From c9eaafd9f808aba8d29be73054e11d37577e539a Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sat, 30 Dec 2023 23:25:20 +0100
Subject: T5474: establish common file name pattern for XML conf mode commands

We will use _ as CLI level divider. The XML definition filename and also
the Python helper should match the CLI node.

Example:
set interfaces ethernet -> interfaces_ethernet.xml.in
set interfaces bond -> interfaces_bond.xml.in
set service dhcp-server -> service_dhcp-server-xml.in

(cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465)
---
 interface-definitions/system_conntrack.xml.in | 346 ++++++++++++++++++++++++++
 1 file changed, 346 insertions(+)
 create mode 100644 interface-definitions/system_conntrack.xml.in

(limited to 'interface-definitions/system_conntrack.xml.in')

diff --git a/interface-definitions/system_conntrack.xml.in b/interface-definitions/system_conntrack.xml.in
new file mode 100644
index 000000000..ed5b7e8e0
--- /dev/null
+++ b/interface-definitions/system_conntrack.xml.in
@@ -0,0 +1,346 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="system">
+    <children>
+      <node name="conntrack" owner="${vyos_conf_scripts_dir}/system_conntrack.py">
+        <properties>
+          <help>Connection Tracking Engine Options</help>
+          <!-- Before NAT and conntrack-sync are configured -->
+          <priority>218</priority>
+        </properties>
+        <children>
+          <leafNode name="expect-table-size">
+            <properties>
+              <help>Size of connection tracking expect table</help>
+              <valueHelp>
+                <format>u32:1-50000000</format>
+                <description>Number of entries allowed in connection tracking expect table</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-50000000"/>
+              </constraint>
+            </properties>
+            <defaultValue>2048</defaultValue>
+          </leafNode>
+          <leafNode name="hash-size">
+            <properties>
+              <help>Hash size for connection tracking table</help>
+              <valueHelp>
+                <format>u32:1-50000000</format>
+                <description>Size of hash to use for connection tracking table</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-50000000"/>
+              </constraint>
+            </properties>
+            <defaultValue>32768</defaultValue>
+          </leafNode>
+          <node name="ignore">
+            <properties>
+              <help>Customized rules to ignore selective connection tracking</help>
+            </properties>
+            <children>
+              <tagNode name="rule">
+                <properties>
+                  <help>Rule number</help>
+                  <valueHelp>
+                    <format>u32:1-999999</format>
+                    <description>Number of conntrack ignore rule</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-999999"/>
+                  </constraint>
+                  <constraintErrorMessage>Ignore rule number must be between 1 and 999999</constraintErrorMessage>
+                </properties>
+                <children>
+                  #include <include/generic-description.xml.i>
+                  <node name="destination">
+                    <properties>
+                      <help>Destination parameters</help>
+                    </properties>
+                    <children>
+                      #include <include/nat-address.xml.i>
+                      #include <include/nat-port.xml.i>
+                    </children>
+                  </node>
+                  <leafNode name="inbound-interface">
+                    <properties>
+                      <help>Interface to ignore connections tracking on</help>
+                      <completionHelp>
+                        <list>any</list>
+                        <script>${vyos_completion_dir}/list_interfaces</script>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  #include <include/ip-protocol.xml.i>
+                  <leafNode name="protocol">
+                    <properties>
+                      <help>Protocol to match (protocol name, number, or "all")</help>
+                      <completionHelp>
+                        <script>${vyos_completion_dir}/list_protocols.sh</script>
+                        <list>all tcp_udp</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>all</format>
+                        <description>All IP protocols</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>tcp_udp</format>
+                        <description>Both TCP and UDP</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>u32:0-255</format>
+                        <description>IP protocol number</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>&lt;protocol&gt;</format>
+                        <description>IP protocol name</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>!&lt;protocol&gt;</format>
+                        <description>IP protocol name</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ip-protocol"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <node name="source">
+                    <properties>
+                      <help>Source parameters</help>
+                    </properties>
+                    <children>
+                      #include <include/nat-address.xml.i>
+                      #include <include/nat-port.xml.i>
+                    </children>
+                  </node>
+                </children>
+              </tagNode>
+            </children>
+          </node>
+          <node name="log">
+            <properties>
+              <help>Log connection tracking events per protocol</help>
+            </properties>
+            <children>
+              <node name="icmp">
+                <properties>
+                  <help>Log connection tracking events for ICMP</help>
+                </properties>
+                <children>
+                  #include <include/conntrack/log-common.xml.i>
+                </children>
+              </node>
+              <node name="other">
+                <properties>
+                  <help>Log connection tracking events for all protocols other than TCP, UDP and ICMP</help>
+                </properties>
+                <children>
+                  #include <include/conntrack/log-common.xml.i>
+                </children>
+              </node>
+              <node name="tcp">
+                <properties>
+                  <help>Log connection tracking events for TCP</help>
+                </properties>
+                <children>
+                  #include <include/conntrack/log-common.xml.i>
+                </children>
+              </node>
+              <node name="udp">
+                <properties>
+                  <help>Log connection tracking events for UDP</help>
+                </properties>
+                <children>
+                  #include <include/conntrack/log-common.xml.i>
+                </children>
+              </node>
+            </children>
+          </node>
+          <node name="modules">
+            <properties>
+              <help>Connection tracking modules</help>
+            </properties>
+            <children>
+              <leafNode name="ftp">
+                <properties>
+                  <help>FTP connection tracking</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              <leafNode name="h323">
+                <properties>
+                  <help>H.323 connection tracking</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              <leafNode name="nfs">
+                <properties>
+                  <help>NFS connection tracking</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              <leafNode name="pptp">
+                <properties>
+                  <help>PPTP connection tracking</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              <leafNode name="sip">
+                <properties>
+                  <help>SIP connection tracking</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              <leafNode name="sqlnet">
+                <properties>
+                  <help>SQLnet connection tracking</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              <leafNode name="tftp">
+                <properties>
+                  <help>TFTP connection tracking</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+          <leafNode name="table-size">
+            <properties>
+              <help>Size of connection tracking table</help>
+              <valueHelp>
+                <format>u32:1-50000000</format>
+                <description>Number of entries allowed in connection tracking table</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-50000000"/>
+              </constraint>
+            </properties>
+            <defaultValue>262144</defaultValue>
+          </leafNode>
+          <node name="tcp">
+            <properties>
+              <help>TCP options</help>
+            </properties>
+            <children>
+              <leafNode name="half-open-connections">
+                <properties>
+                  <help>Maximum number of TCP half-open connections</help>
+                  <valueHelp>
+                    <format>u32:1-2147483647</format>
+                    <description>Generic connection timeout in seconds</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-2147483647"/>
+                  </constraint>
+                </properties>
+                <defaultValue>512</defaultValue>
+              </leafNode>
+              <leafNode name="loose">
+                <properties>
+                  <help>Policy to track previously established connections</help>
+                  <completionHelp>
+                    <list>enable disable</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>enable</format>
+                    <description>Allow tracking of previously established connections</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>disable</format>
+                    <description>Do not allow tracking of previously established connections</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(enable|disable)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>enable</defaultValue>
+              </leafNode>
+              <leafNode name="max-retrans">
+                <properties>
+                  <help>Maximum number of packets that can be retransmitted without received an ACK</help>
+                  <valueHelp>
+                    <format>u32:1-255</format>
+                    <description>Number of packets to be retransmitted</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-255"/>
+                  </constraint>
+                </properties>
+                <defaultValue>3</defaultValue>
+              </leafNode>
+            </children>
+          </node>
+          <node name="timeout">
+            <properties>
+              <help>Connection timeout options</help>
+            </properties>
+            <children>
+              <node name="custom">
+                <properties>
+                  <help>Define custom timeouts per connection</help>
+                </properties>
+                <children>
+                  <tagNode name="rule">
+                    <properties>
+                      <help>Rule number</help>
+                      <valueHelp>
+                        <format>u32:1-999999</format>
+                        <description>Number of conntrack rule</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-999999"/>
+                      </constraint>
+                      <constraintErrorMessage>Ignore rule number must be between 1 and 999999</constraintErrorMessage>
+                    </properties>
+                    <children>
+                      #include <include/generic-description.xml.i>
+                      <node name="destination">
+                        <properties>
+                          <help>Destination parameters</help>
+                        </properties>
+                        <children>
+                          #include <include/nat-address.xml.i>
+                          #include <include/nat-port.xml.i>
+                        </children>
+                      </node>
+                      <leafNode name="inbound-interface">
+                        <properties>
+                          <help>Interface to ignore connections tracking on</help>
+                          <completionHelp>
+                            <list>any</list>
+                            <script>${vyos_completion_dir}/list_interfaces</script>
+                          </completionHelp>
+                        </properties>
+                      </leafNode>
+                      #include <include/ip-protocol.xml.i>
+                      <node name="protocol">
+                        <properties>
+                          <help>Customize protocol specific timers, one protocol configuration per rule</help>
+                        </properties>
+                        <children>
+                          #include <include/conntrack/timeout-common-protocols.xml.i>
+                        </children>
+                      </node>
+                      <node name="source">
+                        <properties>
+                          <help>Source parameters</help>
+                        </properties>
+                        <children>
+                          #include <include/nat-address.xml.i>
+                          #include <include/nat-port.xml.i>
+                        </children>
+                      </node>
+                    </children>
+                  </tagNode>
+                </children>
+              </node>
+              #include <include/conntrack/timeout-common-protocols.xml.i>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
-- 
cgit v1.2.3