From 2b38b45e219e363955b850d90a40564eb4b375c0 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Wed, 25 Oct 2023 11:59:01 +0000
Subject: T5681: Firewall,Nat and Nat66: simplified and standarize interface
 matcher firewal, nat and nat66.

(cherry picked from commit 51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6)
---
 .../firewall/inbound-interface-no-group.xml.i      | 34 ++++++++++++++++++++++
 .../include/firewall/match-interface.xml.i         |  4 +--
 .../firewall/outbound-interface-no-group.xml.i     | 34 ++++++++++++++++++++++
 .../include/version/firewall-version.xml.i         |  2 +-
 .../include/version/nat-version.xml.i              |  2 +-
 .../include/version/nat66-version.xml.i            |  2 +-
 interface-definitions/nat66.xml.in                 | 19 ++----------
 7 files changed, 75 insertions(+), 22 deletions(-)
 create mode 100644 interface-definitions/include/firewall/inbound-interface-no-group.xml.i
 create mode 100644 interface-definitions/include/firewall/outbound-interface-no-group.xml.i

(limited to 'interface-definitions')

diff --git a/interface-definitions/include/firewall/inbound-interface-no-group.xml.i b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i
new file mode 100644
index 000000000..bcd4c9570
--- /dev/null
+++ b/interface-definitions/include/firewall/inbound-interface-no-group.xml.i
@@ -0,0 +1,34 @@
+<!-- include start from firewall/inbound-interface-no-group.xml.i -->
+<node name="inbound-interface">
+  <properties>
+    <help>Match inbound-interface</help>
+  </properties>
+  <children>
+    <leafNode name="name">
+      <properties>
+        <help>Match interface</help>
+        <completionHelp>
+          <script>${vyos_completion_dir}/list_interfaces</script>
+          <path>vrf name</path>
+        </completionHelp>
+        <valueHelp>
+          <format>txt</format>
+          <description>Interface name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>txt*</format>
+          <description>Interface name with wildcard</description>
+        </valueHelp>
+        <valueHelp>
+          <format>!txt</format>
+          <description>Inverted interface name to match</description>
+        </valueHelp>
+        <constraint>
+          <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex>
+          <validator name="vrf-name"/>
+        </constraint>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
\ No newline at end of file
diff --git a/interface-definitions/include/firewall/match-interface.xml.i b/interface-definitions/include/firewall/match-interface.xml.i
index 7810f88ab..8be97c3ed 100644
--- a/interface-definitions/include/firewall/match-interface.xml.i
+++ b/interface-definitions/include/firewall/match-interface.xml.i
@@ -1,5 +1,5 @@
 <!-- include start from firewall/match-interface.xml.i -->
-<leafNode name="interface-name">
+<leafNode name="name">
   <properties>
     <help>Match interface</help>
     <completionHelp>
@@ -22,7 +22,7 @@
     </constraint>
   </properties>
 </leafNode>
-<leafNode name="interface-group">
+<leafNode name="group">
   <properties>
     <help>Match interface-group</help>
     <completionHelp>
diff --git a/interface-definitions/include/firewall/outbound-interface-no-group.xml.i b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i
new file mode 100644
index 000000000..e3bace42d
--- /dev/null
+++ b/interface-definitions/include/firewall/outbound-interface-no-group.xml.i
@@ -0,0 +1,34 @@
+<!-- include start from firewall/outbound-interface-no-group.xml.i -->
+<node name="outbound-interface">
+  <properties>
+    <help>Match outbound-interface</help>
+  </properties>
+  <children>
+    <leafNode name="name">
+      <properties>
+        <help>Match interface</help>
+        <completionHelp>
+          <script>${vyos_completion_dir}/list_interfaces</script>
+          <path>vrf name</path>
+        </completionHelp>
+        <valueHelp>
+          <format>txt</format>
+          <description>Interface name</description>
+        </valueHelp>
+        <valueHelp>
+          <format>txt*</format>
+          <description>Interface name with wildcard</description>
+        </valueHelp>
+        <valueHelp>
+          <format>!txt</format>
+          <description>Inverted interface name to match</description>
+        </valueHelp>
+        <constraint>
+          <regex>(\!?)(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|(\!?)lo</regex>
+          <validator name="vrf-name"/>
+        </constraint>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
\ No newline at end of file
diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i
index dd21bfaca..39f0cdcba 100644
--- a/interface-definitions/include/version/firewall-version.xml.i
+++ b/interface-definitions/include/version/firewall-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/firewall-version.xml.i -->
-<syntaxVersion component='firewall' version='11'></syntaxVersion>
+<syntaxVersion component='firewall' version='12'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/include/version/nat-version.xml.i b/interface-definitions/include/version/nat-version.xml.i
index 027216a07..656da6e14 100644
--- a/interface-definitions/include/version/nat-version.xml.i
+++ b/interface-definitions/include/version/nat-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/nat-version.xml.i -->
-<syntaxVersion component='nat' version='5'></syntaxVersion>
+<syntaxVersion component='nat' version='7'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/include/version/nat66-version.xml.i b/interface-definitions/include/version/nat66-version.xml.i
index 7b7123dcc..478ca080f 100644
--- a/interface-definitions/include/version/nat66-version.xml.i
+++ b/interface-definitions/include/version/nat66-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/nat66-version.xml.i -->
-<syntaxVersion component='nat66' version='1'></syntaxVersion>
+<syntaxVersion component='nat66' version='2'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in
index 7a8970bdf..a657535ba 100644
--- a/interface-definitions/nat66.xml.in
+++ b/interface-definitions/nat66.xml.in
@@ -38,14 +38,7 @@
                   <valueless/>
                 </properties>
               </leafNode>
-              <leafNode name="outbound-interface">
-                <properties>
-                  <help>Outbound interface of NAT66 traffic</help>
-                  <completionHelp>
-                    <script>${vyos_completion_dir}/list_interfaces</script>
-                  </completionHelp>
-                </properties>
-              </leafNode>
+              #include <include/firewall/outbound-interface-no-group.xml.i>
               #include <include/nat/protocol.xml.i>
               <node name="destination">
                 <properties>
@@ -166,15 +159,7 @@
                   <valueless/>
                 </properties>
               </leafNode>
-              <leafNode name="inbound-interface">
-                <properties>
-                  <help>Inbound interface of NAT66 traffic</help>
-                  <completionHelp>
-                    <list>any</list>
-                    <script>${vyos_completion_dir}/list_interfaces</script>
-                  </completionHelp>
-                </properties>
-              </leafNode>
+              #include <include/firewall/inbound-interface-no-group.xml.i>
               #include <include/nat/protocol.xml.i>
               <node name="destination">
                 <properties>
-- 
cgit v1.2.3