From bbfe6b54b58b68768f6427496d8ac3c1ef38da93 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Mon, 27 Feb 2023 20:11:35 +0000
Subject: T5037: Firewall: Add queue action and options to firewall

---
 interface-definitions/firewall.xml.in              |  2 ++
 .../include/firewall/action.xml.i                  |  8 +++--
 .../include/firewall/nft-queue.xml.i               | 34 ++++++++++++++++++++++
 3 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 interface-definitions/include/firewall/nft-queue.xml.i

(limited to 'interface-definitions')

diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 7d7e0a38f..c9a132c4a 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -502,6 +502,7 @@
                   </completionHelp>
                 </properties>
               </leafNode>
+              #include <include/firewall/nft-queue.xml.i>
             </children>
           </tagNode>
         </children>
@@ -671,6 +672,7 @@
                 </properties>
               </leafNode>
               #include <include/firewall/ttl.xml.i>
+              #include <include/firewall/nft-queue.xml.i>
             </children>
           </tagNode>
         </children>
diff --git a/interface-definitions/include/firewall/action.xml.i b/interface-definitions/include/firewall/action.xml.i
index 468340cbb..7c6e33839 100644
--- a/interface-definitions/include/firewall/action.xml.i
+++ b/interface-definitions/include/firewall/action.xml.i
@@ -3,7 +3,7 @@
   <properties>
     <help>Rule action</help>
     <completionHelp>
-      <list>accept jump reject return drop</list>
+      <list>accept jump reject return drop queue</list>
     </completionHelp>
     <valueHelp>
       <format>accept</format>
@@ -25,8 +25,12 @@
       <format>drop</format>
       <description>Drop matching entries</description>
     </valueHelp>
+    <valueHelp>
+      <format>queue</format>
+      <description>Enqueue packet to userspace</description>
+    </valueHelp>
     <constraint>
-      <regex>(accept|jump|reject|return|drop)</regex>
+      <regex>(accept|jump|reject|return|drop|queue)</regex>
     </constraint>
   </properties>
 </leafNode>
diff --git a/interface-definitions/include/firewall/nft-queue.xml.i b/interface-definitions/include/firewall/nft-queue.xml.i
new file mode 100644
index 000000000..8799eac74
--- /dev/null
+++ b/interface-definitions/include/firewall/nft-queue.xml.i
@@ -0,0 +1,34 @@
+<!-- include start from firewall/nft-queue.xml.i -->
+<leafNode name="queue">
+  <properties>
+    <help>Queue target to use. Action queue must be defined to use this setting</help>
+    <valueHelp>
+      <format>u32:0-65535</format>
+      <description>Queue target</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--allow-range --range 0-65535"/>
+    </constraint>
+  </properties>
+</leafNode>
+<leafNode name="queue-options">
+  <properties>
+    <help>Options used for queue target. Action queue must be defined to use this setting</help>
+    <completionHelp>
+      <list>bypass fanout</list>
+    </completionHelp>
+    <valueHelp>
+      <format>bypass</format>
+      <description>Let packets go through if userspace application cannot back off</description>
+    </valueHelp>
+    <valueHelp>
+      <format>fanout</format>
+      <description>Distribute packets between several queues</description>
+    </valueHelp>
+    <constraint>
+      <regex>(bypass|fanout)</regex>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
\ No newline at end of file
-- 
cgit v1.2.3