seconds diff --git a/interface-definitions/protocols-multicast.xml.in b/interface-definitions/protocols-multicast.xml.in index bf0ead78f..b1791c471 100644 --- a/interface-definitions/protocols-multicast.xml.in +++ b/interface-definitions/protocols-multicast.xml.in @@ -37,7 +37,7 @@ Distance value for this route - 1-255 + u32:1-255 Distance for this route @@ -73,7 +73,7 @@ Distance value for this route - 1-255 + u32:1-255 Distance for this route diff --git a/interface-definitions/protocols-pim.xml.in b/interface-definitions/protocols-pim.xml.in index 6152045a7..bb5cc797b 100644 --- a/interface-definitions/protocols-pim.xml.in +++ b/interface-definitions/protocols-pim.xml.in @@ -21,7 +21,7 @@ Designated Router Election Priority - 1-4294967295 + u32:1-4294967295 Value of the new DR Priority @@ -33,7 +33,7 @@ Hello Interval - 1-180 + u32:1-180 Hello Interval in seconds @@ -79,7 +79,7 @@ Keep alive Timer - 31-60000 + u32:31-60000 Keep alive Timer in seconds diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 79042e0f3..6fb0bf9f4 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -240,7 +240,7 @@ PADO delays - 1-999999 + u32:1-999999 Number in ms @@ -253,7 +253,7 @@ Number of sessions - 1-999999 + u32:1-999999 Number of sessions diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in index 750ae314c..e18b27f1b 100644 --- a/interface-definitions/service_router-advert.xml.in +++ b/interface-definitions/service_router-advert.xml.in @@ -20,12 +20,12 @@ Set Hop Count field of the IP header for outgoing packets (default: 64) - 1-255 - Value should represent current diameter of the Internet + u32:0 + Unspecified (by this router) - 0 - Unspecified (by this router) + u32:1-255 + Value should represent current diameter of the Internet @@ -38,7 +38,7 @@ Lifetime associated with the default router in units of seconds - 4-9000 + u32:4-9000 Router Lifetime in seconds @@ -86,7 +86,7 @@ Link MTU value placed in RAs, exluded in RAs if unset - 1280-9000 + u32:1280-9000 Link MTU value in RAs @@ -110,7 +110,7 @@ Maximum interval between unsolicited multicast RAs (default: 600) - 4-1800 + u32:4-1800 Maximum interval in seconds @@ -124,7 +124,7 @@ Minimum interval between unsolicited multicast RAs - 3-1350 + u32:3-1350 Minimum interval in seconds @@ -173,7 +173,7 @@ infinity - 1-4294967295 + u32:1-4294967295 Time in seconds that the route will remain valid @@ -272,7 +272,7 @@ infinity - 1-4294967295 + u32:1-4294967295 Time in seconds that the prefix will remain valid @@ -292,12 +292,12 @@ Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation - 1-3600000 - Reachable Time value in RAs (in milliseconds) + u32:0 + Reachable Time unspecified by this router - 0 - Reachable Time unspecified by this router + u32:1-3600000 + Reachable Time value in RAs (in milliseconds) @@ -310,12 +310,12 @@ Time in milliseconds between retransmitted Neighbor Solicitation messages - 1-4294967295 - Minimum interval in milliseconds + u32:0 + Time, in milliseconds, between retransmitted Neighbor Solicitation messages - 0 - Time, in milliseconds, between retransmitted Neighbor Solicitation messages + u32:1-4294967295 + Minimum interval in milliseconds diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in index c447f144d..e3b9d16e1 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/ssh.xml.in @@ -138,7 +138,7 @@ Enable transmission of keepalives from server to client - 1-65535 + u32:1-65535 Time interval in seconds for keepalive message diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index 907bcaadb..6d556d0bb 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -178,9 +178,9 @@ #include - Mark server unavailable for <n> seconds on failure + Mark server unavailable for N seconds on failure - 0-600 + u32:0-600 Fail time penalty diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index 2ed50ec5c..a82c0b2a6 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -76,7 +76,7 @@ Routing table associated with this instance - 100-65535 + u32:100-65535 Routing table ID @@ -91,7 +91,7 @@ 822 - 0-16777214 + u32:0-16777214 VXLAN virtual network identifier -- cgit v1.2.3