From e846d2c1500df83742eb803684980396857cc0f1 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Thu, 3 Oct 2024 14:51:55 +0000 Subject: T6760: firewall: add packet modifications existing in policy route to regular firewall ruleset. --- .../include/firewall/bridge-hook-forward.xml.i | 6 ++ .../include/firewall/bridge-hook-output.xml.i | 6 ++ .../include/firewall/bridge-hook-prerouting.xml.i | 5 ++ .../include/firewall/ipv4-custom-name.xml.i | 6 ++ .../include/firewall/ipv4-hook-forward.xml.i | 5 ++ .../include/firewall/ipv4-hook-output.xml.i | 10 +++ .../include/firewall/ipv4-hook-prerouting.xml.i | 4 + .../include/firewall/ipv6-custom-name.xml.i | 5 ++ .../include/firewall/ipv6-hook-forward.xml.i | 5 ++ .../include/firewall/ipv6-hook-output.xml.i | 10 +++ .../include/firewall/ipv6-hook-prerouting.xml.i | 4 + .../set-packet-modifications-conn-mark.xml.i | 21 +++++ .../firewall/set-packet-modifications-dscp.xml.i | 21 +++++ .../set-packet-modifications-hop-limit.xml.i | 21 +++++ .../firewall/set-packet-modifications-mark.xml.i | 21 +++++ .../set-packet-modifications-table-and-vrf.xml.i | 48 +++++++++++ .../set-packet-modifications-tcp-mss.xml.i | 21 +++++ .../firewall/set-packet-modifications-ttl.xml.i | 21 +++++ .../firewall/set-packet-modifications.xml.i | 96 ---------------------- .../include/policy/route-common.xml.i | 6 +- 20 files changed, 245 insertions(+), 97 deletions(-) create mode 100644 interface-definitions/include/firewall/set-packet-modifications-conn-mark.xml.i create mode 100644 interface-definitions/include/firewall/set-packet-modifications-dscp.xml.i create mode 100755 interface-definitions/include/firewall/set-packet-modifications-hop-limit.xml.i create mode 100644 interface-definitions/include/firewall/set-packet-modifications-mark.xml.i create mode 100644 interface-definitions/include/firewall/set-packet-modifications-table-and-vrf.xml.i create mode 100644 interface-definitions/include/firewall/set-packet-modifications-tcp-mss.xml.i create mode 100755 interface-definitions/include/firewall/set-packet-modifications-ttl.xml.i delete mode 100644 interface-definitions/include/firewall/set-packet-modifications.xml.i (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/firewall/bridge-hook-forward.xml.i b/interface-definitions/include/firewall/bridge-hook-forward.xml.i index fcc981925..03ac26cf6 100644 --- a/interface-definitions/include/firewall/bridge-hook-forward.xml.i +++ b/interface-definitions/include/firewall/bridge-hook-forward.xml.i @@ -32,6 +32,12 @@ #include #include #include + #include + #include + #include + #include + #include + #include diff --git a/interface-definitions/include/firewall/bridge-hook-output.xml.i b/interface-definitions/include/firewall/bridge-hook-output.xml.i index 38b8b08ca..853315989 100644 --- a/interface-definitions/include/firewall/bridge-hook-output.xml.i +++ b/interface-definitions/include/firewall/bridge-hook-output.xml.i @@ -31,6 +31,12 @@ #include #include #include + #include + #include + #include + #include + #include + #include diff --git a/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i index ea567644f..7a45f5cd1 100644 --- a/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i +++ b/interface-definitions/include/firewall/bridge-hook-prerouting.xml.i @@ -28,6 +28,11 @@ #include #include #include + #include + #include + #include + #include + #include diff --git a/interface-definitions/include/firewall/ipv4-custom-name.xml.i b/interface-definitions/include/firewall/ipv4-custom-name.xml.i index 8046b2d6c..b08262e2d 100644 --- a/interface-definitions/include/firewall/ipv4-custom-name.xml.i +++ b/interface-definitions/include/firewall/ipv4-custom-name.xml.i @@ -36,6 +36,12 @@ #include #include #include + #include + #include + #include + #include + #include + diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i index b0e240a03..a2da4b701 100644 --- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i @@ -31,6 +31,11 @@ #include #include #include + #include + #include + #include + #include + #include diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i index ee9157592..f68136557 100644 --- a/interface-definitions/include/firewall/ipv4-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i @@ -28,6 +28,11 @@ #include #include #include + #include + #include + #include + #include + #include @@ -56,6 +61,11 @@ #include #include #include + #include + #include + #include + #include + #include diff --git a/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i b/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i index b431303ae..6f9fe6842 100644 --- a/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i +++ b/interface-definitions/include/firewall/ipv4-hook-prerouting.xml.i @@ -35,6 +35,10 @@ #include #include #include + #include + #include + #include + #include Set jump target. Action jump must be defined to use this setting diff --git a/interface-definitions/include/firewall/ipv6-custom-name.xml.i b/interface-definitions/include/firewall/ipv6-custom-name.xml.i index fb8740c38..d49267b52 100644 --- a/interface-definitions/include/firewall/ipv6-custom-name.xml.i +++ b/interface-definitions/include/firewall/ipv6-custom-name.xml.i @@ -36,6 +36,11 @@ #include #include #include + #include + #include + #include + #include + #include diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i index 7efc2614e..79898d691 100644 --- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i @@ -31,6 +31,11 @@ #include #include #include + #include + #include + #include + #include + #include diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i index d3c4c1ead..9a6d0bb77 100644 --- a/interface-definitions/include/firewall/ipv6-hook-output.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i @@ -28,6 +28,11 @@ #include #include #include + #include + #include + #include + #include + #include @@ -56,6 +61,11 @@ #include #include #include + #include + #include + #include + #include + #include diff --git a/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i b/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i index 21f8de6f9..15454bbbf 100644 --- a/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i +++ b/interface-definitions/include/firewall/ipv6-hook-prerouting.xml.i @@ -35,6 +35,10 @@ #include #include #include + #include + #include + #include + #include Set jump target. Action jump must be defined to use this setting diff --git a/interface-definitions/include/firewall/set-packet-modifications-conn-mark.xml.i b/interface-definitions/include/firewall/set-packet-modifications-conn-mark.xml.i new file mode 100644 index 000000000..dff95d324 --- /dev/null +++ b/interface-definitions/include/firewall/set-packet-modifications-conn-mark.xml.i @@ -0,0 +1,21 @@ + + + + Packet modifications + + + + + Set connection mark + + u32:0-2147483647 + Connection mark + + + + + + + + + diff --git a/interface-definitions/include/firewall/set-packet-modifications-dscp.xml.i b/interface-definitions/include/firewall/set-packet-modifications-dscp.xml.i new file mode 100644 index 000000000..5082806fb --- /dev/null +++ b/interface-definitions/include/firewall/set-packet-modifications-dscp.xml.i @@ -0,0 +1,21 @@ + + + + Packet modifications + + + + + Set DSCP (Packet Differentiated Services Codepoint) bits + + u32:0-63 + DSCP number + + + + + + + + + diff --git a/interface-definitions/include/firewall/set-packet-modifications-hop-limit.xml.i b/interface-definitions/include/firewall/set-packet-modifications-hop-limit.xml.i new file mode 100755 index 000000000..8a6e5347a --- /dev/null +++ b/interface-definitions/include/firewall/set-packet-modifications-hop-limit.xml.i @@ -0,0 +1,21 @@ + + + + Packet modifications + + + + + Set hop limit + + u32:0-255 + Hop limit number + + + + + + + + + diff --git a/interface-definitions/include/firewall/set-packet-modifications-mark.xml.i b/interface-definitions/include/firewall/set-packet-modifications-mark.xml.i new file mode 100644 index 000000000..b229d0579 --- /dev/null +++ b/interface-definitions/include/firewall/set-packet-modifications-mark.xml.i @@ -0,0 +1,21 @@ + + + + Packet modifications + + + + + Set packet mark + + u32:1-2147483647 + Packet mark + + + + + + + + + diff --git a/interface-definitions/include/firewall/set-packet-modifications-table-and-vrf.xml.i b/interface-definitions/include/firewall/set-packet-modifications-table-and-vrf.xml.i new file mode 100644 index 000000000..c7875b31d --- /dev/null +++ b/interface-definitions/include/firewall/set-packet-modifications-table-and-vrf.xml.i @@ -0,0 +1,48 @@ + + + + Packet modifications + + + + + Set the routing table for matched packets + + u32:1-200 + Table number + + + main + Main table + + + + (main) + + + main + protocols static table + + + + + + VRF to forward packet with + + txt + VRF instance name + + + default + Forward into default global VRF + + + default + vrf name + + #include + + + + + diff --git a/interface-definitions/include/firewall/set-packet-modifications-tcp-mss.xml.i b/interface-definitions/include/firewall/set-packet-modifications-tcp-mss.xml.i new file mode 100644 index 000000000..06ffdfede --- /dev/null +++ b/interface-definitions/include/firewall/set-packet-modifications-tcp-mss.xml.i @@ -0,0 +1,21 @@ + + + + Packet modifications + + + + + Set TCP Maximum Segment Size + + u32:500-1460 + Explicitly set TCP MSS value + + + + + + + + + diff --git a/interface-definitions/include/firewall/set-packet-modifications-ttl.xml.i b/interface-definitions/include/firewall/set-packet-modifications-ttl.xml.i new file mode 100755 index 000000000..e2f14050b --- /dev/null +++ b/interface-definitions/include/firewall/set-packet-modifications-ttl.xml.i @@ -0,0 +1,21 @@ + + + + Packet modifications + + + + + Set TTL (time to live) + + u32:0-255 + TTL number + + + + + + + + + diff --git a/interface-definitions/include/firewall/set-packet-modifications.xml.i b/interface-definitions/include/firewall/set-packet-modifications.xml.i deleted file mode 100644 index ee019b64e..000000000 --- a/interface-definitions/include/firewall/set-packet-modifications.xml.i +++ /dev/null @@ -1,96 +0,0 @@ - - - - Packet modifications - - - - - Set connection mark - - u32:0-2147483647 - Connection mark - - - - - - - - - Set DSCP (Packet Differentiated Services Codepoint) bits - - u32:0-63 - DSCP number - - - - - - - - - Set packet mark - - u32:1-2147483647 - Packet mark - - - - - - - - - Set the routing table for matched packets - - u32:1-200 - Table number - - - main - Main table - - - - (main) - - - main - protocols static table - - - - - - VRF to forward packet with - - txt - VRF instance name - - - default - Forward into default global VRF - - - default - vrf name - - #include - - - - - Set TCP Maximum Segment Size - - u32:500-1460 - Explicitly set TCP MSS value - - - - - - - - - \ No newline at end of file diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i index 19ffc0506..5c69a5279 100644 --- a/interface-definitions/include/policy/route-common.xml.i +++ b/interface-definitions/include/policy/route-common.xml.i @@ -66,7 +66,11 @@ -#include +#include +#include +#include +#include +#include #include #include #include -- cgit v1.2.3