From 6cf5767524b8519f86981943ab71ff288bf77d67 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Tue, 11 Jan 2022 01:10:59 +0100
Subject: policy: T2199: Refactor policy route script for better error handling
* Migrates all policy route references from `ipv6-route` to `route6`
* Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
---
interface-definitions/include/interface/interface-policy-vif-c.xml.i | 4 ++--
interface-definitions/include/interface/interface-policy-vif.xml.i | 4 ++--
interface-definitions/include/interface/interface-policy.xml.i | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
(limited to 'interface-definitions/include/interface')
diff --git a/interface-definitions/include/interface/interface-policy-vif-c.xml.i b/interface-definitions/include/interface/interface-policy-vif-c.xml.i
index 5dad6422b..866fcd5c0 100644
--- a/interface-definitions/include/interface/interface-policy-vif-c.xml.i
+++ b/interface-definitions/include/interface/interface-policy-vif-c.xml.i
@@ -13,11 +13,11 @@
-
+
IPv6 policy route ruleset for interface
- policy ipv6-route
+ policy route6
diff --git a/interface-definitions/include/interface/interface-policy-vif.xml.i b/interface-definitions/include/interface/interface-policy-vif.xml.i
index 5ee80ae13..83510fe59 100644
--- a/interface-definitions/include/interface/interface-policy-vif.xml.i
+++ b/interface-definitions/include/interface/interface-policy-vif.xml.i
@@ -13,11 +13,11 @@
-
+
IPv6 policy route ruleset for interface
- policy ipv6-route
+ policy route6
diff --git a/interface-definitions/include/interface/interface-policy.xml.i b/interface-definitions/include/interface/interface-policy.xml.i
index 06f025af1..42a8fd009 100644
--- a/interface-definitions/include/interface/interface-policy.xml.i
+++ b/interface-definitions/include/interface/interface-policy.xml.i
@@ -13,11 +13,11 @@
-
+
IPv6 policy route ruleset for interface
- policy ipv6-route
+ policy route6
--
cgit v1.2.3
From c6c562eca6ff469f603697f7f1d9319b2a5504a3 Mon Sep 17 00:00:00 2001
From: Henning Surmeier
Date: Fri, 28 Jan 2022 23:55:06 +0100
Subject: policy: T4219: add local-route(6) incoming-interface
---
.../include/interface/inbound-interface.xml.i | 10 ++++
interface-definitions/policy-local-route.xml.in | 2 +
smoketest/scripts/cli/test_policy.py | 53 +++++++++++++++++++++-
src/conf_mode/policy-local-route.py | 34 ++++++++++++--
4 files changed, 94 insertions(+), 5 deletions(-)
create mode 100644 interface-definitions/include/interface/inbound-interface.xml.i
(limited to 'interface-definitions/include/interface')
diff --git a/interface-definitions/include/interface/inbound-interface.xml.i b/interface-definitions/include/interface/inbound-interface.xml.i
new file mode 100644
index 000000000..5a8d47280
--- /dev/null
+++ b/interface-definitions/include/interface/inbound-interface.xml.i
@@ -0,0 +1,10 @@
+
+
+
+ Inbound Interface
+
+
+
+
+
+
diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy-local-route.xml.in
index 11b1e04d9..573a7963f 100644
--- a/interface-definitions/policy-local-route.xml.in
+++ b/interface-definitions/policy-local-route.xml.in
@@ -88,6 +88,7 @@
+ #include
@@ -177,6 +178,7 @@
+ #include
diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py
index 73d93c986..491f1766d 100755
--- a/smoketest/scripts/cli/test_policy.py
+++ b/smoketest/scripts/cli/test_policy.py
@@ -1206,6 +1206,32 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
self.assertEqual(sort_ip(tmp), sort_ip(original))
+ # Test set table for sources with iif
+ def test_iif_sources_table_id(self):
+ path = base_path + ['local-route']
+
+ sources = ['203.0.113.11', '203.0.113.12']
+ iif = 'lo'
+ rule = '100'
+ table = '150'
+
+ self.cli_set(path + ['rule', rule, 'set', 'table', table])
+ self.cli_set(path + ['rule', rule, 'inbound-interface', iif])
+ for src in sources:
+ self.cli_set(path + ['rule', rule, 'source', src])
+
+ self.cli_commit()
+
+ # Check generated configuration
+ # Expected values
+ original = """
+ 100: from 203.0.113.11 iif lo lookup 150
+ 100: from 203.0.113.12 iif lo lookup 150
+ """
+ tmp = cmd('ip rule show prio 100')
+
+ self.assertEqual(sort_ip(tmp), sort_ip(original))
+
# Test set table for sources and destinations with fwmark
def test_fwmark_sources_destination_table_id(self):
path = base_path + ['local-route']
@@ -1318,6 +1344,31 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
self.assertEqual(sort_ip(tmp), sort_ip(original))
+ # Test set table for sources with iif ipv6
+ def test_iif_sources_ipv6_table_id(self):
+ path = base_path + ['local-route6']
+
+ sources = ['2001:db8:1338::/126', '2001:db8:1339::/126']
+ iif = 'lo'
+ rule = '102'
+ table = '150'
+ for src in sources:
+ self.cli_set(path + ['rule', rule, 'set', 'table', table])
+ self.cli_set(path + ['rule', rule, 'source', src])
+ self.cli_set(path + ['rule', rule, 'inbound-interface', iif])
+
+ self.cli_commit()
+
+ # Check generated configuration
+ # Expected values
+ original = """
+ 102: from 2001:db8:1338::/126 iif lo lookup 150
+ 102: from 2001:db8:1339::/126 iif lo lookup 150
+ """
+ tmp = cmd('ip -6 rule show prio 102')
+
+ self.assertEqual(sort_ip(tmp), sort_ip(original))
+
# Test set table for sources and destinations with fwmark ipv6
def test_fwmark_sources_destination_ipv6_table_id(self):
path = base_path + ['local-route6']
@@ -1384,7 +1435,7 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
103: from 2001:db8:1338::/126 to 2001:db8:16::/48 fwmark 0x17 lookup 150
103: from 2001:db8:1339::/56 to 2001:db8:13::/48 fwmark 0x17 lookup 150
103: from 2001:db8:1339::/56 to 2001:db8:16::/48 fwmark 0x17 lookup 150
- 103: from 2001:db8:1338::/126 to 2001:db8:13::/48 fwmark 0x17 lookup 150
+ 103: from 2001:db8:1338::/126 to 2001:db8:13::/48 fwmark 0x17 lookup 150
"""
tmp = cmd('ip rule show prio 103')
tmp_v6 = cmd('ip -6 rule show prio 103')
diff --git a/src/conf_mode/policy-local-route.py b/src/conf_mode/policy-local-route.py
index 71183c6ba..0990039c1 100755
--- a/src/conf_mode/policy-local-route.py
+++ b/src/conf_mode/policy-local-route.py
@@ -18,6 +18,7 @@ import os
from sys import exit
+from netifaces import interfaces
from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.configdict import node_changed
@@ -51,12 +52,15 @@ def get_config(config=None):
for rule in (tmp or []):
src = leaf_node_changed(conf, base_rule + [rule, 'source'])
fwmk = leaf_node_changed(conf, base_rule + [rule, 'fwmark'])
+ iif = leaf_node_changed(conf, base_rule + [rule, 'inbound-interface'])
dst = leaf_node_changed(conf, base_rule + [rule, 'destination'])
rule_def = {}
if src:
rule_def = dict_merge({'source' : src}, rule_def)
if fwmk:
rule_def = dict_merge({'fwmark' : fwmk}, rule_def)
+ if iif:
+ rule_def = dict_merge({'inbound_interface' : iif}, rule_def)
if dst:
rule_def = dict_merge({'destination' : dst}, rule_def)
dict = dict_merge({dict_id : {rule : rule_def}}, dict)
@@ -72,6 +76,7 @@ def get_config(config=None):
for rule, rule_config in pbr[route]['rule'].items():
src = leaf_node_changed(conf, base_rule + [rule, 'source'])
fwmk = leaf_node_changed(conf, base_rule + [rule, 'fwmark'])
+ iif = leaf_node_changed(conf, base_rule + [rule, 'inbound-interface'])
dst = leaf_node_changed(conf, base_rule + [rule, 'destination'])
# keep track of changes in configuration
# otherwise we might remove an existing node although nothing else has changed
@@ -100,6 +105,13 @@ def get_config(config=None):
changed = True
if len(fwmk) > 0:
rule_def = dict_merge({'fwmark' : fwmk}, rule_def)
+ if iif is None:
+ if 'inbound_interface' in rule_config:
+ rule_def = dict_merge({'inbound_interface': rule_config['inbound_interface']}, rule_def)
+ else:
+ changed = True
+ if len(iif) > 0:
+ rule_def = dict_merge({'inbound_interface' : iif}, rule_def)
if dst is None:
if 'destination' in rule_config:
rule_def = dict_merge({'destination': rule_config['destination']}, rule_def)
@@ -125,11 +137,18 @@ def verify(pbr):
pbr_route = pbr[route]
if 'rule' in pbr_route:
for rule in pbr_route['rule']:
- if 'source' not in pbr_route['rule'][rule] and 'destination' not in pbr_route['rule'][rule] and 'fwmark' not in pbr_route['rule'][rule]:
- raise ConfigError('Source or destination address or fwmark is required!')
+ if 'source' not in pbr_route['rule'][rule] \
+ and 'destination' not in pbr_route['rule'][rule] \
+ and 'fwmark' not in pbr_route['rule'][rule] \
+ and 'inbound_interface' not in pbr_route['rule'][rule]:
+ raise ConfigError('Source or destination address or fwmark or inbound-interface is required!')
else:
if 'set' not in pbr_route['rule'][rule] or 'table' not in pbr_route['rule'][rule]['set']:
raise ConfigError('Table set is required!')
+ if 'inbound_interface' in pbr_route['rule'][rule]:
+ interface = pbr_route['rule'][rule]['inbound_interface']
+ if interface not in interfaces():
+ raise ConfigError(f'Interface "{interface}" does not exist')
return None
@@ -159,7 +178,10 @@ def apply(pbr):
rule_config['fwmark'] = rule_config['fwmark'] if 'fwmark' in rule_config else ['']
for fwmk in rule_config['fwmark']:
f_fwmk = '' if fwmk == '' else f' fwmark {fwmk} '
- call(f'ip{v6} rule del prio {rule} {f_src}{f_dst}{f_fwmk}')
+ rule_config['inbound_interface'] = rule_config['inbound_interface'] if 'inbound_interface' in rule_config else ['']
+ for iif in rule_config['inbound_interface']:
+ f_iif = '' if iif == '' else f' iif {iif} '
+ call(f'ip{v6} rule del prio {rule} {f_src}{f_dst}{f_fwmk}{f_iif}')
# Generate new config
for route in ['local_route', 'local_route6']:
@@ -183,7 +205,11 @@ def apply(pbr):
if 'fwmark' in rule_config:
fwmk = rule_config['fwmark']
f_fwmk = f' fwmark {fwmk} '
- call(f'ip{v6} rule add prio {rule} {f_src}{f_dst}{f_fwmk} lookup {table}')
+ f_iif = ''
+ if 'inbound_interface' in rule_config:
+ iif = rule_config['inbound_interface']
+ f_iif = f' iif {iif} '
+ call(f'ip{v6} rule add prio {rule} {f_src}{f_dst}{f_fwmk}{f_iif} lookup {table}')
return None
--
cgit v1.2.3
From b693f929b63c0c847d9a3c6ee9160845ef501be1 Mon Sep 17 00:00:00 2001
From: Christian Poessinger
Date: Sun, 20 Feb 2022 10:40:38 +0100
Subject: static: T4203: obey interface dhcp default route distance
Commit 05aa22dc ("protocols: static: T3680: do not delete DHCP received routes")
added a bug whenever a static route is modified - the DHCP interface will
always end up with metric 210 - if there was a default route over a DHCP
interface.
---
data/templates/frr/staticd.frr.tmpl | 4 +-
.../include/interface/dhcp-options.xml.i | 3 +-
python/vyos/configdict.py | 54 ++++++++++++++++++----
3 files changed, 48 insertions(+), 13 deletions(-)
(limited to 'interface-definitions/include/interface')
diff --git a/data/templates/frr/staticd.frr.tmpl b/data/templates/frr/staticd.frr.tmpl
index bfe959c1d..5d833228a 100644
--- a/data/templates/frr/staticd.frr.tmpl
+++ b/data/templates/frr/staticd.frr.tmpl
@@ -17,10 +17,10 @@ vrf {{ vrf }}
{% endif %}
{# IPv4 default routes from DHCP interfaces #}
{% if dhcp is defined and dhcp is not none %}
-{% for interface in dhcp %}
+{% for interface, interface_config in dhcp.items() %}
{% set next_hop = interface | get_dhcp_router %}
{% if next_hop is defined and next_hop is not none %}
-{{ ip_prefix }} route 0.0.0.0/0 {{ next_hop }} {{ interface }} tag 210 210
+{{ ip_prefix }} route 0.0.0.0/0 {{ next_hop }} {{ interface }} tag 210 {{ interface_config.distance }}
{% endif %}
{% endfor %}
{% endif %}
diff --git a/interface-definitions/include/interface/dhcp-options.xml.i b/interface-definitions/include/interface/dhcp-options.xml.i
index b65b0802a..f62b06640 100644
--- a/interface-definitions/include/interface/dhcp-options.xml.i
+++ b/interface-definitions/include/interface/dhcp-options.xml.i
@@ -30,12 +30,13 @@
Distance for the default route from DHCP server
u32:1-255
- Distance for the default route from DHCP server (default 210)
+ Distance for the default route from DHCP server (default: 210)
+ 210
diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py
index efeb6dc1f..f2ec93520 100644
--- a/python/vyos/configdict.py
+++ b/python/vyos/configdict.py
@@ -319,34 +319,42 @@ def is_source_interface(conf, interface, intftype=None):
def get_dhcp_interfaces(conf, vrf=None):
""" Common helper functions to retrieve all interfaces from current CLI
sessions that have DHCP configured. """
- dhcp_interfaces = []
+ dhcp_interfaces = {}
dict = conf.get_config_dict(['interfaces'], get_first_key=True)
if not dict:
return dhcp_interfaces
def check_dhcp(config, ifname):
- out = []
+ tmp = {}
if 'address' in config and 'dhcp' in config['address']:
+ options = {}
+ if 'dhcp_options' in config and 'default_route_distance' in config['dhcp_options']:
+ options.update({'distance' : config['dhcp_options']['default_route_distance']})
if 'vrf' in config:
- if vrf is config['vrf']: out.append(ifname)
- else: out.append(ifname)
- return out
+ if vrf is config['vrf']: tmp.update({ifname : options})
+ else: tmp.update({ifname : options})
+ return tmp
for section, interface in dict.items():
- for ifname, ifconfig in interface.items():
+ for ifname in interface:
+ # we already have a dict representation of the config from get_config_dict(),
+ # but with the extended information from get_interface_dict() we also
+ # get the DHCP client default-route-distance default option if not specified.
+ ifconfig = get_interface_dict(conf, ['interfaces', section], ifname)
+
tmp = check_dhcp(ifconfig, ifname)
- dhcp_interfaces.extend(tmp)
+ dhcp_interfaces.update(tmp)
# check per VLAN interfaces
for vif, vif_config in ifconfig.get('vif', {}).items():
tmp = check_dhcp(vif_config, f'{ifname}.{vif}')
- dhcp_interfaces.extend(tmp)
+ dhcp_interfaces.update(tmp)
# check QinQ VLAN interfaces
for vif_s, vif_s_config in ifconfig.get('vif-s', {}).items():
tmp = check_dhcp(vif_s_config, f'{ifname}.{vif_s}')
- dhcp_interfaces.extend(tmp)
+ dhcp_interfaces.update(tmp)
for vif_c, vif_c_config in vif_s_config.get('vif-c', {}).items():
tmp = check_dhcp(vif_c_config, f'{ifname}.{vif_s}.{vif_c}')
- dhcp_interfaces.extend(tmp)
+ dhcp_interfaces.update(tmp)
return dhcp_interfaces
@@ -405,6 +413,12 @@ def get_interface_dict(config, base, ifname=''):
if 'deleted' not in dict:
dict = dict_merge(default_values, dict)
+ # If interface does not request an IPv4 DHCP address there is no need
+ # to keep the dhcp-options key
+ if 'address' not in dict or 'dhcp' not in dict['address']:
+ if 'dhcp_options' in dict:
+ del dict['dhcp_options']
+
# XXX: T2665: blend in proper DHCPv6-PD default values
dict = T2665_set_dhcpv6pd_defaults(dict)
@@ -475,6 +489,12 @@ def get_interface_dict(config, base, ifname=''):
# XXX: T2665: blend in proper DHCPv6-PD default values
dict['vif'][vif] = T2665_set_dhcpv6pd_defaults(dict['vif'][vif])
+ # If interface does not request an IPv4 DHCP address there is no need
+ # to keep the dhcp-options key
+ if 'address' not in dict['vif'][vif] or 'dhcp' not in dict['vif'][vif]['address']:
+ if 'dhcp_options' in dict['vif'][vif]:
+ del dict['vif'][vif]['dhcp_options']
+
# Check if we are a member of a bridge device
bridge = is_member(config, f'{ifname}.{vif}', 'bridge')
if bridge: dict['vif'][vif].update({'is_bridge_member' : bridge})
@@ -509,6 +529,13 @@ def get_interface_dict(config, base, ifname=''):
# XXX: T2665: blend in proper DHCPv6-PD default values
dict['vif_s'][vif_s] = T2665_set_dhcpv6pd_defaults(dict['vif_s'][vif_s])
+ # If interface does not request an IPv4 DHCP address there is no need
+ # to keep the dhcp-options key
+ if 'address' not in dict['vif_s'][vif_s] or 'dhcp' not in \
+ dict['vif_s'][vif_s]['address']:
+ if 'dhcp_options' in dict['vif_s'][vif_s]:
+ del dict['vif_s'][vif_s]['dhcp_options']
+
# Check if we are a member of a bridge device
bridge = is_member(config, f'{ifname}.{vif_s}', 'bridge')
if bridge: dict['vif_s'][vif_s].update({'is_bridge_member' : bridge})
@@ -543,6 +570,13 @@ def get_interface_dict(config, base, ifname=''):
dict['vif_s'][vif_s]['vif_c'][vif_c] = T2665_set_dhcpv6pd_defaults(
dict['vif_s'][vif_s]['vif_c'][vif_c])
+ # If interface does not request an IPv4 DHCP address there is no need
+ # to keep the dhcp-options key
+ if 'address' not in dict['vif_s'][vif_s]['vif_c'][vif_c] or 'dhcp' \
+ not in dict['vif_s'][vif_s]['vif_c'][vif_c]['address']:
+ if 'dhcp_options' in dict['vif_s'][vif_s]['vif_c'][vif_c]:
+ del dict['vif_s'][vif_s]['vif_c'][vif_c]['dhcp_options']
+
# Check if we are a member of a bridge device
bridge = is_member(config, f'{ifname}.{vif_s}.{vif_c}', 'bridge')
if bridge: dict['vif_s'][vif_s]['vif_c'][vif_c].update(
--
cgit v1.2.3
From 0ecddff7cffa8900d351d5c15e32420f9d780c0b Mon Sep 17 00:00:00 2001
From: Andreas
Date: Wed, 29 Dec 2021 18:02:06 +0100
Subject: vxlan: T4120: add ability to set multiple remotes (PR #1127)
VXLAN does support using multiple remotes but VyOS does not. Add the ability
to set multiple remotes and add their flood lists using "bridge" command.
---
.../include/interface/tunnel-remote.xml.i | 2 +-
.../include/interface/tunnel-remotes.xml.i | 19 ++++++++++++
interface-definitions/interfaces-vxlan.xml.in | 2 +-
python/vyos/ifconfig/vxlan.py | 7 +++++
smoketest/scripts/cli/test_interfaces_vxlan.py | 2 ++
src/conf_mode/interfaces-vxlan.py | 34 ++++++++++++++++++++++
6 files changed, 64 insertions(+), 2 deletions(-)
create mode 100644 interface-definitions/include/interface/tunnel-remotes.xml.i
(limited to 'interface-definitions/include/interface')
diff --git a/interface-definitions/include/interface/tunnel-remote.xml.i b/interface-definitions/include/interface/tunnel-remote.xml.i
index 1ba9b0382..2a8891b85 100644
--- a/interface-definitions/include/interface/tunnel-remote.xml.i
+++ b/interface-definitions/include/interface/tunnel-remote.xml.i
@@ -1,4 +1,4 @@
-
+
Tunnel remote address
diff --git a/interface-definitions/include/interface/tunnel-remotes.xml.i b/interface-definitions/include/interface/tunnel-remotes.xml.i
new file mode 100644
index 000000000..ae8481898
--- /dev/null
+++ b/interface-definitions/include/interface/tunnel-remotes.xml.i
@@ -0,0 +1,19 @@
+
+
+
+ Tunnel remote address
+
+ ipv4
+ Tunnel remote IPv4 address
+
+
+ ipv6
+ Tunnel remote IPv6 address
+
+
+
+
+
+
+
+
diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in
index 4c3c3ac71..559067ea5 100644
--- a/interface-definitions/interfaces-vxlan.xml.in
+++ b/interface-definitions/interfaces-vxlan.xml.in
@@ -98,7 +98,7 @@
#include
#include
- #include
+ #include
#include
#include
diff --git a/python/vyos/ifconfig/vxlan.py b/python/vyos/ifconfig/vxlan.py
index 0c5282db4..87b5e40b8 100644
--- a/python/vyos/ifconfig/vxlan.py
+++ b/python/vyos/ifconfig/vxlan.py
@@ -82,3 +82,10 @@ class VXLANIf(Interface):
self._cmd(cmd.format(**self.config))
# interface is always A/D down. It needs to be enabled explicitly
self.set_admin_state('down')
+
+ other_remotes = self.config.get('other_remotes')
+ if other_remotes:
+ for rem in other_remotes:
+ self.config['rem'] = rem
+ cmd2 = 'bridge fdb append to 00:00:00:00:00:00 dst {rem} port {port} dev {ifname}'
+ self._cmd(cmd2.format(**self.config))
diff --git a/smoketest/scripts/cli/test_interfaces_vxlan.py b/smoketest/scripts/cli/test_interfaces_vxlan.py
index 9278adadd..12fc463ba 100755
--- a/smoketest/scripts/cli/test_interfaces_vxlan.py
+++ b/smoketest/scripts/cli/test_interfaces_vxlan.py
@@ -33,6 +33,8 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase):
'vxlan10': ['vni 10', 'remote 127.0.0.2'],
'vxlan20': ['vni 20', 'group 239.1.1.1', 'source-interface eth0'],
'vxlan30': ['vni 30', 'remote 2001:db8:2000::1', 'source-address 2001:db8:1000::1', 'parameters ipv6 flowlabel 0x1000'],
+ 'vxlan40': ['vni 40', 'remote 127.0.0.2', 'remote 127.0.0.3'],
+ 'vxlan50': ['vni 50', 'remote 2001:db8:2000::1', 'remote 2001:db8:2000::2', 'parameters ipv6 flowlabel 0x1000'],
}
cls._interfaces = list(cls._options)
# call base-classes classmethod
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index 1f097c4e3..092f249df 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -58,6 +58,13 @@ def get_config(config=None):
if len(vxlan['other_tunnels']) == 0:
del vxlan['other_tunnels']
+ # leave first remote in dict and put the other ones (if they exists) to "other_remotes"
+ remotes = vxlan.get('remote')
+ if remotes:
+ vxlan['remote'] = remotes[0]
+ if len(remotes) > 1:
+ del remotes[0]
+ vxlan['other_remotes'] = remotes
return vxlan
def verify(vxlan):
@@ -108,6 +115,33 @@ def verify(vxlan):
raise ConfigError(f'Underlaying device MTU is to small ({lower_mtu} '\
f'bytes) for VXLAN overhead ({vxlan_overhead} bytes!)')
+ # Check for mixed IPv4 and IPv6 addresses
+ protocol = None
+ if 'source_address' in vxlan:
+ if is_ipv6(vxlan['source_address']):
+ protocol = 'ipv6'
+ else:
+ protocol = 'ipv4'
+ if 'remote' in vxlan:
+ if is_ipv6(vxlan['remote']):
+ if protocol == 'ipv4':
+ raise ConfigError('IPv4 and IPV6 cannot be mixed')
+ protocol = 'ipv6'
+ else:
+ if protocol == 'ipv6':
+ raise ConfigError('IPv4 and IPV6 cannot be mixed')
+ protocol = 'ipv4'
+ if 'other_remotes' in vxlan:
+ for rem in vxlan['other_remotes']:
+ if is_ipv6(rem):
+ if protocol == 'ipv4':
+ raise ConfigError('IPv4 and IPV6 cannot be mixed')
+ protocol = 'ipv6'
+ else:
+ if protocol == 'ipv6':
+ raise ConfigError('IPv4 and IPV6 cannot be mixed')
+ protocol = 'ipv4'
+
verify_mtu_ipv6(vxlan)
verify_address(vxlan)
return None
--
cgit v1.2.3
From d418cd36027aef5993122ec62419e8c66fe7a1ed Mon Sep 17 00:00:00 2001
From: Christian Poessinger
Date: Sun, 20 Feb 2022 22:06:49 +0100
Subject: vxlan: T4120: rename tunnel-remotes.xml.i ->
tunnel-remote-multi.xml.i
---
.../include/interface/tunnel-remote-multi.xml.i | 19 +++++++++++++++++++
.../include/interface/tunnel-remotes.xml.i | 19 -------------------
interface-definitions/interfaces-vxlan.xml.in | 2 +-
3 files changed, 20 insertions(+), 20 deletions(-)
create mode 100644 interface-definitions/include/interface/tunnel-remote-multi.xml.i
delete mode 100644 interface-definitions/include/interface/tunnel-remotes.xml.i
(limited to 'interface-definitions/include/interface')
diff --git a/interface-definitions/include/interface/tunnel-remote-multi.xml.i b/interface-definitions/include/interface/tunnel-remote-multi.xml.i
new file mode 100644
index 000000000..f672087a4
--- /dev/null
+++ b/interface-definitions/include/interface/tunnel-remote-multi.xml.i
@@ -0,0 +1,19 @@
+
+
+
+ Tunnel remote address
+
+ ipv4
+ Tunnel remote IPv4 address
+
+
+ ipv6
+ Tunnel remote IPv6 address
+
+
+
+
+
+
+
+
diff --git a/interface-definitions/include/interface/tunnel-remotes.xml.i b/interface-definitions/include/interface/tunnel-remotes.xml.i
deleted file mode 100644
index ae8481898..000000000
--- a/interface-definitions/include/interface/tunnel-remotes.xml.i
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
-
- Tunnel remote address
-
- ipv4
- Tunnel remote IPv4 address
-
-
- ipv6
- Tunnel remote IPv6 address
-
-
-
-
-
-
-
-
diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in
index 559067ea5..0546b4199 100644
--- a/interface-definitions/interfaces-vxlan.xml.in
+++ b/interface-definitions/interfaces-vxlan.xml.in
@@ -98,7 +98,7 @@
#include
#include
- #include
+ #include
#include
#include
--
cgit v1.2.3
From a68c9238111c6caee78bb28f8054b8f0cfa0e374 Mon Sep 17 00:00:00 2001
From: Christian Poessinger
Date: Thu, 24 Feb 2022 22:47:12 +0100
Subject: scripts: T4269: node.def generator should automatically add default
values
Since introducing the XML node it was common, but redundant,
practice to also add a help string indicating which value would be used as
default if the node is unset.
This makes no sense b/c it's duplicated code/value/characters and prone to
error. The node.def scripts should be extended to automatically render the
appropriate default value into the CLI help string.
For e.g. SSH the current PoC renders:
$ cat templates-cfg/service/ssh/port/node.def
multi:
type: txt
help: Port for SSH service (default: 22)
val_help: u32:1-65535; Numeric IP port
...
Not all subsystems are already migrated to get_config_dict() and make use of
the defaults() call - those subsystems need to be migrated, first before the new
default is added to the CLI help.
---
interface-definitions/containers.xml.in | 6 ++--
interface-definitions/dhcp-relay.xml.in | 6 ++--
interface-definitions/dhcp-server.xml.in | 2 +-
interface-definitions/dhcpv6-relay.xml.in | 2 +-
interface-definitions/dns-domain-name.xml.in | 1 +
interface-definitions/dns-forwarding.xml.in | 6 ++--
interface-definitions/flow-accounting-conf.xml.in | 26 +++++++++---------
interface-definitions/high-availability.xml.in | 16 +++++------
interface-definitions/igmp-proxy.xml.in | 8 +++---
.../include/accel-ppp/client-ipv6-pool.xml.i | 2 +-
.../include/accel-ppp/radius-additions.xml.i | 6 ++--
interface-definitions/include/bfd/common.xml.i | 6 ++--
.../include/bgp/protocol-common-config.xml.i | 2 +-
.../include/bgp/timers-keepalive.xml.i | 2 +-
.../include/firewall/name-default-action.xml.i | 2 +-
.../include/interface/arp-cache-timeout.xml.i | 2 +-
.../include/interface/dhcp-options.xml.i | 2 +-
.../include/interface/dhcpv6-options.xml.i | 4 +--
.../include/nat-translation-options.xml.i | 4 +--
interface-definitions/include/ospf/auto-cost.xml.i | 2 +-
.../include/ospf/interface-common.xml.i | 2 +-
interface-definitions/include/ospf/intervals.xml.i | 8 +++---
.../include/ospf/metric-type.xml.i | 2 +-
.../include/ospf/protocol-common-config.xml.i | 18 ++++++------
.../include/ospfv3/protocol-common-config.xml.i | 2 +-
.../include/radius-server-port.xml.i | 2 +-
interface-definitions/include/rip/rip-timers.xml.i | 6 ++--
.../include/snmp/access-mode.xml.i | 2 +-
.../include/snmp/authentication-type.xml.i | 2 +-
.../include/snmp/privacy-type.xml.i | 2 +-
interface-definitions/include/snmp/protocol.xml.i | 2 +-
.../include/vpn-ipsec-encryption.xml.i | 2 +-
interface-definitions/include/vpn-ipsec-hash.xml.i | 2 +-
interface-definitions/interfaces-bonding.xml.in | 6 ++--
interface-definitions/interfaces-bridge.xml.in | 10 +++----
interface-definitions/interfaces-ethernet.xml.in | 4 +--
interface-definitions/interfaces-l2tpv3.xml.in | 6 ++--
interface-definitions/interfaces-macsec.xml.in | 4 +--
interface-definitions/interfaces-openvpn.xml.in | 22 +++++++--------
interface-definitions/interfaces-pppoe.xml.in | 2 +-
interface-definitions/interfaces-tunnel.xml.in | 4 +--
interface-definitions/interfaces-wireless.xml.in | 10 +++----
interface-definitions/protocols-rpki.xml.in | 2 +-
.../service_console-server.xml.in | 6 ++--
.../service_monitoring_telegraf.xml.in | 6 ++--
interface-definitions/service_router-advert.xml.in | 14 +++++-----
interface-definitions/service_webproxy.xml.in | 26 ++++++++++--------
interface-definitions/snmp.xml.in | 6 ++--
interface-definitions/ssh.xml.in | 2 +-
interface-definitions/system-ip.xml.in | 2 +-
interface-definitions/system-login.xml.in | 4 +--
interface-definitions/system-logs.xml.in | 8 +++---
interface-definitions/vpn_ipsec.xml.in | 32 +++++++++++-----------
interface-definitions/vpn_l2tp.xml.in | 10 +++----
interface-definitions/vpn_openconnect.xml.in | 12 ++++----
interface-definitions/zone-policy.xml.in | 6 ++--
scripts/build-command-templates | 17 +++++++++---
57 files changed, 197 insertions(+), 183 deletions(-)
(limited to 'interface-definitions/include/interface')
diff --git a/interface-definitions/containers.xml.in b/interface-definitions/containers.xml.in
index 07686b16e..9cd2b0902 100644
--- a/interface-definitions/containers.xml.in
+++ b/interface-definitions/containers.xml.in
@@ -111,7 +111,7 @@
- Constrain the memory available to a container (default: 512MB)
+ Constrain the memory available to a container
u32:0
Unlimited
@@ -212,7 +212,7 @@
on-failure
- Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)
+ Restart containers when they exit with a non-zero exit code, retrying indefinitely
always
@@ -283,7 +283,7 @@
- Add registry (default docker.io)
+ Add registry
docker.io
diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/dhcp-relay.xml.in
index 483e776a7..a5643add6 100644
--- a/interface-definitions/dhcp-relay.xml.in
+++ b/interface-definitions/dhcp-relay.xml.in
@@ -20,7 +20,7 @@
Policy to discard packets that have reached specified hop-count
u32:1-255
- Hop count (default: 10)
+ Hop count
@@ -34,7 +34,7 @@
Maximum packet size to send to a DHCPv4/BOOTP server
u32:64-1400
- Maximum packet size (default: 576)
+ Maximum packet size
@@ -44,7 +44,7 @@
- Policy to handle incoming DHCPv4 packets which already contain relay agent options (default: forward)
+ Policy to handle incoming DHCPv4 packets which already contain relay agent options
append replace forward discard
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index d1ed579e9..312dcd2a0 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -198,7 +198,7 @@
- Lease timeout in seconds (default: 86400)
+ Lease timeout in seconds
u32
DHCP lease time in seconds
diff --git a/interface-definitions/dhcpv6-relay.xml.in b/interface-definitions/dhcpv6-relay.xml.in
index 7162cf353..5abcbe804 100644
--- a/interface-definitions/dhcpv6-relay.xml.in
+++ b/interface-definitions/dhcpv6-relay.xml.in
@@ -36,7 +36,7 @@
Maximum hop count for which requests will be processed
u32:1-255
- Hop count (default: 10)
+ Hop count
diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in
index 005a55ab3..7ae537d00 100644
--- a/interface-definitions/dns-domain-name.xml.in
+++ b/interface-definitions/dns-domain-name.xml.in
@@ -29,6 +29,7 @@
+
System host name (default: vyos)
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in
index 4faf604ad..a2e809da8 100644
--- a/interface-definitions/dns-forwarding.xml.in
+++ b/interface-definitions/dns-forwarding.xml.in
@@ -16,7 +16,7 @@
- DNS forwarding cache size (default: 10000)
+ DNS forwarding cache size
u32:0-2147483647
DNS forwarding cache size
@@ -38,7 +38,7 @@
- DNSSEC mode (default: process-no-validate)
+ DNSSEC mode
off process-no-validate process log-fail validate
@@ -587,7 +587,7 @@
#include
- Maximum amount of time negative entries are cached (default: 3600)
+ Maximum amount of time negative entries are cached
u32:0-7200
Seconds to cache NXDOMAIN entries
diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in
index 1b57d706c..05cf5e170 100644
--- a/interface-definitions/flow-accounting-conf.xml.in
+++ b/interface-definitions/flow-accounting-conf.xml.in
@@ -14,7 +14,7 @@
Buffer size
u32
- Buffer size in MiB (default: 10)
+ Buffer size in MiB
@@ -27,7 +27,7 @@
Specifies the maximum number of bytes to capture for each packet
u32:128-750
- Packet length in bytes (default: 128)
+ Packet length in bytes
@@ -209,7 +209,7 @@
9
- NetFlow version 9 (default)
+ NetFlow version 9
10
@@ -240,7 +240,7 @@
NetFlow port number
u32:1025-65535
- NetFlow port number (default: 2055)
+ NetFlow port number
@@ -260,7 +260,7 @@
Expiry scan interval
u32:0-2147483647
- Expiry scan interval (default: 60)
+ Expiry scan interval
@@ -273,7 +273,7 @@
Generic flow timeout value
u32:0-2147483647
- Generic flow timeout in seconds (default: 3600)
+ Generic flow timeout in seconds
@@ -286,7 +286,7 @@
ICMP timeout value
u32:0-2147483647
- ICMP timeout in seconds (default: 300)
+ ICMP timeout in seconds
@@ -299,7 +299,7 @@
Max active timeout value
u32:0-2147483647
- Max active timeout in seconds (default: 604800)
+ Max active timeout in seconds
@@ -312,7 +312,7 @@
TCP finish timeout value
u32:0-2147483647
- TCP FIN timeout in seconds (default: 300)
+ TCP FIN timeout in seconds
@@ -325,7 +325,7 @@
TCP generic timeout value
u32:0-2147483647
- TCP generic timeout in seconds (default: 3600)
+ TCP generic timeout in seconds
@@ -338,7 +338,7 @@
TCP reset timeout value
u32:0-2147483647
- TCP RST timeout in seconds (default: 120)
+ TCP RST timeout in seconds
@@ -351,7 +351,7 @@
UDP timeout value
u32:0-2147483647
- UDP timeout in seconds (default: 300)
+ UDP timeout in seconds
@@ -418,7 +418,7 @@
sFlow port number
u32:1025-65535
- sFlow port number (default: 6343)
+ sFlow port number
diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in
index ee1d70484..662052e12 100644
--- a/interface-definitions/high-availability.xml.in
+++ b/interface-definitions/high-availability.xml.in
@@ -22,7 +22,7 @@
Advertise interval
u32:1-255
- Advertise interval in seconds (default: 1)
+ Advertise interval in seconds
@@ -79,7 +79,7 @@
- Health check failure count required for transition to fault (default: 3)
+ Health check failure count required for transition to fault
@@ -88,7 +88,7 @@
- Health check execution interval in seconds (default: 60)
+ Health check execution interval in seconds
@@ -160,7 +160,7 @@
- Router priority (default: 100)
+ Router priority
u32:1-255
Router priority
@@ -333,7 +333,7 @@
Interval between health-checks (in seconds)
u32:1-600
- Interval in seconds (default: 10)
+ Interval in seconds
@@ -343,7 +343,7 @@
- Forwarding method (default: NAT)
+ Forwarding method
direct nat tunnel
@@ -371,7 +371,7 @@
Timeout for persistent connections
u32:1-86400
- Timeout for persistent connections (default: 300)
+ Timeout for persistent connections
@@ -381,7 +381,7 @@
- Protocol for port checks (default: TCP)
+ Protocol for port checks
tcp udp
diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/igmp-proxy.xml.in
index 91c912d8b..c7ab60929 100644
--- a/interface-definitions/igmp-proxy.xml.in
+++ b/interface-definitions/igmp-proxy.xml.in
@@ -39,7 +39,7 @@
- IGMP interface role (default: downstream)
+ IGMP interface role
upstream downstream disabled
@@ -49,7 +49,7 @@
downstream
- Downstream interface(s) (default)
+ Downstream interface(s)
disabled
@@ -63,10 +63,10 @@
- TTL threshold (default: 1)
+ TTL threshold
u32:1-255
- TTL threshold for the interfaces (default: 1)
+ TTL threshold for the interfaces
diff --git a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i
index a692f2335..01cf0e040 100644
--- a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i
+++ b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i
@@ -21,7 +21,7 @@
Prefix length used for individual client
u32:48-128
- Client prefix length (default: 64)
+ Client prefix length
diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i
index 258ece2b5..441c9dda5 100644
--- a/interface-definitions/include/accel-ppp/radius-additions.xml.i
+++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i
@@ -21,7 +21,7 @@
Accounting port
u32:1-65535
- Numeric IP port (default: 1813)
+ Numeric IP port
@@ -62,7 +62,7 @@
- Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds)
+ Timeout for Interim-Update packets, terminate session afterwards
u32:0-60
Timeout in seconds, 0 to keep active
@@ -126,7 +126,7 @@
- Port for Dynamic Authorization Extension server (DM/CoA) (default: 1700)
+ Port for Dynamic Authorization Extension server (DM/CoA)
u32:1-65535
TCP port
diff --git a/interface-definitions/include/bfd/common.xml.i b/interface-definitions/include/bfd/common.xml.i
index e52221441..126ab9b9a 100644
--- a/interface-definitions/include/bfd/common.xml.i
+++ b/interface-definitions/include/bfd/common.xml.i
@@ -15,7 +15,7 @@
Minimum interval of receiving control packets
u32:10-60000
- Interval in milliseconds (default: 300)
+ Interval in milliseconds
@@ -28,7 +28,7 @@
Minimum interval of transmitting control packets
u32:10-60000
- Interval in milliseconds (default: 300)
+ Interval in milliseconds
@@ -41,7 +41,7 @@
Multiplier to determine packet loss
u32:2-255
- Remote transmission interval will be multiplied by this value (default: 3)
+ Remote transmission interval will be multiplied by this value
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index 8214d0779..38337b032 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -1191,7 +1191,7 @@
Set period to rescan BGP table to check if condition is met
u32:5-240
- Period to rerun the conditional advertisement scanner process (default: 60)
+ Period to rerun the conditional advertisement scanner process
diff --git a/interface-definitions/include/bgp/timers-keepalive.xml.i b/interface-definitions/include/bgp/timers-keepalive.xml.i
index b2771e326..b23f96ec8 100644
--- a/interface-definitions/include/bgp/timers-keepalive.xml.i
+++ b/interface-definitions/include/bgp/timers-keepalive.xml.i
@@ -4,7 +4,7 @@
BGP keepalive interval for this neighbor
u32:1-65535
- Keepalive interval in seconds (default 60)
+ Keepalive interval in seconds
diff --git a/interface-definitions/include/firewall/name-default-action.xml.i b/interface-definitions/include/firewall/name-default-action.xml.i
index 1b61b076f..8470a29a9 100644
--- a/interface-definitions/include/firewall/name-default-action.xml.i
+++ b/interface-definitions/include/firewall/name-default-action.xml.i
@@ -7,7 +7,7 @@
drop
- Drop if no prior rules are hit (default)
+ Drop if no prior rules are hit
reject
diff --git a/interface-definitions/include/interface/arp-cache-timeout.xml.i b/interface-definitions/include/interface/arp-cache-timeout.xml.i
index cb01d0525..06d7ffe96 100644
--- a/interface-definitions/include/interface/arp-cache-timeout.xml.i
+++ b/interface-definitions/include/interface/arp-cache-timeout.xml.i
@@ -4,7 +4,7 @@
ARP cache entry timeout in seconds
u32:1-86400
- ARP cache entry timout in seconds (default 30)
+ ARP cache entry timout in seconds
diff --git a/interface-definitions/include/interface/dhcp-options.xml.i b/interface-definitions/include/interface/dhcp-options.xml.i
index f62b06640..098d02919 100644
--- a/interface-definitions/include/interface/dhcp-options.xml.i
+++ b/interface-definitions/include/interface/dhcp-options.xml.i
@@ -30,7 +30,7 @@
Distance for the default route from DHCP server
u32:1-255
- Distance for the default route from DHCP server (default: 210)
+ Distance for the default route from DHCP server
diff --git a/interface-definitions/include/interface/dhcpv6-options.xml.i b/interface-definitions/include/interface/dhcpv6-options.xml.i
index d1abf4a90..08e4f5e0a 100644
--- a/interface-definitions/include/interface/dhcpv6-options.xml.i
+++ b/interface-definitions/include/interface/dhcpv6-options.xml.i
@@ -57,10 +57,10 @@
- Local interface address assigned to interface
+ Local interface address assigned to interface (default: EUI-64)
>0
- Used to form IPv6 interface address (default: EUI-64)
+ Used to form IPv6 interface address
diff --git a/interface-definitions/include/nat-translation-options.xml.i b/interface-definitions/include/nat-translation-options.xml.i
index df2f76397..f1539757b 100644
--- a/interface-definitions/include/nat-translation-options.xml.i
+++ b/interface-definitions/include/nat-translation-options.xml.i
@@ -16,7 +16,7 @@
random
- Random source or destination address allocation for each connection (default)
+ Random source or destination address allocation for each connection
^(persistent|random)$
@@ -39,7 +39,7 @@
none
- Do not apply port randomization (default)
+ Do not apply port randomization
^(random|fully-random|none)$
diff --git a/interface-definitions/include/ospf/auto-cost.xml.i b/interface-definitions/include/ospf/auto-cost.xml.i
index 3e6cc8232..da6483a00 100644
--- a/interface-definitions/include/ospf/auto-cost.xml.i
+++ b/interface-definitions/include/ospf/auto-cost.xml.i
@@ -6,7 +6,7 @@
- Reference bandwidth method to assign cost (default: 100)
+ Reference bandwidth method to assign cost
u32:1-4294967
Reference bandwidth cost in Mbits/sec
diff --git a/interface-definitions/include/ospf/interface-common.xml.i b/interface-definitions/include/ospf/interface-common.xml.i
index 738651594..9c8b94f0b 100644
--- a/interface-definitions/include/ospf/interface-common.xml.i
+++ b/interface-definitions/include/ospf/interface-common.xml.i
@@ -20,7 +20,7 @@
- Router priority (default: 1)
+ Router priority
u32:0-255
OSPF router priority cost
diff --git a/interface-definitions/include/ospf/intervals.xml.i b/interface-definitions/include/ospf/intervals.xml.i
index fad1a6305..9f6e5df69 100644
--- a/interface-definitions/include/ospf/intervals.xml.i
+++ b/interface-definitions/include/ospf/intervals.xml.i
@@ -1,7 +1,7 @@
- Interval after which a neighbor is declared dead (default: 40)
+ Interval after which a neighbor is declared dead
u32:1-65535
Neighbor dead interval (seconds)
@@ -14,7 +14,7 @@
- Interval between hello packets (default: 10)
+ Interval between hello packets
u32:1-65535
Hello interval (seconds)
@@ -27,7 +27,7 @@
- Interval between retransmitting lost link state advertisements (default: 5)
+ Interval between retransmitting lost link state advertisements
u32:1-65535
Retransmit interval (seconds)
@@ -40,7 +40,7 @@
- Link state transmit delay (default: 1)
+ Link state transmit delay
u32:1-65535
Link state transmit delay (seconds)
diff --git a/interface-definitions/include/ospf/metric-type.xml.i b/interface-definitions/include/ospf/metric-type.xml.i
index ef9fd8ac0..de55c7645 100644
--- a/interface-definitions/include/ospf/metric-type.xml.i
+++ b/interface-definitions/include/ospf/metric-type.xml.i
@@ -1,7 +1,7 @@
- OSPF metric type for default routes (default: 2)
+ OSPF metric type for default routes
u32:1-2
Set OSPF External Type 1/2 metrics
diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i
index e783f4bec..088bee2de 100644
--- a/interface-definitions/include/ospf/protocol-common-config.xml.i
+++ b/interface-definitions/include/ospf/protocol-common-config.xml.i
@@ -106,7 +106,7 @@
- Configure NSSA-ABR (default: candidate)
+ Configure NSSA-ABR
always candidate never
@@ -116,7 +116,7 @@
candidate
- Translate for election (default)
+ Translate for election
never
@@ -502,7 +502,7 @@
- Dead neighbor polling interval (default: 60)
+ Dead neighbor polling interval
u32:1-65535
Seconds between dead neighbor polling interval
@@ -515,7 +515,7 @@
- Neighbor priority in seconds (default: 0)
+ Neighbor priority in seconds
u32:0-255
Neighbor priority
@@ -535,13 +535,13 @@
- OSPF ABR type (default: cisco)
+ OSPF ABR type
cisco ibm shortcut standard
cisco
- Cisco ABR type (default)
+ Cisco ABR type
ibm
@@ -712,7 +712,7 @@
- Delay from the first change received to SPF calculation (default: 200)
+ Delay from the first change received to SPF calculation
u32:0-600000
Delay in milliseconds
@@ -725,7 +725,7 @@
- Initial hold time between consecutive SPF calculations (default: 1000)
+ Initial hold time between consecutive SPF calculations
u32:0-600000
Initial hold time in milliseconds
@@ -738,7 +738,7 @@
- Maximum hold time (default: 10000)
+ Maximum hold time
u32:0-600000
Max hold time in milliseconds
diff --git a/interface-definitions/include/ospfv3/protocol-common-config.xml.i b/interface-definitions/include/ospfv3/protocol-common-config.xml.i
index 5d08debda..792c873c8 100644
--- a/interface-definitions/include/ospfv3/protocol-common-config.xml.i
+++ b/interface-definitions/include/ospfv3/protocol-common-config.xml.i
@@ -158,7 +158,7 @@
- Instance Id (default: 0)
+ Instance ID
u32:0-255
Instance Id
diff --git a/interface-definitions/include/radius-server-port.xml.i b/interface-definitions/include/radius-server-port.xml.i
index 4e5d906bc..c6b691a0f 100644
--- a/interface-definitions/include/radius-server-port.xml.i
+++ b/interface-definitions/include/radius-server-port.xml.i
@@ -4,7 +4,7 @@
Authentication port
u32:1-65535
- Numeric IP port (default: 1812)
+ Numeric IP port
diff --git a/interface-definitions/include/rip/rip-timers.xml.i b/interface-definitions/include/rip/rip-timers.xml.i
index 3aaaf8e65..129d9ed23 100644
--- a/interface-definitions/include/rip/rip-timers.xml.i
+++ b/interface-definitions/include/rip/rip-timers.xml.i
@@ -9,7 +9,7 @@
Garbage collection timer
u32:5-2147483647
- Garbage colletion time (default 120)
+ Garbage colletion time
@@ -22,7 +22,7 @@
Routing information timeout timer
u32:5-2147483647
- Routing information timeout timer (default 180)
+ Routing information timeout timer
@@ -35,7 +35,7 @@
Routing table update timer
u32:5-2147483647
- Routing table update timer in seconds (default 30)
+ Routing table update timer in seconds
diff --git a/interface-definitions/include/snmp/access-mode.xml.i b/interface-definitions/include/snmp/access-mode.xml.i
index 1fce2364e..71c766774 100644
--- a/interface-definitions/include/snmp/access-mode.xml.i
+++ b/interface-definitions/include/snmp/access-mode.xml.i
@@ -7,7 +7,7 @@
ro
- Read-Only (default)
+ Read-Only
rw
diff --git a/interface-definitions/include/snmp/authentication-type.xml.i b/interface-definitions/include/snmp/authentication-type.xml.i
index 2a545864a..ca0bb10a6 100644
--- a/interface-definitions/include/snmp/authentication-type.xml.i
+++ b/interface-definitions/include/snmp/authentication-type.xml.i
@@ -7,7 +7,7 @@
md5
- Message Digest 5 (default)
+ Message Digest 5
sha
diff --git a/interface-definitions/include/snmp/privacy-type.xml.i b/interface-definitions/include/snmp/privacy-type.xml.i
index 47a1e632e..94029a6c6 100644
--- a/interface-definitions/include/snmp/privacy-type.xml.i
+++ b/interface-definitions/include/snmp/privacy-type.xml.i
@@ -7,7 +7,7 @@
des
- Data Encryption Standard (default)
+ Data Encryption Standard
aes
diff --git a/interface-definitions/include/snmp/protocol.xml.i b/interface-definitions/include/snmp/protocol.xml.i
index 335736724..ebdeef87e 100644
--- a/interface-definitions/include/snmp/protocol.xml.i
+++ b/interface-definitions/include/snmp/protocol.xml.i
@@ -7,7 +7,7 @@
udp
- Listen protocol UDP (default)
+ Listen protocol UDP
tcp
diff --git a/interface-definitions/include/vpn-ipsec-encryption.xml.i b/interface-definitions/include/vpn-ipsec-encryption.xml.i
index 9ef2f7c90..faa264d2f 100644
--- a/interface-definitions/include/vpn-ipsec-encryption.xml.i
+++ b/interface-definitions/include/vpn-ipsec-encryption.xml.i
@@ -11,7 +11,7 @@
aes128
- 128 bit AES-CBC (default)
+ 128 bit AES-CBC
aes192
diff --git a/interface-definitions/include/vpn-ipsec-hash.xml.i b/interface-definitions/include/vpn-ipsec-hash.xml.i
index 5a06b290e..b3ef4fb7a 100644
--- a/interface-definitions/include/vpn-ipsec-hash.xml.i
+++ b/interface-definitions/include/vpn-ipsec-hash.xml.i
@@ -15,7 +15,7 @@
sha1
- SHA1 HMAC (default)
+ SHA1 HMAC
sha1_160
diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in
index 723041ca5..b98f4b960 100644
--- a/interface-definitions/interfaces-bonding.xml.in
+++ b/interface-definitions/interfaces-bonding.xml.in
@@ -66,7 +66,7 @@
layer2
- use MAC addresses to generate the hash (802.3ad, default)
+ use MAC addresses to generate the hash
layer2+3
@@ -115,7 +115,7 @@
slow
- Request partner to transmit LACPDUs every 30 seconds (default)
+ Request partner to transmit LACPDUs every 30 seconds
fast
@@ -135,7 +135,7 @@
802.3ad
- IEEE 802.3ad Dynamic link aggregation (Default)
+ IEEE 802.3ad Dynamic link aggregation
active-backup
diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index 89a6d2303..fabfb917a 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -26,7 +26,7 @@
u32:10-1000000
- MAC address aging time in seconds (default: 300)
+ MAC address aging time in seconds
@@ -48,7 +48,7 @@
Forwarding delay
u32:0-200
- Spanning Tree Protocol forwarding delay in seconds (default 15)
+ Spanning Tree Protocol forwarding delay in seconds
@@ -62,7 +62,7 @@
Hello packet advertisement interval
u32:1-10
- Spanning Tree Protocol hello advertisement interval in seconds (default 2)
+ Spanning Tree Protocol hello advertisement interval in seconds
@@ -99,7 +99,7 @@
Interval at which neighbor bridges are removed
u32:1-40
- Bridge maximum aging time in seconds (default 20)
+ Bridge maximum aging time in seconds
@@ -195,7 +195,7 @@
Priority for this bridge
u32:0-65535
- Bridge priority (default 32768)
+ Bridge priority
diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in
index 9e113cb71..be7bddfa4 100644
--- a/interface-definitions/interfaces-ethernet.xml.in
+++ b/interface-definitions/interfaces-ethernet.xml.in
@@ -41,7 +41,7 @@
auto
- Auto negotiation (default)
+ Auto negotiation
half
@@ -110,7 +110,7 @@
- Link speed (default: auto)
+ Link speed
auto 10 100 1000 2500 5000 10000 25000 40000 50000 100000
diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in
index 85d4ab992..ba9bcb0a2 100644
--- a/interface-definitions/interfaces-l2tpv3.xml.in
+++ b/interface-definitions/interfaces-l2tpv3.xml.in
@@ -20,7 +20,7 @@
#include
- UDP destination port for L2TPv3 tunnel (default: 5000)
+ UDP destination port for L2TPv3 tunnel
u32:1-65535
Numeric IP port
@@ -36,7 +36,7 @@
#include
- Encapsulation type (default: UDP)
+ Encapsulation type
udp ip
@@ -102,7 +102,7 @@
- UDP source port for L2TPv3 tunnel (default: 5000)
+ UDP source port for L2TPv3 tunnel
u32:1-65535
Numeric IP port
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in
index 598935e51..7206e57b1 100644
--- a/interface-definitions/interfaces-macsec.xml.in
+++ b/interface-definitions/interfaces-macsec.xml.in
@@ -36,7 +36,7 @@
gcm-aes-128
- Galois/Counter Mode of AES cipher with 128-bit key (default)
+ Galois/Counter Mode of AES cipher with 128-bit key
gcm-aes-256
@@ -84,7 +84,7 @@
- Priority of MACsec Key Agreement protocol (MKA) actor (default: 255)
+ Priority of MACsec Key Agreement protocol (MKA) actor
u32:0-255
MACsec Key Agreement protocol (MKA) priority
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index 16d91145f..eb574eb52 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -38,7 +38,7 @@
#include
- OpenVPN interface device-type (default: tun)
+ OpenVPN interface device-type
tun tap
@@ -206,7 +206,7 @@
- Maximum number of keepalive packet failures (default: 60)
+ Maximum number of keepalive packet failures
u32:0-1000
Maximum number of keepalive packet failures
@@ -219,7 +219,7 @@
- Keepalive packet interval in seconds (default: 10)
+ Keepalive packet interval in seconds
u32:0-600
Keepalive packet interval (seconds)
@@ -613,13 +613,13 @@
- Topology for clients (default: net30)
+ Topology for clients
net30 point-to-point subnet
net30
- net30 topology (default)
+ net30 topology
point-to-point
@@ -647,7 +647,7 @@
- Maximum allowed clock slop in seconds (default: 180)
+ Maximum allowed clock slop in seconds
1-65535
Seconds
@@ -660,7 +660,7 @@
- Time drift in seconds (default: 0)
+ Time drift in seconds
1-65535
Seconds
@@ -673,7 +673,7 @@
- Step value for totp in seconds (default: 30)
+ Step value for totp in seconds
1-65535
Seconds
@@ -686,7 +686,7 @@
- Number of digits to use for totp hash (default: 6)
+ Number of digits to use for totp hash
1-65535
Seconds
@@ -699,7 +699,7 @@
- Expect password as result of a challenge response protocol (default: enabled)
+ Expect password as result of a challenge response protocol
disable enable
@@ -709,7 +709,7 @@
enable
- Enable chalenge-response (default)
+ Enable chalenge-response
^(disable|enable)$
diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in
index 80a890940..ed0e45840 100644
--- a/interface-definitions/interfaces-pppoe.xml.in
+++ b/interface-definitions/interfaces-pppoe.xml.in
@@ -23,7 +23,7 @@
#include
- Default route insertion behaviour (default: auto)
+ Default route insertion behaviour
auto none force
diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in
index fd69fd177..eb1708aaa 100644
--- a/interface-definitions/interfaces-tunnel.xml.in
+++ b/interface-definitions/interfaces-tunnel.xml.in
@@ -241,7 +241,7 @@
u32:0-255
- Encapsulation limit (default: 4)
+ Encapsulation limit
none
@@ -261,7 +261,7 @@
Hoplimit
u32:0-255
- Hop limit (default: 64)
+ Hop limit
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index a2d1439a3..5b79ac671 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -291,7 +291,7 @@
0
- 20 or 40 MHz channel width (default)
+ 20 or 40 MHz channel width
1
@@ -431,7 +431,7 @@
- Wireless radio channel (default: 0)
+ Wireless radio channel
0
Automatic Channel Selection (ACS)
@@ -515,7 +515,7 @@
disabled
- no MFP (hostapd default)
+ no MFP
optional
@@ -546,7 +546,7 @@
g
- 802.11g - 54 Mbits/sec (default)
+ 802.11g - 54 Mbits/sec
n
@@ -564,7 +564,7 @@
- Wireless physical device (default: phy0)
+ Wireless physical device
diff --git a/interface-definitions/protocols-rpki.xml.in b/interface-definitions/protocols-rpki.xml.in
index a73d0aae4..68762ff9a 100644
--- a/interface-definitions/protocols-rpki.xml.in
+++ b/interface-definitions/protocols-rpki.xml.in
@@ -82,7 +82,7 @@
- RPKI cache polling period (default: 300)
+ RPKI cache polling period
u32:1-86400
Polling period in seconds
diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in
index 28aa7ea71..549edb813 100644
--- a/interface-definitions/service_console-server.xml.in
+++ b/interface-definitions/service_console-server.xml.in
@@ -41,7 +41,7 @@
- Serial port data bits (default: 8)
+ Serial port data bits
7 8
@@ -53,7 +53,7 @@
- Serial port stop bits (default: 1)
+ Serial port stop bits
1 2
@@ -65,7 +65,7 @@
- Parity setting (default: none)
+ Parity setting
even odd none
diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in
index 0db9052ff..f0a94d6a9 100644
--- a/interface-definitions/service_monitoring_telegraf.xml.in
+++ b/interface-definitions/service_monitoring_telegraf.xml.in
@@ -44,19 +44,19 @@
- Remote bucket, by default (main)
+ Remote bucket
main
- Source parameters for monitoring (default: all)
+ Source parameters for monitoring
all hardware-utilization logs network system telegraf
all
- All parameters (default)
+ All parameters
hardware-utilization
diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in
index 0f4009f5c..ce1da85aa 100644
--- a/interface-definitions/service_router-advert.xml.in
+++ b/interface-definitions/service_router-advert.xml.in
@@ -18,7 +18,7 @@
- Set Hop Count field of the IP header for outgoing packets (default: 64)
+ Set Hop Count field of the IP header for outgoing packets
u32:0
Unspecified (by this router)
@@ -63,7 +63,7 @@
medium
- Default router has medium preference (default)
+ Default router has medium preference
high
@@ -108,7 +108,7 @@
- Maximum interval between unsolicited multicast RAs (default: 600)
+ Maximum interval between unsolicited multicast RAs
u32:4-1800
Maximum interval in seconds
@@ -156,7 +156,7 @@
- Time in seconds that the route will remain valid (default: 1800 seconds)
+ Time in seconds that the route will remain valid
infinity
@@ -187,7 +187,7 @@
medium
- Route has medium preference (default)
+ Route has medium preference
high
@@ -234,7 +234,7 @@
- Time in seconds that the prefix will remain preferred (default 4 hours)
+ Time in seconds that the prefix will remain preferred
infinity
@@ -255,7 +255,7 @@
- Time in seconds that the prefix will remain valid (default: 30 days)
+ Time in seconds that the prefix will remain valid
infinity
diff --git a/interface-definitions/service_webproxy.xml.in b/interface-definitions/service_webproxy.xml.in
index 03f504ac7..92e5ca37b 100644
--- a/interface-definitions/service_webproxy.xml.in
+++ b/interface-definitions/service_webproxy.xml.in
@@ -28,7 +28,7 @@
- Number of authentication helper processes (default: 5)
+ Number of authentication helper processes
n
Number of authentication helper processes
@@ -41,7 +41,7 @@
- Authenticated session time to live in minutes (default: 60)
+ Authenticated session time to live in minutes
n
Authenticated session timeout
@@ -105,7 +105,7 @@
- LDAP protocol version (default: 3)
+ LDAP protocol version
2 3
@@ -177,7 +177,7 @@
- Default Proxy Port (default: 3128)
+ Default Proxy Port
u32:1025-65535
Default port number
@@ -190,7 +190,11 @@
- Cache peer ICP port (default: disabled)
+ Cache peer ICP port
+
+ u32:0
+ Cache peer disabled
+
u32:1-65535
Cache peer ICP port
@@ -203,7 +207,7 @@
- Cache peer options (default: "no-query default")
+ Cache peer options
txt
Cache peer options
@@ -239,7 +243,7 @@
- Disk cache size in MB (default: 100)
+ Disk cache size in MB
u32
Disk cache size in MB
@@ -253,7 +257,7 @@
- Default Proxy Port (default: 3128)
+ Default Proxy Port
u32:1025-65535
Default port number
@@ -296,7 +300,7 @@
- Default Proxy Port (default: 3128)
+ Default Proxy Port
u32:1025-65535
Default port number
@@ -399,7 +403,7 @@
- Hour of day for database update [REQUIRED]
+ Hour of day for database update
u32:0-23
Hour for database update
@@ -414,7 +418,7 @@
- Redirect URL for filtered websites (default: block.vyos.net)
+ Redirect URL for filtered websites
url
URL for redirect
diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in
index 67d3aef9a..b9e0f4cc5 100644
--- a/interface-definitions/snmp.xml.in
+++ b/interface-definitions/snmp.xml.in
@@ -26,7 +26,7 @@
ro
- Read-Only (default)
+ Read-Only
rw
@@ -226,7 +226,7 @@
auth
- Messages are authenticated but not encrypted (authNoPriv, default)
+ Messages are authenticated but not encrypted (authNoPriv)
priv
@@ -329,7 +329,7 @@
inform trap
- inform (default)
+ inform
Use INFORM
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in
index e3b9d16e1..187e5f8e8 100644
--- a/interface-definitions/ssh.xml.in
+++ b/interface-definitions/ssh.xml.in
@@ -105,7 +105,7 @@
^(quiet|fatal|error|info|verbose)$
- INFO
+ info
diff --git a/interface-definitions/system-ip.xml.in b/interface-definitions/system-ip.xml.in
index 86fbe5701..1fa63d517 100644
--- a/interface-definitions/system-ip.xml.in
+++ b/interface-definitions/system-ip.xml.in
@@ -15,7 +15,7 @@
- Maximum number of entries to keep in the ARP cache (default: 8192)
+ Maximum number of entries to keep in the ARP cache
1024 2048 4096 8192 16384 32768
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
index 4bfe82268..a5519ee88 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system-login.xml.in
@@ -124,7 +124,7 @@
Session timeout
u32:1-30
- Session timeout in seconds (default: 2)
+ Session timeout in seconds
@@ -138,7 +138,7 @@
Server priority
u32:1-255
- Server priority (default: 255)
+ Server priority
diff --git a/interface-definitions/system-logs.xml.in b/interface-definitions/system-logs.xml.in
index 8b6c7c399..1caa7abb6 100644
--- a/interface-definitions/system-logs.xml.in
+++ b/interface-definitions/system-logs.xml.in
@@ -23,7 +23,7 @@
Size of a single log file that triggers rotation
u32:1-1024
- Size in MB (default: 10)
+ Size in MB
@@ -37,7 +37,7 @@
Count of rotations before old logs will be deleted
u32:1-100
- Rotations (default: 10)
+ Rotations
@@ -58,7 +58,7 @@
Size of a single log file that triggers rotation
u32:1-1024
- Size in MB (default: 1)
+ Size in MB
@@ -72,7 +72,7 @@
Count of rotations before old logs will be deleted
u32:1-100
- Rotations (default: 10)
+ Rotations
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index dae76218f..147bb99ba 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -30,7 +30,7 @@
disable
- Disable ESP compression (default)
+ Disable ESP compression
enable
@@ -47,7 +47,7 @@
ESP lifetime
u32:30-86400
- ESP lifetime in seconds (default: 3600)
+ ESP lifetime in seconds
@@ -87,7 +87,7 @@
tunnel
- Tunnel mode (default)
+ Tunnel mode
transport
@@ -107,7 +107,7 @@
enable
- Inherit Diffie-Hellman group from the IKE group (default)
+ Inherit Diffie-Hellman group from the IKE group
dh-group1
@@ -235,7 +235,7 @@
none
- Do nothing (default)
+ Do nothing
hold
@@ -267,7 +267,7 @@
hold
- Attempt to re-negotiate the connection when matching traffic is seen (default)
+ Attempt to re-negotiate the connection when matching traffic is seen
clear
@@ -287,7 +287,7 @@
Keep-alive interval
u32:2-86400
- Keep-alive interval in seconds (default: 30)
+ Keep-alive interval in seconds
@@ -299,7 +299,7 @@
Dead Peer Detection keep-alive timeout (IKEv1 only)
u32:2-86400
- Keep-alive timeout in seconds (default 120)
+ Keep-alive timeout in seconds
@@ -310,7 +310,7 @@
- Re-authentication of the remote peer during an IKE re-key. IKEv2 option only
+ Re-authentication of the remote peer during an IKE re-key - IKEv2 only
yes no
@@ -320,7 +320,7 @@
no
- Disable remote host re-authenticaton during an IKE rekey. (default)
+ Disable remote host re-authenticaton during an IKE rekey
^(yes|no)$
@@ -351,7 +351,7 @@
IKE lifetime
u32:30-86400
- IKE lifetime in seconds (default: 28800)
+ IKE lifetime in seconds
@@ -367,7 +367,7 @@
enable
- Enable MOBIKE (default for IKEv2)
+ Enable MOBIKE
disable
@@ -386,7 +386,7 @@
main
- Use the main mode (recommended, default)
+ Use the main mode (recommended)
aggressive
@@ -533,7 +533,7 @@
strongSwan logging Level
0
- Very basic auditing logs e.g. SA up/SA down (default)
+ Very basic auditing logs e.g. SA up/SA down
1
@@ -791,7 +791,7 @@
u32:1-86400
- Timeout in seconds (default: 28800)
+ Timeout in seconds
@@ -1067,7 +1067,7 @@
inherit
- Inherit the reauth configuration form your IKE-group (default)
+ Inherit the reauth configuration form your IKE-group
^(yes|no|inherit)$
diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
index 6a88756a7..9ca7b1fad 100644
--- a/interface-definitions/vpn_l2tp.xml.in
+++ b/interface-definitions/vpn_l2tp.xml.in
@@ -88,7 +88,7 @@
IKE lifetime
u32:30-86400
- IKE lifetime in seconds (default 3600)
+ IKE lifetime in seconds
@@ -101,7 +101,7 @@
ESP lifetime
u32:30-86400
- IKE lifetime in seconds (default 3600)
+ IKE lifetime in seconds
@@ -135,7 +135,7 @@
PPP idle timeout
u32:30-86400
- PPP idle timeout in seconds (default 1800)
+ PPP idle timeout in seconds
@@ -206,7 +206,7 @@
- Timeout to wait reply for Interim-Update packets. (default 3 seconds)
+ Timeout to wait reply for Interim-Update packets
@@ -244,7 +244,7 @@
- Specifies which radius attribute contains rate information. (default is Filter-Id)
+ Specifies which radius attribute contains rate information
diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
index 0db5e79d0..3fc34bacc 100644
--- a/interface-definitions/vpn_openconnect.xml.in
+++ b/interface-definitions/vpn_openconnect.xml.in
@@ -41,7 +41,7 @@
Session timeout
u32:1-30
- Session timeout in seconds (default: 2)
+ Session timeout in seconds
@@ -61,10 +61,10 @@
- tcp port number to accept connections (default: 443)
+ tcp port number to accept connections
u32:1-65535
- Numeric IP port (default: 443)
+ Numeric IP port
@@ -74,10 +74,10 @@
- udp port number to accept connections (default: 443)
+ udp port number to accept connections
u32:1-65535
- Numeric IP port (default: 443)
+ Numeric IP port
@@ -160,7 +160,7 @@
Prefix length used for individual client
u32:48-128
- Client prefix length (default: 64)
+ Client prefix length
diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in
index 69ee031c7..b898c3ecd 100644
--- a/interface-definitions/zone-policy.xml.in
+++ b/interface-definitions/zone-policy.xml.in
@@ -27,7 +27,7 @@
drop
- Drop silently (default)
+ Drop silently
reject
@@ -97,7 +97,7 @@
accept
- Accept traffic (default)
+ Accept traffic
drop
@@ -138,7 +138,7 @@
Zone to be local-zone
-
+
diff --git a/scripts/build-command-templates b/scripts/build-command-templates
index d8abb0a13..876f5877c 100755
--- a/scripts/build-command-templates
+++ b/scripts/build-command-templates
@@ -117,7 +117,7 @@ def collect_validators(ve):
return regex_args + " " + validator_args
-def get_properties(p):
+def get_properties(p, default=None):
props = {}
if p is None:
@@ -125,7 +125,12 @@ def get_properties(p):
# Get the help string
try:
- props["help"] = p.find("help").text
+ help = p.find("help").text
+ if default != None:
+ # DNS forwarding for instance has multiple defaults - specified as whitespace separated list
+ tmp = ', '.join(default.text.split())
+ help += f' (default: {tmp})'
+ props["help"] = help
except:
pass
@@ -134,7 +139,11 @@ def get_properties(p):
vhe = p.findall("valueHelp")
vh = []
for v in vhe:
- vh.append( (v.find("format").text, v.find("description").text) )
+ format = v.find("format").text
+ description = v.find("description").text
+ if default != None and default.text == format:
+ description += f' (default)'
+ vh.append( (format, description) )
props["val_help"] = vh
except:
props["val_help"] = []
@@ -271,7 +280,7 @@ def process_node(n, tmpl_dir):
print("Name of the node: {0}. Created directory: {1}\n".format(name, "/".join(my_tmpl_dir)), end="")
os.makedirs(make_path(my_tmpl_dir), exist_ok=True)
- props = get_properties(props_elem)
+ props = get_properties(props_elem, n.find("defaultValue"))
if owner:
props["owner"] = owner
# Type should not be set for non-tag, non-leaf nodes
--
cgit v1.2.3
From 3584691b35f35e40a1bfc22c34da031141fd0dfa Mon Sep 17 00:00:00 2001
From: Christian Poessinger
Date: Mon, 21 Mar 2022 21:41:41 +0100
Subject: qos: T4284: initial XML interface definitions for rewrite
---
Makefile | 6 +
data/configd-include.json | 1 +
.../include/interface/redirect.xml.i | 17 +
.../include/interface/traffic-policy.xml.i | 43 ++
.../include/interface/vif-s.xml.i | 4 +
interface-definitions/include/interface/vif.xml.i | 4 +-
interface-definitions/include/qos/bandwidth.xml.i | 15 +
interface-definitions/include/qos/burst.xml.i | 16 +
.../include/qos/codel-quantum.xml.i | 16 +
interface-definitions/include/qos/dscp.xml.i | 143 ++++
interface-definitions/include/qos/flows.xml.i | 16 +
interface-definitions/include/qos/hfsc-d.xml.i | 15 +
interface-definitions/include/qos/hfsc-m1.xml.i | 32 +
interface-definitions/include/qos/hfsc-m2.xml.i | 32 +
interface-definitions/include/qos/interval.xml.i | 16 +
interface-definitions/include/qos/match.xml.i | 221 +++++++
interface-definitions/include/qos/max-length.xml.i | 15 +
.../include/qos/queue-limit-1-4294967295.xml.i | 15 +
.../include/qos/queue-limit-2-10999.xml.i | 16 +
interface-definitions/include/qos/queue-type.xml.i | 30 +
interface-definitions/include/qos/set-dscp.xml.i | 63 ++
interface-definitions/include/qos/target.xml.i | 16 +
interface-definitions/include/qos/tcp-flags.xml.i | 21 +
interface-definitions/interfaces-bonding.xml.in | 2 +
interface-definitions/interfaces-bridge.xml.in | 2 +
interface-definitions/interfaces-dummy.xml.in | 2 +
interface-definitions/interfaces-ethernet.xml.in | 2 +
interface-definitions/interfaces-geneve.xml.in | 2 +
interface-definitions/interfaces-input.xml.in | 30 +
interface-definitions/interfaces-l2tpv3.xml.in | 1 +
interface-definitions/interfaces-loopback.xml.in | 2 +
interface-definitions/interfaces-macsec.xml.in | 2 +
interface-definitions/interfaces-openvpn.xml.in | 2 +
interface-definitions/interfaces-pppoe.xml.in | 4 +-
.../interfaces-pseudo-ethernet.xml.in | 2 +
interface-definitions/interfaces-tunnel.xml.in | 4 +-
interface-definitions/interfaces-vti.xml.in | 2 +
interface-definitions/interfaces-vxlan.xml.in | 2 +
interface-definitions/interfaces-wireguard.xml.in | 4 +-
interface-definitions/interfaces-wireless.xml.in | 2 +
interface-definitions/interfaces-wwan.xml.in | 4 +-
interface-definitions/qos.xml.in | 721 +++++++++++++++++++++
python/vyos/configverify.py | 16 +
src/conf_mode/interfaces-bonding.py | 4 +-
src/conf_mode/interfaces-bridge.py | 2 +
src/conf_mode/interfaces-dummy.py | 2 +
src/conf_mode/interfaces-ethernet.py | 2 +
src/conf_mode/interfaces-geneve.py | 2 +
src/conf_mode/interfaces-l2tpv3.py | 2 +
src/conf_mode/interfaces-loopback.py | 2 +
src/conf_mode/interfaces-macsec.py | 2 +
src/conf_mode/interfaces-pppoe.py | 2 +
src/conf_mode/interfaces-pseudo-ethernet.py | 2 +
src/conf_mode/interfaces-tunnel.py | 2 +
src/conf_mode/interfaces-vti.py | 2 +
src/conf_mode/interfaces-vxlan.py | 2 +
src/conf_mode/interfaces-wireguard.py | 2 +
src/conf_mode/interfaces-wireless.py | 2 +
src/conf_mode/interfaces-wwan.py | 2 +
src/conf_mode/qos.py | 90 +++
60 files changed, 1699 insertions(+), 6 deletions(-)
create mode 100644 interface-definitions/include/interface/redirect.xml.i
create mode 100644 interface-definitions/include/interface/traffic-policy.xml.i
create mode 100644 interface-definitions/include/qos/bandwidth.xml.i
create mode 100644 interface-definitions/include/qos/burst.xml.i
create mode 100644 interface-definitions/include/qos/codel-quantum.xml.i
create mode 100644 interface-definitions/include/qos/dscp.xml.i
create mode 100644 interface-definitions/include/qos/flows.xml.i
create mode 100644 interface-definitions/include/qos/hfsc-d.xml.i
create mode 100644 interface-definitions/include/qos/hfsc-m1.xml.i
create mode 100644 interface-definitions/include/qos/hfsc-m2.xml.i
create mode 100644 interface-definitions/include/qos/interval.xml.i
create mode 100644 interface-definitions/include/qos/match.xml.i
create mode 100644 interface-definitions/include/qos/max-length.xml.i
create mode 100644 interface-definitions/include/qos/queue-limit-1-4294967295.xml.i
create mode 100644 interface-definitions/include/qos/queue-limit-2-10999.xml.i
create mode 100644 interface-definitions/include/qos/queue-type.xml.i
create mode 100644 interface-definitions/include/qos/set-dscp.xml.i
create mode 100644 interface-definitions/include/qos/target.xml.i
create mode 100644 interface-definitions/include/qos/tcp-flags.xml.i
create mode 100644 interface-definitions/interfaces-input.xml.in
create mode 100644 interface-definitions/qos.xml.in
create mode 100755 src/conf_mode/qos.py
(limited to 'interface-definitions/include/interface')
diff --git a/Makefile b/Makefile
index 29744b323..431f3a8c2 100644
--- a/Makefile
+++ b/Makefile
@@ -29,6 +29,12 @@ interface_definitions: $(config_xml_obj)
# XXX: delete top level node.def's that now live in other packages
# IPSec VPN EAP-RADIUS does not support source-address
rm -rf $(TMPL_DIR)/vpn/ipsec/remote-access/radius/source-address
+
+ # T4284 neq QoS implementation is not yet live
+ find $(TMPL_DIR)/interfaces -name traffic-policy -type d -exec rm -rf {} \;
+ find $(TMPL_DIR)/interfaces -name redirect -type d -exec rm -rf {} \;
+ rm -rf $(TMPL_DIR)/interfaces/input
+
# XXX: test if there are empty node.def files - this is not allowed as these
# could mask help strings or mandatory priority statements
find $(TMPL_DIR) -name node.def -type f -empty -exec false {} + || sh -c 'echo "There are empty node.def files! Check your interface definitions." && exit 1'
diff --git a/data/configd-include.json b/data/configd-include.json
index c85ab0725..b77d48001 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -48,6 +48,7 @@
"protocols_ripng.py",
"protocols_static.py",
"protocols_static_multicast.py",
+"qos.py",
"salt-minion.py",
"service_console-server.py",
"service_ids_fastnetmon.py",
diff --git a/interface-definitions/include/interface/redirect.xml.i b/interface-definitions/include/interface/redirect.xml.i
new file mode 100644
index 000000000..3be9ee16b
--- /dev/null
+++ b/interface-definitions/include/interface/redirect.xml.i
@@ -0,0 +1,17 @@
+
+
+
+ Incoming packet redirection destination
+
+
+
+
+ txt
+ Interface name
+
+
+
+
+
+
+
diff --git a/interface-definitions/include/interface/traffic-policy.xml.i b/interface-definitions/include/interface/traffic-policy.xml.i
new file mode 100644
index 000000000..cd60b62a5
--- /dev/null
+++ b/interface-definitions/include/interface/traffic-policy.xml.i
@@ -0,0 +1,43 @@
+
+
+
+ Traffic-policy for interface
+
+
+
+
+ Ingress traffic policy for interface
+
+ traffic-policy drop-tail
+ traffic-policy fair-queue
+ traffic-policy fq-codel
+ traffic-policy limiter
+ traffic-policy network-emulator
+ traffic-policy priority-queue
+ traffic-policy random-detect
+ traffic-policy rate-control
+ traffic-policy round-robin
+ traffic-policy shaper
+ traffic-policy shaper-hfsc
+
+
+ txt
+ Policy name
+
+
+
+
+
+ Egress traffic policy for interface
+
+ traffic-policy
+
+
+ txt
+ Policy name
+
+
+
+
+
+
\ No newline at end of file
diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i
index f1a61ff64..59a47b5ff 100644
--- a/interface-definitions/include/interface/vif-s.xml.i
+++ b/interface-definitions/include/interface/vif-s.xml.i
@@ -64,11 +64,15 @@
#include
#include
#include
+ #include
+ #include
#include
#include
#include
+ #include
+ #include
#include
diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i
index 11ba7e2f8..8a1475711 100644
--- a/interface-definitions/include/interface/vif.xml.i
+++ b/interface-definitions/include/interface/vif.xml.i
@@ -18,7 +18,6 @@
#include
#include
#include
- #include
#include
#include
@@ -51,6 +50,9 @@
#include
#include
#include
+ #include
+ #include
+ #include
diff --git a/interface-definitions/include/qos/bandwidth.xml.i b/interface-definitions/include/qos/bandwidth.xml.i
new file mode 100644
index 000000000..82af22f42
--- /dev/null
+++ b/interface-definitions/include/qos/bandwidth.xml.i
@@ -0,0 +1,15 @@
+
+
+
+ Traffic-limit used for this class
+
+ <number>
+ Rate in kbit (kilobit per second)
+
+
+ <number><suffix>
+ Rate with scaling suffix (mbit, mbps, ...)
+
+
+
+
diff --git a/interface-definitions/include/qos/burst.xml.i b/interface-definitions/include/qos/burst.xml.i
new file mode 100644
index 000000000..761618027
--- /dev/null
+++ b/interface-definitions/include/qos/burst.xml.i
@@ -0,0 +1,16 @@
+
+
+
+ Burst size for this class
+
+ <number>
+ Bytes
+
+
+ <number><suffix>
+ Bytes with scaling suffix (kb, mb, gb)
+
+
+ 15k
+
+
diff --git a/interface-definitions/include/qos/codel-quantum.xml.i b/interface-definitions/include/qos/codel-quantum.xml.i
new file mode 100644
index 000000000..bc24630b6
--- /dev/null
+++ b/interface-definitions/include/qos/codel-quantum.xml.i
@@ -0,0 +1,16 @@
+
+
+
+ Deficit in the fair queuing algorithm
+
+ u32:0-1048576
+ Number of bytes used as 'deficit'
+
+
+
+
+ Interval must be in range 0 to 1048576
+
+ 1514
+
+
diff --git a/interface-definitions/include/qos/dscp.xml.i b/interface-definitions/include/qos/dscp.xml.i
new file mode 100644
index 000000000..bb90850ac
--- /dev/null
+++ b/interface-definitions/include/qos/dscp.xml.i
@@ -0,0 +1,143 @@
+
+
+
+ Match on Differentiated Services Codepoint (DSCP)
+
+ default reliability throughput lowdelay priority immediate flash flash-override critical internet network AF11 AF12 AF13 AF21 AF22 AF23 AF31 AF32 AF33 AF41 AF42 AF43 CS1 CS2 CS3 CS4 CS5 CS6 CS7 EF
+
+
+ u32:0-63
+ Differentiated Services Codepoint (DSCP) value
+
+
+ default
+ match DSCP (000000)
+
+
+ reliability
+ match DSCP (000001)
+
+
+ throughput
+ match DSCP (000010)
+
+
+ lowdelay
+ match DSCP (000100)
+
+
+ priority
+ match DSCP (001000)
+
+
+ immediate
+ match DSCP (010000)
+
+
+ flash
+ match DSCP (011000)
+
+
+ flash-override
+ match DSCP (100000)
+
+
+ critical
+ match DSCP (101000)
+
+
+ internet
+ match DSCP (110000)
+
+
+ network
+ match DSCP (111000)
+
+
+ AF11
+ High-throughput data
+
+
+ AF12
+ High-throughput data
+
+
+ AF13
+ High-throughput data
+
+
+ AF21
+ Low-latency data
+
+
+ AF22
+ Low-latency data
+
+
+ AF23
+ Low-latency data
+
+
+ AF31
+ Multimedia streaming
+
+
+ AF32
+ Multimedia streaming
+
+
+ AF33
+ Multimedia streaming
+
+
+ AF41
+ Multimedia conferencing
+
+
+ AF42
+ Multimedia conferencing
+
+
+ AF43
+ Multimedia conferencing
+
+
+ CS1
+ Low-priority data
+
+
+ CS2
+ OAM
+
+
+ CS3
+ Broadcast video
+
+
+ CS4
+ Real-time interactive
+
+
+ CS5
+ Signaling
+
+
+ CS6
+ Network control
+
+
+ CS7
+
+
+
+ EF
+ Expedited Forwarding
+
+
+
+ (default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network|AF11|AF12|AF13|AF21|AF22|AF23|AF31|AF32|AF33|AF41|AF42|AF43|CS1|CS2|CS3|CS4|CS5|CS6|CS7|EF)
+
+ Priority must be between 0 and 63
+
+
+
diff --git a/interface-definitions/include/qos/flows.xml.i b/interface-definitions/include/qos/flows.xml.i
new file mode 100644
index 000000000..a7d7c6422
--- /dev/null
+++ b/interface-definitions/include/qos/flows.xml.i
@@ -0,0 +1,16 @@
+
+
+
+ Number of flows into which the incoming packets are classified
+
+ u32:1-65536
+ Number of flows
+
+
+
+
+ Interval must be in range 1 to 65536
+
+ 1024
+
+
diff --git a/interface-definitions/include/qos/hfsc-d.xml.i b/interface-definitions/include/qos/hfsc-d.xml.i
new file mode 100644
index 000000000..2a513509c
--- /dev/null
+++ b/interface-definitions/include/qos/hfsc-d.xml.i
@@ -0,0 +1,15 @@
+
+
+
+ Service curve delay
+
+ <number>
+ Time in milliseconds
+
+
+
+
+ Priority must be between 0 and 65535
+
+
+
diff --git a/interface-definitions/include/qos/hfsc-m1.xml.i b/interface-definitions/include/qos/hfsc-m1.xml.i
new file mode 100644
index 000000000..749d01f57
--- /dev/null
+++ b/interface-definitions/include/qos/hfsc-m1.xml.i
@@ -0,0 +1,32 @@
+
+
+
+ Linkshare m1 parameter for class traffic
+
+ <number>
+ Rate in kbit (kilobit per second)
+
+
+ <number>%%
+ Percentage of overall rate
+
+
+ <number>bit
+ bit(1), kbit(10^3), mbit(10^6), gbit, tbit
+
+
+ <number>ibit
+ kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4)
+
+
+ <number>ibps
+ kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec
+
+
+ <number>bps
+ bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec
+
+
+ 100%
+
+
diff --git a/interface-definitions/include/qos/hfsc-m2.xml.i b/interface-definitions/include/qos/hfsc-m2.xml.i
new file mode 100644
index 000000000..24e8f5d63
--- /dev/null
+++ b/interface-definitions/include/qos/hfsc-m2.xml.i
@@ -0,0 +1,32 @@
+
+
+
+ Linkshare m2 parameter for class traffic
+
+ <number>
+ Rate in kbit (kilobit per second)
+
+
+ <number>%%
+ Percentage of overall rate
+
+
+ <number>bit
+ bit(1), kbit(10^3), mbit(10^6), gbit, tbit
+
+
+ <number>ibit
+ kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4)
+
+
+ <number>ibps
+ kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec
+
+
+ <number>bps
+ bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec
+
+
+ 100%
+
+
diff --git a/interface-definitions/include/qos/interval.xml.i b/interface-definitions/include/qos/interval.xml.i
new file mode 100644
index 000000000..41896ac9c
--- /dev/null
+++ b/interface-definitions/include/qos/interval.xml.i
@@ -0,0 +1,16 @@
+
+
+
+ Interval used to measure the delay
+
+ u32
+ Interval in milliseconds
+
+
+
+
+ Interval must be in range 0 to 4294967295
+
+ 100
+
+
diff --git a/interface-definitions/include/qos/match.xml.i b/interface-definitions/include/qos/match.xml.i
new file mode 100644
index 000000000..7d89e4460
--- /dev/null
+++ b/interface-definitions/include/qos/match.xml.i
@@ -0,0 +1,221 @@
+
+
+
+ Class matching rule name
+
+ [^-].*
+
+ Match queue name cannot start with hyphen (-)
+
+
+ #include
+
+
+ Ethernet header match
+
+
+
+
+ Ethernet destination address for this match
+
+ macaddr
+ MAC address to match
+
+
+
+
+
+
+
+
+ Ethernet protocol for this match
+
+
+ all 802.1Q 802_2 802_3 aarp aoe arp atalk dec ip ipv6 ipx lat localtalk rarp snap x25
+
+
+ u32:0-65535
+ Ethernet protocol number
+
+
+ txt
+ Ethernet protocol name
+
+
+ all
+ Any protocol
+
+
+ ip
+ Internet IP (IPv4)
+
+
+ ipv6
+ Internet IP (IPv6)
+
+
+ arp
+ Address Resolution Protocol
+
+
+ atalk
+ Appletalk
+
+
+ ipx
+ Novell Internet Packet Exchange
+
+
+ 802.1Q
+ 802.1Q VLAN tag
+
+
+
+
+
+
+
+
+ Ethernet source address for this match
+
+ macaddr
+ MAC address to match
+
+
+
+
+
+
+
+
+ #include
+
+
+ Match IP protocol header
+
+
+
+
+ Match on destination port or address
+
+
+
+
+ IPv4 destination address for this match
+
+ ipv4net
+ IPv4 address and prefix length
+
+
+
+
+
+
+ #include
+
+
+ #include
+ #include
+ #include
+
+
+ Match on source port or address
+
+
+
+
+ IPv4 source address for this match
+
+ ipv4net
+ IPv4 address and prefix length
+
+
+
+
+
+
+ #include
+
+
+ #include
+
+
+
+
+ Match IPv6 protocol header
+
+
+
+
+ Match on destination port or address
+
+
+
+
+ IPv6 destination address for this match
+
+ ipv6net
+ IPv6 address and prefix length
+
+
+
+
+
+
+ #include
+
+
+ #include
+ #include
+ #include
+
+
+ Match on source port or address
+
+
+
+
+ IPv6 source address for this match
+
+ ipv6net
+ IPv6 address and prefix length
+
+
+
+
+
+
+ #include
+
+
+ #include
+
+
+
+
+ Match on mark applied by firewall
+
+ txt
+ FW mark to match
+
+
+
+
+
+
+
+
+ Virtual Local Area Network (VLAN) ID for this match
+
+ u32:0-4095
+ Virtual Local Area Network (VLAN) tag
+
+
+
+
+ VLAN ID must be between 0 and 4095
+
+
+
+
+
diff --git a/interface-definitions/include/qos/max-length.xml.i b/interface-definitions/include/qos/max-length.xml.i
new file mode 100644
index 000000000..4cc20f8c4
--- /dev/null
+++ b/interface-definitions/include/qos/max-length.xml.i
@@ -0,0 +1,15 @@
+
+
+
+ Maximum packet length (ipv4)
+
+ u32:0-65535
+ Maximum packet/payload length
+
+
+
+
+ Maximum IPv4 total packet length is 65535
+
+
+
diff --git a/interface-definitions/include/qos/queue-limit-1-4294967295.xml.i b/interface-definitions/include/qos/queue-limit-1-4294967295.xml.i
new file mode 100644
index 000000000..2f2d44631
--- /dev/null
+++ b/interface-definitions/include/qos/queue-limit-1-4294967295.xml.i
@@ -0,0 +1,15 @@
+
+
+
+ Maximum queue size
+
+ u32:1-4294967295
+ Queue size in packets
+
+
+
+
+ Queue limit must be greater than zero
+
+
+
diff --git a/interface-definitions/include/qos/queue-limit-2-10999.xml.i b/interface-definitions/include/qos/queue-limit-2-10999.xml.i
new file mode 100644
index 000000000..7a9c8266b
--- /dev/null
+++ b/interface-definitions/include/qos/queue-limit-2-10999.xml.i
@@ -0,0 +1,16 @@
+
+
+
+ Upper limit of the queue
+
+ u32:2-10999
+ Queue size in packets
+
+
+
+
+ Queue limit must greater than 1 and less than 11000
+
+ 10240
+
+
diff --git a/interface-definitions/include/qos/queue-type.xml.i b/interface-definitions/include/qos/queue-type.xml.i
new file mode 100644
index 000000000..634f61024
--- /dev/null
+++ b/interface-definitions/include/qos/queue-type.xml.i
@@ -0,0 +1,30 @@
+
+
+
+ Queue type for default traffic
+
+ fq-codel fair-queue drop-tail random-detect
+
+
+ fq-codel
+ Fair Queue Codel
+
+
+ fair-queue
+ Stochastic Fair Queue (SFQ)
+
+
+ drop-tail
+ First-In-First-Out (FIFO)
+
+
+ random-detect
+ Random Early Detection (RED)
+
+
+ (fq-codel|fair-queue|drop-tail|random-detect)
+
+
+ drop-tail
+
+
diff --git a/interface-definitions/include/qos/set-dscp.xml.i b/interface-definitions/include/qos/set-dscp.xml.i
new file mode 100644
index 000000000..55c0ea44d
--- /dev/null
+++ b/interface-definitions/include/qos/set-dscp.xml.i
@@ -0,0 +1,63 @@
+
+
+
+ Change the Differentiated Services (DiffServ) field in the IP header
+
+ default reliability throughput lowdelay priority immediate flash flash-override critical internet network
+
+
+ u32:0-63
+ Priority order for bandwidth pool
+
+
+ default
+ match DSCP (000000)
+
+
+ reliability
+ match DSCP (000001)
+
+
+ throughput
+ match DSCP (000010)
+
+
+ lowdelay
+ match DSCP (000100)
+
+
+ priority
+ match DSCP (001000)
+
+
+ immediate
+ match DSCP (010000)
+
+
+ flash
+ match DSCP (011000)
+
+
+ flash-override
+ match DSCP (100000)
+
+
+ critical
+ match DSCP (101000)
+
+
+ internet
+ match DSCP (110000)
+
+
+ network
+ match DSCP (111000)
+
+
+
+ (default|reliability|throughput|lowdelay|priority|immediate|flash|flash-override|critical|internet|network)
+
+ Priority must be between 0 and 63
+
+
+
diff --git a/interface-definitions/include/qos/target.xml.i b/interface-definitions/include/qos/target.xml.i
new file mode 100644
index 000000000..bf6342ac9
--- /dev/null
+++ b/interface-definitions/include/qos/target.xml.i
@@ -0,0 +1,16 @@
+
+
+
+ Acceptable minimum standing/persistent queue delay
+
+ u32
+ Queue delay in milliseconds
+
+
+
+
+ Delay must be in range 0 to 4294967295
+
+ 5
+
+
diff --git a/interface-definitions/include/qos/tcp-flags.xml.i b/interface-definitions/include/qos/tcp-flags.xml.i
new file mode 100644
index 000000000..81d70d1f3
--- /dev/null
+++ b/interface-definitions/include/qos/tcp-flags.xml.i
@@ -0,0 +1,21 @@
+
+
+
+ TCP Flags matching
+
+
+
+
+ Match TCP ACK
+
+
+
+
+
+ Match TCP SYN
+
+
+
+
+
+
diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in
index b98f4b960..20ece5137 100644
--- a/interface-definitions/interfaces-bonding.xml.in
+++ b/interface-definitions/interfaces-bonding.xml.in
@@ -207,6 +207,8 @@
+ #include
+ #include
#include
#include
#include
diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index fabfb917a..6957067cd 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -210,6 +210,8 @@
+ #include
+ #include
#include
diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in
index 3bca8b950..109ed1b50 100644
--- a/interface-definitions/interfaces-dummy.xml.in
+++ b/interface-definitions/interfaces-dummy.xml.in
@@ -30,6 +30,8 @@
#include
+ #include
+ #include
#include
diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in
index be7bddfa4..7d28912c0 100644
--- a/interface-definitions/interfaces-ethernet.xml.in
+++ b/interface-definitions/interfaces-ethernet.xml.in
@@ -196,6 +196,8 @@
+ #include
+ #include
#include
#include
#include
diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in
index dd4d324d4..aa5809e60 100644
--- a/interface-definitions/interfaces-geneve.xml.in
+++ b/interface-definitions/interfaces-geneve.xml.in
@@ -50,6 +50,8 @@
+ #include
+ #include
#include
#include
diff --git a/interface-definitions/interfaces-input.xml.in b/interface-definitions/interfaces-input.xml.in
new file mode 100644
index 000000000..f2eb01c58
--- /dev/null
+++ b/interface-definitions/interfaces-input.xml.in
@@ -0,0 +1,30 @@
+
+
+
+
+
+
+ Input Functional Block (IFB) interface name
+
+ 310
+
+ ifb[0-9]+
+
+ Input interface must be named ifbN
+
+ ifbN
+ Input interface name
+
+
+
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+
+
+
+
+
diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in
index ba9bcb0a2..124863653 100644
--- a/interface-definitions/interfaces-l2tpv3.xml.in
+++ b/interface-definitions/interfaces-l2tpv3.xml.in
@@ -125,6 +125,7 @@
+ #include
#include
diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces-loopback.xml.in
index 7be15ab89..ffffc0220 100644
--- a/interface-definitions/interfaces-loopback.xml.in
+++ b/interface-definitions/interfaces-loopback.xml.in
@@ -26,6 +26,8 @@
#include
+ #include
+ #include
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in
index 7206e57b1..311e95c2f 100644
--- a/interface-definitions/interfaces-macsec.xml.in
+++ b/interface-definitions/interfaces-macsec.xml.in
@@ -122,6 +122,8 @@
1460
#include
+ #include
+ #include
#include
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index eb574eb52..73e30e590 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -816,6 +816,8 @@
+ #include
+ #include
#include
diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in
index ed0e45840..1d888236e 100644
--- a/interface-definitions/interfaces-pppoe.xml.in
+++ b/interface-definitions/interfaces-pppoe.xml.in
@@ -49,7 +49,6 @@
#include
#include
#include
- #include
Delay before disconnecting idle session (in seconds)
@@ -134,6 +133,9 @@
Service name must be alphanumeric only
+ #include
+ #include
+ #include
diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in
index bf7055f8d..7baeac537 100644
--- a/interface-definitions/interfaces-pseudo-ethernet.xml.in
+++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in
@@ -59,6 +59,8 @@
private
#include
+ #include
+ #include
#include
#include
diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in
index eb1708aaa..bc9297c86 100644
--- a/interface-definitions/interfaces-tunnel.xml.in
+++ b/interface-definitions/interfaces-tunnel.xml.in
@@ -20,7 +20,6 @@
#include
#include
#include
- #include
#include
1476
@@ -288,6 +287,9 @@
+ #include
+ #include
+ #include
diff --git a/interface-definitions/interfaces-vti.xml.in b/interface-definitions/interfaces-vti.xml.in
index f03c7476d..538194c2b 100644
--- a/interface-definitions/interfaces-vti.xml.in
+++ b/interface-definitions/interfaces-vti.xml.in
@@ -34,6 +34,8 @@
#include
#include
#include
+ #include
+ #include
#include
#include
#include
diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in
index 0546b4199..18abf9f20 100644
--- a/interface-definitions/interfaces-vxlan.xml.in
+++ b/interface-definitions/interfaces-vxlan.xml.in
@@ -99,6 +99,8 @@
#include
#include
#include
+ #include
+ #include
#include
#include
diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in
index 1b4b4a816..2f130c6f2 100644
--- a/interface-definitions/interfaces-wireguard.xml.in
+++ b/interface-definitions/interfaces-wireguard.xml.in
@@ -19,7 +19,6 @@
#include
#include
#include
- #include
#include
#include
#include
@@ -120,6 +119,9 @@
+ #include
+ #include
+ #include
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index 9db9fd757..eebe8f841 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -778,6 +778,8 @@
monitor
+ #include
+ #include
#include
#include
diff --git a/interface-definitions/interfaces-wwan.xml.in b/interface-definitions/interfaces-wwan.xml.in
index 03554feed..7007a67ae 100644
--- a/interface-definitions/interfaces-wwan.xml.in
+++ b/interface-definitions/interfaces-wwan.xml.in
@@ -30,7 +30,6 @@
#include
#include
#include
- #include
#include
#include
@@ -41,6 +40,9 @@
#include
#include
#include
+ #include
+ #include
+ #include
diff --git a/interface-definitions/qos.xml.in b/interface-definitions/qos.xml.in
new file mode 100644
index 000000000..d4468543c
--- /dev/null
+++ b/interface-definitions/qos.xml.in
@@ -0,0 +1,721 @@
+
+
+
+
+ Quality of Service (QOS) policy type
+ 900
+
+
+
+
+ Packet limited First In, First Out queue
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+ #include
+ #include
+
+
+
+
+ Stochastic Fairness Queueing
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+ #include
+
+
+ Interval in seconds for queue algorithm perturbation
+
+ u32:0
+ No perturbation
+
+
+ u32:1-127
+ Interval in seconds for queue algorithm perturbation (advised: 10)
+
+
+
+
+ Interval must be in range 0 to 127
+
+ 0
+
+
+
+ Upper limit of the SFQ
+
+ u32:2-127
+ Queue size in packets
+
+
+
+
+ Queue limit must greater than 1 and less than 128
+
+ 127
+
+
+
+
+
+ Fair Queuing Controlled Delay
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+
+
+
+
+ Traffic input limiting policy
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+
+
+ Class ID
+
+ u32:1-4090
+ Class Identifier
+
+
+
+
+ Class identifier must be between 1 and 4090
+
+
+ #include
+ #include
+ #include
+ #include
+
+
+ Priority for rule evaluation
+
+ u32:0-20
+ Priority for match rule evaluation
+
+
+
+
+ Priority must be between 0 and 20
+
+ 20
+
+
+
+
+
+ Default policy
+
+
+ #include
+ #include
+
+
+ #include
+
+
+
+
+ Network emulator policy
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+ #include
+ #include
+ #include
+
+
+ Adds delay to packets outgoing to chosen network interface
+
+ <number>
+ Time in milliseconds
+
+
+
+
+ Priority must be between 0 and 65535
+
+
+
+
+ Introducing error in a random position for chosen percent of packets
+
+ <number>
+ Percentage of packets affected
+
+
+
+
+ Priority must be between 0 and 100
+
+
+
+
+ Add independent loss probability to the packets outgoing to chosen network interface
+
+ <number>
+ Percentage of packets affected
+
+
+
+
+ Must be between 0 and 100
+
+
+
+
+ Add independent loss probability to the packets outgoing to chosen network interface
+
+ <number>
+ Percentage of packets affected
+
+
+
+
+ Must be between 0 and 100
+
+
+
+
+ Packet reordering percentage
+
+ <number>
+ Percentage of packets affected
+
+
+
+
+ Must be between 0 and 100
+
+
+ #include
+
+
+
+
+ Priority queuing based policy
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+
+
+ Class Handle
+
+ u32:1-7
+ Priority
+
+
+
+
+ Class handle must be between 1 and 7
+
+
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+
+
+
+
+ Default policy
+
+
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+
+
+ #include
+
+
+
+
+ Priority queuing based policy
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+ #include
+
+ auto
+
+ #include
+
+
+ IP precedence
+
+ u32:0-7
+ IP precedence value
+
+
+
+
+ IP precedence value must be between 0 and 7
+
+
+ #include
+
+
+ Average packet size (bytes)
+
+ u32:16-10240
+ Average packet size in bytes
+
+
+
+
+ Average packet size must be between 16 and 10240
+
+ 1024
+
+
+
+ Mark probability for this precedence
+
+ <number>
+ Numeric value (1/N)
+
+
+
+
+ Mark probability must be greater than 0
+
+
+
+
+ Maximum threshold for random detection
+
+ u32:0-4096
+ Maximum Threshold in packets
+
+
+
+
+ Threshold must be between 0 and 4096
+
+
+
+
+ Minimum threshold for random detection
+
+ u32:0-4096
+ Maximum Threshold in packets
+
+
+
+
+ Threshold must be between 0 and 4096
+
+
+
+
+
+
+
+
+ Rate limiting policy (Token Bucket Filter)
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+ #include
+ #include
+ #include
+
+
+ Maximum latency
+
+ <number>
+ Time in milliseconds
+
+
+
+
+ Threshold must be between 0 and 4096
+
+ 50
+
+
+
+
+
+ Round-Robin based policy
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+ #include
+
+
+ Class ID
+
+ u32:1-4095
+ Class Identifier
+
+
+
+
+ Class identifier must be between 1 and 4095
+
+
+ #include
+ #include
+ #include
+ #include
+ #include
+
+
+ Packet scheduling quantum
+
+ u32:1-4294967295
+ Packet scheduling quantum (bytes)
+
+
+
+
+ Quantum must be in range 1 to 4294967295
+
+
+ #include
+ #include
+ #include
+
+
+
+
+
+
+ Hierarchical Fair Service Curve's policy
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+ #include
+
+ auto
+
+ #include
+
+
+ Class ID
+
+ u32:1-4095
+ Class Identifier
+
+
+
+
+ Class identifier must be between 1 and 4095
+
+
+ #include
+
+
+ Linkshare class settings
+
+
+ #include
+ #include
+ #include
+
+
+ #include
+
+
+ Realtime class settings
+
+
+ #include
+ #include
+ #include
+
+
+
+
+ Upperlimit class settings
+
+
+ #include
+ #include
+ #include
+
+
+
+
+
+
+ Default policy
+
+
+
+
+ Linkshare class settings
+
+
+ #include
+ #include
+ #include
+
+
+
+
+ Realtime class settings
+
+
+ #include
+ #include
+ #include
+
+
+
+
+ Upperlimit class settings
+
+
+ #include
+ #include
+ #include
+
+
+
+
+
+
+
+
+ Traffic shaping based policy (Hierarchy Token Bucket)
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+ #include
+
+ auto
+
+
+
+ Class ID
+
+ u32:2-4095
+ Class Identifier
+
+
+
+
+ Class identifier must be between 2 and 4095
+
+
+ #include
+
+ 100%
+
+ #include
+
+
+ Bandwidth limit for this class
+
+ <number>
+ Rate in kbit (kilobit per second)
+
+
+ <number>%%
+ Percentage of overall rate
+
+
+ <number>bit
+ bit(1), kbit(10^3), mbit(10^6), gbit, tbit
+
+
+ <number>ibit
+ kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4)
+
+
+ <number>ibps
+ kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec
+
+
+ <number>bps
+ bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec
+
+
+
+ #include
+ #include
+ #include
+ #include
+ #include
+
+
+ Priority for usage of excess bandwidth
+
+ u32:0-7
+ Priority order for bandwidth pool
+
+
+
+
+ Priority must be between 0 and 7
+
+ 20
+
+ #include
+ #include
+ #include
+ #include
+
+
+ #include
+
+
+ Default policy
+
+
+ #include
+ #include
+
+
+ Bandwidth limit for this class
+
+ <number>
+ Rate in kbit (kilobit per second)
+
+
+ <number>%%
+ Percentage of overall rate
+
+
+ <number>bit
+ bit(1), kbit(10^3), mbit(10^6), gbit, tbit
+
+
+ <number>ibit
+ kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4)
+
+
+ <number>ibps
+ kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec
+
+
+ <number>bps
+ bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec
+
+
+
+ #include
+ #include
+ #include
+ #include
+
+
+ Priority for usage of excess bandwidth
+
+ u32:0-7
+ Priority order for bandwidth pool
+
+
+
+
+ Priority must be between 0 and 7
+
+ 20
+
+ #include
+ #include
+ #include
+ #include
+
+
+
+
+
+
+
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index fab88bc72..7f1258575 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -191,6 +191,19 @@ def verify_mirror(config):
raise ConfigError(f'Can not mirror "{direction}" traffic back ' \
'the originating interface!')
+def verify_redirect(config):
+ """
+ Common helper function used by interface implementations to perform
+ recurring validation of the redirect interface configuration.
+
+ It makes no sense to mirror and redirect traffic at the same time!
+ """
+ if {'mirror', 'redirect'} <= set(config):
+ raise ConfigError('Can not do both redirect and mirror')
+
+ if dict_search('traffic_policy.in', config) != None:
+ raise ConfigError('Can not use ingress policy and redirect')
+
def verify_authentication(config):
"""
Common helper function used by interface implementations to perform
@@ -315,6 +328,7 @@ def verify_vlan_config(config):
verify_dhcpv6(vlan)
verify_address(vlan)
verify_vrf(vlan)
+ verify_redirect(vlan)
verify_mtu_parent(vlan, config)
# 802.1ad (Q-in-Q) VLANs
@@ -323,6 +337,7 @@ def verify_vlan_config(config):
verify_dhcpv6(s_vlan)
verify_address(s_vlan)
verify_vrf(s_vlan)
+ verify_redirect(s_vlan)
verify_mtu_parent(s_vlan, config)
for c_vlan in s_vlan.get('vif_c', {}):
@@ -330,6 +345,7 @@ def verify_vlan_config(config):
verify_dhcpv6(c_vlan)
verify_address(c_vlan)
verify_vrf(c_vlan)
+ verify_redirect(c_vlan)
verify_mtu_parent(c_vlan, config)
verify_mtu_parent(c_vlan, s_vlan)
diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py
index bb53cd6c2..661dc2298 100755
--- a/src/conf_mode/interfaces-bonding.py
+++ b/src/conf_mode/interfaces-bonding.py
@@ -27,9 +27,10 @@ from vyos.configdict import is_source_interface
from vyos.configverify import verify_address
from vyos.configverify import verify_bridge_delete
from vyos.configverify import verify_dhcpv6
-from vyos.configverify import verify_source_interface
from vyos.configverify import verify_mirror
from vyos.configverify import verify_mtu_ipv6
+from vyos.configverify import verify_redirect
+from vyos.configverify import verify_source_interface
from vyos.configverify import verify_vlan_config
from vyos.configverify import verify_vrf
from vyos.ifconfig import BondIf
@@ -151,6 +152,7 @@ def verify(bond):
verify_dhcpv6(bond)
verify_vrf(bond)
verify_mirror(bond)
+ verify_redirect(bond)
# use common function to verify VLAN configuration
verify_vlan_config(bond)
diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py
index 9f840cb58..e16c0e9f4 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces-bridge.py
@@ -28,6 +28,7 @@ from vyos.configdict import has_vlan_subinterface_configured
from vyos.configdict import dict_merge
from vyos.configverify import verify_dhcpv6
from vyos.configverify import verify_mirror
+from vyos.configverify import verify_redirect
from vyos.configverify import verify_vrf
from vyos.ifconfig import BridgeIf
from vyos.validate import has_address_configured
@@ -107,6 +108,7 @@ def verify(bridge):
verify_dhcpv6(bridge)
verify_vrf(bridge)
verify_mirror(bridge)
+ verify_redirect(bridge)
ifname = bridge['ifname']
diff --git a/src/conf_mode/interfaces-dummy.py b/src/conf_mode/interfaces-dummy.py
index 55c783f38..4072c4452 100755
--- a/src/conf_mode/interfaces-dummy.py
+++ b/src/conf_mode/interfaces-dummy.py
@@ -21,6 +21,7 @@ from vyos.configdict import get_interface_dict
from vyos.configverify import verify_vrf
from vyos.configverify import verify_address
from vyos.configverify import verify_bridge_delete
+from vyos.configverify import verify_redirect
from vyos.ifconfig import DummyIf
from vyos import ConfigError
from vyos import airbag
@@ -46,6 +47,7 @@ def verify(dummy):
verify_vrf(dummy)
verify_address(dummy)
+ verify_redirect(dummy)
return None
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index 2a8a126f2..3eeddf190 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -28,6 +28,7 @@ from vyos.configverify import verify_interface_exists
from vyos.configverify import verify_mirror
from vyos.configverify import verify_mtu
from vyos.configverify import verify_mtu_ipv6
+from vyos.configverify import verify_redirect
from vyos.configverify import verify_vlan_config
from vyos.configverify import verify_vrf
from vyos.ethtool import Ethtool
@@ -84,6 +85,7 @@ def verify(ethernet):
verify_vrf(ethernet)
verify_eapol(ethernet)
verify_mirror(ethernet)
+ verify_redirect(ethernet)
ethtool = Ethtool(ifname)
# No need to check speed and duplex keys as both have default values.
diff --git a/src/conf_mode/interfaces-geneve.py b/src/conf_mode/interfaces-geneve.py
index 2a63b60aa..a94b5e1f7 100755
--- a/src/conf_mode/interfaces-geneve.py
+++ b/src/conf_mode/interfaces-geneve.py
@@ -24,6 +24,7 @@ from vyos.configdict import get_interface_dict
from vyos.configverify import verify_address
from vyos.configverify import verify_mtu_ipv6
from vyos.configverify import verify_bridge_delete
+from vyos.configverify import verify_redirect
from vyos.ifconfig import GeneveIf
from vyos import ConfigError
@@ -50,6 +51,7 @@ def verify(geneve):
verify_mtu_ipv6(geneve)
verify_address(geneve)
+ verify_redirect(geneve)
if 'remote' not in geneve:
raise ConfigError('Remote side must be configured')
diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py
index 9b6ddd5aa..5ea7159dc 100755
--- a/src/conf_mode/interfaces-l2tpv3.py
+++ b/src/conf_mode/interfaces-l2tpv3.py
@@ -25,6 +25,7 @@ from vyos.configdict import leaf_node_changed
from vyos.configverify import verify_address
from vyos.configverify import verify_bridge_delete
from vyos.configverify import verify_mtu_ipv6
+from vyos.configverify import verify_redirect
from vyos.ifconfig import L2TPv3If
from vyos.util import check_kmod
from vyos.validate import is_addr_assigned
@@ -76,6 +77,7 @@ def verify(l2tpv3):
verify_mtu_ipv6(l2tpv3)
verify_address(l2tpv3)
+ verify_redirect(l2tpv3)
return None
def generate(l2tpv3):
diff --git a/src/conf_mode/interfaces-loopback.py b/src/conf_mode/interfaces-loopback.py
index 193334443..e6a851113 100755
--- a/src/conf_mode/interfaces-loopback.py
+++ b/src/conf_mode/interfaces-loopback.py
@@ -20,6 +20,7 @@ from sys import exit
from vyos.config import Config
from vyos.configdict import get_interface_dict
+from vyos.configverify import verify_redirect
from vyos.ifconfig import LoopbackIf
from vyos import ConfigError
from vyos import airbag
@@ -39,6 +40,7 @@ def get_config(config=None):
return loopback
def verify(loopback):
+ verify_redirect(loopback)
return None
def generate(loopback):
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py
index eab69f36e..6a29fdb11 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces-macsec.py
@@ -29,6 +29,7 @@ from vyos.configverify import verify_vrf
from vyos.configverify import verify_address
from vyos.configverify import verify_bridge_delete
from vyos.configverify import verify_mtu_ipv6
+from vyos.configverify import verify_redirect
from vyos.configverify import verify_source_interface
from vyos import ConfigError
from vyos import airbag
@@ -66,6 +67,7 @@ def verify(macsec):
verify_vrf(macsec)
verify_mtu_ipv6(macsec)
verify_address(macsec)
+ verify_redirect(macsec)
if not (('security' in macsec) and
('cipher' in macsec['security'])):
diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py
index 584adc75e..9962e0a08 100755
--- a/src/conf_mode/interfaces-pppoe.py
+++ b/src/conf_mode/interfaces-pppoe.py
@@ -28,6 +28,7 @@ from vyos.configverify import verify_source_interface
from vyos.configverify import verify_interface_exists
from vyos.configverify import verify_vrf
from vyos.configverify import verify_mtu_ipv6
+from vyos.configverify import verify_redirect
from vyos.ifconfig import PPPoEIf
from vyos.template import render
from vyos.util import call
@@ -85,6 +86,7 @@ def verify(pppoe):
verify_authentication(pppoe)
verify_vrf(pppoe)
verify_mtu_ipv6(pppoe)
+ verify_redirect(pppoe)
if {'connect_on_demand', 'vrf'} <= set(pppoe):
raise ConfigError('On-demand dialing and VRF can not be used at the same time')
diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py
index 945a2ea9c..f57e41cc4 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces-pseudo-ethernet.py
@@ -25,6 +25,7 @@ from vyos.configverify import verify_bridge_delete
from vyos.configverify import verify_source_interface
from vyos.configverify import verify_vlan_config
from vyos.configverify import verify_mtu_parent
+from vyos.configverify import verify_redirect
from vyos.ifconfig import MACVLANIf
from vyos import ConfigError
@@ -60,6 +61,7 @@ def verify(peth):
verify_vrf(peth)
verify_address(peth)
verify_mtu_parent(peth, peth['parent'])
+ verify_redirect(peth)
# use common function to verify VLAN configuration
verify_vlan_config(peth)
diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py
index 433764b8a..005fae5eb 100755
--- a/src/conf_mode/interfaces-tunnel.py
+++ b/src/conf_mode/interfaces-tunnel.py
@@ -26,6 +26,7 @@ from vyos.configverify import verify_address
from vyos.configverify import verify_bridge_delete
from vyos.configverify import verify_interface_exists
from vyos.configverify import verify_mtu_ipv6
+from vyos.configverify import verify_redirect
from vyos.configverify import verify_vrf
from vyos.configverify import verify_tunnel
from vyos.ifconfig import Interface
@@ -157,6 +158,7 @@ def verify(tunnel):
verify_mtu_ipv6(tunnel)
verify_address(tunnel)
verify_vrf(tunnel)
+ verify_redirect(tunnel)
if 'source_interface' in tunnel:
verify_interface_exists(tunnel['source_interface'])
diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces-vti.py
index 57950ffea..30e13536f 100755
--- a/src/conf_mode/interfaces-vti.py
+++ b/src/conf_mode/interfaces-vti.py
@@ -19,6 +19,7 @@ from sys import exit
from vyos.config import Config
from vyos.configdict import get_interface_dict
+from vyos.configverify import verify_redirect
from vyos.ifconfig import VTIIf
from vyos.util import dict_search
from vyos import ConfigError
@@ -39,6 +40,7 @@ def get_config(config=None):
return vti
def verify(vti):
+ verify_redirect(vti)
return None
def generate(vti):
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index 29b16af89..a29836efd 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -25,6 +25,7 @@ from vyos.configdict import leaf_node_changed
from vyos.configverify import verify_address
from vyos.configverify import verify_bridge_delete
from vyos.configverify import verify_mtu_ipv6
+from vyos.configverify import verify_redirect
from vyos.configverify import verify_source_interface
from vyos.ifconfig import Interface
from vyos.ifconfig import VXLANIf
@@ -140,6 +141,7 @@ def verify(vxlan):
verify_mtu_ipv6(vxlan)
verify_address(vxlan)
+ verify_redirect(vxlan)
return None
def generate(vxlan):
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index da64dd076..dc0fe7b9c 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -28,6 +28,7 @@ from vyos.configverify import verify_vrf
from vyos.configverify import verify_address
from vyos.configverify import verify_bridge_delete
from vyos.configverify import verify_mtu_ipv6
+from vyos.configverify import verify_redirect
from vyos.ifconfig import WireGuardIf
from vyos.util import check_kmod
from vyos.util import check_port_availability
@@ -70,6 +71,7 @@ def verify(wireguard):
verify_mtu_ipv6(wireguard)
verify_address(wireguard)
verify_vrf(wireguard)
+ verify_redirect(wireguard)
if 'private_key' not in wireguard:
raise ConfigError('Wireguard private-key not defined')
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index af35b5f03..fdf9e3988 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -27,6 +27,7 @@ from vyos.configverify import verify_address
from vyos.configverify import verify_bridge_delete
from vyos.configverify import verify_dhcpv6
from vyos.configverify import verify_source_interface
+from vyos.configverify import verify_redirect
from vyos.configverify import verify_vlan_config
from vyos.configverify import verify_vrf
from vyos.ifconfig import WiFiIf
@@ -189,6 +190,7 @@ def verify(wifi):
verify_address(wifi)
verify_vrf(wifi)
+ verify_redirect(wifi)
# use common function to verify VLAN configuration
verify_vlan_config(wifi)
diff --git a/src/conf_mode/interfaces-wwan.py b/src/conf_mode/interfaces-wwan.py
index a4b033374..367a50e82 100755
--- a/src/conf_mode/interfaces-wwan.py
+++ b/src/conf_mode/interfaces-wwan.py
@@ -23,6 +23,7 @@ from vyos.config import Config
from vyos.configdict import get_interface_dict
from vyos.configverify import verify_authentication
from vyos.configverify import verify_interface_exists
+from vyos.configverify import verify_redirect
from vyos.configverify import verify_vrf
from vyos.ifconfig import WWANIf
from vyos.util import cmd
@@ -77,6 +78,7 @@ def verify(wwan):
verify_interface_exists(ifname)
verify_authentication(wwan)
verify_vrf(wwan)
+ verify_redirect(wwan)
return None
diff --git a/src/conf_mode/qos.py b/src/conf_mode/qos.py
new file mode 100755
index 000000000..cf447d4b5
--- /dev/null
+++ b/src/conf_mode/qos.py
@@ -0,0 +1,90 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2022 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+from sys import exit
+
+from vyos.config import Config
+from vyos.configdict import dict_merge
+from vyos.xml import defaults
+from vyos import ConfigError
+from vyos import airbag
+airbag.enable()
+
+def get_config(config=None):
+ if config:
+ conf = config
+ else:
+ conf = Config()
+ base = ['traffic-policy']
+ if not conf.exists(base):
+ return None
+
+ qos = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
+
+ for traffic_policy in ['drop-tail', 'fair-queue', 'fq-codel', 'limiter',
+ 'network-emulator', 'priority-queue', 'random-detect',
+ 'rate-control', 'round-robin', 'shaper', 'shaper-hfsc']:
+ traffic_policy_us = traffic_policy.replace('-','_')
+ # Individual policy type not present on CLI - no need to blend in
+ # any default values
+ if traffic_policy_us not in qos:
+ continue
+
+ default_values = defaults(base + [traffic_policy_us])
+
+ # class is another tag node which requires individual handling
+ class_default_values = defaults(base + [traffic_policy_us, 'class'])
+ if 'class' in default_values:
+ del default_values['class']
+
+ for policy, policy_config in qos[traffic_policy_us].items():
+ qos[traffic_policy_us][policy] = dict_merge(
+ default_values, qos[traffic_policy_us][policy])
+
+ if 'class' in policy_config:
+ for policy_class in policy_config['class']:
+ qos[traffic_policy_us][policy]['class'][policy_class] = dict_merge(
+ class_default_values, qos[traffic_policy_us][policy]['class'][policy_class])
+
+ import pprint
+ pprint.pprint(qos)
+ return qos
+
+def verify(qos):
+ if not qos:
+ return None
+
+ # network policy emulator
+ # reorder rerquires delay to be set
+
+ raise ConfigError('123')
+ return None
+
+def generate(qos):
+ return None
+
+def apply(qos):
+ return None
+
+if __name__ == '__main__':
+ try:
+ c = get_config()
+ verify(c)
+ generate(c)
+ apply(c)
+ except ConfigError as e:
+ print(e)
+ exit(1)
--
cgit v1.2.3
From 4ecf558f53d1740b5ddb0de1f7effbaf0f44ff5f Mon Sep 17 00:00:00 2001
From: Christian Poessinger
Date: Wed, 23 Mar 2022 10:40:06 +0100
Subject: qos: T4284: support mirror and redirect on vlan subinterfaces
---
interface-definitions/include/interface/vif-s.xml.i | 2 ++
interface-definitions/include/interface/vif.xml.i | 1 +
python/vyos/configverify.py | 19 +++++++++++++------
python/vyos/ifconfig/interface.py | 3 ---
4 files changed, 16 insertions(+), 9 deletions(-)
(limited to 'interface-definitions/include/interface')
diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i
index 59a47b5ff..40a87e3d3 100644
--- a/interface-definitions/include/interface/vif-s.xml.i
+++ b/interface-definitions/include/interface/vif-s.xml.i
@@ -44,6 +44,7 @@
#include
#include
#include
+ #include
#include
@@ -63,6 +64,7 @@
#include
#include
#include
+ #include
#include
#include
#include
diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i
index 8a1475711..615101664 100644
--- a/interface-definitions/include/interface/vif.xml.i
+++ b/interface-definitions/include/interface/vif.xml.i
@@ -49,6 +49,7 @@
#include
#include
#include
+ #include
#include
#include
#include
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index df2c5775a..9f2771854 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -317,9 +317,12 @@ def verify_vlan_config(config):
if duplicate:
raise ConfigError(f'Duplicate VLAN id "{duplicate[0]}" used for vif and vif-s interfaces!')
+ parent_ifname = config['ifname']
# 802.1q VLANs
- for vlan in config.get('vif', {}):
- vlan = config['vif'][vlan]
+ for vlan_id in config.get('vif', {}):
+ vlan = config['vif'][vlan_id]
+ vlan['ifname'] = f'{parent_ifname}.{vlan_id}'
+
verify_dhcpv6(vlan)
verify_address(vlan)
verify_vrf(vlan)
@@ -327,16 +330,20 @@ def verify_vlan_config(config):
verify_mtu_parent(vlan, config)
# 802.1ad (Q-in-Q) VLANs
- for s_vlan in config.get('vif_s', {}):
- s_vlan = config['vif_s'][s_vlan]
+ for s_vlan_id in config.get('vif_s', {}):
+ s_vlan = config['vif_s'][s_vlan_id]
+ s_vlan['ifname'] = f'{parent_ifname}.{s_vlan_id}'
+
verify_dhcpv6(s_vlan)
verify_address(s_vlan)
verify_vrf(s_vlan)
verify_mirror_redirect(s_vlan)
verify_mtu_parent(s_vlan, config)
- for c_vlan in s_vlan.get('vif_c', {}):
- c_vlan = s_vlan['vif_c'][c_vlan]
+ for c_vlan_id in s_vlan.get('vif_c', {}):
+ c_vlan = s_vlan['vif_c'][c_vlan_id]
+ c_vlan['ifname'] = f'{parent_ifname}.{s_vlan_id}.{c_vlan_id}'
+
verify_dhcpv6(c_vlan)
verify_address(c_vlan)
verify_vrf(c_vlan)
diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py
index 76164ca32..1464b2969 100755
--- a/python/vyos/ifconfig/interface.py
+++ b/python/vyos/ifconfig/interface.py
@@ -1734,6 +1734,3 @@ class VLANIf(Interface):
return None
return super().set_admin_state(state)
-
- def set_mirror_redirect(self):
- return
--
cgit v1.2.3
From 0bf386cee9b09d2e1a220330d3662c6ca2642645 Mon Sep 17 00:00:00 2001
From: Christian Poessinger
Date: Wed, 6 Apr 2022 20:09:31 +0200
Subject: qos: T4284: rename "traffic-policy" node to "qos policy"
"set traffic-policy" now becomes "set qos policy"
"set interface ethernet eth0 traffic-policy" now bvecomes "set qos interface eth0"
---
Makefile | 3 +-
.../include/interface/traffic-policy.xml.i | 43 -
.../include/interface/vif-s.xml.i | 2 -
interface-definitions/include/interface/vif.xml.i | 1 -
interface-definitions/interfaces-bonding.xml.in | 1 -
interface-definitions/interfaces-bridge.xml.in | 1 -
interface-definitions/interfaces-dummy.xml.in | 1 -
interface-definitions/interfaces-ethernet.xml.in | 1 -
interface-definitions/interfaces-geneve.xml.in | 1 -
interface-definitions/interfaces-input.xml.in | 1 -
interface-definitions/interfaces-l2tpv3.xml.in | 1 -
interface-definitions/interfaces-loopback.xml.in | 1 -
interface-definitions/interfaces-macsec.xml.in | 1 -
interface-definitions/interfaces-openvpn.xml.in | 1 -
interface-definitions/interfaces-pppoe.xml.in | 1 -
.../interfaces-pseudo-ethernet.xml.in | 1 -
interface-definitions/interfaces-tunnel.xml.in | 1 -
interface-definitions/interfaces-vti.xml.in | 1 -
interface-definitions/interfaces-vxlan.xml.in | 1 -
interface-definitions/interfaces-wireguard.xml.in | 1 -
interface-definitions/interfaces-wireless.xml.in | 1 -
interface-definitions/interfaces-wwan.xml.in | 1 -
interface-definitions/qos.xml.in | 1148 +++++++++++---------
src/conf_mode/qos.py | 47 +-
24 files changed, 631 insertions(+), 631 deletions(-)
delete mode 100644 interface-definitions/include/interface/traffic-policy.xml.i
(limited to 'interface-definitions/include/interface')
diff --git a/Makefile b/Makefile
index 54f3892ba..dc1301100 100644
--- a/Makefile
+++ b/Makefile
@@ -31,9 +31,8 @@ interface_definitions: $(config_xml_obj)
rm -rf $(TMPL_DIR)/vpn/ipsec/remote-access/radius/source-address
# T4284 neq QoS implementation is not yet live
- find $(TMPL_DIR)/interfaces -name traffic-policy -type d -exec rm -rf {} \;
find $(TMPL_DIR)/interfaces -name redirect -type d -exec rm -rf {} \;
- rm -rf $(TMPL_DIR)/traffic-policy
+ rm -rf $(TMPL_DIR)/qos
rm -rf $(TMPL_DIR)/interfaces/input
# XXX: test if there are empty node.def files - this is not allowed as these
diff --git a/interface-definitions/include/interface/traffic-policy.xml.i b/interface-definitions/include/interface/traffic-policy.xml.i
deleted file mode 100644
index cd60b62a5..000000000
--- a/interface-definitions/include/interface/traffic-policy.xml.i
+++ /dev/null
@@ -1,43 +0,0 @@
-
-
-
- Traffic-policy for interface
-
-
-
-
- Ingress traffic policy for interface
-
- traffic-policy drop-tail
- traffic-policy fair-queue
- traffic-policy fq-codel
- traffic-policy limiter
- traffic-policy network-emulator
- traffic-policy priority-queue
- traffic-policy random-detect
- traffic-policy rate-control
- traffic-policy round-robin
- traffic-policy shaper
- traffic-policy shaper-hfsc
-
-
- txt
- Policy name
-
-
-
-
-
- Egress traffic policy for interface
-
- traffic-policy
-
-
- txt
- Policy name
-
-
-
-
-
-
\ No newline at end of file
diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i
index 40a87e3d3..3b305618e 100644
--- a/interface-definitions/include/interface/vif-s.xml.i
+++ b/interface-definitions/include/interface/vif-s.xml.i
@@ -67,14 +67,12 @@
#include
#include
#include
- #include
#include
#include
#include
#include
- #include
#include
diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i
index 615101664..4e7f9b3c2 100644
--- a/interface-definitions/include/interface/vif.xml.i
+++ b/interface-definitions/include/interface/vif.xml.i
@@ -52,7 +52,6 @@
#include
#include
#include
- #include
#include
diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in
index 20ece5137..5ae67a672 100644
--- a/interface-definitions/interfaces-bonding.xml.in
+++ b/interface-definitions/interfaces-bonding.xml.in
@@ -208,7 +208,6 @@
#include
- #include
#include
#include
#include
diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index 6957067cd..be4c92583 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -211,7 +211,6 @@
#include
- #include
#include
diff --git a/interface-definitions/interfaces-dummy.xml.in b/interface-definitions/interfaces-dummy.xml.in
index 988d87502..7f9ae90e5 100644
--- a/interface-definitions/interfaces-dummy.xml.in
+++ b/interface-definitions/interfaces-dummy.xml.in
@@ -32,7 +32,6 @@
#include
#include
#include
- #include
#include
diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in
index 7d28912c0..7fa07e9ec 100644
--- a/interface-definitions/interfaces-ethernet.xml.in
+++ b/interface-definitions/interfaces-ethernet.xml.in
@@ -197,7 +197,6 @@
#include
- #include
#include
#include
#include
diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in
index 5f2c6bc05..fa5a78be5 100644
--- a/interface-definitions/interfaces-geneve.xml.in
+++ b/interface-definitions/interfaces-geneve.xml.in
@@ -52,7 +52,6 @@
#include
#include
- #include
#include
#include
diff --git a/interface-definitions/interfaces-input.xml.in b/interface-definitions/interfaces-input.xml.in
index f2eb01c58..2164bfa4e 100644
--- a/interface-definitions/interfaces-input.xml.in
+++ b/interface-definitions/interfaces-input.xml.in
@@ -22,7 +22,6 @@
#include
#include
#include
- #include
diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in
index 0dcabf7a0..1f23a89a5 100644
--- a/interface-definitions/interfaces-l2tpv3.xml.in
+++ b/interface-definitions/interfaces-l2tpv3.xml.in
@@ -125,7 +125,6 @@
- #include
#include
diff --git a/interface-definitions/interfaces-loopback.xml.in b/interface-definitions/interfaces-loopback.xml.in
index 1e093d95b..7ac0545c6 100644
--- a/interface-definitions/interfaces-loopback.xml.in
+++ b/interface-definitions/interfaces-loopback.xml.in
@@ -28,7 +28,6 @@
#include
#include
- #include
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in
index fbdd1562a..cb3c489aa 100644
--- a/interface-definitions/interfaces-macsec.xml.in
+++ b/interface-definitions/interfaces-macsec.xml.in
@@ -124,7 +124,6 @@
#include
#include
- #include
#include
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index 761f8bcad..c917b9312 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -818,7 +818,6 @@
#include
- #include
#include
diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in
index adf5f4040..3a0b7a40c 100644
--- a/interface-definitions/interfaces-pppoe.xml.in
+++ b/interface-definitions/interfaces-pppoe.xml.in
@@ -135,7 +135,6 @@
#include
- #include
#include
diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in
index aed2052f5..5f5e9fdef 100644
--- a/interface-definitions/interfaces-pseudo-ethernet.xml.in
+++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in
@@ -61,7 +61,6 @@
#include
#include
- #include
#include
#include
diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in
index b31f22552..42ec62775 100644
--- a/interface-definitions/interfaces-tunnel.xml.in
+++ b/interface-definitions/interfaces-tunnel.xml.in
@@ -290,7 +290,6 @@
#include
#include
- #include
diff --git a/interface-definitions/interfaces-vti.xml.in b/interface-definitions/interfaces-vti.xml.in
index d66fc952e..5893e4c4c 100644
--- a/interface-definitions/interfaces-vti.xml.in
+++ b/interface-definitions/interfaces-vti.xml.in
@@ -36,7 +36,6 @@
#include
#include
#include
- #include
#include
#include
#include
diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in
index b1a2dfaec..9747b1816 100644
--- a/interface-definitions/interfaces-vxlan.xml.in
+++ b/interface-definitions/interfaces-vxlan.xml.in
@@ -101,7 +101,6 @@
#include
#include
#include
- #include
#include
#include
diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in
index 51565cfe6..eb0892f07 100644
--- a/interface-definitions/interfaces-wireguard.xml.in
+++ b/interface-definitions/interfaces-wireguard.xml.in
@@ -121,7 +121,6 @@
#include
- #include
#include
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index a16a7841e..db01657eb 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -783,7 +783,6 @@
monitor
#include
- #include
#include
#include
diff --git a/interface-definitions/interfaces-wwan.xml.in b/interface-definitions/interfaces-wwan.xml.in
index 33bc0cb3d..3cb1645c4 100644
--- a/interface-definitions/interfaces-wwan.xml.in
+++ b/interface-definitions/interfaces-wwan.xml.in
@@ -42,7 +42,6 @@
#include
#include
#include
- #include
#include
diff --git a/interface-definitions/qos.xml.in b/interface-definitions/qos.xml.in
index d4468543c..e8f575a1e 100644
--- a/interface-definitions/qos.xml.in
+++ b/interface-definitions/qos.xml.in
@@ -1,721 +1,789 @@
-
+
- Quality of Service (QOS) policy type
- 900
+ Quality of Service (QoS)
-
+
- Packet limited First In, First Out queue
+ Interface to apply QoS policy
+
+
+
txt
- Policy name
+ Interface name
- [[:alnum:]][-_[:alnum:]]*
+
- Only alpha-numeric policy name allowed
- #include
- #include
-
-
-
-
- Stochastic Fairness Queueing
-
- txt
- Policy name
-
-
- [[:alnum:]][-_[:alnum:]]*
-
- Only alpha-numeric policy name allowed
-
-
- #include
-
+
- Interval in seconds for queue algorithm perturbation
-
- u32:0
- No perturbation
-
+ Interface ingress traffic policy
+
+ traffic-policy drop-tail
+ traffic-policy fair-queue
+ traffic-policy fq-codel
+ traffic-policy limiter
+ traffic-policy network-emulator
+ traffic-policy priority-queue
+ traffic-policy random-detect
+ traffic-policy rate-control
+ traffic-policy round-robin
+ traffic-policy shaper
+ traffic-policy shaper-hfsc
+
- u32:1-127
- Interval in seconds for queue algorithm perturbation (advised: 10)
+ txt
+ QoS Policy name
-
-
-
- Interval must be in range 0 to 127
- 0
-
+
- Upper limit of the SFQ
+ Interface egress traffic policy
+
+ traffic-policy drop-tail
+ traffic-policy fair-queue
+ traffic-policy fq-codel
+ traffic-policy limiter
+ traffic-policy network-emulator
+ traffic-policy priority-queue
+ traffic-policy random-detect
+ traffic-policy rate-control
+ traffic-policy round-robin
+ traffic-policy shaper
+ traffic-policy shaper-hfsc
+
- u32:2-127
- Queue size in packets
+ txt
+ QoS Policy name
-
-
-
- Queue limit must greater than 1 and less than 128
- 127
-
+
- Fair Queuing Controlled Delay
-
- txt
- Policy name
-
-
- [[:alnum:]][-_[:alnum:]]*
-
- Only alpha-numeric policy name allowed
+ Service Policy definitions
+ 900
- #include
- #include
- #include
- #include
- #include
- #include
-
-
-
-
- Traffic input limiting policy
-
- txt
- Policy name
-
-
- [[:alnum:]][-_[:alnum:]]*
-
- Only alpha-numeric policy name allowed
-
-
-
+
- Class ID
+ Packet limited First In, First Out queue
- u32:1-4090
- Class Identifier
+ txt
+ Policy name
-
+ [[:alnum:]][-_[:alnum:]]*
- Class identifier must be between 1 and 4090
+ Only alpha-numeric policy name allowed
+
+
+ #include
+ #include
+
+
+
+
+ Stochastic Fairness Queueing
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
- #include
- #include
#include
- #include
-
+
+
+ Interval in seconds for queue algorithm perturbation
+
+ u32:0
+ No perturbation
+
+
+ u32:1-127
+ Interval in seconds for queue algorithm perturbation (advised: 10)
+
+
+
+
+ Interval must be in range 0 to 127
+
+ 0
+
+
- Priority for rule evaluation
+ Upper limit of the SFQ
- u32:0-20
- Priority for match rule evaluation
+ u32:2-127
+ Queue size in packets
-
+
- Priority must be between 0 and 20
+ Queue limit must greater than 1 and less than 128
- 20
+ 127
-
-
- Default policy
-
-
- #include
- #include
-
-
- #include
-
-
-
-
- Network emulator policy
-
- txt
- Policy name
-
-
- [[:alnum:]][-_[:alnum:]]*
-
- Only alpha-numeric policy name allowed
-
-
- #include
- #include
- #include
-
-
- Adds delay to packets outgoing to chosen network interface
-
- <number>
- Time in milliseconds
-
-
-
-
- Priority must be between 0 and 65535
-
-
-
-
- Introducing error in a random position for chosen percent of packets
-
- <number>
- Percentage of packets affected
-
-
-
-
- Priority must be between 0 and 100
-
-
-
-
- Add independent loss probability to the packets outgoing to chosen network interface
-
- <number>
- Percentage of packets affected
-
-
-
-
- Must be between 0 and 100
-
-
-
+
- Add independent loss probability to the packets outgoing to chosen network interface
+ Fair Queuing Controlled Delay
- <number>
- Percentage of packets affected
+ txt
+ Policy name
-
+ [[:alnum:]][-_[:alnum:]]*
- Must be between 0 and 100
-
-
-
-
- Packet reordering percentage
-
- <number>
- Percentage of packets affected
-
-
-
-
- Must be between 0 and 100
-
-
- #include
-
-
-
-
- Priority queuing based policy
-
- txt
- Policy name
-
-
- [[:alnum:]][-_[:alnum:]]*
-
- Only alpha-numeric policy name allowed
-
-
-
-
- Class Handle
-
- u32:1-7
- Priority
-
-
-
-
- Class handle must be between 1 and 7
+ Only alpha-numeric policy name allowed
#include
#include
#include
#include
- #include
#include
#include
- #include
-
+
- Default policy
+ Traffic input limiting policy
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+ Class ID
+
+ u32:1-4090
+ Class Identifier
+
+
+
+
+ Class identifier must be between 1 and 4090
+
+
+ #include
+ #include
+ #include
+ #include
+
+
+ Priority for rule evaluation
+
+ u32:0-20
+ Priority for match rule evaluation
+
+
+
+
+ Priority must be between 0 and 20
+
+ 20
+
+
+
+
+
+ Default policy
+
+
+ #include
+ #include
+
+
#include
- #include
- #include
- #include
- #include
- #include
- #include
-
- #include
-
-
-
-
- Priority queuing based policy
-
- txt
- Policy name
-
-
- [[:alnum:]][-_[:alnum:]]*
-
- Only alpha-numeric policy name allowed
-
-
- #include
-
- auto
-
- #include
-
+
+
- IP precedence
+ Network emulator policy
- u32:0-7
- IP precedence value
+ txt
+ Policy name
-
+ [[:alnum:]][-_[:alnum:]]*
- IP precedence value must be between 0 and 7
+ Only alpha-numeric policy name allowed
- #include
-
+ #include
+ #include
+ #include
+
- Average packet size (bytes)
+ Adds delay to packets outgoing to chosen network interface
- u32:16-10240
- Average packet size in bytes
+ <number>
+ Time in milliseconds
-
+
- Average packet size must be between 16 and 10240
+ Priority must be between 0 and 65535
- 1024
-
+
- Mark probability for this precedence
+ Introducing error in a random position for chosen percent of packets
<number>
- Numeric value (1/N)
+ Percentage of packets affected
-
+
- Mark probability must be greater than 0
+ Priority must be between 0 and 100
-
+
- Maximum threshold for random detection
+ Add independent loss probability to the packets outgoing to chosen network interface
- u32:0-4096
- Maximum Threshold in packets
+ <number>
+ Percentage of packets affected
-
+
- Threshold must be between 0 and 4096
+ Must be between 0 and 100
-
+
- Minimum threshold for random detection
+ Add independent loss probability to the packets outgoing to chosen network interface
- u32:0-4096
- Maximum Threshold in packets
+ <number>
+ Percentage of packets affected
-
+
- Threshold must be between 0 and 4096
+ Must be between 0 and 100
-
-
-
-
-
-
- Rate limiting policy (Token Bucket Filter)
-
- txt
- Policy name
-
-
- [[:alnum:]][-_[:alnum:]]*
-
- Only alpha-numeric policy name allowed
-
-
- #include
- #include
- #include
-
-
- Maximum latency
-
- <number>
- Time in milliseconds
-
-
-
-
- Threshold must be between 0 and 4096
-
- 50
-
-
-
-
-
- Round-Robin based policy
-
- txt
- Policy name
-
-
- [[:alnum:]][-_[:alnum:]]*
-
- Only alpha-numeric policy name allowed
-
-
- #include
-
-
- Class ID
-
- u32:1-4095
- Class Identifier
-
-
-
-
- Class identifier must be between 1 and 4095
-
-
- #include
- #include
- #include
- #include
- #include
-
+
- Packet scheduling quantum
+ Packet reordering percentage
- u32:1-4294967295
- Packet scheduling quantum (bytes)
+ <number>
+ Percentage of packets affected
-
+
- Quantum must be in range 1 to 4294967295
+ Must be between 0 and 100
#include
- #include
- #include
-
-
-
-
- Hierarchical Fair Service Curve's policy
-
- txt
- Policy name
-
-
- [[:alnum:]][-_[:alnum:]]*
-
- Only alpha-numeric policy name allowed
-
-
- #include
-
- auto
-
- #include
-
+
- Class ID
+ Priority queuing based policy
- u32:1-4095
- Class Identifier
+ txt
+ Policy name
-
+ [[:alnum:]][-_[:alnum:]]*
- Class identifier must be between 1 and 4095
+ Only alpha-numeric policy name allowed
- #include
-
+
- Linkshare class settings
-
-
- #include
- #include
- #include
-
-
- #include
-
-
- Realtime class settings
+ Class Handle
+
+ u32:1-7
+ Priority
+
+
+
+
+ Class handle must be between 1 and 7
- #include
- #include
- #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
-
-
+
+
- Upperlimit class settings
+ Default policy
- #include
- #include
- #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
-
+
- Default policy
+ Priority queuing based policy
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
-
-
- Linkshare class settings
-
-
- #include
- #include
- #include
-
-
-
-
- Realtime class settings
-
-
- #include
- #include
- #include
-
-
-
+ #include
+
+ auto
+
+ #include
+
- Upperlimit class settings
+ IP precedence
+
+ u32:0-7
+ IP precedence value
+
+
+
+
+ IP precedence value must be between 0 and 7
- #include
- #include
- #include
+ #include
+
+
+ Average packet size (bytes)
+
+ u32:16-10240
+ Average packet size in bytes
+
+
+
+
+ Average packet size must be between 16 and 10240
+
+ 1024
+
+
+
+ Mark probability for this precedence
+
+ <number>
+ Numeric value (1/N)
+
+
+
+
+ Mark probability must be greater than 0
+
+
+
+
+ Maximum threshold for random detection
+
+ u32:0-4096
+ Maximum Threshold in packets
+
+
+
+
+ Threshold must be between 0 and 4096
+
+
+
+
+ Minimum threshold for random detection
+
+ u32:0-4096
+ Maximum Threshold in packets
+
+
+
+
+ Threshold must be between 0 and 4096
+
+
-
+
-
-
-
-
-
- Traffic shaping based policy (Hierarchy Token Bucket)
-
- txt
- Policy name
-
-
- [[:alnum:]][-_[:alnum:]]*
-
- Only alpha-numeric policy name allowed
-
-
- #include
-
- auto
-
-
+
+
- Class ID
+ Rate limiting policy (Token Bucket Filter)
- u32:2-4095
- Class Identifier
+ txt
+ Policy name
-
+ [[:alnum:]][-_[:alnum:]]*
- Class identifier must be between 2 and 4095
+ Only alpha-numeric policy name allowed
#include
-
- 100%
-
+ #include
#include
-
+
- Bandwidth limit for this class
+ Maximum latency
<number>
- Rate in kbit (kilobit per second)
-
-
- <number>%%
- Percentage of overall rate
-
-
- <number>bit
- bit(1), kbit(10^3), mbit(10^6), gbit, tbit
-
-
- <number>ibit
- kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4)
-
-
- <number>ibps
- kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec
-
-
- <number>bps
- bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec
+ Time in milliseconds
+
+
+
+ Threshold must be between 0 and 4096
+ 50
- #include
+
+
+
+
+ Round-Robin based policy
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
#include
- #include
- #include
- #include
-
+
- Priority for usage of excess bandwidth
+ Class ID
- u32:0-7
- Priority order for bandwidth pool
+ u32:1-4095
+ Class Identifier
-
+
- Priority must be between 0 and 7
+ Class identifier must be between 1 and 4095
- 20
-
- #include
- #include
- #include
- #include
+
+ #include
+ #include
+ #include
+ #include
+ #include
+
+
+ Packet scheduling quantum
+
+ u32:1-4294967295
+ Packet scheduling quantum (bytes)
+
+
+
+
+ Quantum must be in range 1 to 4294967295
+
+
+ #include
+ #include
+ #include
+
+
- #include
-
+
- Default policy
+ Hierarchical Fair Service Curve's policy
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
#include
- #include
-
+
+ auto
+
+ #include
+
- Bandwidth limit for this class
-
- <number>
- Rate in kbit (kilobit per second)
-
-
- <number>%%
- Percentage of overall rate
-
+ Class ID
- <number>bit
- bit(1), kbit(10^3), mbit(10^6), gbit, tbit
-
-
- <number>ibit
- kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4)
-
-
- <number>ibps
- kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec
-
-
- <number>bps
- bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec
+ u32:1-4095
+ Class Identifier
+
+
+
+ Class identifier must be between 1 and 4095
+
+
+ #include
+
+
+ Linkshare class settings
+
+
+ #include
+ #include
+ #include
+
+
+ #include
+
+
+ Realtime class settings
+
+
+ #include
+ #include
+ #include
+
+
+
+
+ Upperlimit class settings
+
+
+ #include
+ #include
+ #include
+
+
+
+
+
+
+ Default policy
+
+
+
+ Linkshare class settings
+
+
+ #include
+ #include
+ #include
+
+
+
+
+ Realtime class settings
+
+
+ #include
+ #include
+ #include
+
+
+
+
+ Upperlimit class settings
+
+
+ #include
+ #include
+ #include
+
+
+
+
+
+
+
+
+ Traffic shaping based policy (Hierarchy Token Bucket)
+
+ txt
+ Policy name
+
+
+ [[:alnum:]][-_[:alnum:]]*
+
+ Only alpha-numeric policy name allowed
+
+
+ #include
+
+ auto
- #include
- #include
- #include
- #include
-
+
- Priority for usage of excess bandwidth
+ Class ID
- u32:0-7
- Priority order for bandwidth pool
+ u32:2-4095
+ Class Identifier
-
+
- Priority must be between 0 and 7
+ Class identifier must be between 2 and 4095
- 20
-
- #include
- #include
- #include
- #include
+
+ #include
+
+ 100%
+
+ #include
+
+
+ Bandwidth limit for this class
+
+ <number>
+ Rate in kbit (kilobit per second)
+
+
+ <number>%%
+ Percentage of overall rate
+
+
+ <number>bit
+ bit(1), kbit(10^3), mbit(10^6), gbit, tbit
+
+
+ <number>ibit
+ kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4)
+
+
+ <number>ibps
+ kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec
+
+
+ <number>bps
+ bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec
+
+
+
+ #include
+ #include
+ #include
+ #include
+ #include
+
+
+ Priority for usage of excess bandwidth
+
+ u32:0-7
+ Priority order for bandwidth pool
+
+
+
+
+ Priority must be between 0 and 7
+
+ 20
+
+ #include
+ #include
+ #include
+ #include
+
+
+ #include
+
+
+ Default policy
+
+
+ #include
+ #include
+
+
+ Bandwidth limit for this class
+
+ <number>
+ Rate in kbit (kilobit per second)
+
+
+ <number>%%
+ Percentage of overall rate
+
+
+ <number>bit
+ bit(1), kbit(10^3), mbit(10^6), gbit, tbit
+
+
+ <number>ibit
+ kibit(1024), mibit(1024^2), gibit(1024^3), tbit(1024^4)
+
+
+ <number>ibps
+ kibps(1024*8), mibps(1024^2*8), gibps, tibps - Byte/sec
+
+
+ <number>bps
+ bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec
+
+
+
+ #include
+ #include
+ #include
+ #include
+
+
+ Priority for usage of excess bandwidth
+
+ u32:0-7
+ Priority order for bandwidth pool
+
+
+
+
+ Priority must be between 0 and 7
+
+ 20
+
+ #include
+ #include
+ #include
+ #include
+
+
-
+
-
+
diff --git a/src/conf_mode/qos.py b/src/conf_mode/qos.py
index cf447d4b5..dbe3be225 100755
--- a/src/conf_mode/qos.py
+++ b/src/conf_mode/qos.py
@@ -28,36 +28,33 @@ def get_config(config=None):
conf = config
else:
conf = Config()
- base = ['traffic-policy']
+ base = ['qos']
if not conf.exists(base):
return None
qos = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
- for traffic_policy in ['drop-tail', 'fair-queue', 'fq-codel', 'limiter',
- 'network-emulator', 'priority-queue', 'random-detect',
- 'rate-control', 'round-robin', 'shaper', 'shaper-hfsc']:
- traffic_policy_us = traffic_policy.replace('-','_')
- # Individual policy type not present on CLI - no need to blend in
- # any default values
- if traffic_policy_us not in qos:
- continue
-
- default_values = defaults(base + [traffic_policy_us])
-
- # class is another tag node which requires individual handling
- class_default_values = defaults(base + [traffic_policy_us, 'class'])
- if 'class' in default_values:
- del default_values['class']
-
- for policy, policy_config in qos[traffic_policy_us].items():
- qos[traffic_policy_us][policy] = dict_merge(
- default_values, qos[traffic_policy_us][policy])
-
- if 'class' in policy_config:
- for policy_class in policy_config['class']:
- qos[traffic_policy_us][policy]['class'][policy_class] = dict_merge(
- class_default_values, qos[traffic_policy_us][policy]['class'][policy_class])
+ if 'policy' in qos:
+ for policy in qos['policy']:
+ # CLI mangles - to _ for better Jinja2 compatibility - do we need
+ # Jinja2 here?
+ policy = policy.replace('-','_')
+
+ default_values = defaults(base + ['policy', policy])
+
+ # class is another tag node which requires individual handling
+ class_default_values = defaults(base + ['policy', policy, 'class'])
+ if 'class' in default_values:
+ del default_values['class']
+
+ for p_name, p_config in qos['policy'][policy].items():
+ qos['policy'][policy][p_name] = dict_merge(
+ default_values, qos['policy'][policy][p_name])
+
+ if 'class' in p_config:
+ for p_class in p_config['class']:
+ qos['policy'][policy][p_name]['class'][p_class] = dict_merge(
+ class_default_values, qos['policy'][policy][p_name]['class'][p_class])
import pprint
pprint.pprint(qos)
--
cgit v1.2.3