From 5eadedcc1e5c40da81031b77b8965baa3087e2b3 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Tue, 25 May 2021 21:53:54 +0200
Subject: conntrack: T3579: initial implementation with XML and Python

---
 interface-definitions/system-conntrack.xml.in | 285 ++++++++++++++++++++++++++
 1 file changed, 285 insertions(+)
 create mode 100644 interface-definitions/system-conntrack.xml.in

(limited to 'interface-definitions')
diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in
new file mode 100644
index 000000000..07a2c401d
--- /dev/null
+++ b/interface-definitions/system-conntrack.xml.in
@@ -0,0 +1,285 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="system">
+    <children>
+      <node name="conntrack" owner="${vyos_conf_scripts_dir}/conntrack.py">
+        <properties>
+          <help>Connection Tracking Engine Options</help>
+          <!-- Before NAT and conntrack-sync are configured -->
+          <priority>218</priority>
+        </properties>
+        <children>
+          <leafNode name="expect-table-size">
+            <properties>
+              <help>Size of connection tracking expect table</help>
+              <valueHelp>
+                <format>u32:1-50000000</format>
+                <description>Number of entries allowed in connection tracking expect table</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-50000000"/>
+              </constraint>
+            </properties>
+            <defaultValue>2048</defaultValue>
+          </leafNode>
+          <leafNode name="hash-size">
+            <properties>
+              <help>Hash size for connection tracking table</help>
+              <valueHelp>
+                <format>u32:1-50000000</format>
+                <description>Size of hash to use for connection tracking table</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-50000000"/>
+              </constraint>
+            </properties>
+            <defaultValue>32768</defaultValue>
+          </leafNode>
+          <leafNode name="table-size">
+            <properties>
+              <help>Size of connection tracking table</help>
+              <valueHelp>
+                <format>u32:1-50000000</format>
+                <description>Number of entries allowed in connection tracking table</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 1-50000000"/>
+              </constraint>
+            </properties>
+            <defaultValue>262144</defaultValue>
+          </leafNode>
+          <node name="tcp">
+            <properties>
+              <help>TCP options</help>
+            </properties>
+            <children>
+              <leafNode name="half-open-connections">
+                <properties>
+                  <help>Maximum number of TCP half-open connections</help>
+                  <valueHelp>
+                    <format>u32:1-2147483647</format>
+                    <description>Generic connection timeout in seconds</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-2147483647"/>
+                  </constraint>
+                </properties>
+                <defaultValue>512</defaultValue>
+              </leafNode>
+              <leafNode name="loose">
+                <properties>
+                  <help>Policy to track previously established connections</help>
+                  <completionHelp>
+                    <list>enable disable</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>enable</format>
+                    <description>Allow tracking of previously established connections</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>disable</format>
+                    <description>Do not allow tracking of previously established connections</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>^(enable|disable)$</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>enable</defaultValue>
+              </leafNode>
+              <leafNode name="max-retrans">
+                <properties>
+                  <help>TCP maximum retransmit attempts</help>
+                  <valueHelp>
+                    <format>u32:1-2147483647</format>
+                    <description>Generic connection timeout in seconds</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-2147483647"/>
+                  </constraint>
+                </properties>
+                <defaultValue>3</defaultValue>
+              </leafNode>
+            </children>
+          </node>
+          <node name="timeout">
+            <properties>
+              <help>Connection timeout options</help>
+            </properties>
+            <children>
+              <leafNode name="icmp">
+                <properties>
+                  <help>ICMP timeout in seconds</help>
+                  <valueHelp>
+                    <format>u32:1-21474836</format>
+                    <description>ICMP timeout in seconds</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-21474836"/>
+                  </constraint>
+                </properties>
+                <defaultValue>30</defaultValue>
+              </leafNode>
+              <leafNode name="other">
+                <properties>
+                  <help>Generic connection timeout in seconds</help>
+                  <valueHelp>
+                    <format>u32:1-21474836</format>
+                    <description>Generic connection timeout in seconds</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-21474836"/>
+                  </constraint>
+                </properties>
+                <defaultValue>600</defaultValue>
+              </leafNode>
+              <node name="tcp">
+                <properties>
+                  <help>TCP connection timeout options</help>
+                </properties>
+                <children>
+                  <leafNode name="close-wait">
+                    <properties>
+                      <help>TCP CLOSE-WAIT timeout in seconds</help>
+                      <valueHelp>
+                        <format>u32:1-21474836</format>
+                        <description>TCP CLOSE-WAIT timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-21474836"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>60</defaultValue>
+                  </leafNode>
+                  <leafNode name="close">
+                    <properties>
+                      <help>TCP CLOSE timeout in seconds</help>
+                      <valueHelp>
+                        <format>u32:1-21474836</format>
+                        <description>TCP CLOSE timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-21474836"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>10</defaultValue>
+                  </leafNode>
+                  <leafNode name="established">
+                    <properties>
+                      <help>TCP ESTABLISHED timeout in seconds</help>
+                      <valueHelp>
+                        <format>u32:1-21474836</format>
+                        <description>TCP ESTABLISHED timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-21474836"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>432000</defaultValue>
+                  </leafNode>
+                  <leafNode name="fin-wait">
+                    <properties>
+                      <help>TCP FIN-WAIT timeout in seconds</help>
+                      <valueHelp>
+                        <format>u32:1-21474836</format>
+                        <description>TCP FIN-WAIT timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-21474836"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>120</defaultValue>
+                  </leafNode>
+                  <leafNode name="last-ack">
+                    <properties>
+                      <help>TCP LAST-ACK timeout in seconds</help>
+                      <valueHelp>
+                        <format>u32:1-21474836</format>
+                        <description>TCP LAST-ACK timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-21474836"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>30</defaultValue>
+                  </leafNode>
+                  <leafNode name="syn-recv">
+                    <properties>
+                      <help>TCP SYN-RECEIVED timeout in seconds</help>
+                      <valueHelp>
+                        <format>u32:1-21474836</format>
+                        <description>TCP SYN-RECEIVED timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-21474836"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>60</defaultValue>
+                  </leafNode>
+                  <leafNode name="syn-sent">
+                    <properties>
+                      <help>TCP SYN-SENT timeout in seconds</help>
+                      <valueHelp>
+                        <format>u32:1-21474836</format>
+                        <description>TCP SYN-SENT timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-21474836"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>120</defaultValue>
+                  </leafNode>
+                  <leafNode name="time-wait">
+                    <properties>
+                      <help>TCP TIME-WAIT timeout in seconds</help>
+                      <valueHelp>
+                        <format>u32:1-21474836</format>
+                        <description>TCP TIME-WAIT timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-21474836"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>120</defaultValue>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="udp">
+                <properties>
+                  <help>UDP timeout options</help>
+                </properties>
+                <children>
+                  <leafNode name="other">
+                    <properties>
+                      <help>UDP generic timeout in seconds</help>
+                      <valueHelp>
+                        <format>u32:1-21474836</format>
+                        <description>UDP generic timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-21474836"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>30</defaultValue>
+                  </leafNode>
+                  <leafNode name="stream">
+                    <properties>
+                      <help>UDP stream timeout in seconds</help>
+                      <valueHelp>
+                        <format>u32:1-21474836</format>
+                        <description>UDP stream timeout in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 1-21474836"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>180</defaultValue>
+                  </leafNode>
+                </children>
+              </node>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
-- 
cgit v1.2.3

